SET(PREFIX ${CMAKE_INSTALL_PREFIX})
SET(EXEC_PREFIX "\${prefix}")
+SET(LIBDIR "\${prefix}/lib")
SET(INCLUDEDIR "\${prefix}/include")
INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include)
##################################################################################################################
# for libcryptsvc.so
SET(SRCS
- #${source_dir}/CryptoSvc-debug.c
${source_dir}/SecCryptoSvc.c
- #${source_dir}/SecKmBase64.c
)
SET(libcryptsvc_LDFLAGS "${pkgs_LDFLAGS}")
TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${libcryptsvc_LDFLAGS})
IF("${ARCH}" MATCHES "arm")
-TARGET_LINK_LIBRARIES(${PROJECT_NAME} -L./libs -lDeviceInfo)
+TARGET_LINK_LIBRARIES(${PROJECT_NAME})
ENDIF("${ARCH}" MATCHES "arm")
SET_TARGET_PROPERTIES(
##################################################################################################################
# for libtzsvc.so
-SET(SRCS_TZ
- ${source_dir}/SecCryptoSvc.c
- ${source_dir}/SecTzSvc.c
-)
+#SET(SRCS_TZ
+# ${source_dir}/SecTzSvc.c
+#)
-SET(libtzsvc_LDFLAGS "${pkgs_LDFLAGS}")
-SET(libtzsvc_CFLAGS " ${CFLAGS} -fvisibility=hidden -g -fPIC -I${CMAKE_CURRENT_SOURCE_DIR}/include ")
-SET(libtzsvc_CPPFLAGS " -DPIC ")
+#SET(libtzsvc_LDFLAGS "${pkgs_LDFLAGS}")
+#SET(libtzsvc_CFLAGS " ${CFLAGS} -fvisibility=hidden -g -fPIC -I${CMAKE_CURRENT_SOURCE_DIR}/include ")
+#SET(libtzsvc_CPPFLAGS " -DPIC ")
-SET(LIBTZ_SO "tzsvc")
-ADD_LIBRARY(${LIBTZ_SO} SHARED ${SRCS_TZ})
+#SET(LIBTZ_SO "tzsvc")
+#ADD_LIBRARY(${LIBTZ_SO} SHARED ${SRCS_TZ})
-TARGET_LINK_LIBRARIES(${LIBTZ_SO} ${libtzsvc_LDFLAGS})
+#TARGET_LINK_LIBRARIES(${LIBTZ_SO} ${libtzsvc_LDFLAGS})
-IF("${ARCH}" MATCHES "arm")
-TARGET_LINK_LIBRARIES(${LIBTZ_SO} -L./libs -lDeviceInfo)
-ENDIF("${ARCH}" MATCHES "arm")
+#IF("${ARCH}" MATCHES "arm")
+#TARGET_LINK_LIBRARIES(${LIBTZ_SO})
+#ENDIF("${ARCH}" MATCHES "arm")
-SET_TARGET_PROPERTIES(
- ${LIBTZ_SO}
- PROPERTIES
- VERSION ${FULLVER}
- SOVERSION ${MAJORVER}
-)
+
+#SET_TARGET_PROPERTIES(
+# ${LIBTZ_SO}
+# PROPERTIES
+# VERSION ${FULLVER}
+# SOVERSION ${MAJORVER}
+#)
##################################################################################################################
IF("${ARCH}" MATCHES "arm")
#ADD_DEFINITIONS("-DTARGET")
ADD_DEFINITIONS("-DCRYPTOSVC_TARGET")
+ ADD_DEFINITIONS("-DCRYPTOSVC_TZ")
#MESSAGE("add -DTARGET")
ENDIF("${ARCH}" MATCHES "arm")
SET(PC_NAME ${PROJECT_NAME})
SET(PC_DESCRIPTION ${DESCRIPTION})
-SET(PC_LDFLAGS " -l${PROJECT_NAME} -l${LIBTZ_SO} ")
+SET(PC_LDFLAGS " -l${PROJECT_NAME} ")
SET(PC_REQUIRED ${pc_requires})
CONFIGURE_FILE(${PROJECT_NAME}.pc.in ${PROJECT_NAME}.pc @ONLY)
-INSTALL(FILES ${PROJECT_NAME}.pc DESTINATION ${LIB_INSTALL_DIR}/pkgconfig)
-INSTALL(TARGETS ${PROJECT_NAME} DESTINATION ${LIB_INSTALL_DIR})
-INSTALL(TARGETS ${LIBTZ_SO} DESTINATION ${LIB_INSTALL_DIR})
+INSTALL(FILES ${PROJECT_NAME}.pc DESTINATION lib/pkgconfig)
+INSTALL(TARGETS ${PROJECT_NAME} DESTINATION lib)
+INSTALL(TARGETS ${LIBTZ_SO} DESTINATION lib)
INSTALL(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/include/ DESTINATION ${INCLUDEDIR})
ADD_DEFINITIONS(-D_bool_cryptsvc)
Except as noted, this software is licensed under Apache License, Version 2.
