diff options
| author | David Clark <david.a.clark@nokia.com> | 2010-11-18 16:20:48 +1000 |
|---|---|---|
| committer | David Clark <david.a.clark@nokia.com> | 2010-11-18 16:20:48 +1000 |
| commit | c223232bc15106750da632598047a35ad3762723 (patch) | |
| tree | 403f7aa2c3a5a912edce6feae869046c89d29178 /botan/src/cert/cvc | |
| parent | b984b0b62076067f1f75db5a7eda5aaa2cdaad2a (diff) | |
Diffstat (limited to 'botan/src/cert/cvc')
| -rw-r--r-- | botan/src/cert/cvc/asn1_eac_str.cpp | 130 | ||||
| -rw-r--r-- | botan/src/cert/cvc/asn1_eac_tm.cpp | 361 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_ado.cpp | 135 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_ado.h | 101 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_ca.cpp | 46 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_ca.h | 51 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_cert.cpp | 102 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_cert.h | 94 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_gen_cert.h | 177 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_key.h | 54 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_req.cpp | 68 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_req.h | 62 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_self.cpp | 327 | ||||
| -rw-r--r-- | botan/src/cert/cvc/cvc_self.h | 167 | ||||
| -rw-r--r-- | botan/src/cert/cvc/eac_asn_obj.h | 244 | ||||
| -rw-r--r-- | botan/src/cert/cvc/eac_obj.h | 131 | ||||
| -rw-r--r-- | botan/src/cert/cvc/ecdsa_sig.cpp | 64 | ||||
| -rw-r--r-- | botan/src/cert/cvc/ecdsa_sig.h | 88 | ||||
| -rw-r--r-- | botan/src/cert/cvc/freestore.h | 85 | ||||
| -rw-r--r-- | botan/src/cert/cvc/info.txt | 44 | ||||
| -rw-r--r-- | botan/src/cert/cvc/signed_obj.cpp | 67 | ||||
| -rw-r--r-- | botan/src/cert/cvc/signed_obj.h | 93 |
22 files changed, 0 insertions, 2691 deletions
diff --git a/botan/src/cert/cvc/asn1_eac_str.cpp b/botan/src/cert/cvc/asn1_eac_str.cpp deleted file mode 100644 index a306ffb..0000000 --- a/botan/src/cert/cvc/asn1_eac_str.cpp +++ /dev/null @@ -1,130 +0,0 @@ -/* -* Simple ASN.1 String Types -* (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/eac_asn_obj.h> -#include <botan/der_enc.h> -#include <botan/ber_dec.h> -#include <botan/charset.h> -#include <botan/parsing.h> -#include <sstream> - -namespace Botan { - -/* -* Create an ASN1_EAC_String -*/ -ASN1_EAC_String::ASN1_EAC_String(const std::string& str, ASN1_Tag t) : tag(t) - { - iso_8859_str = Charset::transcode(str, LOCAL_CHARSET, LATIN1_CHARSET); - if (!sanity_check()) - { - throw Invalid_Argument("attempted to construct ASN1_EAC_String with illegal characters"); - } - } - -/* -* Return this string in ISO 8859-1 encoding -*/ -std::string ASN1_EAC_String::iso_8859() const - { - return iso_8859_str; - } - -/* -* Return this string in local encoding -*/ -std::string ASN1_EAC_String::value() const - { - return Charset::transcode(iso_8859_str, LATIN1_CHARSET, LOCAL_CHARSET); - } - -/* -* Return the type of this string object -*/ -ASN1_Tag ASN1_EAC_String::tagging() const - { - return tag; - } - -/* -* DER encode an ASN1_EAC_String -*/ -void ASN1_EAC_String::encode_into(DER_Encoder& encoder) const - { - std::string value = iso_8859(); - encoder.add_object(tagging(), APPLICATION, value); - } - -/* -* Decode a BER encoded ASN1_EAC_String -*/ -void ASN1_EAC_String::decode_from(BER_Decoder& source) - { - BER_Object obj = source.get_next_object(); - if (obj.type_tag != this->tag) - { - - std::string message("decoding type mismatch for ASN1_EAC_String, tag is "); - std::stringstream ss; - std::string str_is; - ss << std::hex << obj.type_tag; - ss >> str_is; - message.append(str_is); - message.append(", while it should be "); - std::stringstream ss2; - std::string str_should; - ss2 << std::hex << this->tag; - ss2 >> str_should; - message.append(str_should); - throw Decoding_Error(message); - } - Character_Set charset_is; - charset_is = LATIN1_CHARSET; - - try - { - *this = ASN1_EAC_String( - Charset::transcode(ASN1::to_string(obj), charset_is, LOCAL_CHARSET), - obj.type_tag); - } - catch (Invalid_Argument inv_arg) - { - throw Decoding_Error(std::string("error while decoding ASN1_EAC_String: ") + std::string(inv_arg.what())); - } - } - -// checks for compliance to the alphabet defined in TR-03110 v1.10, 2007-08-20 -// p. 43 -bool ASN1_EAC_String::sanity_check() const - { - const byte* rep = reinterpret_cast<const byte*>(iso_8859_str.data()); - const u32bit rep_len = iso_8859_str.size(); - for (u32bit i=0; i<rep_len; i++) - { - if ((rep[i] < 0x20) || ((rep[i] >= 0x7F) && (rep[i] < 0xA0))) - { - return false; - } - } - return true; - } - -bool operator==(const ASN1_EAC_String& lhs, const ASN1_EAC_String& rhs) - { - return (lhs.iso_8859() == rhs.iso_8859()); - } - -ASN1_Car::ASN1_Car(std::string const& str) - : ASN1_EAC_String(str, ASN1_Tag(2)) - {} - -ASN1_Chr::ASN1_Chr(std::string const& str) - : ASN1_EAC_String(str, ASN1_Tag(32)) - {} - -} diff --git a/botan/src/cert/cvc/asn1_eac_tm.cpp b/botan/src/cert/cvc/asn1_eac_tm.cpp deleted file mode 100644 index 05533b5..0000000 --- a/botan/src/cert/cvc/asn1_eac_tm.cpp +++ /dev/null @@ -1,361 +0,0 @@ -/* -* EAC Time Types -* (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/eac_asn_obj.h> -#include <botan/der_enc.h> -#include <botan/ber_dec.h> -#include <botan/charset.h> -#include <botan/parsing.h> -#include <ctime> -#include <sstream> - -namespace Botan { - -namespace { - -/* -* Convert a time_t to a struct tm -*/ -std::tm get_tm(u64bit timer) - { - std::time_t time_val = static_cast<std::time_t>(timer); - - std::tm* tm_p = std::gmtime(&time_val); - if (tm_p == 0) - throw Encoding_Error("EAC_Time: gmtime could not encode " + - to_string(timer)); - return (*tm_p); - } -SecureVector<byte> enc_two_digit(u32bit in) - { - SecureVector<byte> result; - in %= 100; - if (in < 10) - { - result.append(0x00); - } - else - { - u32bit y_first_pos = (in - (in%10))/10; - result.append(static_cast<byte>(y_first_pos)); - } - u32bit y_sec_pos = in%10; - result.append(static_cast<byte>(y_sec_pos)); - return result; - } -u32bit dec_two_digit(byte b1, byte b2) - { - u32bit upper = (u32bit)b1; - u32bit lower = (u32bit)b2; - if (upper > 9 || lower > 9) - { - throw Invalid_Argument("u32bit dec_two_digit(byte b1, byte b2): value too large"); - } - return upper*10 + lower; - - } -} - -/* -* Create an EAC_Time -*/ -EAC_Time::EAC_Time(u64bit timer, ASN1_Tag t) - :tag(t) - { - std::tm time_info = get_tm(timer); - - year = time_info.tm_year + 1900; - month = time_info.tm_mon + 1; - day = time_info.tm_mday; - - } - -/* -* Create an EAC_Time -*/ -EAC_Time::EAC_Time(const std::string& t_spec, ASN1_Tag t) - :tag(t) - { - set_to(t_spec); - } -/* -* Create an EAC_Time -*/ -EAC_Time::EAC_Time(u32bit y, u32bit m, u32bit d, ASN1_Tag t) - : year(y), - month(m), - day(d), - tag(t) - { - } - -/* -* Set the time with a human readable string -*/ -void EAC_Time::set_to(const std::string& time_str) - { - if (time_str == "") - { - year = month = day = 0; - return; - } - - std::vector<std::string> params; - std::string current; - - for (u32bit j = 0; j != time_str.size(); ++j) - { - if (Charset::is_digit(time_str[j])) - current += time_str[j]; - else - { - if (current != "") - params.push_back(current); - current.clear(); - } - } - if (current != "") - params.push_back(current); - - if (params.size() != 3) - throw Invalid_Argument("Invalid time specification " + time_str); - - year = to_u32bit(params[0]); - month = to_u32bit(params[1]); - day = to_u32bit(params[2]); - - if (!passes_sanity_check()) - throw Invalid_Argument("Invalid time specification " + time_str); - } - - -/* -* DER encode a EAC_Time -*/ -void EAC_Time::encode_into(DER_Encoder& der) const - { - der.add_object(tag, APPLICATION, - encoded_eac_time()); - } - -/* -* Return a string representation of the time -*/ -std::string EAC_Time::as_string() const - { - if (time_is_set() == false) - throw Invalid_State("EAC_Time::as_string: No time set"); - - std::string asn1rep; - asn1rep = to_string(year, 2); - - asn1rep += to_string(month, 2) + to_string(day, 2); - - return asn1rep; - } - -/* -* Return if the time has been set somehow -*/ -bool EAC_Time::time_is_set() const - { - return (year != 0); - } - -/* -* Return a human readable string representation -*/ -std::string EAC_Time::readable_string() const - { - if (time_is_set() == false) - throw Invalid_State("EAC_Time::readable_string: No time set"); - - std::string readable; - readable += to_string(year, 2) + "/"; - readable += to_string(month, 2) + "/"; - readable += to_string(day, 2) + " "; - - return readable; - } - -/* -* Do a general sanity check on the time -*/ -bool EAC_Time::passes_sanity_check() const - { - if (year < 2000 || year > 2099) - return false; - if (month == 0 || month > 12) - return false; - if (day == 0 || day > 31) - return false; - - return true; - } - -/****************************************** -* modification functions -******************************************/ - -void EAC_Time::add_years(u32bit years) - { - year += years; - } -void EAC_Time::add_months(u32bit months) - { - year += months/12; - month += months % 12; - if(month > 12) - { - year += 1; - month -= 12; - } - } - - -/* -* Compare this time against another -*/ -s32bit EAC_Time::cmp(const EAC_Time& other) const - { - if (time_is_set() == false) - throw Invalid_State("EAC_Time::cmp: No time set"); - - const s32bit EARLIER = -1, LATER = 1, SAME_TIME = 0; - - if (year < other.year) return EARLIER; - if (year > other.year) return LATER; - if (month < other.month) return EARLIER; - if (month > other.month) return LATER; - if (day < other.day) return EARLIER; - if (day > other.day) return LATER; - - return SAME_TIME; - } - -/* -* Compare two EAC_Times for in various ways -*/ -bool operator==(const EAC_Time& t1, const EAC_Time& t2) - { - return (t1.cmp(t2) == 0); - } -bool operator!