Botan  1.10.9
Functions
Botan::DE_EAC Namespace Reference

Functions

EAC1_1_Req create_cvc_req (Private_Key const &prkey, ASN1_Chr const &chr, std::string const &hash_alg, RandomNumberGenerator &rng)
 
EAC1_1_CVC create_cvca (Private_Key const &key, std::string const &hash, ASN1_Car const &car, bool iris, bool fingerpr, u32bit cvca_validity_months, RandomNumberGenerator &rng)
 
EAC1_1_CVC link_cvca (EAC1_1_CVC const &signer, Private_Key const &key, EAC1_1_CVC const &signee, RandomNumberGenerator &rng)
 
EAC1_1_CVC sign_request (EAC1_1_CVC const &signer_cert, Private_Key const &key, EAC1_1_Req const &signee, u32bit seqnr, u32bit seqnr_len, bool domestic, u32bit dvca_validity_months, u32bit ca_is_validity_months, RandomNumberGenerator &rng)
 

Detailed Description

This namespace represents EAC 1.1 CVC convenience functions following the specific german requirements.

Function Documentation

EAC1_1_Req BOTAN_DLL Botan::DE_EAC::create_cvc_req ( Private_Key const &  priv_key,
ASN1_Chr const &  chr,
std::string const &  hash_alg,
RandomNumberGenerator rng 
)

Create a CVC request. The key encoding will be implicitCA.

Parameters
priv_keythe private key associated with the requesting entity
chrthe chr to appear in the certificate (to be provided without sequence number)
hash_algthe string defining the hash algorithm to be used for the creation of the signature
rnga random number generator
Returns
the new request

Definition at line 317 of file cvc_self.cpp.

References Botan::CVC_EAC::create_cvc_req(), Botan::EC_DOMPAR_ENC_IMPLICITCA, and Botan::EC_PublicKey::set_parameter_encoding().

321  {
322  ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&prkey);
323  if (priv_key == 0)
324  {
325  throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
326  }
327  ECDSA_PrivateKey key(*priv_key);
328  key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
329  return CVC_EAC::create_cvc_req(key, chr, hash_alg, rng);
330  }
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
EAC1_1_Req create_cvc_req(Private_Key const &prkey, ASN1_Chr const &chr, std::string const &hash_alg, RandomNumberGenerator &rng)
Definition: cvc_self.cpp:317
EAC1_1_CVC BOTAN_DLL Botan::DE_EAC::create_cvca ( Private_Key const &  priv_key,
std::string const &  hash,
ASN1_Car const &  car,
bool  iris,
bool  fingerpr,
u32bit  cvca_validity_months,
RandomNumberGenerator rng 
)

Create a CVCA certificate.

Parameters
priv_keythe private key associated with the CVCA certificate to be created
hashthe string identifying the hash algorithm to be used for signing the certificate to be created
carthe CAR of the certificate to be created
irisindicates whether the entity associated with the certificate shall be entitled to read the biometrical iris image
fingerprindicates whether the entity associated with the certificate shall be entitled to read the biometrical fingerprint image
cvca_validity_monthslength of time in months this will be valid
rnga random number generator
Returns
the CVCA certificate created

Definition at line 183 of file cvc_self.cpp.

References Botan::EAC_Time::add_months(), Botan::EAC1_1_CVC_Options::car, Botan::EAC1_1_CVC_Options::ced, Botan::EAC1_1_CVC_Options::cex, Botan::CVC_EAC::create_self_signed_cert(), Botan::EAC1_1_CVC_Options::hash_alg, Botan::EAC1_1_CVC_Options::holder_auth_templ, and Botan::system_time().

