5 #include <net_connection.h>
11 #include "AsmHelper.h"
12 #include <openssl/sha.h>
13 #include <openssl/evp.h>
14 #include <openssl/rsa.h>
15 #include <openssl/pem.h>
16 #include <openssl/bio.h>
17 #include <openssl/err.h>
18 #include <openssl/rand.h>
19 #include <openssl/bio.h>
20 #include <openssl/aes.h>
21 #include <bluetooth.h>
26 #define ASM_CONFIG_FILE "/opt/usr/data/.asm.config"
27 #define FIDO_CLIENT_CALLER_ID "org.tizen.fido"
28 #define LOG_FILE_PATH "/tmp/"
34 typedef struct __der_cert {
35 unsigned char* raw_cert;
40 AsmCrypto::logDataToFile(const char *file_name_prefix, const char *data, int data_len)
43 char *realpath_res = NULL;
44 snprintf(fn, 127, "%s%s", LOG_FILE_PATH, file_name_prefix);
46 realpath_res = realpath(fn, NULL);
47 if (realpath_res == NULL) {
48 _ERR("realpath error");
49 SAFE_DELETE(realpath_res);
52 FILE *fp = fopen(fn, "w+");
54 SAFE_DELETE(realpath_res);
58 int num = fwrite(data, sizeof(char), data_len, fp);
60 _INFO("[%d] bytes logged in [%s]", num, fn);
63 SAFE_DELETE(realpath_res);
67 AsmCrypto::logRawDataToFile(const char *file_name_prefix, const unsigned char *data, int data_len)
70 char *realpath_res = NULL;
71 snprintf(fn, 127, "%s%s", LOG_FILE_PATH, file_name_prefix);
73 realpath_res = realpath(fn, NULL);
74 if (realpath_res == NULL) {
75 _ERR("realpath error");
76 SAFE_DELETE(realpath_res);
80 FILE *fp = fopen(fn, "w+");
82 SAFE_DELETE(realpath_res);
86 int num = fwrite(data, sizeof(unsigned char), data_len, fp);
88 _INFO("[%d] bytes logged in [%s]", num, fn);
91 SAFE_DELETE(realpath_res);
95 __der_cert_new(unsigned char *raw_cert, size_t cert_size, _der_cert_s **ppcert)
97 _INFO("__der_cert_new start");
101 if (raw_cert == NULL || cert_size <= 0 || ppcert == NULL)
104 pcert = static_cast<_der_cert_s*>(malloc(sizeof(_der_cert_s)));
108 pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
109 if (pcert->raw_cert == NULL) {
113 memcpy(pcert->raw_cert, raw_cert, cert_size);
115 pcert->cert_size = cert_size;
119 _INFO("__der_cert_new end");
124 __load_cert_from_x509(X509 *xCert, _der_cert_s **cert)
126 _INFO("__load_cert_from_x509 start");
131 BIO *bcert = BIO_new(BIO_s_mem());
133 i2d_X509_bio(bcert, xCert);
135 std::vector<unsigned char> output(8196);
136 int size = BIO_read(bcert, output.data(), output.size());
143 return __der_cert_new(output.data(), output.size(), cert);
147 AsmCrypto::getDeviceId(void)
149 /*Find IoTCon logic to get device id*/
150 return getAsmToken();
155 AsmCrypto::getAsmToken(void)
159 static char *asmTok = NULL;
166 bt_adapter_state_e btState;
167 bt_adapter_get_state(&btState);
168 if (btState == BT_ADAPTER_ENABLED) {
169 bt_adapter_get_address(&mac);
171 char *macClone = _SAFE_DUP(mac);
172 _INFO("%s", macClone);
173 std::string macStr(macClone);
174 _INFO("%s", macStr.c_str());
175 asmTok = strdup(macClone);
176 SAFE_DELETE(macClone);
183 _ERR("Failed to get any NW ID, using rand");
185 srand((unsigned) time(&t));
186 mac = (char*)calloc(128, sizeof(char));
187 snprintf(mac, 128 - 1, "%d", (AsmCrypto::genRandomInt()%1000 + 1));
189 char *macClone = _SAFE_DUP(mac);
190 _INFO("%s", macClone);
191 std::string macStr(macClone);
192 _INFO("%s", macStr.c_str());
193 asmTok = strdup(macClone);
