1 /******************************************************************************* 2 * 3 * Copyright 2018 NXP 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 #define LOG_TAG "LSClient" 19 #include <LsClient.h> 20 #include <LsLib.h> 21 #include <errno.h> 22 #include <log/log.h> 23 #include <stdlib.h> 24 #include <string.h> 25 26 extern bool ese_debug_enabled; 27 28 static int32_t gsTransceiveTimeout = 120000; 29 static uint8_t gsCmd_Buffer[64 * 1024]; 30 static int32_t gsCmd_count = 0; 31 static bool gsIslastcmdLoad; 32 static bool gsSendBack_cmds = false; 33 static uint8_t* gspBuffer; 34 static uint8_t gsStoreData[22]; 35 static uint8_t gsTag42Arr[17]; 36 static uint8_t gsTag45Arr[9]; 37 static uint8_t gsLsExecuteResp[4]; 38 static int32_t gsResp_len = 0; 39 40 LSCSTATUS(*Applet_load_seqhandler[]) 41 (Lsc_ImageInfo_t* pContext, LSCSTATUS status, Lsc_TranscieveInfo_t* pInfo) = { 42 LSC_OpenChannel, LSC_SelectLsc, LSC_StoreData, LSC_loadapplet, NULL}; 43 44 /******************************************************************************* 45 ** 46 ** Function: Perform_LSC 47 ** 48 ** Description: Performs the LSC download sequence 49 ** 50 ** Returns: Success if ok. 51 ** 52 *******************************************************************************/ 53 LSCSTATUS Perform_LSC(const char* name, const char* dest, const uint8_t* pdata, 54 uint16_t len, uint8_t* respSW) { 55 static const char fn[] = "Perform_LSC"; 56 ALOGD_IF(ese_debug_enabled, "%s: enter; sha-len=%d", fn, len); 57 if ((pdata == NULL) || (len == 0x00)) { 58 ALOGE("%s: Invalid SHA-data", fn); 59 return LSCSTATUS_FAILED; 60 } 61 gsStoreData[0] = STORE_DATA_TAG; 62 gsStoreData[1] = len; 63 memcpy(&gsStoreData[2], pdata, len); 64 LSCSTATUS status = LSC_update_seq_handler(Applet_load_seqhandler, name, dest); 65 if ((status != LSCSTATUS_SUCCESS) && (gsLsExecuteResp[2] == 0x90) && 66 (gsLsExecuteResp[3] == 0x00)) { 67 gsLsExecuteResp[2] = LS_ABORT_SW1; 68 gsLsExecuteResp[3] = LS_ABORT_SW2; 69 } 70 memcpy(&respSW[0], &gsLsExecuteResp[0], 4); 71 ALOGD_IF(ese_debug_enabled, "%s: lsExecuteScript Response SW=%2x%2x", fn, 72 gsLsExecuteResp[2], gsLsExecuteResp[3]); 73 74 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x0%x", fn, status); 75 return status; 76 } 77 78 /******************************************************************************* 79 ** 80 ** Function: LSC_update_seq_handler 81 ** 82 ** Description: Performs the LSC update sequence handler sequence 83 ** 84 ** Returns: Success if ok. 85 ** 86 *******************************************************************************/ 87 LSCSTATUS LSC_update_seq_handler( 88 LSCSTATUS (*seq_handler[])(Lsc_ImageInfo_t* pContext, LSCSTATUS status, 89 Lsc_TranscieveInfo_t* pInfo), 90 const char* name, const char* dest) { 91 static const char fn[] = "LSC_update_seq_handler"; 92 Lsc_ImageInfo_t update_info; 93 94 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 95 memset(&update_info, 0, sizeof(Lsc_ImageInfo_t)); 96 if (dest != NULL) { 97 strcat(update_info.fls_RespPath, dest); 98 ALOGD_IF(ese_debug_enabled, 99 "%s: Loader Service response data path/destination: %s", fn, dest); 100 update_info.bytes_wrote = 0xAA; 101 } else { 102 update_info.bytes_wrote = 0x55; 103 } 104 if ((LSC_UpdateExeStatus(LS_DEFAULT_STATUS)) != true) { 105 return LSCSTATUS_FAILED; 106 } 107 // memcpy(update_info.fls_path, (char*)Lsc_path, sizeof(Lsc_path)); 108 strcat(update_info.fls_path, name); 109 ALOGD_IF(ese_debug_enabled, "Selected applet to install is: %s", 110 update_info.fls_path); 111 112 uint16_t seq_counter = 0; 113 LSCSTATUS status = LSCSTATUS_FAILED; 114 Lsc_TranscieveInfo_t trans_info; 115 memset(&trans_info, 0, sizeof(Lsc_TranscieveInfo_t)); 116 while ((seq_handler[seq_counter]) != NULL) { 117 status = (*(seq_handler[seq_counter]))(&update_info, status, &trans_info); 118 if (LSCSTATUS_SUCCESS != status) { 119 ALOGE("%s: exiting; status=0x0%X", fn, status); 120 break; 121 } 122 seq_counter++; 123 } 124 125 LSC_CloseChannel(&update_info, LSCSTATUS_FAILED, &trans_info); 126 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x%x", fn, status); 127 return status; 128 } 129 130 /******************************************************************************* 131 ** 132 ** Function: LSC_OpenChannel 133 ** 134 ** Description: Creates the logical channel with lsc 135 ** 136 ** Returns: Success if ok. 137 ** 138 *******************************************************************************/ 139 LSCSTATUS LSC_OpenChannel(Lsc_ImageInfo_t* Os_info, LSCSTATUS status, 140 Lsc_TranscieveInfo_t* pTranscv_Info) { 141 static const char fn[] = "LSC_OpenChannel"; 142 143 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 144 if (Os_info == NULL || pTranscv_Info == NULL) { 145 ALOGE("%s: Invalid parameter", fn); 146 return LSCSTATUS_FAILED; 147 } 148 phNxpEse_data cmdApdu; 149 phNxpEse_data rspApdu; 150 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data)); 151 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data)); 152 cmdApdu.len = (int32_t)sizeof(OpenChannel); 153 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t)); 154 memcpy(cmdApdu.p_data, OpenChannel, cmdApdu.len); 155 156 ALOGD_IF(ese_debug_enabled, "%s: Calling Secure Element Transceive", fn); 157 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu); 158 159 if (eseStat != ESESTATUS_SUCCESS && (rspApdu.len < 0x03)) { 160 if (rspApdu.len == 0x02) 161 memcpy(&gsLsExecuteResp[2], &rspApdu.p_data[rspApdu.len - 2], 2); 162 status = LSCSTATUS_FAILED; 163 ALOGE("%s: SE transceive failed status = 0x%X", fn, status); 164 } else if (((rspApdu.p_data[rspApdu.len - 2] != 0x90) && 165 (rspApdu.p_data[rspApdu.len - 1] != 0x00))) { 166 memcpy(&gsLsExecuteResp[2], &rspApdu.p_data[rspApdu.len - 2], 2); 167 status = LSCSTATUS_FAILED; 168 ALOGE("%s: invalid response = 0x%X", fn, status); 169 } else { 170 uint8_t cnt = Os_info->channel_cnt; 171 Os_info->Channel_Info[cnt].channel_id = rspApdu.p_data[rspApdu.len - 3]; 172 Os_info->Channel_Info[cnt].isOpend = true; 173 Os_info->channel_cnt++; 174 status = LSCSTATUS_SUCCESS; 175 } 176 177 phNxpEse_free(cmdApdu.p_data); 178 phNxpEse_free(rspApdu.p_data); 179 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x%x", fn, status); 180 return status; 181 } 182 183 /******************************************************************************* 184 ** 185 ** Function: LSC_SelectLsc 186 ** 187 ** Description: Creates the logical channel with lsc 188 ** Channel_id will be used for any communication with Lsc 189 ** 190 ** Returns: Success if ok. 191 ** 192 *******************************************************************************/ 193 LSCSTATUS LSC_SelectLsc(Lsc_ImageInfo_t* Os_info, LSCSTATUS status, 194 Lsc_TranscieveInfo_t* pTranscv_Info) { 195 static const char fn[] = "LSC_SelectLsc"; 196 197 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 198 199 if (Os_info == NULL || pTranscv_Info == NULL) { 200 ALOGE("%s: Invalid parameter", fn); 201 return LSCSTATUS_FAILED; 202 } 203 204 phNxpEse_data cmdApdu; 205 phNxpEse_data rspApdu; 206 207 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data)); 208 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data)); 209 210 uint8_t selectCnt = 3; 211 while ((selectCnt--) > 0) { 212 if (selectCnt == 2) { 213 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc( 214 ((ArrayOfAIDs[selectCnt - 1][0]) - 1) * sizeof(uint8_t)); 215 cmdApdu.len = (int32_t)ArrayOfAIDs[selectCnt - 1][0]; 216 } else { 217 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc( 218 ((ArrayOfAIDs[selectCnt][0]) - 1) * sizeof(uint8_t)); 219 cmdApdu.len = (int32_t)ArrayOfAIDs[selectCnt][0]; 220 } 221 222 cmdApdu.p_data[0] = Os_info->Channel_Info[0].channel_id; 223 224 memcpy(&(cmdApdu.p_data[1]), &ArrayOfAIDs[selectCnt][2], 225 ((ArrayOfAIDs[selectCnt][0]) - 1)); 226 227 /*If NFC/SPI Deinitialize requested*/ 228 ALOGD_IF(ese_debug_enabled, 229 "%s: Calling Secure Element Transceive with Loader service AID", 230 fn); 231 232 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu); 233 234 if (eseStat != ESESTATUS_SUCCESS && (rspApdu.len == 0x00)) { 235 status = LSCSTATUS_FAILED; 236 ALOGE("%s: SE transceive failed status = 0x%X", fn, status); 237 break; 238 } else if (((rspApdu.p_data[rspApdu.len - 2] == 0x90) && 239 (rspApdu.p_data[rspApdu.len - 1] == 0x00))) { 240 status = Process_SelectRsp(rspApdu.p_data, (rspApdu.len - 2)); 241 if (status != LSCSTATUS_SUCCESS) { 242 ALOGE("%s: Select Lsc Rsp doesnt have a valid key; status = 0x%X", fn, 243 status); 244 } 245 /*If AID is found which is successfully selected break while loop*/ 246 if (status == LSCSTATUS_SUCCESS) { 247 uint8_t totalLen = ArrayOfAIDs[selectCnt][0]; 248 uint8_t cnt = 0; 249 int32_t wStatus = 0; 250 status = LSCSTATUS_FAILED; 251 252 FILE* fAidMem = fopen(AID_MEM_PATH, "w+"); 253 254 if (fAidMem == NULL) { 255 ALOGE("Error opening AID data file for writing: %s", strerror(errno)); 256 phNxpEse_free(cmdApdu.p_data); 257 return status; 258 } 259 while (cnt <= totalLen) { 260 wStatus = fprintf(fAidMem, "%02x", ArrayOfAIDs[selectCnt][cnt++]); 261 if (wStatus != 2) { 262 ALOGE("%s: Error writing AID data to AID_MEM file: %s", fn, 263 strerror(errno)); 264 break; 265 } 266 } 267 if (wStatus == 2) status = LSCSTATUS_SUCCESS; 268 fclose(fAidMem); 269 break; 270 } 271 } else if (((rspApdu.p_data[rspApdu.len - 2] != 0x90))) { 272 /*Copy the response SW in failure case*/ 273 memcpy(&gsLsExecuteResp[2], &(rspApdu.p_data[rspApdu.len - 2]), 2); 274 } else { 275 status = LSCSTATUS_FAILED; 276 } 277 } 278 phNxpEse_free(cmdApdu.p_data); 279 phNxpEse_free(rspApdu.p_data); 280 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x%x", fn, status); 281 return status; 282 } 283 284 /******************************************************************************* 285 ** 286 ** Function: LSC_StoreData 287 ** 288 ** Description: It is used to provide the LSC with an Unique 289 ** Identifier of the Application that has triggered the LSC 290 *script. 