1 /* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef _DRMCRYPTO_H_ 18 #define _DRMCRYPTO_H_ 19 20 #include <Drm2CommonTypes.h> 21 #include <openssl/aes.h> 22 #include <openssl/hmac.h> 23 #include <openssl/sha.h> 24 #include <openssl/rsa.h> 25 26 // AES encrypt mode 27 typedef enum {AES_128_CBC = 0x01,AES_128_CTR = 0x02}AesMode; 28 29 // aes crypto for decrypt 30 class AesAgent 31 { 32 public: AesAgent(const AesMode method,const unsigned char * decryptedKey)33 AesAgent(const AesMode method,const unsigned char* decryptedKey) 34 :mode(method),AesKey(decryptedKey){}; 35 36 /** 37 * decrypt data using AES, now only support 128 bits CBC 38 * \param iv 128 bits initialization vector/counter 39 * prefixing the ciphertext 40 * \param encData encrypted data 41 * \param encLen the length of encData 42 * \param decData the buffer to store decrypted data 43 * \param decLen the actual length of decrypted data 44 * \return 45 * >= succeed, the padding length 46 * < 0 failed 47 */ 48 int32_t decContent( unsigned char* iv, 49 const unsigned char* encData, 50 const unsigned long encLen, 51 unsigned char* decData); 52 static const int32_t AES_DEC_FAILED = -1; 53 54 PRIVATE: 55 static const uint32_t AES_KEY_BITS = 128; 56 const AesMode mode; 57 const unsigned char* AesKey; 58 59 PRIVATE: 60 // get the actual length of decrypt data 61 void discardPaddingByte(unsigned char* decryptedBuf,unsigned long* decryptedBufLen); 62 }; 63 64 // Sha1 crypto for hash 65 class Sha1Agent 66 { 67 public: 68 /** 69 * compute hash using Sha1 70 * \param inData the data to be hashed 71 * \param inLen the length of inData 72 * \param outHash the hash of inData 73 * \return none 74 */ 75 void computeHash( const unsigned char* inData, 76 unsigned long inLen, 77 unsigned char* outHash) const; 78 79 /** 80 * get the length of SHA1 hash 81 * \param none 82 * \return 83 * the length of SHA1 hash 84 */ getShaLen(void)85 unsigned long getShaLen(void) const 86 { 87 return SHA_DIGEST_LENGTH; 88 } 89 }; 90 91 // Hmac-Sha1 crypto for MAC 92 class HmacSha1Agent 93 { 94 public: HmacSha1Agent(const unsigned char * Key,int key_len)95 HmacSha1Agent(const unsigned char* Key, int key_len) 96 :macKey(Key),keyLen(key_len){}; 97 98 /** 99 * compute MAC using Hmac-Sha1 100 * \param inData the data to be MAC 101 * \param inLen the length of inData 102 * \param outMac the MAC of inData 103 * \return none 104 */ 105 void computeMac( const unsigned char* inData, 106 unsigned long inLen, 107 unsigned char* outMac) const; 108 109 /** 110 * get the length of HMAC-SHA1 MAC 111 * \param none 112 * \return 113 * the length of HMAC-SHA1 MAC 114 */ getHmacLen(void)115 unsigned long getHmacLen(void) const 116 { 117 return SHA_DIGEST_LENGTH; 118 } 119 120 PRIVATE: 121 const unsigned char* macKey; 122 const int keyLen; 123 }; 124 125 // Rsa crypto for signature,verify signature and key transport 126 class RsaAgent 127 { 128 public: RsaAgent(RSA & Key)129 RsaAgent(RSA& Key):rsaKey(Key) 130 { 131 rsaSize = (unsigned int)RSA_size(&Key); 132 }; 133 134 // signature algorithm 135 typedef enum {RSA_PSS,RSA_SHA1}RsaAlg; 136 137 /** 138 * Do signature using RSA-PSS 139 * \param rawData the data to be signature 140 * \param rawLen the length of inData 141 * \param sigData the buffer to store the signature of rawData 142 * \param sigAlg signature algorithm 143 * \return 144 * true succeed 145 * false failed 146 */ 147 bool signature( const unsigned char* rawData, 148 const unsigned long rawLen, 149 unsigned char* sigData, 150 const RsaAlg sigAlg); 151 152 /** 153 * get the length of signature 154 * \param none 155 * \return 156 * the length of signature 157 */ getSigLen(void)158 unsigned int getSigLen(void) const 159 { 160 return rsaSize; 161 } 162 163 /** 164 * Verify signature using RSA-PSS 165 * \param sigData the data to be verify 166 * \param sigLen the length of sigData 167 * \param rawData the data from which the sigData generated 168 * \param rawLen the length of rawData 169 * \param sigAlg signature algorithm 170 * \return 171 * true succeed 172 * false failed 173 */ 174 bool sigVerify(unsigned char* sigData, 175 unsigned long sigLen, 176 const unsigned char* rawData, 177 const unsigned long rawLen, 178 const RsaAlg sigAlg); 179 180 181 /** 182 * Decrypt data using RSA 183 * \param encData encrypted data 184 * \param encLen the length of encData 185 * \param decData the buffer to store decrypted data 186 * \return 187 * -1 decrypted failed 188 * >0 the actual length of decrypted data 189 */ 190 int decrypt( const unsigned char* encData, 191 const unsigned long encLen, 192 unsigned char* decData); 193 194 /** 195 * get the length of decrypted data 196 * \param none 197 * \return 198 * the length of decrypted data 199 */ getDecLen(void)200 unsigned int getDecLen(void) const 201 { 202 return rsaSize; 203 } 204 205 PRIVATE: 206 RSA& rsaKey; 207 unsigned int rsaSize; 208 }; 209 210 211 #endif /* _DRMCRYPTO_H_ */ 212