194 SAFE_DELETE(macClone);
200 char *realpath_res = NULL;
202 realpath_res = realpath(ASM_CONFIG_FILE, NULL);
203 if (realpath_res == NULL) {
204 _ERR("realpath error");
205 SAFE_DELETE(realpath_res);
206 return std::string();
209 FILE *file = fopen(ASM_CONFIG_FILE, "r");
212 _INFO("AsmCrypto::getAsmToken:: asm_config file is NULL");
214 connection_h conn = NULL;
215 connection_create(&conn);
220 int ret = connection_get_mac_address(conn, CONNECTION_TYPE_ETHERNET, &mac);
223 if (ret != CONNECTION_ERROR_NONE)
224 ret = connection_get_mac_address(conn, CONNECTION_TYPE_WIFI, &mac);
227 if (ret != CONNECTION_ERROR_NONE)
228 ret = connection_get_mac_address(conn, CONNECTION_TYPE_BT, &mac);
230 if (ret != CONNECTION_ERROR_NONE) {
231 _ERR("Failed to get any NW ID, using rand");
233 srand((unsigned) time(&t));
234 mac = (char*)calloc(128, sizeof(char));
235 snprintf(mac, 128 - 1, "%d", (genRandomInt()%1000 + 1));
237 file = fopen(ASM_CONFIG_FILE, "w+");
239 fwrite(mac, sizeof(char), strlen(mac), file);
243 std::string tok(mac, strlen(mac));
245 asmTok = strdup(mac);
249 SAFE_DELETE(realpath_res);
252 fseek(file, 0, SEEK_END);
253 long size = ftell(file);
259 SAFE_DELETE(realpath_res);
260 return std::string();
261 } else if (size > 1000) {
262 _ERR("Too big config file, size=[%d], allowed=[1000]", (int)size);
267 SAFE_DELETE(realpath_res);
268 return std::string();
271 fseek(file, 0, SEEK_SET);
273 char *config = (char*)(calloc(1, size + 1));
274 int num_bytes = fread(config, size, 1, file);
275 if (num_bytes <= 0) {
281 SAFE_DELETE(realpath_res);
282 return std::string();
289 std::string tok(config, strlen(config));
291 asmTok = strdup(config);
294 SAFE_DELETE(realpath_res);
300 AsmCrypto::getKHAccessToken(std::string appId, bool isBound)
303 std::string khA(appId);
305 if (isBound == true) {
306 khA += getAsmToken();
307 /*TODO: Replace with TLM/GUMD APIs to get the logged-in user id*/
309 khA += FIDO_CLIENT_CALLER_ID;
312 _INFO("AsmCrypto::getKHAccessToken:: KHA = [%s]", khA.c_str());
319 AsmCrypto::genRandom(unsigned char *random, int num)
322 ret = RAND_bytes(random, num);
330 AsmCrypto::genHash256(const void* input, unsigned long length, unsigned char* md)
333 if (!SHA256_Init(&context))
336 if (!SHA256_Update(&context, (unsigned char*)input, length))
339 if (!SHA256_Final(md, &context))
346 AsmCrypto::genRSAKeyPair(char *pubkey, char *prikey, const char *passwd, int keysize)
352 AsmCrypto::genRSASignValue(const char *privkey, const char * passwd, const unsigned char * msg, unsigned int len, unsigned char *sign, unsigned int *signlen)
358 AsmCrypto::genB64Encode(const unsigned char *input, int inlen, unsigned char * output, int *outlen)
362 BUF_MEM * bptr = NULL;
363 b64 = BIO_new(BIO_f_base64());
365 _ERR("BIO_new failed \n");
368 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
370 bmem = BIO_new(BIO_s_mem());
371 b64 = BIO_push(b64, bmem);
372 BIO_write(b64, input, inlen);
374 BIO_get_mem_ptr(b64, &bptr);
376 memcpy(output, bptr->data, bptr->length);
377 output[bptr->length] = 0;
378 *outlen = bptr->length;
382 for (int i =0; i < *outlen ; i++) {
383 if (output[i] == '+') {
385 } else if (output[i] == '/') {
387 } else if (output[i] == '=') {
