aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert/cvc
diff options
context:
space:
mode:
Diffstat (limited to 'src/cert/cvc')
-rw-r--r--src/cert/cvc/asn1_eac_tm.cpp122
-rw-r--r--src/cert/cvc/cvc_ado.cpp22
-rw-r--r--src/cert/cvc/cvc_ado.h8
-rw-r--r--src/cert/cvc/cvc_cert.cpp16
-rw-r--r--src/cert/cvc/cvc_cert.h4
-rw-r--r--src/cert/cvc/cvc_gen_cert.h28
-rw-r--r--src/cert/cvc/cvc_req.cpp2
-rw-r--r--src/cert/cvc/cvc_req.h2
-rw-r--r--src/cert/cvc/cvc_self.cpp54
-rw-r--r--src/cert/cvc/eac_asn_obj.h64
-rw-r--r--src/cert/cvc/eac_obj.h2
-rw-r--r--src/cert/cvc/ecdsa_sig.cpp14
-rw-r--r--src/cert/cvc/ecdsa_sig.h8
-rw-r--r--src/cert/cvc/info.txt1
-rw-r--r--src/cert/cvc/signed_obj.cpp6
-rw-r--r--src/cert/cvc/signed_obj.h10
16 files changed, 157 insertions, 206 deletions
diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp
index db5d2fbaf..a3a4d043d 100644
--- a/src/cert/cvc/asn1_eac_tm.cpp
+++ b/src/cert/cvc/asn1_eac_tm.cpp
@@ -1,7 +1,7 @@
/*
* EAC Time Types
* (C) 2007 FlexSecure GmbH
-* 2008 Jack Lloyd
+* 2008-2009 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -12,17 +12,17 @@
#include <botan/charset.h>
#include <botan/parsing.h>
#include <botan/internal/rounding.h>
-#include <botan/time.h>
+#include <botan/calendar.h>
namespace Botan {
namespace {
-SecureVector<byte> enc_two_digit(u32bit in)
+secure_vector<byte> enc_two_digit(u32bit in)
{
- SecureVector<byte> result;
+ secure_vector<byte> result;
in %= 100;
- if (in < 10)
+ if(in < 10)
result.push_back(0x00);
else
{
@@ -51,9 +51,10 @@ u32bit dec_two_digit(byte b1, byte b2)
/*
* Create an EAC_Time
*/
-EAC_Time::EAC_Time(u64bit timer, ASN1_Tag t) : tag(t)
+EAC_Time::EAC_Time(const std::chrono::system_clock::time_point& time,
+ ASN1_Tag t) : tag(t)
{
- calendar_point cal = calendar_value(timer);
+ calendar_point cal = calendar_value(time);
year = cal.year;
month = cal.month;
@@ -67,6 +68,7 @@ EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) : tag(t)
{
set_to(t_spec);
}
+
/*
* Create an EAC_Time
*/
@@ -80,7 +82,7 @@ EAC_Time::EAC_Time(u32bit y, u32bit m, u32bit d, ASN1_Tag t) :
*/
void EAC_Time::set_to(const std::string& time_str)
{
- if (time_str == "")
+ if(time_str == "")
{
year = month = day = 0;
return;
@@ -89,28 +91,28 @@ void EAC_Time::set_to(const std::string& time_str)
std::vector<std::string> params;
std::string current;
- for (u32bit j = 0; j != time_str.size(); ++j)
+ for(u32bit j = 0; j != time_str.size(); ++j)
{
- if (Charset::is_digit(time_str[j]))
+ if(Charset::is_digit(time_str[j]))
current += time_str[j];
else
{
- if (current != "")
+ if(current != "")
params.push_back(current);
current.clear();
}
}
- if (current != "")
+ if(current != "")
params.push_back(current);
- if (params.size() != 3)
+ if(params.size() != 3)
throw Invalid_Argument("Invalid time specification " + time_str);
year = to_u32bit(params[0]);
month = to_u32bit(params[1]);
day = to_u32bit(params[2]);
- if (!passes_sanity_check())
+ if(!passes_sanity_check())
throw Invalid_Argument("Invalid time specification " + time_str);
}
@@ -129,15 +131,10 @@ void EAC_Time::encode_into(DER_Encoder& der) const
*/
std::string EAC_Time::as_string() const
{
- if (time_is_set() == false)
+ if(time_is_set() == false)
throw Invalid_State("EAC_Time::as_string: No time set");
- std::string asn1rep;
- asn1rep = to_string(year, 2);
-
- asn1rep += to_string(month, 2) + to_string(day, 2);
-
- return asn1rep;
+ return std::to_string(year * 10000 + month * 100 + day);
}
/*
@@ -153,15 +150,14 @@ bool EAC_Time::time_is_set() const
*/
std::string EAC_Time::readable_string() const
{
- if (time_is_set() == false)
+ if(time_is_set() == false)
throw Invalid_State("EAC_Time::readable_string: No time set");
- std::string readable;
- readable += to_string(year, 2) + "/";
- readable += to_string(month, 2) + "/";
- readable += to_string(day, 2) + " ";
+ std::string output(11, 0);
- return readable;
+ std::sprintf(&output[0], "%04d/%02d/%02d", year, month, day);
+
+ return output;
}
/*
@@ -169,11 +165,11 @@ std::string EAC_Time::readable_string() const
*/
bool EAC_Time::passes_sanity_check() const
