propagate from branch 'net.randombit.botan' (head ac888e57b614c623590d79ab615353ad7c76ef68)

            to branch 'net.randombit.botan.c++0x' (head 9bf78ed7e2521a328f6db7acbc1cd81b07718230)

9 files changed, 78 insertions, 39 deletions

diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h
index dbb4a3f47..5968b1ba4 100644
--- a/src/cert/cvc/cvc_ado.h
+++ b/src/cert/cvc/cvc_ado.h
@@ -1,7 +1,6 @@
 /*
 * EAC1_1 CVC ADO
 * (C) 2008 Falko Strenzke
-*          [email protected]
 *
 * Distributed under the terms of the Botan license
 */
diff --git a/src/cert/cvc/cvc_key.h b/src/cert/cvc/cvc_key.h
index 67b6cef17..a81660597 100644
--- a/src/cert/cvc/cvc_key.h
+++ b/src/cert/cvc/cvc_key.h
@@ -2,7 +2,6 @@
 * EAC CVC Public Key
 * (C) 2008 FlexSecure Gmbh
 *          Falko Strenzke
-*          [email protected]
 *
 * Distributed under the terms of the Botan license
 */
diff --git a/src/cert/cvc/cvc_req.h b/src/cert/cvc/cvc_req.h
index 4999c332f..ea05fc157 100644
--- a/src/cert/cvc/cvc_req.h
+++ b/src/cert/cvc/cvc_req.h
@@ -1,7 +1,6 @@
 /*
 * EAC1_1 CVC Request
 * (C) 2008 Falko Strenzke
-*          [email protected]
 *
 * Distributed under the terms of the Botan license
 */
diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h
index b41b78b2c..49e78b53d 100644
--- a/src/cert/cvc/eac_obj.h
+++ b/src/cert/cvc/eac_obj.h
@@ -1,7 +1,6 @@
 /*
 * EAC1_1 objects
 * (C) 2008 Falko Strenzke
-*          [email protected]
 *
 * Distributed under the terms of the Botan license
 */
diff --git a/src/cert/cvc/freestore.h b/src/cert/cvc/freestore.h
index a6f779c78..3049dbd13 100644
--- a/src/cert/cvc/freestore.h
+++ b/src/cert/cvc/freestore.h
@@ -1,7 +1,8 @@
-/**
+/*
 * (C) 2007 Christoph Ludwig
-*          [email protected]
-**/
+*
+* Distributed under the terms of the Botan license
+*/
 
 #ifndef BOTAN_FREESTORE_H__
 #define BOTAN_FREESTORE_H__
@@ -16,8 +17,6 @@ namespace Botan {
 * enables convenient automatic conversions between plain and smart
 * pointer types. It internally stores a SharedPointer which can be
 * accessed.
-*
-* Distributed under the terms of the Botan license
 */
 template<typename T>
 class BOTAN_DLL SharedPtrConverter
diff --git a/src/cert/x509/x509_ca.cpp b/src/cert/x509/x509_ca.cpp
index 4c4748065..3ba18e50e 100644
--- a/src/cert/x509/x509_ca.cpp
+++ b/src/cert/x509/x509_ca.cpp
@@ -9,9 +9,10 @@
 #include <botan/x509stor.h>
 #include <botan/der_enc.h>
 #include <botan/ber_dec.h>
-#include <botan/look_pk.h>
 #include <botan/bigint.h>
 #include <botan/parsing.h>
+#include <botan/lookup.h>
+#include <botan/look_pk.h>
 #include <botan/oids.h>
 #include <botan/time.h>
 #include <algorithm>
@@ -20,22 +21,33 @@
 #include <memory>
 #include <set>
 
+#include <stdio.h>
+
 namespace Botan {
 
 /*
 * Load the certificate and private key
 */
 X509_CA::X509_CA(const X509_Certificate& c,
-                 const Private_Key& key) : cert(c)
+                 const Private_Key& key,
+                 const std::string& hash_fn) : cert(c)
    {
-   const Private_Key* key_pointer = &key;
-   if(!dynamic_cast<const PK_Signing_Key*>(key_pointer))
+   // Use pointer dynamic_cast to avoid exception if cast fails
+   if(!dynamic_cast<const PK_Signing_Key*>(&key))
       throw Invalid_Argument("X509_CA: " + key.algo_name() + " cannot sign");
 
    if(!cert.is_CA_cert())
       throw Invalid_Argument("X509_CA: This certificate is not for a CA");
 
