4 * Copyright (c) 2012 Samsung Electronics Co., Ltd.
6 * Licensed under the Apache License, Version 2.0 (the License);
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
25 #include <sys/ioctl.h>
31 #define ICD_EXEC_PATH "/usr/bin/icd"
33 #define INTEGRITY_NOT_COMPROMISED 1
34 #define INTEGRITY_COMPROMISED 0
35 #define ERR_FILE_READ -1
37 #define TZIC_IOC_MAGIC 0x9E
38 #define TZIC_IOCTL_SET_FUSE_REQ _IO(TZIC_IOC_MAGIC, 1)
40 static int write_file(const char *path, const char *value)
44 fd = open(path, O_WRONLY|O_CREAT, 0622);
51 ret = write(fd, value, len);
52 } while (ret < 0 && errno == EINTR);
62 static int check_file_hash(const char *filename)
67 int result = INTEGRITY_COMPROMISED;
69 unsigned char digest[SECKM_SHA256_DIGEST_LENGTH];
70 unsigned char *input = 0;
73 unsigned char hashed[] =
74 "\x08\x01\x77\xd8\x5e\xdf\xa2\xe3\x9c\x34\xe7\xd6\xdd\x86\xae\x88\xeb\x19\x1b\xc9\xb6\xdd\x3d\xa2\x80\xd1\xaa\xf5\x1e\x29\x41\x14";
76 fd = open(filename, O_RDONLY);
80 if (fstat(fd, &info) < 0)
85 input = (unsigned char *)malloc(fsize);
89 result = read(fd, input, fsize);
90 if (result != fsize) {
91 result = ERR_FILE_READ;
95 SECKM_SHA256_Init((SECKM_SHA256_CTX*) &ctx);
96 SECKM_SHA256_Update((SECKM_SHA256_CTX*) &ctx, input, fsize);
97 SECKM_SHA256_Final((SECKM_SHA256_CTX*) &ctx, digest);
99 if ((memcmp(hashed, digest, SECKM_SHA256_DIGEST_LENGTH) == 0))
100 result = INTEGRITY_NOT_COMPROMISED;
105 * FIXME: temporarily skip a tamper flag setting
106 * icd package not working
109 if (result != INTEGRITY_NOT_COMPROMISED) {
110 fd = open("/dev/tzic", O_RDWR);
112 ioctl(fd, TZIC_IOCTL_SET_FUSE_REQ, &result);
123 void icd_check_integrity(void)
128 check = check_file_hash(ICD_EXEC_PATH);
129 if (check == INTEGRITY_NOT_COMPROMISED)
130 ret = write_file("/dev/icd", "1");
132 ret = write_file("/dev/icd", "0");
133 _I("icd status %d %d", check, ret);