{
- if (year < 2000 || year > 2099)
+ if(year < 2000 || year > 2099)
return false;
- if (month == 0 || month > 12)
+ if(month == 0 || month > 12)
return false;
- if (day == 0 || day > 31)
+ if(day == 0 || day > 31)
return false;
return true;
@@ -182,11 +178,11 @@ bool EAC_Time::passes_sanity_check() const
/*
* modification functions
*/
-
void EAC_Time::add_years(u32bit years)
{
year += years;
}
+
void EAC_Time::add_months(u32bit months)
{
year += months/12;
@@ -198,23 +194,22 @@ void EAC_Time::add_months(u32bit months)
}
}
-
/*
* Compare this time against another
*/
s32bit EAC_Time::cmp(const EAC_Time& other) const
{
- if (time_is_set() == false)
+ if(time_is_set() == false)
throw Invalid_State("EAC_Time::cmp: No time set");
const s32bit EARLIER = -1, LATER = 1, SAME_TIME = 0;
- if (year < other.year) return EARLIER;
- if (year > other.year) return LATER;
- if (month < other.month) return EARLIER;
- if (month > other.month) return LATER;
- if (day < other.day) return EARLIER;
- if (day > other.day) return LATER;
+ if(year < other.year) return EARLIER;
+ if(year > other.year) return LATER;
+ if(month < other.month) return EARLIER;
+ if(month > other.month) return LATER;
+ if(day < other.day) return EARLIER;
+ if(day > other.day) return LATER;
return SAME_TIME;
}
@@ -283,61 +278,16 @@ void EAC_Time::decode_from(BER_Decoder& source)
}
-u32bit EAC_Time::get_year() const
- {
- return year;
- }
-
-u32bit EAC_Time::get_month() const
- {
- return month;
- }
-
-u32bit EAC_Time::get_day() const
- {
- return day;
- }
-
/*
* make the value an octet string for encoding
*/
-SecureVector<byte> EAC_Time::encoded_eac_time() const
+secure_vector<byte> EAC_Time::encoded_eac_time() const
{
- SecureVector<byte> result;
+ secure_vector<byte> result;
result += enc_two_digit(year);
result += enc_two_digit(month);
result += enc_two_digit(day);
return result;
}
-ASN1_Ced::ASN1_Ced(std::string const& str) :
- EAC_Time(str, ASN1_Tag(37))
- {}
-
-ASN1_Ced::ASN1_Ced(u64bit val) :
- EAC_Time(val, ASN1_Tag(37))
- {}
-
-ASN1_Ced::ASN1_Ced(EAC_Time const& other) :
- EAC_Time(other.get_year(),
- other.get_month(),
- other.get_day(),
- ASN1_Tag(37))
- {}
-
-ASN1_Cex::ASN1_Cex(std::string const& str) :
- EAC_Time(str, ASN1_Tag(36))
- {}
-
-ASN1_Cex::ASN1_Cex(u64bit val) :
- EAC_Time(val, ASN1_Tag(36))
- {}
-
-ASN1_Cex::ASN1_Cex(EAC_Time const& other) :
- EAC_Time(other.get_year(),
- other.get_month(),
- other.get_day(),
- ASN1_Tag(36))
- {}
-
}
diff --git a/src/cert/cvc/cvc_ado.cpp b/src/cert/cvc/cvc_ado.cpp
index 38f51e8dc..f224d15b9 100644
--- a/src/cert/cvc/cvc_ado.cpp
+++ b/src/cert/cvc/cvc_ado.cpp
@@ -26,7 +26,7 @@ EAC1_1_ADO::EAC1_1_ADO(const std::string& in)
void EAC1_1_ADO::force_decode()
{
- SecureVector<byte> inner_cert;
+ secure_vector<byte> inner_cert;
BER_Decoder(tbs_bits)
.start_cons(ASN1_Tag(33))
.raw_bytes(inner_cert)
@@ -34,7 +34,7 @@ void EAC1_1_ADO::force_decode()
.decode(m_car)
.verify_end();
- SecureVector<byte> req_bits = DER_Encoder()
+ secure_vector<byte> req_bits = DER_Encoder()
.start_cons(ASN1_Tag(33), APPLICATION)
.raw_bytes(inner_cert)
.end_cons()
@@ -45,11 +45,11 @@ void EAC1_1_ADO::force_decode()
sig_algo = m_req.sig_algo;
}
-MemoryVector<byte> EAC1_1_ADO::make_signed(PK_Signer& signer,
- const MemoryRegion<byte>& tbs_bits,
+std::vector<byte> EAC1_1_ADO::make_signed(PK_Signer& signer,
+ const secure_vector<byte>& tbs_bits,
RandomNumberGenerator& rng)
{
- SecureVector<byte> concat_sig = signer.sign_message(tbs_bits, rng);
+ secure_vector<byte> concat_sig = signer.sign_message(tbs_bits, rng);
return DER_Encoder()
.start_cons(ASN1_Tag(7), APPLICATION)
@@ -65,11 +65,11 @@ ASN1_Car EAC1_1_ADO::get_car() const
}
void EAC1_1_ADO::decode_info(DataSource& source,
- SecureVector<byte> & res_tbs_bits,
+ secure_vector<byte> & res_tbs_bits,
ECDSA_Signature & res_sig)
{
- SecureVector<byte> concat_sig;
- SecureVector<byte> cert_inner_bits;
+ secure_vector<byte> concat_sig;
+ secure_vector<byte> cert_inner_bits;
ASN1_Car car;
BER_Decoder(source)
@@ -81,7 +81,7 @@ void EAC1_1_ADO::decode_info(DataSource& source,