394 _INFO("AsmCrypto::genB64Encode:: outlen = [%d]", *outlen);
399 AsmCrypto::genB64Decodes(const unsigned char *input, int inlen, unsigned char * output, int *outlen)
401 _INFO("GenBase64Decode start");
404 _INFO("input len = %d", inlen);
406 int npadChars = (inlen %4) == 0 ? 0 : (4 - (inlen%4));
407 unsigned char *base64 = (unsigned char *) malloc(inlen + npadChars);
410 _ERR("malloc failed \n");
413 memcpy(base64, input, inlen);
414 for (int i =0; i < inlen ; i++)
416 if (base64[i] == '-') {
418 } else if (base64[i] == '_') {
424 memset(base64 + inlen, '=', npadChars);
426 //printf("in 2 is :%s. %d\n",base64, inlen);
430 b64 = BIO_new(BIO_f_base64());
434 _ERR("BIO_new failed");
437 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
438 bmem = BIO_new_mem_buf(base64, inlen + npadChars);
441 _ERR("BIO_new_mem_buf failed");
446 bmem = BIO_push(b64, bmem);
447 *outlen = BIO_read(bmem, output, inlen + npadChars);
452 _ERR("BIO_read failed. size or data error");
462 _INFO("outlen len = %d", *outlen);
468 AsmCrypto::aesEncrypt(const unsigned char *plaintext, int plaintext_len, const unsigned char *key,
469 const unsigned char *iv, unsigned char *ciphertext)
478 if (!(ctx = EVP_CIPHER_CTX_new()))
480 _ERR("EVP_CIPHER_CTX_new() failed");
484 if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv))
486 _ERR("EVP_EncryptInit_ex() failed");
490 if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
492 _ERR("EVP_EncryptUpdate() failed");
496 ciphertext_len = len;
498 if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
500 _ERR("EVP_EncryptFinal_ex() failed");
504 ciphertext_len += len;
506 EVP_CIPHER_CTX_free(ctx);
508 return ciphertext_len;
512 AsmCrypto::aesDecrypt(const unsigned char *ciphertext, int ciphertext_len, const unsigned char *key,
513 const unsigned char *iv, unsigned char *plaintext)
523 if (!(ctx = EVP_CIPHER_CTX_new()))
525 _ERR("EVP_CIPHER_CTX_new() failed");
529 if (1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv))
531 _ERR("EVP_DecryptInit_ex() failed");
535 if (1 != EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
537 _ERR("EVP_DecryptUpdate() failed");
543 if (1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len))
545 _ERR("EVP_DecryptFinal_ex() failed");
549 plaintext_len += len;
551 EVP_CIPHER_CTX_free(ctx);
554 return plaintext_len;
558 AsmCrypto::createRSAKeyPair(int ksz, char **pubkey, int *pubkey_len, char **prikey, int *prikey_len)
560 _INFO("Modified CreateRSAKeyPair start");
562 EVP_PKEY_CTX *pctx = NULL;
563 EVP_PKEY *pkey = NULL;
566 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
570 _INFO("After EVP_PKEY_CTX_new_id");
572 if (EVP_PKEY_keygen_init(pctx) <= 0) {
574 EVP_PKEY_CTX_free(pctx);
576 _ERR(" Error in EVP_PKEY_keygen_init");
578 _INFO("After EVP_PKEY_keygen_init");
579 EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, ksz);
581 _INFO("After EVP_PKEY_CTX_set_rsa_keygen_bits");
583 if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
585 EVP_PKEY_CTX_free(pctx);
587 _ERR(" Error in EVP_PKEY_keygen");
589 _INFO("After EVP_PKEY_keygen");
591 rsa = EVP_PKEY_get1_RSA(pkey);
592 _INFO("After EVP_PKEY_get1_RSA");
596 BIO *bio_priv = BIO_new(BIO_s_mem());