-   signer = choose_sig_format(key, ca_sig_algo);
+   signer = choose_sig_format(key, hash_fn, ca_sig_algo);
+   }
+
+/*
+* X509_CA Destructor
+*/
+X509_CA::~X509_CA()
+   {
+   delete signer;
    }
 
 /*
@@ -70,7 +82,8 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
    extensions.add(
       new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name()));
 
-   return make_cert(signer, rng, ca_sig_algo, req.raw_public_key(),
+   return make_cert(signer, rng, ca_sig_algo,
+                    req.raw_public_key(),
                     not_before, not_after,
                     cert.subject_dn(), req.subject_dn(),
                     extensions);
@@ -231,17 +244,10 @@ X509_Certificate X509_CA::ca_certificate() const
    }
 
 /*
-* X509_CA Destructor
-*/
-X509_CA::~X509_CA()
-   {
-   delete signer;
-   }
-
-/*
 * Choose a signing format for the key
 */
 PK_Signer* choose_sig_format(const Private_Key& key,
+                             const std::string& hash_fn,
                              AlgorithmIdentifier& sig_algo)
    {
    std::string padding;
@@ -249,24 +255,36 @@ PK_Signer* choose_sig_format(const Private_Key& key,
 
    const std::string algo_name = key.algo_name();
 
+   const HashFunction* proto_hash = retrieve_hash(hash_fn);
+   if(!proto_hash)
+      throw Algorithm_Not_Found(hash_fn);
+
+   if(key.max_input_bits() < proto_hash->OUTPUT_LENGTH*8)
+      {
+      printf("%d %d\n", key.max_input_bits(), proto_hash->OUTPUT_LENGTH*8);
+      throw Invalid_Argument("Key is too small for chosen hash function");
+      }
+
    if(algo_name == "RSA")
       {
-      padding = "EMSA3(SHA-160)";
+      padding = "EMSA3";
       format = IEEE_1363;
       }
    else if(algo_name == "DSA")
       {
-      padding = "EMSA1(SHA-160)";
+      padding = "EMSA1";
       format = DER_SEQUENCE;
       }
    else if(algo_name == "ECDSA")
       {
-      padding = "EMSA1_BSI(SHA-160)";
+      padding = "EMSA1_BSI";
       format = IEEE_1363;
       }
    else
       throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
 
+   padding = padding + '(' + proto_hash->name() + ')';
+
    sig_algo.oid = OIDS::lookup(algo_name + "/" + padding);
 
    std::unique_ptr<X509_Encoder> encoding(key.x509_encoder());
diff --git a/src/cert/x509/x509_ca.h b/src/cert/x509/x509_ca.h
index ef2a8d134..6eb4bbbef 100644
--- a/src/cert/x509/x509_ca.h
+++ b/src/cert/x509/x509_ca.h
@@ -50,7 +50,8 @@ class BOTAN_DLL X509_CA
       * as the offset from the current time
       * @return the new CRL
       */
-      X509_CRL new_crl(RandomNumberGenerator& rng, u32bit = 0) const;
+      X509_CRL new_crl(RandomNumberGenerator& rng,
+                       u32bit next_update = 0) const;
 
       /**
       * Create a new CRL by with additional entries.
@@ -65,27 +66,45 @@ class BOTAN_DLL X509_CA
                           RandomNumberGenerator& rng,
                           u32bit next_update = 0) const;
 
-      static X509_Certificate make_cert(PK_Signer*,
-                                        RandomNumberGenerator&,
-                                        const AlgorithmIdentifier&,
-                                        const MemoryRegion<byte>&,
-                                        const X509_Time&, const X509_Time&,
-                                        const X509_DN&, const X509_DN&,
-                                        const Extensions&);
+      /**
+      * Interface for creating new certificates
+      * @param signer a signing object
+      * @param rng a random number generator
+      * @param sig_algo the signature algorithm identifier
+      * @param not_before the start time of the certificate
+      * @param not_after the end time of the certificate
+      * @param issuer_dn the DN of the issuer
+      * @param subject_dn the DN of the subject
+      * @param extensions an optional list of certificate extensions
+      * @returns newly minted certificate
+      */
+      static X509_Certificate make_cert(PK_Signer* signer,
+                                        RandomNumberGenerator& rng,
+                                        const AlgorithmIdentifier& sig_algo,
+                                        const MemoryRegion<byte>& pub_key,
+                                        const X509_Time& not_before,
+                                        const X509_Time& not_after,
+                                        const X509_DN& issuer_dn,
+                                        const X509_DN& subject_dn,
+                                        const Extensions& extensions);
 