=(const EAC_Time& t1, const EAC_Time& t2) - { - return (t1.cmp(t2) != 0); - } -bool operator<=(const EAC_Time& t1, const EAC_Time& t2) - { - return (t1.cmp(t2) <= 0); - } -bool operator>=(const EAC_Time& t1, const EAC_Time& t2) - { - return (t1.cmp(t2) >= 0); - } -bool operator>(const EAC_Time& t1, const EAC_Time& t2) - { - return (t1.cmp(t2) > 0); - } -bool operator<(const EAC_Time& t1, const EAC_Time& t2) - { - return (t1.cmp(t2) < 0); - } - -/* -* Decode a BER encoded EAC_Time -*/ -void EAC_Time::decode_from(BER_Decoder& source) - { - BER_Object obj = source.get_next_object(); - if (obj.type_tag != this->tag) - { - std::string message("decoding type mismatch for EAC_Time, tag is "); - std::stringstream ss; - std::string str_is; - ss << std::hex << obj.type_tag; - ss >> str_is; - message.append(str_is); - message.append(", while it should be "); - std::stringstream ss2; - std::string str_should; - ss2 << std::hex << this->tag; - ss2 >> str_should; - message.append(str_should); - throw Decoding_Error(message); - - } - if (obj.value.size() != 6) - { - throw Decoding_Error("EAC_Time decoding failed"); - } - try - { - u32bit tmp_year = dec_two_digit(obj.value[0], obj.value[1]); - u32bit tmp_mon = dec_two_digit(obj.value[2], obj.value[3]); - u32bit tmp_day = dec_two_digit(obj.value[4], obj.value[5]); - year = tmp_year + 2000; - month = tmp_mon; - day = tmp_day; - } - catch (Invalid_Argument) - { - throw Decoding_Error("EAC_Time decoding failed"); - } - - } - -u32bit EAC_Time::get_year() const - { - return year; - } -u32bit EAC_Time::get_month() const - { - return month; - } -u32bit EAC_Time::get_day() const - { - return day; - } - -/* -* make the value an octet string for encoding -*/ -SecureVector<byte> EAC_Time::encoded_eac_time() const - { - SecureVector<byte> result; - result.append(enc_two_digit(year)); - result.append(enc_two_digit(month)); - result.append(enc_two_digit(day)); - return result; - } - -ASN1_Ced::ASN1_Ced(std::string const& str) - : EAC_Time(str, ASN1_Tag(37)) - {} - -ASN1_Ced::ASN1_Ced(u64bit val) - : EAC_Time(val, ASN1_Tag(37)) - {} - -ASN1_Ced::ASN1_Ced(EAC_Time const& other) - : EAC_Time(other.get_year(), other.get_month(), other.get_day(), ASN1_Tag(37)) - {} - -ASN1_Cex::ASN1_Cex(std::string const& str) - : EAC_Time(str, ASN1_Tag(36)) - {} - -ASN1_Cex::ASN1_Cex(u64bit val) - : EAC_Time(val, ASN1_Tag(36)) - {} - -ASN1_Cex::ASN1_Cex(EAC_Time const& other) - : EAC_Time(other.get_year(), other.get_month(), other.get_day(), ASN1_Tag(36)) - {} - -} diff --git a/botan/src/cert/cvc/cvc_ado.cpp b/botan/src/cert/cvc/cvc_ado.cpp deleted file mode 100644 index 6e1484e..0000000 --- a/botan/src/cert/cvc/cvc_ado.cpp +++ /dev/null @@ -1,135 +0,0 @@ -/* -* CVC Certificate Constructor -* (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/cvc_ado.h> -#include <fstream> -#include <assert.h> - -namespace Botan { - -EAC1_1_ADO::EAC1_1_ADO(std::tr1::shared_ptr<DataSource> in) - { - init(in); - do_decode(); - } - -EAC1_1_ADO::EAC1_1_ADO(const std::string& in) - { - std::tr1::shared_ptr<DataSource> stream(new DataSource_Stream(in, true)); - init(stream); - do_decode(); - } - -void EAC1_1_ADO::force_decode() - { - SecureVector<byte> inner_cert; - BER_Decoder(tbs_bits) - .start_cons(ASN1_Tag(33)) - .raw_bytes(inner_cert) - .end_cons() - .decode(m_car) - .verify_end(); - - SecureVector<byte> req_bits = DER_Encoder() - .start_cons(ASN1_Tag(33), APPLICATION) - .raw_bytes(inner_cert) - .end_cons() - .get_contents(); - - std::tr1::shared_ptr<DataSource> req_source(new DataSource_Memory(req_bits)); - m_req = EAC1_1_Req(req_source); - sig_algo = m_req.sig_algo; - } - -MemoryVector<byte> EAC1_1_ADO::make_signed( - std::auto_ptr<PK_Signer> signer, - const MemoryRegion<byte>& tbs_bits, - RandomNumberGenerator& rng) - { - SecureVector<byte> concat_sig = - EAC1_1_obj<EAC1_1_ADO>::make_signature(signer.get(), tbs_bits, rng); - assert(concat_sig.size() % 2 == 0); - MemoryVector<byte> result = DER_Encoder() - .start_cons(ASN1_Tag(7), APPLICATION) - .raw_bytes(tbs_bits) - .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) - .end_cons() - .get_contents(); - return result; - } - -ASN1_Car EAC1_1_ADO::get_car() const - { - return m_car; - } - -void EAC1_1_ADO::decode_info(SharedPtrConverter<DataSource> source, - SecureVector<byte> & res_tbs_bits, - ECDSA_Signature & res_sig) - { - SecureVector<byte> concat_sig; - SecureVector<byte> cert_inner_bits; - ASN1_Car car; - BER_Decoder(*source.get_ptr().get()) - .start_cons(ASN1_Tag(7)) - .start_cons(ASN1_Tag(33)) - .raw_bytes(cert_inner_bits) - .end_cons() - .decode(car) - .decode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) - .end_cons(); - - SecureVector<byte> enc_cert = DER_Encoder() - .start_cons(ASN1_Tag(33), APPLICATION) - .raw_bytes(cert_inner_bits) - .end_cons() - .get_contents(); - SecureVector<byte> enc_car = DER_Encoder() - .encode(car) - .get_contents(); - res_tbs_bits = enc_cert; - res_tbs_bits.append(enc_car); - res_sig = decode_concatenation(concat_sig); - - - } -void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const - { - SecureVector<byte> concat_sig(EAC1_1_obj<EAC1_1_ADO>::m_sig.get_concatenation()); - SecureVector<byte> der = DER_Encoder() - .start_cons(ASN1_Tag(7), APPLICATION) - .raw_bytes(tbs_bits) - .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) - .end_cons() - .get_contents(); - if(encoding == PEM) - throw Invalid_Argument("EAC1_1_ADO::encode() cannot PEM encode an EAC object"); - else - out.write(der); - } - -SecureVector<byte> EAC1_1_ADO::tbs_data() const - { - return tbs_bits; - } - -bool EAC1_1_ADO::operator==(EAC1_1_ADO const& rhs) const - { - assert(((this->m_req == rhs.m_req) && (this->tbs_data() == rhs.tbs_data())) || - ((this->m_req != rhs.m_req) && (this->tbs_data() != rhs.tbs_data()))); - return (this->get_concat_sig() == rhs.get_concat_sig() - && this->tbs_data() == rhs.tbs_data() - && this->get_car() == rhs.get_car()); - } - -EAC1_1_Req EAC1_1_ADO::get_request() const - { - return m_req; - } - -} diff --git a/botan/src/cert/cvc/cvc_ado.h b/botan/src/cert/cvc/cvc_ado.h deleted file mode 100644 index 2c4f3ce..0000000 --- a/botan/src/cert/cvc/cvc_ado.h +++ /dev/null @@ -1,101 +0,0 @@ -/* -* EAC1_1 CVC ADO -* (C) 2008 Falko Strenzke -* strenzke@flexsecure.de -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_EAC_CVC_ADO_H__ -#define BOTAN_EAC_CVC_ADO_H__ - -#include <botan/x509_key.h> -#include <botan/pubkey_enums.h> -#include <botan/pubkey.h> -#include <botan/ecdsa.h> -#include <botan/eac_obj.h> -#include <botan/cvc_req.h> -#include <string> - -namespace Botan { - -/** -* This class represents a TR03110 (EAC) v1.1 CVC ADO request -*/ - - // CRTP continuation from EAC1_1_obj -class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj<EAC1_1_ADO> - { - public: - friend class EAC1_1_obj<EAC1_1_ADO>; - - /** - * Construct a CVC ADO request from a DER encoded CVC ADO request file. - * @param str the path to the DER encoded file - */ - EAC1_1_ADO(const std::string& str); - - /** - * Construct a CVC ADO request from a data source - * @param source the data source - */ - EAC1_1_ADO(std::tr1::shared_ptr<DataSource> source); - - /** - * Create a signed CVC ADO request from to be signed (TBS) data - * @param signer the signer used to sign the CVC ADO request - * @param tbs_bits the TBS data to sign - */ - static MemoryVector<byte> make_signed( - std::auto_ptr<PK_Signer> signer, - const MemoryRegion<byte>& tbs_bits, - RandomNumberGenerator& rng); - - /** - * Get the CAR of this CVC ADO request - * @result the CAR of this CVC ADO request - */ - ASN1_Car get_car() const; - - /** - * Get the CVC request contained in this object. - * @result the CVC request inside this CVC ADO request - */ - EAC1_1_Req get_request() const; - - /** - * Encode this object into a pipe. Only DER is supported. - * @param out the pipe to encode this object into - * @param encoding the encoding type to use, must be DER - */ - void encode(Pipe& out, X509_Encoding encoding) const; - - bool operator==(EAC1_1_ADO const& rhs) const; - - /** - * Get the TBS data of this CVC ADO request. - * @result the TBS data - */ - SecureVector<byte> tbs_data() const; - - virtual ~EAC1_1_ADO() {} - private: - ASN1_Car m_car; - EAC1_1_Req m_req; - - void force_decode(); - static void decode_info(SharedPtrConverter<DataSource> source, - SecureVector<byte> & res_tbs_bits, - ECDSA_Signature & res_sig); - }; - -inline bool operator!