From: Dariusz Michaluk <d.michaluk@samsung.com>
Date: Fri, 19 Jun 2020 10:14:56 +0000 (+0200)
Subject: Remove mbedtls dependency
X-Git-Tag: submit/tizen/20200728.071123~3
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e3b2842b01fe9ef32dc742d009c51604c4ed73ea;p=platform%2Fcore%2Fsecurity%2Fdevice-certificate-manager.git

Remove mbedtls dependency

mbedtls is a part of a big iotivity project,
which is not used on a product sometimes.

Change-Id: Ie73a5967d68103a6ace27c010c6274cb1c22d052
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8c02f4e..74d154d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -21,7 +21,6 @@ PROJECT(device-certificate-manager VERSION 2.0 LANGUAGES C CXX)
 
 INCLUDE(GNUInstallDirs)
 INCLUDE(FindPkgConfig)
-INCLUDE(CheckLibraryExists)
 
 IF(NOT CMAKE_BUILD_TYPE)
 	SET(CMAKE_BUILD_TYPE "RELEASE")
diff --git a/packaging/device-certificate-manager.spec b/packaging/device-certificate-manager.spec
index b5588a8..3ee7f7e 100644
--- a/packaging/device-certificate-manager.spec
+++ b/packaging/device-certificate-manager.spec
@@ -9,7 +9,6 @@ Source1001: device-certificate-manager.manifest
 BuildRequires: cmake
 BuildRequires: pkgconfig(dlog)
 BuildRequires: pkgconfig(libsystemd-daemon)
-BuildRequires: pkgconfig(iotivity)
 BuildRequires: pkgconfig(protobuf-lite)
 BuildRequires: pkgconfig(cynara-client)
 BuildRequires: pkgconfig(cynara-creds-socket)
diff --git a/src/dcm-client/CMakeLists.txt b/src/dcm-client/CMakeLists.txt
index 7ac2534..b15d8b8 100644
--- a/src/dcm-client/CMakeLists.txt
+++ b/src/dcm-client/CMakeLists.txt
@@ -19,8 +19,6 @@
 FIND_PACKAGE(Threads REQUIRED)
 FIND_PACKAGE(Protobuf REQUIRED)
 
-FIND_LIBRARY(MBEDTLS_LIB mbedtls)
-
 FIND_PACKAGE(Boost REQUIRED
 	COMPONENTS
 	system)
@@ -46,7 +44,6 @@ ADD_LIBRARY(${TARGET_CLIENT}
 TARGET_LINK_LIBRARIES(${TARGET_CLIENT}
 	${Boost_SYSTEM_LIBRARY}
 	${PROTOBUF_LITE_LIBRARIES}
-	${MBEDTLS_LIB}
 	${CLIENT_DEPS_LIBRARIES}
 	${CMAKE_THREAD_LIBS_INIT})
 
diff --git a/src/dcm-client/dcm_client.cpp b/src/dcm-client/dcm_client.cpp
index adaa7bb..9bac6b4 100644
--- a/src/dcm-client/dcm_client.cpp
+++ b/src/dcm-client/dcm_client.cpp
@@ -21,7 +21,6 @@
 
 #include <google/protobuf/io/zero_copy_stream_impl.h>
 #include <google/protobuf/io/coded_stream.h>
-#include <mbedtls/ssl.h>
 
 #include "dcm_client.h"
 #include "dcm_support.pb.h"
@@ -29,16 +28,31 @@
 #include "protobuf_asio.h"
 #include "log.h"
 
-static_assert(MD_NONE == (unsigned int)MBEDTLS_MD_NONE, "MBEDTLS_MD_NONE mismatch");
-static_assert(MD_MD2 == (unsigned int)MBEDTLS_MD_MD2, "MBEDTLS_MD_MD2 mismatch");
-static_assert(MD_MD4 == (unsigned int)MBEDTLS_MD_MD4, "MBEDTLS_MD_MD4 mismatch");
-static_assert(MD_MD5 == (unsigned int)MBEDTLS_MD_MD5, "MBEDTLS_MD_MD5 mismatch");
-static_assert(MD_SHA1 == (unsigned int)MBEDTLS_MD_SHA1, "MBEDTLS_MD_SHA1 mismatch");
-static_assert(MD_SHA224 == (unsigned int)MBEDTLS_MD_SHA224, "MBEDTLS_MD_SHA224 mismatch");
-static_assert(MD_SHA256 == (unsigned int)MBEDTLS_MD_SHA256, "MBEDTLS_MD_SHA256 mismatch");
-static_assert(MD_SHA384 == (unsigned int)MBEDTLS_MD_SHA384, "MBEDTLS_MD_SHA384 mismatch");
-static_assert(MD_SHA512 == (unsigned int)MBEDTLS_MD_SHA512, "MBEDTLS_MD_SHA512 mismatch");
-static_assert(MD_RIPEMD160 == (unsigned int)MBEDTLS_MD_RIPEMD160, "MBEDTLS_MD_RIPEMD160 mismatch");
+size_t get_digest_size(dcm_digest_algorithm_e md)
+{
+	switch(md) {
+		case DCM_DIGEST_NONE:
+			return 0;
+		case DCM_DIGEST_MD2:
+		case DCM_DIGEST_MD4:
+		case DCM_DIGEST_MD5:
+			return 16;
+		case DCM_DIGEST_SHA1:
+			return 20;
+		case DCM_DIGEST_SHA224:
+			return 28;
+		case DCM_DIGEST_SHA256:
+			return 32;
+		case DCM_DIGEST_SHA384:
+			return 48;
+		case DCM_DIGEST_SHA512:
+			return 64;
+		case DCM_DIGEST_RIPEMD160:
+			return 20;
+		default:
+			return 0;
+	}
+}
 
 static std::string sKeyTypeUnknown("UNKNOWN");
 static std::string sKeyTypeRSA("RSA");
@@ -187,7 +201,7 @@ unsigned int dcm_client_connection::key_length() const noexcept
 }
 
 int dcm_client_connection::sign_data(
-	mbedtls_md_type_t md,
+	dcm_digest_algorithm_e md,
 	const void* hash_data, size_t hash_size,
 	std::vector<uint8_t>& digest) noexcept
 {
@@ -200,28 +214,16 @@ int dcm_client_connection::sign_data(
 