291 ** 292 ** Returns: Success if ok. 293 ** 294 *******************************************************************************/ 295 LSCSTATUS LSC_StoreData(Lsc_ImageInfo_t* Os_info, LSCSTATUS status, 296 Lsc_TranscieveInfo_t* pTranscv_Info) { 297 static const char fn[] = "LSC_StoreData"; 298 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 299 if (Os_info == NULL || pTranscv_Info == NULL) { 300 ALOGE("%s: Invalid parameter", fn); 301 return LSCSTATUS_FAILED; 302 } 303 304 phNxpEse_data cmdApdu; 305 phNxpEse_data rspApdu; 306 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data)); 307 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data)); 308 cmdApdu.len = (int32_t)(5 + sizeof(gsStoreData)); 309 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t)); 310 311 uint32_t xx = 0; 312 int32_t len = 313 gsStoreData[1] + 2; //+2 offset is for tag value and length byte 314 cmdApdu.p_data[xx++] = STORE_DATA_CLA | (Os_info->Channel_Info[0].channel_id); 315 cmdApdu.p_data[xx++] = STORE_DATA_INS; 316 cmdApdu.p_data[xx++] = 0x00; // P1 317 cmdApdu.p_data[xx++] = 0x00; // P2 318 cmdApdu.p_data[xx++] = len; 319 memcpy(&(cmdApdu.p_data[xx]), gsStoreData, len); 320 321 ALOGD_IF(ese_debug_enabled, "%s: Calling Secure Element Transceive", fn); 322 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu); 323 324 if ((eseStat != ESESTATUS_SUCCESS) && (rspApdu.len == 0x00)) { 325 status = LSCSTATUS_FAILED; 326 ALOGE("%s: SE transceive failed status = 0x%X", fn, status); 327 } else if ((rspApdu.p_data[rspApdu.len - 2] == 0x90) && 328 (rspApdu.p_data[rspApdu.len - 1] == 0x00)) { 329 ALOGD_IF(ese_debug_enabled, "%s: STORE CMD is successful", fn); 330 status = LSCSTATUS_SUCCESS; 331 } else { 332 /*Copy the response SW in failure case*/ 333 memcpy(&gsLsExecuteResp[2], &(rspApdu.p_data[rspApdu.len - 2]), 2); 334 status = LSCSTATUS_FAILED; 335 } 336 phNxpEse_free(cmdApdu.p_data); 337 phNxpEse_free(rspApdu.p_data); 338 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x%x", fn, status); 339 return status; 340 } 341 342 /******************************************************************************* 343 ** 344 ** Function: LSC_loadapplet 345 ** 346 ** Description: Reads the script from the file and sent to Lsc 347 ** 348 ** Returns: Success if ok. 349 ** 350 *******************************************************************************/ 351 LSCSTATUS LSC_loadapplet(Lsc_ImageInfo_t* Os_info, LSCSTATUS status, 352 Lsc_TranscieveInfo_t* pTranscv_Info) { 353 static const char fn[] = "LSC_loadapplet"; 354 bool reachEOFCheck = false; 355 356 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 357 if (Os_info == NULL || pTranscv_Info == NULL) { 358 ALOGE("%s: Invalid parameter", fn); 359 return LSCSTATUS_FAILED; 360 } 361 if (Os_info->bytes_wrote == 0xAA) { 362 Os_info->fResp = fopen(Os_info->fls_RespPath, "a+"); 363 if (Os_info->fResp == NULL) { 364 ALOGE("%s: Error opening response recording file <%s> for reading: %s", 365 fn, Os_info->fls_path, strerror(errno)); 366 return LSCSTATUS_FAILED; 367 } 368 ALOGD_IF(ese_debug_enabled, 369 "%s: Response OUT FILE path is successfully created", fn); 370 } else { 371 ALOGD_IF(ese_debug_enabled, 372 "%s: Response Out file is optional as per input", fn); 373 } 374 375 Os_info->fp = fopen(Os_info->fls_path, "r"); 376 if (Os_info->fp == NULL) { 377 ALOGE("%s: Error opening OS image file <%s> for reading: %s", fn, 378 Os_info->fls_path, strerror(errno)); 379 return LSCSTATUS_FAILED; 380 } 381 int wResult = fseek(Os_info->fp, 0L, SEEK_END); 382 if (wResult) { 383 ALOGE("%s: Error seeking end OS image file %s", fn, strerror(errno)); 384 goto exit; 385 } 386 Os_info->fls_size = ftell(Os_info->fp); 387 if (Os_info->fls_size < 0) { 388 ALOGE("%s: Error ftelling file %s", fn, strerror(errno)); 389 goto exit; 390 } 391 wResult = fseek(Os_info->fp, 0L, SEEK_SET); 392 if (wResult) { 393 ALOGE("%s: Error seeking start image file %s", fn, strerror(errno)); 394 goto exit; 395 } 396 397 Os_info->bytes_read = 0; 398 status = LSC_Check_KeyIdentifier(Os_info, status, pTranscv_Info, NULL, 399 LSCSTATUS_FAILED, 0); 400 if (status != LSCSTATUS_SUCCESS) { 401 goto exit; 402 } 403 404 uint8_t len_byte, offset; 405 while (!feof(Os_info->fp) && (Os_info->bytes_read < Os_info->fls_size)) { 406 len_byte = 0; 407 offset = 0; 408 /*Check if the certificate/ is verified or not*/ 409 if (status != LSCSTATUS_SUCCESS) { 410 goto exit; 411 } 412 413 uint8_t temp_buf[1024]; 414 memset(temp_buf, 0, sizeof(temp_buf)); 415 status = LSC_ReadScript(Os_info, temp_buf); 416 if (status != LSCSTATUS_SUCCESS) { 417 goto exit; 418 } 419 /*Reset the flag in case further commands exists*/ 420 reachEOFCheck = false; 421 422 int32_t wLen = 0; 423 LSCSTATUS tag40_found = LSCSTATUS_SUCCESS; 424 if (temp_buf[offset] == TAG_LSC_CMD_ID) { 425 /* start sending the packet to Lsc */ 426 offset = offset + 1; 427 len_byte = Numof_lengthbytes(&temp_buf[offset], &wLen); 428 /* If the len data not present or len is less than or equal to 32 */ 429 if ((len_byte == 0) || (wLen <= 32)) { 430 ALOGE("%s: Invalid length zero", fn); 431 goto exit; 432 } 433 434 tag40_found = LSCSTATUS_SUCCESS; 435 offset = offset + len_byte; 436 pTranscv_Info->sSendlength = wLen; 437 memcpy(pTranscv_Info->sSendData, &temp_buf[offset], wLen); 438 439 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Comm); 440 if (status != LSCSTATUS_SUCCESS) { 441 /*When the switching of LS 6320 case*/ 442 if (status == LSCSTATUS_FILE_NOT_FOUND) { 443 /*When 6320 occurs close the existing channels*/ 444 LSC_CloseChannel(Os_info, status, pTranscv_Info); 445 446 status = LSCSTATUS_FAILED; 447 status = LSC_OpenChannel(Os_info, status, pTranscv_Info); 448 if (status == LSCSTATUS_SUCCESS) { 449 ALOGD_IF(ese_debug_enabled, 450 "%s: SUCCESS:Post Switching LS open channel", fn); 451 status = LSCSTATUS_FAILED; 452 status = LSC_SelectLsc(Os_info, status, pTranscv_Info); 453 if (status == LSCSTATUS_SUCCESS) { 454 ALOGD_IF(ese_debug_enabled, 455 "%s: SUCCESS:Post Switching LS select", fn); 456 status = LSCSTATUS_FAILED; 457 status = LSC_StoreData(Os_info, status, pTranscv_Info); 458 if (status == LSCSTATUS_SUCCESS) { 459 /*Enable certificate and signature verification*/ 460 tag40_found = LSCSTATUS_SUCCESS; 461 gsLsExecuteResp[2] = 0x90; 462 gsLsExecuteResp[3] = 0x00; 463 reachEOFCheck = true; 464 continue; 465 } 466 ALOGE("%s: Post Switching LS store data failure", fn); 467 } 468 ALOGE("%s: Post Switching LS select failure", fn); 469 } 470 ALOGE("%s: Post Switching LS failure", fn); 471 } 472 ALOGE("%s: Sending packet to lsc failed", fn); 473 goto exit; 474 } 475 } else if ((temp_buf[offset] == (0x7F)) && 476 (temp_buf[offset + 1] == (0x21))) { 477 ALOGD_IF(ese_debug_enabled, 478 "%s: TAGID: Encountered again certificate tag 7F21", fn); 479 if (tag40_found == LSCSTATUS_SUCCESS) { 480 ALOGD_IF(ese_debug_enabled, 481 "%s: 2nd Script processing starts with reselect", fn); 482 status = LSCSTATUS_FAILED; 483 status = LSC_SelectLsc(Os_info, status, pTranscv_Info); 484 if (status == LSCSTATUS_SUCCESS) { 485 ALOGD_IF(ese_debug_enabled, 486 "%s: 2nd Script select success next store data command", fn); 487 status = LSCSTATUS_FAILED; 488 status = LSC_StoreData(Os_info, status, pTranscv_Info); 489 if (status == LSCSTATUS_SUCCESS) { 490 ALOGD_IF(ese_debug_enabled, 491 "%s: 2nd Script store data success next certificate " 492 "verification", 493 fn); 494 