=(EAC1_1_ADO const& lhs, EAC1_1_ADO const& rhs) - { - return (!(lhs == rhs)); - } - -} - -#endif - - diff --git a/botan/src/cert/cvc/cvc_ca.cpp b/botan/src/cert/cvc/cvc_ca.cpp deleted file mode 100644 index 638d3f9..0000000 --- a/botan/src/cert/cvc/cvc_ca.cpp +++ /dev/null @@ -1,46 +0,0 @@ -#include <botan/cvc_ca.h> -#include <botan/cvc_cert.h> -#include <botan/der_enc.h> -#include <botan/util.h> -#include <botan/oids.h> -namespace Botan { - -EAC1_1_CVC EAC1_1_CVC_CA::make_cert(std::auto_ptr<PK_Signer> signer, - MemoryRegion<byte> const& public_key, - ASN1_Car const& car, - ASN1_Chr const& chr, - byte holder_auth_templ, - ASN1_Ced ced, - ASN1_Cex cex, - RandomNumberGenerator& rng) - { - OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate")); - MemoryVector<byte> enc_chat_val; - enc_chat_val.append(holder_auth_templ); - - MemoryVector<byte> enc_cpi; - enc_cpi.append(0x00); - MemoryVector<byte> tbs = DER_Encoder() - .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi - .encode(car) - .raw_bytes(public_key) - .encode(chr) - .start_cons(ASN1_Tag(76), APPLICATION) - .encode(chat_oid) - .encode(enc_chat_val, OCTET_STRING, ASN1_Tag(19), APPLICATION) - .end_cons() - .encode(ced) - .encode(cex) - .get_contents(); - - MemoryVector<byte> signed_cert = - EAC1_1_CVC::make_signed(signer, - EAC1_1_CVC::build_cert_body(tbs), - rng); - - std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); - - return EAC1_1_CVC(source); - } - -} diff --git a/botan/src/cert/cvc/cvc_ca.h b/botan/src/cert/cvc/cvc_ca.h deleted file mode 100644 index 3ec307b..0000000 --- a/botan/src/cert/cvc/cvc_ca.h +++ /dev/null @@ -1,51 +0,0 @@ -/* -* EAC1.1 CVC Certificate Authority -* (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_CVC_CA_H__ -#define BOTAN_CVC_CA_H__ - -#include <botan/pkcs8.h> -#include <botan/pkcs10.h> -#include <botan/pubkey.h> -#include <botan/cvc_cert.h> - -namespace Botan { - -/** -* This class represents a CVC CA. -*/ -class BOTAN_DLL EAC1_1_CVC_CA - { - public: - - /** - * Create an arbitrary EAC 1.1 CVC. - * The desired key encoding must be set within the key (if applicable). - * @param signer the signer used to sign the certificate - * @param public_key the DER encoded public key to appear in - * the certificate - * @param car the CAR of the certificate - * @param chr the CHR of the certificate - * @param holder_auth_templ the holder authorization value byte to - * appear in the CHAT of the certificate - * @param ced the CED to appear in the certificate - * @param ced the CEX to appear in the certificate - */ - static EAC1_1_CVC make_cert(std::auto_ptr<PK_Signer> signer, - MemoryRegion<byte> const& public_key, - ASN1_Car const& car, - ASN1_Chr const& chr, - byte holder_auth_templ, - ASN1_Ced ced, - ASN1_Cex cex, - RandomNumberGenerator& rng); - }; - -} - -#endif diff --git a/botan/src/cert/cvc/cvc_cert.cpp b/botan/src/cert/cvc/cvc_cert.cpp deleted file mode 100644 index d2be12d..0000000 --- a/botan/src/cert/cvc/cvc_cert.cpp +++ /dev/null @@ -1,102 +0,0 @@ -/* - (C) 2007 FlexSecure GmbH - 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/cvc_cert.h> -#include <botan/cvc_key.h> -#include <botan/ecdsa.h> - -namespace Botan { - -ASN1_Car EAC1_1_CVC::get_car() const - { - return m_car; - } - -ASN1_Ced EAC1_1_CVC::get_ced() const - { - return m_ced; - } -ASN1_Cex EAC1_1_CVC::get_cex() const - { - return m_cex; - } -u32bit EAC1_1_CVC::get_chat_value() const - { - return m_chat_val; - } - -/* -* Decode the TBSCertificate data -*/ -void EAC1_1_CVC::force_decode() - { - SecureVector<byte> enc_pk; - SecureVector<byte> enc_chat_val; - u32bit cpi; - BER_Decoder tbs_cert(tbs_bits); - tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) - .decode(m_car) - .start_cons(ASN1_Tag(73)) - .raw_bytes(enc_pk) - .end_cons() - .decode(m_chr) - .start_cons(ASN1_Tag(76)) - .decode(m_chat_oid) - .decode(enc_chat_val, OCTET_STRING, ASN1_Tag(19), APPLICATION) - .end_cons() - .decode(m_ced) - .decode(m_cex) - .verify_end(); - - if(enc_chat_val.size() != 1) - throw Decoding_Error("CertificateHolderAuthorizationValue was not of length 1"); - - if(cpi != 0) - throw Decoding_Error("EAC1_1 certificateĀ“s cpi was not 0"); - - // FIXME: PK algos have no notion of EAC encoder/decoder currently -#if 0 - ECDSA_PublicKey tmp_pk; - std::auto_ptr<EAC1_1_CVC_Decoder> dec = tmp_pk.cvc_eac1_1_decoder(); - sig_algo = dec->public_key(enc_pk); - - - m_pk = tmp_pk; - m_chat_val = enc_chat_val[0]; - self_signed = false; - if(m_car.iso_8859() == m_chr.iso_8859()) - { - self_signed= true; - } -#endif - } - -/* -* CVC Certificate Constructor -*/ -EAC1_1_CVC::EAC1_1_CVC(std::tr1::shared_ptr<DataSource>& in) - { - init(in); - self_signed = false; - do_decode(); - } - -EAC1_1_CVC::EAC1_1_CVC(const std::string& in) - { - std::tr1::shared_ptr<DataSource> stream(new DataSource_Stream(in, true)); - init(stream); - self_signed = false; - do_decode(); - } - -bool EAC1_1_CVC::operator==(EAC1_1_CVC const& rhs) const - { - return (tbs_data() == rhs.tbs_data() - && get_concat_sig() == rhs.get_concat_sig()); - } - -} diff --git a/botan/src/cert/cvc/cvc_cert.h b/botan/src/cert/cvc/cvc_cert.h deleted file mode 100644 index 17671d3..0000000 --- a/botan/src/cert/cvc/cvc_cert.h +++ /dev/null @@ -1,94 +0,0 @@ -/* -* EAC1_1 CVC -* (C) 2008 Falko Strenzke -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_CVC_EAC_H__ -#define BOTAN_CVC_EAC_H__ - -#include <botan/x509_key.h> -#include <botan/pubkey_enums.h> -#include <botan/signed_obj.h> -#include <botan/pubkey.h> -#include <botan/ecdsa.h> -#include <botan/ecdsa_sig.h> -#include <botan/eac_obj.h> -#include <botan/cvc_gen_cert.h> -#include <string> - -namespace Botan { - -/** -* This class represents TR03110 (EAC) v1.1 CV Certificates -*/ -class BOTAN_DLL EAC1_1_CVC : public EAC1_1_gen_CVC<EAC1_1_CVC>//Signed_Object - { - public: - friend class EAC1_1_obj<EAC1_1_CVC>; - - /** - * Get the CAR of the certificate. - * @result the CAR of the certificate - */ - ASN1_Car get_car() const; - - /** - * Get the CED of this certificate. - * @result the CED this certificate - */ - ASN1_Ced get_ced() const; - - /** - * Get the CEX of this certificate. - * @result the CEX this certificate - */ - ASN1_Cex get_cex() const; - - /** - * Get the CHAT value. - * @result the CHAT value - */ - u32bit get_chat_value() const; - - bool operator==(const EAC1_1_CVC&) const; - - /** - * Construct a CVC from a data source - * @param source the data source - */ - EAC1_1_CVC(std::tr1::shared_ptr<DataSource>& source); - - /** - * Construct a CVC from a file - * @param str the path to the certificate file - */ - EAC1_1_CVC(const std::string& str); - - virtual ~EAC1_1_CVC() {} - private: - void force_decode(); - friend class EAC1_1_CVC_CA; - EAC1_1_CVC() {} - - ASN1_Car m_car; - ASN1_Ced m_ced; - ASN1_Cex m_cex; - byte m_chat_val; - OID m_chat_oid; - }; - -/* -* Comparison -*/ -inline bool operator!=(EAC1_1_CVC const& lhs, EAC1_1_CVC const& rhs) - { - return !