ADD_LIBRARY(${PROJECT_NAME} SHARED ${SRCS})
IF("${ARCH}" MATCHES "arm")
-TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${pkgs_LDFLAGS} -ldl -lssl -lcrypto -L./libs -lShpSec)
+TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${pkgs_LDFLAGS} -ldl -lssl -lcrypto -L./libs -lDeviceInfo)
ELSEIF("${ARCH}" MATCHES "x86")
TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${pkgs_LDFLAGS} -ldl -lssl -lcrypto)
ENDIF("${ARCH}" MATCHES "arm")
##################################################################################################################
##################################################################################################################
+# for libtzsvc.so
+SET(SRCS_TZ
+ ${source_dir}/SecCryptoSvc.c
+ ${source_dir}/SecTzSvc.c
+)
+
+SET(libtzsvc_LDFLAGS " -module -avoid-version ${pkgs_LDFLAGS} ")
+SET(libtzsvc_CFLAGS " ${CFLAGS} -fvisibility=hidden -g -fPIC -I${CMAKE_CURRENT_SOURCE_DIR}/include ")
+SET(libtzsvc_CPPFLAGS " -DPIC ")
+
+SET(LIBTZ_SO "tzsvc")
+ADD_LIBRARY(${LIBTZ_SO} SHARED ${SRCS_TZ})
+
+IF("${ARCH}" MATCHES "arm")
+TARGET_LINK_LIBRARIES(${LIBTZ_SO} ${pkgs_LDFLAGS} -ldl -lssl -lcrypto -L./libs -lDeviceInfo)
+ELSEIF("${ARCH}" MATCHES "x86")
+TARGET_LINK_LIBRARIES(${LIBTZ_SO} ${pkgs_LDFLAGS} -ldl -lssl -lcrypto)
+ENDIF("${ARCH}" MATCHES "arm")
+
+SET_TARGET_PROPERTIES(
+ ${LIBTZ_SO}
+ PROPERTIES
+ SOVERSION 0
+ VERSION 0.0.0
+)
+##################################################################################################################
+
+
+##################################################################################################################
# for module_test
#SET(module_test_SOURCES
#${test_dir}/module_test.c
CONFIGURE_FILE(${PROJECT_NAME}.pc.in ${PROJECT_NAME}.pc)
INSTALL(FILES ${PROJECT_NAME}.pc DESTINATION lib/pkgconfig)
INSTALL(TARGETS ${PROJECT_NAME} DESTINATION lib)
+INSTALL(TARGETS ${LIBTZ_SO} DESTINATION lib)
INSTALL(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/include/ DESTINATION /usr/include)
ADD_DEFINITIONS(-D_bool_cryptsvc)
Except as noted, this software is licensed under Apache License, Version 2.
Please, see the LICENSE.APLv2 file for Apache License terms and conditions.
-libShpSec.a file is licensed under Flora License, Version 1.
+libDeviceInfo.a file is licensed under Flora License, Version 1.
Please, see the LICENSE.Flora file for Flora License, Version 1 terms and conditions.
+
+libtzcrypt.a file is licensed under Flora License, Version 1.
+Please, see the LICENSE.Flora file for Flora License, Version 1 terms and conditions.
+
Description:nothing
Version: 0.0.1
Requires: openssl
-Libs: -L${libdir} -lcryptsvc
+Libs: -L${libdir} -lcryptsvc -ltzsvc
Cflags: -I${includedir}
//#define SEC_CRYPTP_ARR_LENGTH 1024
#define SEC_FRAME_OSP_KEY "uniqueKey"
//#define SHA1_DIGEST_VALUE_LEN 20
+#define SHA256_DIGEST_VALUE_LEN 32
//#define KDF_KEYLEN 16
#define HASH_LEN 20
//#define SEC_KEYMGR_FEK_SIZE 16
--- /dev/null
+/*
+ * libcryptsvc - device unique key
+ *
+ * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#ifndef _SEC_TZ_SVC_H
+#define _SEC_TZ_SVC_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+typedef unsigned int uint32_t;
+typedef unsigned char uint8_t;
+typedef unsigned int TZCRYPT_Result;
+typedef unsigned char TZCRYPT_UINT8;
+typedef unsigned int TZCRYPT_UINT32;
+typedef unsigned long TZCRYPT_UINT64;
+
+#define SHA256_DIGEST_VALUE_LEN 32
+
+/*
+ * This function provides an encryption of user data.