offset = offset + 2; 495 len_byte = Numof_lengthbytes(&temp_buf[offset], &wLen); 496 status = LSC_Check_KeyIdentifier(Os_info, status, pTranscv_Info, 497 temp_buf, LSCSTATUS_SUCCESS, 498 wLen + len_byte + 2); 499 } 500 } 501 /*If the certificate and signature is verified*/ 502 if (status == LSCSTATUS_SUCCESS) { 503 /*If the certificate is verified for 6320 then new script starts*/ 504 tag40_found = LSCSTATUS_FAILED; 505 } else { 506 /*If the certificate or signature verification failed*/ 507 goto exit; 508 } 509 } else { 510 /*Already certificate&Sginature verified previously skip 7f21& tag 60*/ 511 memset(temp_buf, 0, sizeof(temp_buf)); 512 status = LSC_ReadScript(Os_info, temp_buf); 513 if (status != LSCSTATUS_SUCCESS) { 514 ALOGE("%s: Next Tag has to TAG 60 not found", fn); 515 goto exit; 516 } 517 if (temp_buf[offset] == TAG_JSBL_HDR_ID) 518 continue; 519 else 520 goto exit; 521 } 522 } else { 523 /* 524 * Invalid packet received in between stop processing packet 525 * return failed status 526 */ 527 status = LSCSTATUS_FAILED; 528 break; 529 } 530 } 531 if (Os_info->bytes_wrote == 0xAA) { 532 fclose(Os_info->fResp); 533 } 534 LSC_UpdateExeStatus(LS_SUCCESS_STATUS); 535 wResult = fclose(Os_info->fp); 536 ALOGD_IF(ese_debug_enabled, "%s: exit, status=0x%x", fn, status); 537 return status; 538 exit: 539 wResult = fclose(Os_info->fp); 540 if (Os_info->bytes_wrote == 0xAA) { 541 fclose(Os_info->fResp); 542 } 543 /*Script ends with SW 6320 and reached END OF FILE*/ 544 if (reachEOFCheck == true) { 545 status = LSCSTATUS_SUCCESS; 546 LSC_UpdateExeStatus(LS_SUCCESS_STATUS); 547 } 548 ALOGD_IF(ese_debug_enabled, "%s: exit; status= 0x%X", fn, status); 549 return status; 550 } 551 552 /******************************************************************************* 553 ** 554 ** Function: LSC_Check_KeyIdentifier 555 ** 556 ** Description: Checks and validates certificate 557 ** 558 ** Returns: Success if ok. 559 ** 560 *******************************************************************************/ 561 LSCSTATUS LSC_Check_KeyIdentifier(Lsc_ImageInfo_t* Os_info, LSCSTATUS status, 562 Lsc_TranscieveInfo_t* pTranscv_Info, 563 uint8_t* temp_buf, LSCSTATUS flag, 564 int32_t wNewLen) { 565 static const char fn[] = "LSC_Check_KeyIdentifier"; 566 status = LSCSTATUS_FAILED; 567 uint8_t read_buf[1024]; 568 uint16_t offset = 0, len_byte = 0; 569 int32_t wLen; 570 uint8_t certf_found = LSCSTATUS_FAILED; 571 572 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 573 574 while (!feof(Os_info->fp) && (Os_info->bytes_read < Os_info->fls_size)) { 575 offset = 0x00; 576 wLen = 0; 577 if (flag == LSCSTATUS_SUCCESS) { 578 /*If the 7F21 TAG is already read: After TAG 40*/ 579 memcpy(read_buf, temp_buf, wNewLen); 580 status = LSCSTATUS_SUCCESS; 581 flag = LSCSTATUS_FAILED; 582 } else { 583 /*If the 7F21 TAG is not read: Before TAG 40*/ 584 status = LSC_ReadScript(Os_info, read_buf); 585 } 586 if (status != LSCSTATUS_SUCCESS) return status; 587 if (LSCSTATUS_SUCCESS == 588 Check_Complete_7F21_Tag(Os_info, pTranscv_Info, read_buf, &offset)) { 589 ALOGD_IF(ese_debug_enabled, "%s: Certificate is verified", fn); 590 certf_found = LSCSTATUS_SUCCESS; 591 break; 592 } 593 /* 594 * The Loader Service Client ignores all subsequent commands starting by tag 595 * 7F21 or tag 60 until the first command starting by tag 40 is found 596 */ 597 else if (((read_buf[offset] == TAG_LSC_CMD_ID) && 598 (certf_found != LSCSTATUS_SUCCESS))) { 599 ALOGE("%s: NOT FOUND Root entity identifier's certificate", fn); 600 status = LSCSTATUS_FAILED; 601 return status; 602 } 603 } 604 memset(read_buf, 0, sizeof(read_buf)); 605 if (certf_found == LSCSTATUS_SUCCESS) { 606 offset = 0x00; 607 wLen = 0; 608 status = LSC_ReadScript(Os_info, read_buf); 609 if (status != LSCSTATUS_SUCCESS) return status; 610 if ((read_buf[offset] == TAG_JSBL_HDR_ID) && 611 (certf_found != LSCSTATUS_FAILED)) { 612 // TODO check the SElect cmd response and return status accordingly 613 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_JSBL_HDR_ID", fn); 614 offset = offset + 1; 615 len_byte = Numof_lengthbytes(&read_buf[offset], &wLen); 616 offset = offset + len_byte; 617 if (read_buf[offset] == TAG_SIGNATURE_ID) { 618 offset = offset + 1; 619 len_byte = Numof_lengthbytes(&read_buf[offset], &wLen); 620 offset = offset + len_byte; 621 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_SIGNATURE_ID", fn); 622 623 pTranscv_Info->sSendlength = wLen + 5; 624 625 pTranscv_Info->sSendData[0] = 0x00; 626 pTranscv_Info->sSendData[1] = 0xA0; 627 pTranscv_Info->sSendData[2] = 0x00; 628 pTranscv_Info->sSendData[3] = 0x00; 629 pTranscv_Info->sSendData[4] = wLen; 630 631 memcpy(&(pTranscv_Info->sSendData[5]), &read_buf[offset], wLen); 632 ALOGD_IF(ese_debug_enabled, "%s: start transceive for length %ld", fn, 633 (long)pTranscv_Info->sSendlength); 634 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Sign); 635 if (status != LSCSTATUS_SUCCESS) { 636 return status; 637 } 638 } 639 } else if (read_buf[offset] != TAG_JSBL_HDR_ID) { 640 status = LSCSTATUS_FAILED; 641 } 642 } else { 643 ALOGE("%s : Exit certificate verification failed", fn); 644 } 645 646 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status); 647 return status; 648 } 649 650 /******************************************************************************* 651 ** 652 ** Function: LSC_ReadScript 653 ** 654 ** Description: Reads the current line if the script 655 ** 656 ** Returns: Success if ok. 657 ** 658 *******************************************************************************/ 659 LSCSTATUS LSC_ReadScript(Lsc_ImageInfo_t* Os_info, uint8_t* read_buf) { 660 static const char fn[] = "LSC_ReadScript"; 661 int32_t wResult = 0, wCount, wIndex = 0; 662 663 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 664 665 for (wCount = 0; (wCount < 2 && !feof(Os_info->fp)); wCount++, wIndex++) { 666 wResult = FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]); 667 } 668 if (wResult == 0) return LSCSTATUS_FAILED; 669 670 Os_info->bytes_read = Os_info->bytes_read + (wCount * 2); 671 672 int32_t lenOff = 1; 673 if ((read_buf[0] == 0x7f) && (read_buf[1] == 0x21)) { 674 for (wCount = 0; (wCount < 1 && !feof(Os_info->fp)); wCount++, wIndex++) { 675 wResult = 676 FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]); 677 } 678 if (wResult == 0) { 679 ALOGE("%s: Exit Read Script failed in 7F21 ", fn); 680 return LSCSTATUS_FAILED; 681 } 682 /*Read_Script from wCount*2 to wCount*1 */ 683 Os_info->bytes_read = Os_info->bytes_read + (wCount * 2); 684 lenOff = 2; 685 } else if ((read_buf[0] == 0x40) || (read_buf[0] == 0x60)) { 686 lenOff = 1; 687 } else { 688 /*If TAG is neither 7F21 nor 60 nor 40 then ABORT execution*/ 689 ALOGE("%s: Invalid TAG 0x%X found in the script", fn, read_buf[0]); 690 return LSCSTATUS_FAILED; 691 } 692 693 uint8_t len_byte = 0; 694 int32_t wLen; 695 if (read_buf[lenOff] == 0x00) { 696 ALOGE("%s: Invalid length zero", fn); 697 len_byte = 0x00; 698 return LSCSTATUS_FAILED; 699 } else if ((read_buf[lenOff] & 0x80) == 0x80) { 700 len_byte = read_buf[lenOff] & 0x0F; 701 len_byte = len_byte + 1; // 1 byte added for byte 0x81 702 703 ALOGD_IF(ese_debug_enabled, "%s: Length byte Read from 0x80 is 0x%x ", fn, 704 len_byte); 705 706 if (len_byte == 0x02) { 707 for (wCount = 0; (wCount < 1 && !feof(Os_info->fp)); wCount++, wIndex++) { 708 wResult = 709 FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]); 710 } 711 if (wResult == 0) { 712 ALOGE("%s: Exit Read Script failed in length 0x02 ", fn); 713 return LSCSTATUS_FAILED; 714 } 715 716 wLen = read_buf[lenOff + 1]; 717 Os_info->bytes_read = Os_info->bytes_read + (wCount * 2); 718 ALOGD_IF(ese_debug_enabled, 719 "%s: Length of Read Script in len_byte= 0x02 is 0x%x ", fn, 720 wLen); 721 } else if (len_byte == 0x03) { 722 for (wCount = 0; (wCount < 2 && !feof(Os_info->fp)); wCount++, wIndex++) { 723 wResult = 724 FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]); 725 } 726 if (wResult == 0) { 727 ALOGE("%s: Exit Read Script failed in length 0x03 ", fn); 728 return LSCSTATUS_FAILED; 729 } 730 731 Os_info->bytes_read = Os_info->bytes_read + (wCount * 2); 732 wLen = read_buf[lenOff + 1]; // Length of the packet send to LSC 733 wLen = ((wLen << 8) | (read_buf[lenOff + 2])); 734 ALOGD_IF(ese_debug_enabled, 735 "%s: Length of Read Script in len_byte= 0x03 is 0x%x ", fn, 736 wLen); 737 } else { 738 /*Need to provide the support if length is more than 2 bytes*/ 739 ALOGE("Length recived is greater than 3"); 740 return LSCSTATUS_FAILED; 741 } 742 } else { 743 len_byte = 0x01; 744 wLen = read_buf[lenOff]; 745 ALOGE("%s: Length of Read Script in len_byte= 0x01 is 0x%x ", fn, wLen); 746 } 747 