1 /*******************************************************************************
2 *
3 * Copyright 2018 NXP
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18 #define LOG_TAG "LSClient"
19 #include <LsClient.h>
20 #include <LsLib.h>
21 #include <errno.h>
22 #include <log/log.h>
23 #include <stdlib.h>
24 #include <string.h>
25
26 extern bool ese_debug_enabled;
27
28 static int32_t gsTransceiveTimeout = 120000;
29 static uint8_t gsCmd_Buffer[64 * 1024];
30 static int32_t gsCmd_count = 0;
31 static bool gsIslastcmdLoad;
32 static bool gsSendBack_cmds = false;
33 static uint8_t* gspBuffer;
34 static uint8_t gsStoreData[22];
35 static uint8_t gsTag42Arr[17];
36 static uint8_t gsTag45Arr[9];
37 static uint8_t gsLsExecuteResp[4];
38 static int32_t gsResp_len = 0;
39
40 LSCSTATUS(*Applet_load_seqhandler[])
41 (Lsc_ImageInfo_t* pContext, LSCSTATUS status, Lsc_TranscieveInfo_t* pInfo) = {
42 LSC_OpenChannel, LSC_SelectLsc, LSC_StoreData, LSC_loadapplet, NULL};
43
44 /*******************************************************************************
45 **
46 ** Function: Perform_LSC
47 **
48 ** Description: Performs the LSC download sequence
49 **
50 ** Returns: Success if ok.
51 **
52 *******************************************************************************/
Perform_LSC(const char * name,const char * dest,const uint8_t * pdata,uint16_t len,uint8_t * respSW)53 LSCSTATUS Perform_LSC(const char* name, const char* dest, const uint8_t* pdata,
54 uint16_t len, uint8_t* respSW) {
55 static const char fn[] = "Perform_LSC";
56 ALOGD_IF(ese_debug_enabled, "%s: enter; sha-len=%d", fn, len);
57 if ((pdata == NULL) || (len == 0x00)) {
58 ALOGE("%s: Invalid SHA-data", fn);
59 return LSCSTATUS_FAILED;
60 }
61 gsStoreData[0] = STORE_DATA_TAG;
62 gsStoreData[1] = len;
63 memcpy(&gsStoreData[2], pdata, len);
64 LSCSTATUS status = LSC_update_seq_handler(Applet_load_seqhandler, name, dest);
65 if ((status != LSCSTATUS_SUCCESS) && (gsLsExecuteResp[2] == 0x90) &&
66 (gsLsExecuteResp[3] == 0x00)) {
67 gsLsExecuteResp[2] = LS_ABORT_SW1;
68 gsLsExecuteResp[3] = LS_ABORT_SW2;
69 }
70 memcpy(&respSW[0], &gsLsExecuteResp[0], 4);
71 ALOGD_IF(ese_debug_enabled, "%s: lsExecuteScript Response SW=%2x%2x", fn,
72 gsLsExecuteResp[2], gsLsExecuteResp[3]);
73
74 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x0%x", fn, status);
75 return status;
76 }
77
78 /*******************************************************************************
79 **
80 ** Function: LSC_update_seq_handler
81 **
82 ** Description: Performs the LSC update sequence handler sequence
83 **
84 ** Returns: Success if ok.
85 **
86 *******************************************************************************/
LSC_update_seq_handler(LSCSTATUS (* seq_handler[])(Lsc_ImageInfo_t * pContext,LSCSTATUS status,Lsc_TranscieveInfo_t * pInfo),const char * name,const char * dest)87 LSCSTATUS LSC_update_seq_handler(
88 LSCSTATUS (*seq_handler[])(Lsc_ImageInfo_t* pContext, LSCSTATUS status,
89 Lsc_TranscieveInfo_t* pInfo),
90 const char* name, const char* dest) {
91 static const char fn[] = "LSC_update_seq_handler";
92 Lsc_ImageInfo_t update_info;
93
94 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
95 memset(&update_info, 0, sizeof(Lsc_ImageInfo_t));
96 if (dest != NULL) {
97 strcat(update_info.fls_RespPath, dest);
98 ALOGD_IF(ese_debug_enabled,
99 "%s: Loader Service response data path/destination: %s", fn, dest);
100 update_info.bytes_wrote = 0xAA;
101 } else {
102 update_info.bytes_wrote = 0x55;
103 }
104 if ((LSC_UpdateExeStatus(LS_DEFAULT_STATUS)) != true) {
105 return LSCSTATUS_FAILED;
106 }
107 // memcpy(update_info.fls_path, (char*)Lsc_path, sizeof(Lsc_path));
108 strcat(update_info.fls_path, name);
109 ALOGD_IF(ese_debug_enabled, "Selected applet to install is: %s",
110 update_info.fls_path);
111
112 uint16_t seq_counter = 0;
113 LSCSTATUS status = LSCSTATUS_FAILED;
114 Lsc_TranscieveInfo_t trans_info;
115 memset(&trans_info, 0, sizeof(Lsc_TranscieveInfo_t));
116 while ((seq_handler[seq_counter]) != NULL) {
117 status = (*(seq_handler[seq_counter]))(&update_info, status, &trans_info);
118 if (LSCSTATUS_SUCCESS != status) {
119 ALOGE("%s: exiting; status=0x0%X", fn, status);
120 break;
121 }
122 seq_counter++;
123 }
124
125 LSC_CloseChannel(&update_info, LSCSTATUS_FAILED, &trans_info);
126 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x%x", fn, status);
127 return status;
128 }
129
130 /*******************************************************************************
131 **
132 ** Function: LSC_OpenChannel
133 **
134 ** Description: Creates the logical channel with lsc
135 **
136 ** Returns: Success if ok.
137 **
138 *******************************************************************************/
LSC_OpenChannel(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info)139 LSCSTATUS LSC_OpenChannel(Lsc_ImageInfo_t* Os_info, LSCSTATUS status,
140 Lsc_TranscieveInfo_t* pTranscv_Info) {
141 static const char fn[] = "LSC_OpenChannel";
142
143 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
144 if (Os_info == NULL || pTranscv_Info == NULL) {
145 ALOGE("%s: Invalid parameter", fn);
146 return LSCSTATUS_FAILED;
147 }
148 phNxpEse_data cmdApdu;
149 phNxpEse_data rspApdu;
150 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data));
151 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data));
152 cmdApdu.len = (int32_t)sizeof(OpenChannel);
153 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t));
154 memcpy(cmdApdu.p_data, OpenChannel, cmdApdu.len);
155
156 ALOGD_IF(ese_debug_enabled, "%s: Calling Secure Element Transceive", fn);
157 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu);
158
159 if (eseStat != ESESTATUS_SUCCESS && (rspApdu.len < 0x03)) {
160 if (rspApdu.len == 0x02)
161 memcpy(&gsLsExecuteResp[2], &rspApdu.p_data[rspApdu.len - 2], 2);
162 status = LSCSTATUS_FAILED;
163 ALOGE("%s: SE transceive failed status = 0x%X", fn, status);
164 } else if (((rspApdu.p_data[rspApdu.len - 2] != 0x90) &&
165 (rspApdu.p_data[rspApdu.len - 1] != 0x00))) {
166 memcpy(&gsLsExecuteResp[2], &rspApdu.p_data[rspApdu.len - 2], 2);
167 status = LSCSTATUS_FAILED;
168 ALOGE("%s: invalid response = 0x%X", fn, status);
169 } else {
170 uint8_t cnt = Os_info->channel_cnt;
171 Os_info->Channel_Info[cnt].channel_id = rspApdu.p_data[rspApdu.len - 3];
172 Os_info->Channel_Info[cnt].isOpend = true;
173 Os_info->channel_cnt++;
174 status = LSCSTATUS_SUCCESS;
175 }
176
177 phNxpEse_free(cmdApdu.p_data);
178 phNxpEse_free(rspApdu.p_data);
179 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x%x", fn, status);
180 return status;
181 }
182
183 /*******************************************************************************
184 **
185 ** Function: LSC_SelectLsc
186 **
187 ** Description: Creates the logical channel with lsc
188 ** Channel_id will be used for any communication with Lsc
189 **
190 ** Returns: Success if ok.
191 **
192 *******************************************************************************/
LSC_SelectLsc(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info)193 LSCSTATUS LSC_SelectLsc(Lsc_ImageInfo_t* Os_info, LSCSTATUS status,
194 Lsc_TranscieveInfo_t* pTranscv_Info) {
195 static const char fn[] = "LSC_SelectLsc";
196
197 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
198
199 if (Os_info == NULL || pTranscv_Info == NULL) {
200 ALOGE("%s: Invalid parameter", fn);
201 return LSCSTATUS_FAILED;
202 }
203
204 phNxpEse_data cmdApdu;
205 phNxpEse_data rspApdu;
206
207 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data));
208 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data));
209
210 uint8_t selectCnt = 3;
211 while ((selectCnt--) > 0) {
212 if (selectCnt == 2) {
213 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(
214 ((ArrayOfAIDs[selectCnt - 1][0]) - 1) * sizeof(uint8_t));
215 cmdApdu.len = (int32_t)ArrayOfAIDs[selectCnt - 1][0];
216 } else {
217 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(
218 ((ArrayOfAIDs[selectCnt][0]) - 1) * sizeof(uint8_t));
219 cmdApdu.len = (int32_t)ArrayOfAIDs[selectCnt][0];
220 }
221
222 cmdApdu.p_data[0] = Os_info->Channel_Info[0].channel_id;
223
224 memcpy(&(cmdApdu.p_data[1]), &ArrayOfAIDs[selectCnt][2],
225 ((ArrayOfAIDs[selectCnt][0]) - 1));
226
227 /*If NFC/SPI Deinitialize requested*/
228 ALOGD_IF(ese_debug_enabled,
229 "%s: Calling Secure Element Transceive with Loader service AID",
230 fn);
231
232 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu);
233
234 if (eseStat != ESESTATUS_SUCCESS && (rspApdu.len == 0x00)) {
235 status = LSCSTATUS_FAILED;
236 ALOGE("%s: SE transceive failed status = 0x%X", fn, status);
237 break;
238 } else if (((rspApdu.p_data[rspApdu.len - 2] == 0x90) &&
239 (rspApdu.p_data[rspApdu.len - 1] == 0x00))) {
240 status = Process_SelectRsp(rspApdu.p_data, (rspApdu.len - 2));
241 if (status != LSCSTATUS_SUCCESS) {
242 ALOGE("%s: Select Lsc Rsp doesnt have a valid key; status = 0x%X", fn,
243 status);
244 }
245 /*If AID is found which is successfully selected break while loop*/
246 if (status == LSCSTATUS_SUCCESS) {
247 uint8_t totalLen = ArrayOfAIDs[selectCnt][0];
248 uint8_t cnt = 0;
249 int32_t wStatus = 0;
250 status = LSCSTATUS_FAILED;
251
252 FILE* fAidMem = fopen(AID_MEM_PATH, "w+");
253
254 if (fAidMem == NULL) {
255 ALOGE("Error opening AID data file for writing: %s", strerror(errno));
256 phNxpEse_free(cmdApdu.p_data);
257 return status;
258 }
259 while (cnt <= totalLen) {
260 wStatus = fprintf(fAidMem, "%02x", ArrayOfAIDs[selectCnt][cnt++]);
261 if (wStatus != 2) {
262 ALOGE("%s: Error writing AID data to AID_MEM file: %s", fn,
263 strerror(errno));
264 break;
265 }
266 }
267 if (wStatus == 2) status = LSCSTATUS_SUCCESS;
268 fclose(fAidMem);
269 break;
270 }
271 } else if (((rspApdu.p_data[rspApdu.len - 2] != 0x90))) {
272 /*Copy the response SW in failure case*/
273 memcpy(&gsLsExecuteResp[2], &(rspApdu.p_data[rspApdu.len - 2]), 2);
274 } else {
275 status = LSCSTATUS_FAILED;
276 }
277 }
278 phNxpEse_free(cmdApdu.p_data);
279 phNxpEse_free(rspApdu.p_data);
280 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x%x", fn, status);
281 return status;
282 }
283
284 /*******************************************************************************
285 **
286 ** Function: LSC_StoreData
287 **
288 ** Description: It is used to provide the LSC with an Unique
289 ** Identifier of the Application that has triggered the LSC
290 *script.
