mobicore: t-base-200 Daemon and RootPA fixes
Fix SE/RootPA interface return code handling when replying to successful restoration of auth token container.
Corrected url of SE.
Signed-off-by: Oana Medvesan <medvesan.oana@gmail.com>
diff --git a/daemon/buildTag.h b/daemon/buildTag.h
index 0b2a793..5c5aee6 100644
--- a/daemon/buildTag.h
+++ b/daemon/buildTag.h
@@ -1,4 +1,4 @@
-/** Build tag created during build by ./Out/_build/_src/Scripts/trunk/00035338/Out/setBuildTag.sh.
+/** Build tag created during build by ./Out/_build/_src/Scripts/trunk/00036056/Out/setBuildTag.sh.
* <-- Copyright Trustonic Limited 2013 -->
*
* Redistribution and use in source and binary forms, with or without
diff --git a/rootpa/Code/Android/app/Android.mk b/rootpa/Code/Android/app/Android.mk
index 438c6f0..3e97ae5 100755
--- a/rootpa/Code/Android/app/Android.mk
+++ b/rootpa/Code/Android/app/Android.mk
@@ -13,6 +13,8 @@
LOCAL_MODULE_TAGS := optional
LOCAL_CERTIFICATE := platform
+LOCAL_PROGUARD_FLAGS := -include $(LOCAL_PATH)/proguard-project.txt
+
include $(BUILD_PACKAGE)
include $(CLEAR_VARS)
diff --git a/rootpa/Code/Android/app/jni/CommonPAWrapper/com_gd_mobicore_pa_jni_CommonPAWrapper.h b/rootpa/Code/Android/app/jni/CommonPAWrapper/com_gd_mobicore_pa_jni_CommonPAWrapper.h
index 5a376ec..8312793 100755
--- a/rootpa/Code/Android/app/jni/CommonPAWrapper/com_gd_mobicore_pa_jni_CommonPAWrapper.h
+++ b/rootpa/Code/Android/app/jni/CommonPAWrapper/com_gd_mobicore_pa_jni_CommonPAWrapper.h
@@ -137,10 +137,9 @@
/*
* Class: com_gd_mobicore_pa_jni_CommonPAWrapper
* Method: installTrustlet
- * Signature: (I[B[B)I
*/
JNIEXPORT jint JNICALL Java_com_gd_mobicore_pa_jni_CommonPAWrapper_installTrustlet
- (JNIEnv *, jobject, jint, jbyteArray, jint, jbyteArray, jbyteArray);
+ (JNIEnv *, jobject, jint, jbyteArray, jint, jbyteArray, jint, jbyteArray, jint, jint, jint, jbyteArray);
/*
* Class: com_gd_mobicore_pa_jni_CommonPAWrapper
diff --git a/rootpa/Code/Android/app/jni/CommonPAWrapper/commonwrapper.cpp b/rootpa/Code/Android/app/jni/CommonPAWrapper/commonwrapper.cpp
index 32ada01..9867029 100755
--- a/rootpa/Code/Android/app/jni/CommonPAWrapper/commonwrapper.cpp
+++ b/rootpa/Code/Android/app/jni/CommonPAWrapper/commonwrapper.cpp
@@ -530,7 +530,17 @@
JNIEXPORT jint JNICALL Java_com_gd_mobicore_pa_jni_CommonPAWrapper_installTrustlet
- (JNIEnv* envP, jobject obj, jint spid, jbyteArray uuid, jint requestDataType, jbyteArray tltOrKeyData, jbyteArray seAddress)
+(JNIEnv* envP, jobject obj,
+jint spid,
+jbyteArray uuid,
+jint requestDataType,
+jbyteArray tltOrKeyData,
+jint minTltVersion,
+jbyteArray tltPukHash,
+jint memoryType,
+jint numberOfInstances,
+jint flags,
+jbyteArray seAddress)
{
LOGD(">>Java_com_gd_mobicore_pa_jni_CommonPAWrapper_installTrustlet %ld %ld\n", (long int) stateUpdateCallback, (long int) getSystemInfoCallback);
setFilesPath(envP, obj);
@@ -552,6 +562,12 @@
trustletInstallationData_t tltData;
tltData.dataP=(uint8_t*) jniHelp.jByteArrayToCByteArray(tltOrKeyData, &tltData.dataLength);
tltData.dataType=(TltInstallationRequestDataType) requestDataType;
+ tltData.minTltVersion=minTltVersion;
+ tltData.tltPukHashP=(uint8_t*) jniHelp.jByteArrayToCByteArray(tltPukHash, &tltData.tltPukHashLength);
+ tltData.memoryType=memoryType;
