| /* |
| * Copyright (C) 2007 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #ifndef _DRMCRYPTO_H_ |
| #define _DRMCRYPTO_H_ |
| |
| #include <Drm2CommonTypes.h> |
| #include <openssl/aes.h> |
| #include <openssl/hmac.h> |
| #include <openssl/sha.h> |
| #include <openssl/rsa.h> |
| |
| // AES encrypt mode |
| typedef enum {AES_128_CBC = 0x01,AES_128_CTR = 0x02}AesMode; |
| |
| // aes crypto for decrypt |
| class AesAgent |
| { |
| public: |
| AesAgent(const AesMode method,const unsigned char* decryptedKey) |
| :mode(method),AesKey(decryptedKey){}; |
| |
| /**
|
| * decrypt data using AES, now only support 128 bits CBC |
| * \param iv 128 bits initialization vector/counter |
| * prefixing the ciphertext
|
| * \param encData encrypted data
|
| * \param encLen the length of encData
|
| * \param decData the buffer to store decrypted data
|
| * \param decLen the actual length of decrypted data
|
| * \return
|
| * >= succeed, the padding length
|
| * < 0 failed
|
| */ |
| int32_t decContent( unsigned char* iv, |
| const unsigned char* encData, |
| const unsigned long encLen, |
| unsigned char* decData); |
| static const int32_t AES_DEC_FAILED = -1; |
| |
| PRIVATE: |
| static const uint32_t AES_KEY_BITS = 128; |
| const AesMode mode; |
| const unsigned char* AesKey; |
| |
| PRIVATE: |
| // get the actual length of decrypt data
|
| void discardPaddingByte(unsigned char* decryptedBuf,unsigned long* decryptedBufLen);
|
| }; |
| |
| // Sha1 crypto for hash |
| class Sha1Agent |
| { |
| public: |
| /**
|
| * compute hash using Sha1
|
| * \param inData the data to be hashed
|
| * \param inLen the length of inData
|
| * \param outHash the hash of inData
|
| * \return none
|
| */
|
| void computeHash( const unsigned char* inData,
|
| unsigned long inLen,
|
| unsigned char* outHash) const;
|
|
|
| /**
|
| * get the length of SHA1 hash
|
| * \param none
|
| * \return
|
| * the length of SHA1 hash
|
| */
|
| unsigned long getShaLen(void) const |
| { |
| return SHA_DIGEST_LENGTH; |
| }
|
| }; |
| |
| // Hmac-Sha1 crypto for MAC |
| class HmacSha1Agent |
| { |
| public: |
| HmacSha1Agent(const unsigned char* Key, int key_len) |
| :macKey(Key),keyLen(key_len){}; |
| |
| /**
|
| * compute MAC using Hmac-Sha1
|
| * \param inData the data to be MAC
|
| * \param inLen the length of inData
|
| * \param outMac the MAC of inData
|
| * \return none
|
| */
|
| void computeMac( const unsigned char* inData,
|
| unsigned long inLen,
|
| unsigned char* outMac) const;
|
|
|
| /**
|
| * get the length of HMAC-SHA1 MAC
|
| * \param none
|
| * \return
|
| * the length of HMAC-SHA1 MAC
|
| */
|
| unsigned long getHmacLen(void) const |
| { |
| return SHA_DIGEST_LENGTH; |
| } |
|
|
| PRIVATE: |
| const unsigned char* macKey; |
| const int keyLen; |
| }; |
| |
| // Rsa crypto for signature,verify signature and key transport |
| class RsaAgent |
| { |
| public: |
| RsaAgent(RSA& Key):rsaKey(Key) |
| { |
| rsaSize = (unsigned int)RSA_size(&Key); |
| }; |
| |
| // signature algorithm |
| typedef enum {RSA_PSS,RSA_SHA1}RsaAlg; |
| |
| /**
|
| * Do signature using RSA-PSS
|
| * \param rawData the data to be signature
|
| * \param rawLen the length of inData
|
| * \param sigData the buffer to store the signature of rawData |
| * \param sigAlg signature algorithm
|
| * \return
|
| * true succeed
|
| * false failed
|
| */
|
| bool signature( const unsigned char* rawData,
|
| const unsigned long rawLen,
|
| unsigned char* sigData, |
| const RsaAlg sigAlg);
|
|
|
| /**
|
| * get the length of signature
|
| * \param none
|
| * \return
|
| * the length of signature
|
| */
|
| unsigned int getSigLen(void) const |
| { |
| return rsaSize; |
| } |
| |
| /**
|
| * Verify signature using RSA-PSS
|
| * \param sigData the data to be verify
|
| * \param sigLen the length of sigData |
| * \param rawData the data from which the sigData generated |
| * \param rawLen the length of rawData |
| * \param sigAlg signature algorithm
|
| * \return
|
| * true succeed
|
| * false failed
|
| */
|
| bool sigVerify(unsigned char* sigData, |
| unsigned long sigLen, |
| const unsigned char* rawData, |
| const unsigned long rawLen, |
| const RsaAlg sigAlg); |
|
|
| |
| /**
|
| * Decrypt data using RSA
|
| * \param encData encrypted data
|
| * \param encLen the length of encData
|
| * \param decData the buffer to store decrypted data
|
| * \return
|
| * -1 decrypted failed
|
| * >0 the actual length of decrypted data
|
| */
|
| int decrypt( const unsigned char* encData,
|
| const unsigned long encLen,
|
| unsigned char* decData);
|
|
|
| /**
|
| * get the length of decrypted data
|
| * \param none
|
| * \return
|
| * the length of decrypted data
|
| */
|
| unsigned int getDecLen(void) const |
| { |
| return rsaSize; |
| } |
|
|
| PRIVATE: |
| RSA& rsaKey; |
| unsigned int rsaSize; |
| }; |
| |
| |
| #endif /* _DRMCRYPTO_H_ */ |