291 **
292 ** Returns: Success if ok.
293 **
294 *******************************************************************************/
LSC_StoreData(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info)295 LSCSTATUS LSC_StoreData(Lsc_ImageInfo_t* Os_info, LSCSTATUS status,
296 Lsc_TranscieveInfo_t* pTranscv_Info) {
297 static const char fn[] = "LSC_StoreData";
298 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
299 if (Os_info == NULL || pTranscv_Info == NULL) {
300 ALOGE("%s: Invalid parameter", fn);
301 return LSCSTATUS_FAILED;
302 }
303
304 phNxpEse_data cmdApdu;
305 phNxpEse_data rspApdu;
306 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data));
307 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data));
308 cmdApdu.len = (int32_t)(5 + sizeof(gsStoreData));
309 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t));
310
311 uint32_t xx = 0;
312 int32_t len =
313 gsStoreData[1] + 2; //+2 offset is for tag value and length byte
314 cmdApdu.p_data[xx++] = STORE_DATA_CLA | (Os_info->Channel_Info[0].channel_id);
315 cmdApdu.p_data[xx++] = STORE_DATA_INS;
316 cmdApdu.p_data[xx++] = 0x00; // P1
317 cmdApdu.p_data[xx++] = 0x00; // P2
318 cmdApdu.p_data[xx++] = len;
319 memcpy(&(cmdApdu.p_data[xx]), gsStoreData, len);
320
321 ALOGD_IF(ese_debug_enabled, "%s: Calling Secure Element Transceive", fn);
322 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu);
323
324 if ((eseStat != ESESTATUS_SUCCESS) && (rspApdu.len == 0x00)) {
325 status = LSCSTATUS_FAILED;
326 ALOGE("%s: SE transceive failed status = 0x%X", fn, status);
327 } else if ((rspApdu.p_data[rspApdu.len - 2] == 0x90) &&
328 (rspApdu.p_data[rspApdu.len - 1] == 0x00)) {
329 ALOGD_IF(ese_debug_enabled, "%s: STORE CMD is successful", fn);
330 status = LSCSTATUS_SUCCESS;
331 } else {
332 /*Copy the response SW in failure case*/
333 memcpy(&gsLsExecuteResp[2], &(rspApdu.p_data[rspApdu.len - 2]), 2);
334 status = LSCSTATUS_FAILED;
335 }
336 phNxpEse_free(cmdApdu.p_data);
337 phNxpEse_free(rspApdu.p_data);
338 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x%x", fn, status);
339 return status;
340 }
341
342 /*******************************************************************************
343 **
344 ** Function: LSC_loadapplet
345 **
346 ** Description: Reads the script from the file and sent to Lsc
347 **
348 ** Returns: Success if ok.
349 **
350 *******************************************************************************/
LSC_loadapplet(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info)351 LSCSTATUS LSC_loadapplet(Lsc_ImageInfo_t* Os_info, LSCSTATUS status,
352 Lsc_TranscieveInfo_t* pTranscv_Info) {
353 static const char fn[] = "LSC_loadapplet";
354 bool reachEOFCheck = false;
355
356 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
357 if (Os_info == NULL || pTranscv_Info == NULL) {
358 ALOGE("%s: Invalid parameter", fn);
359 return LSCSTATUS_FAILED;
360 }
361 if (Os_info->bytes_wrote == 0xAA) {
362 Os_info->fResp = fopen(Os_info->fls_RespPath, "a+");
363 if (Os_info->fResp == NULL) {
364 ALOGE("%s: Error opening response recording file <%s> for reading: %s",
365 fn, Os_info->fls_path, strerror(errno));
366 return LSCSTATUS_FAILED;
367 }
368 ALOGD_IF(ese_debug_enabled,
369 "%s: Response OUT FILE path is successfully created", fn);
370 } else {
371 ALOGD_IF(ese_debug_enabled,
372 "%s: Response Out file is optional as per input", fn);
373 }
374
375 Os_info->fp = fopen(Os_info->fls_path, "r");
376 if (Os_info->fp == NULL) {
377 ALOGE("%s: Error opening OS image file <%s> for reading: %s", fn,
378 Os_info->fls_path, strerror(errno));
379 return LSCSTATUS_FAILED;
380 }
381 int wResult = fseek(Os_info->fp, 0L, SEEK_END);
382 if (wResult) {
383 ALOGE("%s: Error seeking end OS image file %s", fn, strerror(errno));
384 goto exit;
385 }
386 Os_info->fls_size = ftell(Os_info->fp);
387 if (Os_info->fls_size < 0) {
388 ALOGE("%s: Error ftelling file %s", fn, strerror(errno));
389 goto exit;
390 }
391 wResult = fseek(Os_info->fp, 0L, SEEK_SET);
392 if (wResult) {
393 ALOGE("%s: Error seeking start image file %s", fn, strerror(errno));
394 goto exit;
395 }
396
397 Os_info->bytes_read = 0;
398 status = LSC_Check_KeyIdentifier(Os_info, status, pTranscv_Info, NULL,
399 LSCSTATUS_FAILED, 0);
400 if (status != LSCSTATUS_SUCCESS) {
401 goto exit;
402 }
403
404 uint8_t len_byte, offset;
405 while (!feof(Os_info->fp) && (Os_info->bytes_read < Os_info->fls_size)) {
406 len_byte = 0;
407 offset = 0;
408 /*Check if the certificate/ is verified or not*/
409 if (status != LSCSTATUS_SUCCESS) {
410 goto exit;
411 }
412
413 uint8_t temp_buf[1024];
414 memset(temp_buf, 0, sizeof(temp_buf));
415 status = LSC_ReadScript(Os_info, temp_buf);
416 if (status != LSCSTATUS_SUCCESS) {
417 goto exit;
418 }
419 /*Reset the flag in case further commands exists*/
420 reachEOFCheck = false;
421
422 int32_t wLen = 0;
423 LSCSTATUS tag40_found = LSCSTATUS_SUCCESS;
424 if (temp_buf[offset] == TAG_LSC_CMD_ID) {
425 /* start sending the packet to Lsc */
426 offset = offset + 1;
427 len_byte = Numof_lengthbytes(&temp_buf[offset], &wLen);
428 /* If the len data not present or len is less than or equal to 32 */
429 if ((len_byte == 0) || (wLen <= 32)) {
430 ALOGE("%s: Invalid length zero", fn);
431 goto exit;
432 }
433
434 tag40_found = LSCSTATUS_SUCCESS;
435 offset = offset + len_byte;
436 pTranscv_Info->sSendlength = wLen;
437 memcpy(pTranscv_Info->sSendData, &temp_buf[offset], wLen);
438
439 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Comm);
440 if (status != LSCSTATUS_SUCCESS) {
441 /*When the switching of LS 6320 case*/
442 if (status == LSCSTATUS_FILE_NOT_FOUND) {
443 /*When 6320 occurs close the existing channels*/
444 LSC_CloseChannel(Os_info, status, pTranscv_Info);
445
446 status = LSCSTATUS_FAILED;
447 status = LSC_OpenChannel(Os_info, status, pTranscv_Info);
448 if (status == LSCSTATUS_SUCCESS) {
449 ALOGD_IF(ese_debug_enabled,
450 "%s: SUCCESS:Post Switching LS open channel", fn);
451 status = LSCSTATUS_FAILED;
452 status = LSC_SelectLsc(Os_info, status, pTranscv_Info);
453 if (status == LSCSTATUS_SUCCESS) {
454 ALOGD_IF(ese_debug_enabled,
455 "%s: SUCCESS:Post Switching LS select", fn);
456 status = LSCSTATUS_FAILED;
457 status = LSC_StoreData(Os_info, status, pTranscv_Info);
458 if (status == LSCSTATUS_SUCCESS) {
459 /*Enable certificate and signature verification*/
460 tag40_found = LSCSTATUS_SUCCESS;
461 gsLsExecuteResp[2] = 0x90;
462 gsLsExecuteResp[3] = 0x00;
463 reachEOFCheck = true;
464 continue;
465 }
466 ALOGE("%s: Post Switching LS store data failure", fn);
467 }
468 ALOGE("%s: Post Switching LS select failure", fn);
469 }
470 ALOGE("%s: Post Switching LS failure", fn);
471 }
472 ALOGE("%s: Sending packet to lsc failed", fn);
473 goto exit;
474 }
475 } else if ((temp_buf[offset] == (0x7F)) &&
476 (temp_buf[offset + 1] == (0x21))) {
477 ALOGD_IF(ese_debug_enabled,
478 "%s: TAGID: Encountered again certificate tag 7F21", fn);
479 if (tag40_found == LSCSTATUS_SUCCESS) {
480 ALOGD_IF(ese_debug_enabled,
481 "%s: 2nd Script processing starts with reselect", fn);
482 status = LSCSTATUS_FAILED;
483 status = LSC_SelectLsc(Os_info, status, pTranscv_Info);
484 if (status == LSCSTATUS_SUCCESS) {
485 ALOGD_IF(ese_debug_enabled,
486 "%s: 2nd Script select success next store data command", fn);
487 status = LSCSTATUS_FAILED;
488 status = LSC_StoreData(Os_info, status, pTranscv_Info);
489 if (status == LSCSTATUS_SUCCESS) {
490 ALOGD_IF(ese_debug_enabled,
491 "%s: 2nd Script store data success next certificate "
492 "verification",
493 fn);
494 offset = offset + 2;
495 len_byte = Numof_lengthbytes(&temp_buf[offset], &wLen);
496 status = LSC_Check_KeyIdentifier(Os_info, status, pTranscv_Info,
497 temp_buf, LSCSTATUS_SUCCESS,
498 wLen + len_byte + 2);
499 }
500 }
501 /*If the certificate and signature is verified*/
502 if (status == LSCSTATUS_SUCCESS) {
503 /*If the certificate is verified for 6320 then new script starts*/
504 tag40_found = LSCSTATUS_FAILED;
505 } else {
506 /*If the certificate or signature verification failed*/
507 goto exit;
508 }
509 } else {
510 /*Already certificate&Sginature verified previously skip 7f21& tag 60*/
511 memset(temp_buf, 0, sizeof(temp_buf));
512 status = LSC_ReadScript(Os_info, temp_buf);
513 if (status != LSCSTATUS_SUCCESS) {
514 ALOGE("%s: Next Tag has to TAG 60 not found", fn);
515 goto exit;
516 }
517 if (temp_buf[offset] == TAG_JSBL_HDR_ID)
518 continue;
519 else
520 goto exit;
521 }
522 } else {
523 /*
524 * Invalid packet received in between stop processing packet
525 * return failed status
526 */
527 status = LSCSTATUS_FAILED;
528 break;
529 }
530 }
531 if (Os_info->bytes_wrote == 0xAA) {
532 fclose(Os_info->fResp);
533 }
534 LSC_UpdateExeStatus(LS_SUCCESS_STATUS);
535 wResult = fclose(Os_info->fp);
536 ALOGD_IF(ese_debug_enabled, "%s: exit, status=0x%x", fn, status);
537 return status;
538 exit:
539 wResult = fclose(Os_info->fp);
540 if (Os_info->bytes_wrote == 0xAA) {
541 fclose(Os_info->fResp);
542 }
543 /*Script ends with SW 6320 and reached END OF FILE*/
544 if (reachEOFCheck == true) {
545 status = LSCSTATUS_SUCCESS;
546 LSC_UpdateExeStatus(LS_SUCCESS_STATUS);
547 }
548 ALOGD_IF(ese_debug_enabled, "%s: exit; status= 0x%X", fn, status);
549 return status;
550 }
551
552 /*******************************************************************************
553 **
554 ** Function: LSC_Check_KeyIdentifier
555 **
556 ** Description: Checks and validates certificate
557 **
558 ** Returns: Success if ok.
