1/* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <util/crypto/DrmCrypto.h> 18#include <ustring.h> 19 20using namespace ustl; 21 22void AesAgent::discardPaddingByte( unsigned char* decryptedBuf,unsigned long* decryptedBufLen) 23{ 24 if(!decryptedBuf) 25 { 26 return; 27 } 28 29 int i; 30 unsigned long tmpLen = *decryptedBufLen; 31 32 // Check whether the last several bytes are padding or not 33 for ( i = 1; i < decryptedBuf[tmpLen - 1]; i++) 34 { 35 if (decryptedBuf[tmpLen - 1 - i] != decryptedBuf[tmpLen - 1]) 36 break; 37 } 38 39 // They are padding bytes 40 if (i == decryptedBuf[tmpLen - 1]) 41 { 42 *decryptedBufLen = tmpLen - i; 43 } 44 45 return; 46} 47 48int32_t AesAgent::decContent( unsigned char* iv, 49 const unsigned char* encData, 50 unsigned long encLen, 51 unsigned char* decData) 52{ 53 if(AES_128_CBC == mode) 54 { 55 AES_KEY key; 56 AES_set_decrypt_key(AesKey,AES_KEY_BITS,&key); 57 58 uint8_t *tmpBuf = new uint8_t[encLen]; 59 60 AES_cbc_encrypt( encData, 61 tmpBuf, 62 encLen, 63 &key, 64 iv, 65 AES_DECRYPT); 66 67 unsigned long tempLen = encLen; 68 discardPaddingByte(tmpBuf,&tempLen); 69 70 memcpy(decData, tmpBuf, tempLen); 71 72 delete []tmpBuf; 73 return encLen - tempLen; 74 } 75 else 76 { 77 return AES_DEC_FAILED; 78 } 79} 80 81void Sha1Agent::computeHash( const unsigned char* inData, 82 unsigned long inLen, 83 unsigned char* outHash) const 84{ 85 EVP_Digest(inData,inLen,outHash,NULL,EVP_sha1(),NULL); 86 return; 87} 88 89void HmacSha1Agent::computeMac( const unsigned char* inData, 90 unsigned long inLen, 91 unsigned char* outData) const 92{ 93 HMAC(EVP_sha1(),macKey,keyLen,inData,inLen,outData,NULL); 94 return; 95} 96 97bool RsaAgent::signature( const unsigned char* rawData, 98 unsigned long rawLen, 99 unsigned char* sigData, 100 RsaAlg sigAlg) 101{ 102 switch(sigAlg) 103 { 104 case RSA_PSS: 105 { 106 unsigned char mHash[SHA_DIGEST_LENGTH]; 107 Sha1Agent sha1; 108 sha1.computeHash(rawData,rawLen,mHash); 109 110 unsigned char EM[rsaSize]; 111 if( 0 == RSA_padding_add_PKCS1_PSS( &rsaKey, 112 EM, 113 mHash, 114 EVP_sha1(), 115 SHA_DIGEST_LENGTH)) 116 { 117 return false; 118 } 119 120 if(0 > RSA_private_encrypt( SHA_DIGEST_LENGTH, 121 EM, 122 sigData, 123 &rsaKey, 124 RSA_PKCS1_PADDING)) 125 { 126 return false; 127 } 128 else 129 { 130 return true; 131 } 132 } 133 break; 134 case RSA_SHA1: 135 { 136 unsigned char mHash[SHA_DIGEST_LENGTH]; 137 Sha1Agent sha1; 138 sha1.computeHash(rawData,rawLen,mHash); 139 140 if(0 != RSA_sign( NID_sha1WithRSA, 141 mHash, 142 SHA_DIGEST_LENGTH, 143 sigData, 144 &rsaSize, 145 &rsaKey)) 146 { 147 return true; 148 } 149 else 150 { 151 return false; 152 } 153 } 154 break; 155 default: 156 return false; 157 } 158 159 return false; 160} 161 162bool RsaAgent::sigVerify( unsigned char* sigData, 163 unsigned long sigLen, 164 const unsigned char* rawData, 165 unsigned long rawLen, 166 RsaAlg sigAlg) 167{ 168 if( sigAlg == RSA_PSS) 169 { 170 unsigned char decSigData[rsaSize]; 171 172 if(0 > RSA_public_decrypt(sigLen, 173 sigData, 174 decSigData, 175 &rsaKey, 176 RSA_PKCS1_PADDING)) 177 { 178 return false; 179 } 180 else 181 { 182 unsigned char mHash[SHA_DIGEST_LENGTH]; 183 Sha1Agent sha1; 184 sha1.computeHash(rawData,rawLen,mHash); 185 186 if( 0 == RSA_verify_PKCS1_PSS( &rsaKey, 187 mHash, 188 EVP_sha1(), 189 decSigData, 190 -1)) 191 { 192 return true; 193 } 194 else 195 { 196 return false; 197 } 198 } 199 } 200 else if(sigAlg == RSA_SHA1) 201 { 202 unsigned char mHash[SHA_DIGEST_LENGTH]; 203 Sha1Agent sha1; 204 sha1.computeHash(rawData,rawLen,mHash); 205 206 if(0 != RSA_verify( NID_sha1WithRSA, 207 mHash, 208 SHA_DIGEST_LENGTH, 209 sigData, 210 sigLen, 211 &rsaKey)) 212 { 213 return true; 214 } 215 else 216 { 217 return false; 218 } 219 } 220 else 221 { 222 return false; 223 } 224} 225 226int RsaAgent::decrypt( const unsigned char* encData, 227 unsigned long encLen, 228 unsigned char* decData) 229{ 230 return RSA_private_decrypt( encLen, 231 encData, 232 decData, 233 &rsaKey, 234 RSA_PKCS1_PADDING); 235} 236