748 for (wCount = 0; (wCount < wLen && !feof(Os_info->fp)); wCount++, wIndex++) { 749 wResult = FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]); 750 } 751 752 if (wResult == 0) { 753 ALOGE("%s: Exit Read Script failed in fscanf function ", fn); 754 return LSCSTATUS_FAILED; 755 } 756 Os_info->bytes_read = 757 Os_info->bytes_read + (wCount * 2) + 1; // not sure why 2 added 758 759 ALOGD_IF(ese_debug_enabled, "%s: exit: Num of bytes read=%d and index=%d", fn, 760 Os_info->bytes_read, wIndex); 761 762 return LSCSTATUS_SUCCESS; 763 } 764 765 /******************************************************************************* 766 ** 767 ** Function: LSC_SendtoEse 768 ** 769 ** Description: It is used to send the packet to p61 770 ** 771 ** Returns: Success if ok. 772 ** 773 *******************************************************************************/ 774 LSCSTATUS LSC_SendtoEse(Lsc_ImageInfo_t* Os_info, LSCSTATUS status, 775 Lsc_TranscieveInfo_t* pTranscv_Info) { 776 static const char fn[] = "LSC_SendtoEse"; 777 bool chanl_open_cmd = false; 778 779 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 780 781 /* Bufferize_load_cmds function is implemented in JCOP */ 782 status = Bufferize_load_cmds(Os_info, status, pTranscv_Info); 783 if (status != LSCSTATUS_FAILED) { 784 if (pTranscv_Info->sSendData[1] == 0x70) { 785 if (pTranscv_Info->sSendData[2] == 0x00) { 786 chanl_open_cmd = true; 787 } else { 788 for (uint8_t cnt = 0; cnt < Os_info->channel_cnt; cnt++) { 789 if (Os_info->Channel_Info[cnt].channel_id == 790 pTranscv_Info->sSendData[3]) { 791 ALOGD_IF(ese_debug_enabled, "%s: channel 0%x closed", fn, 792 Os_info->Channel_Info[cnt].channel_id); 793 Os_info->Channel_Info[cnt].isOpend = false; 794 } 795 } 796 } 797 } 798 799 phNxpEse_data cmdApdu; 800 phNxpEse_data rspApdu; 801 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data)); 802 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data)); 803 804 cmdApdu.len = (int32_t)(pTranscv_Info->sSendlength); 805 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t)); 806 memcpy(cmdApdu.p_data, pTranscv_Info->sSendData, cmdApdu.len); 807 808 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu); 809 810 if (eseStat != ESESTATUS_SUCCESS) { 811 ALOGE("%s: Transceive failed; status=0x%X", fn, eseStat); 812 status = LSCSTATUS_FAILED; 813 } else { 814 if (chanl_open_cmd && (rspApdu.len == 0x03) && 815 ((rspApdu.p_data[rspApdu.len - 2] == 0x90) && 816 (rspApdu.p_data[rspApdu.len - 1] == 0x00))) { 817 ALOGD_IF(ese_debug_enabled, "%s: open channel success", fn); 818 uint8_t cnt = Os_info->channel_cnt; 819 Os_info->Channel_Info[cnt].channel_id = rspApdu.p_data[rspApdu.len - 3]; 820 Os_info->Channel_Info[cnt].isOpend = true; 821 Os_info->channel_cnt++; 822 } 823 memcpy(pTranscv_Info->sRecvData, rspApdu.p_data, rspApdu.len); 824 status = Process_EseResponse(pTranscv_Info, rspApdu.len, Os_info); 825 phNxpEse_free(cmdApdu.p_data); 826 phNxpEse_free(rspApdu.p_data); 827 } 828 } else if (gsSendBack_cmds == false) { 829 /* Workaround for issue in JCOP, send the fake response back */ 830 int32_t recvBufferActualSize = 0x03; 831 pTranscv_Info->sRecvData[0] = 0x00; 832 pTranscv_Info->sRecvData[1] = 0x90; 833 pTranscv_Info->sRecvData[2] = 0x00; 834 status = Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info); 835 } else { 836 if (gsIslastcmdLoad == true) { 837 status = Send_Backall_Loadcmds(Os_info, status, pTranscv_Info); 838 gsSendBack_cmds = false; 839 } else { 840 memset(gsCmd_Buffer, 0, sizeof(gsCmd_Buffer)); 841 gsSendBack_cmds = false; 842 status = LSCSTATUS_FAILED; 843 } 844 } 845 846 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status); 847 return status; 848 } 849 850 /******************************************************************************* 851 ** 852 ** Function: LSC_SendtoLsc 853 ** 854 ** Description: It is used to forward the packet to Lsc 855 ** 856 ** Returns: Success if ok. 857 ** 858 *******************************************************************************/ 859 LSCSTATUS LSC_SendtoLsc(Lsc_ImageInfo_t* Os_info, LSCSTATUS status, 860 Lsc_TranscieveInfo_t* pTranscv_Info, Ls_TagType tType) { 861 static const char fn[] = "LSC_SendtoLsc"; 862 863 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 864 pTranscv_Info->sSendData[0] = (0x80 | Os_info->Channel_Info[0].channel_id); 865 pTranscv_Info->timeout = gsTransceiveTimeout; 866 pTranscv_Info->sRecvlength = 1024; 867 868 phNxpEse_data cmdApdu; 869 phNxpEse_data rspApdu; 870 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data)); 871 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data)); 872 cmdApdu.len = pTranscv_Info->sSendlength; 873 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t)); 874 memcpy(cmdApdu.p_data, pTranscv_Info->sSendData, cmdApdu.len); 875 876 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu); 877 878 if (eseStat != ESESTATUS_SUCCESS) { 879 ALOGE("%s: Transceive failed; status=0x%X", fn, eseStat); 880 status = LSCSTATUS_FAILED; 881 } else { 882 memcpy(pTranscv_Info->sRecvData, rspApdu.p_data, rspApdu.len); 883 status = LSC_ProcessResp(Os_info, rspApdu.len, pTranscv_Info, tType); 884 } 885 phNxpEse_free(cmdApdu.p_data); 886 phNxpEse_free(rspApdu.p_data); 887 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status); 888 return status; 889 } 890 891 /******************************************************************************* 892 ** 893 ** Function: LSC_CloseChannel 894 ** 895 ** Description: Closes the previously opened logical channel 896 ** 897 ** Returns: Success if ok. 898 ** 899 *******************************************************************************/ 900 LSCSTATUS LSC_CloseChannel(Lsc_ImageInfo_t* Os_info, LSCSTATUS status, 901 Lsc_TranscieveInfo_t* pTranscv_Info) { 902 static const char fn[] = "LSC_CloseChannel"; 903 status = LSCSTATUS_FAILED; 904 905 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 906 907 if (Os_info == NULL || pTranscv_Info == NULL) { 908 ALOGE("%s: Invalid parameter", fn); 909 return LSCSTATUS_FAILED; 910 } 911 for (uint8_t cnt = 0; (cnt < Os_info->channel_cnt); cnt++) { 912 phNxpEse_data cmdApdu; 913 phNxpEse_data rspApdu; 914 915 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data)); 916 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data)); 917 918 cmdApdu.len = 5; 919 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t)); 920 if (!Os_info->Channel_Info[cnt].isOpend) continue; 921 uint8_t xx = 0; 922 cmdApdu.p_data[xx++] = Os_info->Channel_Info[cnt].channel_id; 923 cmdApdu.p_data[xx++] = 0x70; 924 cmdApdu.p_data[xx++] = 0x80; 925 cmdApdu.p_data[xx++] = Os_info->Channel_Info[cnt].channel_id; 926 cmdApdu.p_data[xx++] = 0x00; 927 928 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu); 929 930 if (eseStat != ESESTATUS_SUCCESS || rspApdu.len < 2) { 931 ALOGD_IF(ese_debug_enabled, "%s: Transceive failed; status=0x%X", fn, 932 eseStat); 933 } else if ((rspApdu.p_data[rspApdu.len - 2] == 0x90) && 934 (rspApdu.p_data[rspApdu.len - 1] == 0x00)) { 935 ALOGD_IF(ese_debug_enabled, "%s: Close channel id = 0x0%x success", fn, 936 Os_info->Channel_Info[cnt].channel_id); 937 status = LSCSTATUS_SUCCESS; 938 } else { 939 ALOGD_IF(ese_debug_enabled, "%s: Close channel id = 0x0%x failed", fn, 940 Os_info->Channel_Info[cnt].channel_id); 941 } 942 phNxpEse_free(cmdApdu.p_data); 943 phNxpEse_free(rspApdu.p_data); 944 } 945 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x0%x", fn, status); 946 return status; 947 } 948 949 /******************************************************************************* 950 ** 951 ** Function: LSC_ProcessResp 952 ** 953 ** Description: Process the response packet received from Lsc 954 ** 955 ** Returns: Success if ok. 956 ** 957 *******************************************************************************/ 958 LSCSTATUS LSC_ProcessResp(Lsc_ImageInfo_t* image_info, int32_t recvlen, 959 Lsc_TranscieveInfo_t* trans_info, Ls_TagType tType) { 960 static const char fn[] = "LSC_ProcessResp"; 961 uint8_t* RecvData = trans_info->sRecvData; 962 963 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 964 965 if (RecvData == NULL && recvlen == 0x00) { 966 ALOGE("%s: Invalid parameter.", fn); 967 return LSCSTATUS_FAILED; 968 } else if (recvlen < 2) { 969 ALOGE("%s: Invalid response.", fn); 970 return LSCSTATUS_FAILED; 971 } 972 973 char sw[2]; 974 sw[0] = RecvData[recvlen - 2]; 975 sw[1] = RecvData[recvlen - 1]; 976 ALOGD_IF(ese_debug_enabled, "%s: Process Response SW, status = 0x%2X%2X", fn, 977 sw[0], sw[1]); 978 979 /*Update the Global variable for storing response length*/ 980 gsResp_len = recvlen; 981 if (sw[0] != 0x63) { 982 gsLsExecuteResp[2] = sw[0]; 983 gsLsExecuteResp[3] = sw[1]; 