(lhs == rhs); - } - -} - -#endif - diff --git a/botan/src/cert/cvc/cvc_gen_cert.h b/botan/src/cert/cvc/cvc_gen_cert.h deleted file mode 100644 index 4a78802..0000000 --- a/botan/src/cert/cvc/cvc_gen_cert.h +++ /dev/null @@ -1,177 +0,0 @@ -/* -* EAC1_1 general CVC -* (C) 2008 Falko Strenzke -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_EAC_CVC_GEN_CERT_H__ -#define BOTAN_EAC_CVC_GEN_CERT_H__ - -#include <botan/x509_key.h> -#include <botan/eac_asn_obj.h> -#include <botan/pubkey_enums.h> -#include <botan/pubkey.h> -#include <botan/ecdsa_sig.h> -#include <string> -#include <assert.h> - -namespace Botan { - -/** -* This class represents TR03110 (EAC) v1.1 generalized CV Certificates -*/ -template<typename Derived> -class BOTAN_DLL EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1_1_obj - { - friend class EAC1_1_obj<EAC1_1_gen_CVC>; - - public: - - /** - * Get this certificates public key. - * @result this certificates public key - */ - std::auto_ptr<Public_Key> subject_public_key() const; - - /** - * Find out whether this object is self signed. - * @result true if this object is self signed - */ - bool is_self_signed() const; - - /** - * Get the CHR of the certificate. - * @result the CHR of the certificate - */ - ASN1_Chr get_chr() const; - - /** - * Put the DER encoded version of this object into a pipe. PEM - * is not supported. - * @param out the pipe to push the DER encoded version into - * @param encoding the encoding to use. Must be DER. - */ - void encode(Pipe& out, X509_Encoding encoding) const; - - /** - * Get the to-be-signed (TBS) data of this object. - * @result the TBS data of this object - */ - SecureVector<byte> tbs_data() const; - - /** - * Build the DER encoded certifcate body of an object - * @param tbs the data to be signed - * @result the correctly encoded body of the object - */ - static SecureVector<byte> build_cert_body(MemoryRegion<byte> const& tbs); - - /** - * Create a signed generalized CVC object. - * @param signer the signer used to sign this object - * @param tbs_bits the body the generalized CVC object to be signed - * @result the DER encoded signed generalized CVC object - */ - static MemoryVector<byte> make_signed( - std::auto_ptr<PK_Signer> signer, - const MemoryRegion<byte>& tbs_bits, - RandomNumberGenerator& rng); - virtual ~EAC1_1_gen_CVC<Derived>() - {} - - protected: - ECDSA_PublicKey m_pk; // public key - ASN1_Chr m_chr; - bool self_signed; - - static void decode_info(SharedPtrConverter<DataSource> source, - SecureVector<byte> & res_tbs_bits, - ECDSA_Signature & res_sig); - - }; - -template<typename Derived> ASN1_Chr EAC1_1_gen_CVC<Derived>::get_chr() const - { - return m_chr; - } - -template<typename Derived> bool EAC1_1_gen_CVC<Derived>::is_self_signed() const - { - return self_signed; - } - -template<typename Derived> MemoryVector<byte> EAC1_1_gen_CVC<Derived>::make_signed( - std::auto_ptr<PK_Signer> signer, - const MemoryRegion<byte>& tbs_bits, - RandomNumberGenerator& rng) // static - { - SecureVector<byte> concat_sig = EAC1_1_obj<Derived>::make_signature(signer.get(), tbs_bits, rng); - assert(concat_sig.size() % 2 == 0); - return DER_Encoder() - .start_cons(ASN1_Tag(33), APPLICATION) - .raw_bytes(tbs_bits) - .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) - .end_cons() - .get_contents(); - } - -template<typename Derived> std::auto_ptr<Public_Key> EAC1_1_gen_CVC<Derived>::subject_public_key() const - { - return std::auto_ptr<Public_Key>(new ECDSA_PublicKey(m_pk)); - } - -template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::build_cert_body(MemoryRegion<byte> const& tbs) - { - return DER_Encoder() - .start_cons(ASN1_Tag(78), APPLICATION) - .raw_bytes(tbs) - .end_cons().get_contents(); - } - -template<typename Derived> SecureVector<byte> EAC1_1_gen_CVC<Derived>::tbs_data() const - { - return build_cert_body(EAC1_1_obj<Derived>::tbs_bits); - } - -template<typename Derived> void EAC1_1_gen_CVC<Derived>::encode(Pipe& out, X509_Encoding encoding) const - { - SecureVector<byte> concat_sig(EAC1_1_obj<Derived>::m_sig.get_concatenation()); - SecureVector<byte> der = DER_Encoder() - .start_cons(ASN1_Tag(33), APPLICATION) - .start_cons(ASN1_Tag(78), APPLICATION) - .raw_bytes(EAC1_1_obj<Derived>::tbs_bits) - .end_cons() - .encode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) - .end_cons() - .get_contents(); - - if (encoding == PEM) - throw Invalid_Argument("EAC1_1_gen_CVC::encode() cannot PEM encode an EAC object"); - else - out.write(der); - } - -template<typename Derived> -void EAC1_1_gen_CVC<Derived>::decode_info( - SharedPtrConverter<DataSource> source, - SecureVector<byte> & res_tbs_bits, - ECDSA_Signature & res_sig) - { - SecureVector<byte> concat_sig; - BER_Decoder(*source.get_shared().get()) - .start_cons(ASN1_Tag(33)) - .start_cons(ASN1_Tag(78)) - .raw_bytes(res_tbs_bits) - .end_cons() - .decode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) - .end_cons(); - res_sig = decode_concatenation(concat_sig); - } - -} - -#endif - - diff --git a/botan/src/cert/cvc/cvc_key.h b/botan/src/cert/cvc/cvc_key.h deleted file mode 100644 index 67b6cef..0000000 --- a/botan/src/cert/cvc/cvc_key.h +++ /dev/null @@ -1,54 +0,0 @@ -/* -* EAC CVC Public Key -* (C) 2008 FlexSecure Gmbh -* Falko Strenzke -* strenzke@flexsecure.de -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_EAC1_1_CVC_PUBLIC_KEY_H__ -#define BOTAN_EAC1_1_CVC_PUBLIC_KEY_H__ - -#include <botan/pipe.h> -#include <botan/pk_keys.h> -#include <botan/alg_id.h> - -namespace Botan { - -/** -* This class represents EAC 1.1 CVC public key encoders. -*/ -class BOTAN_DLL EAC1_1_CVC_Encoder - { - public: - /** - * Get the DER encoded CVC public key. - * @param alg_id the algorithm identifier to use in the encoding - * @return the DER encoded public key - */ - virtual MemoryVector<byte> - public_key(const AlgorithmIdentifier& enc) const = 0; - - virtual ~EAC1_1_CVC_Encoder() {} - }; - -/** -* This class represents EAC 1.1 CVC public key decoders. -*/ -class BOTAN_DLL EAC1_1_CVC_Decoder - { - public: - /** - * Decode a CVC public key. - * @param enc the DER encoded public key to decode - * @return the algorithm identifier found in the encoded public key - */ - virtual AlgorithmIdentifier const - public_key(const MemoryRegion<byte>& enc) = 0; - - virtual ~EAC1_1_CVC_Decoder() {} - }; -} - -#endif diff --git a/botan/src/cert/cvc/cvc_req.cpp b/botan/src/cert/cvc/cvc_req.cpp deleted file mode 100644 index 70a44ba..0000000 --- a/botan/src/cert/cvc/cvc_req.cpp +++ /dev/null @@ -1,68 +0,0 @@ -/* - (C) 2007 FlexSecure GmbH - 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/cvc_cert.h> -#include <botan/der_enc.h> -#include <botan/ber_dec.h> -#include <botan/pem.h> -#include <botan/parsing.h> -#include <assert.h> -#include <botan/cvc_key.h> -#include <botan/oids.h> -#include <botan/look_pk.h> -#include <botan/cvc_req.h> -#include <botan/freestore.h> - -namespace Botan { - -bool EAC1_1_Req::operator==(EAC1_1_Req const& rhs) const - { - return (this->tbs_data() == rhs.tbs_data() - && this->get_concat_sig() == rhs.get_concat_sig()); - } - -void EAC1_1_Req::force_decode() - { - SecureVector<byte> enc_pk; - BER_Decoder tbs_cert(tbs_bits); - u32bit cpi; - tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) - .start_cons(ASN1_Tag(73)) - .raw_bytes(enc_pk) - .end_cons() - .decode(m_chr) - .verify_end(); - if(cpi != 0) - { - throw Decoding_Error("EAC1_1 requestĀ“s cpi was not 0"); - } - - // FIXME: No EAC support in ECDSA -#if 0 - ECDSA_PublicKey tmp_pk; - std::auto_ptr<EAC1_1_CVC_Decoder> dec = tmp_pk.cvc_eac1_1_decoder(); - sig_algo = dec->public_key(enc_pk); - m_pk = tmp_pk; -#endif - } - -EAC1_1_Req::EAC1_1_Req(std::tr1::shared_ptr<DataSource> in) - { - init(in); - self_signed = true; - do_decode(); - } - -EAC1_1_Req::EAC1_1_Req(const std::string& in) - { - std::tr1::shared_ptr<DataSource> stream(new DataSource_Stream(in, true)); - init(stream); - self_signed = true; - do_decode(); - } - -} diff --git a/botan/src/cert/cvc/cvc_req.h b/botan/src/cert/cvc/cvc_req.h deleted file mode 100644 index 96b6a44..0000000 --- a/botan/src/cert/cvc/cvc_req.h +++ /dev/null @@ -1,62 +0,0 @@ -/* -* EAC1_1 CVC Request -* (C) 2008 Falko Strenzke -* strenzke@flexsecure.de -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_EAC_CVC_REQ_H__ -#define BOTAN_EAC_CVC_REQ_H__ - -#include <botan/x509_key.h> -#include <botan/pubkey_enums.h> -#include <botan/cvc_gen_cert.h> - -namespace Botan { - -/** -* This class represents TR03110 v1.1 EAC CV Certificate Requests. -*/ -class BOTAN_DLL EAC1_1_Req : public EAC1_1_gen_CVC<EAC1_1_Req> - { - public: - friend class EAC1_1_Req_CA; - friend class EAC1_1_ADO; - friend class EAC1_1_obj<EAC1_1_Req>; - - /** - * Compare for equality with other - * @param other compare for equality with this object - */ - bool operator==(const EAC1_1_Req& other) const; - - /** - * Construct a CVC request from a data source. - * @param source the data source - */ - EAC1_1_Req(std::tr1::shared_ptr<DataSource> source); - - /** - * Construct a CVC request from a DER encoded CVC reqeust file. - * @param str the path to the DER encoded file - */ - EAC1_1_Req(const std::string& str); - - virtual ~EAC1_1_Req(){} - private: - void force_decode(); - EAC1_1_Req() {} - }; - -/* -* Comparison Operator -*/ -inline bool operator!=(EAC1_1_Req const& lhs, EAC1_1_Req const& rhs) - { - return !