+ *
+ * @param [in] Src : User data to be encrypted
+ * @param [in] SrcLen : Length of user data to be encrypted (multiple by chunk size, SIZE_CHUNK)
+ * @param [out] Dst : Encrypted data
+ * @param [out] *DstLen : a pointer to length of encrypted data (multiple by secure object size, SIZE_SECUREOBJECT)
+ * @param [in] AppInfo : Application information
+ * @param [in] AppInfoLen : Length of Application information
+ * @param [out] WrapAppInfo : Hashed and wrapped Application Information as an identifier
+ * @param [out] *WrapAppInfo : a pointer to length of hashed and wraped Application Information as an identifier
+ *
+ * return SEC_CRYPTO_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
+ */
+__attribute__((visibility("default")))
+TZCRYPT_Result SecEncryptTZCrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen, TZCRYPT_UINT8 *AppInfo, TZCRYPT_UINT32 AppInfoLen, TZCRYPT_UINT8 *WrapAppInfo, TZCRYPT_UINT32 *WrapAppInfoLen);
+
+/*
+ * This function provides an decryption of user data.
+ *
+ * @param [in] Src : Cipher data to be decrypted
+ * @param [in] SrcLen : Length of Cipher data to be decrypted (multiple by chunk size, SIZE_SECUREOBJECT)
+ * @param [out] Dst : Encrypted data
+ * @param [out] *DstLen : a pointer to length of encrypted data (multiple by secure object size, SIZE_CHUNK)
+ * @param [in] AppInfo : Application information
+ * @param [in] AppInfoLen : Length of Application information
+ * @param [in] WrapAppInfo : Hashed and wrapped Application Information as an identifier
+ * @param [in] WrapAppInfo : Length of hashed and wraped Application Information as an identifier
+ *
+ * return SEC_CRYPTO_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
+ * If a given application information (identifier) is wrong, then return UNIT_TEXT_HASH_ERROR
+ */
+__attribute__((visibility("default")))
+TZCRYPT_Result SecDecryptTZCrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen, TZCRYPT_UINT8 *AppInfo, TZCRYPT_UINT32 AppInfoLen, TZCRYPT_UINT8 *WrapAppInfo, TZCRYPT_UINT32 WrapAppInfoLen);
+
+/*
+ * This function provides the length of a given src len
+ *
+ * @param [in] source length
+ *
+ * return length of cipher text
+ */
+__attribute__((visibility("default")))
+TZCRYPT_UINT32 SecGetCipherLen(TZCRYPT_UINT32 srclen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ * tci.h
+ *
+ * Created on: 05.05.2010
+ * Author: galkag
+ * modified ckyu.han@samsung.com
+ */
+
+#ifndef TCI_H_
+#define TCI_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*
+typedef unsigned int uint32_t;
+typedef unsigned char uint8_t;
+*/
+
+typedef uint32_t tciCommandId_t;
+typedef uint32_t tciResponseId_t;
+typedef uint32_t tciReturnCode_t;
+
+/* Responses have bit 31 set */
+#define RSP_ID_MASK (1U << 31)
+#define RSP_ID(cmdId) (((uint32_t)(cmdId)) | RSP_ID_MASK)
+#define IS_CMD(cmdId) ((((uint32_t)(cmdId)) & RSP_ID_MASK) == 0)
+#define IS_RSP(cmdId) ((((uint32_t)(cmdId)) & RSP_ID_MASK) == RSP_ID_MASK)
+
+/* Return codes of Trustlet commands. */
+#define RET_OK 0 /* Set, if processing is error free */
+#define RET_ERR_UNKNOWN_CMD 1 /* Unknown command */
+#define RET_CUSTOM_START 2
+#define RET_ERR_MAP 3
+#define RET_ERR_UNMAP 4
+
+/* TCI command header. */
+typedef struct {
+ tciCommandId_t commandId; /* Command ID */
+} tciCommandHeader_t;
+
+/* TCI response header. */
+typedef struct {
+ tciResponseId_t responseId; /* Response ID (must be command ID | RSP_ID_MASK )*/
+ tciReturnCode_t returnCode; /* Return code of command */
+} tciResponseHeader_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* TCI_H_ */
--- /dev/null
+/*
+ * tlc_tzcrypto.h
+ *
+ */
+