984 } 985 986 LSCSTATUS status = LSCSTATUS_FAILED; 987 if ((recvlen == 0x02) && (sw[0] == 0x90) && (sw[1] == 0x00)) { 988 status = Write_Response_To_OutFile(image_info, RecvData, recvlen, tType); 989 } else if ((recvlen > 0x02) && (sw[0] == 0x90) && (sw[1] == 0x00)) { 990 status = Write_Response_To_OutFile(image_info, RecvData, recvlen, tType); 991 } else if ((recvlen > 0x02) && (sw[0] == 0x63) && (sw[1] == 0x10)) { 992 static int32_t temp_len = 0; 993 if (temp_len != 0) { 994 memcpy((trans_info->sTemp_recvbuf + temp_len), RecvData, (recvlen - 2)); 995 trans_info->sSendlength = temp_len + (recvlen - 2); 996 memcpy(trans_info->sSendData, trans_info->sTemp_recvbuf, 997 trans_info->sSendlength); 998 temp_len = 0; 999 } else { 1000 memcpy(trans_info->sSendData, RecvData, (recvlen - 2)); 1001 trans_info->sSendlength = recvlen - 2; 1002 } 1003 status = LSC_SendtoEse(image_info, status, trans_info); 1004 } else if ((recvlen > 0x02) && (sw[0] == 0x63) && (sw[1] == 0x20)) { 1005 uint8_t aid_array[22]; 1006 aid_array[0] = recvlen + 3; 1007 aid_array[1] = 00; 1008 aid_array[2] = 0xA4; 1009 aid_array[3] = 0x04; 1010 aid_array[4] = 0x00; 1011 aid_array[5] = recvlen - 2; 1012 memcpy(&aid_array[6], &RecvData[0], recvlen - 2); 1013 memcpy(&ArrayOfAIDs[2][0], &aid_array[0], recvlen + 4); 1014 1015 FILE* fAidMem = fopen(AID_MEM_PATH, "w"); 1016 1017 if (fAidMem == NULL) { 1018 ALOGE("%s: Error opening AID data for writing: %s", fn, strerror(errno)); 1019 return LSCSTATUS_FAILED; 1020 } 1021 1022 /*Updating the AID_MEM with new value into AID file*/ 1023 uint8_t respLen = 0; 1024 int32_t wStatus = 0; 1025 while (respLen <= (recvlen + 4)) { 1026 wStatus = fprintf(fAidMem, "%2x", aid_array[respLen++]); 1027 if (wStatus != 2) { 1028 ALOGE("%s: Invalid Response during fprintf; status=0x%x", fn, wStatus); 1029 fclose(fAidMem); 1030 break; 1031 } 1032 } 1033 if (wStatus == 2) { 1034 status = LSCSTATUS_FILE_NOT_FOUND; 1035 } else { 1036 status = LSCSTATUS_FAILED; 1037 } 1038 } else if ((recvlen >= 0x02) && 1039 ((sw[0] != 0x90) && (sw[0] != 0x63) && (sw[0] != 0x61))) { 1040 Write_Response_To_OutFile(image_info, RecvData, recvlen, tType); 1041 } 1042 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status); 1043 return status; 1044 } 1045 1046 /******************************************************************************* 1047 ** 1048 ** Function: Process_EseResponse 1049 ** 1050 ** Description: It is used to process the received response packet from ESE 1051 ** 1052 ** Returns: Success if ok. 1053 ** 1054 *******************************************************************************/ 1055 LSCSTATUS Process_EseResponse(Lsc_TranscieveInfo_t* pTranscv_Info, 1056 int32_t recv_len, Lsc_ImageInfo_t* Os_info) { 1057 static const char fn[] = "Process_EseResponse"; 1058 LSCSTATUS status = LSCSTATUS_SUCCESS; 1059 uint8_t xx = 0; 1060 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 1061 1062 pTranscv_Info->sSendData[xx++] = 1063 (CLA_BYTE | Os_info->Channel_Info[0].channel_id); 1064 pTranscv_Info->sSendData[xx++] = 0xA2; 1065 1066 if (recv_len <= 0xFF) { 1067 pTranscv_Info->sSendData[xx++] = 0x80; 1068 pTranscv_Info->sSendData[xx++] = 0x00; 1069 pTranscv_Info->sSendData[xx++] = (uint8_t)recv_len; 1070 memcpy(&(pTranscv_Info->sSendData[xx]), pTranscv_Info->sRecvData, recv_len); 1071 pTranscv_Info->sSendlength = xx + recv_len; 1072 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Comm); 1073 } else { 1074 while (recv_len > MAX_SIZE) { 1075 xx = PARAM_P1_OFFSET; 1076 pTranscv_Info->sSendData[xx++] = 0x00; 1077 pTranscv_Info->sSendData[xx++] = 0x00; 1078 pTranscv_Info->sSendData[xx++] = MAX_SIZE; 1079 recv_len = recv_len - MAX_SIZE; 1080 memcpy(&(pTranscv_Info->sSendData[xx]), pTranscv_Info->sRecvData, 1081 MAX_SIZE); 1082 pTranscv_Info->sSendlength = xx + MAX_SIZE; 1083 /* 1084 * Need not store Process eSE response's response in the out file so 1085 * LS_Comm = 0 1086 */ 1087 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Comm); 1088 if (status != LSCSTATUS_SUCCESS) { 1089 ALOGE("%s: Sending packet to Lsc failed: status=0x%x", fn, status); 1090 return status; 1091 } 1092 } 1093 xx = PARAM_P1_OFFSET; 1094 pTranscv_Info->sSendData[xx++] = LAST_BLOCK; 1095 pTranscv_Info->sSendData[xx++] = 0x01; 1096 pTranscv_Info->sSendData[xx++] = recv_len; 1097 memcpy(&(pTranscv_Info->sSendData[xx]), pTranscv_Info->sRecvData, recv_len); 1098 pTranscv_Info->sSendlength = xx + recv_len; 1099 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Comm); 1100 } 1101 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status); 1102 return status; 1103 } 1104 1105 /******************************************************************************* 1106 ** 1107 ** Function: Process_SelectRsp 1108 ** 1109 ** Description: It is used to process the received response for SELECT LSC 1110 ** cmd. 1111 ** 1112 ** Returns: Success if ok. 1113 ** 1114 *******************************************************************************/ 1115 LSCSTATUS Process_SelectRsp(uint8_t* Recv_data, int32_t Recv_len) { 1116 static const char fn[] = "Process_SelectRsp"; 1117 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 1118 1119 if (Recv_len < 2) { 1120 ALOGE("%s: Invalid response length %d", fn, Recv_len); 1121 return LSCSTATUS_FAILED; 1122 } 1123 1124 int i = 0; 1125 if (Recv_data[i] != TAG_SELECT_ID) { 1126 ALOGE("%s: Invalid FCI TAG = 0x%x", fn, Recv_data[i]); 1127 return LSCSTATUS_FAILED; 1128 } 1129 i++; 1130 int len = Recv_data[i++]; 1131 if (Recv_len < len + 2) { 1132 ALOGE("%s: Invalid response length %d", fn, Recv_len); 1133 return LSCSTATUS_FAILED; 1134 } 1135 if (Recv_data[i] != TAG_LSC_ID) { 1136 ALOGE("%s: Invalid Loader Service AID TAG ID = 0x%x", fn, Recv_data[i]); 1137 return LSCSTATUS_FAILED; 1138 } 1139 i++; 1140 len = Recv_data[i]; 1141 i = i + 1 + len; // points to next tag name A5 1142 // points to TAG 9F08 for LS application version 1143 if ((Recv_data[i] != TAG_LS_VER1) || (Recv_data[i + 1] != TAG_LS_VER2)) { 1144 ALOGE("%s: Invalid LS Version = 0x%2X%2X", fn, Recv_data[i], 1145 Recv_data[i + 1]); 1146 return LSCSTATUS_FAILED; 1147 } 1148 uint8_t lsaVersionLen = 0; 1149 i = i + 2; 1150 lsaVersionLen = Recv_data[i]; 1151 // points to TAG 9F08 LS application version 1152 i++; 1153 // points to Identifier of the Root Entity key set identifier 1154 i = i + lsaVersionLen; 1155 1156 if (Recv_data[i] != TAG_RE_KEYID) { 1157 ALOGE("%s: Invalid Root entity key set TAG ID = 0x%x", fn, Recv_data[i]); 1158 return LSCSTATUS_FAILED; 1159 } 1160 1161 i = i + 2; 1162 if (Recv_data[i] != TAG_LSRE_ID) { 1163 ALOGE("%s: Invalid Root entity for TAG 42 = 0x%x", fn, Recv_data[i]); 1164 return LSCSTATUS_FAILED; 1165 } 1166 i++; 1167 uint8_t tag42Len = Recv_data[i]; 1168 // copy the data including length 1169 memcpy(gsTag42Arr, &Recv_data[i], tag42Len + 1); 1170 i = i + tag42Len + 1; 1171 ALOGD_IF(ese_debug_enabled, "%s: gsTag42Arr %s", fn, gsTag42Arr); 1172 if (Recv_data[i] != TAG_LSRE_SIGNID) { 1173 ALOGE("%s: Invalid Root entity for TAG 45 = 0x%x", fn, Recv_data[i]); 1174 return LSCSTATUS_FAILED; 1175 } 1176 uint8_t tag45Len = Recv_data[i + 1]; 1177 memcpy(gsTag45Arr, &Recv_data[i + 1], tag45Len + 1); 1178 ALOGD_IF(ese_debug_enabled, "%s: Exiting", fn); 1179 return LSCSTATUS_SUCCESS; 1180 } 1181 1182 LSCSTATUS Bufferize_load_cmds(__attribute__((unused)) Lsc_ImageInfo_t* Os_info, 1183 __attribute__((unused)) LSCSTATUS status, 1184 Lsc_TranscieveInfo_t* pTranscv_Info) { 1185 static const char fn[] = "Bufferize_load_cmds"; 1186 1187 if (gsCmd_count == 0x00) { 1188 if ((pTranscv_Info->sSendData[1] == INSTAL_LOAD_ID) && 1189 (pTranscv_Info->sSendData[2] == PARAM_P1_OFFSET) && 1190 (pTranscv_Info->sSendData[3] == 0x00)) { 1191 ALOGD_IF(ese_debug_enabled, "%s: BUffer: install for load", fn); 1192 gspBuffer[0] = pTranscv_Info->sSendlength; 1193 memcpy(&gspBuffer[1], &(pTranscv_Info->sSendData[0]), 1194 pTranscv_Info->sSendlength); 1195 gspBuffer = gspBuffer + pTranscv_Info->sSendlength + 1; 1196 gsCmd_count++; 1197 return LSCSTATUS_FAILED; 1198 } 1199 /* Do not buffer this cmd, Send to eSE */ 1200 return LSCSTATUS_SUCCESS; 1201 } else { 1202 uint8_t Param_P2 = gsCmd_count - 1; 1203 if ((pTranscv_Info->sSendData[1] == LOAD_CMD_ID) && 1204 (pTranscv_Info->sSendData[2] == LOAD_MORE_BLOCKS) && 1205 (pTranscv_Info->sSendData[3] == Param_P2)) { 1206 ALOGD_IF(ese_debug_enabled, "%s: BUffer: load", fn); 1207 gspBuffer[0] = pTranscv_Info->sSendlength; 1208 memcpy(&gspBuffer[1], &(pTranscv_Info->sSendData[0]), 1209 pTranscv_Info->sSendlength); 1210 gspBuffer = gspBuffer + pTranscv_Info->sSendlength + 1; 1211 gsCmd_count++; 1212 } else if ((pTranscv_Info->sSendData[1] == LOAD_CMD_ID) && 1213 (pTranscv_Info->sSendData[2] == LOAD_LAST_BLOCK) && 1214 (pTranscv_Info->sSendData[3] == Param_P2)) { 1215 ALOGD_IF(ese_debug_enabled, "%s: BUffer: last load", fn); 1216 gsSendBack_cmds = true; 1217 gspBuffer[0] = pTranscv_Info->sSendlength; 1218 memcpy(&gspBuffer[1], &(pTranscv_Info->sSendData[0]), 1219 pTranscv_Info->sSendlength); 1220 gspBuffer = gspBuffer + pTranscv_Info->sSendlength + 1; 1221 gsCmd_count++; 1222 gsIslastcmdLoad = true; 1223 } else { 1224 ALOGD_IF(ese_debug_enabled, "%s: BUffer: Not a load cmd", fn); 1225 gsSendBack_cmds = true; 1226 gspBuffer[0] = pTranscv_Info->sSendlength; 1227 memcpy(&gspBuffer[1], &(pTranscv_Info->sSendData[0]), 1228 pTranscv_Info->sSendlength); 1229 gspBuffer = gspBuffer + pTranscv_Info->sSendlength + 1; 1230 gsIslastcmdLoad = false; 1231 gsCmd_count++; 1232 } 1233 } 1234 ALOGD_IF(ese_debug_enabled, "%s: exit", fn); 1235 return LSCSTATUS_FAILED; 1236 } 1237 1238 LSCSTATUS Send_Backall_Loadcmds(Lsc_ImageInfo_t* Os_info, LSCSTATUS status, 1239 Lsc_TranscieveInfo_t* pTranscv_Info) { 1240 static const char fn[] = "Send_Backall_Loadcmds"; 1241 status = LSCSTATUS_FAILED; 1242 1243 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 1244 gspBuffer = gsCmd_Buffer; // Points to start of first cmd to send 1245 if (gsCmd_count == 0x00) { 1246 ALOGD_IF(ese_debug_enabled, "%s: No cmds stored to send to eSE", fn); 1247 } else { 1248 while (gsCmd_count-- > 0) { 1249 phNxpEse_data cmdApdu; 1250 phNxpEse_data rspApdu; 1251 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data)); 1252 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data)); 1253 1254 cmdApdu.len = (int32_t)(gspBuffer[0]); 1255 cmdApdu.p_data = 1256 (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t)); 1257 gspBuffer = gspBuffer + 1 + cmdApdu.len; 1258 1259 memcpy(cmdApdu.p_data, &gspBuffer[1], cmdApdu.len); 1260 1261 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu); 1262 memcpy(pTranscv_Info->sRecvData, rspApdu.p_data, rspApdu.len); 1263 int32_t recvBufferActualSize = rspApdu.len; 1264 phNxpEse_free(cmdApdu.p_data); 1265 phNxpEse_free(rspApdu.p_data); 1266 1267 if (eseStat != LSCSTATUS_SUCCESS || (recvBufferActualSize < 2)) { 1268 ALOGE("%s: Transceive failed; status=0x%X", fn, eseStat); 1269 } else if (gsCmd_count == 0x00) { 1270 // Last command in the buffer 1271 if (gsIslastcmdLoad == false) { 1272 status = 1273 Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info); 1274 } else if ((recvBufferActualSize == 0x02) && 1275 (pTranscv_Info->sRecvData[recvBufferActualSize - 2] == 1276 0x90) && 1277 (pTranscv_Info->sRecvData[recvBufferActualSize - 1] == 1278 0x00)) { 1279 recvBufferActualSize = 0x03; 1280 pTranscv_Info->sRecvData[0] = 0x00; 1281 pTranscv_Info->sRecvData[1] = 0x90; 1282 pTranscv_Info->sRecvData[2] = 0x00; 1283 status = 1284 Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info); 1285 } else { 1286 status = 1287 Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info); 1288 } 1289 } else if ((recvBufferActualSize == 0x02) && 1290 (pTranscv_Info->sRecvData[0] == 0x90) && 1291 (pTranscv_Info->sRecvData[1] == 0x00)) { 1292 /*response ok without data, send next command in the buffer*/ 1293 } else if ((recvBufferActualSize == 0x03) && 1294 (pTranscv_Info->sRecvData[0] == 0x00) && 1295 (pTranscv_Info->sRecvData[1] == 0x90) && 1296 (pTranscv_Info->sRecvData[2] == 0x00)) { 1297 /*response ok without data, send next command in the buffer*/ 1298 } else if ((pTranscv_Info->sRecvData[recvBufferActualSize - 2] != 0x90) && 1299 (pTranscv_Info->sRecvData[recvBufferActualSize - 1] != 0x00)) { 1300 /*Error condition hence exiting the loop*/ 1301 status = 1302 Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info); 1303 /*If the sending of Load fails reset the count*/ 1304 gsCmd_count = 0; 1305 break; 1306 } 1307 } 1308 } 1309 memset(gsCmd_Buffer, 0, sizeof(gsCmd_Buffer)); 1310 gspBuffer = gsCmd_Buffer; // point back to start of line 1311 gsCmd_count = 0x00; 1312 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status); 1313 return status; 1314 } 1315 /******************************************************************************* 1316 ** 1317 ** Function: Numof_lengthbytes 1318 ** 1319 ** Description: Checks the number of length bytes and assigns 1320 ** length value to wLen. 1321 ** 1322 ** Returns: Number of Length bytes 1323 ** 1324 *******************************************************************************/ 1325 uint8_t Numof_lengthbytes(uint8_t* read_buf, int32_t* pLen) { 1326 static const char fn[] = "Numof_lengthbytes"; 1327 uint8_t len_byte = 0; 1328 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 1329 1330 if (read_buf[0] == 0x00) { 1331 ALOGE("%s: Invalid length zero", fn); 1332 len_byte = 0x00; 1333 } else if ((read_buf[0] & 0x80) == 0x80) { 1334 len_byte = read_buf[0] & 0x0F; 1335 len_byte = len_byte + 1; // 1 byte added for byte 0x81 1336 } else { 1337 len_byte = 0x01; 1338 } 1339 1340 /* To get the length of the value field */ 1341 int32_t wLen = 0; 1342 switch (len_byte) { 1343 case 0: 1344 wLen = read_buf[0]; 1345 break; 1346 case 1: 1347 /*1st byte is the length*/ 1348 wLen = read_buf[0]; 1349 break; 1350 case 2: 1351 /*2nd byte is the length*/ 1352 wLen = read_buf[1]; 1353 break; 1354 case 3: 1355 /*1st and 2nd bytes are length*/ 1356 wLen = read_buf[1]; 1357 wLen = ((wLen << 8) | (read_buf[2])); 1358 break; 1359 case 4: 1360 /*3bytes are the length*/ 1361 wLen = read_buf[1]; 1362 wLen = ((wLen << 16) | (read_buf[2] << 8)); 1363 wLen = (wLen | (read_buf[3])); 1364 break; 1365 default: 1366 ALOGE("%s: Invalid length %d.", fn, len_byte); 1367 break; 1368 } 1369 1370 *pLen = wLen; 1371 ALOGD_IF(ese_debug_enabled, "%s: exit; len_bytes=0x0%x, Length=%d", fn, 1372 len_byte, *pLen); 1373 return len_byte; 1374 } 1375 1376 /******************************************************************************* 1377 ** 1378 ** Function: Write_Response_To_OutFile 1379 ** 1380 ** Description: Write the response to Out file 1381 ** with length recvlen from buffer RecvData. 1382 ** 1383 ** Returns: Success if OK 1384 ** 1385 *******************************************************************************/ 1386 LSCSTATUS Write_Response_To_OutFile(Lsc_ImageInfo_t* image_info, 1387 uint8_t* RecvData, int32_t recvlen, 1388 Ls_TagType tType) { 1389 static const char fn[] = "Write_Response_to_OutFile"; 1390 1391 ALOGD_IF(ese_debug_enabled, "%s: Enter", fn); 1392 /*If the Response out file is NULL or Other than LS commands*/ 1393 if ((image_info->bytes_wrote == 0x55) || (tType == LS_Default)) { 1394 return LSCSTATUS_SUCCESS; 1395 } 1396 1397 uint8_t tag43Len = 1; 1398 /*Certificate TAG occupies 2 bytes*/ 1399 if (tType == LS_Cert) { 1400 tag43Len = 2; 1401 } 1402 1403 /* |TAG|LEN| VAL | 1404 * |61 |XX |TAG|LEN| VAL |TAG| LEN | VAL | 1405 * |43 |1/2|7F21/60/40|44 |apduRespLen|apduResponse| 1406 */ 1407 int32_t tag44Len = 0; 1408 uint8_t ucTag44[3] = {0x00, 0x00, 0x00}; 1409 int32_t tag61Len = 0; 1410 uint8_t tag43off = 0; 1411 uint8_t tag44off = 0; 1412 uint8_t tagLen = 0; 1413 uint8_t tagBuffer[12] = {0x61, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 1414 if (recvlen < 0x80) { 1415 tag44Len = 1; 1416 ucTag44[0] = recvlen; 1417 tag61Len = recvlen + 4 + tag43Len; 1418 1419 if (tag61Len & 0x80) { 1420 tagBuffer[1] = 0x81; 1421 tagBuffer[2] = tag61Len; 1422 tag43off = 3; 1423 tag44off = 5 + tag43Len; 1424 tagLen = tag44off + 2; 1425 } else { 1426 tagBuffer[1] = tag61Len; 1427 tag43off = 2; 1428 tag44off = 4 + tag43Len; 1429 tagLen = tag44off + 2; 1430 } 1431 } else if ((recvlen >= 0x80) && (recvlen <= 0xFF)) { 1432 ucTag44[0] = 0x81; 1433 ucTag44[1] = recvlen; 1434 tag61Len = recvlen + 5 + tag43Len; 1435 tag44Len = 2; 1436 1437 if ((tag61Len & 0xFF00) != 0) { 1438 tagBuffer[1] = 0x82; 1439 tagBuffer[2] = (tag61Len & 0xFF00) >> 8; 1440 tagBuffer[3] = (tag61Len & 0xFF); 1441 tag43off = 4; 1442 tag44off = 6 + tag43Len; 1443 tagLen = tag44off + 3; 1444 } else { 1445 tagBuffer[1] = 0x81; 1446 tagBuffer[2] = (tag61Len & 0xFF); 1447 tag43off = 3; 1448 tag44off = 5 + tag43Len; 1449 tagLen = tag44off + 3; 1450 } 1451 } else if ((recvlen > 0xFF) && (recvlen <= 0xFFFF)) { 1452 ucTag44[0] = 0x82; 1453 ucTag44[1] = (recvlen & 0xFF00) >> 8; 1454 ucTag44[2] = (recvlen & 0xFF); 1455 tag44Len = 3; 1456 1457 tag61Len = recvlen + 6 + tag43Len; 1458 1459 if ((tag61Len & 0xFF00) != 0) { 1460 tagBuffer[1] = 0x82; 1461 tagBuffer[2] = (tag61Len & 0xFF00) >> 8; 1462 tagBuffer[3] = (tag61Len & 0xFF); 1463 tag43off = 4; 1464 tag44off = 6 + tag43Len; 1465 tagLen = tag44off + 4; 1466 } 1467 } 1468 tagBuffer[tag43off] = 0x43; 1469 tagBuffer[tag43off + 1] = tag43Len; 1470 tagBuffer[tag44off] = 0x44; 1471 memcpy(&tagBuffer[tag44off + 1], &ucTag44[0], tag44Len); 1472 1473 if (tType == LS_Cert) { 1474 tagBuffer[tag43off + 2] = 0x7F; 1475 tagBuffer[tag43off + 3] = 0x21; 1476 } else if (tType == LS_Sign) { 1477 tagBuffer[tag43off + 2] = 0x60; 1478 } else if (tType == LS_Comm) { 1479 tagBuffer[tag43off + 2] = 0x40; 1480 } else { 1481 /*Do nothing*/ 1482 } 1483 1484 uint8_t tempLen = 0; 1485 LSCSTATUS wStatus = LSCSTATUS_FAILED; 1486 int32_t status = 0; 1487 while (tempLen < tagLen) { 1488 status = fprintf(image_info->fResp, "%02X", tagBuffer[tempLen++]); 1489 if (status != 2) { 1490 ALOGE("%s: Invalid Response during fprintf; status=0x%x", fn, (status)); 1491 wStatus = LSCSTATUS_FAILED; 1492 break; 1493 } 1494 } 1495 /*Updating the response data into out script*/ 1496 int32_t respLen = 0; 1497 while (respLen < recvlen) { 1498 status = fprintf(image_info->fResp, "%02X", RecvData[respLen++]); 1499 if (status != 2) { 1500 ALOGE("%s: Invalid Response during fprintf; status=0x%x", fn, (status)); 1501 wStatus = LSCSTATUS_FAILED; 1502 break; 1503 } 1504 } 1505 if (status == 2) { 1506 fprintf(image_info->fResp, "%s\n", ""); 1507 ALOGD_IF(ese_debug_enabled, 1508 "%s: SUCCESS Response written to script out file", fn); 1509 wStatus = LSCSTATUS_SUCCESS; 1510 } 1511 fflush(image_info->fResp); 1512 return wStatus; 1513 } 1514 1515 /******************************************************************************* 1516 ** 1517 ** Function: Check_Certificate_Tag 1518 ** 1519 ** Description: Check certificate Tag presence in script 1520 ** by 7F21 . 1521 ** 1522 ** Returns: Success if Tag found 1523 ** 1524 *******************************************************************************/ 1525 LSCSTATUS Check_Certificate_Tag(uint8_t* read_buf, uint16_t* offset1) { 1526 static const char fn[] = "Check_Certificate_Tag"; 1527 uint16_t offset = *offset1; 1528 1529 if (((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_CERTIFICATE)) { 1530 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_CERTIFICATE", fn); 1531 int32_t wLen; 1532 offset = offset + 2; 1533 uint16_t len_byte = Numof_lengthbytes(&read_buf[offset], &wLen); 1534 offset = offset + len_byte; 1535 *offset1 = offset; 1536 if (wLen <= MAX_CERT_LEN) return LSCSTATUS_SUCCESS; 1537 } 1538 return LSCSTATUS_FAILED; 1539 } 1540 1541 /******************************************************************************* 1542 ** 1543 ** Function: Check_SerialNo_Tag 1544 ** 1545 ** Description: Check Serial number Tag presence in script 1546 ** by 0x93 . 1547 ** 1548 ** Returns: Success if Tag found 1549 ** 1550 *******************************************************************************/ 1551 LSCSTATUS Check_SerialNo_Tag(uint8_t* read_buf, uint16_t* offset1) { 1552 static const char fn[] = "Check_SerialNo_Tag"; 1553 uint16_t offset = *offset1; 1554 1555 if (read_buf[offset] == TAG_SERIAL_NO) { 1556 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_SERIAL_NO", fn); 1557 uint8_t serNoLen = read_buf[offset + 1]; 1558 offset = offset + serNoLen + 2; 1559 *offset1 = offset; 1560 ALOGD_IF(ese_debug_enabled, "%s: TAG_LSROOT_ENTITY is %x", fn, 1561 read_buf[offset]); 1562 return LSCSTATUS_SUCCESS; 1563 } 1564 return LSCSTATUS_FAILED; 1565 } 1566 1567 /******************************************************************************* 1568 ** 1569 ** Function: Check_LSRootID_Tag 1570 ** 1571 ** Description: Check LS root ID tag presence in script and compare with 1572 ** select response root ID value. 1573 ** 1574 ** Returns: Success if Tag found 1575 ** 1576 *******************************************************************************/ 1577 LSCSTATUS Check_LSRootID_Tag(uint8_t* read_buf, uint16_t* offset1) { 1578 static const char fn[] = "Check_LSRootID_Tag"; 1579 uint16_t offset = *offset1; 1580 1581 if (read_buf[offset] == TAG_LSRE_ID) { 1582 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_LSROOT_ENTITY", fn); 1583 if (gsTag42Arr[0] == read_buf[offset + 1]) { 1584 uint8_t tag42Len = read_buf[offset + 1]; 1585 offset = offset + 2; 1586 if (!memcmp(&read_buf[offset], &gsTag42Arr[1], gsTag42Arr[0])) { 1587 ALOGD_IF(ese_debug_enabled, "%s : TAG 42 verified", fn); 1588 offset = offset + tag42Len; 1589 *offset1 = offset; 1590 return LSCSTATUS_SUCCESS; 1591 } 1592 } 1593 } 1594 return LSCSTATUS_FAILED; 1595 } 1596 1597 /******************************************************************************* 1598 ** 1599 ** Function: Check_CertHoldID_Tag 1600 ** 1601 ** Description: Check certificate holder ID tag presence in script. 1602 ** 1603 ** Returns: Success if Tag found 1604 ** 1605 *******************************************************************************/ 1606 LSCSTATUS Check_CertHoldID_Tag(uint8_t* read_buf, uint16_t* offset1) { 1607 static const char fn[] = "Check_CertHoldID_Tag"; 1608 uint16_t offset = *offset1; 1609 1610 if ((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_CERTFHOLD_ID) { 1611 uint8_t certfHoldIDLen = 0; 1612 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_CERTFHOLD_ID", fn); 1613 certfHoldIDLen = read_buf[offset + 2]; 1614 offset = offset + certfHoldIDLen + 3; 1615 if (read_buf[offset] == TAG_KEY_USAGE) { 1616 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_KEY_USAGE", fn); 1617 uint8_t keyusgLen = read_buf[offset + 1]; 1618 offset = offset + keyusgLen + 2; 1619 *offset1 = offset; 1620 return LSCSTATUS_SUCCESS; 1621 } 1622 } 1623 return LSCSTATUS_FAILED; 1624 } 1625 1626 /******************************************************************************* 1627 ** 1628 ** Function: Check_Date_Tag 1629 ** 1630 ** Description: Check date tags presence in script. 1631 ** 1632 ** Returns: Success if Tag found 1633 ** 1634 *******************************************************************************/ 1635 LSCSTATUS Check_Date_Tag(uint8_t* read_buf, uint16_t* offset1) { 1636 static const char fn[] = "Check_Date_Tag"; 1637 LSCSTATUS status = LSCSTATUS_FAILED; 1638 uint16_t offset = *offset1; 1639 1640 if ((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_EFF_DATE) { 1641 uint8_t effDateLen = read_buf[offset + 2]; 1642 offset = offset + 3 + effDateLen; 1643 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_EFF_DATE", fn); 1644 if ((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_EXP_DATE) { 1645 uint8_t effExpLen = read_buf[offset + 2]; 1646 offset = offset + 3 + effExpLen; 1647 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_EXP_DATE", fn); 1648 status = LSCSTATUS_SUCCESS; 1649 } else if (read_buf[offset] == TAG_LSRE_SIGNID) { 1650 status = LSCSTATUS_SUCCESS; 1651 } 1652 } else if ((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_EXP_DATE) { 1653 uint8_t effExpLen = read_buf[offset + 2]; 1654 offset = offset + 3 + effExpLen; 1655 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_EXP_DATE", fn); 1656 status = LSCSTATUS_SUCCESS; 1657 } else if (read_buf[offset] == TAG_LSRE_SIGNID) { 1658 status = LSCSTATUS_SUCCESS; 1659 } else { 1660 /*LSCSTATUS_FAILED*/ 1661 } 1662 *offset1 = offset; 1663 return status; 1664 } 1665 1666 /******************************************************************************* 1667 ** 1668 ** Function: Check_45_Tag 1669 ** 1670 ** Description: Check 45 tags presence in script and compare the value 1671 ** with select response tag 45 value 1672 ** 1673 ** Returns: Success if Tag found 1674 ** 1675 *******************************************************************************/ 1676 LSCSTATUS Check_45_Tag(uint8_t* read_buf, uint16_t* offset1, 1677 uint8_t* tag45Len) { 1678 static const char fn[] = "Check_45_Tag"; 1679 uint16_t offset = *offset1; 1680 if (read_buf[offset] == TAG_LSRE_SIGNID) { 1681 *tag45Len = read_buf[offset + 1]; 1682 offset = offset + 2; 1683 if (gsTag45Arr[0] == *tag45Len) { 1684 if (!memcmp(&read_buf[offset], &gsTag45Arr[1], gsTag45Arr[0])) { 1685 *offset1 = offset; 1686 ALOGD_IF(ese_debug_enabled, 1687 "%s: LSC_Check_KeyIdentifier : TAG 45 verified", fn); 1688 return LSCSTATUS_SUCCESS; 1689 } 1690 } 1691 } 1692 return LSCSTATUS_FAILED; 1693 } 1694 1695 /******************************************************************************* 1696 ** 1697 ** Function: Certificate_Verification 1698 ** 1699 ** Description: Perform the certificate verification by forwarding it to 1700 ** LS applet. 