#include <dirent.h>
+#include <cerrno>
#include <memory>
#include "DUIDGenerator.h"
}
char *duid = NULL;
+
if (get_duid(&duid) < 0 || !duid) {
DRM_TAPPS_EXCEPTION("Failed to get DUID.");
return TADC_GETDUID_ERROR;
TADC_IF_MemSet(t_dhinfo, 0, sizeof(t_dh_info));
// Debug
- DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After TADC_IF_MemSet(t_dhinfo, 0, sizeof(t_dh_info))");
+ DRM_TAPPS_LOG("After TADC_IF_MemSet(t_dhinfo, 0, sizeof(t_dh_info))");
//1. dh new
- if ((pDH = DH_new()) == NULL)
- {
+ if ((pDH = DH_new()) == NULL) {
DRM_TAPPS_EXCEPTION("DH_new() error!");
return -1;
}
// Debug
- DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_new");
+ DRM_TAPPS_LOG("After DH_new");
//2. Set the Prime and Generator Value
BYTE prime64[64] = {
0x44, 0x22, 0xDA, 0x07, 0x32, 0x18, 0xC1, 0xF8, 0xC4, 0xED,
0x9F, 0x66, 0x88, 0xCF, 0xD6, 0x18, 0x8B, 0x28, 0x56, 0xA5,
0xB3, 0x6A, 0x8E, 0xBB, 0xC4, 0x2B, 0x2B, 0x3A, 0x9C, 0x20,
- 0x4E, 0xF7, 0x7F, 0xC3 };
+ 0x4E, 0xF7, 0x7F, 0xC3
+ };
BYTE generator[1] = {DH_GENERATOR_5};
pDH->p = BN_bin2bn(prime64, 64, NULL);
pDH->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
// Debug
- DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After Set the Prime and Generator Value");
+ DRM_TAPPS_LOG("After Set the Prime and Generator Value");
//3. Generate DH Key
- if (!DH_generate_key(pDH))
- {
+ if (!DH_generate_key(pDH)) {
DRM_TAPPS_EXCEPTION("DH_generate_key() error!");
return -1;
}
// Debug
- DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_generate_key");
+ DRM_TAPPS_LOG("After DH_generate_key");
//4. Save DH Infos ( p, g, A, a )
TADC_IF_MemCpy(t_dhinfo->p, prime64, 64);
DH_free(pDH);
// Debug
- DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_free");
+ DRM_TAPPS_LOG("After DH_free");
return 0;
}
TADC_IF_MemSet(tempbuf, 0, sizeof(tempbuf));
//1. dh new
- if ((pDH = DH_new()) == NULL)
- {
+ if ((pDH = DH_new()) == NULL) {
DRM_TAPPS_EXCEPTION("DH_new() error!");
return -1;
}
pPubKey = BN_bin2bn(t_dhinfo->B, t_dhinfo->BSize, NULL);
//4. Compute DH Session Key
- if ((i = DH_compute_key((BYTE*)tempbuf, pPubKey, pDH)) < 0)
- {
+ if ((i = DH_compute_key((BYTE *)tempbuf, pPubKey, pDH)) < 0) {
DRM_TAPPS_EXCEPTION("DH_compute_key() error! \n");
return -1;
}
- for (i = 0 ; i < (t_dhinfo -> BSize / 2) ; i++)
- {
+ for (i = 0; i < (t_dhinfo -> BSize / 2); i++) {
t_dhinfo->K[i] = tempbuf[i * 2] ^ tempbuf[(i * 2) + 1];
}
}
/* Only handles 128 bit aes key */
-int TADC_IF_AES_CTR(unsigned char *pKey, int ivLen, unsigned char *pIV, int inLen, unsigned char *in, int *pOutLen, unsigned char *out)
+int TADC_IF_AES_CTR(unsigned char *pKey, int ivLen, unsigned char *pIV,
+ int inLen, unsigned char *in, int *pOutLen, unsigned char *out)
{
AES_KEY stKey;
UINT num;
return 0;
}
-int TADC_IF_VerifySignature(unsigned char* inData, int inLen,
- unsigned char* sigData, int sigLen,
- unsigned char* cert, int certLen)
+int TADC_IF_VerifySignature(unsigned char *inData, int inLen,
+ unsigned char *sigData, int sigLen,
+ unsigned char *cert, int certLen)
{
unsigned char hashValue[20];
int iRet = 0;
- X509* pX509 = NULL;
- EVP_PKEY* pKey = NULL;
- RSA* pRsa = NULL;
+ X509 *pX509 = NULL;
+ EVP_PKEY *pKey = NULL;
+ RSA *pRsa = NULL;
//Check parameters
- if (inData == NULL || sigData == NULL || cert == NULL || inLen < 1 || sigLen < 1 || certLen < 1)
- {
- DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : Parameter error!");
+ if (inData == NULL || sigData == NULL || cert == NULL || inLen < 1 ||
+ sigLen < 1 || certLen < 1) {
+ DRM_TAPPS_EXCEPTION("Parameter error!");
return -1;
}
TADC_IF_SHA1(inData, inLen, hashValue);
//2. Get RSA Public Key from cert data ( DER )
- pX509 = d2i_X509(NULL, (const unsigned char**)&cert, certLen);
- if (pX509 == NULL)
- {
- DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : Get RSA Public Key from cert data!");