.decode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION)
.end_cons();
- SecureVector<byte> enc_cert = DER_Encoder()
+ secure_vector<byte> enc_cert = DER_Encoder()
.start_cons(ASN1_Tag(33), APPLICATION)
.raw_bytes(cert_inner_bits)
.end_cons()
@@ -97,7 +97,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const
if(encoding == PEM)
throw Invalid_Argument("EAC1_1_ADO::encode() cannot PEM encode an EAC object");
- SecureVector<byte> concat_sig(
+ secure_vector<byte> concat_sig(
EAC1_1_obj<EAC1_1_ADO>::m_sig.get_concatenation());
out.write(DER_Encoder()
@@ -108,7 +108,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const
.get_contents());
}
-SecureVector<byte> EAC1_1_ADO::tbs_data() const
+secure_vector<byte> EAC1_1_ADO::tbs_data() const
{
return tbs_bits;
}
diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h
index 65a39fd91..81b89ea00 100644
--- a/src/cert/cvc/cvc_ado.h
+++ b/src/cert/cvc/cvc_ado.h
@@ -43,9 +43,9 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO>
* @param tbs_bits the TBS data to sign
* @param rng a random number generator
*/
- static MemoryVector<byte> make_signed(
+ static std::vector<byte> make_signed(
PK_Signer& signer,
- const MemoryRegion<byte>& tbs_bits,
+ const secure_vector<byte>& tbs_bits,
RandomNumberGenerator& rng);
/**
@@ -73,7 +73,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO>
* Get the TBS data of this CVC ADO request.
* @result the TBS data
*/
- SecureVector<byte> tbs_data() const;
+ secure_vector<byte> tbs_data() const;
virtual ~EAC1_1_ADO() {}
private:
@@ -82,7 +82,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO>
void force_decode();
static void decode_info(DataSource& source,
- SecureVector<byte> & res_tbs_bits,
+ secure_vector<byte> & res_tbs_bits,
ECDSA_Signature & res_sig);
};
diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp
index 54f72ecfc..12558bb80 100644
--- a/src/cert/cvc/cvc_cert.cpp
+++ b/src/cert/cvc/cvc_cert.cpp
@@ -33,8 +33,8 @@ u32bit EAC1_1_CVC::get_chat_value() const
*/
void EAC1_1_CVC::force_decode()
{
- SecureVector<byte> enc_pk;
- SecureVector<byte> enc_chat_val;
+ secure_vector<byte> enc_pk;
+ secure_vector<byte> enc_chat_val;
size_t cpi;
BER_Decoder tbs_cert(tbs_bits);
tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION)
@@ -88,7 +88,7 @@ bool EAC1_1_CVC::operator==(EAC1_1_CVC const& rhs) const
&& get_concat_sig() == rhs.get_concat_sig());
}
-ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion<byte>&,
+ECDSA_PublicKey* decode_eac1_1_key(const secure_vector<byte>&,
AlgorithmIdentifier&)
{
throw Internal_Error("decode_eac1_1_key: Unimplemented");
@@ -96,7 +96,7 @@ ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion<byte>&,
}
EAC1_1_CVC make_cvc_cert(PK_Signer& signer,
- MemoryRegion<byte> const& public_key,
+ secure_vector<byte> const& public_key,
ASN1_Car const& car,
ASN1_Chr const& chr,
byte holder_auth_templ,
@@ -105,12 +105,12 @@ EAC1_1_CVC make_cvc_cert(PK_Signer& signer,
RandomNumberGenerator& rng)
{
OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate"));
- MemoryVector<byte> enc_chat_val;
+ std::vector<byte> enc_chat_val;
enc_chat_val.push_back(holder_auth_templ);
- MemoryVector<byte> enc_cpi;
+ std::vector<byte> enc_cpi;
enc_cpi.push_back(0x00);
- MemoryVector<byte> tbs = DER_Encoder()
+ std::vector<byte> tbs = DER_Encoder()
.encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi
.encode(car)
.raw_bytes(public_key)
@@ -123,7 +123,7 @@ EAC1_1_CVC make_cvc_cert(PK_Signer& signer,
.encode(cex)
.get_contents();
- MemoryVector<byte> signed_cert =
+ std::vector<byte> signed_cert =
EAC1_1_CVC::make_signed(signer,
EAC1_1_CVC::build_cert_body(tbs),
rng);
diff --git a/src/cert/cvc/cvc_cert.h b/src/cert/cvc/cvc_cert.h
index 69d0d824a..20370e64b 100644
--- a/src/cert/cvc/cvc_cert.h
+++ b/src/cert/cvc/cvc_cert.h
@@ -96,7 +96,7 @@ inline bool operator!=(EAC1_1_CVC const& lhs, EAC1_1_CVC const& rhs)
* @param rng a random number generator
*/
EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer,
- const MemoryRegion<byte>& public_key,
+ const secure_vector<byte>& public_key,
