diff options
Diffstat (limited to 'src/cert/cvc/eac_obj.h')
| -rw-r--r-- | src/cert/cvc/eac_obj.h | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h new file mode 100644 index 000000000..5b1912595 --- /dev/null +++ b/src/cert/cvc/eac_obj.h @@ -0,0 +1,132 @@ +/************************************************* +* EAC1_1 objects Header File * +* (C) 2008 Falko Strenzke * +* [email protected] * +*************************************************/ + +#ifndef BOTAN_EAC_OBJ_H__ +#define BOTAN_EAC_OBJ_H__ + +#include <botan/pubkey.h> +#include <botan/x509_key.h> +#include <botan/x509_obj.h> +#include <botan/enums.h> +#include <botan/pubkey.h> +#include <botan/parsing.h> +#include <botan/pem.h> +#include <botan/oids.h> +#include <botan/look_pk.h> +#include <botan/ecdsa_sig.h> +#include <string> + +namespace Botan { + +const std::string eac_cvc_emsa("EMSA1_BSI"); + +/************************************************* +* TR03110 v1.1 EAC CV Certificate * +*************************************************/ +template<typename Derived> +class EAC1_1_obj : public X509_Object // CRTP is used enable the call sequence: + { + // data members first: + protected: + + ECDSA_Signature m_sig; + + + // member functions here: + public: + /** + * Return the signature as a concatenation of the encoded parts. + * @result the concatenated signature + */ + SecureVector<byte> get_concat_sig() const; + + /** + * Verify the signature of this objects. + * @param pub_key the public key to verify the signature with + * @result true if the verification succeeded + */ + virtual bool check_signature(Public_Key& pub_key) const; + + protected: + void init(SharedPtrConverter<DataSource> in); + + static SecureVector<byte> make_signature(const PK_Signer* signer, + const MemoryRegion<byte>& tbs_bits, + RandomNumberGenerator& rng); + + virtual ~EAC1_1_obj<Derived>(){} + + }; + +template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::get_concat_sig() const + { + return m_sig.get_concatenation(); + } +template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::make_signature(const PK_Signer* signer, + const MemoryRegion<byte>& tbs_bits, + RandomNumberGenerator& rng) + { + SecureVector<byte> seq_sig = signer->sign_message(tbs_bits, rng); // this is the signature as a der sequence + ECDSA_Signature sig(decode_seq(seq_sig)); + SecureVector<byte> concat_sig(sig.get_concatenation()); + return concat_sig; + } + +template<typename Derived> void EAC1_1_obj<Derived>::init(SharedPtrConverter<DataSource> in) + { + + try + { + Derived::decode_info(in.get_shared(), tbs_bits, m_sig); + } + catch(Decoding_Error) + { + throw Decoding_Error(PEM_label_pref + " decoding failed"); + } + } + +template<typename Derived> bool EAC1_1_obj<Derived>::check_signature(Public_Key& pub_key) const + { + try + { + std::vector<std::string> sig_info = + split_on(OIDS::lookup(sig_algo.oid), '/'); + + if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) + { + return false; + } + + std::string padding = sig_info[1]; + Signature_Format format = + (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; + + std::auto_ptr<PK_Verifier> verifier; + if(dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key)) + { + PK_Verifying_wo_MR_Key& sig_key = + dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key); + verifier.reset(get_pk_verifier(sig_key, padding, format)); + } + else + { + return false; + } + std::auto_ptr<ECDSA_Signature_Encoder> enc = m_sig.x509_encoder(); + SecureVector<byte> seq_sig = enc->signature_bits(); + SecureVector<byte> to_sign = tbs_data(); + return verifier->verify_message(to_sign, seq_sig); + + } + catch(...) + { + return false; + } + } + +} + +#endif |