+ pX509 = d2i_X509(NULL, (const unsigned char **)&cert, certLen);
+
+ if (pX509 == NULL) {
+ DRM_TAPPS_EXCEPTION("Get RSA Public Key from cert data!");
return -1;
}
pKey = X509_get_pubkey(pX509);
- if (pKey == NULL)
- {
- DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : X509_get_pubkey!");
+
+ if (pKey == NULL) {
+ DRM_TAPPS_EXCEPTION("X509_get_pubkey!");
return -1;
}
pRsa = EVP_PKEY_get1_RSA(pKey);
- if (pRsa == NULL)
- {
- DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : EVP_PKEY_get1_RSA!");
- if (NULL != pKey)
- {
+
+ if (pRsa == NULL) {
+ DRM_TAPPS_EXCEPTION("EVP_PKEY_get1_RSA!");
+
+ if (NULL != pKey) {
EVP_PKEY_free(pKey);
}
+
return -1;
}
//3. Verify RSA Sign
iRet = RSA_verify(NID_sha1, hashValue, 20, sigData, sigLen, pRsa);
- if (1 != iRet)
- {
+
+ if (1 != iRet) {
int err = 0;
- char tmpBuf[120] = {0,};
+ char tmpBuf[120] = { 0, };
while ((err = ERR_get_error()) != 0)
- {
- DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : RSA_verify error(%s)", ERR_error_string(err, tmpBuf));
- }
- //Error
- //DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : RSA_verify error(%s)", ERR_error_string(ERR_get_error(), NULL));
+ DRM_TAPPS_EXCEPTION("RSA_verify error(%s)", ERR_error_string(err, tmpBuf));
if (NULL != pKey)
- {
EVP_PKEY_free(pKey);
- }
return -1;
}
- //free
if (NULL != pKey)
- {
EVP_PKEY_free(pKey);
- }
return 0;
}
-int AddCertUntrustedCerts(STACK_OF(X509)* untrustedCerts, unsigned char* cert, int certLen)
+int AddCertUntrustedCerts(STACK_OF(X509)* untrustedCerts, unsigned char *cert,
+ int certLen)
{
- X509* pstX509 = NULL;
+ X509 *pstX509 = NULL;
- if (untrustedCerts == NULL || cert == NULL || certLen < 1)
- {
+ if (untrustedCerts == NULL || cert == NULL || certLen < 1) {
DRM_TAPPS_EXCEPTION("AddCertSTORE Error : Parameter error!");
return -1;
}
pstX509 = d2i_X509(NULL, (const unsigned char **) &cert, certLen);
- if (pstX509 == NULL)
- {
+
+ if (pstX509 == NULL) {
DRM_TAPPS_EXCEPTION("AddCertSTORE Error : d2i_X509 error!");
return -1;
}
return 0;
}
-int AddCertSTOREFromFile(X509_STORE* pstStore, const char* filePath)
+int AddCertSTOREFromFile(X509_STORE *pstStore, const char *filePath)
{
- X509* pstX509 = NULL;
- FILE* file = NULL;
+ X509 *pstX509 = NULL;
+ FILE *file = NULL;
int ret = 0;
file = fopen(filePath, "r");
- if(!file)
- {
- DRM_TAPPS_EXCEPTION("AddCertSTOREFromFile Error : Parameter error! Fail to open a cert file.");
+
+ if (!file) {
+ DRM_TAPPS_EXCEPTION("Parameter error! Fail to open a cert file.");
ret = -1;
goto error;
}
pstX509 = PEM_read_X509(file, NULL, NULL, NULL);
- if (pstX509 == NULL)
- {
- DRM_TAPPS_EXCEPTION("AddCertSTORE Error : d2i_X509 error!");
+
+ if (pstX509 == NULL) {
+ DRM_TAPPS_EXCEPTION("d2i_X509 error!");
ret = -1;
goto error;
}
X509_STORE_add_cert(pstStore, pstX509);
error:
- if(file!=NULL)
+
+ if (file != NULL)
fclose(file);
+
return ret;
}
-int AddCertSTOREFromDir(X509_STORE* pstStore, const char* dirPath)
+int AddCertSTOREFromDir(X509_STORE *pstStore, const char *dirPath)
{
int ret = 0;
DIR *dir = NULL;
- struct dirent entry;
- struct dirent *result;
- int error;
+ struct dirent *result = nullptr;
char file_path_buff[512];
- if (pstStore == NULL || dirPath == NULL)
- {
- DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : Parameter error!");
+ if (pstStore == NULL || dirPath == NULL) {
+ DRM_TAPPS_EXCEPTION("Parameter error!");
ret = -1;
goto error;
}
dir = opendir(dirPath);
- if(dir == NULL) {
- DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : cannot open directory!");
+
+ if (dir == NULL) {
+ DRM_TAPPS_EXCEPTION("cannot open directory(%s)!", dirPath);
ret = -1;
goto error;
}
- for(;;) {
- error = readdir_r(dir, &entry, &result);
- if( error != 0 ) {
- DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : fail to read entries from a directory!");