188  {
189  ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
190  if (priv_key == 0)
191  {
192  throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
193  }
194  EAC1_1_CVC_Options opts;
195  opts.car = car;
196  const u64bit current_time = system_time();
197 
198  opts.ced = ASN1_Ced(current_time);
199  opts.cex = ASN1_Cex(opts.ced);
200  opts.cex.add_months(cvca_validity_months);
201  opts.holder_auth_templ = (CVCA | (iris * IRIS) | (fingerpr * FINGERPRINT));
202  opts.hash_alg = hash;
203  return CVC_EAC::create_self_signed_cert(*priv_key, opts, rng);
204  }
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
unsigned long long u64bit
Definition: types.h:49
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
EAC1_1_CVC create_self_signed_cert(Private_Key const &key, EAC1_1_CVC_Options const &opt, RandomNumberGenerator &rng)
Definition: cvc_self.cpp:90
u64bit system_time()
Definition: time.cpp:73
EAC1_1_CVC BOTAN_DLL Botan::DE_EAC::link_cvca ( EAC1_1_CVC const &  signer,
Private_Key const &  priv_key,
EAC1_1_CVC const &  to_be_signed,
RandomNumberGenerator rng 
)

Create a link certificate between two CVCA certificates. The key encoding will be implicitCA.

Parameters
signerthe cvca certificate associated with the signing entity
priv_keythe private key associated with the signer
to_be_signedthe certificate which whose CAR/CHR will be the holder of the link certificate
rnga random number generator

Definition at line 208 of file cvc_self.cpp.

References Botan::EAC_Time::as_string(), Botan::EC_DOMPAR_ENC_EXPLICIT, Botan::EAC1_1_CVC::get_car(), Botan::EAC1_1_CVC::get_cex(), Botan::EAC1_1_CVC::get_chat_value(), Botan::EAC1_1_gen_CVC< Derived >::get_chr(), Botan::make_cvc_cert(), Botan::AlgorithmIdentifier::oid, rng, Botan::EC_PublicKey::set_parameter_encoding(), Botan::EAC_Signed_Object::signature_algorithm(), Botan::EAC1_1_gen_CVC< Derived >::subject_public_key(), and Botan::system_time().

212  {
213  ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
214  if (priv_key == 0)
215  {
216  throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
217  }
218  ASN1_Ced ced(system_time());
219  ASN1_Cex cex(signee.get_cex());
220  if (*static_cast<EAC_Time*>(&ced) > *static_cast<EAC_Time*>(&cex))
221  {
222  std::string detail("link_cvca(): validity periods of provided certificates don't overlap: currend time = ced = ");
223  detail += ced.as_string();
224  detail += ", signee.cex = ";
225  detail += cex.as_string();
226  throw Invalid_Argument(detail);
227  }
228  if (signer.signature_algorithm() != signee.signature_algorithm())
229  {
230  throw Invalid_Argument("link_cvca(): signature algorithms of signer and signee don't match");
231  }
232  AlgorithmIdentifier sig_algo = signer.signature_algorithm();
233  std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid);
234  PK_Signer pk_signer(*priv_key, padding_and_hash);
235  std::auto_ptr<Public_Key> pk(signee.subject_public_key());
236  ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
237  subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT);
238 
239  MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
240 
241  return make_cvc_cert(pk_signer, enc_public_key,
242  signer.get_car(),
243  signee.get_chr(),
244  signer.get_chat_value(),
245  ced, cex,
246  rng);
247  }
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
EAC1_1_CVC make_cvc_cert(PK_Signer &signer, MemoryRegion< byte > const &public_key, ASN1_Car const &car, ASN1_Chr const &chr, byte holder_auth_templ, ASN1_Ced ced, ASN1_Cex cex, RandomNumberGenerator &rng)
Definition: cvc_cert.cpp:98
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
u64bit system_time()
Definition: time.cpp:73
EAC1_1_CVC BOTAN_DLL Botan::DE_EAC::sign_request ( EAC1_1_CVC const &  signer_cert,
Private_Key const &  priv_key,
EAC1_1_Req const &  req,
u32bit  seqnr,
u32bit  seqnr_len,
bool  domestic,
u32bit  dvca_validity_months,
u32bit  ca_is_validity_months,
RandomNumberGenerator rng 
)

Sign a CVC request.

