2 * Copyright (c) 2000-2015 Samsung Electronics Co., Ltd.
4 * Licensed under the Flora License, Version 1.1 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://floralicense.org/license/
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include "TADC_Util.h"
20 #include "TADC_ErrorCode.h"
22 #include "drm_intf_tapps.h"
24 #include <openssl/aes.h>
25 #include <openssl/sha.h>
26 #include <openssl/dh.h>
27 #include <openssl/bn.h>
29 //2011.03.08 to verify signature
30 #include <openssl/x509.h>
31 #include <openssl/x509_vfy.h>
32 #include <openssl/evp.h>
33 #include <openssl/rsa.h>
34 #include <openssl/err.h>
35 #include <openssl/pem.h>
39 #include "DUIDGenerator.h"
42 int TADC_IF_GetDUID(char *Duid)
45 DRM_TAPPS_EXCEPTION("Invalid argument.");
46 return TADC_GETDUID_ERROR;
50 if (get_duid(&duid) < 0 || !duid) {
51 DRM_TAPPS_EXCEPTION("Failed to get DUID.");
52 return TADC_GETDUID_ERROR;
55 DRM_TAPPS_LOG("DUID is [%s]", duid);
56 memcpy(Duid, duid, strlen(duid) + 1);
63 int TADC_IF_GetDHKey(T_DH_INFO *t_dhinfo)
66 TADC_IF_MemSet(t_dhinfo, 0, sizeof(t_dh_info));
69 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After TADC_IF_MemSet(t_dhinfo, 0, sizeof(t_dh_info))");
72 if ((pDH = DH_new()) == NULL)
74 DRM_TAPPS_EXCEPTION("DH_new() error!");
79 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_new");
81 //2. Set the Prime and Generator Value
83 0xAE, 0xD9, 0x65, 0x3C, 0x86, 0x3E, 0xD9, 0x6F, 0x31, 0x6E,
84 0xF6, 0x08, 0x35, 0xD5, 0x01, 0xC1, 0x41, 0x2E, 0xDD, 0x7E,
85 0xE9, 0x09, 0x99, 0x73, 0xF3, 0xB3, 0xAB, 0x1F, 0x80, 0x85,
86 0x44, 0x22, 0xDA, 0x07, 0x32, 0x18, 0xC1, 0xF8, 0xC4, 0xED,
87 0x9F, 0x66, 0x88, 0xCF, 0xD6, 0x18, 0x8B, 0x28, 0x56, 0xA5,
88 0xB3, 0x6A, 0x8E, 0xBB, 0xC4, 0x2B, 0x2B, 0x3A, 0x9C, 0x20,
89 0x4E, 0xF7, 0x7F, 0xC3 };
90 BYTE generator[1] = {DH_GENERATOR_5};
92 pDH->p = BN_bin2bn(prime64, 64, NULL);
93 pDH->g = BN_bin2bn(generator, 1, NULL);
95 /* Set a to run with normal modexp and b to use constant time */
96 pDH->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
99 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After Set the Prime and Generator Value");
102 if (!DH_generate_key(pDH))
104 DRM_TAPPS_EXCEPTION("DH_generate_key() error!");
109 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_generate_key");
111 //4. Save DH Infos ( p, g, A, a )
112 TADC_IF_MemCpy(t_dhinfo->p, prime64, 64);
113 t_dhinfo->pSize = 64;
114 t_dhinfo->g = DH_GENERATOR_5;
115 t_dhinfo->ASize = BN_bn2bin(pDH->pub_key, t_dhinfo->A);
116 t_dhinfo->aSize = BN_bn2bin(pDH->priv_key, t_dhinfo->a);
122 DRM_TAPPS_LOG("Debug Log == TADC_IF_GetDHKey : After DH_free");
127 int TADC_IF_GetDHKey_K(T_DH_INFO *t_dhinfo)
130 BIGNUM *pPubKey = NULL;
132 char tempbuf[DHKey_SIZE + 1];
135 unsigned char tempG[1];
137 TADC_IF_MemSet(tempbuf, 0, sizeof(tempbuf));
140 if ((pDH = DH_new()) == NULL)
142 DRM_TAPPS_EXCEPTION("DH_new() error!");
146 //2.Set DH Info to pDH
147 pDH->p = BN_bin2bn(t_dhinfo->p, t_dhinfo->pSize, NULL);
148 tempG[0] = t_dhinfo->g;
149 pDH->g = BN_bin2bn(tempG, 1, NULL);
150 pDH->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
151 pDH->pub_key = BN_bin2bn(t_dhinfo->A, t_dhinfo->ASize, NULL);
152 pDH->priv_key = BN_bin2bn(t_dhinfo->a, t_dhinfo->aSize, NULL);
154 //3. Set Public Key of Server
155 pPubKey = BN_bin2bn(t_dhinfo->B, t_dhinfo->BSize, NULL);
157 //4. Compute DH Session Key