Please, see the LICENSE.APLv2 file for Apache License terms and conditions.
-libDeviceInfo.a file is licensed under Flora License, Version 1.1.
-Please, see the LICENSE.Flora file for Flora License, Version 1.1 terms and conditions.
-
-libtzcrypt.a file is licensed under Flora License, Version 1.1.
-Please, see the LICENSE.Flora file for Flora License, Version 1.1 terms and conditions.
-
# Package Information for pkg-config
prefix=@PREFIX@
-libdir=@LIB_INSTALL_DIR@
+libdir=@PREFIX@/lib
includedir=@PREFIX@/include
Name: @PC_NAME@
#define HASH_LEN 20
//#define SEC_KEYMGR_FEK_SIZE 16
+/*------ Base64 Encoding Table ------*/
+static const char Base64EncodingTable[] = {
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+ 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+ 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+ 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+ 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+ 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+ 'w', 'x', 'y', 'z', '0', '1', '2', '3',
+ '4', '5', '6', '7', '8', '9', '+', '/'
+};
/**
* This function provides Device UniqueKey for crypto with Hash
__attribute__((visibility("default")))
bool SecFrameGeneratePlatformUniqueKey(IN UINT32 uLen,IN OUT UINT8 *pCek);
+__attribute__((visibility("default")))
+char* Base64Encoding(char* pData, int size);
+
+__attribute__((visibility("default")))
+char* GetDuid(int size);
+
#ifdef __cplusplus
}
#endif
#define SHA256_DIGEST_VALUE_LEN 32
+/* Sec Crypto error code */
+#define SEC_CRYPTO_SUCCESS 0x00000000
+#define SEC_CRYPTO_ENCRYPT_ERROR 0x30000001
+#define SEC_CRYPTO_DECRYPT_ERROR 0x30000002
+#define SEC_CRYPTO_WRAPIDENTITY_ERROR 0x30000003
+#define SEC_CRYPTO_UNWRAPIDENTITY_ERROR 0x30000004
+#define SEC_CRYPTO_HASH_ERROR 0x30000005
+#define SEC_CRYPTO_GENERATE_KEY_ERROR 0x30000006
+#define SEC_CRYPTO_RETRIEVE_KEY_ERROR 0x30000007
/*
* This function provides an encryption of user data.