Parameters
signer_certthe certificate of the signing entity
priv_keythe private key of the signing entity
reqthe request to be signed
seqnrthe sequence number of the certificate to be created
seqnr_lenthe number of digits the sequence number will be encoded in
domesticindicates whether to sign a domestic or a foreign certificate: set to true for domestic
dvca_validity_monthsvalidity period in months
ca_is_validity_monthsvalidity period in months
rnga random number generator
Returns
the new certificate

Definition at line 249 of file cvc_self.cpp.

References Botan::EAC_Time::add_months(), Botan::EC_DOMPAR_ENC_IMPLICITCA, Botan::EAC1_1_CVC::get_chat_value(), Botan::EAC1_1_gen_CVC< Derived >::get_chr(), Botan::ASN1_EAC_String::iso_8859(), Botan::make_cvc_cert(), Botan::AlgorithmIdentifier::oid, Botan::EC_PublicKey::set_parameter_encoding(), Botan::EAC_Signed_Object::signature_algorithm(), Botan::EAC1_1_gen_CVC< Derived >::subject_public_key(), Botan::system_time(), Botan::to_string(), and Botan::ASN1_EAC_String::value().

258  {
259  ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
260  if (priv_key == 0)
261  {
262  throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
263  }
264  std::string chr_str = signee.get_chr().value();
265  chr_str += to_string(seqnr, seqnr_len);
266  ASN1_Chr chr(chr_str);
267  std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid);
268  PK_Signer pk_signer(*priv_key, padding_and_hash);
269  std::auto_ptr<Public_Key> pk(signee.subject_public_key());
270  ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
271  std::auto_ptr<Public_Key> signer_pk(signer_cert.subject_public_key());
272 
273  // for the case that the domain parameters are not set...
274  // (we use those from the signer because they must fit)
275  //subj_pk->set_domain_parameters(priv_key->domain_parameters());
276 
277  subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
278 
279  AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm());
280  const u64bit current_time = system_time();
281  ASN1_Ced ced(current_time);
282  u32bit chat_val;
283  u32bit chat_low = signer_cert.get_chat_value() & 0x3; // take the chat rights from signer
284  ASN1_Cex cex(ced);
285  if ((signer_cert.get_chat_value() & CVCA) == CVCA)
286  {
287  // we sign a dvca
288  cex.add_months(dvca_validity_months);
289  if (domestic)
290  chat_val = DVCA_domestic | chat_low;
291  else
292  chat_val = DVCA_foreign | chat_low;
293  }
294  else if ((signer_cert.get_chat_value() & DVCA_domestic) == DVCA_domestic ||
295  (signer_cert.get_chat_value() & DVCA_foreign) == DVCA_foreign)
296  {
297  cex.add_months(ca_is_validity_months);
298  chat_val = IS | chat_low;
299  }
300  else
301  {
302  throw Invalid_Argument("sign_request(): encountered illegal value for CHAT");
303  // (IS cannot sign certificates)
304  }
305 
306  MemoryVector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
307 
308  return make_cvc_cert(pk_signer, enc_public_key,
309  ASN1_Car(signer_cert.get_chr().iso_8859()),
310  chr,
311  chat_val,
312  ced,
313  cex,
314  rng);
315  }
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
std::string to_string(const BER_Object &obj)
Definition: asn1_int.cpp:46
EAC1_1_CVC make_cvc_cert(PK_Signer &signer, MemoryRegion< byte > const &public_key, ASN1_Car const &car, ASN1_Chr const &chr, byte holder_auth_templ, ASN1_Ced ced, ASN1_Cex cex, RandomNumberGenerator &rng)
Definition: cvc_cert.cpp:98
unsigned long long u64bit
Definition: types.h:49
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
u64bit system_time()
Definition: time.cpp:73
unsigned int u32bit
Definition: types.h:32