597 PEM_write_bio_RSAPrivateKey(bio_priv, rsa, NULL, NULL, 0, NULL, NULL);
598 int keylen_priv = BIO_pending(bio_priv);
599 char *pem_key_priv = (char *)calloc(keylen_priv + 1, 1); /* Null-terminate */
600 BIO_read(bio_priv, pem_key_priv, keylen_priv);
601 _INFO("After Private key");
604 BIO *bio_pub = BIO_new(BIO_s_mem());
605 PEM_write_bio_RSAPublicKey(bio_pub, rsa);
607 int keylen_pub = BIO_pending(bio_pub);
608 char *pem_key_pub = (char *)calloc(keylen_pub + 1, 1); /* Null-terminate */
609 BIO_read(bio_pub, pem_key_pub, keylen_pub);
610 _INFO("After Public key");
612 *pubkey = pem_key_pub;
613 *prikey = pem_key_priv;
615 *pubkey_len = keylen_pub;
616 *prikey_len = keylen_priv;
618 _INFO("CreateRSAKeyPair end");
624 AsmCrypto::readDer(const char *der_file_name, int *len)
626 _INFO("ReadDERCertFile start");
628 FILE *fp = fopen(der_file_name, "r");
633 pcert = d2i_X509_fp(fp, NULL);
639 _der_cert_s *cert = (_der_cert_s*)(calloc(1, sizeof(_der_cert_s)));
641 int ret = __load_cert_from_x509(pcert, &cert);
647 *len = cert->cert_size;
649 _INFO("ReadDERCertFile end");
651 unsigned char *rawCert = cert->raw_cert;
660 AsmCrypto::ToBase64Url(const unsigned char *input, int inputLen)
666 int inputSz = inputLen; //input.size();
668 _INFO("AsmCrypto::ToBase64Url::input size = [%d]", inputSz);
670 unsigned char* output = NULL;
671 //MALLOC(output, unsigned char, inputSz*1.5);
673 output = (unsigned char*)calloc(1, inputSz*1.5);
677 if (0 != AsmCrypto::genB64Encode(input,
682 _ERR("Failed to encode base64.");
684 return (unsigned char *)strdup("");
687 _INFO("AsmCrypto::ToBase64Url::output size = [%d]", outputSz);
688 _INFO("AsmCrypto::ToBase64Url::output = [%s]", output);
695 AsmCrypto::FromBase64Url(const unsigned char *input, int inputLen)
699 int inputSz = inputLen;
700 unsigned char* output = NULL;
702 output = (unsigned char*)calloc(1, inputSz*1.5);
705 if (0 != AsmCrypto::genB64Decodes(input,
710 _ERR("Failed to decode base64.");
712 return (unsigned char*)"";
719 #define RSA_MAX_MES_LENGTH 128
720 #define RSA_MAX_SIGN_SIZE 512
721 #define RSA_MAX_BITS 4096
722 #define RSA_MAX_DGST_SIZE 64
724 void hex2bin(const char *str, int str_len, void *mem)
729 char *M = (char *) mem;
732 for (i = 0; i < len; i+=2)
736 M[i/2] = strtoul(byte, NULL, 16);
741 AsmCrypto::digestSignRSAPSSMGF1(const char *message, int m_len,
742 const char *privKeyFile, const char *pwd,
743 unsigned char **signature, int *sig_len)
745 OpenSSL_add_all_algorithms();
748 EVP_PKEY *privKey = NULL;
750 fp = fopen(privKeyFile, "r");
753 _ERR("Failed to open private key file");
757 privKey = PEM_read_PrivateKey(fp, &privKey, NULL, (void *)pwd);
761 if (privKey == NULL) {
762 _ERR("PEM_read_PrivateKey failed");
766 EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
768 EVP_PKEY_CTX *pctx = NULL;
770 // Create the Message Digest Context
772 if (EVP_SUCCESS != EVP_DigestSignInit(mdctx, &pctx, EVP_sha256(), NULL, privKey)) {
773 _ERR("EVP_DigestSignInit failed");
777 /* Set padding algorithm */
778 if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING)) {
779 _ERR("EVP_PKEY_CTX_set_rsa_padding failed");
782 if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 32)) {
783 _ERR("EVP_PKEY_CTX_set_rsa_pss_saltlen failed");