*
+++ /dev/null
-/*
- * tci.h
- *
- * Created on: 05.05.2010
- * Author: galkag
- * modified ckyu.han@samsung.com
- */
-
-#ifndef TCI_H_
-#define TCI_H_
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-/*
-typedef unsigned int uint32_t;
-typedef unsigned char uint8_t;
-*/
-
-typedef uint32_t tciCommandId_t;
-typedef uint32_t tciResponseId_t;
-typedef uint32_t tciReturnCode_t;
-
-/* Responses have bit 31 set */
-#define RSP_ID_MASK (1U << 31)
-#define RSP_ID(cmdId) (((uint32_t)(cmdId)) | RSP_ID_MASK)
-#define IS_CMD(cmdId) ((((uint32_t)(cmdId)) & RSP_ID_MASK) == 0)
-#define IS_RSP(cmdId) ((((uint32_t)(cmdId)) & RSP_ID_MASK) == RSP_ID_MASK)
-
-/* Return codes of Trustlet commands. */
-#define RET_OK 0 /* Set, if processing is error free */
-#define RET_ERR_UNKNOWN_CMD 1 /* Unknown command */
-#define RET_CUSTOM_START 2
-#define RET_ERR_MAP 3
-#define RET_ERR_UNMAP 4
-
-/* TCI command header. */
-typedef struct {
- tciCommandId_t commandId; /* Command ID */
-} tciCommandHeader_t;
-
-/* TCI response header. */
-typedef struct {
- tciResponseId_t responseId; /* Response ID (must be command ID | RSP_ID_MASK )*/
- tciReturnCode_t returnCode; /* Return code of command */
-} tciResponseHeader_t;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* TCI_H_ */
+++ /dev/null
-/*
- * tlc_tzcrypto.h
- *
- */
-
-#ifndef TLC_TZCRYPT_H_
-#define TLC_TZCRYPT_H_
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-/*
-typedef unsigned int TZCRYPT_Result;
-typedef unsigned char TZCRYPT_UINT8;
-typedef unsigned int TZCRYPT_UINT32;
-typedef unsigned long TZCRYPT_UINT64;
-*/
-
-/* TLC error code */
-#define TZCRYPT_SUCCESS 0x00000000
-#define TZCRYPT_ERROR_INIT_FAILED 0x20000001
-#define TZCRYPT_ERROR_TERMINATE_FAILED 0x20000002
-#define TZCRYPT_ERROR_ENCRYPT_FAILED 0x20000003
-#define TZCRYPT_ERROR_DECRYPT_FAILED 0x20000004
-#define TZCRYPT_ERROR_WRAPIDENTITY_FAILED 0x20000005
-#define TZCRYPT_ERROR_UNWRAPIDENTITY_FAILED 0x20000006
-#define TZCRYPT_ERROR_HASH_FAILED 0x20000007
-#define TZCRYPT_ERROR_INVALID_PARAMETER 0x20000008
-
-/* Sec Crypto error code */
-#define SEC_CRYPTO_SUCCESS 0x00000000
-#define SEC_CRYPTO_ENCRYPT_ERROR 0x30000001
-#define SEC_CRYPTO_DECRYPT_ERROR 0x30000002
-#define SEC_CRYPTO_WRAPIDENTITY_ERROR 0x30000003
-#define SEC_CRYPTO_UNWRAPIDENTITY_ERROR 0x30000004
-#define SEC_CRYPTO_HASH_ERROR 0x30000005
-
-/*
- * This function provides an encryption of user data.
- *
- * @param [in] Src : User data to be encrypted
- * @param [in] SrcLen : Length of user data to be encrypted (multiple by chunk size, SIZE_CHUNK)
- * @param [out] Dst : Encrypted data
- * @param [out] *DstLen : a pointer to length of encrypted data (multiple by secure object size, SIZE_SECUREOBJECT)
- *
- * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the previous TLC error code)
- */
-TZCRYPT_Result TzCrypt_Encrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
-
-/*
- * This function provides an decryption of user data.
- *
- * @param [in] Src : Cipher data to be decrypted
- * @param [in] SrcLen : Length of Cipher data to be decrypted (multiple by chunk size, SIZE_SECUREOBJECT)
- * @param [out] Dst : Encrypted data
- * @param [out] *DstLen : a pointer to length of encrypted data (multiple by secure object size, SIZE_CHUNK)
- *
- * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
- */
-TZCRYPT_Result TzCrypt_Decrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
-
-/*
- * This function provides an hash of user data.
