2 * libcryptsvc - device unique key
4 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
24 #include <openssl/evp.h>
25 #include <openssl/err.h>
26 #include <openssl/rand.h>
27 #include <openssl/sha.h>
31 #include "SecCryptoSvc.h"
33 #define CS_API __attribute__((visibility("default")))
35 #define SYS_SECBOOT_DEV_ID_LEN 16
36 #define NAND_CID_NAME "/sys/block/mmcblk0/device/cid"
37 #define NAND_CID_SIZE 32
40 #ifdef CRYPTOSVC_TARGET
41 static int __AsciiToHex(const char AsciiHexUpper,const char AsciiHexLower)
45 //First convert upper hex ascii value
46 if (AsciiHexUpper >= '0' && AsciiHexUpper <= '9')
47 hexReturn = (AsciiHexUpper - '0') * 16;
48 else if (AsciiHexUpper >= 'A' && AsciiHexUpper <= 'F')
49 hexReturn = ((AsciiHexUpper - 'A') + 10) * 16;
50 else if (AsciiHexUpper >= 'a' && AsciiHexUpper <= 'f')
51 hexReturn = ((AsciiHexUpper - 'a') + 10) * 16;
53 //Convert lower hex ascii value
54 if (AsciiHexLower >= '0' && AsciiHexLower <= '9')
55 hexReturn = hexReturn + (AsciiHexLower - '0');
56 else if (AsciiHexLower >= 'A' && AsciiHexLower <= 'F')
57 hexReturn = hexReturn + (AsciiHexLower - 'A') + 10;
58 else if (AsciiHexLower >= 'a' && AsciiHexLower <= 'f')
59 hexReturn = hexReturn + (AsciiHexLower - 'a') + 10;
64 static bool OemNandInfoUID(unsigned char *pUID, int nBufferSize)
67 char szCID[NAND_CID_SIZE + 1] = {0,};
69 memset(pUID, 0x00, nBufferSize);
71 fd = open(NAND_CID_NAME, O_RDONLY);
73 SLOGE("cid open error!");
77 if (read(fd, szCID, NAND_CID_SIZE) == -1) {
78 SLOGE("cid read fail!!");
84 pUID[0] = __AsciiToHex(szCID[0], szCID[1]);
86 pUID[4] = __AsciiToHex(szCID[4], szCID[5]);
88 pUID[8] = __AsciiToHex(szCID[18], szCID[19]);
90 pUID[15] = __AsciiToHex(szCID[20], szCID[21]);
91 pUID[14] = __AsciiToHex(szCID[22], szCID[23]);
92 pUID[13] = __AsciiToHex(szCID[24], szCID[25]);
93 pUID[12] = __AsciiToHex(szCID[26], szCID[27]);
96 pUID[1] = __AsciiToHex(szCID[2], szCID[3]);
97 pUID[2] = __AsciiToHex(szCID[6], szCID[7]);
98 pUID[3] = __AsciiToHex(szCID[8], szCID[9]);
100 pUID[5] = __AsciiToHex(szCID[10], szCID[11]);
101 pUID[6] = __AsciiToHex(szCID[12], szCID[13]);
102 pUID[7] = __AsciiToHex(szCID[14], szCID[15]);
104 pUID[9] = __AsciiToHex(szCID[16], szCID[17]);
105 pUID[10] = __AsciiToHex(szCID[28], szCID[29]);
106 pUID[11] = __AsciiToHex(szCID[30], szCID[31]);
108 SLOGD(" UID : %8X %8X %8X %8X",
112 *(int *)(pUID + 12));
118 static void SysSecBootGetDeviceUniqueKey(unsigned char *pUniquekey)
120 if (!OemNandInfoUID(pUniquekey, SYS_SECBOOT_DEV_ID_LEN))
121 memset(pUniquekey, 0x00, SYS_SECBOOT_DEV_ID_LEN);
127 bool SecFrameGeneratePlatformUniqueKey(unsigned int uLen, unsigned char *pCek)
131 unsigned char Key[73] = {0};
132 unsigned char hashedValue[HASH_LEN] = {0};
