Botan
1.11.15
|
00001 /* 00002 * CVC Self-Signed Certificate 00003 * (C) 2007 FlexSecure GmbH 00004 * 2008 Jack Lloyd 00005 * 00006 * Botan is released under the Simplified BSD License (see license.txt) 00007 */ 00008 00009 #ifndef BOTAN_CVC_EAC_SELF_H__ 00010 #define BOTAN_CVC_EAC_SELF_H__ 00011 00012 #include <botan/pkcs8.h> 00013 #include <botan/cvc_cert.h> 00014 #include <botan/ecdsa.h> 00015 #include <botan/asn1_obj.h> 00016 #include <botan/cvc_req.h> 00017 #include <botan/cvc_ado.h> 00018 00019 namespace Botan { 00020 00021 /** 00022 * This class represents a set of options used for the creation of CVC certificates 00023 */ 00024 class BOTAN_DLL EAC1_1_CVC_Options 00025 { 00026 public: 00027 00028 ASN1_Car car; 00029 ASN1_Chr chr; 00030 byte holder_auth_templ; 00031 ASN1_Ced ced; 00032 ASN1_Cex cex; 00033 std::string hash_alg; 00034 }; 00035 00036 /** 00037 * This namespace represents general EAC 1.1 convenience functions. 00038 */ 00039 namespace CVC_EAC { 00040 00041 /** 00042 * Create a selfsigned CVCA 00043 * @param rng the rng to use 00044 * @param key the ECDSA private key to be used to sign the certificate 00045 * @param opts used to set several parameters. Necessary are: 00046 * car, holder_auth_templ, hash_alg, ced, cex and hash_alg 00047 * @result the self signed certificate 00048 */ 00049 00050 EAC1_1_CVC BOTAN_DLL create_self_signed_cert(Private_Key const& key, 00051 EAC1_1_CVC_Options const& opts, 00052 RandomNumberGenerator& rng); 00053 /** 00054 * Create a CVC request. The key encoding will be according to the provided private key. 00055 * @param priv_key the private key associated with the requesting entity 00056 * @param chr the chr to appear in the certificate (to be provided without 00057 * sequence number) 00058 * @param hash_alg the string defining the hash algorithm to be used for the creation 00059 * of the signature 00060 * @param rng the rng to use 00061 * @result the new request 00062 */ 00063 EAC1_1_Req BOTAN_DLL create_cvc_req(Private_Key const& priv_key, 00064 ASN1_Chr const& chr, 00065 std::string const& hash_alg, 00066 RandomNumberGenerator& rng); 00067 00068 /** 00069 * Create an ADO from a request object. 00070 * @param priv_key the private key used to sign the ADO 00071 * @param req the request forming the body of the ADO 00072 * @param car the CAR forming the body of the ADO, i.e. the 00073 * CHR of the entity associated with the provided private key 00074 * @param rng the rng to use 00075 */ 00076 EAC1_1_ADO BOTAN_DLL create_ado_req(Private_Key const& priv_key, 00077 EAC1_1_Req const& req, 00078 ASN1_Car const& car, 00079 RandomNumberGenerator& rng); 00080 } 00081 /** 00082 * This namespace represents EAC 1.1 CVC convenience functions 00083 * following the specific german requirements. 00084 */ 00085 00086 namespace DE_EAC { 00087 00088 /** 00089 * Create a CVCA certificate. 00090 * @param priv_key the private key associated with the CVCA certificate 00091 * to be created 00092 * @param hash the string identifying the hash algorithm to be used 00093 * for signing the certificate to be created 00094 * @param car the CAR of the certificate to be created 00095 * @param iris indicates whether the entity associated with the certificate 00096 * shall be entitled to read the biometrical iris image 00097 * @param fingerpr indicates whether the entity associated with the certificate 00098 * shall be entitled to read the biometrical fingerprint image 00099 * @param cvca_validity_months length of time in months this will be valid 00100 * @param rng a random number generator 00101 * @result the CVCA certificate created 00102 */ 00103 EAC1_1_CVC BOTAN_DLL create_cvca(Private_Key const& priv_key, 00104 std::string const& hash, 00105 ASN1_Car const& car, 00106 bool iris, 00107 bool fingerpr, 00108 u32bit cvca_validity_months, 00109 RandomNumberGenerator& rng); 00110 00111 /** 00112 * Create a link certificate between two CVCA certificates. The key 00113 * encoding will be implicitCA. 00114 * @param signer the cvca certificate associated with the signing 00115 * entity 00116 * @param priv_key the private key associated with the signer 00117 * @param to_be_signed the certificate which whose CAR/CHR will be 00118 * the holder of the link certificate 00119 * @param rng a random number generator 00120 */ 00121 EAC1_1_CVC BOTAN_DLL link_cvca(EAC1_1_CVC const& signer, 00122 Private_Key const& priv_key, 00123 EAC1_1_CVC const& to_be_signed, 00124 RandomNumberGenerator& rng); 00125 00126 /** 00127 * Create a CVC request. The key encoding will be implicitCA. 00128 * @param priv_key the private key associated with the requesting entity 00129 * @param chr the chr to appear in the certificate (to be provided without 00130 * sequence number) 00131 * @param hash_alg the string defining the hash algorithm to be used for the creation 00132 * of the signature 00133 * @param rng a random number generator 00134 * @result the new request 00135 */ 00136 EAC1_1_Req BOTAN_DLL create_cvc_req(Private_Key const& priv_key, 00137 ASN1_Chr const& chr, 00138 std::string const& hash_alg, 00139 RandomNumberGenerator& rng); 00140 00141 /** 00142 * Sign a CVC request. 00143 * @param signer_cert the certificate of the signing entity 00144 * @param priv_key the private key of the signing entity 00145 * @param req the request to be signed 00146 * @param seqnr the sequence number of the certificate to be created 00147 * @param seqnr_len the number of digits the sequence number will be 00148 * encoded in 00149 * @param domestic indicates whether to sign a domestic or a foreign 00150 * certificate: set to true for domestic 00151 * @param dvca_validity_months validity period in months 00152 * @param ca_is_validity_months validity period in months 00153 * @param rng a random number generator 00154 * @result the new certificate 00155 * 00156 **/ 00157 EAC1_1_CVC BOTAN_DLL sign_request(EAC1_1_CVC const& signer_cert, 00158 Private_Key const& priv_key, 00159 EAC1_1_Req const& req, 00160 u32bit seqnr, 00161 u32bit seqnr_len, 00162 bool domestic, 00163 u32bit dvca_validity_months, 00164 u32bit ca_is_validity_months, 00165 RandomNumberGenerator& rng); 00166 } 00167 00168 } 00169 00170 #endif