(lhs == rhs); - } - -} - -#endif diff --git a/botan/src/cert/cvc/cvc_self.cpp b/botan/src/cert/cvc/cvc_self.cpp deleted file mode 100644 index 91ea387..0000000 --- a/botan/src/cert/cvc/cvc_self.cpp +++ /dev/null @@ -1,327 +0,0 @@ -/* - (C) 2007 FlexSecure GmbH - 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/cvc_self.h> -#include <botan/cvc_cert.h> -#include <botan/cvc_ca.h> -#include <botan/alg_id.h> -#include <botan/cvc_key.h> -#include <botan/oids.h> -#include <botan/look_pk.h> -#include <botan/cvc_req.h> -#include <botan/cvc_ado.h> -#include <botan/util.h> -#include <sstream> - -namespace Botan { - -namespace { - -/******************************* -* cvc CHAT values -*******************************/ -enum CHAT_values{ - CVCA = 0xC0, - DVCA_domestic = 0x80, - DVCA_foreign = 0x40, - IS = 0x00, - - IRIS = 0x02, - FINGERPRINT = 0x01 -}; - -std::string padding_and_hash_from_oid(OID const& oid) - { - std::string padding_and_hash = OIDS::lookup(oid); // use the hash - assert(padding_and_hash.substr(0,6) == "ECDSA/"); // can only be ECDSA for now - assert(padding_and_hash.find("/",0) == 5); - padding_and_hash.erase(0, padding_and_hash.find("/",0) + 1); - return padding_and_hash; - } -std::string fixed_len_seqnr(u32bit seqnr, u32bit len) - { - std::stringstream ss; - std::string result; - ss << seqnr; - ss >> result; - if (result.size() > len) - { - throw Invalid_Argument("fixed_len_seqnr(): number too high to be encoded in provided length"); - } - while (result.size() < len) - { - result.insert(0,"0"); - } - return result; - } - -} -namespace CVC_EAC -{ - -EAC1_1_CVC create_self_signed_cert(Private_Key const& key, - EAC1_1_CVC_Options const& opt, - RandomNumberGenerator& rng) - { - // NOTE: we ignore - // the value - // of opt.chr - ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); - - if (priv_key == 0) - { - throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); - } - - ASN1_Chr chr(opt.car.value()); - - AlgorithmIdentifier sig_algo; - std::string padding_and_hash(eac_cvc_emsa + "(" + opt.hash_alg + ")"); - sig_algo.oid = OIDS::lookup(priv_key->algo_name() + "/" + padding_and_hash); - sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM); - - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); - -#if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); - MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); -#else - MemoryVector<byte> enc_public_key; -#endif - - return EAC1_1_CVC_CA::make_cert(signer, enc_public_key, opt.car, chr, opt.holder_auth_templ, opt.ced, opt.cex, rng); - - } - -EAC1_1_Req create_cvc_req(Private_Key const& key, - ASN1_Chr const& chr, - std::string const& hash_alg, - RandomNumberGenerator& rng) - { - - ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); - if (priv_key == 0) - { - throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); - } - AlgorithmIdentifier sig_algo; - std::string padding_and_hash(eac_cvc_emsa + "(" + hash_alg + ")"); - sig_algo.oid = OIDS::lookup(priv_key->algo_name() + "/" + padding_and_hash); - sig_algo = AlgorithmIdentifier(sig_algo.oid, AlgorithmIdentifier::USE_NULL_PARAM); - - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); - -#if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(priv_key->cvc_eac1_1_encoder()); - MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); -#else - MemoryVector<byte> enc_public_key; -#endif - - MemoryVector<byte> enc_cpi; - enc_cpi.append(0x00); - MemoryVector<byte> tbs = DER_Encoder() - .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) - .raw_bytes(enc_public_key) - .encode(chr) - .get_contents(); - - MemoryVector<byte> signed_cert = EAC1_1_gen_CVC<EAC1_1_Req>::make_signed(signer, EAC1_1_gen_CVC<EAC1_1_Req>::build_cert_body(tbs), rng); - std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); - return EAC1_1_Req(source); - } - -EAC1_1_ADO create_ado_req(Private_Key const& key, - EAC1_1_Req const& req, - ASN1_Car const& car, - RandomNumberGenerator& rng) - { - - ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); - if (priv_key == 0) - { - throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); - } - std::string padding_and_hash = padding_and_hash_from_oid(req.signature_algorithm().oid); - std::auto_ptr<Botan::PK_Signer> signer(get_pk_signer(*priv_key, padding_and_hash)); - SecureVector<byte> tbs_bits = req.BER_encode(); - tbs_bits.append(DER_Encoder().encode(car).get_contents()); - MemoryVector<byte> signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits, rng); - std::tr1::shared_ptr<DataSource> source(new DataSource_Memory(signed_cert)); - return EAC1_1_ADO(source); - } - -} // namespace CVC_EAC -namespace DE_EAC -{ - -EAC1_1_CVC create_cvca(Private_Key const& key, - std::string const& hash, - ASN1_Car const& car, bool iris, bool fingerpr, - u32bit cvca_validity_months, - RandomNumberGenerator& rng) - { - ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); - if (priv_key == 0) - { - throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); - } - EAC1_1_CVC_Options opts; - opts.car = car; - const u64bit current_time = system_time(); - - opts.ced = ASN1_Ced(current_time); - opts.cex = ASN1_Cex(opts.ced); - opts.cex.add_months(cvca_validity_months); - opts.holder_auth_templ = (CVCA | (iris * IRIS) | (fingerpr * FINGERPRINT)); - opts.hash_alg = hash; - return Botan::CVC_EAC::create_self_signed_cert(*priv_key, opts, rng); - } - - - -EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, - Private_Key const& key, - EAC1_1_CVC const& signee, - RandomNumberGenerator& rng) - { - ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); - if (priv_key == 0) - { - throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); - } - ASN1_Ced ced(system_time()); - ASN1_Cex cex(signee.get_cex()); - if (*static_cast<EAC_Time*>(&ced) > *static_cast<EAC_Time*>(&cex)) - { - std::string detail("link_cvca(): validity periods of provided certificates don't overlap: currend time = ced = "); - detail += ced.as_string(); - detail += ", signee.cex = "; - detail += cex.as_string(); - throw Invalid_Argument(detail); - } - if (signer.signature_algorithm() != signee.signature_algorithm()) - { - throw Invalid_Argument("link_cvca(): signature algorithms of signer and signee donĀ“t match"); - } - AlgorithmIdentifier sig_algo = signer.signature_algorithm(); - std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid); - std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); - std::auto_ptr<Public_Key> pk = signee.subject_public_key(); - ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); - subj_pk->set_parameter_encoding(ENC_EXPLICIT); - -#if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); - MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); -#else - MemoryVector<byte> enc_public_key; -#endif - - return EAC1_1_CVC_CA::make_cert(pk_signer, enc_public_key, - signer.get_car(), - signee.get_chr(), - signer.get_chat_value(), - ced, - cex, - rng); - } - -EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, - Private_Key const& key, - EAC1_1_Req const& signee, - u32bit seqnr, - u32bit seqnr_len, - bool domestic, - u32bit dvca_validity_months, - u32bit ca_is_validity_months, - RandomNumberGenerator& rng) - { - ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key); - if (priv_key == 0) - { - throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); - } - std::string chr_str = signee.get_chr().value(); - chr_str.append(fixed_len_seqnr(seqnr, seqnr_len)); - ASN1_Chr chr(chr_str); - std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid); - std::auto_ptr<Botan::PK_Signer> pk_signer(get_pk_signer(*priv_key, padding_and_hash)); - std::auto_ptr<Public_Key> pk = signee.subject_public_key(); - ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get()); - std::auto_ptr<Public_Key> signer_pk = signer_cert.subject_public_key(); - - // for the case that the domain parameters are not set... - // (we use those from the signer because they must fit) - subj_pk->set_domain_parameters(priv_key->domain_parameters()); - - subj_pk->set_parameter_encoding(ENC_IMPLICITCA); - -#if 0 // FIXME - std::auto_ptr<EAC1_1_CVC_Encoder> enc(subj_pk->cvc_eac1_1_encoder()); - MemoryVector<byte> enc_public_key = enc->public_key(sig_algo); -#else - MemoryVector<byte> enc_public_key; -#endif - - AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm()); - const u64bit current_time = system_time(); - ASN1_Ced ced(current_time); - u32bit chat_val; - u32bit chat_low = signer_cert.get_chat_value() & 0x3; // take the chat rights from signer - ASN1_Cex cex(ced); - if ((signer_cert.get_chat_value() & CVCA) == CVCA) - { - // we sign a dvca - cex.add_months(dvca_validity_months); - if (domestic) - { - chat_val = DVCA_domestic | chat_low; - } - else - { - chat_val = DVCA_foreign | chat_low; - } - } - else if ((signer_cert.get_chat_value() & DVCA_domestic) == DVCA_domestic || - (signer_cert.get_chat_value() & DVCA_foreign) == DVCA_foreign) - { - cex.add_months(ca_is_validity_months); - chat_val = IS | chat_low; - } - else - { - throw Invalid_Argument("sign_request(): encountered illegal value for CHAT"); - // (IS cannot sign certificates) - } - return EAC1_1_CVC_CA::make_cert(pk_signer, enc_public_key, - ASN1_Car(signer_cert.get_chr().iso_8859()), - chr, - chat_val, - ced, - cex, - rng); - } - -EAC1_1_Req create_cvc_req(Private_Key const& prkey, - ASN1_Chr const& chr, - std::string const& hash_alg, - RandomNumberGenerator& rng) - { - ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&prkey); - if (priv_key == 0) - { - throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type"); - } - ECDSA_PrivateKey key(*priv_key); - key.set_parameter_encoding(ENC_IMPLICITCA); - return Botan::CVC_EAC::create_cvc_req(key, chr, hash_alg, rng); - } - -} // namespace DE_EAC - -} diff --git a/botan/src/cert/cvc/cvc_self.h b/botan/src/cert/cvc/cvc_self.h deleted file mode 100644 index db23547..0000000 --- a/botan/src/cert/cvc/cvc_self.h +++ /dev/null @@ -1,167 +0,0 @@ -/* -* CVC Self-Signed Certificate -* (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_CVC_EAC_SELF_H__ -#define BOTAN_CVC_EAC_SELF_H__ - -#include <botan/pkcs8.h> -#include <botan/pkcs10.h> -#include <botan/cvc_cert.h> -#include <botan/ecdsa.h> -#include <botan/asn1_obj.h> -#include <botan/cvc_req.h> -#include <botan/cvc_ado.h> - -namespace Botan { - -/** -* This class represents a set of options used for the creation of CVC certificates -*/ -class BOTAN_DLL EAC1_1_CVC_Options - { - public: - - ASN1_Car car; - ASN1_Chr chr; - byte holder_auth_templ; - ASN1_Ced ced; - ASN1_Cex cex; - std::string hash_alg; - }; - -/** -* This namespace represents general EAC 1.1 convenience functions. -*/ -namespace CVC_EAC { - -/** -* Create a selfsigned CVCA -* @param rng the rng to use -* @param key the ECDSA private key to be used to sign the certificate -* @param opts used to set several parameters. Necessary are: -* car, holder_auth_templ, hash_alg, ced, cex and hash_alg -* @result the self signed certificate -*/ - -EAC1_1_CVC create_self_signed_cert(Private_Key const& key, - EAC1_1_CVC_Options const& opts, - RandomNumberGenerator& rng); -/** -* Create a CVC request. The key encoding will be according to the provided private key. -* @param priv_key the private key associated with the requesting entity -* @param chr the chr to appear in the certificate (to be provided without -* sequence number) -* @param hash_alg the string defining the hash algorithm to be used for the creation -* of the signature -* @param rng the rng to use -* @result the new request -*/ -EAC1_1_Req create_cvc_req(Private_Key const& priv_key, - ASN1_Chr const& chr, - std::string const& hash_alg, - RandomNumberGenerator& rng); - -/** -* Create an ADO from a request object. -* @param priv_key the private key used to sign the ADO -* @param req the request forming the body of the ADO -* @param car the CAR forming the body of the ADO, i.e. the -* CHR of the entity associated with the provided private key -* @param rng the rng to use -*/ -EAC1_1_ADO create_ado_req(Private_Key const& priv_key, - EAC1_1_Req const& req, - ASN1_Car const& car, - RandomNumberGenerator& rng); -} -/** -* This namespace represents EAC 1.1 CVC convenience functions following the specific german -* requirements. -*/ -namespace DE_EAC { - -/** -* Create a CVCA certificate. -* @param priv_key the private key associated with the CVCA certificate -* to be created -* @param hash the string identifying the hash algorithm to be used -* for signing the certificate to be created -* @param car the CAR of the certificate to be created -* @param iris indicates whether the entity associated with the certificate -* shall be entitled to read the biometrical iris image -* @param fingerpr indicates whether the entity associated with the certificate -* shall be entitled to read the biometrical fingerprint image -* @param rng the rng to use -* @result the CVCA certificate created -*/ -EAC1_1_CVC create_cvca(Private_Key const& priv_key, - std::string const& hash, - ASN1_Car const& car, - bool iris, - bool fingerpr, - u32bit cvca_validity_months, - RandomNumberGenerator& rng); - -/** -* Create a link certificate between two CVCA certificates. The key -* encoding will be implicitCA. -* @param signer the cvca certificate associated with the signing -* entity -* @param priv_key the private key associated with the signer -* @param to_be_signed the certificate which whose CAR/CHR will be -* the holder of the link certificate -* @param rng a random number generator -*/ -EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, - Private_Key const& priv_key, - EAC1_1_CVC const& to_be_signed, - RandomNumberGenerator& rng); - -/** -* Create a CVC request. The key encoding will be implicitCA. -* @param priv_key the private key associated with the requesting entity -* @param chr the chr to appear in the certificate (to be provided without -* sequence number) -* @param hash_alg the string defining the hash algorithm to be used for the creation -* of the signature -* @param rng a random number generator -* @result the new request -*/ -EAC1_1_Req create_cvc_req(Private_Key const& priv_key, - ASN1_Chr const& chr, - std::string const& hash_alg, - RandomNumberGenerator& rng); - -/** -* Sign a CVC request. -* @param signer_cert the certificate of the signing entity -* @param priv_key the private key of the signing entity -* @param req the request to be signed -* @param seqnr the sequence number of the certificate to be created -* @param seqnr_len the number of digits the sequence number will be -* encoded in -* @param domestic indicates whether to sign a domestic or a foreign certificate: -* set to true for domestic -* @param rng a random number generator -* @result the new certificate -* -**/ -EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, - Private_Key const& priv_key, - EAC1_1_Req const& req, - u32bit seqnr, - u32bit seqnr_len, - bool domestic, - u32bit dvca_validity_months, - u32bit ca_is_validity_months, - RandomNumberGenerator& rng); -} - -} - -#endif diff --git a/botan/src/cert/cvc/eac_asn_obj.h b/botan/src/cert/cvc/eac_asn_obj.h deleted file mode 100644 index 3e70f6b..0000000 --- a/botan/src/cert/cvc/eac_asn_obj.h +++ /dev/null @@ -1,244 +0,0 @@ -/* -* EAC ASN.1 Objects -* (C) 2007-2008 FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_EAC_ASN1_OBJ_H__ -#define BOTAN_EAC_ASN1_OBJ_H__ - -#include <botan/asn1_obj.h> -#include <vector> -#include <map> - -namespace Botan { - -/** -* This class represents CVC EAC Time objects. -* It only models year, month and day. Only limited sanity checks of -* the inputted date value are performed. -*/ -class BOTAN_DLL EAC_Time : public ASN1_Object - { - public: - void encode_into(class DER_Encoder&) const; - void decode_from(class BER_Decoder&); - - /** - * Get a this objects value as a string. - * @return the date string - */ - std::string as_string() const; - - /** - * Get a this objects value as a readable formatted string. - * @return the date string - */ - std::string readable_string() const; - - /** - * Find out whether this object's values have been set. - * @return true if this object's internal values are set - */ - bool time_is_set() const; - - /** - * Compare this to another EAC_Time object. - * @return -1 if this object's date is earlier than - * other, +1 in the opposite case, and 0 if both dates are - * equal. - */ - s32bit cmp(const EAC_Time& other) const; - - /** - * Set this' value by a string value. - * @param str a string in the format "yyyy mm dd", - * e.g. "2007 08 01" - */ - void set_to(const std::string& str); - //void set_to(const std::string&, ASN1_Tag); - - /** - * Add the specified number of years to this. - * @param years the number of years to add - */ - void add_years(u32bit years); - - /** - * Add the specified number of months to this. - * @param months the number of months to add - */ - void add_months(u32bit months); - - /** - * Get the year value of this objects. - * @return the year value - */ - u32bit get_year() const; - - /** - * Get the month value of this objects. - * @return the month value - */ - u32bit get_month() const; - - /** - * Get the day value of this objects. - * @return the day value - */ - u32bit get_day() const; - - EAC_Time(u64bit, ASN1_Tag t = ASN1_Tag(0)); - //EAC_Time(const std::string& = ""); - EAC_Time(const std::string&, ASN1_Tag = ASN1_Tag(0)); - EAC_Time(u32bit year, u32bit month, u32bit day, ASN1_Tag = ASN1_Tag(0)); - - virtual ~EAC_Time() {} - private: - SecureVector<byte> encoded_eac_time() const; - bool passes_sanity_check() const; - u32bit