559 **
560 *******************************************************************************/
LSC_Check_KeyIdentifier(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info,uint8_t * temp_buf,LSCSTATUS flag,int32_t wNewLen)561 LSCSTATUS LSC_Check_KeyIdentifier(Lsc_ImageInfo_t* Os_info, LSCSTATUS status,
562 Lsc_TranscieveInfo_t* pTranscv_Info,
563 uint8_t* temp_buf, LSCSTATUS flag,
564 int32_t wNewLen) {
565 static const char fn[] = "LSC_Check_KeyIdentifier";
566 status = LSCSTATUS_FAILED;
567 uint8_t read_buf[1024];
568 uint16_t offset = 0, len_byte = 0;
569 int32_t wLen;
570 uint8_t certf_found = LSCSTATUS_FAILED;
571
572 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
573
574 while (!feof(Os_info->fp) && (Os_info->bytes_read < Os_info->fls_size)) {
575 offset = 0x00;
576 wLen = 0;
577 if (flag == LSCSTATUS_SUCCESS) {
578 /*If the 7F21 TAG is already read: After TAG 40*/
579 memcpy(read_buf, temp_buf, wNewLen);
580 status = LSCSTATUS_SUCCESS;
581 flag = LSCSTATUS_FAILED;
582 } else {
583 /*If the 7F21 TAG is not read: Before TAG 40*/
584 status = LSC_ReadScript(Os_info, read_buf);
585 }
586 if (status != LSCSTATUS_SUCCESS) return status;
587 if (LSCSTATUS_SUCCESS ==
588 Check_Complete_7F21_Tag(Os_info, pTranscv_Info, read_buf, &offset)) {
589 ALOGD_IF(ese_debug_enabled, "%s: Certificate is verified", fn);
590 certf_found = LSCSTATUS_SUCCESS;
591 break;
592 }
593 /*
594 * The Loader Service Client ignores all subsequent commands starting by tag
595 * 7F21 or tag 60 until the first command starting by tag 40 is found
596 */
597 else if (((read_buf[offset] == TAG_LSC_CMD_ID) &&
598 (certf_found != LSCSTATUS_SUCCESS))) {
599 ALOGE("%s: NOT FOUND Root entity identifier's certificate", fn);
600 status = LSCSTATUS_FAILED;
601 return status;
602 }
603 }
604 memset(read_buf, 0, sizeof(read_buf));
605 if (certf_found == LSCSTATUS_SUCCESS) {
606 offset = 0x00;
607 wLen = 0;
608 status = LSC_ReadScript(Os_info, read_buf);
609 if (status != LSCSTATUS_SUCCESS) return status;
610 if ((read_buf[offset] == TAG_JSBL_HDR_ID) &&
611 (certf_found != LSCSTATUS_FAILED)) {
612 // TODO check the SElect cmd response and return status accordingly
613 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_JSBL_HDR_ID", fn);
614 offset = offset + 1;
615 len_byte = Numof_lengthbytes(&read_buf[offset], &wLen);
616 offset = offset + len_byte;
617 if (read_buf[offset] == TAG_SIGNATURE_ID) {
618 offset = offset + 1;
619 len_byte = Numof_lengthbytes(&read_buf[offset], &wLen);
620 offset = offset + len_byte;
621 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_SIGNATURE_ID", fn);
622
623 pTranscv_Info->sSendlength = wLen + 5;
624
625 pTranscv_Info->sSendData[0] = 0x00;
626 pTranscv_Info->sSendData[1] = 0xA0;
627 pTranscv_Info->sSendData[2] = 0x00;
628 pTranscv_Info->sSendData[3] = 0x00;
629 pTranscv_Info->sSendData[4] = wLen;
630
631 memcpy(&(pTranscv_Info->sSendData[5]), &read_buf[offset], wLen);
632 ALOGD_IF(ese_debug_enabled, "%s: start transceive for length %ld", fn,
633 (long)pTranscv_Info->sSendlength);
634 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Sign);
635 if (status != LSCSTATUS_SUCCESS) {
636 return status;
637 }
638 }
639 } else if (read_buf[offset] != TAG_JSBL_HDR_ID) {
640 status = LSCSTATUS_FAILED;
641 }
642 } else {
643 ALOGE("%s : Exit certificate verification failed", fn);
644 }
645
646 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status);
647 return status;
648 }
649
650 /*******************************************************************************
651 **
652 ** Function: LSC_ReadScript
653 **
654 ** Description: Reads the current line if the script
655 **
656 ** Returns: Success if ok.
657 **
658 *******************************************************************************/
LSC_ReadScript(Lsc_ImageInfo_t * Os_info,uint8_t * read_buf)659 LSCSTATUS LSC_ReadScript(Lsc_ImageInfo_t* Os_info, uint8_t* read_buf) {
660 static const char fn[] = "LSC_ReadScript";
661 int32_t wResult = 0, wCount, wIndex = 0;
662
663 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
664
665 for (wCount = 0; (wCount < 2 && !feof(Os_info->fp)); wCount++, wIndex++) {
666 wResult = FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]);
667 }
668 if (wResult == 0) return LSCSTATUS_FAILED;
669
670 Os_info->bytes_read = Os_info->bytes_read + (wCount * 2);
671
672 int32_t lenOff = 1;
673 if ((read_buf[0] == 0x7f) && (read_buf[1] == 0x21)) {
674 for (wCount = 0; (wCount < 1 && !feof(Os_info->fp)); wCount++, wIndex++) {
675 wResult =
676 FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]);
677 }
678 if (wResult == 0) {
679 ALOGE("%s: Exit Read Script failed in 7F21 ", fn);
680 return LSCSTATUS_FAILED;
681 }
682 /*Read_Script from wCount*2 to wCount*1 */
683 Os_info->bytes_read = Os_info->bytes_read + (wCount * 2);
684 lenOff = 2;
685 } else if ((read_buf[0] == 0x40) || (read_buf[0] == 0x60)) {
686 lenOff = 1;
687 } else {
688 /*If TAG is neither 7F21 nor 60 nor 40 then ABORT execution*/
689 ALOGE("%s: Invalid TAG 0x%X found in the script", fn, read_buf[0]);
690 return LSCSTATUS_FAILED;
691 }
692
693 uint8_t len_byte = 0;
694 int32_t wLen;
695 if (read_buf[lenOff] == 0x00) {
696 ALOGE("%s: Invalid length zero", fn);
697 len_byte = 0x00;
698 return LSCSTATUS_FAILED;
699 } else if ((read_buf[lenOff] & 0x80) == 0x80) {
700 len_byte = read_buf[lenOff] & 0x0F;
701 len_byte = len_byte + 1; // 1 byte added for byte 0x81
702
703 ALOGD_IF(ese_debug_enabled, "%s: Length byte Read from 0x80 is 0x%x ", fn,
704 len_byte);
705
706 if (len_byte == 0x02) {
707 for (wCount = 0; (wCount < 1 && !feof(Os_info->fp)); wCount++, wIndex++) {
708 wResult =
709 FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]);
710 }
711 if (wResult == 0) {
712 ALOGE("%s: Exit Read Script failed in length 0x02 ", fn);
713 return LSCSTATUS_FAILED;
714 }
715
716 wLen = read_buf[lenOff + 1];
717 Os_info->bytes_read = Os_info->bytes_read + (wCount * 2);
718 ALOGD_IF(ese_debug_enabled,
719 "%s: Length of Read Script in len_byte= 0x02 is 0x%x ", fn,
720 wLen);
721 } else if (len_byte == 0x03) {
722 for (wCount = 0; (wCount < 2 && !feof(Os_info->fp)); wCount++, wIndex++) {
723 wResult =
724 FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]);
725 }
726 if (wResult == 0) {
727 ALOGE("%s: Exit Read Script failed in length 0x03 ", fn);
728 return LSCSTATUS_FAILED;
729 }
730
731 Os_info->bytes_read = Os_info->bytes_read + (wCount * 2);
732 wLen = read_buf[lenOff + 1]; // Length of the packet send to LSC
733 wLen = ((wLen << 8) | (read_buf[lenOff + 2]));
734 ALOGD_IF(ese_debug_enabled,
735 "%s: Length of Read Script in len_byte= 0x03 is 0x%x ", fn,
736 wLen);
737 } else {
738 /*Need to provide the support if length is more than 2 bytes*/
739 ALOGE("Length recived is greater than 3");
740 return LSCSTATUS_FAILED;
741 }
742 } else {
743 len_byte = 0x01;
744 wLen = read_buf[lenOff];
745 ALOGE("%s: Length of Read Script in len_byte= 0x01 is 0x%x ", fn, wLen);
746 }
747
748 for (wCount = 0; (wCount < wLen && !feof(Os_info->fp)); wCount++, wIndex++) {
749 wResult = FSCANF_BYTE(Os_info->fp, "%2X", (unsigned int*)&read_buf[wIndex]);
750 }
751
752 if (wResult == 0) {
753 ALOGE("%s: Exit Read Script failed in fscanf function ", fn);
754 return LSCSTATUS_FAILED;
755 }
756 Os_info->bytes_read =
757 Os_info->bytes_read + (wCount * 2) + 1; // not sure why 2 added
758
759 ALOGD_IF(ese_debug_enabled, "%s: exit: Num of bytes read=%d and index=%d", fn,
760 Os_info->bytes_read, wIndex);
761
762 return LSCSTATUS_SUCCESS;
763 }
764
765 /*******************************************************************************
766 **
767 ** Function: LSC_SendtoEse
768 **
769 ** Description: It is used to send the packet to p61
770 **
771 ** Returns: Success if ok.
