#include <mbedtls/x509_crt.h>
#include <mbedtls/error.h>
#include <mbedtls/bignum.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
#include <boost/noncopyable.hpp>
#include <string>
int parse(const std::string& pem) {
return mbedtls_x509_crt_parse(this, reinterpret_cast<const unsigned char *>(pem.c_str()), pem.size() + 1);
}
+
+ int parse(const unsigned char * pem, size_t size) {
+ return mbedtls_x509_crt_parse(this, pem, size);
+ }
};
static inline std::string mbedtls_error_to_string(int error) {
int read_binary(const void * data, size_t length) {
return mbedtls_mpi_read_binary(this, (const unsigned char *)data, length);
}
+};
+
+struct mbedtls_entropy_context_wrapper : public mbedtls_entropy_context, public boost::noncopyable
+{
+ mbedtls_entropy_context_wrapper() {
+ mbedtls_entropy_init(this);
+ }
+
+ ~mbedtls_entropy_context_wrapper() {
+ mbedtls_entropy_free(this);
+ }
+};
+
+struct mbedtls_ctr_drbg_context_wrapper : public mbedtls_ctr_drbg_context, public boost::noncopyable
+{
+ mbedtls_ctr_drbg_context_wrapper() {
+ mbedtls_ctr_drbg_init(this);
+ }
+
+ ~mbedtls_ctr_drbg_context_wrapper() {
+ mbedtls_ctr_drbg_free(this);
+ }
+
+ int seed(int (*f_entropy)(void *, unsigned char *, size_t), void *p_entropy,
+ const unsigned char *custom, size_t len)
+ {
+ return mbedtls_ctr_drbg_seed(this, f_entropy, p_entropy, custom, len);
+ }
+};
+
+struct mbedtls_pk_context_wrapper : public mbedtls_pk_context, public boost::noncopyable
+{
+ mbedtls_pk_context_wrapper() {
+ mbedtls_pk_init(this);
+ }
- int get_raw(const void * data, size_t length) {
- const int ciL = sizeof(mbedtls_mpi_uint);
- const int biL = ciL * 8;
- int error = mbedtls_mpi_grow(this, (length * 8 + biL - 1) / biL);
- if(error != 0)
- return error;
- mbedtls_mpi_lset(this, 0);
- memcpy(this->p, data, length);
- return 0;
+ ~mbedtls_pk_context_wrapper() {
+ mbedtls_pk_free(this);
}
};
#include <mbedtls/certs.h>
#include <mbedtls/x509_crt.h>
-#include <cassert>
+#include <mbedtls_wrapper.h>
-static inline std::string mbedtls_error_to_string(int error) {
- char buffer[256];
- mbedtls_strerror(error, buffer, sizeof(buffer));
- return std::string(buffer);
-}
+#include <cassert>
int main()
{
const char *pers = "hw_api_test";
- mbedtls_entropy_context entropy;
- mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context_wrapper entropy;
+ mbedtls_ctr_drbg_context_wrapper ctr_drbg;
int error;
unsigned char result_sig[MBEDTLS_MPI_MAX_SIZE];
size_t result_sig_len;
- mbedtls_entropy_init(&entropy);
- mbedtls_ctr_drbg_init(&ctr_drbg);
-
- if( (error = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ if( (error = ctr_drbg.seed(mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
- strlen( pers ) )) != 0 )
+ strlen( pers ))) != 0 )
{
std::cerr << "Can't seed RNG: " << mbedtls_error_to_string(error) << std::endl;
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
return -1;
}
if(!keyContext) {
std::cerr << "Can't create DCM key context" << std::endl;
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
return -1;
}
- mbedtls_pk_context pkey;
-
std::cout << "Initialize PK context" << std::endl;
- mbedtls_pk_init(&pkey);
+ mbedtls_pk_context_wrapper pkey;
if(DCM_HWSetupPkContext(&pkey, keyContext) != 0) {
std::cerr << "Can't setup key context" << std::endl;
DCM_HWFreeKeyContext(keyContext);
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
return -1;
} else {
std::cout << "Key context setup OK" << std::endl;
unsigned char * certChain = nullptr;
size_t certChainLen = 0;
- mbedtls_x509_crt chain;
- mbedtls_x509_crt_init(&chain);
+ mbedtls_x509_crt_wrapper chain;
if(DCM_HWGetOwnCertificateChain(keyContext, &certChain, &certChainLen)) {
std::cerr << "Can't request certificate chain" << std::endl;
} else {
std::cout << "Certificate received" << std::endl;
- error = mbedtls_x509_crt_parse(&chain, certChain, certChainLen);
+ error = chain.parse(certChain, certChainLen);
if(error != 0) {
std::cerr << "Can't parse certificate chain: " << mbedtls_error_to_string(error) << std::endl;
DCM_HWFreeKeyContext(keyContext);
- mbedtls_x509_crt_free(&chain);
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
return -1;
}
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0)
{
std::cerr << "Can't sign data with key: " << mbedtls_error_to_string(error) << std::endl;
- mbedtls_pk_free(&pkey);
DCM_HWFreeKeyContext(keyContext);
- mbedtls_x509_crt_free(&chain);
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
return -1;
}
std::cout << std::endl;
// Verify signature
-
std::cout << "Verifying signature ..." << std::endl;
if((error = mbedtls_pk_verify_ext(chain.sig_pk,
std::cout << "Signature verification succeeded" << std::endl;
}
- mbedtls_x509_crt_free(&chain);
-
- std::cout << "Freeing PK context" << std::endl;
- mbedtls_pk_free(&pkey);
-
std::cout << "Deleting HW context" << std::endl;
DCM_HWFreeKeyContext(keyContext);
std::cout << "Finished" << std::endl;
- mbedtls_ctr_drbg_free( &ctr_drbg );
- mbedtls_entropy_free( &entropy );
-
return 0;
}
projects / platform / core / security / device-certificate-manager.git / commitdiff