2 * Copyright (c) 2000-2015 Samsung Electronics Co., Ltd.
4 * Licensed under the Flora License, Version 1.1 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://floralicense.org/license/
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include "TADC_Util.h"
20 #include "TADC_ErrorCode.h"
22 #include "drm_intf_tapps.h"
24 #include <openssl/aes.h>
25 #include <openssl/sha.h>
26 #include <openssl/dh.h>
27 #include <openssl/bn.h>
29 //2011.03.08 to verify signature
30 #include <openssl/x509.h>
31 #include <openssl/x509_vfy.h>
32 #include <openssl/evp.h>
33 #include <openssl/rsa.h>
34 #include <openssl/err.h>
35 #include <openssl/pem.h>
39 #include "DUIDGenerator.h"
42 int TADC_IF_GetDUID(char *Duid)
45 DRM_TAPPS_EXCEPTION("Invalid argument.");
46 return TADC_GETDUID_ERROR;
50 if (get_duid(&duid) < 0 || !duid) {
51 DRM_TAPPS_EXCEPTION("Failed to get DUID.");
52 return TADC_GETDUID_ERROR;
55 DRM_TAPPS_LOG("DUID is [%s]", duid);
56 memcpy(Duid, duid, strlen(duid) + 1);
63 int TADC_IF_GetDHKey(T_DH_INFO *t_dhinfo)
66 TADC_IF_MemSet(t_dhinfo, 0, sizeof(t_dh_info));
69 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After TADC_IF_MemSet(t_dhinfo, 0, sizeof(t_dh_info))");
72 if ((pDH = DH_new()) == NULL)
74 DRM_TAPPS_EXCEPTION("DH_new() error!");
79 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_new");
81 //2. Set the Prime and Generator Value
83 0xAE, 0xD9, 0x65, 0x3C, 0x86, 0x3E, 0xD9, 0x6F, 0x31, 0x6E,
84 0xF6, 0x08, 0x35, 0xD5, 0x01, 0xC1, 0x41, 0x2E, 0xDD, 0x7E,
85 0xE9, 0x09, 0x99, 0x73, 0xF3, 0xB3, 0xAB, 0x1F, 0x80, 0x85,
86 0x44, 0x22, 0xDA, 0x07, 0x32, 0x18, 0xC1, 0xF8, 0xC4, 0xED,
87 0x9F, 0x66, 0x88, 0xCF, 0xD6, 0x18, 0x8B, 0x28, 0x56, 0xA5,
88 0xB3, 0x6A, 0x8E, 0xBB, 0xC4, 0x2B, 0x2B, 0x3A, 0x9C, 0x20,
89 0x4E, 0xF7, 0x7F, 0xC3 };
90 BYTE generator[1] = {DH_GENERATOR_5};
92 pDH->p = BN_bin2bn(prime64, 64, NULL);
93 pDH->g = BN_bin2bn(generator, 1, NULL);
95 /* Set a to run with normal modexp and b to use constant time */
96 pDH->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
99 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After Set the Prime and Generator Value");
102 if (!DH_generate_key(pDH))
104 DRM_TAPPS_EXCEPTION("DH_generate_key() error!");
109 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_generate_key");
111 //4. Save DH Infos ( p, g, A, a )
112 TADC_IF_MemCpy(t_dhinfo->p, prime64, 64);
113 t_dhinfo->pSize = 64;
114 t_dhinfo->g = DH_GENERATOR_5;
115 t_dhinfo->ASize = BN_bn2bin(pDH->pub_key, t_dhinfo->A);
116 t_dhinfo->aSize = BN_bn2bin(pDH->priv_key, t_dhinfo->a);
122 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_free");
127 int TADC_IF_GetDHKey_K(T_DH_INFO *t_dhinfo)
130 BIGNUM *pPubKey = NULL;
132 char tempbuf[DHKey_SIZE + 1];
135 unsigned char tempG[1];
137 TADC_IF_MemSet(tempbuf, 0, sizeof(tempbuf));
140 if ((pDH = DH_new()) == NULL)
142 DRM_TAPPS_EXCEPTION("DH_new() error!");
146 //2.Set DH Info to pDH
147 pDH->p = BN_bin2bn(t_dhinfo->p, t_dhinfo->pSize, NULL);
148 tempG[0] = t_dhinfo->g;
149 pDH->g = BN_bin2bn(tempG, 1, NULL);
150 pDH->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
151 pDH->pub_key = BN_bin2bn(t_dhinfo->A, t_dhinfo->ASize, NULL);
152 pDH->priv_key = BN_bin2bn(t_dhinfo->a, t_dhinfo->aSize, NULL);
154 //3. Set Public Key of Server
155 pPubKey = BN_bin2bn(t_dhinfo->B, t_dhinfo->BSize, NULL);