772 **
773 *******************************************************************************/
LSC_SendtoEse(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info)774 LSCSTATUS LSC_SendtoEse(Lsc_ImageInfo_t* Os_info, LSCSTATUS status,
775 Lsc_TranscieveInfo_t* pTranscv_Info) {
776 static const char fn[] = "LSC_SendtoEse";
777 bool chanl_open_cmd = false;
778
779 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
780
781 /* Bufferize_load_cmds function is implemented in JCOP */
782 status = Bufferize_load_cmds(Os_info, status, pTranscv_Info);
783 if (status != LSCSTATUS_FAILED) {
784 if (pTranscv_Info->sSendData[1] == 0x70) {
785 if (pTranscv_Info->sSendData[2] == 0x00) {
786 chanl_open_cmd = true;
787 } else {
788 for (uint8_t cnt = 0; cnt < Os_info->channel_cnt; cnt++) {
789 if (Os_info->Channel_Info[cnt].channel_id ==
790 pTranscv_Info->sSendData[3]) {
791 ALOGD_IF(ese_debug_enabled, "%s: channel 0%x closed", fn,
792 Os_info->Channel_Info[cnt].channel_id);
793 Os_info->Channel_Info[cnt].isOpend = false;
794 }
795 }
796 }
797 }
798
799 phNxpEse_data cmdApdu;
800 phNxpEse_data rspApdu;
801 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data));
802 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data));
803
804 cmdApdu.len = (int32_t)(pTranscv_Info->sSendlength);
805 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t));
806 memcpy(cmdApdu.p_data, pTranscv_Info->sSendData, cmdApdu.len);
807
808 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu);
809
810 if (eseStat != ESESTATUS_SUCCESS) {
811 ALOGE("%s: Transceive failed; status=0x%X", fn, eseStat);
812 status = LSCSTATUS_FAILED;
813 } else {
814 if (chanl_open_cmd && (rspApdu.len == 0x03) &&
815 ((rspApdu.p_data[rspApdu.len - 2] == 0x90) &&
816 (rspApdu.p_data[rspApdu.len - 1] == 0x00))) {
817 ALOGD_IF(ese_debug_enabled, "%s: open channel success", fn);
818 uint8_t cnt = Os_info->channel_cnt;
819 Os_info->Channel_Info[cnt].channel_id = rspApdu.p_data[rspApdu.len - 3];
820 Os_info->Channel_Info[cnt].isOpend = true;
821 Os_info->channel_cnt++;
822 }
823 memcpy(pTranscv_Info->sRecvData, rspApdu.p_data, rspApdu.len);
824 status = Process_EseResponse(pTranscv_Info, rspApdu.len, Os_info);
825 phNxpEse_free(cmdApdu.p_data);
826 phNxpEse_free(rspApdu.p_data);
827 }
828 } else if (gsSendBack_cmds == false) {
829 /* Workaround for issue in JCOP, send the fake response back */
830 int32_t recvBufferActualSize = 0x03;
831 pTranscv_Info->sRecvData[0] = 0x00;
832 pTranscv_Info->sRecvData[1] = 0x90;
833 pTranscv_Info->sRecvData[2] = 0x00;
834 status = Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info);
835 } else {
836 if (gsIslastcmdLoad == true) {
837 status = Send_Backall_Loadcmds(Os_info, status, pTranscv_Info);
838 gsSendBack_cmds = false;
839 } else {
840 memset(gsCmd_Buffer, 0, sizeof(gsCmd_Buffer));
841 gsSendBack_cmds = false;
842 status = LSCSTATUS_FAILED;
843 }
844 }
845
846 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status);
847 return status;
848 }
849
850 /*******************************************************************************
851 **
852 ** Function: LSC_SendtoLsc
853 **
854 ** Description: It is used to forward the packet to Lsc
855 **
856 ** Returns: Success if ok.
857 **
858 *******************************************************************************/
LSC_SendtoLsc(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info,Ls_TagType tType)859 LSCSTATUS LSC_SendtoLsc(Lsc_ImageInfo_t* Os_info, LSCSTATUS status,
860 Lsc_TranscieveInfo_t* pTranscv_Info, Ls_TagType tType) {
861 static const char fn[] = "LSC_SendtoLsc";
862
863 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
864 pTranscv_Info->sSendData[0] = (0x80 | Os_info->Channel_Info[0].channel_id);
865 pTranscv_Info->timeout = gsTransceiveTimeout;
866 pTranscv_Info->sRecvlength = 1024;
867
868 phNxpEse_data cmdApdu;
869 phNxpEse_data rspApdu;
870 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data));
871 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data));
872 cmdApdu.len = pTranscv_Info->sSendlength;
873 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t));
874 memcpy(cmdApdu.p_data, pTranscv_Info->sSendData, cmdApdu.len);
875
876 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu);
877
878 if (eseStat != ESESTATUS_SUCCESS) {
879 ALOGE("%s: Transceive failed; status=0x%X", fn, eseStat);
880 status = LSCSTATUS_FAILED;
881 } else {
882 memcpy(pTranscv_Info->sRecvData, rspApdu.p_data, rspApdu.len);
883 status = LSC_ProcessResp(Os_info, rspApdu.len, pTranscv_Info, tType);
884 }
885 phNxpEse_free(cmdApdu.p_data);
886 phNxpEse_free(rspApdu.p_data);
887 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status);
888 return status;
889 }
890
891 /*******************************************************************************
892 **
893 ** Function: LSC_CloseChannel
894 **
895 ** Description: Closes the previously opened logical channel
896 **
897 ** Returns: Success if ok.
898 **
899 *******************************************************************************/
LSC_CloseChannel(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info)900 LSCSTATUS LSC_CloseChannel(Lsc_ImageInfo_t* Os_info, LSCSTATUS status,
901 Lsc_TranscieveInfo_t* pTranscv_Info) {
902 static const char fn[] = "LSC_CloseChannel";
903 status = LSCSTATUS_FAILED;
904
905 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
906
907 if (Os_info == NULL || pTranscv_Info == NULL) {
908 ALOGE("%s: Invalid parameter", fn);
909 return LSCSTATUS_FAILED;
910 }
911 for (uint8_t cnt = 0; (cnt < Os_info->channel_cnt); cnt++) {
912 phNxpEse_data cmdApdu;
913 phNxpEse_data rspApdu;
914
915 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data));
916 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data));
917
918 cmdApdu.len = 5;
919 cmdApdu.p_data = (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t));
920 if (!Os_info->Channel_Info[cnt].isOpend) continue;
921 uint8_t xx = 0;
922 cmdApdu.p_data[xx++] = Os_info->Channel_Info[cnt].channel_id;
923 cmdApdu.p_data[xx++] = 0x70;
924 cmdApdu.p_data[xx++] = 0x80;
925 cmdApdu.p_data[xx++] = Os_info->Channel_Info[cnt].channel_id;
926 cmdApdu.p_data[xx++] = 0x00;
927
928 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu);
929
930 if (eseStat != ESESTATUS_SUCCESS || rspApdu.len < 2) {
931 ALOGD_IF(ese_debug_enabled, "%s: Transceive failed; status=0x%X", fn,
932 eseStat);
933 } else if ((rspApdu.p_data[rspApdu.len - 2] == 0x90) &&
934 (rspApdu.p_data[rspApdu.len - 1] == 0x00)) {
935 ALOGD_IF(ese_debug_enabled, "%s: Close channel id = 0x0%x success", fn,
936 Os_info->Channel_Info[cnt].channel_id);
937 status = LSCSTATUS_SUCCESS;
938 } else {
939 ALOGD_IF(ese_debug_enabled, "%s: Close channel id = 0x0%x failed", fn,
940 Os_info->Channel_Info[cnt].channel_id);
941 }
942 phNxpEse_free(cmdApdu.p_data);
943 phNxpEse_free(rspApdu.p_data);
944 }
945 ALOGD_IF(ese_debug_enabled, "%s: exit; status=0x0%x", fn, status);
946 return status;
947 }
948
949 /*******************************************************************************
950 **
951 ** Function: LSC_ProcessResp
952 **
953 ** Description: Process the response packet received from Lsc
954 **
955 ** Returns: Success if ok.
956 **
957 *******************************************************************************/
LSC_ProcessResp(Lsc_ImageInfo_t * image_info,int32_t recvlen,Lsc_TranscieveInfo_t * trans_info,Ls_TagType tType)958 LSCSTATUS LSC_ProcessResp(Lsc_ImageInfo_t* image_info, int32_t recvlen,
959 Lsc_TranscieveInfo_t* trans_info, Ls_TagType tType) {
960 static const char fn[] = "LSC_ProcessResp";
961 uint8_t* RecvData = trans_info->sRecvData;
962
963 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
964
965 if (RecvData == NULL && recvlen == 0x00) {
966 ALOGE("%s: Invalid parameter.", fn);
967 return LSCSTATUS_FAILED;
968 } else if (recvlen < 2) {
969 ALOGE("%s: Invalid response.", fn);
970 return LSCSTATUS_FAILED;
971 }
972
973 char sw[2];
974 sw[0] = RecvData[recvlen - 2];
975 sw[1] = RecvData[recvlen - 1];
976 ALOGD_IF(ese_debug_enabled, "%s: Process Response SW, status = 0x%2X%2X", fn,
977 sw[0], sw[1]);
978
979 /*Update the Global variable for storing response length*/
980 gsResp_len = recvlen;
981 if (sw[0] != 0x63) {
982 gsLsExecuteResp[2] = sw[0];
983 gsLsExecuteResp[3] = sw[1];
984 }
985
986 LSCSTATUS status = LSCSTATUS_FAILED;
987 if ((recvlen == 0x02) && (sw[0] == 0x90) && (sw[1] == 0x00)) {
988 status = Write_Response_To_OutFile(image_info, RecvData, recvlen, tType);
989 } else if ((recvlen > 0x02) && (sw[0] == 0x90) && (sw[1] == 0x00)) {
990 status = Write_Response_To_OutFile(image_info, RecvData, recvlen, tType);
991 } else if ((recvlen > 0x02) && (sw[0] == 0x63) && (sw[1] == 0x10)) {
992 static int32_t temp_len = 0;
993 if (temp_len != 0) {
994 memcpy((trans_info->sTemp_recvbuf + temp_len), RecvData, (recvlen - 2));
995 trans_info->sSendlength = temp_len + (recvlen - 2);
996 memcpy(trans_info->sSendData, trans_info->sTemp_recvbuf,
997 trans_info->sSendlength);
998 temp_len = 0;
999 } else {
1000 memcpy(trans_info->sSendData, RecvData, (recvlen - 2));
1001 trans_info->sSendlength = recvlen - 2;
1002 }
1003 status = LSC_SendtoEse(image_info, status, trans_info);
1004 } else if ((recvlen > 0x02) && (sw[0] == 0x63) && (sw[1] == 0x20)) {
1005 uint8_t aid_array[22];
1006 aid_array[0] = recvlen + 3;
1007 aid_array[1] = 00;
1008 aid_array[2] = 0xA4;
1009 aid_array[3] = 0x04;
1010 aid_array[4] = 0x00;
1011 aid_array[5] = recvlen - 2;
1012 memcpy(&aid_array[6], &RecvData[0], recvlen - 2);
1013 memcpy(&ArrayOfAIDs[2][0], &aid_array[0], recvlen + 4);
1014
1015 FILE* fAidMem = fopen(AID_MEM_PATH, "w");
1016
1017 if (fAidMem == NULL) {
1018 ALOGE("%s: Error opening AID data for writing: %s", fn, strerror(errno));
1019 return LSCSTATUS_FAILED;
1020 }
1021
1022 /*Updating the AID_MEM with new value into AID file*/
1023 uint8_t respLen = 0;
1024 int32_t wStatus = 0;
1025 while (respLen <= (recvlen + 4)) {
1026 wStatus = fprintf(fAidMem, "%2x", aid_array[respLen++]);
1027 if (wStatus != 2) {
1028 ALOGE("%s: Invalid Response during fprintf; status=0x%x", fn, wStatus);
1029 fclose(fAidMem);
1030 break;
1031 }
1032 }
1033 if (wStatus == 2) {
1034 status = LSCSTATUS_FILE_NOT_FOUND;
1035 } else {
1036 status = LSCSTATUS_FAILED;
1037 }
1038 } else if ((recvlen >= 0x02) &&
1039 ((sw[0] != 0x90) && (sw[0] != 0x63) && (sw[0] != 0x61))) {
1040 Write_Response_To_OutFile(image_info, RecvData, recvlen, tType);
1041 }
1042 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status);
1043 return status;
1044 }
1045
1046 /*******************************************************************************
1047 **
1048 ** Function: Process_EseResponse
1049 **
1050 ** Description: It is used to process the received response packet from ESE
1051 **
1052 ** Returns: Success if ok.