- *
- * @param [in] Src : Plain information
- * @param [in] SrcLen : Length of Plain information
- * @param [out] Dst : Hashed information
- * @param [out] *DstLen : a pointer to length of hashed information
-
- * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
- */
-TZCRYPT_Result TzCrypt_Hash(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
-
-/*
- * This function provides an wrapping of App data. (+ include hash operation)
- *
- * @param [in] Src : Plain information
- * @param [in] SrcLen : Length of Plain information
- * @param [out] Dst : Wrapped information
- * @param [out] *DstLen : a pointer to length of wrapped information
-
- * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
- */
-TZCRYPT_Result TzCrypt_WrapIdentity(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
-
-/*
- * This function provides an unwrapping of App data. (- exclude hash operation)
- *
- * @param [in] Src : Plain information
- * @param [in] SrcLen : Length of Plain information
- * @param [out] Dst : Wrapped information
- * @param [out] *DstLen : a pointer to length of wrapped information
-
- * return TZCRYPT_SUCCESS if operation has been succesfully completed. (Refer to the tlc error code)
- */
-TZCRYPT_Result TzCrypt_UnwrapIdentity(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen);
-
-/*
- * This function provides the length of secure object from a given length of source data
- *
- * @param [in] SrcLen : Length of Plain information
- *
- * return TZCRYPT_UINT32 (size) if operation has been succesfully completed.
- */
-TZCRYPT_UINT32 TzCrypt_GetSOLen(TZCRYPT_UINT32 SrcLen);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/*
- *
- */
-#ifndef TLTZCRYPT_API_H_
-#define TLTZCRYPT_API_H_
-
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-
-#include "tci.h"
-
-/* Command ID's for communication Trustlet Connector -> Trustlet. */
-#define CMD_ENCRYPT_TZ_CRYPT 0x00000001
-#define CMD_DECRYPT_TZ_CRYPT 0x00000002
-#define CMD_WRAPIDENTITY_TZ_CRYPT 0x00000003
-#define CMD_UNWRAPIDENTITY_TZ_CRYPT 0x00000004
-#define CMD_HASH_TZ_CRYPT 0x00000005
-
-/* Return codes */
-#define RET_TL_OK 0x00000000
-
-/* Error codes */
-#define RET_ERR_ENCRYPT_TZ_CRYPT 0x10000001
-#define RET_ERR_DECRYPT_TZ_CRYPT 0x10000002
-#define RET_ERR_WRAPIDENTITY_TZ_CRYPT 0x10000003
-#define RET_ERR_UNWRAPIDENTITY_TZ_CRYPT 0x10000004
-#define RET_ERR_HASH_TZ_CRYPT 0x10000005
-
-/* Termination codes */
-#define EXIT_ERROR ((uint32_t)(-1))
-
-#define SIZE_CHUNK 1024
-#define SIZE_SECUREOBJECT 1116 // SO SIZE for 1024 byte (predefined)
-#define SIZE_HASHAPPIDENTITY 32
-#define SIZE_WRAPAPPIDENTITY 124
-
-/* TCI message data. */
-typedef struct {
- uint32_t id;
- //uint32_t data_len;
- //uint8_t *data_ptr;
- //uint8_t data[MAX_DATA_LEN];
-} tci_cmd_t;