786 _INFO("After EVP_PKEY_CTX_set_rsa_pss_saltlen with 32");
789 if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, EVP_sha256())) {
790 _ERR("EVP_PKEY_CTX_set_rsa_padding failed");
794 /* Call update with the message */
795 if (EVP_SUCCESS != EVP_DigestSignUpdate(mdctx, message, m_len)) {
796 _ERR("EVP_DigestSignUpdate failed");
800 /* Finalize the DigestSign operation */
801 /* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the
802 * signature. Length is returned in slen */
804 if (EVP_SUCCESS != EVP_DigestSignFinal(mdctx, NULL, &slen)) {
805 _ERR("EVP_DigestSignFinal failed");
809 /* Allocate memory for the signature based on size in slen */
810 unsigned char *sig = (unsigned char *)calloc(1, slen);
813 /* Obtain the signature */
814 if (EVP_SUCCESS != EVP_DigestSignFinal(mdctx, sig, &slen)) {
815 _ERR("EVP_DigestSignFinal failed");
825 typedef struct _certHandle
827 char *b64_hash_pubKey;
832 __b64_encode(unsigned char *input, int ip_len)
834 RET_IF_FAIL(input != NULL, NULL);
835 RET_IF_FAIL(ip_len > 0, NULL);
837 unsigned char *output = (unsigned char*)calloc(ip_len * 1.5, sizeof(char));
841 BUF_MEM *bptr = NULL;
842 b64 = BIO_new(BIO_f_base64());
844 _ERR("BIO_new failed \n");
849 BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
851 bmem = BIO_new(BIO_s_mem());
852 b64 = BIO_push(b64, bmem);
853 BIO_write(b64, input, ip_len);
855 BIO_get_mem_ptr(b64, &bptr);
857 memcpy(output, bptr->data, bptr->length);
858 output[bptr->length] = 0;
863 return (char*)output;
867 __b64_decode(const char *encoded_data, int encoded_size, unsigned char **decoded_data, int *decoded_size)
869 RET_IF_FAIL(encoded_data != NULL, -1);
871 //_INFO("%s", encoded_data);
874 *decoded_size = encoded_size;
876 (*decoded_data) = (unsigned char *) calloc((*decoded_size) * 1.5, sizeof(char));
878 BIO *bmem = BIO_new_mem_buf((void *) encoded_data, (*decoded_size));
880 BIO *bioCmd = BIO_new(BIO_f_base64());
882 BIO_set_flags(bioCmd, BIO_FLAGS_BASE64_NO_NL);
884 bmem = BIO_push(bioCmd, bmem);
886 len = BIO_read(bmem, (void *) (*decoded_data), (*decoded_size));
899 __get_pub_key_from_cert(const char *cert_b64)
901 RET_IF_FAIL(cert_b64 != NULL, NULL);
903 unsigned char pubkey_der_digest[SHA256_DIGEST_LENGTH] = {0, };
905 unsigned char* cert_raw = NULL;//calloc(strlen(cert_b64) * 1.5, sizeof(char));
907 int cert_raw_len = 0;
909 int ret = __b64_decode(cert_b64, strlen(cert_b64), &cert_raw, &cert_raw_len);
911 _ERR("__b64_decode failed");
917 X509 *x509 = d2i_X509(NULL, (const unsigned char **)(&cert_raw), cert_raw_len);
919 _ERR("d2i_X509 failed");
924 int der_len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x509), NULL);
926 _ERR("i2d_X509_PUBKEY failed");
931 unsigned char* der_pubkey = NULL;
933 unsigned char* der_pubkey_temp = NULL;
937 der_pubkey_temp = der_pubkey = (unsigned char*)OPENSSL_malloc(der_len);
938 if (der_pubkey_temp == NULL || der_pubkey == NULL) {
939 _ERR("OPENSSL_malloc failed for der_pubkey");
944 i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x509), (unsigned char **)&der_pubkey_temp);
946 ret = EVP_Digest(der_pubkey, der_len, pubkey_der_digest, (unsigned int*)&hashed_len, EVP_sha256(), NULL);