+#ifndef TLC_TZCRYPT_H_
+#define TLC_TZCRYPT_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/*
+typedef unsigned int TZCRYPT_Result;
+typedef unsigned char TZCRYPT_UINT8;
+typedef unsigned int TZCRYPT_UINT32;
+typedef unsigned long TZCRYPT_UINT64;
+*/
+
+/* TLC error code */
+#define TZCRYPT_SUCCESS 0x00000000
+#define TZCRYPT_ERROR_INIT_FAILED 0x20000001
+#define TZCRYPT_ERROR_TERMINATE_FAILED 0x20000002
+#define TZCRYPT_ERROR_ENCRYPT_FAILED 0x20000003
+#define TZCRYPT_ERROR_DECRYPT_FAILED 0x20000004
+#define TZCRYPT_ERROR_WRAPIDENTITY_FAILED 0x20000005
+#define TZCRYPT_ERROR_UNWRAPIDENTITY_FAILED 0x20000006
+#define TZCRYPT_ERROR_HASH_FAILED 0x20000007
+#define TZCRYPT_ERROR_INVALID_PARAMETER 0x20000008
+
+/* Sec Crypto error code */
+#define SEC_CRYPTO_SUCCESS 0x00000000
+#define SEC_CRYPTO_ENCRYPT_ERROR 0x30000001
+#define SEC_CRYPTO_DECRYPT_ERROR 0x30000002
+#define SEC_CRYPTO_WRAPIDENTITY_ERROR 0x30000003
+#define SEC_CRYPTO_UNWRAPIDENTITY_ERROR 0x30000004
+#define SEC_CRYPTO_HASH_ERROR 0x30000005
+
+/*
+ * This function provides an encryption of user data.
+ *
+ * @param [in] Src : User data to be encrypted
+ * @param [in] SrcLen : Length of user data to be encrypted (multiple by chunk size, SIZE_CHUNK)
+ * @param [out] Dst : Encrypted data
+ * @param [out] *DstLen : a pointer to length of encrypted data (multiple by secure object size, SIZE_SECUREOBJECT)
+ *
+ * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the previous TLC error code)
+ */
+TZCRYPT_Result TzCrypt_Encrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
+
+/*
+ * This function provides an decryption of user data.
+ *
+ * @param [in] Src : Cipher data to be decrypted
+ * @param [in] SrcLen : Length of Cipher data to be decrypted (multiple by chunk size, SIZE_SECUREOBJECT)
+ * @param [out] Dst : Encrypted data
+ * @param [out] *DstLen : a pointer to length of encrypted data (multiple by secure object size, SIZE_CHUNK)
+ *
+ * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
+ */
+TZCRYPT_Result TzCrypt_Decrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
+
+/*
+ * This function provides an hash of user data.
+ *
+ * @param [in] Src : Plain information
+ * @param [in] SrcLen : Length of Plain information
+ * @param [out] Dst : Hashed information
+ * @param [out] *DstLen : a pointer to length of hashed information
+
+ * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
+ */
+TZCRYPT_Result TzCrypt_Hash(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
+
+/*
+ * This function provides an wrapping of App data. (+ include hash operation)
+ *
+ * @param [in] Src : Plain information
+ * @param [in] SrcLen : Length of Plain information
+ * @param [out] Dst : Wrapped information
+ * @param [out] *DstLen : a pointer to length of wrapped information
+
+ * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
+ */
+TZCRYPT_Result TzCrypt_WrapIdentity(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
+
+/*
+ * This function provides an unwrapping of App data. (- exclude hash operation)
+ *
+ * @param [in] Src : Plain information
+ * @param [in] SrcLen : Length of Plain information
+ * @param [out] Dst : Wrapped information
+ * @param [out] *DstLen : a pointer to length of wrapped information
+
+ * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
+ */
+TZCRYPT_Result TzCrypt_UnwrapIdentity(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
+
+/*
+ * This function provides the length of secure object from a given length of source data
+ *
+ * @param [in] SrcLen : Length of Plain information
+ *
+ * return TZCRYPT_UINT32 (size) if operation has been succesfully completed.
