|
Botan
1.11.15
|
Functions | |
| EAC1_1_Req | create_cvc_req (Private_Key const &prkey, ASN1_Chr const &chr, std::string const &hash_alg, RandomNumberGenerator &rng) |
| EAC1_1_CVC | create_cvca (Private_Key const &key, std::string const &hash, ASN1_Car const &car, bool iris, bool fingerpr, u32bit cvca_validity_months, RandomNumberGenerator &rng) |
| EAC1_1_CVC | link_cvca (EAC1_1_CVC const &signer, Private_Key const &key, EAC1_1_CVC const &signee, RandomNumberGenerator &rng) |
| EAC1_1_CVC | sign_request (EAC1_1_CVC const &signer_cert, Private_Key const &key, EAC1_1_Req const &signee, u32bit seqnr, u32bit seqnr_len, bool domestic, u32bit dvca_validity_months, u32bit ca_is_validity_months, RandomNumberGenerator &rng) |
This namespace represents EAC 1.1 CVC convenience functions following the specific german requirements.
| EAC1_1_Req BOTAN_DLL Botan::DE_EAC::create_cvc_req | ( | Private_Key const & | priv_key, |
| ASN1_Chr const & | chr, | ||
| std::string const & | hash_alg, | ||
| RandomNumberGenerator & | rng | ||
| ) |
Create a CVC request. The key encoding will be implicitCA.
| priv_key | the private key associated with the requesting entity |
| chr | the chr to appear in the certificate (to be provided without sequence number) |
| hash_alg | the string defining the hash algorithm to be used for the creation of the signature |
| rng | a random number generator |
Definition at line 322 of file cvc_self.cpp.
References Botan::EC_DOMPAR_ENC_IMPLICITCA, and Botan::EC_PublicKey::set_parameter_encoding().
{
ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&prkey);
if (priv_key == 0)
{
throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
}
ECDSA_PrivateKey key(*priv_key);
key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
return CVC_EAC::create_cvc_req(key, chr, hash_alg, rng);
}
| EAC1_1_CVC BOTAN_DLL Botan::DE_EAC::create_cvca | ( | Private_Key const & | priv_key, |
| std::string const & | hash, | ||
| ASN1_Car const & | car, | ||
| bool | iris, | ||
| bool | fingerpr, | ||
| u32bit | cvca_validity_months, | ||
| RandomNumberGenerator & | rng | ||
| ) |
Create a CVCA certificate.
| priv_key | the private key associated with the CVCA certificate to be created |
| hash | the string identifying the hash algorithm to be used for signing the certificate to be created |
| car | the CAR of the certificate to be created |
| iris | indicates whether the entity associated with the certificate shall be entitled to read the biometrical iris image |
| fingerpr | indicates whether the entity associated with the certificate shall be entitled to read the biometrical fingerprint image |
| cvca_validity_months | length of time in months this will be valid |
| rng | a random number generator |
Definition at line 182 of file cvc_self.cpp.
References Botan::EAC_Time::add_months(), Botan::EAC1_1_CVC_Options::car, Botan::EAC1_1_CVC_Options::ced, Botan::EAC1_1_CVC_Options::cex, Botan::CVC_EAC::create_self_signed_cert(), Botan::EAC1_1_CVC_Options::hash_alg, and Botan::EAC1_1_CVC_Options::holder_auth_templ.
{
ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
if (priv_key == 0)
{
throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
}
EAC1_1_CVC_Options opts;
opts.car = car;
opts.ced = ASN1_Ced(std::chrono::system_clock::now());
opts.cex = ASN1_Cex(opts.ced);
opts.cex.add_months(cvca_validity_months);
opts.holder_auth_templ = (CVCA | (iris * IRIS) | (fingerpr * FINGERPRINT));
opts.hash_alg = hash;
return CVC_EAC::create_self_signed_cert(*priv_key, opts, rng);
}
| EAC1_1_CVC BOTAN_DLL Botan::DE_EAC::link_cvca | ( | EAC1_1_CVC const & | signer, |
| Private_Key const & | priv_key, | ||
| EAC1_1_CVC const & | to_be_signed, | ||
| RandomNumberGenerator & | rng | ||
| ) |
Create a link certificate between two CVCA certificates. The key encoding will be implicitCA.
| signer | the cvca certificate associated with the signing entity |
| priv_key | the private key associated with the signer |
| to_be_signed | the certificate which whose CAR/CHR will be the holder of the link certificate |
| rng | a random number generator |
Definition at line 206 of file cvc_self.cpp.
References Botan::EAC_Time::as_string(), Botan::EC_DOMPAR_ENC_EXPLICIT, Botan::EAC1_1_CVC::get_car(), Botan::EAC1_1_CVC::get_cex(), Botan::EAC1_1_CVC::get_chat_value(), Botan::EAC1_1_gen_CVC< Derived >::get_chr(), Botan::make_cvc_cert(), Botan::AlgorithmIdentifier::oid, Botan::EC_PublicKey::set_parameter_encoding(), Botan::EAC_Signed_Object::signature_algorithm(), and Botan::EAC1_1_gen_CVC< Derived >::subject_public_key().
