Port in the code for forming the EAC encoding of an ECDSA key, so now

generating new CVC certs might actually work.
author: lloyd <[email protected]> 2010-03-02 18:39:04 +0000
committer: lloyd <[email protected]> 2010-03-02 18:39:04 +0000
commit: 7f81b3a4af59347337733a808172932de8f9c931 (patch)
tree: 5241f94d9ef72cb40bd27571886fada5f616e0d4 /src
parent: bc6999a27f996747cba2bfffdce70ca9106c3a4e (diff)
1 files changed, 47 insertions, 19 deletions
diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp
index bafeea63f..3b8f909de 100644
--- a/src/cert/cvc/cvc_self.cpp
+++ b/src/cert/cvc/cvc_self.cpp
@@ -6,13 +6,8 @@
 */
 
 #include <botan/cvc_self.h>
-#include <botan/cvc_cert.h>
-#include <botan/alg_id.h>
-#include <botan/cvc_key.h>
-#include <botan/oids.h>
-#include <botan/look_pk.h>
-#include <botan/cvc_req.h>
-#include <botan/cvc_ado.h>
+#include <botan/ecc_key.h>
+#include <botan/point_gfp.h>
 #include <botan/time.h>
 #include <sstream>
 
@@ -33,10 +28,46 @@ enum CHAT_values{
       FINGERPRINT = 0x01
 };
 
-MemoryVector<byte> eac_1_1_encoding(const Public_Key* pub_key)
+void encode_eac_bigint(DER_Encoder& der, const BigInt& x, ASN1_Tag tag)
    {
-   throw Invalid_State("eac_1_1_encoding: Not implemented");
-   return MemoryVector<byte>();
+   der.encode(BigInt::encode_1363(x, x.bytes()), OCTET_STRING, tag);
+   }
+
+MemoryVector<byte> eac_1_1_encoding(const EC_PublicKey* key,
+                                    const OID& sig_algo)
+   {
+   if(key->domain_format() == EC_DOMPAR_ENC_OID)
+      throw Encoding_Error("CVC encoder: cannot encode parameters by OID");
+
+   const EC_Domain_Params& domain = key->domain();
+
+   // This is why we can't have nice things
+
+   DER_Encoder enc;
+   enc.start_cons(ASN1_Tag(73), APPLICATION)
+      .encode(sig_algo);
+
+   if(key->domain_format() == EC_DOMPAR_ENC_EXPLICIT)
+      {
+      encode_eac_bigint(enc, domain.get_curve().get_p(), ASN1_Tag(1));
+      encode_eac_bigint(enc, domain.get_curve().get_a(), ASN1_Tag(2));
+      encode_eac_bigint(enc, domain.get_curve().get_b(), ASN1_Tag(3));
+
+      enc.encode(EC2OSP(domain.get_base_point(), PointGFp::UNCOMPRESSED),
+                 OCTET_STRING, ASN1_Tag(4));
+
+      encode_eac_bigint(enc, domain.get_order(), ASN1_Tag(4));
+      }
+
+   enc.encode(EC2OSP(key->public_point(), PointGFp::UNCOMPRESSED),
+              OCTET_STRING, ASN1_Tag(6));
+
+   if(key->domain_format() == EC_DOMPAR_ENC_EXPLICIT)
+      encode_eac_bigint(enc, domain.get_cofactor(), ASN1_Tag(7));
+
+   enc.end_cons();
+
+   return enc.get_contents();
    }
 
 std::string padding_and_hash_from_oid(OID const& oid)
@@ -95,7 +126,7 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key,
    std::auto_ptr<Botan::PK_Signer> signer(
       get_pk_signer(*priv_key, padding_and_hash));
 
-   MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key);
+   MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
 
    return make_cvc_cert(*signer,
                         enc_public_key,
@@ -122,7 +153,7 @@ EAC1_1_Req create_cvc_req(Private_Key const& key,
 
    std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash));
 
-   MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key);
+   MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
 
    MemoryVector<byte> enc_cpi;
    enc_cpi.append(0x00);
@@ -222,7 +253,7 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
    ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
    subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT);
 
-   MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key);
+   MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
 
    return make_cvc_cert(*pk_signer, enc_public_key,
                         signer.get_car(),
@@ -262,8 +293,6 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
 
    subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
 
-   MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key);
-
    AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm());
    const u64bit current_time = system_time();
    ASN1_Ced ced(current_time);
@@ -275,13 +304,9 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
       // we sign a dvca
       cex.add_months(dvca_validity_months);
       if (domestic)
-         {
          chat_val = DVCA_domestic | chat_low;
-         }
       else
-         {
          chat_val = DVCA_foreign | chat_low;
-         }
       }
    else if ((signer_cert.get_chat_value() & DVCA_domestic) == DVCA_domestic ||
             (signer_cert.get_chat_value() & DVCA_foreign) == DVCA_foreign)
@@ -294,6 +319,9 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
       throw Invalid_Argument("sign_request(): encountered illegal value for CHAT");
       // (IS cannot sign certificates)
       }
+
+   MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
+
    return make_cvc_cert(*pk_signer, enc_public_key,
                         ASN1_Car(signer_cert.get_chr().iso_8859()),
                         chr,
author	lloyd <[email protected]>	2010-03-02 18:39:04 +0000
committer	lloyd <[email protected]>	2010-03-02 18:39:04 +0000
commit	7f81b3a4af59347337733a808172932de8f9c931 (patch)
tree	5241f94d9ef72cb40bd27571886fada5f616e0d4 /src
parent	bc6999a27f996747cba2bfffdce70ca9106c3a4e (diff)