+ */
+TZCRYPT_UINT32 TzCrypt_GetSOLen(TZCRYPT_UINT32 SrcLen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/*
+ *
+ */
+#ifndef TLTZCRYPT_API_H_
+#define TLTZCRYPT_API_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "tci.h"
+
+/* Command ID's for communication Trustlet Connector -> Trustlet. */
+#define CMD_ENCRYPT_TZ_CRYPT 0x00000001
+#define CMD_DECRYPT_TZ_CRYPT 0x00000002
+#define CMD_WRAPIDENTITY_TZ_CRYPT 0x00000003
+#define CMD_UNWRAPIDENTITY_TZ_CRYPT 0x00000004
+#define CMD_HASH_TZ_CRYPT 0x00000005
+
+/* Return codes */
+#define RET_TL_OK 0x00000000
+
+/* Error codes */
+#define RET_ERR_ENCRYPT_TZ_CRYPT 0x10000001
+#define RET_ERR_DECRYPT_TZ_CRYPT 0x10000002
+#define RET_ERR_WRAPIDENTITY_TZ_CRYPT 0x10000003
+#define RET_ERR_UNWRAPIDENTITY_TZ_CRYPT 0x10000004
+#define RET_ERR_HASH_TZ_CRYPT 0x10000005
+
+/* Termination codes */
+#define EXIT_ERROR ((uint32_t)(-1))
+
+#define SIZE_CHUNK 1024
+#define SIZE_SECUREOBJECT 1116 // SO SIZE for 1024 byte (predefined)
+#define SIZE_HASHAPPIDENTITY 32
+#define SIZE_WRAPAPPIDENTITY 124
+
+/* TCI message data. */
+typedef struct {
+ uint32_t id;
+ //uint32_t data_len;
+ //uint8_t *data_ptr;
+ //uint8_t data[MAX_DATA_LEN];
+} tci_cmd_t;
+
+typedef struct {
+ uint32_t id;
+ uint32_t return_code;
+ //uint32_t data_len;
+ //uint8_t *data_ptr;
+ //uint8_t data[MAX_DATA_LEN];
+} tci_resp_t;
+
+
+typedef union {
+ uint8_t input_data[SIZE_CHUNK];
+ uint8_t output_data[SIZE_SECUREOBJECT];
+} buffer_t;
+
+typedef union {
+ uint8_t hash_identity[SIZE_HASHAPPIDENTITY];
+ uint8_t wrap_identity[SIZE_WRAPAPPIDENTITY];
+} identity_t;
+
+typedef struct {
+ union {
+ tci_cmd_t cmd; /* Command message structure */
+ tci_resp_t resp; /* Response message structure */
+ };
+ uint32_t pData;
+ uint32_t pLen;
+ uint32_t cData;
+ uint32_t cLen;
+} tciMessage_t;
+
+/* Trustlet UUID. */
+#define TL_TZ_CRYPT_UUID { { 0xff, 0xff, 0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7 } }
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* TLTZCRYPT_API_H_ */
Name: libcryptsvc
Summary: nothing
Version: 0.0.1
-Release: 3
+Release: 4
Group: Osp/Security
License: APLv2
Source0: %{name}-%{version}.tar.gz
-/*\r
- * libcryptsvc - device unique key\r
- *\r
- * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved\r
- *\r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- *\r
- */\r
-\r
-#include "SecCryptoSvc.h"\r
-//#include "SecKmBase64.h"\r
-//#include "CryptoSvc-debug.h"\r
-#include <string.h>\r
-#include <stdio.h>\r
-#include <openssl/evp.h>\r
-#include <openssl/err.h>\r
-#include <openssl/rand.h>\r
-#include <openssl/sha.h>\r
-#include <dlog.h>\r
-\r
-bool SecFrameGeneratePlatformUniqueKey(IN UINT32 uLen, IN OUT UINT8 *pCek)\r
-{\r
- bool bResult = true;\r
- unsigned int i = 0;\r
- unsigned char Key[73] = {0};\r
- unsigned char hashedValue[HASH_LEN] = {0};\r