-
-typedef struct {
- uint32_t id;
- uint32_t return_code;
- //uint32_t data_len;
- //uint8_t *data_ptr;
- //uint8_t data[MAX_DATA_LEN];
-} tci_resp_t;
-
-
-typedef union {
- uint8_t input_data[SIZE_CHUNK];
- uint8_t output_data[SIZE_SECUREOBJECT];
-} buffer_t;
-
-typedef union {
- uint8_t hash_identity[SIZE_HASHAPPIDENTITY];
- uint8_t wrap_identity[SIZE_WRAPAPPIDENTITY];
-} identity_t;
-
-typedef struct {
- union {
- tci_cmd_t cmd; /* Command message structure */
- tci_resp_t resp; /* Response message structure */
- };
- uint32_t pData;
- uint32_t pLen;
- uint32_t cData;
- uint32_t cLen;
-} tciMessage_t;
-
-/* Trustlet UUID. */
-#define TL_TZ_CRYPT_UUID { { 0xff, 0xff, 0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7 } }
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* TLTZCRYPT_API_H_ */
#include <openssl/rand.h>
#include <openssl/sha.h>
#include <dlog.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#define SYS_SECBOOT_DEV_ID_LEN 16
+#define NAND_CID_NAME "/sys/block/mmcblk0/device/cid"
+#define NAND_CID_SIZE 32
+
+
+static int __AsciiToHex(const char AsciiHexUpper,const char AsciiHexLower)
+{
+ char hexReturn=0;
+
+ //First convert upper hex ascii value
+ if(AsciiHexUpper >= '0' && AsciiHexUpper <= '9')
+ hexReturn= (AsciiHexUpper - '0')*16;
+ else if(AsciiHexUpper >= 'A' && AsciiHexUpper <= 'F')
+ hexReturn= ((AsciiHexUpper - 'A')+10)*16;
+ else if(AsciiHexUpper >= 'a' && AsciiHexUpper <= 'f')
+ hexReturn= ((AsciiHexUpper - 'a')+10)*16;
+
+ //Convert lower hex ascii value
+ if(AsciiHexLower >= '0' && AsciiHexLower <= '9')
+ hexReturn= hexReturn + (AsciiHexLower - '0');
+ else if(AsciiHexLower >= 'A' && AsciiHexLower <= 'F')
+ hexReturn= hexReturn + (AsciiHexLower - 'A')+10;
+ else if(AsciiHexLower >= 'a' && AsciiHexLower <= 'f')
+ hexReturn= hexReturn + (AsciiHexLower - 'a')+10;
+
+ return hexReturn;
+}
+
+bool
+OemNandInfoUID(unsigned char* pUID, int nBufferSize)
+{
+ int fd = 0;
+ char szCID[NAND_CID_SIZE+1] = {0,};
+
+ memset(pUID, 0x0, nBufferSize);
+
+ fd = open(NAND_CID_NAME, O_RDONLY);
+ if (fd < 0)
+ {
+ printf("cid open error!\n");
+ return false;
+ }
+
+ if(read(fd, szCID, NAND_CID_SIZE) == -1)
+ {
+ printf("cid read fail!!\n");
+ close(fd);
+ return false;
+ }
+
+ //manufacturer_id
+ pUID[0] = __AsciiToHex((const char)szCID[0],(const char)szCID[1]);
+ //oem_id
+ pUID[4] = __AsciiToHex((const char)szCID[4],(const char)szCID[5]);
+ //prod_rev
+ pUID[8] = __AsciiToHex((const char)szCID[18],(const char)szCID[19]);
+ //serial
+ pUID[15] = __AsciiToHex((const char)szCID[20],(const char)szCID[21]);
+ pUID[14] = __AsciiToHex((const char)szCID[22],(const char)szCID[23]);
+ pUID[13] = __AsciiToHex((const char)szCID[24],(const char)szCID[25]);
+ pUID[12] = __AsciiToHex((const char)szCID[26],(const char)szCID[27]);
