2 * Copyright (c) 2000-2015 Samsung Electronics Co., Ltd.
4 * Licensed under the Flora License, Version 1.1 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://floralicense.org/license/
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include "TADC_Util.h"
20 #include "TADC_ErrorCode.h"
22 #include "drm_intf_tapps.h"
24 #include <openssl/aes.h>
25 #include <openssl/sha.h>
26 #include <openssl/dh.h>
27 #include <openssl/bn.h>
29 //2011.03.08 to verify signature
30 #include <openssl/x509.h>
31 #include <openssl/x509_vfy.h>
32 #include <openssl/evp.h>
33 #include <openssl/rsa.h>
34 #include <openssl/err.h>
35 #include <openssl/pem.h>
41 #include "DUIDGenerator.h"
44 int TADC_IF_GetDUID(char *Duid)
47 DRM_TAPPS_EXCEPTION("Invalid argument.");
48 return TADC_GETDUID_ERROR;
52 if (get_duid(&duid) < 0 || !duid) {
53 DRM_TAPPS_EXCEPTION("Failed to get DUID.");
54 return TADC_GETDUID_ERROR;
57 DRM_TAPPS_LOG("DUID is [%s]", duid);
58 memcpy(Duid, duid, strlen(duid) + 1);
65 int TADC_IF_GetDHKey(T_DH_INFO *t_dhinfo)
68 TADC_IF_MemSet(t_dhinfo, 0, sizeof(t_dh_info));
71 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After TADC_IF_MemSet(t_dhinfo, 0, sizeof(t_dh_info))");
74 if ((pDH = DH_new()) == NULL)
76 DRM_TAPPS_EXCEPTION("DH_new() error!");
81 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_new");
83 //2. Set the Prime and Generator Value
85 0xAE, 0xD9, 0x65, 0x3C, 0x86, 0x3E, 0xD9, 0x6F, 0x31, 0x6E,
86 0xF6, 0x08, 0x35, 0xD5, 0x01, 0xC1, 0x41, 0x2E, 0xDD, 0x7E,
87 0xE9, 0x09, 0x99, 0x73, 0xF3, 0xB3, 0xAB, 0x1F, 0x80, 0x85,
88 0x44, 0x22, 0xDA, 0x07, 0x32, 0x18, 0xC1, 0xF8, 0xC4, 0xED,
89 0x9F, 0x66, 0x88, 0xCF, 0xD6, 0x18, 0x8B, 0x28, 0x56, 0xA5,
90 0xB3, 0x6A, 0x8E, 0xBB, 0xC4, 0x2B, 0x2B, 0x3A, 0x9C, 0x20,
91 0x4E, 0xF7, 0x7F, 0xC3 };
92 BYTE generator[1] = {DH_GENERATOR_5};
94 pDH->p = BN_bin2bn(prime64, 64, NULL);
95 pDH->g = BN_bin2bn(generator, 1, NULL);
97 /* Set a to run with normal modexp and b to use constant time */
98 pDH->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
101 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After Set the Prime and Generator Value");
104 if (!DH_generate_key(pDH))
106 DRM_TAPPS_EXCEPTION("DH_generate_key() error!");
111 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_generate_key");
113 //4. Save DH Infos ( p, g, A, a )
114 TADC_IF_MemCpy(t_dhinfo->p, prime64, 64);
115 t_dhinfo->pSize = 64;
116 t_dhinfo->g = DH_GENERATOR_5;
117 t_dhinfo->ASize = BN_bn2bin(pDH->pub_key, t_dhinfo->A);
118 t_dhinfo->aSize = BN_bn2bin(pDH->priv_key, t_dhinfo->a);
124 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_free");
129 int TADC_IF_GetDHKey_K(T_DH_INFO *t_dhinfo)
132 BIGNUM *pPubKey = NULL;
134 char tempbuf[DHKey_SIZE + 1];
137 unsigned char tempG[1];
139 TADC_IF_MemSet(tempbuf, 0, sizeof(tempbuf));
142 if ((pDH = DH_new()) == NULL)
144 DRM_TAPPS_EXCEPTION("DH_new() error!");
148 //2.Set DH Info to pDH
149 pDH->p = BN_bin2bn(t_dhinfo->p, t_dhinfo->pSize, NULL);
150 tempG[0] = t_dhinfo->g;
151 pDH->g = BN_bin2bn(tempG, 1, NULL);
152 pDH->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
153 pDH->pub_key = BN_bin2bn(t_dhinfo->A, t_dhinfo->ASize, NULL);
154 pDH->priv_key = BN_bin2bn(t_dhinfo->a, t_dhinfo->aSize, NULL);
156 //3. Set Public Key of Server
157 pPubKey = BN_bin2bn(t_dhinfo->B, t_dhinfo->BSize, NULL);
159 //4. Compute DH Session Key