- int nTempLen = SEC_DUK_SIZE;\r
- int nHashLen = 0;\r
- int remain = 0;\r
- unsigned char *result = NULL;\r
-\r
- SLOGD("[LOG][%s:L%d] Enter \n", __func__,__LINE__);\r
-#ifdef CRYPTOSVC_TARGET\r
- SysSecBootGetDeviceUniqueKey(Key);\r
-#else\r
- memset(Key, 0xFF, nTempLen);\r
-#endif\r
-\r
- /* for debugging */\r
- SLOGD("Device Unique Key Information \n");\r
-\r
- memcpy(Key+nTempLen, SEC_FRAME_OSP_KEY, 9);\r
- nTempLen += 9;\r
-\r
- remain = uLen;\r
-\r
- for( i = 0 ; i < uLen ; i += HASH_LEN )\r
- {\r
- result = SHA1(Key, nTempLen, hashedValue);\r
- nHashLen = HASH_LEN;\r
-\r
- if( result == NULL)\r
- {\r
- SLOGE("SecCryptoHash fail \n");\r
- bResult = false;\r
- goto ERR;\r
- }\r
-\r
- nTempLen = nHashLen;\r
-\r
- if( remain < HASH_LEN )\r
- {\r
- memcpy(pCek+i, hashedValue, remain);\r
- }\r
- else\r
- {\r
- memcpy(pCek+i, hashedValue, nHashLen);\r
- }\r
-\r
- remain -= HASH_LEN;\r
- memset(Key, 0, sizeof(Key));\r
- memcpy(Key, hashedValue, nHashLen);\r
- }\r
- SLOGD("[LOG][%s:L%d] End \n", __func__,__LINE__);\r
-ERR:\r
- SLOGD("[LOG][%s:L%d] End with ERROR \n", __func__,__LINE__);\r
- return bResult;\r
-}\r
-\r
+/*
+ * libcryptsvc - device unique key
+ *
+ * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include "SecCryptoSvc.h"
+//#include "SecKmBase64.h"
+//#include "CryptoSvc-debug.h"
+#include <string.h>
+#include <stdio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <dlog.h>
+
+bool SecFrameGeneratePlatformUniqueKey(IN UINT32 uLen, IN OUT UINT8 *pCek)
+{
+ bool bResult = true;
+ unsigned int i = 0;
+ unsigned char Key[73] = {0};
+ unsigned char hashedValue[HASH_LEN] = {0};
+ int nTempLen = SEC_DUK_SIZE;
+ int nHashLen = 0;
+ int remain = 0;
+ unsigned char *result = NULL;
+
+ SLOGD("[LOG][%s:L%d] Enter \n", __func__,__LINE__);
+#ifdef CRYPTOSVC_TARGET
+ SysSecBootGetDeviceUniqueKey(Key);
+#else
+ memset(Key, 0xFF, nTempLen);
+#endif
+
+ /* for debugging */
+ SLOGD("Device Unique Key Information \n");
+
+ memcpy(Key+nTempLen, SEC_FRAME_OSP_KEY, 9);
+ nTempLen += 9;
+
+ remain = uLen;
+
+ for( i = 0 ; i < uLen ; i += HASH_LEN )
+ {
+ result = SHA1(Key, nTempLen, hashedValue);
+ nHashLen = HASH_LEN;
+
+ if( result == NULL)
+ {
+ SLOGE("SecCryptoHash fail \n");
+ bResult = false;
+ goto ERR;
+ }
+
+ nTempLen = nHashLen;
+
+ if( remain < HASH_LEN )
+ {
+ memcpy(pCek+i, hashedValue, remain);
+ }
+ else
+ {
+ memcpy(pCek+i, hashedValue, nHashLen);
+ }
+
+ remain -= HASH_LEN;
+ memset(Key, 0, sizeof(Key));
+ memcpy(Key, hashedValue, nHashLen);
+ }
+ SLOGD("[LOG][%s:L%d] End \n", __func__,__LINE__);
+ERR:
+ SLOGD("[LOG][%s:L%d] End with ERROR \n", __func__,__LINE__);
+ return bResult;
+}
+
+
--- /dev/null
+/*
+ * libTzSvc - encryption and decryption with the TZ-based HW key
+ *
+ * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <dlog.h>
+
+#include <sys/ioctl.h>
