8 #include <botan/cvc_self.h>
9 #include <botan/ecc_key.h>
10 #include <botan/point_gfp.h>
11 #include <botan/time.h>
12 #include <botan/oids.h>
33 void encode_eac_bigint(DER_Encoder& der,
const BigInt& x,
ASN1_Tag tag)
38 MemoryVector<byte> eac_1_1_encoding(
const EC_PublicKey* key,
42 throw Encoding_Error(
"CVC encoder: cannot encode parameters by OID");
44 const EC_Group& domain = key->domain();
54 encode_eac_bigint(enc, domain.get_curve().get_p(),
ASN1_Tag(1));
55 encode_eac_bigint(enc, domain.get_curve().get_a(),
ASN1_Tag(2));
56 encode_eac_bigint(enc, domain.get_curve().get_b(),
ASN1_Tag(3));
61 encode_eac_bigint(enc, domain.get_order(),
ASN1_Tag(4));
68 encode_eac_bigint(enc, domain.get_cofactor(),
ASN1_Tag(7));
72 return enc.get_contents();
75 std::string padding_and_hash_from_oid(OID
const&
oid)
79 if(padding_and_hash.substr(0,6) !=
"ECDSA/")
80 throw Invalid_State(
"CVC: Can only use ECDSA, not " + padding_and_hash);
82 padding_and_hash.erase(0, padding_and_hash.find(
"/") + 1);
83 return padding_and_hash;
99 throw Invalid_Argument(
"CVC_EAC::create_self_signed_cert(): unsupported key type");
104 std::string padding_and_hash(
"EMSA1_BSI(" + opt.
hash_alg +
")");
108 PK_Signer signer(*priv_key, padding_and_hash);
121 std::string
const& hash_alg,
128 throw Invalid_Argument(
"CVC_EAC::create_self_signed_cert(): unsupported key type");
131 std::string padding_and_hash(
"EMSA1_BSI(" + hash_alg +
")");
135 PK_Signer signer(*priv_key, padding_and_hash);
165 throw Invalid_Argument(
"CVC_EAC::create_self_signed_cert(): unsupported key type");
168 PK_Signer signer(*priv_key, padding_and_hash);
184 std::string
const& hash,
185 ASN1_Car const& car,
bool iris,
bool fingerpr,
186 u32bit cvca_validity_months,
192 throw Invalid_Argument(
"CVC_EAC::create_self_signed_cert(): unsupported key type");
216 throw Invalid_Argument(
"CVC_EAC::create_self_signed_cert(): unsupported key type");
220 if (*static_cast<EAC_Time*>(&ced) > *
static_cast<EAC_Time*
>(&cex))
222 std::string detail(
"link_cvca(): validity periods of provided certificates don't overlap: currend time = ced = ");
224 detail +=
", signee.cex = ";
225 detail += cex.as_string();
230 throw Invalid_Argument(
"link_cvca(): signature algorithms of signer and signee don't match");
233 std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.
oid);
234 PK_Signer pk_signer(*priv_key, padding_and_hash);
255 u32bit dvca_validity_months,
256 u32bit ca_is_validity_months,
262 throw Invalid_Argument(
"CVC_EAC::create_self_signed_cert(): unsupported key type");
268 PK_Signer pk_signer(*priv_key, padding_and_hash);
290 chat_val = DVCA_domestic | chat_low;
292 chat_val = DVCA_foreign | chat_low;
294 else if ((signer_cert.
get_chat_value() & DVCA_domestic) == DVCA_domestic ||
298 chat_val = IS | chat_low;
302 throw Invalid_Argument(
"sign_request(): encountered illegal value for CHAT");
319 std::string
const& hash_alg,
325 throw Invalid_Argument(
"CVC_EAC::create_self_signed_cert(): unsupported key type");
SecureVector< byte > get_contents()
static MemoryVector< byte > make_signed(PK_Signer &signer, const MemoryRegion< byte > &tbs_bits, RandomNumberGenerator &rng)
DER_Encoder & raw_bytes(const byte val[], size_t len)
void set_parameter_encoding(EC_Group_Encoding enc)
EAC1_1_ADO create_ado_req(Private_Key const &key, EAC1_1_Req const &req, ASN1_Car const &car, RandomNumberGenerator &rng)
std::invalid_argument Invalid_Argument
EAC1_1_CVC link_cvca(EAC1_1_CVC const &signer, Private_Key const &key, EAC1_1_CVC const &signee, RandomNumberGenerator &rng)
EAC1_1_CVC sign_request(EAC1_1_CVC const &signer_cert, Private_Key const &key, EAC1_1_Req const &signee, u32bit seqnr, u32bit seqnr_len, bool domestic, u32bit dvca_validity_months, u32bit ca_is_validity_months, RandomNumberGenerator &rng)
SecureVector< byte > BER_encode() const
EAC1_1_CVC make_cvc_cert(PK_Signer &signer, MemoryRegion< byte > const &public_key, ASN1_Car const &car, ASN1_Chr const &chr, byte holder_auth_templ, ASN1_Ced ced, ASN1_Cex cex, RandomNumberGenerator &rng)
SecureVector< byte > EC2OSP(const PointGFp &point, byte format)
unsigned long long u64bit
DER_Encoder & encode(bool b)
RandomNumberGenerator * rng
void add_months(u32bit months)
std::string lookup(const OID &oid)
static MemoryVector< byte > make_signed(PK_Signer &signer, const MemoryRegion< byte > &tbs_bits, RandomNumberGenerator &rng)
std::string as_string() const
std::string value() const
EAC1_1_CVC create_self_signed_cert(Private_Key const &key, EAC1_1_CVC_Options const &opt, RandomNumberGenerator &rng)
u32bit get_chat_value() const
EAC1_1_CVC create_cvca(Private_Key const &key, std::string const &hash, ASN1_Car const &car, bool iris, bool fingerpr, u32bit cvca_validity_months, RandomNumberGenerator &rng)
std::string algo_name() const
Public_Key * subject_public_key() const
EAC1_1_Req create_cvc_req(Private_Key const &key, ASN1_Chr const &chr, std::string const &hash_alg, RandomNumberGenerator &rng)
std::string to_string(u64bit n, size_t min_len)
std::string iso_8859() const
AlgorithmIdentifier signature_algorithm() const
static SecureVector< byte > encode_1363(const BigInt &n, size_t bytes)
EAC1_1_Req create_cvc_req(Private_Key const &prkey, ASN1_Chr const &chr, std::string const &hash_alg, RandomNumberGenerator &rng)