157 //4. Compute DH Session Key
158 if ((i = DH_compute_key((BYTE*)tempbuf, pPubKey, pDH)) < 0)
160 DRM_TAPPS_EXCEPTION("DH_compute_key() error! \n");
164 for (i = 0 ; i < (t_dhinfo -> BSize / 2) ; i++)
166 t_dhinfo->K[i] = tempbuf[i * 2] ^ tempbuf[(i * 2) + 1];
176 int TADC_IF_AES_CTR(int keyLen, unsigned char *pKey, int ivLen, unsigned char *pIV, int inLen, unsigned char *in, int *pOutLen, unsigned char *out)
183 AES_set_encrypt_key(pKey, 128, &stKey);
187 TADC_IF_MemSet(ecount, 0, sizeof(ecount));
188 TADC_IF_MemSet(chain, 0, sizeof(chain));
189 TADC_IF_MemCpy(chain, pIV, ivLen);
191 AES_ctr128_encrypt(in, out, inLen, &stKey, chain, ecount, &num);
198 int TADC_IF_SHA1(unsigned char *in, int inLen, unsigned char *out)
203 SHA1_Update(&AlgInfo, in, inLen);
204 SHA1_Final(out, &AlgInfo);
209 int TADC_IF_VerifySignature( unsigned char* inData, int inLen,
210 unsigned char* sigData, int sigLen,
211 unsigned char* cert, int certLen )
213 unsigned char hashValue[20];
217 EVP_PKEY* pKey = NULL;
221 if (inData == NULL || sigData == NULL || cert == NULL || inLen < 1 || sigLen < 1 || certLen < 1)
223 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : Parameter error!");
229 //1. Make Hash value of indata by using SHA1
230 TADC_IF_SHA1(inData, inLen, hashValue);
232 //2. Get RSA Public Key from cert data ( DER )
233 pX509 = d2i_X509(NULL, (const unsigned char**)&cert, certLen);
236 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : Get RSA Public Key from cert data!");
240 pKey = X509_get_pubkey(pX509);
243 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : X509_get_pubkey!");
247 pRsa = EVP_PKEY_get1_RSA(pKey);
250 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : EVP_PKEY_get1_RSA!");
259 iRet = RSA_verify(NID_sha1, hashValue, 20, sigData, sigLen, pRsa);
263 char tmpBuf[120] = {0,};
265 while ((err = ERR_get_error()) != 0)
267 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : RSA_verify error(%s)", ERR_error_string(err, tmpBuf));
270 //DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : RSA_verify error(%s)", ERR_error_string(ERR_get_error(), NULL));
289 int AddCertUntrustedCerts(STACK_OF(X509)* untrustedCerts, unsigned char* cert, int certLen)
291 X509* pstX509 = NULL;
293 if (untrustedCerts == NULL || cert == NULL || certLen < 1)
295 DRM_TAPPS_EXCEPTION("AddCertSTORE Error : Parameter error!");
299 pstX509 = d2i_X509(NULL, (const unsigned char **) &cert, certLen);
302 DRM_TAPPS_EXCEPTION("AddCertSTORE Error : d2i_X509 error!");
306 sk_X509_push(untrustedCerts, pstX509);
311 int AddCertSTOREFromFile(X509_STORE* pstStore, const char* filePath)
313 X509* pstX509 = NULL;
317 file = fopen(filePath, "r");
320 DRM_TAPPS_EXCEPTION("AddCertSTOREFromFile Error : Parameter error! Fail to open a cert file.");
325 pstX509 = PEM_read_X509(file, NULL, NULL, NULL);
328 DRM_TAPPS_EXCEPTION("AddCertSTORE Error : d2i_X509 error!");
333 X509_STORE_add_cert(pstStore, pstX509);
341 int AddCertSTOREFromDir(X509_STORE* pstStore, const char* dirPath)
347 struct dirent *result;
349 char file_path_buff[512];
351 if (pstStore == NULL || dirPath == NULL)
353 DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : Parameter error!");
358 dir = opendir(dirPath);
360 DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : cannot open directory!");
366 error = readdir_r(dir, &entry, &result);
