/******************************************************************************
*
* Copyright 2018 NXP
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
******************************************************************************/
#define LOG_TAG "LSClient"
#include <cutils/properties.h>
#include <dirent.h>
#include <errno.h>
#include <log/log.h>
#include <openssl/evp.h>
#include <pthread.h>
#include <stdlib.h>
#include <iomanip>
#include <sstream>
#include <string>
#include "LsClient.h"
#include "LsLib.h"
uint8_t datahex(char c);
unsigned char* getHASH(uint8_t* buffer, size_t buffSize);
extern bool ese_debug_enabled;
#define ls_script_source_prefix "/vendor/etc/loaderservice_updater_"
#define ls_script_source_suffix ".lss"
#define ls_script_output_prefix \
"/data/vendor/secure_element/loaderservice_updater_out_"
#define ls_script_output_suffix ".txt"
const size_t HASH_DATA_LENGTH = 21;
const uint16_t HASH_STATUS_INDEX = 20;
const uint8_t LS_MAX_COUNT = 10;
const uint8_t LS_DOWNLOAD_SUCCESS = 0x00;
const uint8_t LS_DOWNLOAD_FAILED = 0x01;
class LSInfo {
public:
uint8_t m_status;
uint8_t m_version;
uint8_t m_mode;
uint8_t m_slot1_status;
uint8_t m_slot1_hash;
uint8_t m_slot2_status;
uint8_t m_slot2_hash;
};
static LSC_onCompletedCallback mCallback = nullptr;
static void* mCallbackParams = NULL;
void* performLSDownload_thread(void* data);
static void getLSScriptSourcePrefix(std::string& prefix);
static int compareLSHash(uint8_t* hash, uint8_t length);
static std::string printLSStatus(int status);
static std::string dumpLsInfo(LSInfo* info);
static int compareLSHash(uint8_t* hash, uint8_t length) {
uint8_t ls253UpdaterScriptHash[HASH_DATA_LENGTH - 1] = {
0x65, 0x80, 0xFB, 0xA0, 0xCA, 0x59, 0xAE, 0x6C, 0x71, 0x6B,
0x15, 0xB1, 0xBD, 0xB1, 0x2C, 0x04, 0x29, 0x14, 0x8A, 0x8F};
uint8_t ls253AppletScriptHash[HASH_DATA_LENGTH - 1] = {
0x71, 0x7B, 0x8D, 0x0C, 0xEA, 0xE7, 0xEC, 0xC1, 0xCF, 0x47,
0x33, 0x10, 0xFE, 0x8E, 0x52, 0x5D, 0xB1, 0x43, 0x9B, 0xDE};
uint8_t lsFactoryScript1Hash[HASH_DATA_LENGTH - 1] = {
0x4A, 0xD0, 0x37, 0xD0, 0x44, 0x5B, 0x78, 0x55, 0x17, 0x5E,
0xFD, 0x87, 0x9C, 0xF1, 0x74, 0xBA, 0x77, 0xAD, 0x03, 0x62};
uint8_t lsFactoryScript2Hash[HASH_DATA_LENGTH - 1] = {
0xA9, 0xDB, 0x03, 0x53, 0xC2, 0xD7, 0xF8, 0xFC, 0x84, 0x37,
0xAF, 0xB9, 0x53, 0x06, 0x27, 0x9D, 0xE9, 0x68, 0x45, 0xEF};
uint8_t lsFactoryScript3Hash[HASH_DATA_LENGTH - 1] = {
0xA9, 0xAE, 0x5E, 0x66, 0x92, 0x8F, 0x70, 0xBD, 0x0A, 0xC7,
0x20, 0x8A, 0x6A, 0xBB, 0x63, 0xB3, 0xCA, 0x05, 0x58, 0xC1};
uint8_t lsFactoryScript4Hash[HASH_DATA_LENGTH - 1] = {
0x64, 0x73, 0x56, 0xAE, 0x58, 0x27, 0x6C, 0x07, 0x4B, 0xBA,
0x64, 0x7E, 0x6E, 0xC1, 0x97, 0xC8, 0x57, 0x17, 0x6E, 0x2D};
uint8_t* hashList[6] = {lsFactoryScript1Hash, lsFactoryScript2Hash,
lsFactoryScript3Hash, lsFactoryScript4Hash,
ls253UpdaterScriptHash, ls253AppletScriptHash};
if (length != HASH_DATA_LENGTH - 1) {
return 0xFF;
}
for (int i = 0; i < 6; i++) {
if (0 == memcmp(hash, hashList[i], length)) {
return i + 1;
}
}
return 0xFF;
}
static std::string dumpLsInfo(LSInfo* info) {
std::stringstream buff;
buff << std::setw(2) << std::setfill('0') << std::hex
<< (int)(info->m_status);
buff << std::setw(2) << std::setfill('0') << std::hex
<< (int)(info->m_version);
buff << std::setw(2) << std::setfill('0') << std::hex
<< (int)(info->m_mode);
buff << std::setw(2) << std::setfill('0') << std::hex
<< (int)(info->m_slot1_status);
buff << std::setw(2) << std::setfill('0') << std::hex
<< (int)(info->m_slot1_hash);
buff << std::setw(2) << std::setfill('0') << std::hex
<< (int)(info->m_slot2_status);
buff << std::setw(2) << std::setfill('0') << std::hex
<< (int)(info->m_slot2_hash);
return buff.str();
}
void getLSScriptSourcePrefix(std::string& prefix) {
char source_path[PROPERTY_VALUE_MAX] = {0};
int len = property_get("vendor.ese.loader_script_path", source_path, "");
if (len > 0) {
FILE* fd = fopen(source_path, "rb");
if (fd != NULL) {
char c;
while (!feof(fd) && fread(&c, 1, 1, fd) == 1) {
if (c == ' ' || c == '\n' || c == '\r' || c == 0x00) break;
prefix.push_back(c);
}
} else {
ALOGD("%s Cannot open file %s\n", __func__, source_path);
}
}
if (prefix.empty()) {
prefix.assign(ls_script_source_prefix);
}
}
/*******************************************************************************
**
** Function: LSC_Start
**
** Description: Starts the LSC update with encrypted data privided in the
updater file
**
** Returns: SUCCESS if ok.
**
*******************************************************************************/
LSCSTATUS LSC_Start(const char* name, const char* dest, uint8_t* pdata,
uint16_t len, uint8_t* respSW) {
static const char fn[] = "LSC_Start";
LSCSTATUS status = LSCSTATUS_FAILED;
if (name != NULL) {
status = Perform_LSC(name, dest, pdata, len, respSW);
} else {
ALOGE("%s: LS script file is missing", fn);
}
ALOGD_IF(ese_debug_enabled, "%s: Exit; status=0x0%X", fn, status);
return status;
}
/*******************************************************************************
**
** Function: LSC_doDownload
**
** Description: Start LS download process
**
** Returns: SUCCESS if ok
**
*******************************************************************************/
LSCSTATUS LSC_doDownload(LSC_onCompletedCallback callback, void* args) {
static const char fn[] = "LSC_doDownload";
mCallback = callback;
mCallbackParams = args;
LSCSTATUS status;
pthread_t thread;
pthread_attr_t attr;
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
if (pthread_create(&thread, &attr, &performLSDownload_thread, NULL) < 0) {
ALOGE("%s: Thread creation failed", fn);
status = LSCSTATUS_FAILED;
} else {
status = LSCSTATUS_SUCCESS;
}
pthread_attr_destroy(&attr);
return status;
}
/*******************************************************************************
**
** Function: printLSStatus
**
** Description: print LS applet state and Slot 1 & 2 data
**
** Returns: LS status log
**
*******************************************************************************/
std::string printLSStatus(int lsStatus) {
ALOGD_IF(ese_debug_enabled, "%s enter ", __func__);
uint8_t slotHashBuffer[HASH_DATA_LENGTH] = {0};
uint16_t length = 0;
uint16_t lsVersion = 0;
uint8_t lsMode = 0;
std::stringstream outStream;
std::stringstream outHash;
LSInfo lsInfo;
memset(&lsInfo, 0xFF, sizeof(LSInfo));
lsInfo.m_status = lsStatus;
outStream << "\nCurrent LS info:";
/*Read LS applet mode*/
LSCSTATUS status = LSC_ReadLscInfo(&lsMode, &lsVersion);
if (status != LSCSTATUS_SUCCESS) {
outStream << dumpLsInfo(&lsInfo);
outStream << "\nFailed to access LS applet!\n";
return outStream.str();
}
ALOGI_IF(ese_debug_enabled, "LS applet version is %d.%d", (lsVersion >> 8),
(lsVersion & 0xFF));
if (lsMode == 2) {
ALOGI_IF(ese_debug_enabled, "LS is in UPDATE mode!");
}
lsInfo.m_version = lsVersion & 0xFF;
lsInfo.m_mode = lsMode;
/*Read the hash from slot 1*/
status = LSC_ReadLsHash(slotHashBuffer, &length, 1);
if (status != LSCSTATUS_SUCCESS) {
ALOGI_IF(ese_debug_enabled, "Failed to read Hash value from slot 1.");
outStream << dumpLsInfo(&lsInfo);
return outStream.str();
}
if (slotHashBuffer[HASH_DATA_LENGTH - 1] == LS_DOWNLOAD_SUCCESS) {
ALOGI_IF(ese_debug_enabled, "LS Slot 1 passed.");
lsInfo.m_slot1_status = LS_DOWNLOAD_SUCCESS;
} else {
ALOGI_IF(ese_debug_enabled, "LS Slot 1 failed.");
lsInfo.m_slot1_status = LS_DOWNLOAD_FAILED;
}
lsInfo.m_slot1_hash = compareLSHash(slotHashBuffer, HASH_DATA_LENGTH - 1);
if (lsInfo.m_slot1_hash == 0xFF) {
outHash << "\n slot 1 hash:\n";
for (int i = 0; i < HASH_DATA_LENGTH - 1; i++) {
outHash << std::setw(2) << std::setfill('0') << std::hex
<< (int)slotHashBuffer[i];
}
}
/*Read the hash from slot 2*/
status = LSC_ReadLsHash(slotHashBuffer, &length, 2);
if (status != LSCSTATUS_SUCCESS) {
ALOGI_IF(ese_debug_enabled, "Failed to read Hash value from slot 1.");
outStream << dumpLsInfo(&lsInfo);
return outStream.str();
}
if (slotHashBuffer[HASH_DATA_LENGTH - 1] == LS_DOWNLOAD_SUCCESS) {
ALOGI_IF(ese_debug_enabled, "LS Slot 2 passed.");
lsInfo.m_slot2_status = LS_DOWNLOAD_SUCCESS;
} else {
ALOGI_IF(ese_debug_enabled, "LS Slot 2 failed.");
lsInfo.m_slot2_status = LS_DOWNLOAD_FAILED;
}
lsInfo.m_slot2_hash = compareLSHash(slotHashBuffer, HASH_DATA_LENGTH - 1);
if (lsInfo.m_slot2_hash == 0xFF) {
outHash << "\n slot 2 hash:\n";
for (int i = 0; i < HASH_DATA_LENGTH - 1; i++) {
outHash << std::setw(2) << std::setfill('0') << std::hex
<< (int)slotHashBuffer[i];
}
}
outStream << dumpLsInfo(&lsInfo) << outHash.str();
ALOGD_IF(ese_debug_enabled, "%s exit\n", __func__);
return outStream.str();
}
/*******************************************************************************
**
** Function: performLSDownload_thread
**
** Description: Perform LS during hal init
**
** Returns: None
**
*******************************************************************************/
void* performLSDownload_thread(__attribute__((unused)) void* data) {
ALOGD_IF(ese_debug_enabled, "%s enter ", __func__);
/*generated SHA-1 string for secureElementLS
This will remain constant as handled in secureElement HAL*/
char sha1[] = "6d583e84f2710e6b0f06beebc1a12a1083591373";
uint8_t hash[20] = {0};
for (int i = 0; i < 40; i = i + 2) {
hash[i / 2] =
(((datahex(sha1[i]) & 0x0F) << 4) | (datahex(sha1[i + 1]) & 0x0F));
}
uint8_t resSW[4] = {0x4e, 0x02, 0x69, 0x87};
std::string sourcePath;
std::string sourcePrefix;
std::string outPath;
int index = 1;
LSCSTATUS status = LSCSTATUS_SUCCESS;
Lsc_HashInfo_t lsHashInfo;
getLSScriptSourcePrefix(sourcePrefix);
do {
/*Open the script file from specified location and name*/
sourcePath.assign(sourcePrefix);
sourcePath += ('0' + index);
sourcePath += ls_script_source_suffix;
FILE* fIn = fopen(sourcePath.c_str(), "rb");
if (fIn == NULL) {
ALOGE("%s Cannot open LS script file %s, Error: %s\n", __func__,
sourcePath.c_str(), strerror(errno));
break;
}
ALOGD_IF(ese_debug_enabled, "%s File opened %s\n", __func__,
sourcePath.c_str());
/*Read the script content to a local buffer*/
fseek(fIn, 0, SEEK_END);
long lsBufSize = ftell(fIn);
rewind(fIn);
if (lsHashInfo.lsRawScriptBuf == nullptr) {
lsHashInfo.lsRawScriptBuf = (uint8_t*)phNxpEse_memalloc(lsBufSize + 1);
}
memset(lsHashInfo.lsRawScriptBuf, 0x00, (lsBufSize + 1));
fread(lsHashInfo.lsRawScriptBuf, lsBufSize, 1, fIn);
LSCSTATUS lsHashStatus = LSCSTATUS_FAILED;
/*Get 20bye SHA1 of the script*/
lsHashInfo.lsScriptHash =
getHASH(lsHashInfo.lsRawScriptBuf, (size_t)lsBufSize);
phNxpEse_free(lsHashInfo.lsRawScriptBuf);
lsHashInfo.lsRawScriptBuf = nullptr;
if (lsHashInfo.lsScriptHash == nullptr) break;
if (lsHashInfo.readBuffHash == nullptr) {
lsHashInfo.readBuffHash = (uint8_t*)phNxpEse_memalloc(HASH_DATA_LENGTH);
}
memset(lsHashInfo.readBuffHash, 0x00, HASH_DATA_LENGTH);
/*Read the hash from applet for specified slot*/
lsHashStatus =
LSC_ReadLsHash(lsHashInfo.readBuffHash, &lsHashInfo.readHashLen, index);
/*Check if previously script is successfully installed.