949 _ERR("EVP_Digest failed");
950 OPENSSL_free(der_pubkey);
955 char *pub_key = __b64_encode(pubkey_der_digest, (int)hashed_len);
957 OPENSSL_free(der_pubkey);
963 AsmCrypto::onPkgList(pkgmgrinfo_pkginfo_h handle, void *user_data)
965 certHandle *certInfo = (certHandle*)user_data;
966 RET_IF_FAIL(certInfo != NULL, 0);
968 char *b64_hash_pubkey = NULL;
970 b64_hash_pubkey = certInfo->b64_hash_pubKey;
972 int ret = pkgmgrinfo_pkginfo_get_pkgid(handle, &pkgid);
973 if (ret != PMINFO_R_OK) {
974 _ERR("pkgmgrinfo_pkginfo_get_pkgid failed [%d]", ret);
975 pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
979 _INFO("pkgmgrinfo_pkginfo_get_pkgid success");
981 pkgmgrinfo_certinfo_h cert_handle = NULL;
982 const char *author_cert = NULL;
983 ret = pkgmgrinfo_pkginfo_create_certinfo(&cert_handle);
984 if (ret != PMINFO_R_OK) {
986 pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
990 _INFO("pkgmgrinfo_pkginfo_create_certinfo success");
992 /*TODO implement getUid function*/
993 ret = pkgmgrinfo_pkginfo_load_certinfo(pkgid, cert_handle, uid);
996 if (ret != PMINFO_R_OK) {
998 pkgmgrinfo_pkginfo_destroy_certinfo(cert_handle);
999 pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
1003 _INFO("pkgmgrinfo_pkginfo_load_certinfo success");
1005 ret = pkgmgrinfo_pkginfo_get_cert_value(cert_handle, PMINFO_AUTHOR_SIGNER_CERT, &author_cert);
1006 if (ret != PMINFO_R_OK) {
1007 pkgmgrinfo_pkginfo_destroy_certinfo(cert_handle);
1009 pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
1013 /*_INFO("Author Root Cert=%s", author_cert);*/
1015 _INFO("pkgmgrinfo_pkginfo_get_cert_value success");
1017 char *author_cert_hash = NULL;
1018 char *tz_facet_id = NULL;
1019 int tz_facet_id_max_len = -1;
1022 author_cert_hash = __get_pub_key_from_cert(author_cert);
1024 if (author_cert_hash == NULL) {
1025 pkgmgrinfo_pkginfo_destroy_certinfo(cert_handle);
1029 tz_facet_id_max_len = strlen(author_cert_hash) + 128;
1030 tz_facet_id = (char*)(calloc(1, tz_facet_id_max_len));
1031 snprintf(tz_facet_id, tz_facet_id_max_len - 1, "%s:%s", "tizen:pkg-key-hash",
1034 if (strcmp(b64_hash_pubkey, tz_facet_id) == 0) {
1035 _INFO("[%s]", pkgid);
1036 certInfo->pkgId = _SAFE_DUP(pkgid);
1039 pkgmgrinfo_pkginfo_destroy_certinfo(cert_handle);
1040 /*pkgmgrinfo_pkginfo_destroy_pkginfo(handle);*/
1042 SAFE_DELETE(tz_facet_id);
1043 SAFE_DELETE(author_cert_hash);
1046 pkgmgrinfo_pkginfo_destroy_certinfo(cert_handle);
1047 SAFE_DELETE(tz_facet_id);
1048 SAFE_DELETE(author_cert_hash);
1051 /*_INFO("Before return");
1052 pkgmgrinfo_pkginfo_destroy_pkginfo(handle);
1057 AsmCrypto::getAppId(const char *appIdPubKey)
1061 certHandle *certInfo = (certHandle*)calloc(1, sizeof(certHandle));
1062 certInfo->b64_hash_pubKey = _SAFE_DUP(appIdPubKey);
1064 /*TODO implement getUid function*/
1066 ret = pkgmgrinfo_pkginfo_get_list(AsmCrypto::onPkgList, (void *)certInfo);
1067 if (ret != PMINFO_R_OK) {
1068 SAFE_DELETE(certInfo->b64_hash_pubKey);
1069 SAFE_DELETE(certInfo);
1074 if (certInfo->pkgId != NULL) {
1075 _INFO("AsmCrypto::getAppId:: pkgId = [%s]", certInfo->pkgId);
1077 _INFO("AsmCrypto::getAppId:: pkgId NULL");
1078 /*TODO For requests coming from remote device, we can not use pkgmgr to