       /**
       * Create a new CA object.
       * @param ca_certificate the certificate of the CA
       * @param key the private key of the CA
       */
-      X509_CA(const X509_Certificate& ca_certificate, const Private_Key& key);
+      X509_CA(const X509_Certificate& ca_certificate,
+              const Private_Key& key,
+              const std::string& hash_fn);
+
       ~X509_CA();
    private:
       X509_CA(const X509_CA&) {}
       X509_CA& operator=(const X509_CA&) { return (*this); }
 
-      X509_CRL make_crl(const std::vector<CRL_Entry>&,
-                        u32bit, u32bit, RandomNumberGenerator&) const;
+      X509_CRL make_crl(const std::vector<CRL_Entry>& entries,
+                        u32bit crl_number, u32bit next_update,
+                        RandomNumberGenerator& rng) const;
 
       AlgorithmIdentifier ca_sig_algo;
       X509_Certificate cert;
@@ -96,13 +115,14 @@ class BOTAN_DLL X509_CA
 * Choose the default signature format for a certain public key signature
 * scheme.
 * @param key will be the key to choose a padding scheme for
+* @param hash_fn is the desired hash function
 * @param alg_id will be set to the chosen scheme
 * @return A PK_Signer object for generating signatures
 */
 BOTAN_DLL PK_Signer* choose_sig_format(const Private_Key& key,
+                                       const std::string& hash_fn,
                                        AlgorithmIdentifier& alg_id);
 
-
 }
 
 #endif
diff --git a/src/cert/x509/x509self.cpp b/src/cert/x509/x509self.cpp
index 598d6a418..8db2f37a6 100644
--- a/src/cert/x509/x509self.cpp
+++ b/src/cert/x509/x509self.cpp
@@ -65,6 +65,7 @@ namespace X509 {
 */
 X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
                                          const Private_Key& key,
+                                         const std::string& hash_fn,
                                          RandomNumberGenerator& rng)
    {
    AlgorithmIdentifier sig_algo;
@@ -103,6 +104,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
 */
 PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
                                const Private_Key& key,
+                               const std::string& hash_fn,
                                RandomNumberGenerator& rng)
    {
    AlgorithmIdentifier sig_algo;
@@ -110,7 +112,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
    AlternativeName subject_alt;
 
    MemoryVector<byte> pub_key = shared_setup(opts, key);
-   std::unique_ptr<PK_Signer> signer(choose_sig_format(key, sig_algo));
+   std::unique_ptr<PK_Signer> signer(choose_sig_format(key, hash_fn, sig_algo));
    load_info(opts, subject_dn, subject_alt);
 
    const u32bit PKCS10_VERSION = 0;
diff --git a/src/cert/x509/x509self.h b/src/cert/x509/x509self.h
index bd3e29179..741350067 100644
--- a/src/cert/x509/x509self.h
+++ b/src/cert/x509/x509self.h
@@ -172,12 +172,14 @@ namespace X509 {
 * @param opts the options defining the certificate to create
 * @param key the private key used for signing, i.e. the key
 * associated with this self-signed certificate
+* @param hash_fn the hash function to use
 * @param rng the rng to use
 * @return the newly created self-signed certificate
 */
 BOTAN_DLL X509_Certificate
 create_self_signed_cert(const X509_Cert_Options& opts,
                         const Private_Key& key,
+                        const std::string& hash_fn,
                         RandomNumberGenerator& rng);
 
 /**
@@ -185,10 +187,12 @@ create_self_signed_cert(const X509_Cert_Options& opts,
 * @param opts the options defining the request to create
 * @param key the key used to sign this request
 * @param rng the rng to use
+* @param hash_fn the hash function to use
 * @return the newly created PKCS#10 request
 */
 BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
                                          const Private_Key& key,
+                                         const std::string& hash_fn,
                                          RandomNumberGenerator& rng);
 
 }