+
+ // random permutation
+ pUID[1] = __AsciiToHex((const char)szCID[2],(const char)szCID[3]);
+ pUID[2] = __AsciiToHex((const char)szCID[6],(const char)szCID[7]);
+ pUID[3] = __AsciiToHex((const char)szCID[8],(const char)szCID[9]);
+
+ pUID[5] = __AsciiToHex((const char)szCID[10],(const char)szCID[11]);
+ pUID[6] = __AsciiToHex((const char)szCID[12],(const char)szCID[13]);
+ pUID[7] = __AsciiToHex((const char)szCID[14],(const char)szCID[15]);
+
+ pUID[9] = __AsciiToHex((const char)szCID[16],(const char)szCID[17]);
+ pUID[10] = __AsciiToHex((const char)szCID[28],(const char)szCID[29]);
+ pUID[11] = __AsciiToHex((const char)szCID[30],(const char)szCID[31]);
+ //printf(" UID : %8X %8X %8X %8X\n", *(int*)pUID, *(int*)(pUID+4), *(int*)(pUID+8), *(int*)(pUID+12));
+
+ close(fd);
+ return true;
+}
+
+void SysSecBootGetDeviceUniqueKey(unsigned char* pUniquekey)
+{
+ bool result = OemNandInfoUID(pUniquekey, SYS_SECBOOT_DEV_ID_LEN);
+ if(result != true){
+ printf("SysSecBootGetDeviceUniqueKey is failed");
+ memcpy(pUniquekey, 0x00, SYS_SECBOOT_DEV_ID_LEN);
+ }
+}
bool SecFrameGeneratePlatformUniqueKey(IN UINT32 uLen, IN OUT UINT8 *pCek)
{
return bResult;
}
+char* Base64Encoding(char* pData, int size)
+{
+ char* pEncodedBuf = NULL;
+ char* pPointer = NULL;
+ char* pLength = NULL;
+ unsigned char pInput[3] = {0,0,0};
+ unsigned char poutput[4] = {0,0,0,0};
+ int index = 0;
+ int loopCnt = 0;
+ int stringCnt = 0;
+ int sizeEncodedString = 0;
+
+ pLength = pData + size - 1;
+ sizeEncodedString = (4 * (size / 3)) + (size % 3? 4 : 0) + 1;
+ pEncodedBuf = (char*)calloc(sizeEncodedString, sizeof(char));
+
+ for (loopCnt = 0, pPointer = pData; pPointer <= pLength; loopCnt++, pPointer++) {
+ index = loopCnt % 3;
+ pInput[index] = *pPointer;
+
+ if (index == 2 || pPointer == pLength) {
+ poutput[0] = ((pInput[0] & 0xFC) >> 2);
+ poutput[1] = ((pInput[0] & 0x3) << 4) | ((pInput[1] & 0xF0) >> 4);
+ poutput[2] = ((pInput[1] & 0xF) << 2) | ((pInput[2] & 0xC0) >> 6);
+ poutput[3] = (pInput[2] & 0x3F);
+ pEncodedBuf[stringCnt++] = Base64EncodingTable[poutput[0]];
+ pEncodedBuf[stringCnt++] = Base64EncodingTable[poutput[1]];
+ pEncodedBuf[stringCnt++] = index == 0? '=' : Base64EncodingTable[poutput[2]];
+ pEncodedBuf[stringCnt++] = index < 2? '=' : Base64EncodingTable[poutput[3]];
+
+ pInput[0] = pInput[1] = pInput[2] = 0;
+ }
+ }
+
+ pEncodedBuf[stringCnt] = '\0';
+
+ return pEncodedBuf;
+}
+++ /dev/null
-/*
- * libTzSvc - encryption and decryption with the TZ-based HW key
- *
- * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <dlog.h>
-
-#include <sys/ioctl.h>
-#include <sys/time.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
-#include <openssl/crypto.h>
-
-#include "SecTzSvc.h"
-#include "SecCryptoSvc.h"