ASN1_Car const& car,
ASN1_Chr const& chr,
byte holder_auth_templ,
@@ -107,7 +107,7 @@ EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer,
/**
* Decode an EAC encoding ECDSA key
*/
-BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion<byte>& enc_key,
+BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const secure_vector<byte>& enc_key,
AlgorithmIdentifier& sig_algo);
}
diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h
index ad61b85bf..a272e316f 100644
--- a/src/cert/cvc/cvc_gen_cert.h
+++ b/src/cert/cvc/cvc_gen_cert.h
@@ -56,14 +56,14 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1
* Get the to-be-signed (TBS) data of this object.
* @result the TBS data of this object
*/
- SecureVector<byte> tbs_data() const;
+ secure_vector<byte> tbs_data() const;
/**
* Build the DER encoded certifcate body of an object
* @param tbs the data to be signed
* @result the correctly encoded body of the object
*/
- static SecureVector<byte> build_cert_body(MemoryRegion<byte> const& tbs);
+ static secure_vector<byte> build_cert_body(secure_vector<byte> const& tbs);
/**
* Create a signed generalized CVC object.
@@ -72,9 +72,9 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1
* @param rng a random number generator
* @result the DER encoded signed generalized CVC object
*/
- static MemoryVector<byte> make_signed(
+ static std::vector<byte> make_signed(
PK_Signer& signer,
- const MemoryRegion<byte>& tbs_bits,
+ const secure_vector<byte>& tbs_bits,
RandomNumberGenerator& rng);
EAC1_1_gen_CVC() { m_pk = 0; }
@@ -88,7 +88,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1
bool self_signed;
static void decode_info(DataSource& source,
- SecureVector<byte> & res_tbs_bits,
+ secure_vector<byte> & res_tbs_bits,
ECDSA_Signature & res_sig);
};
@@ -104,12 +104,12 @@ template<typename Derived> bool EAC1_1_gen_CVC<Derived>::is_self_signed() const
}
template<typename Derived>
-MemoryVector<byte> EAC1_1_gen_CVC<Derived>::make_signed(
+std::vector<byte> EAC1_1_gen_CVC<Derived>::make_signed(
PK_Signer& signer,
- const MemoryRegion<byte>& tbs_bits,
+ const secure_vector<byte>& tbs_bits,
RandomNumberGenerator& rng) // static
{
- SecureVector<byte> concat_sig = signer.sign_message(tbs_bits, rng);
+ secure_vector<byte> concat_sig = signer.sign_message(tbs_bits, rng);
return DER_Encoder()
.start_cons(ASN1_Tag(33), APPLICATION)
@@ -125,7 +125,7 @@ Public_Key* EAC1_1_gen_CVC<Derived>::subject_public_key() const
return new ECDSA_PublicKey(*m_pk);
}
-template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(MemoryRegion<byte> const& tbs)
+template<typename Derived> secure_vector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(secure_vector<byte> const& tbs)
{
return DER_Encoder()
.start_cons(ASN1_Tag(78), APPLICATION)
@@ -133,15 +133,15 @@ template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::build_cer
.end_cons().get_contents();
}
-template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::tbs_data() const
+template<typename Derived> secure_vector<byte> EAC1_1_gen_CVC<Derived>::tbs_data() const
{
return build_cert_body(EAC1_1_obj<Derived>::tbs_bits);
}
template<typename Derived> void EAC1_1_gen_CVC<Derived>::encode(Pipe& out, X509_Encoding encoding) const
{
- SecureVector<byte> concat_sig(EAC1_1_obj<Derived>::m_sig.get_concatenation());
- SecureVector<byte> der = DER_Encoder()
+ secure_vector<byte> concat_sig(EAC1_1_obj<Derived>::m_sig.get_concatenation());
+ secure_vector<byte> der = DER_Encoder()
.start_cons(ASN1_Tag(33), APPLICATION)
.start_cons(ASN1_Tag(78), APPLICATION)
.raw_bytes(EAC1_1_obj<Derived>::tbs_bits)
@@ -159,10 +159,10 @@ template<typename Derived> void EAC1_1_gen_CVC<Derived>::encode(Pipe& out, X509_
template<typename Derived>
void EAC1_1_gen_CVC<Derived>::decode_info(
DataSource& source,
- SecureVector<byte> & res_tbs_bits,
+ secure_vector<byte> & res_tbs_bits,
ECDSA_Signature & res_sig)
{
- SecureVector<byte> concat_sig;
+ secure_vector<byte> concat_sig;
BER_Decoder(source)
.start_cons(ASN1_Tag(33))
.start_cons(ASN1_Tag(78))
diff --git a/src/cert/cvc/cvc_req.cpp b/src/cert/cvc/cvc_req.cpp