133 int nTempLen = SEC_DUK_SIZE;
136 unsigned char *result = NULL;
138 #ifdef CRYPTOSVC_TARGET
139 SysSecBootGetDeviceUniqueKey(Key);
141 memset(Key, 0xFF, nTempLen);
144 memcpy(Key+nTempLen, SEC_FRAME_OSP_KEY, 9);
149 for (i = 0; i < uLen; i += HASH_LEN) {
150 result = SHA1(Key, nTempLen, hashedValue);
154 SLOGE("SecCryptoHash fail");
161 if (remain < HASH_LEN)
162 memcpy(pCek + i, hashedValue, remain);
164 memcpy(pCek + i, hashedValue, nHashLen);
167 memset(Key, 0, sizeof(Key));
168 memcpy(Key, hashedValue, nHashLen);
171 SLOGD("SecFrameGeneratePlatformUniqueKey Success.");
178 char *Base64Encoding(const char *data, int size)
180 char *pEncodedBuf = NULL;
181 const char *pPointer = NULL;
182 const char *pLength = data + size - 1;
183 unsigned char pInput[3] = {0,0,0};
184 unsigned char poutput[4] = {0,0,0,0};
188 int sizeEncodedString = (4 * (size / 3)) + (size % 3 ? 4 : 0) + 1;
190 if (!(pEncodedBuf = (char *)calloc(sizeEncodedString, sizeof(char)))) {
191 SLOGE("Failed to allocate memory");
195 for (loopCnt = 0, pPointer = data; pPointer <= pLength; loopCnt++, pPointer++) {
197 pInput[index] = *pPointer;
199 if (index == 2 || pPointer == pLength) {
200 poutput[0] = ((pInput[0] & 0xFC) >> 2);
201 poutput[1] = ((pInput[0] & 0x3) << 4) | ((pInput[1] & 0xF0) >> 4);
202 poutput[2] = ((pInput[1] & 0xF) << 2) | ((pInput[2] & 0xC0) >> 6);
203 poutput[3] = (pInput[2] & 0x3F);
205 pEncodedBuf[stringCnt++] = Base64EncodingTable[poutput[0]];
206 pEncodedBuf[stringCnt++] = Base64EncodingTable[poutput[1]];
207 pEncodedBuf[stringCnt++] = index == 0 ? '=' : Base64EncodingTable[poutput[2]];
208 pEncodedBuf[stringCnt++] = index < 2 ? '=' : Base64EncodingTable[poutput[3]];
210 pInput[0] = pInput[1] = pInput[2] = 0;
214 pEncodedBuf[stringCnt] = '\0';
220 char *GetDuid(int idSize)
222 const char *version = "1.0#";
223 char info[] = {0xca, 0xfe, 0xbe, 0xbe, 0x78, 0x07, 0x02, 0x03};
225 unsigned char *pKey = NULL;
226 unsigned char *pDuid = NULL;
228 char *pKeyVersion = NULL;
231 SLOGE("Invalid Input [%d]", idSize);
235 if (!(pKey = (unsigned char *)malloc(idSize))) {
236 SLOGE("Failed to allocate memory for key");
240 if (!SecFrameGeneratePlatformUniqueKey(idSize, pKey)) {
241 SLOGE("Failed to get duid");
245 if (!(pDuid = (unsigned char *)malloc(idSize))) {
246 SLOGE("Failed to allocate memory");
250 PKCS5_PBKDF2_HMAC_SHA1(info, 8, pKey, idSize, 1, idSize, pDuid);
252 if (!(pId = Base64Encoding((char *)pDuid, idSize))) {
253 SLOGE("Failed to convert to base64 string");
257 if (!(pKeyVersion = (char *)calloc(strlen(pId) + strlen(version) + 1, sizeof(char)))) {
258 SLOGE("Failed to allocate memory");
261 strncpy(pKeyVersion, version, strlen(version));
262 strncat(pKeyVersion, pId, strlen(pId));