160 if ((i = DH_compute_key((BYTE*)tempbuf, pPubKey, pDH)) < 0)
162 DRM_TAPPS_EXCEPTION("DH_compute_key() error! \n");
166 for (i = 0 ; i < (t_dhinfo -> BSize / 2) ; i++)
168 t_dhinfo->K[i] = tempbuf[i * 2] ^ tempbuf[(i * 2) + 1];
178 /* Only handles 128 bit aes key */
179 int TADC_IF_AES_CTR(unsigned char *pKey, int ivLen, unsigned char *pIV, int inLen, unsigned char *in, int *pOutLen, unsigned char *out)
186 AES_set_encrypt_key(pKey, 128, &stKey);
190 TADC_IF_MemSet(ecount, 0, sizeof(ecount));
191 TADC_IF_MemSet(chain, 0, sizeof(chain));
192 TADC_IF_MemCpy(chain, pIV, ivLen);
194 AES_ctr128_encrypt(in, out, inLen, &stKey, chain, ecount, &num);
201 int TADC_IF_SHA1(unsigned char *in, int inLen, unsigned char *out)
206 SHA1_Update(&AlgInfo, in, inLen);
207 SHA1_Final(out, &AlgInfo);
212 int TADC_IF_VerifySignature(unsigned char* inData, int inLen,
213 unsigned char* sigData, int sigLen,
214 unsigned char* cert, int certLen)
216 unsigned char hashValue[20];
220 EVP_PKEY* pKey = NULL;
224 if (inData == NULL || sigData == NULL || cert == NULL || inLen < 1 || sigLen < 1 || certLen < 1)
226 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : Parameter error!");
232 //1. Make Hash value of indata by using SHA1
233 TADC_IF_SHA1(inData, inLen, hashValue);
235 //2. Get RSA Public Key from cert data ( DER )
236 pX509 = d2i_X509(NULL, (const unsigned char**)&cert, certLen);
239 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : Get RSA Public Key from cert data!");
243 pKey = X509_get_pubkey(pX509);
246 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : X509_get_pubkey!");
250 pRsa = EVP_PKEY_get1_RSA(pKey);
253 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : EVP_PKEY_get1_RSA!");
262 iRet = RSA_verify(NID_sha1, hashValue, 20, sigData, sigLen, pRsa);
266 char tmpBuf[120] = {0,};
268 while ((err = ERR_get_error()) != 0)
270 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : RSA_verify error(%s)", ERR_error_string(err, tmpBuf));
273 //DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : RSA_verify error(%s)", ERR_error_string(ERR_get_error(), NULL));
292 int AddCertUntrustedCerts(STACK_OF(X509)* untrustedCerts, unsigned char* cert, int certLen)
294 X509* pstX509 = NULL;
296 if (untrustedCerts == NULL || cert == NULL || certLen < 1)
298 DRM_TAPPS_EXCEPTION("AddCertSTORE Error : Parameter error!");
302 pstX509 = d2i_X509(NULL, (const unsigned char **) &cert, certLen);
305 DRM_TAPPS_EXCEPTION("AddCertSTORE Error : d2i_X509 error!");
309 sk_X509_push(untrustedCerts, pstX509);
314 int AddCertSTOREFromFile(X509_STORE* pstStore, const char* filePath)
316 X509* pstX509 = NULL;
320 file = fopen(filePath, "r");
323 DRM_TAPPS_EXCEPTION("AddCertSTOREFromFile Error : Parameter error! Fail to open a cert file.");
328 pstX509 = PEM_read_X509(file, NULL, NULL, NULL);
331 DRM_TAPPS_EXCEPTION("AddCertSTORE Error : d2i_X509 error!");
336 X509_STORE_add_cert(pstStore, pstX509);
344 int AddCertSTOREFromDir(X509_STORE* pstStore, const char* dirPath)
350 struct dirent *result;
352 char file_path_buff[512];
354 if (pstStore == NULL || dirPath == NULL)
356 DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : Parameter error!");
361 dir = opendir(dirPath);
363 DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : cannot open directory!");
369 error = readdir_r(dir, &entry, &result);
371 DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : fail to read entries from a directory!");