1701 ** 1702 ** Returns: Success if certificate is verified 1703 ** 1704 *******************************************************************************/ 1705 LSCSTATUS Certificate_Verification(Lsc_ImageInfo_t* Os_info, 1706 Lsc_TranscieveInfo_t* pTranscv_Info, 1707 uint8_t* read_buf, uint16_t* offset1, 1708 uint8_t* tag45Len) { 1709 static const char fn[] = "Certificate_Verification"; 1710 1711 pTranscv_Info->sSendData[0] = 0x80; 1712 pTranscv_Info->sSendData[1] = 0xA0; 1713 pTranscv_Info->sSendData[2] = 0x01; 1714 pTranscv_Info->sSendData[3] = 0x00; 1715 1716 int32_t wCertfLen = (read_buf[2] << 8 | read_buf[3]); 1717 uint16_t offset = *offset1; 1718 /*If the certificate is less than 255 bytes*/ 1719 if (wCertfLen <= 251) { 1720 uint8_t tag7f49Off = 0; 1721 uint8_t u7f49Len = 0; 1722 uint8_t tag5f37Len = 0; 1723 ALOGD_IF(ese_debug_enabled, "%s: Certificate is less than 255", fn); 1724 offset = offset + *tag45Len; 1725 ALOGD_IF(ese_debug_enabled, "%s: Before TAG_CCM_PERMISSION = %x", fn, 1726 read_buf[offset]); 1727 if (read_buf[offset] != TAG_CCM_PERMISSION) { 1728 return LSCSTATUS_FAILED; 1729 } 1730 int32_t tag53Len = 0; 1731 uint8_t len_byte = 0; 1732 offset = offset + 1; 1733 len_byte = Numof_lengthbytes(&read_buf[offset], &tag53Len); 1734 offset = offset + tag53Len + len_byte; 1735 ALOGD_IF(ese_debug_enabled, "%s: Verified TAG TAG_CCM_PERMISSION = 0x53", 1736 fn); 1737 if ((uint16_t)(read_buf[offset] << 8 | read_buf[offset + 1]) != 1738 TAG_SIG_RNS_COMP) { 1739 return LSCSTATUS_FAILED; 1740 } 1741 tag7f49Off = offset; 1742 u7f49Len = read_buf[offset + 2]; 1743 offset = offset + 3 + u7f49Len; 1744 if (u7f49Len != 64) { 1745 return LSCSTATUS_FAILED; 1746 } 1747 if ((uint16_t)(read_buf[offset] << 8 | read_buf[offset + 1]) != 0x7f49) { 1748 return LSCSTATUS_FAILED; 1749 } 1750 tag5f37Len = read_buf[offset + 2]; 1751 if (read_buf[offset + 3] != 0x86 || (read_buf[offset + 4] != 65)) { 1752 return LSCSTATUS_FAILED; 1753 } 1754 uint8_t tag_len_byte = Numof_lengthbytes(&read_buf[2], &wCertfLen); 1755 pTranscv_Info->sSendData[4] = wCertfLen + 2 + tag_len_byte; 1756 pTranscv_Info->sSendlength = wCertfLen + 7 + tag_len_byte; 1757 memcpy(&(pTranscv_Info->sSendData[5]), &read_buf[0], 1758 wCertfLen + 2 + tag_len_byte); 1759 1760 ALOGD_IF(ese_debug_enabled, "%s: start transceive for length %d", fn, 1761 pTranscv_Info->sSendlength); 1762 LSCSTATUS status = LSCSTATUS_FAILED; 1763 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Cert); 1764 if (status == LSCSTATUS_SUCCESS) { 1765 ALOGD_IF(ese_debug_enabled, "%s: Certificate is verified", fn); 1766 } 1767 return status; 1768 } else { 1769 /*If the certificate is more than 255 bytes*/ 1770 uint8_t tag7f49Off = 0; 1771 uint8_t u7f49Len = 0; 1772 uint8_t tag5f37Len = 0; 1773 ALOGD_IF(ese_debug_enabled, "%s: Certificate is greater than 255", fn); 1774 offset = offset + *tag45Len; 1775 ALOGD_IF(ese_debug_enabled, "%s: Before TAG_CCM_PERMISSION = %x", fn, 1776 read_buf[offset]); 1777 if (read_buf[offset] != TAG_CCM_PERMISSION) { 1778 return LSCSTATUS_FAILED; 1779 } 1780 int32_t tag53Len = 0; 1781 uint8_t len_byte = 0; 1782 offset = offset + 1; 1783 len_byte = Numof_lengthbytes(&read_buf[offset], &tag53Len); 1784 offset = offset + tag53Len + len_byte; 1785 ALOGD_IF(ese_debug_enabled, "%s: Verified TAG TAG_CCM_PERMISSION = 0x53", 1786 fn); 1787 if ((uint16_t)(read_buf[offset] << 8 | read_buf[offset + 1]) != 1788 TAG_SIG_RNS_COMP) { 1789 return LSCSTATUS_FAILED; 1790 } 1791 tag7f49Off = offset; 1792 u7f49Len = read_buf[offset + 2]; 1793 offset = offset + 3 + u7f49Len; 1794 if (u7f49Len != 64) { 1795 return LSCSTATUS_FAILED; 1796 } 1797 if ((uint16_t)(read_buf[offset] << 8 | read_buf[offset + 1]) != 0x7f49) { 1798 return LSCSTATUS_FAILED; 1799 } 1800 tag5f37Len = read_buf[offset + 2]; 1801 if (read_buf[offset + 3] != 0x86 || (read_buf[offset + 4] != 65)) { 1802 return LSCSTATUS_FAILED; 1803 } 1804 pTranscv_Info->sSendData[4] = tag7f49Off; 1805 memcpy(&(pTranscv_Info->sSendData[5]), &read_buf[0], tag7f49Off); 1806 pTranscv_Info->sSendlength = tag7f49Off + 5; 1807 ALOGD_IF(ese_debug_enabled, "%s: start transceive for length %d", fn, 1808 pTranscv_Info->sSendlength); 1809 1810 LSCSTATUS status = LSCSTATUS_FAILED; 1811 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Default); 1812 if (status != LSCSTATUS_SUCCESS) { 1813 uint8_t* RecvData = pTranscv_Info->sRecvData; 1814 Write_Response_To_OutFile(Os_info, RecvData, gsResp_len, LS_Cert); 1815 return status; 1816 } 1817 1818 pTranscv_Info->sSendData[2] = 0x00; 1819 pTranscv_Info->sSendData[4] = u7f49Len + tag5f37Len + 6; 1820 memcpy(&(pTranscv_Info->sSendData[5]), &read_buf[tag7f49Off], 1821 u7f49Len + tag5f37Len + 6); 1822 pTranscv_Info->sSendlength = u7f49Len + tag5f37Len + 11; 1823 ALOGD_IF(ese_debug_enabled, "%s: start transceive for length %d", fn, 1824 pTranscv_Info->sSendlength); 1825 1826 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Cert); 1827 if (status == LSCSTATUS_SUCCESS) { 1828 ALOGD_IF(ese_debug_enabled, "Certificate is verified"); 1829 } 1830 return status; 1831 } 1832 return LSCSTATUS_FAILED; 1833 } 1834 1835 /******************************************************************************* 1836 ** 1837 ** Function: Check_Complete_7F21_Tag 1838 ** 1839 ** Description: Traverses the 7F21 tag for verification of each sub tag with 1840 ** in the 7F21 tag. 1841 ** 1842 ** Returns: Success if all tags are verified 1843 ** 1844 *******************************************************************************/ 1845 LSCSTATUS Check_Complete_7F21_Tag(Lsc_ImageInfo_t* Os_info, 1846 Lsc_TranscieveInfo_t* pTranscv_Info, 1847 uint8_t* read_buf, uint16_t* offset) { 1848 static const char fn[] = "Check_Complete_7F21_Tag"; 1849 1850 if (LSCSTATUS_SUCCESS != Check_Certificate_Tag(read_buf, offset)) { 1851 ALOGE("%s: FAILED in Check_Certificate_Tag", fn); 1852 return LSCSTATUS_FAILED; 1853 } 1854 if (LSCSTATUS_SUCCESS != Check_SerialNo_Tag(read_buf, offset)) { 1855 ALOGE("%s: FAILED in Check_SerialNo_Tag", fn); 1856 return LSCSTATUS_FAILED; 1857 } 1858 if (LSCSTATUS_SUCCESS != Check_LSRootID_Tag(read_buf, offset)) { 1859 ALOGE("%s: FAILED in Check_LSRootID_Tag", fn); 1860 return LSCSTATUS_FAILED; 1861 } 1862 if (LSCSTATUS_SUCCESS != Check_CertHoldID_Tag(read_buf, offset)) { 1863 ALOGE("%s: FAILED in Check_CertHoldID_Tag", fn); 1864 return LSCSTATUS_FAILED; 1865 } 1866 if (LSCSTATUS_SUCCESS != Check_Date_Tag(read_buf, offset)) { 1867 ALOGE("%s: FAILED in Check_CertHoldID_Tag", fn); 1868 return LSCSTATUS_FAILED; 1869 } 1870 uint8_t tag45Len = 0; 1871 if (LSCSTATUS_SUCCESS != Check_45_Tag(read_buf, offset, &tag45Len)) { 1872 ALOGE("%s: FAILED in Check_CertHoldID_Tag", fn); 1873 return LSCSTATUS_FAILED; 1874 } 1875 if (LSCSTATUS_SUCCESS != Certificate_Verification(Os_info, pTranscv_Info, 1876 read_buf, offset, 1877 &tag45Len)) { 1878 ALOGE("%s: FAILED in Certificate_Verification", fn); 1879 return LSCSTATUS_FAILED; 1880 } 1881 return LSCSTATUS_SUCCESS; 1882 } 1883 1884 /******************************************************************************* 1885 ** 1886 ** Function: LSC_UpdateExeStatus 1887 ** 1888 ** Description: Updates LSC status to a file 1889 ** 1890 ** Returns: true if success else false 1891 ** 1892 *******************************************************************************/ 1893 bool LSC_UpdateExeStatus(uint16_t status) { 1894 static const char fn[] = "LSC_UpdateExeStatus"; 1895 1896 ALOGD_IF(ese_debug_enabled, "%s: enter", fn); 1897 1898 FILE* fLsStatus = fopen(LS_STATUS_PATH, "w+"); 1899 if (fLsStatus == NULL) { 1900 ALOGE("%s: Error opening LS Status file for backup: %s", fn, 1901 strerror(errno)); 1902 return false; 1903 } 1904 if ((fprintf(fLsStatus, "%04x", status)) != 4) { 1905 ALOGE("%s: Error updating LS Status backup: %s", fn, strerror(errno)); 1906 fclose(fLsStatus); 1907 return false; 1908 } 1909 fclose(fLsStatus); 1910 ALOGD_IF(ese_debug_enabled, "%s: exit", fn); 1911 return true; 1912 } 1913 1914 /******************************************************************************* 1915 ** 1916 ** Function: Get_LsStatus 1917 ** 1918 ** Description: Interface to fetch Loader service client status to JNI, 1919 ** Services 1920 ** 1921 ** Returns: SUCCESS/FAILURE 1922 ** 1923 *******************************************************************************/ 1924 LSCSTATUS Get_LsStatus(uint8_t* pStatus) { 1925 static const char fn[] = "Get_LsStatus"; 1926 1927 FILE* fLsStatus = fopen(LS_STATUS_PATH, "r"); 1928 if (fLsStatus == NULL) { 1929 ALOGE("%s: Error opening LS Status file for backup: %s", fn, 1930 strerror(errno)); 1931 return LSCSTATUS_FAILED; 1932 } 1933 1934 uint8_t lsStatus[2] = {0x63, 0x40}; 1935 for (uint8_t loopcnt = 0; loopcnt < 2; loopcnt++) { 1936 if ((FSCANF_BYTE(fLsStatus, "%2x", &lsStatus[loopcnt])) == 0) { 1937 ALOGE("%s: Error updating LS Status backup: %s", fn, strerror(errno)); 1938 fclose(fLsStatus); 1939 return LSCSTATUS_FAILED; 1940 } 1941 } 1942 ALOGD_IF(ese_debug_enabled, "%s: LS Status 0x%X 0x%X", fn, lsStatus[0], 1943 lsStatus[1]); 1944 memcpy(pStatus, lsStatus, 2); 1945 fclose(fLsStatus); 1946 return LSCSTATUS_SUCCESS; 1947 } 1948