- ret = -1;
- goto error;
+ while (true) {
+ errno = 0;
+ result = readdir(dir);
+ if (result == NULL) {
+ if (errno != 0) {
+ DRM_TAPPS_EXCEPTION("fail to read entries from a directory(%s)!",
+ dirPath);
+ ret = -1;
+ goto error;
+ } else {
+ // end of stream
+ break;
+ }
}
- // readdir_r returns NULL in *result if the end
- // of the directory stream is reached
- if(result == NULL)
- break;
- if(entry.d_type == DT_REG) { // regular file
+ if (result->d_type == DT_REG) {
+ // regular file
memset(file_path_buff, 0, sizeof(file_path_buff));
- snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s", dirPath, entry.d_name);
- if(AddCertSTOREFromFile(pstStore, file_path_buff) == 0) {
+ snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s", dirPath,
+ result->d_name);
+
+ if (AddCertSTOREFromFile(pstStore, file_path_buff) == 0) {
DRM_TAPPS_LOG("Add root cert : file=%s", file_path_buff);
- }else {
+ } else {
DRM_TAPPS_LOG("Fail to add root cert : file=%s", file_path_buff);
}
}
}
error:
- if(dir!=NULL)
+
+ if (dir != NULL)
closedir(dir);
+
return ret;
}
-int TADC_IF_VerifyCertChain(unsigned char* rica, int ricaLen,
- unsigned char* cert, int certLen)
+int TADC_IF_VerifyCertChain(unsigned char *rica, int ricaLen,
+ unsigned char *cert, int certLen)
{
OpenSSL_add_all_algorithms();
X509_STORE *pstStore = X509_STORE_new();
+
if (pstStore == NULL)
return -1;
std::unique_ptr<X509_STORE, void(*)(X509_STORE *)>
- _scoped_x509_store(pstStore, X509_STORE_free);
+ _scoped_x509_store(pstStore, X509_STORE_free);
STACK_OF(X509) *untrustedCerts = sk_X509_new_null();
+
if (untrustedCerts == NULL)
return -1;
std::unique_ptr<STACK_OF(X509), std::function<void(STACK_OF(X509) *)>>
- _scoped_x509_stack(untrustedCerts, [](STACK_OF(X509) *s) { sk_X509_free(s); });
+ _scoped_x509_stack(untrustedCerts, [](STACK_OF(X509) *s) {
+ sk_X509_free(s);
+ });
//Add RICA Cert to certchain
if (AddCertUntrustedCerts(untrustedCerts, rica, ricaLen) != 0) {
- DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Add RICA Cert to certchain!");
+ DRM_TAPPS_EXCEPTION("Add RICA Cert to certchain!");
return -1;
}
//Add Root CA Cert
if (AddCertSTOREFromDir(pstStore, RO_ISSUER_ROOT_CERTS_DIR) != 0) {
- DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Add Root CA Cert!");
+ DRM_TAPPS_EXCEPTION("Add Root CA Cert!");
return -1;
}
X509 *pstX509 = d2i_X509(NULL, (const unsigned char **)&cert, certLen);
if (pstX509 == NULL) {
- DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Get Cert d2i_X509 error!");
+ DRM_TAPPS_EXCEPTION("Get Cert d2i_X509 error!");
return -1;
}
X509_STORE_set_flags(pstStore, X509_V_FLAG_CB_ISSUER_CHECK);
X509_STORE_CTX *pstStoreCtx = X509_STORE_CTX_new();
+
if (pstStoreCtx == NULL) {
- DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : 509_STORE_CTX_new error!");
+ DRM_TAPPS_EXCEPTION("509_STORE_CTX_new error!");
return -1;
}
std::unique_ptr<X509_STORE_CTX, void(*)(X509_STORE_CTX *)>
- _scoped_x509_store_ctx(pstStoreCtx, X509_STORE_CTX_free);
+ _scoped_x509_store_ctx(pstStoreCtx, X509_STORE_CTX_free);
//init
X509_STORE_CTX_init(pstStoreCtx, pstStore, pstX509, untrustedCerts);
case 1:
DRM_TAPPS_LOG("TADC_IF_VerifyCertChain Success!");
return 0;
+
case 0:
DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Failed: %s",
- X509_verify_cert_error_string(X509_STORE_CTX_get_error(pstStoreCtx)));
+ X509_verify_cert_error_string(
+ X509_STORE_CTX_get_error(pstStoreCtx)));
return -1;
+
default:
DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error: X509_verify_cert error!");
return -1;
void TADC_IF_Free(void *memblock)
{
- if(memblock != NULL)
- {
+ if (memblock != NULL)
free(memblock);
- }
}
int TADC_IF_AtoI(char *str)
projects / platform / core / security / drm-service-core-tizen.git / blobdiff