index ad9e2f4ca..bd7dee3fa 100644
--- a/src/cert/cvc/cvc_req.cpp
+++ b/src/cert/cvc/cvc_req.cpp
@@ -19,7 +19,7 @@ bool EAC1_1_Req::operator==(EAC1_1_Req const& rhs) const
void EAC1_1_Req::force_decode()
{
- SecureVector<byte> enc_pk;
+ secure_vector<byte> enc_pk;
BER_Decoder tbs_cert(tbs_bits);
size_t cpi;
tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION)
diff --git a/src/cert/cvc/cvc_req.h b/src/cert/cvc/cvc_req.h
index 1e8cea7f8..ac4e22453 100644
--- a/src/cert/cvc/cvc_req.h
+++ b/src/cert/cvc/cvc_req.h
@@ -35,7 +35,7 @@ class BOTAN_DLL EAC1_1_Req : public EAC1_1_gen_CVC<EAC1_1_Req>
EAC1_1_Req(DataSource& source);
/**
- * Construct a CVC request from a DER encoded CVC reqeust file.
+ * Construct a CVC request from a DER encoded CVC request file.
* @param str the path to the DER encoded file
*/
EAC1_1_Req(const std::string& str);
diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp
index 662a1d2be..e692bc9b8 100644
--- a/src/cert/cvc/cvc_self.cpp
+++ b/src/cert/cvc/cvc_self.cpp
@@ -8,7 +8,6 @@
#include <botan/cvc_self.h>
#include <botan/ecc_key.h>
#include <botan/point_gfp.h>
-#include <botan/time.h>
#include <botan/oids.h>
#include <sstream>
#include <memory>
@@ -35,7 +34,7 @@ void encode_eac_bigint(DER_Encoder& der, const BigInt& x, ASN1_Tag tag)
der.encode(BigInt::encode_1363(x, x.bytes()), OCTET_STRING, tag);
}
-MemoryVector<byte> eac_1_1_encoding(const EC_PublicKey* key,
+std::vector<byte> eac_1_1_encoding(const EC_PublicKey* key,
const OID& sig_algo)
{
if(key->domain_format() == EC_DOMPAR_ENC_OID)
@@ -107,7 +106,7 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key,
PK_Signer signer(*priv_key, padding_and_hash);
- MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
+ std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
return make_cvc_cert(signer,
enc_public_key,
@@ -134,17 +133,17 @@ EAC1_1_Req create_cvc_req(Private_Key const& key,
PK_Signer signer(*priv_key, padding_and_hash);
- MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
+ std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
- MemoryVector<byte> enc_cpi;
+ std::vector<byte> enc_cpi;
enc_cpi.push_back(0x00);
- MemoryVector<byte> tbs = DER_Encoder()
+ std::vector<byte> tbs = DER_Encoder()
.encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION)
.raw_bytes(enc_public_key)
.encode(chr)
.get_contents();
- MemoryVector<byte> signed_cert =
+ std::vector<byte> signed_cert =
EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer,
EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs),
rng);
@@ -164,12 +163,13 @@ EAC1_1_ADO create_ado_req(Private_Key const& key,
{
throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
}
+
std::string padding_and_hash = padding_and_hash_from_oid(req.signature_algorithm().oid);
PK_Signer signer(*priv_key, padding_and_hash);
- SecureVector<byte> tbs_bits = req.BER_encode();
+ secure_vector<byte> tbs_bits = req.BER_encode();
tbs_bits += DER_Encoder().encode(car).get_contents();
- MemoryVector<byte> signed_cert =
+ std::vector<byte> signed_cert =
EAC1_1_ADO::make_signed(signer, tbs_bits, rng);
DataSource_Memory source(signed_cert);
@@ -193,9 +193,8 @@ EAC1_1_CVC create_cvca(Private_Key const& key,
}
EAC1_1_CVC_Options opts;
opts.car = car;
- const u64bit current_time = system_time();
- opts.ced = ASN1_Ced(current_time);
+ opts.ced = ASN1_Ced(std::chrono::system_clock::now());
opts.cex = ASN1_Cex(opts.ced);
opts.cex.add_months(cvca_validity_months);
opts.holder_auth_templ = (CVCA | (iris * IRIS) | (fingerpr * FINGERPRINT));
@@ -210,12 +209,12 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
EAC1_1_CVC const& signee,
RandomNumberGenerator& rng)
{
- ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
+ const ECDSA_PrivateKey* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
+
if (priv_key == 0)
- {
- throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
- }
- ASN1_Ced ced(system_time());
+ throw Invalid_Argument("link_cvca(): unsupported key type");
+
+ ASN1_Ced ced(std::chrono::system_clock::now());
ASN1_Cex cex(signee.get_cex());
