From: Jaroslaw Pelczar <j.pelczar@samsung.com>
Date: Tue, 5 Dec 2017 05:32:09 +0000 (+0100)
Subject: Handle valid case for hash_size==0
X-Git-Tag: accepted/tizen/4.0/unified/20171214.050336~5
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F72%2F163272%2F1;p=platform%2Fcore%2Fsecurity%2Fdevice-certificate-manager.git

Handle valid case for hash_size==0

If hash size is 0 then MD algorithm must not be NONE, in this
case hash_size is extracted from expected length for MD algorithm.
If MD algorithm is not NONE, then hash_size is validated against
the algorithm's expected input length.

Change-Id: Ib95d8138ce6a21c364a5d7f88910fde15e32a026
Signed-off-by: Jaroslaw Pelczar <j.pelczar@samsung.com>
---

diff --git a/dcm-client/dcmclient.cpp b/dcm-client/dcmclient.cpp
index 22f9bb9..8f82f03 100644
--- a/dcm-client/dcmclient.cpp
+++ b/dcm-client/dcmclient.cpp
@@ -297,25 +297,49 @@ int dcm_client_connection_impl::sign_data(mbedtls_md_type_t digestType, const vo
 		return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
 	}
 
-	const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(digestType);
+	/*
+	 * If hash_size == 0 then hash type must be known
+	 */
+	if(hash_size == 0) {
+		if(digestType == MBEDTLS_MD_NONE) {
+#ifdef USE_DLOG_LOGGING
+			LOGD("%s: Digest type is NONE and hash size is 0", __FUNCTION__);
+#endif
+			return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+		}
 
-	if(!md_info) {
+		const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(digestType);
+
+		if(!md_info) {
 #ifdef USE_DLOG_LOGGING
-		LOGD("%s: Can't find hash data for digest type %d", __FUNCTION__, digestType);
+			LOGD("%s: Can't find hash data for digest type %d", __FUNCTION__, digestType);
 #endif
-		return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
-	}
+			return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+		}
 
-	if(hash_size == 0) {
 #ifdef USE_DLOG_LOGGING
 		LOGD("%s: Overriding hash size to %zd bytes", __FUNCTION__, hash_size);
 #endif
 		hash_size = mbedtls_md_get_size(md_info);
-	} else if(hash_size != mbedtls_md_get_size(md_info)) {
+	} else if(hash_size != 0 && digestType != MBEDTLS_MD_NONE) {
+		/*
+		 * If hash_size != 0 then hash type can be specified
+		 */
+		const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(digestType);
+
+		if(!md_info) {
 #ifdef USE_DLOG_LOGGING
-		LOGE("%s: Hash size mismatch. Expected %zd but got %zd", __FUNCTION__, hash_size, (size_t)mbedtls_md_get_size(md_info));
+			LOGD("%s: Can't find hash data for digest type %d", __FUNCTION__, digestType);
 #endif
-		return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+			return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+		}
+
+		if(hash_size != mbedtls_md_get_size(md_info)) {
+#ifdef USE_DLOG_LOGGING
+			LOGE("%s: Hash size mismatch. Expected %zd but got %zd", __FUNCTION__, hash_size, (size_t)mbedtls_md_get_size(md_info));
+#endif
+			return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+		}
 	}
 
 	try {
diff --git a/dcm-daemon/dcmsession.cpp b/dcm-daemon/dcmsession.cpp
index 615e762..9bdd07d 100644
--- a/dcm-daemon/dcmsession.cpp
+++ b/dcm-daemon/dcmsession.cpp
@@ -402,25 +402,33 @@ void dcm_session::handle_sign_request(const SignRequest& message)
 		return;
 	}
 
-	const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(
-			static_cast<mbedtls_md_type_t>(
-				message.digest_type()));
-
-	if(!md_info) {
-		BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Can't find crypto algorithm specified by caller";
+	if(message.data_to_sign().size() == 0) {
+		BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Data to sign is empty and hash type is NONE";
 		signingResponse->set_result(MBEDTLS_ERR_PK_BAD_INPUT_DATA);
-		reply(msg);
 		return;
 	}
 
-	if(message.data_to_sign().size() != mbedtls_md_get_size(md_info)) {
-		BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) <<
-				"Input hash length mismatch. It is " <<
-				message.data_to_sign().size() << " but should be " <<
-				mbedtls_md_get_size(md_info);
-		signingResponse->set_result(MBEDTLS_ERR_PK_BAD_INPUT_DATA);
-		reply(msg);
-		return;
+	mbedtls_md_type_t mdType = static_cast<mbedtls_md_type_t>(message.digest_type());
+
+	if(mdType != MBEDTLS_MD_NONE) {
+		const mbedtls_md_info_t * md_info = mbedtls_md_info_from_type(mdType);
+
+		if(!md_info) {
+			BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) << "Can't find MD algorithm specified by caller";
+			signingResponse->set_result(MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+			reply(msg);
+			return;
+		}
+
+		if(message.data_to_sign().size() != mbedtls_md_get_size(md_info)) {
+			BOOST_LOG_SEV(dcm_logger::get(), log_severity::error) <<
+					"Input hash length mismatch. It is " <<
+					message.data_to_sign().size() << " but should be " <<
+					mbedtls_md_get_size(md_info);
+			signingResponse->set_result(MBEDTLS_ERR_PK_BAD_INPUT_DATA);
+			reply(msg);
+			return;
+		}
 	}
 
 	signingResponse->set_result(