#include <google/protobuf/io/zero_copy_stream_impl.h>
#include <google/protobuf/io/coded_stream.h>
-#include <mbedtls/ssl.h>
#include "dcm_client.h"
#include "dcm_support.pb.h"
#include "protobuf_asio.h"
#include "log.h"
-static_assert(MD_NONE == (unsigned int)MBEDTLS_MD_NONE, "MBEDTLS_MD_NONE mismatch");
-static_assert(MD_MD2 == (unsigned int)MBEDTLS_MD_MD2, "MBEDTLS_MD_MD2 mismatch");
-static_assert(MD_MD4 == (unsigned int)MBEDTLS_MD_MD4, "MBEDTLS_MD_MD4 mismatch");
-static_assert(MD_MD5 == (unsigned int)MBEDTLS_MD_MD5, "MBEDTLS_MD_MD5 mismatch");
-static_assert(MD_SHA1 == (unsigned int)MBEDTLS_MD_SHA1, "MBEDTLS_MD_SHA1 mismatch");
-static_assert(MD_SHA224 == (unsigned int)MBEDTLS_MD_SHA224, "MBEDTLS_MD_SHA224 mismatch");
-static_assert(MD_SHA256 == (unsigned int)MBEDTLS_MD_SHA256, "MBEDTLS_MD_SHA256 mismatch");
-static_assert(MD_SHA384 == (unsigned int)MBEDTLS_MD_SHA384, "MBEDTLS_MD_SHA384 mismatch");
-static_assert(MD_SHA512 == (unsigned int)MBEDTLS_MD_SHA512, "MBEDTLS_MD_SHA512 mismatch");
-static_assert(MD_RIPEMD160 == (unsigned int)MBEDTLS_MD_RIPEMD160, "MBEDTLS_MD_RIPEMD160 mismatch");
+size_t get_digest_size(dcm_digest_algorithm_e md)
+{
+ switch(md) {
+ case DCM_DIGEST_NONE:
+ return 0;
+ case DCM_DIGEST_MD2:
+ case DCM_DIGEST_MD4:
+ case DCM_DIGEST_MD5:
+ return 16;
+ case DCM_DIGEST_SHA1:
+ return 20;
+ case DCM_DIGEST_SHA224:
+ return 28;
+ case DCM_DIGEST_SHA256:
+ return 32;
+ case DCM_DIGEST_SHA384:
+ return 48;
+ case DCM_DIGEST_SHA512:
+ return 64;
+ case DCM_DIGEST_RIPEMD160:
+ return 20;
+ default:
+ return 0;
+ }
+}
static std::string sKeyTypeUnknown("UNKNOWN");
static std::string sKeyTypeRSA("RSA");
}
int dcm_client_connection::sign_data(
- mbedtls_md_type_t md,
+ dcm_digest_algorithm_e md,
const void* hash_data, size_t hash_size,
std::vector<uint8_t>& digest) noexcept
{
// If hash_size == 0 then hash type must be known
if(hash_size == 0) {
- if(md == MBEDTLS_MD_NONE) {
+ if(md == DCM_DIGEST_NONE) {
LOGE("Digest type is NONE and hash size is 0");
return DCM_ERROR_INVALID_PARAMETER;
}
- const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type(md);
- if(!md_info) {
- LOGE("Can't find hash data for digest type %d", md);
- return DCM_ERROR_INVALID_PARAMETER;
- }
-
- hash_size = mbedtls_md_get_size(md_info);
- } else if(hash_size != 0 && md != MBEDTLS_MD_NONE) {
+ hash_size = get_digest_size(md);
+ } else if(hash_size != 0 && md != DCM_DIGEST_NONE) {
// If hash_size != 0 then hash type can be specified
- const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type(md);
- if(!md_info) {
- LOGE("Can't find hash data for digest type %d", md);
- return DCM_ERROR_INVALID_PARAMETER;
- }
-
- if(hash_size != mbedtls_md_get_size(md_info)) {
- LOGE("Hash size mismatch. Expected %zd but got %zd", hash_size, (size_t)mbedtls_md_get_size(md_info));
+ if(hash_size != get_digest_size(md)) {
+ LOGE("Hash size mismatch. Expected %zd but got %zd", hash_size, get_digest_size(md));
return DCM_ERROR_INVALID_PARAMETER;
}
}
#include <vector>
#include <cstring>
-#include <mbedtls/pk_internal.h>
-#include <mbedtls/md.h>
-
#include "device_certificate_manager.h"
#include "dcm_client.h"
#include "log.h"
#define API_DEVICE_CERTIFICATE_MANAGER_EXPORT __attribute__((visibility("default")))
#endif
-static mbedtls_md_type_t to_mbedtls_md_type(dcm_digest_algorithm_e md)
-{
- switch(md) {
- case DCM_DIGEST_NONE:
- return MBEDTLS_MD_NONE;
- case DCM_DIGEST_MD2:
- return MBEDTLS_MD_MD2;
- case DCM_DIGEST_MD4:
- return MBEDTLS_MD_MD4;
- case DCM_DIGEST_MD5:
- return MBEDTLS_MD_MD5;
- case DCM_DIGEST_SHA1:
- return MBEDTLS_MD_SHA1;
- case DCM_DIGEST_SHA224:
- return MBEDTLS_MD_SHA224;
- case DCM_DIGEST_SHA256:
- return MBEDTLS_MD_SHA256;
- case DCM_DIGEST_SHA384:
- return MBEDTLS_MD_SHA384;
- case DCM_DIGEST_SHA512:
- return MBEDTLS_MD_SHA512;
- case DCM_DIGEST_RIPEMD160:
- return MBEDTLS_MD_RIPEMD160;
- default:
- return MBEDTLS_MD_NONE;
- }
-}
-
struct dcm_key_context_internal {
std::shared_ptr<dcm_client_connection> connection;
};
reinterpret_cast<const dcm_key_context_internal *>(key_ctx);
std::vector<uint8_t> digest;
- int result = context->connection->sign_data(to_mbedtls_md_type(md), message, message_len, digest);
+ int result = context->connection->sign_data(md, message, message_len, digest);
if(result == DCM_ERROR_NONE) {
- if(digest.size() > MBEDTLS_MPI_MAX_SIZE)
- return DCM_ERROR_INVALID_PARAMETER;
-
*signature = (char*)malloc(sizeof(uint8_t) * digest.size());
if(*signature == NULL)
return DCM_ERROR_OUT_OF_MEMORY;