-#include "tlc_tzcrypt.h"
-#include "tltzcrypt_api.h"
-
-#define LOG_TAG "tlcTzCrypt"
-#ifndef CRYPTOSVC_TZ
-#define SIZE_CHUNK 1024
-#define SIZE_SECUREOBJECT 1116
-#define KEY_SIZE 16
-#endif
-
-unsigned char* AES_Crypto(unsigned char* p_text, unsigned char* c_text, unsigned char* aes_key, unsigned char* iv, int mode, unsigned long size)
-{
- AES_KEY e_key, d_key;
-
- AES_set_encrypt_key(aes_key, 128, &e_key);
- AES_set_decrypt_key(aes_key, 128, &d_key);
-
- if(mode == 1)
- {
- AES_cbc_encrypt(p_text, c_text, size, &e_key, iv, AES_ENCRYPT);
- return c_text;
- }
- else
- {
- AES_cbc_encrypt(c_text, p_text, size, &d_key, iv, AES_DECRYPT);
- return p_text;
- }
-}
-TZCRYPT_Result SecEncryptTZCrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen, TZCRYPT_UINT8 *AppInfo, TZCRYPT_UINT32 AppInfoLen, TZCRYPT_UINT8 *WrapAppInfo, TZCRYPT_UINT32 *WrapAppInfoLen)
-{
-
- TZCRYPT_Result ret = SEC_CRYPTO_ENCRYPT_ERROR;
-#ifndef CRYPTOSVC_TZ
- int outLen = 0;
- unsigned char key[KEY_SIZE] = {0,};
- unsigned char hashOut[SHA_DIGEST_LENGTH] = {0,};
- unsigned char iv[] = {0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B };
-#endif
-
-#ifdef CRYPTOSVC_TZ
- if(SrcLen % SIZE_CHUNK != 0 || *DstLen % SIZE_SECUREOBJECT != 0){
- LOGE("Plain chunk size :: Test for Encryption of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
- LOGE("source length = %d, destination length = %d\n", SrcLen, *DstLen);
- return ret;
- }
-#endif
-
- LOGI("Start Encryption of TZ Crypt!\n");
-
-#ifdef CRYPTOSVC_TZ
- ret = TzCrypt_WrapIdentity(AppInfo, AppInfoLen, WrapAppInfo, WrapAppInfoLen);
- if (ret) {
- LOGE("Failed to wrap AppInfo of TZ [Return Value] = %.8x\n", ret);
- return SEC_CRYPTO_WRAPIDENTITY_ERROR;
- }
- ret = TzCrypt_Encrypt(Src, SrcLen, Dst, DstLen);
- if (ret) {
- LOGE("Test for Encryption of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
- return SEC_CRYPTO_ENCRYPT_ERROR;
- }
-#else
- if(!SecFrameGeneratePlatformUniqueKey(KEY_SIZE, key))
- {
- LOGE("Failed to generate device unique key\n");
- return SEC_CRYPTO_ENCRYPT_ERROR;
- }
- if(AES_Crypto(Src, Dst, key, iv, 1, SrcLen) == NULL)
- {
- LOGE("Failed to encrypt data \n");
- return SEC_CRYPTO_ENCRYPT_ERROR;
- }
- *DstLen = SrcLen;
- EVP_Digest(AppInfo, AppInfoLen, hashOut, (unsigned int*)&outLen, EVP_sha1(), NULL);
- *WrapAppInfoLen = outLen;
- memcpy(WrapAppInfo, hashOut, *WrapAppInfoLen);
-#endif
- LOGI("Encryption of TZ Crypt is Success! [Return Value] = %.8x\n", ret);
-
- return SEC_CRYPTO_SUCCESS;
-}
-
-TZCRYPT_Result SecDecryptTZCrypt(TZCRYPT_UINT8 *Src, TZCRYPT_UINT32 SrcLen, TZCRYPT_UINT8 *Dst, TZCRYPT_UINT32 *DstLen, TZCRYPT_UINT8 *AppInfo, TZCRYPT_UINT32 AppInfoLen, TZCRYPT_UINT8 *WrapAppInfo, TZCRYPT_UINT32 WrapAppInfoLen)
-{
- TZCRYPT_Result ret = SEC_CRYPTO_DECRYPT_ERROR;