+#include <sys/time.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/crypto.h>
+
+#include "SecTzSvc.h"
+#include "SecCryptoSvc.h"
+#include "tlc_tzcrypt.h"
+#include "tltzcrypt_api.h"
+
+#define LOG_TAG "tlcTzCrypt"
+#ifndef CRYPTOSVC_TZ
+#define SIZE_CHUNK 1024
+#define SIZE_SECUREOBJECT 1116
+#define KEY_SIZE 16
+#endif
+
+unsigned char* AES_Crypto(unsigned char* p_text, unsigned char* c_text, unsigned char* aes_key, unsigned char* iv, int mode, unsigned long size)
+{
+ AES_KEY e_key, d_key;
+
+ AES_set_encrypt_key(aes_key, 128, &e_key);
+ AES_set_decrypt_key(aes_key, 128, &d_key);
+
+ if(mode == 1)
+ {
+ AES_cbc_encrypt(p_text, c_text, size, &e_key, iv, AES_ENCRYPT);
+ return c_text;
+ }
+ else
+ {
+ AES_cbc_encrypt(c_text, p_text, size, &d_key, iv, AES_DECRYPT);
+ return p_text;
+ }
+}
+TZCRYPT_Result SecEncryptTZCrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen, TZCRYPT_UINT8 *AppInfo, TZCRYPT_UINT32 AppInfoLen, TZCRYPT_UINT8 *WrapAppInfo, TZCRYPT_UINT32 *WrapAppInfoLen)
+{
+
+ TZCRYPT_Result ret = SEC_CRYPTO_ENCRYPT_ERROR;
+#ifndef CRYPTOSVC_TZ
+ int outLen = 0;
+ unsigned char key[KEY_SIZE] = {0,};
+ unsigned char hashOut[SHA_DIGEST_LENGTH] = {0,};
+ unsigned char iv[] = {0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B };
+#endif
+
+#ifdef CRYPTOSVC_TZ
+ if(SrcLen % SIZE_CHUNK != 0 || *DstLen % SIZE_SECUREOBJECT != 0){
+ LOGE("Plain chunk size :: Test for Encryption of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
+ LOGE("source length = %d, destination length = %d\n", SrcLen, *DstLen);
+ return ret;
+ }
+#endif
+
+ LOGI("Start Encryption of TZ Crypt!\n");
+
+#ifdef CRYPTOSVC_TZ
+ ret = TzCrypt_WrapIdentity(AppInfo, AppInfoLen, WrapAppInfo, WrapAppInfoLen);
+ if (ret) {
+ LOGE("Failed to wrap AppInfo of TZ [Return Value] = %.8x\n", ret);
+ return SEC_CRYPTO_WRAPIDENTITY_ERROR;
+ }
+ ret = TzCrypt_Encrypt(Src, SrcLen, Dst, DstLen);
+ if (ret) {
+ LOGE("Test for Encryption of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
+ return SEC_CRYPTO_ENCRYPT_ERROR;
+ }
+#else
+ if(!SecFrameGeneratePlatformUniqueKey(KEY_SIZE, key))
+ {
+ LOGE("Failed to generate device unique key\n");
+ return SEC_CRYPTO_ENCRYPT_ERROR;
+ }
+ if(AES_Crypto(Src, Dst, key, iv, 1, SrcLen) == NULL)
+ {
+ LOGE("Failed to encrypt data \n");
+ return SEC_CRYPTO_ENCRYPT_ERROR;
+ }
+ *DstLen = SrcLen;
+ EVP_Digest(AppInfo, AppInfoLen, hashOut, (unsigned int*)&outLen, EVP_sha1(), NULL);
+ *WrapAppInfoLen = outLen;
+ memcpy(WrapAppInfo, hashOut, *WrapAppInfoLen);
+#endif
+ LOGI("Encryption of TZ Crypt is Success! [Return Value] = %.8x\n", ret);
+
+ return SEC_CRYPTO_SUCCESS;
+}
+
+TZCRYPT_Result SecDecryptTZCrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen, TZCRYPT_UINT8 *AppInfo, TZCRYPT_UINT32 AppInfoLen, TZCRYPT_UINT8 *WrapAppInfo, TZCRYPT_UINT32 WrapAppInfoLen)