if (*static_cast<EAC_Time*>(&ced) > *static_cast<EAC_Time*>(&cex))
{
@@ -232,11 +231,11 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer,
AlgorithmIdentifier sig_algo = signer.signature_algorithm();
std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid);
PK_Signer pk_signer(*priv_key, padding_and_hash);
- std::auto_ptr<Public_Key> pk(signee.subject_public_key());
+ std::unique_ptr<Public_Key> pk(signee.subject_public_key());
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT);
- MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
+ std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
return make_cvc_cert(pk_signer, enc_public_key,
signer.get_car(),
@@ -262,13 +261,19 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
}
std::string chr_str = signee.get_chr().value();
- chr_str += to_string(seqnr, seqnr_len);
+
+ std::string seqnr_string = std::to_string(seqnr);
+
+ while(seqnr_string.size() < seqnr_len)
+ seqnr_string = '0' + seqnr_string;
+
+ chr_str += seqnr_string;
ASN1_Chr chr(chr_str);
std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid);
PK_Signer pk_signer(*priv_key, padding_and_hash);
- std::auto_ptr<Public_Key> pk(signee.subject_public_key());
+ std::unique_ptr<Public_Key> pk(signee.subject_public_key());
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
- std::auto_ptr<Public_Key> signer_pk(signer_cert.subject_public_key());
+ std::unique_ptr<Public_Key> signer_pk(signer_cert.subject_public_key());
// for the case that the domain parameters are not set...
// (we use those from the signer because they must fit)
@@ -277,8 +282,9 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm());
- const u64bit current_time = system_time();
- ASN1_Ced ced(current_time);
+
+ ASN1_Ced ced(std::chrono::system_clock::now());
+
u32bit chat_val;
u32bit chat_low = signer_cert.get_chat_value() & 0x3; // take the chat rights from signer
ASN1_Cex cex(ced);
@@ -303,7 +309,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert,
// (IS cannot sign certificates)
}
- MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
+ std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
return make_cvc_cert(pk_signer, enc_public_key,
ASN1_Car(signer_cert.get_chr().iso_8859()),
diff --git a/src/cert/cvc/eac_asn_obj.h b/src/cert/cvc/eac_asn_obj.h
index d0bab6fdd..9937abb01 100644
--- a/src/cert/cvc/eac_asn_obj.h
+++ b/src/cert/cvc/eac_asn_obj.h
@@ -56,7 +56,6 @@ class BOTAN_DLL EAC_Time : public ASN1_Object
* e.g. "2007 08 01"
*/
void set_to(const std::string& str);
- //void set_to(const std::string&, ASN1_Tag);
/**
* Add the specified number of years to this.
@@ -74,28 +73,32 @@ class BOTAN_DLL EAC_Time : public ASN1_Object
* Get the year value of this objects.
* @return year value
*/
- u32bit get_year() const;
+ u32bit get_year() const { return year; }
/**
* Get the month value of this objects.
* @return month value
*/
- u32bit get_month() const;
+ u32bit get_month() const { return month; }
/**
* Get the day value of this objects.
* @return day value
*/
- u32bit get_day() const;
+ u32bit get_day() const { return day; }
- EAC_Time(u64bit, ASN1_Tag t = ASN1_Tag(0));
- //EAC_Time(const std::string& = "");
- EAC_Time(const std::string&, ASN1_Tag = ASN1_Tag(0));
- EAC_Time(u32bit year, u32bit month, u32bit day, ASN1_Tag = ASN1_Tag(0));
+ EAC_Time(const std::chrono::system_clock::time_point& time,
+ ASN1_Tag tag = ASN1_Tag(0));
+
+ EAC_Time(const std::string& yyyy_mm_dd,
+ ASN1_Tag tag = ASN1_Tag(0));
+
+ EAC_Time(u32bit year, u32bit month, u32bit day,
+ ASN1_Tag tag = ASN1_Tag(0));
virtual ~EAC_Time() {}
private:
- SecureVector<byte> encoded_eac_time() const;
+ secure_vector<byte> encoded_eac_time() const;
bool passes_sanity_check() const;
u32bit year, month, day;
ASN1_Tag tag;
@@ -113,25 +116,25 @@ class BOTAN_DLL ASN1_Ced : public EAC_Time
* @param str a string in the format "yyyy mm dd",
* e.g. "2007 08 01"
*/
- ASN1_Ced(std::string const& str = "");
+ ASN1_Ced(const std::string& str = "") :
+ EAC_Time(str, ASN1_Tag(37)) {}
/**
- * Construct a CED from a timer value.