375 // readdir_r returns NULL in *result if the end
376 // of the directory stream is reached
380 if(entry.d_type == DT_REG) { // regular file
381 memset(file_path_buff, 0, sizeof(file_path_buff));
382 snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s", dirPath, entry.d_name);
383 if(AddCertSTOREFromFile(pstStore, file_path_buff) == 0) {
384 DRM_TAPPS_LOG("Add root cert : file=%s", file_path_buff);
386 DRM_TAPPS_LOG("Fail to add root cert : file=%s", file_path_buff);
397 int TADC_IF_VerifyCertChain(unsigned char* rica, int ricaLen,
398 unsigned char* cert, int certLen)
400 OpenSSL_add_all_algorithms();
402 X509_STORE *pstStore = X509_STORE_new();
403 if (pstStore == NULL)
406 std::unique_ptr<X509_STORE, void(*)(X509_STORE *)>
407 _scoped_x509_store(pstStore, X509_STORE_free);
409 STACK_OF(X509) *untrustedCerts = sk_X509_new_null();
410 if (untrustedCerts == NULL)
413 std::unique_ptr<STACK_OF(X509), std::function<void(STACK_OF(X509) *)>>
414 _scoped_x509_stack(untrustedCerts, [](STACK_OF(X509) *s) { sk_X509_free(s); });
416 //Add RICA Cert to certchain
417 if (AddCertUntrustedCerts(untrustedCerts, rica, ricaLen) != 0) {
418 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Add RICA Cert to certchain!");
423 if (AddCertSTOREFromDir(pstStore, RO_ISSUER_ROOT_CERTS_DIR) != 0) {
424 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Add Root CA Cert!");
429 X509 *pstX509 = d2i_X509(NULL, (const unsigned char **)&cert, certLen);
431 if (pstX509 == NULL) {
432 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Get Cert d2i_X509 error!");
436 X509_STORE_set_flags(pstStore, X509_V_FLAG_CB_ISSUER_CHECK);
437 X509_STORE_CTX *pstStoreCtx = X509_STORE_CTX_new();
438 if (pstStoreCtx == NULL) {
439 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : 509_STORE_CTX_new error!");
443 std::unique_ptr<X509_STORE_CTX, void(*)(X509_STORE_CTX *)>
444 _scoped_x509_store_ctx(pstStoreCtx, X509_STORE_CTX_free);
447 X509_STORE_CTX_init(pstStoreCtx, pstStore, pstX509, untrustedCerts);
450 X509_STORE_CTX_set_flags(pstStoreCtx, X509_V_FLAG_CB_ISSUER_CHECK);
453 switch (X509_verify_cert(pstStoreCtx)) {
455 DRM_TAPPS_LOG("TADC_IF_VerifyCertChain Success!");
458 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Failed: %s",
459 X509_verify_cert_error_string(X509_STORE_CTX_get_error(pstStoreCtx)));
462 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error: X509_verify_cert error!");
467 size_t TADC_IF_StrLen(const char *string)
469 return strlen(string);
472 int TADC_IF_StrCmp(const char *string1, const char *string2)
474 return strcmp(string1, string2);
477 int TADC_IF_StrNCmp(const char *string1, const char *string2, size_t count)
479 return strncmp(string1, string2, count);
482 char *TADC_IF_StrNCpy(char *strDestination, const char *strSource, size_t count)
484 return strncpy(strDestination, strSource, count);
487 unsigned long TADC_IF_StrtOul(const char *nptr, char **endptr, int base)
489 return strtoul(nptr, endptr, base);
492 int TADC_IF_MemCmp(const void *buf1, const void *buf2, size_t count)
494 return memcmp(buf1, buf2, count);
497 void TADC_IF_MemCpy(void *dest, const void *src, size_t count)
499 memcpy(dest, src, count);
502 void TADC_IF_MemSet(void *dest, int c, size_t count)
504 memset(dest, c, count);
507 void *TADC_IF_Malloc(size_t size)
512 void TADC_IF_Free(void *memblock)
520 int TADC_IF_AtoI(char *str)