+{
+ TZCRYPT_Result ret = SEC_CRYPTO_DECRYPT_ERROR;
+#ifndef CRYPTOSVC_TZ
+ int outLen = 0;
+ unsigned char key[KEY_SIZE] = {0,};
+ unsigned char hashOut[SHA_DIGEST_LENGTH] = {0,};
+ unsigned char iv[] = {0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B };
+#endif
+#ifdef CRYPTOSVC_TZ
+ if(SrcLen % SIZE_SECUREOBJECT != 0 ){
+ LOGE("Ciphertext chunk size :: Test for Encryption of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
+ return ret;
+ }
+
+ if(WrapAppInfoLen != SIZE_WRAPAPPIDENTITY){
+ LOGE("Wrapped App Identity Size :: failed!!! [Return Value] = %.8x\n", ret);
+ return ret;
+ }
+
+ TZCRYPT_UINT8 *unwrapData = NULL;
+ TZCRYPT_UINT32 unwrapDatalen = SIZE_HASHAPPIDENTITY;
+ unwrapData = (TZCRYPT_UINT8 *)malloc(unwrapDatalen);
+
+ ret = TzCrypt_UnwrapIdentity(WrapAppInfo, WrapAppInfoLen, unwrapData, &unwrapDatalen);
+ if (ret) {
+ LOGE("Test for Unwrap AppInfo of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
+ return SEC_CRYPTO_UNWRAPIDENTITY_ERROR;
+ }
+ LOGI("Unwrap AppInfo of TZ Crypt is Success! [Return Value] = %.8x\n", ret);
+
+ TZCRYPT_UINT8 *hashData = NULL;
+ TZCRYPT_UINT32 hashDatalen = SIZE_HASHAPPIDENTITY;
+ hashData = (TZCRYPT_UINT8 *)malloc(hashDatalen);
+
+ ret = TzCrypt_Hash(AppInfo, AppInfoLen, hashData, &hashDatalen);
+ if (ret) {
+ LOGE("Test for Hash AppInfo of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
+ return SEC_CRYPTO_HASH_ERROR;
+ }
+
+ if( 0 != memcmp(unwrapData, hashData, hashDatalen) || hashDatalen != unwrapDatalen){
+ LOGE("App Info Identity is NOT same as hash Info of a given Identity\n");
+ return SEC_CRYPTO_HASH_ERROR;
+ }
+
+ LOGI("Start Decryption of TZ Crypt!\n");
+ ret = TzCrypt_Decrypt(Src, SrcLen, Dst, DstLen);
+ if (ret) {
+ LOGE("Test for Decryption of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
+ return SEC_CRYPTO_DECRYPT_ERROR;
+ }
+#else
+ if(!SecFrameGeneratePlatformUniqueKey(KEY_SIZE, key))
+ {
+ LOGE("Failed to generate device unique key\n");
+ return SEC_CRYPTO_DECRYPT_ERROR;
+ }
+
+ EVP_Digest(AppInfo, AppInfoLen, hashOut, (unsigned int*)&outLen, EVP_sha1(), NULL);
+
+ if( 0 != memcmp(WrapAppInfo, hashOut, outLen) || outLen != WrapAppInfoLen){
+ LOGE("AppInfo Identifier Information is wrong\n");
+ return SEC_CRYPTO_HASH_ERROR;
+ }
+
+ if(AES_Crypto(Dst, Src, key, iv, 0, SrcLen) == NULL)
+ {
+ LOGE("Failed to decrypt data \n");
+ return SEC_CRYPTO_DECRYPT_ERROR;
+ }
+ *DstLen = SrcLen;
+
+#endif
+ LOGI("Test for Decryption of TZ Crypt is Success! [Return Value] = %.8x\n", ret);
+
+ return SEC_CRYPTO_SUCCESS;
+}
+
+TZCRYPT_UINT32 SecGetCipherLen(TZCRYPT_UINT32 srclen)
+{
+#ifdef CRYPTOSVC_TZ
+ TZCRYPT_UINT32 cipherLength = TzCrypt_GetSOLen(srclen);
+#else
+ int cipherLength = (srclen / EVP_aes_128_cbc()->block_size + 1) * EVP_aes_128_cbc()->block_size;
+#endif
+ return cipherLength;
+}