1053 **
1054 *******************************************************************************/
Process_EseResponse(Lsc_TranscieveInfo_t * pTranscv_Info,int32_t recv_len,Lsc_ImageInfo_t * Os_info)1055 LSCSTATUS Process_EseResponse(Lsc_TranscieveInfo_t* pTranscv_Info,
1056 int32_t recv_len, Lsc_ImageInfo_t* Os_info) {
1057 static const char fn[] = "Process_EseResponse";
1058 LSCSTATUS status = LSCSTATUS_SUCCESS;
1059 uint8_t xx = 0;
1060 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
1061
1062 pTranscv_Info->sSendData[xx++] =
1063 (CLA_BYTE | Os_info->Channel_Info[0].channel_id);
1064 pTranscv_Info->sSendData[xx++] = 0xA2;
1065
1066 if (recv_len <= 0xFF) {
1067 pTranscv_Info->sSendData[xx++] = 0x80;
1068 pTranscv_Info->sSendData[xx++] = 0x00;
1069 pTranscv_Info->sSendData[xx++] = (uint8_t)recv_len;
1070 memcpy(&(pTranscv_Info->sSendData[xx]), pTranscv_Info->sRecvData, recv_len);
1071 pTranscv_Info->sSendlength = xx + recv_len;
1072 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Comm);
1073 } else {
1074 while (recv_len > MAX_SIZE) {
1075 xx = PARAM_P1_OFFSET;
1076 pTranscv_Info->sSendData[xx++] = 0x00;
1077 pTranscv_Info->sSendData[xx++] = 0x00;
1078 pTranscv_Info->sSendData[xx++] = MAX_SIZE;
1079 recv_len = recv_len - MAX_SIZE;
1080 memcpy(&(pTranscv_Info->sSendData[xx]), pTranscv_Info->sRecvData,
1081 MAX_SIZE);
1082 pTranscv_Info->sSendlength = xx + MAX_SIZE;
1083 /*
1084 * Need not store Process eSE response's response in the out file so
1085 * LS_Comm = 0
1086 */
1087 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Comm);
1088 if (status != LSCSTATUS_SUCCESS) {
1089 ALOGE("%s: Sending packet to Lsc failed: status=0x%x", fn, status);
1090 return status;
1091 }
1092 }
1093 xx = PARAM_P1_OFFSET;
1094 pTranscv_Info->sSendData[xx++] = LAST_BLOCK;
1095 pTranscv_Info->sSendData[xx++] = 0x01;
1096 pTranscv_Info->sSendData[xx++] = recv_len;
1097 memcpy(&(pTranscv_Info->sSendData[xx]), pTranscv_Info->sRecvData, recv_len);
1098 pTranscv_Info->sSendlength = xx + recv_len;
1099 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Comm);
1100 }
1101 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status);
1102 return status;
1103 }
1104
1105 /*******************************************************************************
1106 **
1107 ** Function: Process_SelectRsp
1108 **
1109 ** Description: It is used to process the received response for SELECT LSC
1110 ** cmd.
1111 **
1112 ** Returns: Success if ok.
1113 **
1114 *******************************************************************************/
Process_SelectRsp(uint8_t * Recv_data,int32_t Recv_len)1115 LSCSTATUS Process_SelectRsp(uint8_t* Recv_data, int32_t Recv_len) {
1116 static const char fn[] = "Process_SelectRsp";
1117 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
1118
1119 if (Recv_len < 2) {
1120 ALOGE("%s: Invalid response length %d", fn, Recv_len);
1121 return LSCSTATUS_FAILED;
1122 }
1123
1124 int i = 0;
1125 if (Recv_data[i] != TAG_SELECT_ID) {
1126 ALOGE("%s: Invalid FCI TAG = 0x%x", fn, Recv_data[i]);
1127 return LSCSTATUS_FAILED;
1128 }
1129 i++;
1130 int len = Recv_data[i++];
1131 if (Recv_len < len + 2) {
1132 ALOGE("%s: Invalid response length %d", fn, Recv_len);
1133 return LSCSTATUS_FAILED;
1134 }
1135 if (Recv_data[i] != TAG_LSC_ID) {
1136 ALOGE("%s: Invalid Loader Service AID TAG ID = 0x%x", fn, Recv_data[i]);
1137 return LSCSTATUS_FAILED;
1138 }
1139 i++;
1140 len = Recv_data[i];
1141 i = i + 1 + len; // points to next tag name A5
1142 // points to TAG 9F08 for LS application version
1143 if ((Recv_data[i] != TAG_LS_VER1) || (Recv_data[i + 1] != TAG_LS_VER2)) {
1144 ALOGE("%s: Invalid LS Version = 0x%2X%2X", fn, Recv_data[i],
1145 Recv_data[i + 1]);
1146 return LSCSTATUS_FAILED;
1147 }
1148 uint8_t lsaVersionLen = 0;
1149 i = i + 2;
1150 lsaVersionLen = Recv_data[i];
1151 // points to TAG 9F08 LS application version
1152 i++;
1153 // points to Identifier of the Root Entity key set identifier
1154 i = i + lsaVersionLen;
1155
1156 if (Recv_data[i] != TAG_RE_KEYID) {
1157 ALOGE("%s: Invalid Root entity key set TAG ID = 0x%x", fn, Recv_data[i]);
1158 return LSCSTATUS_FAILED;
1159 }
1160
1161 i = i + 2;
1162 if (Recv_data[i] != TAG_LSRE_ID) {
1163 ALOGE("%s: Invalid Root entity for TAG 42 = 0x%x", fn, Recv_data[i]);
1164 return LSCSTATUS_FAILED;
1165 }
1166 i++;
1167 uint8_t tag42Len = Recv_data[i];
1168 // copy the data including length
1169 memcpy(gsTag42Arr, &Recv_data[i], tag42Len + 1);
1170 i = i + tag42Len + 1;
1171 ALOGD_IF(ese_debug_enabled, "%s: gsTag42Arr %s", fn, gsTag42Arr);
1172 if (Recv_data[i] != TAG_LSRE_SIGNID) {
1173 ALOGE("%s: Invalid Root entity for TAG 45 = 0x%x", fn, Recv_data[i]);
1174 return LSCSTATUS_FAILED;
1175 }
1176 uint8_t tag45Len = Recv_data[i + 1];
1177 memcpy(gsTag45Arr, &Recv_data[i + 1], tag45Len + 1);
1178 ALOGD_IF(ese_debug_enabled, "%s: Exiting", fn);
1179 return LSCSTATUS_SUCCESS;
1180 }
1181
Bufferize_load_cmds(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info)1182 LSCSTATUS Bufferize_load_cmds(__attribute__((unused)) Lsc_ImageInfo_t* Os_info,
1183 __attribute__((unused)) LSCSTATUS status,
1184 Lsc_TranscieveInfo_t* pTranscv_Info) {
1185 static const char fn[] = "Bufferize_load_cmds";
1186
1187 if (gsCmd_count == 0x00) {
1188 if ((pTranscv_Info->sSendData[1] == INSTAL_LOAD_ID) &&
1189 (pTranscv_Info->sSendData[2] == PARAM_P1_OFFSET) &&
1190 (pTranscv_Info->sSendData[3] == 0x00)) {
1191 ALOGD_IF(ese_debug_enabled, "%s: BUffer: install for load", fn);
1192 gspBuffer[0] = pTranscv_Info->sSendlength;
1193 memcpy(&gspBuffer[1], &(pTranscv_Info->sSendData[0]),
1194 pTranscv_Info->sSendlength);
1195 gspBuffer = gspBuffer + pTranscv_Info->sSendlength + 1;
1196 gsCmd_count++;
1197 return LSCSTATUS_FAILED;
1198 }
1199 /* Do not buffer this cmd, Send to eSE */
1200 return LSCSTATUS_SUCCESS;
1201 } else {
1202 uint8_t Param_P2 = gsCmd_count - 1;
1203 if ((pTranscv_Info->sSendData[1] == LOAD_CMD_ID) &&
1204 (pTranscv_Info->sSendData[2] == LOAD_MORE_BLOCKS) &&
1205 (pTranscv_Info->sSendData[3] == Param_P2)) {
1206 ALOGD_IF(ese_debug_enabled, "%s: BUffer: load", fn);
1207 gspBuffer[0] = pTranscv_Info->sSendlength;
1208 memcpy(&gspBuffer[1], &(pTranscv_Info->sSendData[0]),
1209 pTranscv_Info->sSendlength);
1210 gspBuffer = gspBuffer + pTranscv_Info->sSendlength + 1;
1211 gsCmd_count++;
1212 } else if ((pTranscv_Info->sSendData[1] == LOAD_CMD_ID) &&
1213 (pTranscv_Info->sSendData[2] == LOAD_LAST_BLOCK) &&
1214 (pTranscv_Info->sSendData[3] == Param_P2)) {
1215 ALOGD_IF(ese_debug_enabled, "%s: BUffer: last load", fn);
1216 gsSendBack_cmds = true;
1217 gspBuffer[0] = pTranscv_Info->sSendlength;
1218 memcpy(&gspBuffer[1], &(pTranscv_Info->sSendData[0]),
1219 pTranscv_Info->sSendlength);
1220 gspBuffer = gspBuffer + pTranscv_Info->sSendlength + 1;
1221 gsCmd_count++;
1222 gsIslastcmdLoad = true;
1223 } else {
1224 ALOGD_IF(ese_debug_enabled, "%s: BUffer: Not a load cmd", fn);
1225 gsSendBack_cmds = true;
1226 gspBuffer[0] = pTranscv_Info->sSendlength;
1227 memcpy(&gspBuffer[1], &(pTranscv_Info->sSendData[0]),
1228 pTranscv_Info->sSendlength);
1229 gspBuffer = gspBuffer + pTranscv_Info->sSendlength + 1;
1230 gsIslastcmdLoad = false;
1231 gsCmd_count++;
1232 }
1233 }
1234 ALOGD_IF(ese_debug_enabled, "%s: exit", fn);
1235 return LSCSTATUS_FAILED;
1236 }
1237
Send_Backall_Loadcmds(Lsc_ImageInfo_t * Os_info,LSCSTATUS status,Lsc_TranscieveInfo_t * pTranscv_Info)1238 LSCSTATUS Send_Backall_Loadcmds(Lsc_ImageInfo_t* Os_info, LSCSTATUS status,
1239 Lsc_TranscieveInfo_t* pTranscv_Info) {
1240 static const char fn[] = "Send_Backall_Loadcmds";
1241 status = LSCSTATUS_FAILED;
1242
1243 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
1244 gspBuffer = gsCmd_Buffer; // Points to start of first cmd to send
1245 if (gsCmd_count == 0x00) {
1246 ALOGD_IF(ese_debug_enabled, "%s: No cmds stored to send to eSE", fn);
1247 } else {
1248 while (gsCmd_count-- > 0) {
1249 phNxpEse_data cmdApdu;
1250 phNxpEse_data rspApdu;
1251 phNxpEse_memset(&cmdApdu, 0x00, sizeof(phNxpEse_data));
1252 phNxpEse_memset(&rspApdu, 0x00, sizeof(phNxpEse_data));
1253
1254 cmdApdu.len = (int32_t)(gspBuffer[0]);
1255 cmdApdu.p_data =
1256 (uint8_t*)phNxpEse_memalloc(cmdApdu.len * sizeof(uint8_t));
1257 gspBuffer = gspBuffer + 1 + cmdApdu.len;
1258
1259 memcpy(cmdApdu.p_data, &gspBuffer[1], cmdApdu.len);
1260
1261 ESESTATUS eseStat = phNxpEse_Transceive(&cmdApdu, &rspApdu);
1262 memcpy(pTranscv_Info->sRecvData, rspApdu.p_data, rspApdu.len);