 	// If hash_size == 0 then hash type must be known
 	if(hash_size == 0) {
-		if(md == MBEDTLS_MD_NONE) {
+		if(md == DCM_DIGEST_NONE) {
 			LOGE("Digest type is NONE and hash size is 0");
 			return DCM_ERROR_INVALID_PARAMETER;
 		}
 
-		const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type(md);
-		if(!md_info) {
-			LOGE("Can't find hash data for digest type %d", md);
-			return DCM_ERROR_INVALID_PARAMETER;
-		}
-
-		hash_size = mbedtls_md_get_size(md_info);
-	} else if(hash_size != 0 && md != MBEDTLS_MD_NONE) {
+		hash_size = get_digest_size(md);
+	} else if(hash_size != 0 && md != DCM_DIGEST_NONE) {
 		// If hash_size != 0 then hash type can be specified
-		const mbedtls_md_info_t* md_info = mbedtls_md_info_from_type(md);
-		if(!md_info) {
-			LOGE("Can't find hash data for digest type %d", md);
-			return DCM_ERROR_INVALID_PARAMETER;
-		}
-
-		if(hash_size != mbedtls_md_get_size(md_info)) {
-			LOGE("Hash size mismatch. Expected %zd but got %zd", hash_size, (size_t)mbedtls_md_get_size(md_info));
+		if(hash_size != get_digest_size(md)) {
+			LOGE("Hash size mismatch. Expected %zd but got %zd", hash_size, get_digest_size(md));
 			return DCM_ERROR_INVALID_PARAMETER;
 		}
 	}
diff --git a/src/dcm-client/dcm_client.h b/src/dcm-client/dcm_client.h
index 2748e46..1058485 100644
--- a/src/dcm-client/dcm_client.h
+++ b/src/dcm-client/dcm_client.h
@@ -26,9 +26,9 @@
 #include <vector>
 
 #include <boost/asio.hpp>
-#include <mbedtls/md.h>
 
 #include "dcm_support.pb.h"
+#include "device_certificate_manager.h"
 
 class dcm_client_connection
 {
@@ -52,7 +52,7 @@ public:
 	unsigned int key_length() const noexcept;
 
 	int sign_data(
-		mbedtls_md_type_t md,
+		dcm_digest_algorithm_e md,
 		const void* hash_data, size_t hash_size,
 		std::vector<uint8_t>& digest) noexcept;
 
diff --git a/src/dcm-client/device_certificate_manager.cpp b/src/dcm-client/device_certificate_manager.cpp
index d1722d0..d943bd5 100644
--- a/src/dcm-client/device_certificate_manager.cpp
+++ b/src/dcm-client/device_certificate_manager.cpp
@@ -19,9 +19,6 @@
 #include <vector>
 #include <cstring>
 
-#include <mbedtls/pk_internal.h>
-#include <mbedtls/md.h>
-
 #include "device_certificate_manager.h"
 #include "dcm_client.h"
 #include "log.h"
@@ -30,34 +27,6 @@
 #define API_DEVICE_CERTIFICATE_MANAGER_EXPORT __attribute__((visibility("default")))
 #endif
 
-static mbedtls_md_type_t to_mbedtls_md_type(dcm_digest_algorithm_e md)
-{
-	switch(md) {
-		case DCM_DIGEST_NONE:
-			return MBEDTLS_MD_NONE;
-		case DCM_DIGEST_MD2:
-			return MBEDTLS_MD_MD2;
-		case DCM_DIGEST_MD4:
-			return MBEDTLS_MD_MD4;
-		case DCM_DIGEST_MD5:
-			return MBEDTLS_MD_MD5;
-		case DCM_DIGEST_SHA1:
-			return MBEDTLS_MD_SHA1;
-		case DCM_DIGEST_SHA224:
-			return MBEDTLS_MD_SHA224;
-		case DCM_DIGEST_SHA256:
-			return MBEDTLS_MD_SHA256;
-		case DCM_DIGEST_SHA384:
-			return MBEDTLS_MD_SHA384;
-		case DCM_DIGEST_SHA512:
-			return MBEDTLS_MD_SHA512;
-		case DCM_DIGEST_RIPEMD160:
-			return MBEDTLS_MD_RIPEMD160;
-		default:
-			return MBEDTLS_MD_NONE;
-	}
-}
-
 struct dcm_key_context_internal {
 	std::shared_ptr<dcm_client_connection> connection;
 };
@@ -171,11 +140,8 @@ int dcm_create_signature(const void *key_ctx, dcm_digest_algorithm_e md,
 		reinterpret_cast<const dcm_key_context_internal *>(key_ctx);
 
 	std::vector<uint8_t> digest;
-	int result = context->connection->sign_data(to_mbedtls_md_type(md), message, message_len, digest);
+	int result = context->connection->sign_data(md, message, message_len, digest);
 	if(result == DCM_ERROR_NONE) {
-		if(digest.size() > MBEDTLS_MPI_MAX_SIZE)
-			return DCM_ERROR_INVALID_PARAMETER;
-
 		*signature = (char*)malloc(sizeof(uint8_t) * digest.size());
 		if(*signature == NULL)
 			return DCM_ERROR_OUT_OF_MEMORY;