year, month, day; - ASN1_Tag tag; - }; - -/** -* This class represents CVC CEDs. Only limited sanity checks of -* the inputted date value are performed. -*/ -class BOTAN_DLL ASN1_Ced : public EAC_Time - { - public: - /** - * Construct a CED from a string value. - * @param str a string in the format "yyyy mm dd", - * e.g. "2007 08 01" - */ - ASN1_Ced(std::string const& str = ""); - - /** - * Construct a CED from a timer value. - * @param time the number of seconds elapsed midnight, 1st - * January 1970 GMT (or 7pm, 31st December 1969 EST) up to the - * desired date - */ - ASN1_Ced(u64bit time); - - /** - * Copy constructor (for general EAC_Time objects). - * @param other the object to copy from - */ - ASN1_Ced(EAC_Time const& other); - //ASN1_Ced(ASN1_Cex const& cex); - }; - - -/** -* This class represents CVC CEXs. Only limited sanity checks of -* the inputted date value are performed. -*/ -class BOTAN_DLL ASN1_Cex : public EAC_Time - { - public: - /** - * Construct a CED from a string value. - * @param str a string in the format "yyyy mm dd", - * e.g. "2007 08 01" - */ - ASN1_Cex(std::string const& str=""); - - /** - * Construct a CED from a timer value. - * @param time the number of seconds elapsed - * midnight, 1st - * January 1970 GMT (or 7pm, 31st December 1969 EST) - * up to the desired date - */ - ASN1_Cex(u64bit time); - - /** - * Copy constructor (for general EAC_Time objects). - * @param other the object to copy from - */ - ASN1_Cex(EAC_Time const& other); - //ASN1_Cex(ASN1_Ced const& ced); - }; - -/** -* Base class for car/chr of cv certificates. -*/ -class BOTAN_DLL ASN1_EAC_String: public ASN1_Object - { - public: - void encode_into(class DER_Encoder&) const; - void decode_from(class BER_Decoder&); - - /** - * Get this objects string value. - * @return the string value - */ - std::string value() const; - - /** - * Get this objects string value. - * @return the string value in iso8859 encoding - */ - std::string iso_8859() const; - - ASN1_Tag tagging() const; - ASN1_EAC_String(const std::string& str, ASN1_Tag the_tag); - - virtual ~ASN1_EAC_String() {} - protected: - bool sanity_check() const; - private: - std::string iso_8859_str; - ASN1_Tag tag; - }; - -/** -* This class represents CARs of CVCs. (String tagged with 2) -*/ -class BOTAN_DLL ASN1_Car : public ASN1_EAC_String - { - public: - /** - * Create a CAR with the specified content. - * @param str the CAR value - */ - ASN1_Car(std::string const& str = ""); - }; - -/** -* This class represents CHRs of CVCs (tag 32) -*/ -class BOTAN_DLL ASN1_Chr : public ASN1_EAC_String - { - public: - /** - * Create a CHR with the specified content. - * @param str the CHR value - */ - ASN1_Chr(std::string const& str = ""); - }; - -/* -* Comparison Operations -*/ -bool operator==(const EAC_Time&, const EAC_Time&); -bool operator!=(const EAC_Time&, const EAC_Time&); -bool operator<=(const EAC_Time&, const EAC_Time&); -bool operator>=(const EAC_Time&, const EAC_Time&); -bool operator>(const EAC_Time&, const EAC_Time&); -bool operator<(const EAC_Time&, const EAC_Time&); - -bool operator==(const ASN1_EAC_String&, const ASN1_EAC_String&); -inline bool operator!=(const ASN1_EAC_String& lhs, const ASN1_EAC_String& rhs) - { - return !(lhs == rhs); - } - -} - -#endif diff --git a/botan/src/cert/cvc/eac_obj.h b/botan/src/cert/cvc/eac_obj.h deleted file mode 100644 index 04afd7e..0000000 --- a/botan/src/cert/cvc/eac_obj.h +++ /dev/null @@ -1,131 +0,0 @@ -/* -* EAC1_1 objects -* (C) 2008 Falko Strenzke -* strenzke@flexsecure.de -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_EAC_OBJ_H__ -#define BOTAN_EAC_OBJ_H__ - -#include <botan/pubkey.h> -#include <botan/x509_key.h> -#include <botan/signed_obj.h> -#include <botan/pubkey_enums.h> -#include <botan/pubkey.h> -#include <botan/parsing.h> -#include <botan/pem.h> -#include <botan/oids.h> -#include <botan/look_pk.h> -#include <botan/ecdsa_sig.h> -#include <string> - -namespace Botan { - -const std::string eac_cvc_emsa("EMSA1_BSI"); - -/* -* TR03110 v1.1 EAC CV Certificate -*/ -template<typename Derived> // CRTP is used enable the call sequence: -class BOTAN_DLL EAC1_1_obj : public EAC_Signed_Object - { - // data members first: - protected: - - ECDSA_Signature m_sig; - - // member functions here: - public: - /** - * Return the signature as a concatenation of the encoded parts. - * @result the concatenated signature - */ - SecureVector<byte> get_concat_sig() const; - - /** - * Verify the signature of this objects. - * @param pub_key the public key to verify the signature with - * @result true if the verification succeeded - */ - virtual bool check_signature(Public_Key& pub_key) const; - - protected: - void init(SharedPtrConverter<DataSource> in); - - static SecureVector<byte> make_signature(PK_Signer* signer, - const MemoryRegion<byte>& tbs_bits, - RandomNumberGenerator& rng); - - virtual ~EAC1_1_obj<Derived>(){} - - }; - -template<typename Derived> SecureVector<byte> EAC1_1_obj<Derived>::get_concat_sig() const - { - return m_sig.get_concatenation(); - } - -template<typename Derived> SecureVector<byte> -EAC1_1_obj<Derived>::make_signature(PK_Signer* signer, - const MemoryRegion<byte>& tbs_bits, - RandomNumberGenerator& rng) - { - // this is the signature as a der sequence - SecureVector<byte> seq_sig = signer->sign_message(tbs_bits, rng); - - ECDSA_Signature sig(decode_seq(seq_sig)); - SecureVector<byte> concat_sig(sig.get_concatenation()); - return concat_sig; - } - -template<typename Derived> void EAC1_1_obj<Derived>::init(SharedPtrConverter<DataSource> in) - { - try - { - Derived::decode_info(in.get_shared(), tbs_bits, m_sig); - } - catch(Decoding_Error) - { - throw Decoding_Error(PEM_label_pref + " decoding failed"); - } - } - -template<typename Derived> -bool EAC1_1_obj<Derived>::check_signature(Public_Key& pub_key) const - { - try - { - std::vector<std::string> sig_info = - split_on(OIDS::lookup(sig_algo.oid), '/'); - - if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) - { - return false; - } - - std::string padding = sig_info[1]; - Signature_Format format = - (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - - if(!dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key)) - return false; - - std::auto_ptr<ECDSA_Signature_Encoder> enc(new ECDSA_Signature_Encoder(&m_sig)); - SecureVector<byte> seq_sig = enc->signature_bits(); - SecureVector<byte> to_sign = tbs_data(); - - PK_Verifying_wo_MR_Key& sig_key = dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key); - std::auto_ptr<PK_Verifier> verifier(get_pk_verifier(sig_key, padding, format)); - return verifier->verify_message(to_sign, seq_sig); - } - catch(...) - { - return false; - } - } - -} - -#endif diff --git a/botan/src/cert/cvc/ecdsa_sig.cpp b/botan/src/cert/cvc/ecdsa_sig.cpp deleted file mode 100644 index c33a455..0000000 --- a/botan/src/cert/cvc/ecdsa_sig.cpp +++ /dev/null @@ -1,64 +0,0 @@ - -#include <botan/ecdsa_sig.h> -#include <memory> - -namespace Botan { - -ECDSA_Signature::ECDSA_Signature(const BigInt& r, const BigInt& s) - : m_r(r), - m_s(s) - {} - -ECDSA_Signature::ECDSA_Signature(const ECDSA_Signature& other) - : m_r(other.m_r), m_s(other.m_s) - {} - -ECDSA_Signature const& ECDSA_Signature::operator=(const ECDSA_Signature& other) - { - m_r = other.m_r; - m_s = other.m_s; - return *this; - } - -bool operator==(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs) - { - return (lhs.get_r() == rhs.get_r() && lhs.get_s() == rhs.get_s()); - } - -SecureVector<byte> const ECDSA_Signature::get_concatenation() const - { - u32bit enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); // use the larger - - SecureVector<byte> sv_r = BigInt::encode_1363(m_r, enc_len); - SecureVector<byte> sv_s = BigInt::encode_1363(m_s, enc_len); - - SecureVector<byte> result(sv_r); - result.append(sv_s); - return result; - } - -ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq) - { - ECDSA_Signature sig; - - std::auto_ptr<ECDSA_Signature_Decoder> dec(new ECDSA_Signature_Decoder(&sig)); - dec->signature_bits(seq); - return sig; - } - -ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concat) - { - if(concat.size() % 2 != 0) - throw Invalid_Argument("Erroneous length of signature"); - - u32bit rs_len = concat.size()/2; - SecureVector<byte> sv_r; - SecureVector<byte> sv_s; - sv_r.set(concat.begin(), rs_len); - sv_s.set(&concat[rs_len], rs_len); - BigInt r = BigInt::decode(sv_r, sv_r.size()); - BigInt s = BigInt::decode(sv_s, sv_s.size()); - return ECDSA_Signature(r, s); - } - -} diff --git a/botan/src/cert/cvc/ecdsa_sig.h b/botan/src/cert/cvc/ecdsa_sig.h deleted file mode 100644 index 15015c7..0000000 --- a/botan/src/cert/cvc/ecdsa_sig.h +++ /dev/null @@ -1,88 +0,0 @@ -/* -* ECDSA -* (C) 2007 Falko Strenzke, FlexSecure GmbH -* (C) 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_ECDSA_SIGNATURE_H__ -#define BOTAN_ECDSA_SIGNATURE_H__ - -#include <botan/bigint.h> -#include <botan/der_enc.h> -#include <botan/ber_dec.h> - -namespace Botan { - -class BOTAN_DLL ECDSA_Signature - { - public: - friend class ECDSA_Signature_Decoder; - - ECDSA_Signature() {} - ECDSA_Signature(const BigInt& r, const BigInt& s); - ECDSA_Signature(ECDSA_Signature const& other); - ECDSA_Signature const& operator=(ECDSA_Signature const& other); - - const BigInt& get_r() const { return m_r; } - const BigInt& get_s() const { return m_s; } - - /** - * return the r||s - */ - SecureVector<byte> const get_concatenation() const; - private: - BigInt m_r; - BigInt m_s; - }; - -/* Equality of ECDSA_Signature */ -bool operator==(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs); -inline bool operator!