1263 int32_t recvBufferActualSize = rspApdu.len;
1264 phNxpEse_free(cmdApdu.p_data);
1265 phNxpEse_free(rspApdu.p_data);
1266
1267 if (eseStat != LSCSTATUS_SUCCESS || (recvBufferActualSize < 2)) {
1268 ALOGE("%s: Transceive failed; status=0x%X", fn, eseStat);
1269 } else if (gsCmd_count == 0x00) {
1270 // Last command in the buffer
1271 if (gsIslastcmdLoad == false) {
1272 status =
1273 Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info);
1274 } else if ((recvBufferActualSize == 0x02) &&
1275 (pTranscv_Info->sRecvData[recvBufferActualSize - 2] ==
1276 0x90) &&
1277 (pTranscv_Info->sRecvData[recvBufferActualSize - 1] ==
1278 0x00)) {
1279 recvBufferActualSize = 0x03;
1280 pTranscv_Info->sRecvData[0] = 0x00;
1281 pTranscv_Info->sRecvData[1] = 0x90;
1282 pTranscv_Info->sRecvData[2] = 0x00;
1283 status =
1284 Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info);
1285 } else {
1286 status =
1287 Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info);
1288 }
1289 } else if ((recvBufferActualSize == 0x02) &&
1290 (pTranscv_Info->sRecvData[0] == 0x90) &&
1291 (pTranscv_Info->sRecvData[1] == 0x00)) {
1292 /*response ok without data, send next command in the buffer*/
1293 } else if ((recvBufferActualSize == 0x03) &&
1294 (pTranscv_Info->sRecvData[0] == 0x00) &&
1295 (pTranscv_Info->sRecvData[1] == 0x90) &&
1296 (pTranscv_Info->sRecvData[2] == 0x00)) {
1297 /*response ok without data, send next command in the buffer*/
1298 } else if ((pTranscv_Info->sRecvData[recvBufferActualSize - 2] != 0x90) &&
1299 (pTranscv_Info->sRecvData[recvBufferActualSize - 1] != 0x00)) {
1300 /*Error condition hence exiting the loop*/
1301 status =
1302 Process_EseResponse(pTranscv_Info, recvBufferActualSize, Os_info);
1303 /*If the sending of Load fails reset the count*/
1304 gsCmd_count = 0;
1305 break;
1306 }
1307 }
1308 }
1309 memset(gsCmd_Buffer, 0, sizeof(gsCmd_Buffer));
1310 gspBuffer = gsCmd_Buffer; // point back to start of line
1311 gsCmd_count = 0x00;
1312 ALOGD_IF(ese_debug_enabled, "%s: exit: status=0x%x", fn, status);
1313 return status;
1314 }
1315 /*******************************************************************************
1316 **
1317 ** Function: Numof_lengthbytes
1318 **
1319 ** Description: Checks the number of length bytes and assigns
1320 ** length value to wLen.
1321 **
1322 ** Returns: Number of Length bytes
1323 **
1324 *******************************************************************************/
Numof_lengthbytes(uint8_t * read_buf,int32_t * pLen)1325 uint8_t Numof_lengthbytes(uint8_t* read_buf, int32_t* pLen) {
1326 static const char fn[] = "Numof_lengthbytes";
1327 uint8_t len_byte = 0;
1328 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
1329
1330 if (read_buf[0] == 0x00) {
1331 ALOGE("%s: Invalid length zero", fn);
1332 len_byte = 0x00;
1333 } else if ((read_buf[0] & 0x80) == 0x80) {
1334 len_byte = read_buf[0] & 0x0F;
1335 len_byte = len_byte + 1; // 1 byte added for byte 0x81
1336 } else {
1337 len_byte = 0x01;
1338 }
1339
1340 /* To get the length of the value field */
1341 int32_t wLen = 0;
1342 switch (len_byte) {
1343 case 0:
1344 wLen = read_buf[0];
1345 break;
1346 case 1:
1347 /*1st byte is the length*/
1348 wLen = read_buf[0];
1349 break;
1350 case 2:
1351 /*2nd byte is the length*/
1352 wLen = read_buf[1];
1353 break;
1354 case 3:
1355 /*1st and 2nd bytes are length*/
1356 wLen = read_buf[1];
1357 wLen = ((wLen << 8) | (read_buf[2]));
1358 break;
1359 case 4:
1360 /*3bytes are the length*/
1361 wLen = read_buf[1];
1362 wLen = ((wLen << 16) | (read_buf[2] << 8));
1363 wLen = (wLen | (read_buf[3]));
1364 break;
1365 default:
1366 ALOGE("%s: Invalid length %d.", fn, len_byte);
1367 break;
1368 }
1369
1370 *pLen = wLen;
1371 ALOGD_IF(ese_debug_enabled, "%s: exit; len_bytes=0x0%x, Length=%d", fn,
1372 len_byte, *pLen);
1373 return len_byte;
1374 }
1375
1376 /*******************************************************************************
1377 **
1378 ** Function: Write_Response_To_OutFile
1379 **
1380 ** Description: Write the response to Out file
1381 ** with length recvlen from buffer RecvData.
1382 **
1383 ** Returns: Success if OK
1384 **
1385 *******************************************************************************/
Write_Response_To_OutFile(Lsc_ImageInfo_t * image_info,uint8_t * RecvData,int32_t recvlen,Ls_TagType tType)1386 LSCSTATUS Write_Response_To_OutFile(Lsc_ImageInfo_t* image_info,
1387 uint8_t* RecvData, int32_t recvlen,
1388 Ls_TagType tType) {
1389 static const char fn[] = "Write_Response_to_OutFile";
1390
1391 ALOGD_IF(ese_debug_enabled, "%s: Enter", fn);
1392 /*If the Response out file is NULL or Other than LS commands*/
1393 if ((image_info->bytes_wrote == 0x55) || (tType == LS_Default)) {
1394 return LSCSTATUS_SUCCESS;
1395 }
1396
1397 uint8_t tag43Len = 1;
1398 /*Certificate TAG occupies 2 bytes*/
1399 if (tType == LS_Cert) {
1400 tag43Len = 2;
1401 }
1402
1403 /* |TAG|LEN| VAL |
1404 * |61 |XX |TAG|LEN| VAL |TAG| LEN | VAL |
1405 * |43 |1/2|7F21/60/40|44 |apduRespLen|apduResponse|
1406 */
1407 int32_t tag44Len = 0;
1408 uint8_t ucTag44[3] = {0x00, 0x00, 0x00};
1409 int32_t tag61Len = 0;
1410 uint8_t tag43off = 0;
1411 uint8_t tag44off = 0;
1412 uint8_t tagLen = 0;
1413 uint8_t tagBuffer[12] = {0x61, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
1414 if (recvlen < 0x80) {
1415 tag44Len = 1;
1416 ucTag44[0] = recvlen;
1417 tag61Len = recvlen + 4 + tag43Len;
1418
1419 if (tag61Len & 0x80) {
1420 tagBuffer[1] = 0x81;
1421 tagBuffer[2] = tag61Len;
1422 tag43off = 3;
1423 tag44off = 5 + tag43Len;
1424 tagLen = tag44off + 2;
1425 } else {
1426 tagBuffer[1] = tag61Len;
1427 tag43off = 2;
1428 tag44off = 4 + tag43Len;
1429 tagLen = tag44off + 2;
1430 }
1431 } else if ((recvlen >= 0x80) && (recvlen <= 0xFF)) {
1432 ucTag44[0] = 0x81;
1433 ucTag44[1] = recvlen;
1434 tag61Len = recvlen + 5 + tag43Len;
1435 tag44Len = 2;
1436
1437 if ((tag61Len & 0xFF00) != 0) {
1438 tagBuffer[1] = 0x82;
1439 tagBuffer[2] = (tag61Len & 0xFF00) >> 8;
1440 tagBuffer[3] = (tag61Len & 0xFF);
1441 tag43off = 4;
1442 tag44off = 6 + tag43Len;
1443 tagLen = tag44off + 3;
1444 } else {
1445 tagBuffer[1] = 0x81;
1446 tagBuffer[2] = (tag61Len & 0xFF);
1447 tag43off = 3;
1448 tag44off = 5 + tag43Len;
1449 tagLen = tag44off + 3;
1450 }
1451 } else if ((recvlen > 0xFF) && (recvlen <= 0xFFFF)) {
1452 ucTag44[0] = 0x82;
1453 ucTag44[1] = (recvlen & 0xFF00) >> 8;
1454 ucTag44[2] = (recvlen & 0xFF);
1455 tag44Len = 3;
1456
1457 tag61Len = recvlen + 6 + tag43Len;
1458
1459 if ((tag61Len & 0xFF00) != 0) {
1460 tagBuffer[1] = 0x82;
1461 tagBuffer[2] = (tag61Len & 0xFF00) >> 8;
1462 tagBuffer[3] = (tag61Len & 0xFF);
1463 tag43off = 4;
1464 tag44off = 6 + tag43Len;
1465 tagLen = tag44off + 4;
1466 }
1467 }
1468 tagBuffer[tag43off] = 0x43;
1469 tagBuffer[tag43off + 1] = tag43Len;
1470 tagBuffer[tag44off] = 0x44;
1471 memcpy(&tagBuffer[tag44off + 1], &ucTag44[0], tag44Len);
1472
1473 if (tType == LS_Cert) {
1474 tagBuffer[tag43off + 2] = 0x7F;
1475 tagBuffer[tag43off + 3] = 0x21;
1476 } else if (tType == LS_Sign) {
1477 tagBuffer[tag43off + 2] = 0x60;
1478 } else if (tType == LS_Comm) {
1479 tagBuffer[tag43off + 2] = 0x40;
1480 } else {
1481 /*Do nothing*/
1482 }
1483
1484 uint8_t tempLen = 0;
1485 LSCSTATUS wStatus = LSCSTATUS_FAILED;
1486 int32_t status = 0;
1487 while (tempLen < tagLen) {
1488 status = fprintf(image_info->fResp, "%02X", tagBuffer[tempLen++]);
1489 if (status != 2) {
1490 ALOGE("%s: Invalid Response during fprintf; status=0x%x", fn, (status));
1491 wStatus = LSCSTATUS_FAILED;
1492 break;
1493 }
1494 }
1495 /*Updating the response data into out script*/
1496 int32_t respLen = 0;
1497 while (respLen < recvlen) {
1498 status = fprintf(image_info->fResp, "%02X", RecvData[respLen++]);
1499 if (status != 2) {
1500 ALOGE("%s: Invalid Response during fprintf; status=0x%x", fn, (status));
1501 wStatus = LSCSTATUS_FAILED;
1502 break;
1503 }
1504 }
1505 if (status == 2) {
1506 fprintf(image_info->fResp, "%s\n", "");
1507 ALOGD_IF(ese_debug_enabled,
1508 "%s: SUCCESS Response written to script out file", fn);
1509 wStatus = LSCSTATUS_SUCCESS;
1510 }
1511 fflush(image_info->fResp);
1512 return wStatus;
1513 }
1514
1515 /*******************************************************************************
1516 **
1517 ** Function: Check_Certificate_Tag
1518 **
1519 ** Description: Check certificate Tag presence in script
1520 ** by 7F21 .