- * @param time the number of seconds elapsed midnight, 1st
- * January 1970 GMT (or 7pm, 31st December 1969 EST) up to the
- * desired date
+ * Construct a CED from a time point
*/
- ASN1_Ced(u64bit time);
+ ASN1_Ced(const std::chrono::system_clock::time_point& time) :
+ EAC_Time(time, ASN1_Tag(37)) {}
/**
* Copy constructor (for general EAC_Time objects).
* @param other the object to copy from
*/
- ASN1_Ced(EAC_Time const& other);
- //ASN1_Ced(ASN1_Cex const& cex);
+ ASN1_Ced(const EAC_Time& other) :
+ EAC_Time(other.get_year(), other.get_month(), other.get_day(),
+ ASN1_Tag(37))
+ {}
};
-
/**
* This class represents CVC CEXs. Only limited sanity checks of
* the inputted date value are performed.
@@ -140,27 +143,20 @@ class BOTAN_DLL ASN1_Cex : public EAC_Time
{
public:
/**
- * Construct a CED from a string value.
+ * Construct a CEX from a string value.
* @param str a string in the format "yyyy mm dd",
* e.g. "2007 08 01"
*/
- ASN1_Cex(std::string const& str="");
+ ASN1_Cex(const std::string& str = "") :
+ EAC_Time(str, ASN1_Tag(36)) {}
- /**
- * Construct a CED from a timer value.
- * @param time the number of seconds elapsed
- * midnight, 1st
- * January 1970 GMT (or 7pm, 31st December 1969 EST)
- * up to the desired date
- */
- ASN1_Cex(u64bit time);
+ ASN1_Cex(const std::chrono::system_clock::time_point& time) :
+ EAC_Time(time, ASN1_Tag(36)) {}
- /**
- * Copy constructor (for general EAC_Time objects).
- * @param other the object to copy from
- */
- ASN1_Cex(EAC_Time const& other);
- //ASN1_Cex(ASN1_Ced const& ced);
+ ASN1_Cex(const EAC_Time& other) :
+ EAC_Time(other.get_year(), other.get_month(), other.get_day(),
+ ASN1_Tag(36))
+ {}
};
/**
diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h
index eb6db3369..39f34b874 100644
--- a/src/cert/cvc/eac_obj.h
+++ b/src/cert/cvc/eac_obj.h
@@ -24,7 +24,7 @@ class EAC1_1_obj : public EAC_Signed_Object
* Return the signature as a concatenation of the encoded parts.
* @result the concatenated signature
*/
- SecureVector<byte> get_concat_sig() const
+ secure_vector<byte> get_concat_sig() const
{ return m_sig.get_concatenation(); }
bool check_signature(class Public_Key& key) const
diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp
index e8fd7f051..91166ad79 100644
--- a/src/cert/cvc/ecdsa_sig.cpp
+++ b/src/cert/cvc/ecdsa_sig.cpp
@@ -10,7 +10,7 @@
namespace Botan {
-ECDSA_Signature::ECDSA_Signature(const MemoryRegion<byte>& ber)
+ECDSA_Signature::ECDSA_Signature(const secure_vector<byte>& ber)
{
BER_Decoder(ber)
.start_cons(SEQUENCE)
@@ -20,7 +20,7 @@ ECDSA_Signature::ECDSA_Signature(const MemoryRegion<byte>& ber)
.verify_end();
}
-MemoryVector<byte> ECDSA_Signature::DER_encode() const
+std::vector<byte> ECDSA_Signature::DER_encode() const
{
return DER_Encoder()
.start_cons(SEQUENCE)
@@ -30,20 +30,20 @@ MemoryVector<byte> ECDSA_Signature::DER_encode() const
.get_contents();
}
-MemoryVector<byte> ECDSA_Signature::get_concatenation() const
+std::vector<byte> ECDSA_Signature::get_concatenation() const
{
// use the larger
const size_t enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes();
- SecureVector<byte> sv_r = BigInt::encode_1363(m_r, enc_len);
- SecureVector<byte> sv_s = BigInt::encode_1363(m_s, enc_len);
+ secure_vector<byte> sv_r = BigInt::encode_1363(m_r, enc_len);
+ secure_vector<byte> sv_s = BigInt::encode_1363(m_s, enc_len);
- SecureVector<byte> result(sv_r);
+ secure_vector<byte> result(sv_r);
result += sv_s;
return result;
}
-ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concat)
+ECDSA_Signature decode_concatenation(const secure_vector<byte>& concat)
{
if(concat.size() % 2 != 0)
throw Invalid_Argument("Erroneous length of signature");
diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h
index a92052470..a92d5078c 100644