368 DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : fail to read entries from a directory!");
372 // readdir_r returns NULL in *result if the end
373 // of the directory stream is reached
377 if(entry.d_type == DT_REG) { // regular file
378 memset(file_path_buff, 0, sizeof(file_path_buff));
379 snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s", dirPath, entry.d_name);
380 if(AddCertSTOREFromFile(pstStore, file_path_buff) == 0) {
381 DRM_TAPPS_LOG("Add root cert : file=%s", file_path_buff);
383 DRM_TAPPS_LOG("Fail to add root cert : file=%s", file_path_buff);
394 int TADC_IF_VerifyCertChain( unsigned char* rica, int ricaLen,
395 unsigned char* cert, int certLen )
397 X509_STORE_CTX* pstStoreCtx = NULL;
398 X509_STORE* pstStore = NULL;
399 STACK_OF(X509)* untrustedCerts = NULL;
401 X509* pstX509 = NULL;
406 //must call this function.
407 OpenSSL_add_all_algorithms();
409 pstStore = X509_STORE_new();
416 untrustedCerts = sk_X509_new_null();
417 if(untrustedCerts == NULL)
424 //Add RICA Cert to certchain
425 if ((iRet = AddCertUntrustedCerts(untrustedCerts, rica, ricaLen)) != 0)
427 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Add RICA Cert to certchain!");
433 if ((iRet = AddCertSTOREFromDir(pstStore, RO_ISSUER_ROOT_CERTS_DIR)) != 0)
435 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Add Root CA Cert!");
441 pstX509 = d2i_X509(NULL, (const unsigned char **)&cert, certLen);
445 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Get Cert d2i_X509 error!");
450 X509_STORE_set_flags(pstStore, X509_V_FLAG_CB_ISSUER_CHECK);
451 pstStoreCtx = X509_STORE_CTX_new();
452 if (pstStoreCtx == NULL)
454 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : 509_STORE_CTX_new error!");
460 X509_STORE_CTX_init(pstStoreCtx, pstStore, pstX509, untrustedCerts);
463 X509_STORE_CTX_set_flags(pstStoreCtx, X509_V_FLAG_CB_ISSUER_CHECK);
466 iRet = X509_verify_cert(pstStoreCtx);
470 if (pstStore != NULL)
471 X509_STORE_free(pstStore);
472 if (pstStoreCtx != NULL)
473 X509_STORE_CTX_free(pstStoreCtx);
474 if (untrustedCerts != NULL)
475 sk_X509_free(untrustedCerts);
479 DRM_TAPPS_LOG("TADC_IF_VerifyCertChain Success! \n");
484 iErrCode = X509_STORE_CTX_get_error(pstStoreCtx);
485 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : %s \n", X509_verify_cert_error_string(iErrCode));
490 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : 509_verify_cert error! \n");
495 size_t TADC_IF_StrLen(const char *string)
497 return strlen(string);
500 int TADC_IF_StrCmp(const char *string1, const char *string2)
502 return strcmp(string1, string2);
505 int TADC_IF_StrNCmp(const char *string1, const char *string2, size_t count)
507 return strncmp(string1, string2, count);
510 char *TADC_IF_StrNCpy(char *strDestination, const char *strSource, size_t count)
512 return strncpy(strDestination, strSource, count);
515 unsigned long TADC_IF_StrtOul(const char *nptr, char **endptr, int base)
517 return strtoul(nptr, endptr, base);
520 int TADC_IF_MemCmp(const void *buf1, const void *buf2, size_t count)
522 return memcmp(buf1, buf2, count);
525 void TADC_IF_MemCpy(void *dest, const void *src, size_t count)
527 memcpy(dest, src, count);
530 void TADC_IF_MemSet(void *dest, int c, size_t count)
532 memset(dest, c, count);
535 void *TADC_IF_Malloc(size_t size)
540 void TADC_IF_Free(void *memblock)
548 int TADC_IF_AtoI(char *str)