1521 **
1522 ** Returns: Success if Tag found
1523 **
1524 *******************************************************************************/
Check_Certificate_Tag(uint8_t * read_buf,uint16_t * offset1)1525 LSCSTATUS Check_Certificate_Tag(uint8_t* read_buf, uint16_t* offset1) {
1526 static const char fn[] = "Check_Certificate_Tag";
1527 uint16_t offset = *offset1;
1528
1529 if (((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_CERTIFICATE)) {
1530 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_CERTIFICATE", fn);
1531 int32_t wLen;
1532 offset = offset + 2;
1533 uint16_t len_byte = Numof_lengthbytes(&read_buf[offset], &wLen);
1534 offset = offset + len_byte;
1535 *offset1 = offset;
1536 if (wLen <= MAX_CERT_LEN) return LSCSTATUS_SUCCESS;
1537 }
1538 return LSCSTATUS_FAILED;
1539 }
1540
1541 /*******************************************************************************
1542 **
1543 ** Function: Check_SerialNo_Tag
1544 **
1545 ** Description: Check Serial number Tag presence in script
1546 ** by 0x93 .
1547 **
1548 ** Returns: Success if Tag found
1549 **
1550 *******************************************************************************/
Check_SerialNo_Tag(uint8_t * read_buf,uint16_t * offset1)1551 LSCSTATUS Check_SerialNo_Tag(uint8_t* read_buf, uint16_t* offset1) {
1552 static const char fn[] = "Check_SerialNo_Tag";
1553 uint16_t offset = *offset1;
1554
1555 if (read_buf[offset] == TAG_SERIAL_NO) {
1556 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_SERIAL_NO", fn);
1557 uint8_t serNoLen = read_buf[offset + 1];
1558 offset = offset + serNoLen + 2;
1559 *offset1 = offset;
1560 ALOGD_IF(ese_debug_enabled, "%s: TAG_LSROOT_ENTITY is %x", fn,
1561 read_buf[offset]);
1562 return LSCSTATUS_SUCCESS;
1563 }
1564 return LSCSTATUS_FAILED;
1565 }
1566
1567 /*******************************************************************************
1568 **
1569 ** Function: Check_LSRootID_Tag
1570 **
1571 ** Description: Check LS root ID tag presence in script and compare with
1572 ** select response root ID value.
1573 **
1574 ** Returns: Success if Tag found
1575 **
1576 *******************************************************************************/
Check_LSRootID_Tag(uint8_t * read_buf,uint16_t * offset1)1577 LSCSTATUS Check_LSRootID_Tag(uint8_t* read_buf, uint16_t* offset1) {
1578 static const char fn[] = "Check_LSRootID_Tag";
1579 uint16_t offset = *offset1;
1580
1581 if (read_buf[offset] == TAG_LSRE_ID) {
1582 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_LSROOT_ENTITY", fn);
1583 if (gsTag42Arr[0] == read_buf[offset + 1]) {
1584 uint8_t tag42Len = read_buf[offset + 1];
1585 offset = offset + 2;
1586 if (!memcmp(&read_buf[offset], &gsTag42Arr[1], gsTag42Arr[0])) {
1587 ALOGD_IF(ese_debug_enabled, "%s : TAG 42 verified", fn);
1588 offset = offset + tag42Len;
1589 *offset1 = offset;
1590 return LSCSTATUS_SUCCESS;
1591 }
1592 }
1593 }
1594 return LSCSTATUS_FAILED;
1595 }
1596
1597 /*******************************************************************************
1598 **
1599 ** Function: Check_CertHoldID_Tag
1600 **
1601 ** Description: Check certificate holder ID tag presence in script.
1602 **
1603 ** Returns: Success if Tag found
1604 **
1605 *******************************************************************************/
Check_CertHoldID_Tag(uint8_t * read_buf,uint16_t * offset1)1606 LSCSTATUS Check_CertHoldID_Tag(uint8_t* read_buf, uint16_t* offset1) {
1607 static const char fn[] = "Check_CertHoldID_Tag";
1608 uint16_t offset = *offset1;
1609
1610 if ((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_CERTFHOLD_ID) {
1611 uint8_t certfHoldIDLen = 0;
1612 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_CERTFHOLD_ID", fn);
1613 certfHoldIDLen = read_buf[offset + 2];
1614 offset = offset + certfHoldIDLen + 3;
1615 if (read_buf[offset] == TAG_KEY_USAGE) {
1616 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_KEY_USAGE", fn);
1617 uint8_t keyusgLen = read_buf[offset + 1];
1618 offset = offset + keyusgLen + 2;
1619 *offset1 = offset;
1620 return LSCSTATUS_SUCCESS;
1621 }
1622 }
1623 return LSCSTATUS_FAILED;
1624 }
1625
1626 /*******************************************************************************
1627 **
1628 ** Function: Check_Date_Tag
1629 **
1630 ** Description: Check date tags presence in script.
1631 **
1632 ** Returns: Success if Tag found
1633 **
1634 *******************************************************************************/
Check_Date_Tag(uint8_t * read_buf,uint16_t * offset1)1635 LSCSTATUS Check_Date_Tag(uint8_t* read_buf, uint16_t* offset1) {
1636 static const char fn[] = "Check_Date_Tag";
1637 LSCSTATUS status = LSCSTATUS_FAILED;
1638 uint16_t offset = *offset1;
1639
1640 if ((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_EFF_DATE) {
1641 uint8_t effDateLen = read_buf[offset + 2];
1642 offset = offset + 3 + effDateLen;
1643 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_EFF_DATE", fn);
1644 if ((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_EXP_DATE) {
1645 uint8_t effExpLen = read_buf[offset + 2];
1646 offset = offset + 3 + effExpLen;
1647 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_EXP_DATE", fn);
1648 status = LSCSTATUS_SUCCESS;
1649 } else if (read_buf[offset] == TAG_LSRE_SIGNID) {
1650 status = LSCSTATUS_SUCCESS;
1651 }
1652 } else if ((read_buf[offset] << 8 | read_buf[offset + 1]) == TAG_EXP_DATE) {
1653 uint8_t effExpLen = read_buf[offset + 2];
1654 offset = offset + 3 + effExpLen;
1655 ALOGD_IF(ese_debug_enabled, "%s: TAGID: TAG_EXP_DATE", fn);
1656 status = LSCSTATUS_SUCCESS;
1657 } else if (read_buf[offset] == TAG_LSRE_SIGNID) {
1658 status = LSCSTATUS_SUCCESS;
1659 } else {
1660 /*LSCSTATUS_FAILED*/
1661 }
1662 *offset1 = offset;
1663 return status;
1664 }
1665
1666 /*******************************************************************************
1667 **
1668 ** Function: Check_45_Tag
1669 **
1670 ** Description: Check 45 tags presence in script and compare the value
1671 ** with select response tag 45 value
1672 **
1673 ** Returns: Success if Tag found
1674 **
1675 *******************************************************************************/
Check_45_Tag(uint8_t * read_buf,uint16_t * offset1,uint8_t * tag45Len)1676 LSCSTATUS Check_45_Tag(uint8_t* read_buf, uint16_t* offset1,
1677 uint8_t* tag45Len) {
1678 static const char fn[] = "Check_45_Tag";
1679 uint16_t offset = *offset1;
1680 if (read_buf[offset] == TAG_LSRE_SIGNID) {
1681 *tag45Len = read_buf[offset + 1];
1682 offset = offset + 2;
1683 if (gsTag45Arr[0] == *tag45Len) {
1684 if (!memcmp(&read_buf[offset], &gsTag45Arr[1], gsTag45Arr[0])) {
1685 *offset1 = offset;
1686 ALOGD_IF(ese_debug_enabled,
1687 "%s: LSC_Check_KeyIdentifier : TAG 45 verified", fn);
1688 return LSCSTATUS_SUCCESS;
1689 }
1690 }
1691 }
1692 return LSCSTATUS_FAILED;
1693 }
1694
1695 /*******************************************************************************
1696 **
1697 ** Function: Certificate_Verification
1698 **
1699 ** Description: Perform the certificate verification by forwarding it to
1700 ** LS applet.
