#include <cassert>
+static inline std::string mbedtls_error_to_string(int error) {
+ char buffer[256];
+ mbedtls_strerror(error, buffer, sizeof(buffer));
+ return std::string(buffer);
+}
+
int main()
{
const char *pers = "hw_api_test";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
+ int error;
unsigned char result_sig[MBEDTLS_MPI_MAX_SIZE];
size_t result_sig_len;
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
- if( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
+ if( (error = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
- strlen( pers ) ) )
+ strlen( pers ) )) != 0 )
{
- std::cerr << "Can't seed RNG" << std::endl;
+ std::cerr << "Can't seed RNG: " << mbedtls_error_to_string(error) << std::endl;
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
return -1;
std::cout << "Create new DCM key context" << std::endl;
- void * keyContext = DCM_HWGetKeyContext("a", "b", "");
+ void * keyContext = DCM_HWGetKeyContext("a", "b", "ECDSA");
if(!keyContext) {
std::cerr << "Can't create DCM key context" << std::endl;
} else {
std::cout << "Certificate received" << std::endl;
- int error = mbedtls_x509_crt_parse(&chain, certChain, certChainLen);
+ error = mbedtls_x509_crt_parse(&chain, certChain, certChainLen);
if(error != 0) {
- std::cerr << "Can't parse certificate chain !!!" << std::endl;
+ std::cerr << "Can't parse certificate chain: " << mbedtls_error_to_string(error) << std::endl;
DCM_HWFreeKeyContext(keyContext);
mbedtls_x509_crt_free(&chain);
mbedtls_ctr_drbg_free( &ctr_drbg );
11,11
};
- if(mbedtls_pk_sign(&pkey,
+ if((error = mbedtls_pk_sign(&pkey,
MBEDTLS_MD_SHA256,
to_sign,
sizeof(to_sign),
result_sig,
&result_sig_len,
- mbedtls_ctr_drbg_random, &ctr_drbg) != 0)
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0)
{
- std::cerr << "Can't sign data with key" << std::endl;
+ std::cerr << "Can't sign data with key: " << mbedtls_error_to_string(error) << std::endl;
mbedtls_pk_free(&pkey);
DCM_HWFreeKeyContext(keyContext);
mbedtls_x509_crt_free(&chain);
std::cout << "Verifying signature ..." << std::endl;
- if(mbedtls_pk_verify(&chain.pk,
+ if((error = mbedtls_pk_verify_ext(chain.sig_pk,
+ chain.sig_opts,
+ &chain.pk,
MBEDTLS_MD_SHA256,
to_sign,
sizeof(to_sign),
result_sig,
- result_sig_len) != 0)
+ result_sig_len)) != 0)
{
- std::cout << "Signature verification failure" << std::endl;
+ std::cout << "Signature verification failure : " << mbedtls_error_to_string(error) << std::endl;
} else {
std::cout << "Signature verification succeeded" << std::endl;
}