{
const ECDSA_PrivateKey* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
if (priv_key == 0)
throw Invalid_Argument("link_cvca(): unsupported key type");
ASN1_Ced ced(std::chrono::system_clock::now());
ASN1_Cex cex(signee.get_cex());
if (*static_cast<EAC_Time*>(&ced) > *static_cast<EAC_Time*>(&cex))
{
std::string detail("link_cvca(): validity periods of provided certificates don't overlap: currend time = ced = ");
detail += ced.as_string();
detail += ", signee.cex = ";
detail += cex.as_string();
throw Invalid_Argument(detail);
}
if (signer.signature_algorithm() != signee.signature_algorithm())
{
throw Invalid_Argument("link_cvca(): signature algorithms of signer and signee don't match");
}
AlgorithmIdentifier sig_algo = signer.signature_algorithm();
std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid);
PK_Signer pk_signer(*priv_key, padding_and_hash);
std::unique_ptr<Public_Key> pk(signee.subject_public_key());
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT);
std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
return make_cvc_cert(pk_signer, enc_public_key,
signer.get_car(),
signee.get_chr(),
signer.get_chat_value(),
ced, cex,
rng);
}
| EAC1_1_CVC BOTAN_DLL Botan::DE_EAC::sign_request | ( | EAC1_1_CVC const & | signer_cert, |
| Private_Key const & | priv_key, | ||
| EAC1_1_Req const & | req, | ||
| u32bit | seqnr, | ||
| u32bit | seqnr_len, | ||
| bool | domestic, | ||
| u32bit | dvca_validity_months, | ||
| u32bit | ca_is_validity_months, | ||
| RandomNumberGenerator & | rng | ||
| ) |
Sign a CVC request.
| signer_cert | the certificate of the signing entity |
| priv_key | the private key of the signing entity |
| req | the request to be signed |
| seqnr | the sequence number of the certificate to be created |
| seqnr_len | the number of digits the sequence number will be encoded in |
| domestic | indicates whether to sign a domestic or a foreign certificate: set to true for domestic |
| dvca_validity_months | validity period in months |
| ca_is_validity_months | validity period in months |
| rng | a random number generator |
Definition at line 247 of file cvc_self.cpp.
References Botan::EAC_Time::add_months(), Botan::EC_DOMPAR_ENC_IMPLICITCA, Botan::EAC1_1_CVC::get_chat_value(), Botan::EAC1_1_gen_CVC< Derived >::get_chr(), Botan::ASN1_EAC_String::iso_8859(), Botan::make_cvc_cert(), Botan::AlgorithmIdentifier::oid, Botan::EC_PublicKey::set_parameter_encoding(), Botan::EAC_Signed_Object::signature_algorithm(), Botan::EAC1_1_gen_CVC< Derived >::subject_public_key(), Botan::ASN1::to_string(), and Botan::ASN1_EAC_String::value().
{
ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
if (priv_key == 0)
{
throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
}
std::string chr_str = signee.get_chr().value();
std::string seqnr_string = std::to_string(seqnr);
while(seqnr_string.size() < seqnr_len)
seqnr_string = '0' + seqnr_string;
chr_str += seqnr_string;
ASN1_Chr chr(chr_str);
std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid);
PK_Signer pk_signer(*priv_key, padding_and_hash);
std::unique_ptr<Public_Key> pk(signee.subject_public_key());
ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
std::unique_ptr<Public_Key> signer_pk(signer_cert.subject_public_key());
// for the case that the domain parameters are not set...
// (we use those from the signer because they must fit)
//subj_pk->set_domain_parameters(priv_key->domain_parameters());
subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm());
ASN1_Ced ced(std::chrono::system_clock::now());
u32bit chat_val;
u32bit chat_low = signer_cert.get_chat_value() & 0x3; // take the chat rights from signer
ASN1_Cex cex(ced);
if ((signer_cert.get_chat_value() & CVCA) == CVCA)
{
// we sign a dvca
cex.add_months(dvca_validity_months);
if (domestic)
chat_val = DVCA_domestic | chat_low;
else
chat_val = DVCA_foreign | chat_low;
}
else if ((signer_cert.get_chat_value() & DVCA_domestic) == DVCA_domestic ||
(signer_cert.get_chat_value() & DVCA_foreign) == DVCA_foreign)
{
cex.add_months(ca_is_validity_months);
chat_val = IS | chat_low;
}
else
{
throw Invalid_Argument("sign_request(): encountered illegal value for CHAT");
// (IS cannot sign certificates)
}
std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);
return make_cvc_cert(pk_signer, enc_public_key,
ASN1_Car(signer_cert.get_chr().iso_8859()),
chr,
chat_val,
ced,
cex,
rng);
}
1.7.6.1