158 if ((i = DH_compute_key((BYTE*)tempbuf, pPubKey, pDH)) < 0)
160 DRM_TAPPS_EXCEPTION("DH_compute_key() error! \n");
164 for (i = 0 ; i < (t_dhinfo -> BSize / 2) ; i++)
166 t_dhinfo->K[i] = tempbuf[i * 2] ^ tempbuf[(i * 2) + 1];
176 /* Only handles 128 bit aes key */
177 int TADC_IF_AES_CTR(unsigned char *pKey, int ivLen, unsigned char *pIV, int inLen, unsigned char *in, int *pOutLen, unsigned char *out)
184 AES_set_encrypt_key(pKey, 128, &stKey);
188 TADC_IF_MemSet(ecount, 0, sizeof(ecount));
189 TADC_IF_MemSet(chain, 0, sizeof(chain));
190 TADC_IF_MemCpy(chain, pIV, ivLen);
192 AES_ctr128_encrypt(in, out, inLen, &stKey, chain, ecount, &num);
199 int TADC_IF_SHA1(unsigned char *in, int inLen, unsigned char *out)
204 SHA1_Update(&AlgInfo, in, inLen);
205 SHA1_Final(out, &AlgInfo);
210 int TADC_IF_VerifySignature(unsigned char* inData, int inLen,
211 unsigned char* sigData, int sigLen,
212 unsigned char* cert, int certLen)
214 unsigned char hashValue[20];
218 EVP_PKEY* pKey = NULL;
222 if (inData == NULL || sigData == NULL || cert == NULL || inLen < 1 || sigLen < 1 || certLen < 1)
224 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : Parameter error!");
230 //1. Make Hash value of indata by using SHA1
231 TADC_IF_SHA1(inData, inLen, hashValue);
233 //2. Get RSA Public Key from cert data ( DER )
234 pX509 = d2i_X509(NULL, (const unsigned char**)&cert, certLen);
237 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : Get RSA Public Key from cert data!");
241 pKey = X509_get_pubkey(pX509);
244 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : X509_get_pubkey!");
248 pRsa = EVP_PKEY_get1_RSA(pKey);
251 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : EVP_PKEY_get1_RSA!");
260 iRet = RSA_verify(NID_sha1, hashValue, 20, sigData, sigLen, pRsa);
264 char tmpBuf[120] = {0,};
266 while ((err = ERR_get_error()) != 0)
268 DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : RSA_verify error(%s)", ERR_error_string(err, tmpBuf));
271 //DRM_TAPPS_EXCEPTION("TADC_IF_VerifySignature Error : RSA_verify error(%s)", ERR_error_string(ERR_get_error(), NULL));
290 int AddCertUntrustedCerts(STACK_OF(X509)* untrustedCerts, unsigned char* cert, int certLen)
292 X509* pstX509 = NULL;
294 if (untrustedCerts == NULL || cert == NULL || certLen < 1)
296 DRM_TAPPS_EXCEPTION("AddCertSTORE Error : Parameter error!");
300 pstX509 = d2i_X509(NULL, (const unsigned char **) &cert, certLen);
303 DRM_TAPPS_EXCEPTION("AddCertSTORE Error : d2i_X509 error!");
307 sk_X509_push(untrustedCerts, pstX509);
312 int AddCertSTOREFromFile(X509_STORE* pstStore, const char* filePath)
314 X509* pstX509 = NULL;
318 file = fopen(filePath, "r");
321 DRM_TAPPS_EXCEPTION("AddCertSTOREFromFile Error : Parameter error! Fail to open a cert file.");
326 pstX509 = PEM_read_X509(file, NULL, NULL, NULL);
329 DRM_TAPPS_EXCEPTION("AddCertSTORE Error : d2i_X509 error!");
334 X509_STORE_add_cert(pstStore, pstX509);
342 int AddCertSTOREFromDir(X509_STORE* pstStore, const char* dirPath)
348 struct dirent *result;
350 char file_path_buff[512];
352 if (pstStore == NULL || dirPath == NULL)
354 DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : Parameter error!");
359 dir = opendir(dirPath);
361 DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : cannot open directory!");
367 error = readdir_r(dir, &entry, &result);