--- a/src/cert/cvc/ecdsa_sig.h
+++ b/src/cert/cvc/ecdsa_sig.h
@@ -27,7 +27,7 @@ class BOTAN_DLL ECDSA_Signature
ECDSA_Signature(const BigInt& r, const BigInt& s) :
m_r(r), m_s(s) {}
- ECDSA_Signature(const MemoryRegion<byte>& ber);
+ ECDSA_Signature(const secure_vector<byte>& ber);
const BigInt& get_r() const { return m_r; }
const BigInt& get_s() const { return m_s; }
@@ -35,9 +35,9 @@ class BOTAN_DLL ECDSA_Signature
/**
* return the r||s
*/
- MemoryVector<byte> get_concatenation() const;
+ std::vector<byte> get_concatenation() const;
- MemoryVector<byte> DER_encode() const;
+ std::vector<byte> DER_encode() const;
bool operator==(const ECDSA_Signature& other) const
{
@@ -54,7 +54,7 @@ inline bool operator!=(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs)
return !(lhs == rhs);
}
-ECDSA_Signature decode_concatenation(const MemoryRegion<byte>& concatenation);
+ECDSA_Signature decode_concatenation(const secure_vector<byte>& concatenation);
}
diff --git a/src/cert/cvc/info.txt b/src/cert/cvc/info.txt
index 33a872053..3cf759188 100644
--- a/src/cert/cvc/info.txt
+++ b/src/cert/cvc/info.txt
@@ -1,5 +1,4 @@
define CARD_VERIFIABLE_CERTIFICATES
-
load_on request
<header:public>
diff --git a/src/cert/cvc/signed_obj.cpp b/src/cert/cvc/signed_obj.cpp
index d6aa2f02b..4f04cd72e 100644
--- a/src/cert/cvc/signed_obj.cpp
+++ b/src/cert/cvc/signed_obj.cpp
@@ -16,7 +16,7 @@ namespace Botan {
/*
* Return a BER encoded X.509 object
*/
-SecureVector<byte> EAC_Signed_Object::BER_encode() const
+secure_vector<byte> EAC_Signed_Object::BER_encode() const
{
Pipe ber;
ber.start_msg();
@@ -46,7 +46,7 @@ AlgorithmIdentifier EAC_Signed_Object::signature_algorithm() const
}
bool EAC_Signed_Object::check_signature(Public_Key& pub_key,
- const MemoryRegion<byte>& sig) const
+ const secure_vector<byte>& sig) const
{
try
{
@@ -62,7 +62,7 @@ bool EAC_Signed_Object::check_signature(Public_Key& pub_key,
Signature_Format format =
(pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363;
- SecureVector<byte> to_sign = tbs_data();
+ secure_vector<byte> to_sign = tbs_data();
PK_Verifier verifier(pub_key, padding, format);
return verifier.verify_message(to_sign, sig);
diff --git a/src/cert/cvc/signed_obj.h b/src/cert/cvc/signed_obj.h
index 20f0e7b14..45bd2858e 100644
--- a/src/cert/cvc/signed_obj.h
+++ b/src/cert/cvc/signed_obj.h
@@ -26,7 +26,7 @@ class BOTAN_DLL EAC_Signed_Object
* Get the TBS (to-be-signed) data in this object.
* @return DER encoded TBS data of this object
*/
- virtual SecureVector<byte> tbs_data() const = 0;
+ virtual secure_vector<byte> tbs_data() const = 0;
/**
* Get the signature of this object as a concatenation, i.e. if the
@@ -39,7 +39,7 @@ class BOTAN_DLL EAC_Signed_Object
NOTE: this is here only because abstract signature objects have
not yet been introduced
*/
- virtual SecureVector<byte> get_concat_sig() const = 0;
+ virtual secure_vector<byte> get_concat_sig() const = 0;
/**
* Get the signature algorithm identifier used to sign this object.
@@ -55,7 +55,7 @@ class BOTAN_DLL EAC_Signed_Object
* associated with this public key
*/
bool check_signature(class Public_Key& key,
- const MemoryRegion<byte>& sig) const;
+ const secure_vector<byte>& sig) const;
/**
* Write this object DER encoded into a specified pipe.
@@ -69,7 +69,7 @@ class BOTAN_DLL EAC_Signed_Object
* BER encode this object.
* @return result containing the BER representation of this object.
*/
- SecureVector<byte> BER_encode() const;
+ secure_vector<byte> BER_encode() const;
/**
* PEM encode this object.
@@ -83,7 +83,7 @@ class BOTAN_DLL EAC_Signed_Object
EAC_Signed_Object() {}
AlgorithmIdentifier sig_algo;
- SecureVector<byte> tbs_bits;
+ secure_vector<byte> tbs_bits;
std::string PEM_label_pref;
std::vector<std::string> PEM_labels_allowed;
private: