Botan  1.11.15
Functions
Botan::DE_EAC Namespace Reference

Functions

EAC1_1_Req create_cvc_req (Private_Key const &prkey, ASN1_Chr const &chr, std::string const &hash_alg, RandomNumberGenerator &rng)
EAC1_1_CVC create_cvca (Private_Key const &key, std::string const &hash, ASN1_Car const &car, bool iris, bool fingerpr, u32bit cvca_validity_months, RandomNumberGenerator &rng)
EAC1_1_CVC link_cvca (EAC1_1_CVC const &signer, Private_Key const &key, EAC1_1_CVC const &signee, RandomNumberGenerator &rng)
EAC1_1_CVC sign_request (EAC1_1_CVC const &signer_cert, Private_Key const &key, EAC1_1_Req const &signee, u32bit seqnr, u32bit seqnr_len, bool domestic, u32bit dvca_validity_months, u32bit ca_is_validity_months, RandomNumberGenerator &rng)

Detailed Description

This namespace represents EAC 1.1 CVC convenience functions following the specific german requirements.


Function Documentation

EAC1_1_Req BOTAN_DLL Botan::DE_EAC::create_cvc_req ( Private_Key const &  priv_key,
ASN1_Chr const &  chr,
std::string const &  hash_alg,
RandomNumberGenerator &  rng 
)

Create a CVC request. The key encoding will be implicitCA.

Parameters:
priv_keythe private key associated with the requesting entity
chrthe chr to appear in the certificate (to be provided without sequence number)
hash_algthe string defining the hash algorithm to be used for the creation of the signature
rnga random number generator
Returns:
the new request

Definition at line 322 of file cvc_self.cpp.

References Botan::EC_DOMPAR_ENC_IMPLICITCA, and Botan::EC_PublicKey::set_parameter_encoding().

   {
   ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&prkey);
   if (priv_key == 0)
      {
      throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
      }
   ECDSA_PrivateKey key(*priv_key);
   key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);
   return CVC_EAC::create_cvc_req(key, chr, hash_alg, rng);
   }
EAC1_1_CVC BOTAN_DLL Botan::DE_EAC::create_cvca ( Private_Key const &  priv_key,
std::string const &  hash,
ASN1_Car const &  car,
bool  iris,
bool  fingerpr,
u32bit  cvca_validity_months,
RandomNumberGenerator &  rng 
)

Create a CVCA certificate.

Parameters:
priv_keythe private key associated with the CVCA certificate to be created
hashthe string identifying the hash algorithm to be used for signing the certificate to be created
carthe CAR of the certificate to be created
irisindicates whether the entity associated with the certificate shall be entitled to read the biometrical iris image
fingerprindicates whether the entity associated with the certificate shall be entitled to read the biometrical fingerprint image
cvca_validity_monthslength of time in months this will be valid
rnga random number generator
Returns:
the CVCA certificate created

Definition at line 182 of file cvc_self.cpp.

References Botan::EAC_Time::add_months(), Botan::EAC1_1_CVC_Options::car, Botan::EAC1_1_CVC_Options::ced, Botan::EAC1_1_CVC_Options::cex, Botan::CVC_EAC::create_self_signed_cert(), Botan::EAC1_1_CVC_Options::hash_alg, and Botan::EAC1_1_CVC_Options::holder_auth_templ.

   {
   ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
   if (priv_key == 0)
      {
      throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
      }
   EAC1_1_CVC_Options opts;
   opts.car = car;

   opts.ced = ASN1_Ced(std::chrono::system_clock::now());
   opts.cex = ASN1_Cex(opts.ced);
   opts.cex.add_months(cvca_validity_months);
   opts.holder_auth_templ = (CVCA | (iris * IRIS) | (fingerpr * FINGERPRINT));
   opts.hash_alg = hash;
   return CVC_EAC::create_self_signed_cert(*priv_key, opts, rng);
   }
EAC1_1_CVC BOTAN_DLL Botan::DE_EAC::link_cvca ( EAC1_1_CVC const &  signer,
Private_Key const &  priv_key,
EAC1_1_CVC const &  to_be_signed,
RandomNumberGenerator &  rng 
)

Create a link certificate between two CVCA certificates. The key encoding will be implicitCA.

Parameters:
signerthe cvca certificate associated with the signing entity
priv_keythe private key associated with the signer
to_be_signedthe certificate which whose CAR/CHR will be the holder of the link certificate
rnga random number generator

Definition at line 206 of file cvc_self.cpp.

References Botan::EAC_Time::as_string(), Botan::EC_DOMPAR_ENC_EXPLICIT, Botan::EAC1_1_CVC::get_car(), Botan::EAC1_1_CVC::get_cex(), Botan::EAC1_1_CVC::get_chat_value(), Botan::EAC1_1_gen_CVC< Derived >::get_chr(), Botan::make_cvc_cert(), Botan::AlgorithmIdentifier::oid, Botan::EC_PublicKey::set_parameter_encoding(), Botan::EAC_Signed_Object::signature_algorithm(), and Botan::EAC1_1_gen_CVC< Derived >::subject_public_key().

   {
   const ECDSA_PrivateKey* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);

   if (priv_key == 0)
      throw Invalid_Argument("link_cvca(): unsupported key type");

   ASN1_Ced ced(std::chrono::system_clock::now());
   ASN1_Cex cex(signee.get_cex());
   if (*static_cast<EAC_Time*>(&ced) > *static_cast<EAC_Time*>(&cex))
      {
      std::string detail("link_cvca(): validity periods of provided certificates don't overlap: currend time = ced = ");
      detail += ced.as_string();
      detail += ", signee.cex = ";
      detail += cex.as_string();
      throw Invalid_Argument(detail);
      }
   if (signer.signature_algorithm() != signee.signature_algorithm())
      {
      throw Invalid_Argument("link_cvca(): signature algorithms of signer and signee don't match");
      }
   AlgorithmIdentifier sig_algo = signer.signature_algorithm();
   std::string padding_and_hash = padding_and_hash_from_oid(sig_algo.oid);
   PK_Signer pk_signer(*priv_key, padding_and_hash);
   std::unique_ptr<Public_Key> pk(signee.subject_public_key());
   ECDSA_PublicKey* subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
   subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT);

   std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);

   return make_cvc_cert(pk_signer, enc_public_key,
                        signer.get_car(),
                        signee.get_chr(),
                        signer.get_chat_value(),
                        ced, cex,
                        rng);
   }
EAC1_1_CVC BOTAN_DLL Botan::DE_EAC::sign_request ( EAC1_1_CVC const &  signer_cert,
Private_Key const &  priv_key,
EAC1_1_Req const &  req,
u32bit  seqnr,
u32bit  seqnr_len,
bool  domestic,
u32bit  dvca_validity_months,
u32bit  ca_is_validity_months,
RandomNumberGenerator &  rng 
)

Sign a CVC request.

Parameters:
signer_certthe certificate of the signing entity
priv_keythe private key of the signing entity
reqthe request to be signed
seqnrthe sequence number of the certificate to be created
seqnr_lenthe number of digits the sequence number will be encoded in
domesticindicates whether to sign a domestic or a foreign certificate: set to true for domestic
dvca_validity_monthsvalidity period in months
ca_is_validity_monthsvalidity period in months
rnga random number generator
Returns:
the new certificate

Definition at line 247 of file cvc_self.cpp.

References Botan::EAC_Time::add_months(), Botan::EC_DOMPAR_ENC_IMPLICITCA, Botan::EAC1_1_CVC::get_chat_value(), Botan::EAC1_1_gen_CVC< Derived >::get_chr(), Botan::ASN1_EAC_String::iso_8859(), Botan::make_cvc_cert(), Botan::AlgorithmIdentifier::oid, Botan::EC_PublicKey::set_parameter_encoding(), Botan::EAC_Signed_Object::signature_algorithm(), Botan::EAC1_1_gen_CVC< Derived >::subject_public_key(), Botan::ASN1::to_string(), and Botan::ASN1_EAC_String::value().

   {
   ECDSA_PrivateKey const* priv_key = dynamic_cast<ECDSA_PrivateKey const*>(&key);
   if (priv_key == 0)
      {
      throw Invalid_Argument("CVC_EAC::create_self_signed_cert(): unsupported key type");
      }
   std::string chr_str = signee.get_chr().value();

   std::string seqnr_string = std::to_string(seqnr);

   while(seqnr_string.size() < seqnr_len)
      seqnr_string = '0' + seqnr_string;

   chr_str += seqnr_string;
   ASN1_Chr chr(chr_str);
   std::string padding_and_hash = padding_and_hash_from_oid(signee.signature_algorithm().oid);
   PK_Signer pk_signer(*priv_key, padding_and_hash);
   std::unique_ptr<Public_Key> pk(signee.subject_public_key());
   ECDSA_PublicKey*  subj_pk = dynamic_cast<ECDSA_PublicKey*>(pk.get());
   std::unique_ptr<Public_Key> signer_pk(signer_cert.subject_public_key());

   // for the case that the domain parameters are not set...
   // (we use those from the signer because they must fit)
   //subj_pk->set_domain_parameters(priv_key->domain_parameters());

   subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA);

   AlgorithmIdentifier sig_algo(signer_cert.signature_algorithm());

   ASN1_Ced ced(std::chrono::system_clock::now());

   u32bit chat_val;
   u32bit chat_low = signer_cert.get_chat_value() & 0x3; // take the chat rights from signer
   ASN1_Cex cex(ced);
   if ((signer_cert.get_chat_value() & CVCA) == CVCA)
      {
      // we sign a dvca
      cex.add_months(dvca_validity_months);
      if (domestic)
         chat_val = DVCA_domestic | chat_low;
      else
         chat_val = DVCA_foreign | chat_low;
      }
   else if ((signer_cert.get_chat_value() & DVCA_domestic) == DVCA_domestic ||
            (signer_cert.get_chat_value() & DVCA_foreign) == DVCA_foreign)
      {
      cex.add_months(ca_is_validity_months);
      chat_val = IS | chat_low;
      }
   else
      {
      throw Invalid_Argument("sign_request(): encountered illegal value for CHAT");
      // (IS cannot sign certificates)
      }

   std::vector<byte> enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid);

   return make_cvc_cert(pk_signer, enc_public_key,
                        ASN1_Car(signer_cert.get_chr().iso_8859()),
                        chr,
                        chat_val,
                        ced,
                        cex,
                        rng);
   }