369 DRM_TAPPS_EXCEPTION("AddCertSTOREFromDir Error : fail to read entries from a directory!");
373 // readdir_r returns NULL in *result if the end
374 // of the directory stream is reached
378 if(entry.d_type == DT_REG) { // regular file
379 memset(file_path_buff, 0, sizeof(file_path_buff));
380 snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s", dirPath, entry.d_name);
381 if(AddCertSTOREFromFile(pstStore, file_path_buff) == 0) {
382 DRM_TAPPS_LOG("Add root cert : file=%s", file_path_buff);
384 DRM_TAPPS_LOG("Fail to add root cert : file=%s", file_path_buff);
395 int TADC_IF_VerifyCertChain(unsigned char* rica, int ricaLen,
396 unsigned char* cert, int certLen)
398 X509_STORE_CTX* pstStoreCtx = NULL;
399 X509_STORE* pstStore = NULL;
400 STACK_OF(X509)* untrustedCerts = NULL;
402 X509* pstX509 = NULL;
407 //must call this function.
408 OpenSSL_add_all_algorithms();
410 pstStore = X509_STORE_new();
417 untrustedCerts = sk_X509_new_null();
418 if(untrustedCerts == NULL)
425 //Add RICA Cert to certchain
426 if ((iRet = AddCertUntrustedCerts(untrustedCerts, rica, ricaLen)) != 0)
428 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Add RICA Cert to certchain!");
434 if ((iRet = AddCertSTOREFromDir(pstStore, RO_ISSUER_ROOT_CERTS_DIR)) != 0)
436 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Add Root CA Cert!");
442 pstX509 = d2i_X509(NULL, (const unsigned char **)&cert, certLen);
446 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : Get Cert d2i_X509 error!");
451 X509_STORE_set_flags(pstStore, X509_V_FLAG_CB_ISSUER_CHECK);
452 pstStoreCtx = X509_STORE_CTX_new();
453 if (pstStoreCtx == NULL)
455 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : 509_STORE_CTX_new error!");
461 X509_STORE_CTX_init(pstStoreCtx, pstStore, pstX509, untrustedCerts);
464 X509_STORE_CTX_set_flags(pstStoreCtx, X509_V_FLAG_CB_ISSUER_CHECK);
467 iRet = X509_verify_cert(pstStoreCtx);
471 if (pstStore != NULL)
472 X509_STORE_free(pstStore);
473 if (pstStoreCtx != NULL)
474 X509_STORE_CTX_free(pstStoreCtx);
475 if (untrustedCerts != NULL)
476 sk_X509_free(untrustedCerts);
480 DRM_TAPPS_LOG("TADC_IF_VerifyCertChain Success! \n");
485 iErrCode = X509_STORE_CTX_get_error(pstStoreCtx);
486 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : %s \n", X509_verify_cert_error_string(iErrCode));
491 DRM_TAPPS_EXCEPTION("TADC_IF_VerifyCertChain Error : 509_verify_cert error! \n");
496 size_t TADC_IF_StrLen(const char *string)
498 return strlen(string);
501 int TADC_IF_StrCmp(const char *string1, const char *string2)
503 return strcmp(string1, string2);
506 int TADC_IF_StrNCmp(const char *string1, const char *string2, size_t count)
508 return strncmp(string1, string2, count);
511 char *TADC_IF_StrNCpy(char *strDestination, const char *strSource, size_t count)
513 return strncpy(strDestination, strSource, count);
516 unsigned long TADC_IF_StrtOul(const char *nptr, char **endptr, int base)
518 return strtoul(nptr, endptr, base);
521 int TADC_IF_MemCmp(const void *buf1, const void *buf2, size_t count)
523 return memcmp(buf1, buf2, count);
526 void TADC_IF_MemCpy(void *dest, const void *src, size_t count)
528 memcpy(dest, src, count);
531 void TADC_IF_MemSet(void *dest, int c, size_t count)
533 memset(dest, c, count);
536 void *TADC_IF_Malloc(size_t size)
541 void TADC_IF_Free(void *memblock)
549 int TADC_IF_AtoI(char *str)