unsigned char * certChain = nullptr;
size_t certChainLen = 0;
+ mbedtls_x509_crt chain;
+ mbedtls_x509_crt_init(&chain);
+
if(DCM_HWGetOwnCertificateChain(keyContext, &certChain, &certChainLen)) {
std::cerr << "Can't request certificate chain" << std::endl;
} else {
std::cout << "Certificate received" << std::endl;
- mbedtls_x509_crt chain;
- mbedtls_x509_crt_init(&chain);
-
int error = mbedtls_x509_crt_parse(&chain, certChain, certChainLen);
if(error != 0) {
std::cerr << "Can't sign data with key" << std::endl;
mbedtls_pk_free(&pkey);
DCM_HWFreeKeyContext(keyContext);
+ mbedtls_x509_crt_free(&chain);
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
return -1;
}
-
std::cout << "Signature = ";
for(size_t i = 0 ; i < result_sig_len ; ++i) {
std::cout << std::endl;
+ // Verify signature
+
+ std::cout << "Verifying signature ..." << std::endl;
+
+ if(mbedtls_pk_verify(&chain.pk,
+ MBEDTLS_MD_SHA256,
+ to_sign,
+ sizeof(to_sign),
+ result_sig,
+ result_sig_len) != 0)
+ {
+ std::cout << "Signature verification failure" << std::endl;
+ } else {
+ std::cout << "Signature verification succeeded" << std::endl;
+ }
+
+ mbedtls_x509_crt_free(&chain);
+
std::cout << "Freeing PK context" << std::endl;
mbedtls_pk_free(&pkey);