1701 **
1702 ** Returns: Success if certificate is verified
1703 **
1704 *******************************************************************************/
Certificate_Verification(Lsc_ImageInfo_t * Os_info,Lsc_TranscieveInfo_t * pTranscv_Info,uint8_t * read_buf,uint16_t * offset1,uint8_t * tag45Len)1705 LSCSTATUS Certificate_Verification(Lsc_ImageInfo_t* Os_info,
1706 Lsc_TranscieveInfo_t* pTranscv_Info,
1707 uint8_t* read_buf, uint16_t* offset1,
1708 uint8_t* tag45Len) {
1709 static const char fn[] = "Certificate_Verification";
1710
1711 pTranscv_Info->sSendData[0] = 0x80;
1712 pTranscv_Info->sSendData[1] = 0xA0;
1713 pTranscv_Info->sSendData[2] = 0x01;
1714 pTranscv_Info->sSendData[3] = 0x00;
1715
1716 int32_t wCertfLen = (read_buf[2] << 8 | read_buf[3]);
1717 uint16_t offset = *offset1;
1718 /*If the certificate is less than 255 bytes*/
1719 if (wCertfLen <= 251) {
1720 uint8_t tag7f49Off = 0;
1721 uint8_t u7f49Len = 0;
1722 uint8_t tag5f37Len = 0;
1723 ALOGD_IF(ese_debug_enabled, "%s: Certificate is less than 255", fn);
1724 offset = offset + *tag45Len;
1725 ALOGD_IF(ese_debug_enabled, "%s: Before TAG_CCM_PERMISSION = %x", fn,
1726 read_buf[offset]);
1727 if (read_buf[offset] != TAG_CCM_PERMISSION) {
1728 return LSCSTATUS_FAILED;
1729 }
1730 int32_t tag53Len = 0;
1731 uint8_t len_byte = 0;
1732 offset = offset + 1;
1733 len_byte = Numof_lengthbytes(&read_buf[offset], &tag53Len);
1734 offset = offset + tag53Len + len_byte;
1735 ALOGD_IF(ese_debug_enabled, "%s: Verified TAG TAG_CCM_PERMISSION = 0x53",
1736 fn);
1737 if ((uint16_t)(read_buf[offset] << 8 | read_buf[offset + 1]) !=
1738 TAG_SIG_RNS_COMP) {
1739 return LSCSTATUS_FAILED;
1740 }
1741 tag7f49Off = offset;
1742 u7f49Len = read_buf[offset + 2];
1743 offset = offset + 3 + u7f49Len;
1744 if (u7f49Len != 64) {
1745 return LSCSTATUS_FAILED;
1746 }
1747 if ((uint16_t)(read_buf[offset] << 8 | read_buf[offset + 1]) != 0x7f49) {
1748 return LSCSTATUS_FAILED;
1749 }
1750 tag5f37Len = read_buf[offset + 2];
1751 if (read_buf[offset + 3] != 0x86 || (read_buf[offset + 4] != 65)) {
1752 return LSCSTATUS_FAILED;
1753 }
1754 uint8_t tag_len_byte = Numof_lengthbytes(&read_buf[2], &wCertfLen);
1755 pTranscv_Info->sSendData[4] = wCertfLen + 2 + tag_len_byte;
1756 pTranscv_Info->sSendlength = wCertfLen + 7 + tag_len_byte;
1757 memcpy(&(pTranscv_Info->sSendData[5]), &read_buf[0],
1758 wCertfLen + 2 + tag_len_byte);
1759
1760 ALOGD_IF(ese_debug_enabled, "%s: start transceive for length %d", fn,
1761 pTranscv_Info->sSendlength);
1762 LSCSTATUS status = LSCSTATUS_FAILED;
1763 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Cert);
1764 if (status == LSCSTATUS_SUCCESS) {
1765 ALOGD_IF(ese_debug_enabled, "%s: Certificate is verified", fn);
1766 }
1767 return status;
1768 } else {
1769 /*If the certificate is more than 255 bytes*/
1770 uint8_t tag7f49Off = 0;
1771 uint8_t u7f49Len = 0;
1772 uint8_t tag5f37Len = 0;
1773 ALOGD_IF(ese_debug_enabled, "%s: Certificate is greater than 255", fn);
1774 offset = offset + *tag45Len;
1775 ALOGD_IF(ese_debug_enabled, "%s: Before TAG_CCM_PERMISSION = %x", fn,
1776 read_buf[offset]);
1777 if (read_buf[offset] != TAG_CCM_PERMISSION) {
1778 return LSCSTATUS_FAILED;
1779 }
1780 int32_t tag53Len = 0;
1781 uint8_t len_byte = 0;
1782 offset = offset + 1;
1783 len_byte = Numof_lengthbytes(&read_buf[offset], &tag53Len);
1784 offset = offset + tag53Len + len_byte;
1785 ALOGD_IF(ese_debug_enabled, "%s: Verified TAG TAG_CCM_PERMISSION = 0x53",
1786 fn);
1787 if ((uint16_t)(read_buf[offset] << 8 | read_buf[offset + 1]) !=
1788 TAG_SIG_RNS_COMP) {
1789 return LSCSTATUS_FAILED;
1790 }
1791 tag7f49Off = offset;
1792 u7f49Len = read_buf[offset + 2];
1793 offset = offset + 3 + u7f49Len;
1794 if (u7f49Len != 64) {
1795 return LSCSTATUS_FAILED;
1796 }
1797 if ((uint16_t)(read_buf[offset] << 8 | read_buf[offset + 1]) != 0x7f49) {
1798 return LSCSTATUS_FAILED;
1799 }
1800 tag5f37Len = read_buf[offset + 2];
1801 if (read_buf[offset + 3] != 0x86 || (read_buf[offset + 4] != 65)) {
1802 return LSCSTATUS_FAILED;
1803 }
1804 pTranscv_Info->sSendData[4] = tag7f49Off;
1805 memcpy(&(pTranscv_Info->sSendData[5]), &read_buf[0], tag7f49Off);
1806 pTranscv_Info->sSendlength = tag7f49Off + 5;
1807 ALOGD_IF(ese_debug_enabled, "%s: start transceive for length %d", fn,
1808 pTranscv_Info->sSendlength);
1809
1810 LSCSTATUS status = LSCSTATUS_FAILED;
1811 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Default);
1812 if (status != LSCSTATUS_SUCCESS) {
1813 uint8_t* RecvData = pTranscv_Info->sRecvData;
1814 Write_Response_To_OutFile(Os_info, RecvData, gsResp_len, LS_Cert);
1815 return status;
1816 }
1817
1818 pTranscv_Info->sSendData[2] = 0x00;
1819 pTranscv_Info->sSendData[4] = u7f49Len + tag5f37Len + 6;
1820 memcpy(&(pTranscv_Info->sSendData[5]), &read_buf[tag7f49Off],
1821 u7f49Len + tag5f37Len + 6);
1822 pTranscv_Info->sSendlength = u7f49Len + tag5f37Len + 11;
1823 ALOGD_IF(ese_debug_enabled, "%s: start transceive for length %d", fn,
1824 pTranscv_Info->sSendlength);
1825
1826 status = LSC_SendtoLsc(Os_info, status, pTranscv_Info, LS_Cert);
1827 if (status == LSCSTATUS_SUCCESS) {
1828 ALOGD_IF(ese_debug_enabled, "Certificate is verified");
1829 }
1830 return status;
1831 }
1832 return LSCSTATUS_FAILED;
1833 }
1834
1835 /*******************************************************************************
1836 **
1837 ** Function: Check_Complete_7F21_Tag
1838 **
1839 ** Description: Traverses the 7F21 tag for verification of each sub tag with
1840 ** in the 7F21 tag.
1841 **
1842 ** Returns: Success if all tags are verified
1843 **
1844 *******************************************************************************/
Check_Complete_7F21_Tag(Lsc_ImageInfo_t * Os_info,Lsc_TranscieveInfo_t * pTranscv_Info,uint8_t * read_buf,uint16_t * offset)1845 LSCSTATUS Check_Complete_7F21_Tag(Lsc_ImageInfo_t* Os_info,
1846 Lsc_TranscieveInfo_t* pTranscv_Info,
1847 uint8_t* read_buf, uint16_t* offset) {
1848 static const char fn[] = "Check_Complete_7F21_Tag";
1849
1850 if (LSCSTATUS_SUCCESS != Check_Certificate_Tag(read_buf, offset)) {
1851 ALOGE("%s: FAILED in Check_Certificate_Tag", fn);
1852 return LSCSTATUS_FAILED;
1853 }
1854 if (LSCSTATUS_SUCCESS != Check_SerialNo_Tag(read_buf, offset)) {
1855 ALOGE("%s: FAILED in Check_SerialNo_Tag", fn);
1856 return LSCSTATUS_FAILED;
1857 }
1858 if (LSCSTATUS_SUCCESS != Check_LSRootID_Tag(read_buf, offset)) {
1859 ALOGE("%s: FAILED in Check_LSRootID_Tag", fn);
1860 return LSCSTATUS_FAILED;
1861 }
1862 if (LSCSTATUS_SUCCESS != Check_CertHoldID_Tag(read_buf, offset)) {
1863 ALOGE("%s: FAILED in Check_CertHoldID_Tag", fn);
1864 return LSCSTATUS_FAILED;
1865 }
1866 if (LSCSTATUS_SUCCESS != Check_Date_Tag(read_buf, offset)) {
1867 ALOGE("%s: FAILED in Check_CertHoldID_Tag", fn);
1868 return LSCSTATUS_FAILED;
1869 }
1870 uint8_t tag45Len = 0;
1871 if (LSCSTATUS_SUCCESS != Check_45_Tag(read_buf, offset, &tag45Len)) {
1872 ALOGE("%s: FAILED in Check_CertHoldID_Tag", fn);
1873 return LSCSTATUS_FAILED;
1874 }
1875 if (LSCSTATUS_SUCCESS != Certificate_Verification(Os_info, pTranscv_Info,
1876 read_buf, offset,
1877 &tag45Len)) {
1878 ALOGE("%s: FAILED in Certificate_Verification", fn);
1879 return LSCSTATUS_FAILED;
1880 }
1881 return LSCSTATUS_SUCCESS;
1882 }
1883
1884 /*******************************************************************************
1885 **
1886 ** Function: LSC_UpdateExeStatus
1887 **
1888 ** Description: Updates LSC status to a file
1889 **
1890 ** Returns: true if success else false
1891 **
1892 *******************************************************************************/
LSC_UpdateExeStatus(uint16_t status)1893 bool LSC_UpdateExeStatus(uint16_t status) {
1894 static const char fn[] = "LSC_UpdateExeStatus";
1895
1896 ALOGD_IF(ese_debug_enabled, "%s: enter", fn);
1897
1898 FILE* fLsStatus = fopen(LS_STATUS_PATH, "w+");
1899 if (fLsStatus == NULL) {
1900 ALOGE("%s: Error opening LS Status file for backup: %s", fn,
1901 strerror(errno));
1902 return false;
1903 }
1904 if ((fprintf(fLsStatus, "%04x", status)) != 4) {
1905 ALOGE("%s: Error updating LS Status backup: %s", fn, strerror(errno));
1906 fclose(fLsStatus);
1907 return false;
1908 }
1909 fclose(fLsStatus);
1910 ALOGD_IF(ese_debug_enabled, "%s: exit", fn);
1911 return true;
1912 }
1913
1914 /*******************************************************************************
1915 **
1916 ** Function: Get_LsStatus
1917 **
1918 ** Description: Interface to fetch Loader service client status to JNI,
1919 ** Services
1920 **
1921 ** Returns: SUCCESS/FAILURE
1922 **
1923 *******************************************************************************/
Get_LsStatus(uint8_t * pStatus)1924 LSCSTATUS Get_LsStatus(uint8_t* pStatus) {
1925 static const char fn[] = "Get_LsStatus";
1926
1927 FILE* fLsStatus = fopen(LS_STATUS_PATH, "r");
1928 if (fLsStatus == NULL) {
1929 ALOGE("%s: Error opening LS Status file for backup: %s", fn,
1930 strerror(errno));
1931 return LSCSTATUS_FAILED;
1932 }
1933
1934 uint8_t lsStatus[2] = {0x63, 0x40};
1935 for (uint8_t loopcnt = 0; loopcnt < 2; loopcnt++) {
1936 if ((FSCANF_BYTE(fLsStatus, "%2x", &lsStatus[loopcnt])) == 0) {
1937 ALOGE("%s: Error updating LS Status backup: %s", fn, strerror(errno));
1938 fclose(fLsStatus);
1939 return LSCSTATUS_FAILED;
1940 }
1941 }
1942 ALOGD_IF(ese_debug_enabled, "%s: LS Status 0x%X 0x%X", fn, lsStatus[0],
1943 lsStatus[1]);
1944 memcpy(pStatus, lsStatus, 2);
1945 fclose(fLsStatus);
1946 return LSCSTATUS_SUCCESS;
1947 }
1948