if yes, continue reading next script else try update wit current script*/
if ((lsHashStatus == LSCSTATUS_SUCCESS) &&
(lsHashInfo.readHashLen == HASH_DATA_LENGTH) &&
(0 == memcmp(lsHashInfo.lsScriptHash, lsHashInfo.readBuffHash,
HASH_DATA_LENGTH - 1)) &&
(lsHashInfo.readBuffHash[HASH_STATUS_INDEX] == LS_DOWNLOAD_SUCCESS)) {
ALOGD_IF(ese_debug_enabled, "%s LS Loader sript is already installed \n",
__func__);
continue;
}
/*Create output file to write response data*/
outPath.assign(ls_script_output_prefix);
outPath += ('0' + index);
outPath += ls_script_output_suffix;
FILE* fOut = fopen(outPath.c_str(), "wb+");
if (fOut == NULL) {
ALOGE("%s Failed to open file %s\n", __func__, outPath.c_str());
break;
}
fclose(fOut);
/*Uptdates current script*/
status = LSC_Start(sourcePath.c_str(), outPath.c_str(), (uint8_t*)hash,
(uint16_t)sizeof(hash), resSW);
ALOGD_IF(ese_debug_enabled, "%s script %s perform done, result = %d\n",
__func__, sourcePath.c_str(), status);
if (status != LSCSTATUS_SUCCESS) {
lsHashInfo.lsScriptHash[HASH_STATUS_INDEX] = LS_DOWNLOAD_FAILED;
/*If current script updation fails, update the status with hash to the
* applet then clean and exit*/
lsHashStatus =
LSC_UpdateLsHash(lsHashInfo.lsScriptHash, HASH_DATA_LENGTH, index);
if (lsHashStatus != LSCSTATUS_SUCCESS) {
ALOGD_IF(ese_debug_enabled, "%s LSC_UpdateLsHash Failed\n", __func__);
}
ESESTATUS estatus = phNxpEse_deInit();
if (estatus == ESESTATUS_SUCCESS) {
estatus = phNxpEse_close();
if (estatus == ESESTATUS_SUCCESS) {
ALOGD_IF(ese_debug_enabled, "%s: Ese_close success\n", __func__);
}
} else {
ALOGE("%s: Ese_deInit failed", __func__);
}
if (mCallback != nullptr) {
(mCallback)(false, printLSStatus(LS_DOWNLOAD_FAILED), mCallbackParams);
break;
}
} else {
/*If current script execution is succes, update the status along with the
* hash to the applet*/
lsHashInfo.lsScriptHash[HASH_STATUS_INDEX] = LS_DOWNLOAD_SUCCESS;
lsHashStatus =
LSC_UpdateLsHash(lsHashInfo.lsScriptHash, HASH_DATA_LENGTH, index);
if (lsHashStatus != LSCSTATUS_SUCCESS) {
ALOGD_IF(ese_debug_enabled, "%s LSC_UpdateLsHash Failed\n", __func__);
}
}
} while (++index <= LS_MAX_COUNT);
phNxpEse_free(lsHashInfo.readBuffHash);
if (status == LSCSTATUS_SUCCESS) {
if (mCallback != nullptr) {
(mCallback)(true, printLSStatus(LS_DOWNLOAD_SUCCESS), mCallbackParams);
}
}
pthread_exit(NULL);
ALOGD_IF(ese_debug_enabled, "%s pthread_exit\n", __func__);
return NULL;
}
/*******************************************************************************
**
** Function: getHASH
**
** Description: generates SHA1 of given buffer
**
** Returns: 20 bytes of SHA1
**
*******************************************************************************/
unsigned char* getHASH(uint8_t* buffer, size_t buffSize) {
static uint8_t outHash[HASH_DATA_LENGTH] = {0};
unsigned int md_len = -1;
const EVP_MD* md = EVP_get_digestbyname("SHA1");
if (NULL != md) {
EVP_MD_CTX mdctx;
EVP_MD_CTX_init(&mdctx);
EVP_DigestInit_ex(&mdctx, md, NULL);
EVP_DigestUpdate(&mdctx, buffer, buffSize);
EVP_DigestFinal_ex(&mdctx, outHash, &md_len);
EVP_MD_CTX_cleanup(&mdctx);
}
return outHash;
}
/*******************************************************************************
**
** Function: datahex
**
** Description: Converts char to uint8_t
**
** Returns: uint8_t variable
**
*******************************************************************************/
uint8_t datahex(char c) {
uint8_t value = 0;
if (c >= '0' && c <= '9')
value = (c - '0');
else if (c >= 'A' && c <= 'F')
value = (10 + (c - 'A'));
else if (c >= 'a' && c <= 'f')
value = (10 + (c - 'a'));
return value;
}