1079 * find out App-Id, instead Client Device's ASM must send it explicitly
1081 char *appIdRemote = (char*)calloc(128, sizeof(char));
1082 snprintf(appIdRemote, 127, "%s", "Remote Device");
1085 return certInfo->pkgId;
1089 AsmCrypto::fidoSignWithKey(const unsigned char *msg, int msg_len,
1090 const unsigned char *private_key,
1091 int priv_key_len, int *sig_len)
1093 _INFO("fidoSignWithKey start");
1094 OpenSSL_add_all_algorithms();
1096 _INFO("FIDO MGF1 PSS padding:");
1102 bio = BIO_new_mem_buf((unsigned char *)private_key, priv_key_len);
1104 _ERR("BIO_new_mem_buf failed");
1109 rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
1111 _ERR("BIO_new_mem_buf failed");
1117 EVP_PKEY *pkey = EVP_PKEY_new();
1120 int ret = EVP_PKEY_set1_RSA(pkey, rsa);
1121 _INFO("EVP_PKEY_set1_RSA = [%d]", ret);
1123 _ERR("EVP_PKEY_set1_RSA failed");
1129 EVP_MD_CTX *mdctx = NULL;
1131 mdctx = EVP_MD_CTX_create();
1132 if (mdctx == NULL) {
1133 _ERR("EVP_MD_CTX_create failed");
1138 EVP_PKEY_CTX *pctx = NULL;
1139 ret = EVP_DigestSignInit(mdctx, &pctx, EVP_sha256(), NULL, pkey);
1140 _INFO("EVP_DigestSignInit=[%d]", ret);
1142 ret = EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING);
1143 _INFO("EVP_PKEY_CTX_set_rsa_padding=[%d]", ret);
1144 EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, EVP_sha256());
1145 EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 32);
1147 EVP_DigestSignUpdate(mdctx, msg, msg_len);
1149 size_t sig_len_loc = 0;
1150 EVP_DigestSignFinal(mdctx, NULL, &sig_len_loc);
1152 unsigned char *sig = (unsigned char *)OPENSSL_malloc(sizeof(unsigned char) * (sig_len_loc));
1154 _ERR("OPENSSL_malloc failed");
1158 EVP_DigestSignFinal(mdctx, sig, &sig_len_loc);
1160 *sig_len = sig_len_loc;
1165 AsmCrypto::fidoSign(const unsigned char *msg, int msg_len, const char *private_key_file,
1166 const char *pwd, int *sig_len)
1168 _INFO("SignWithPrivateKeyFile start [%s]", private_key_file);
1169 OpenSSL_add_all_algorithms();
1172 EVP_PKEY *pkey = NULL;
1174 fp = fopen(private_key_file, "r");
1176 _ERR("Failed to open private key file");
1180 pkey = PEM_read_PrivateKey(fp, &pkey, NULL, (void *)pwd);
1188 //RSA *pRsaKey = EVP_PKEY_get1_RSA(pkey);
1190 _INFO("FIDO MGF1 PSS padding:");
1192 EVP_MD_CTX *mdctx = NULL;
1194 mdctx = EVP_MD_CTX_create();
1195 if (mdctx == NULL) {
1196 _ERR("EVP_MD_CTX_create failed");
1201 EVP_PKEY_CTX *pctx = NULL;
1202 int ret = EVP_DigestSignInit(mdctx, &pctx, EVP_sha256(), NULL, pkey);
1203 _INFO("EVP_DigestSignInit=[%d]", ret);
1205 ret = EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING);
1206 _INFO("EVP_PKEY_CTX_set_rsa_padding=[%d]", ret);
1207 EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, EVP_sha256());
1208 EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, 32);
1210 EVP_DigestSignUpdate(mdctx, msg, msg_len);
1212 size_t sig_len_loc = 0;
1213 EVP_DigestSignFinal(mdctx, NULL, &sig_len_loc);
1215 unsigned char *sig = (unsigned char *)OPENSSL_malloc(sizeof(unsigned char) * (sig_len_loc));
1217 _ERR("OPENSSL_malloc failed");
1221 EVP_DigestSignFinal(mdctx, sig, &sig_len_loc);
1223 *sig_len = sig_len_loc;
1228 AsmCrypto::genRandomInt(void)
1230 unsigned int seed = time(NULL);
1231 return rand_r(&seed);