=(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs) - { - return !(lhs == rhs); - } - -class BOTAN_DLL ECDSA_Signature_Decoder - { - public: - void signature_bits(const MemoryRegion<byte>& bits) - { - BER_Decoder(bits) - .start_cons(SEQUENCE) - .decode(m_signature->m_r) - .decode(m_signature->m_s) - .verify_end() - .end_cons(); - } - ECDSA_Signature_Decoder(ECDSA_Signature* signature) : m_signature(signature) - {} - private: - ECDSA_Signature* m_signature; - }; - -class BOTAN_DLL ECDSA_Signature_Encoder - { - public: - MemoryVector<byte> signature_bits() const - { - return DER_Encoder() - .start_cons(SEQUENCE) - .encode(m_signature->get_r()) - .encode(m_signature->get_s()) - .end_cons() - .get_contents(); - } - ECDSA_Signature_Encoder(const ECDSA_Signature* signature) : m_signature(signature) - {} - private: - const ECDSA_Signature* m_signature; - }; - -ECDSA_Signature const decode_seq(MemoryRegion<byte> const& seq); -ECDSA_Signature const decode_concatenation(MemoryRegion<byte> const& concatenation); - -} - -#endif diff --git a/botan/src/cert/cvc/freestore.h b/botan/src/cert/cvc/freestore.h deleted file mode 100644 index f95afa8..0000000 --- a/botan/src/cert/cvc/freestore.h +++ /dev/null @@ -1,85 +0,0 @@ -/** -* (C) 2007 Christoph Ludwig -* ludwig@fh-worms.de -**/ - -#ifndef BOTAN_FREESTORE_H__ -#define BOTAN_FREESTORE_H__ - -#include <botan/build.h> - -#if defined(BOTAN_USE_STD_TR1) - #include <tr1/memory> -#elif defined(BOTAN_USE_BOOST_TR1) - #include <boost/tr1/memory.hpp> -#else - #error "Please choose a TR1 implementation in build.h" -#endif - -namespace Botan { - -/** -* This class is intended as an function call parameter type and -* enables convenient automatic conversions between plain and smart -* pointer types. It internally stores a SharedPointer which can be -* accessed. -* -* Distributed under the terms of the Botan license -*/ -template<typename T> -class BOTAN_DLL SharedPtrConverter - { - public: - typedef std::tr1::shared_ptr<T> SharedPtr; - - /** - * Construct a null pointer equivalent object. - */ - SharedPtrConverter() : ptr() {} - - /** - * Copy constructor. - */ - SharedPtrConverter(SharedPtrConverter const& other) : - ptr(other.ptr) {} - - /** - * Construct a converter object from another pointer type. - * @param p the pointer which shall be set as the internally stored - * pointer value of this converter. - */ - template<typename Ptr> - SharedPtrConverter(Ptr p) - : ptr(p) {} - - /** - * Get the internally stored shared pointer. - * @return the internally stored shared pointer - */ - SharedPtr const& get_ptr() const { return this->ptr; } - - /** - * Get the internally stored shared pointer. - * @return the internally stored shared pointer - */ - SharedPtr get_ptr() { return this->ptr; } - - /** - * Get the internally stored shared pointer. - * @return the internally stored shared pointer - */ - SharedPtr const& get_shared() const { return this->ptr; } - - /** - * Get the internally stored shared pointer. - * @return the internally stored shared pointer - */ - SharedPtr get_shared() { return this->ptr; } - - private: - SharedPtr ptr; - }; - -} - -#endif diff --git a/botan/src/cert/cvc/info.txt b/botan/src/cert/cvc/info.txt deleted file mode 100644 index e3e11f5..0000000 --- a/botan/src/cert/cvc/info.txt +++ /dev/null @@ -1,44 +0,0 @@ -realname "Card Verifiable Certificates" - -define CARD_VERIFIABLE_CERTIFICATES - -uses_tr1 yes - -load_on auto - -<add> -asn1_eac_str.cpp -asn1_eac_tm.cpp -ecdsa_sig.cpp -ecdsa_sig.h -cvc_ado.cpp -cvc_ado.h -cvc_ca.cpp -cvc_ca.h -cvc_cert.cpp -cvc_cert.h -cvc_gen_cert.h -cvc_key.h -cvc_req.cpp -cvc_req.h -cvc_self.cpp -cvc_self.h -eac_asn_obj.h -eac_obj.h -signed_obj.cpp -signed_obj.h -freestore.h -</add> - -<requires> -asn1 -bigint -ecdsa -filters -libstate -oid_lookup -pem -pk_codecs -pubkey -x509 -</requires> diff --git a/botan/src/cert/cvc/signed_obj.cpp b/botan/src/cert/cvc/signed_obj.cpp deleted file mode 100644 index 4a08ed0..0000000 --- a/botan/src/cert/cvc/signed_obj.cpp +++ /dev/null @@ -1,67 +0,0 @@ -/* -* X.509 SIGNED Object -* (C) 1999-2007 Jack Lloyd -* 2007 FlexSecure GmbH -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/signed_obj.h> - -namespace Botan { - -/* -* Return a BER encoded X.509 object -*/ -SecureVector<byte> EAC_Signed_Object::BER_encode() const - { - Pipe ber; - ber.start_msg(); - encode(ber, RAW_BER); - ber.end_msg(); - return ber.read_all(); - } - -/* -* Return a PEM encoded X.509 object -*/ -std::string EAC_Signed_Object::PEM_encode() const - { - Pipe pem; - pem.start_msg(); - encode(pem, PEM); - pem.end_msg(); - return pem.read_all_as_string(); - } - -/* -* Return the algorithm used to sign this object -*/ -AlgorithmIdentifier EAC_Signed_Object::signature_algorithm() const - { - return sig_algo; - } - -/* -* Try to decode the actual information -*/ -void EAC_Signed_Object::do_decode() - { - try { - force_decode(); - } - catch(Decoding_Error& e) - { - const std::string what = e.what(); - throw Decoding_Error(PEM_label_pref + " decoding failed (" + - what.substr(23, std::string::npos) + ")"); - } - catch(Invalid_Argument& e) - { - const std::string what = e.what(); - throw Decoding_Error(PEM_label_pref + " decoding failed (" + - what.substr(7, std::string::npos) + ")"); - } - } - -} diff --git a/botan/src/cert/cvc/signed_obj.h b/botan/src/cert/cvc/signed_obj.h deleted file mode 100644 index 3c233d2..0000000 --- a/botan/src/cert/cvc/signed_obj.h +++ /dev/null @@ -1,93 +0,0 @@ -/* -* EAC SIGNED Object -* (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_EAC_SIGNED_OBJECT_H__ -#define BOTAN_EAC_SIGNED_OBJECT_H__ - -#include <botan/asn1_obj.h> -#include <botan/pubkey_enums.h> -#include <botan/freestore.h> -#include <botan/pipe.h> -#include <vector> - -namespace Botan { - -/** -* This class represents abstract signed EAC object -*/ -class BOTAN_DLL EAC_Signed_Object - { - public: - /** - * Get the TBS (to-be-signed) data in this object. - * @return the DER encoded TBS data of this object - */ - virtual SecureVector<byte> tbs_data() const = 0; - - /** - * Get the signature of this object as a concatenation, i.e. if the - * signature consists of multiple parts (like in the case of ECDSA) - * these will be concatenated. - * @return the signature as a concatenation of its parts - */ - - /* - NOTE: this is here only because abstract signature objects have - not yet been introduced - */ - virtual SecureVector<byte> get_concat_sig() const = 0; - - /** - * Get the signature algorithm identifier used to sign this object. - * @result the signature algorithm identifier - */ - AlgorithmIdentifier signature_algorithm() const; - - /** - * Check the signature of this object. - * @param key the public key associated with this signed object - * @return true if the signature was created by the private key - * associated with this public key - */ - virtual bool check_signature(class Public_Key&) const = 0; - - /** - * Write this object DER encoded into a specified pipe. - * @param pipe the pipe to write the encoded object to - * @param enc the encoding type to use - */ - virtual void encode(Pipe&, X509_Encoding = PEM) const = 0; - - /** - * BER encode this object. - * @return the result containing the BER representation of this object. - */ - SecureVector<byte> BER_encode() const; - - /** - * PEM encode this object. - * @return the result containing the PEM representation of this object. - */ - std::string PEM_encode() const; - - virtual ~EAC_Signed_Object() {} - protected: - void do_decode(); - EAC_Signed_Object() {} - - AlgorithmIdentifier sig_algo; - SecureVector<byte> tbs_bits; - std::string PEM_label_pref; - std::vector<std::string> PEM_labels_allowed; - private: - virtual void force_decode() = 0; - }; - -} - -#endif |