-#ifndef CRYPTOSVC_TZ
- int outLen = 0;
- unsigned char key[KEY_SIZE] = {0,};
- unsigned char hashOut[SHA_DIGEST_LENGTH] = {0,};
- unsigned char iv[] = {0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B };
-#endif
-#ifdef CRYPTOSVC_TZ
- if(SrcLen % SIZE_SECUREOBJECT != 0 ){
- LOGE("Ciphertext chunk size :: Test for Encryption of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
- return ret;
- }
-
- if(WrapAppInfoLen != SIZE_WRAPAPPIDENTITY){
- LOGE("Wrapped App Identity Size :: failed!!! [Return Value] = %.8x\n", ret);
- return ret;
- }
-
- TZCRYPT_UINT8 *unwrapData = NULL;
- TZCRYPT_UINT32 unwrapDatalen = SIZE_HASHAPPIDENTITY;
- unwrapData = (TZCRYPT_UINT8 *)malloc(unwrapDatalen);
-
- ret = TzCrypt_UnwrapIdentity(WrapAppInfo, WrapAppInfoLen, unwrapData, &unwrapDatalen);
- if (ret) {
- LOGE("Test for Unwrap AppInfo of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
- return SEC_CRYPTO_UNWRAPIDENTITY_ERROR;
- }
- LOGI("Unwrap AppInfo of TZ Crypt is Success! [Return Value] = %.8x\n", ret);
-
- TZCRYPT_UINT8 *hashData = NULL;
- TZCRYPT_UINT32 hashDatalen = SIZE_HASHAPPIDENTITY;
- hashData = (TZCRYPT_UINT8 *)malloc(hashDatalen);
-
- ret = TzCrypt_Hash(AppInfo, AppInfoLen, hashData, &hashDatalen);
- if (ret) {
- LOGE("Test for Hash AppInfo of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
- return SEC_CRYPTO_HASH_ERROR;
- }
-
- if( 0 != memcmp(unwrapData, hashData, hashDatalen) || hashDatalen != unwrapDatalen){
- LOGE("App Info Identity is NOT same as hash Info of a given Identity\n");
- return SEC_CRYPTO_HASH_ERROR;
- }
-
- LOGI("Start Decryption of TZ Crypt!\n");
- ret = TzCrypt_Decrypt(Src, SrcLen, Dst, DstLen);
- if (ret) {
- LOGE("Test for Decryption of TZ Crypt failed!!! [Return Value] = %.8x\n", ret);
- return SEC_CRYPTO_DECRYPT_ERROR;
- }
-#else
- if(!SecFrameGeneratePlatformUniqueKey(KEY_SIZE, key))
- {
- LOGE("Failed to generate device unique key\n");
- return SEC_CRYPTO_DECRYPT_ERROR;
- }
-
- EVP_Digest(AppInfo, AppInfoLen, hashOut, (unsigned int*)&outLen, EVP_sha1(), NULL);
-
- if( 0 != memcmp(WrapAppInfo, hashOut, outLen) || outLen != WrapAppInfoLen){
- LOGE("AppInfo Identifier Information is wrong\n");
- return SEC_CRYPTO_HASH_ERROR;
- }
-
- if(AES_Crypto(Dst, Src, key, iv, 0, SrcLen) == NULL)
- {
- LOGE("Failed to decrypt data \n");
- return SEC_CRYPTO_DECRYPT_ERROR;
- }
- *DstLen = SrcLen;
-
-#endif
- LOGI("Test for Decryption of TZ Crypt is Success! [Return Value] = %.8x\n", ret);
-
- return SEC_CRYPTO_SUCCESS;
-}
-
-TZCRYPT_UINT32 SecGetCipherLen(TZCRYPT_UINT32 srclen)
-{
-#ifdef CRYPTOSVC_TZ
- TZCRYPT_UINT32 cipherLength = TzCrypt_GetSOLen(srclen);
-#else
- int cipherLength = (srclen / EVP_aes_128_cbc()->block_size + 1) * EVP_aes_128_cbc()->block_size;
-#endif
- return cipherLength;
-}