+ tltData.numberOfInstances=numberOfInstances;
+ tltData.flags=flags;
+
uint32_t uuidLength=0;
uint8_t* uuidP=(uint8_t*) jniHelp.jByteArrayToCByteArray(uuid, &uuidLength);
if(UUID_LENGTH != uuidLength){
diff --git a/rootpa/Code/Android/app/proguard-project.txt b/rootpa/Code/Android/app/proguard-project.txt
index f2fe155..39b3569 100755
--- a/rootpa/Code/Android/app/proguard-project.txt
+++ b/rootpa/Code/Android/app/proguard-project.txt
@@ -18,3 +18,56 @@
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
+
+############## proguard-android.txt
+
+-dontusemixedcaseclassnames
+-dontskipnonpubliclibraryclasses
+-verbose
+
+-dontoptimize
+-dontpreverify
+
+-keepattributes *Annotation*
+-keep public class com.google.vending.licensing.ILicensingService
+-keep public class com.android.vending.licensing.ILicensingService
+
+-keepclasseswithmembernames class * {
+ native <methods>;
+}
+
+-keepclassmembers public class * extends android.view.View {
+ void set*(***);
+ *** get*();
+}
+
+-keepclassmembers class * extends android.app.Activity {
+ public void *(android.view.View);
+}
+
+-keepclassmembers enum * {
+ public static **[] values();
+ public static ** valueOf(java.lang.String);
+}
+
+-keep class * implements android.os.Parcelable {
+ public static final android.os.Parcelable$Creator *;
+}
+
+-keepclassmembers class **.R$* {
+ public static <fields>;
+}
+
+-dontwarn android.support.**
+
+##############
+
+
+# plus rootpa specifics
+
+-dontobfuscate
+
+-keep class com.gd.mobicore.pa.ifc.* { public *; }
+-keep class com.gd.mobicore.pa.jni.CommonPAWrapper { public *; }
+
+
diff --git a/rootpa/Code/Android/app/project.properties b/rootpa/Code/Android/app/project.properties
index 52e5e2b..f91ff48 100755
--- a/rootpa/Code/Android/app/project.properties
+++ b/rootpa/Code/Android/app/project.properties
@@ -10,6 +10,7 @@
# To enable ProGuard to shrink and obfuscate your code, uncomment this (available properties: sdk.dir, user.home):
#proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt:proguard-project.txt
+proguard.config=proguard-project.txt
android.library.reference.1=../lib/
diff --git a/rootpa/Code/Android/app/res/values/version.xml b/rootpa/Code/Android/app/res/values/version.xml
index a943b2a..9828166 100644
--- a/rootpa/Code/Android/app/res/values/version.xml
+++ b/rootpa/Code/Android/app/res/values/version.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
- <string name="name">1.0003 (34387)</string>
- <integer name="code">0x10003</integer>
+ <string name="name">2.0016 (35920)</string>
+ <integer name="code">0x20010</integer>
</resources>
diff --git a/rootpa/Code/Android/app/src/com/gd/mobicore/pa/jni/CommonPAWrapper.java b/rootpa/Code/Android/app/src/com/gd/mobicore/pa/jni/CommonPAWrapper.java
index fbb3fd5..3f7e7aa 100755
--- a/rootpa/Code/Android/app/src/com/gd/mobicore/pa/jni/CommonPAWrapper.java
+++ b/rootpa/Code/Android/app/src/com/gd/mobicore/pa/jni/CommonPAWrapper.java
@@ -66,7 +66,16 @@
public native int getSPContainerState(int spid, int[] state);
public native int getSPContainerStructure(int spid, int[] ints, byte[][] uuidArray, int[] trustletStates);
public native int doProvisioning(int uid, int spid, byte[] seAddress);
- public native int installTrustlet(int spid, byte[] uuid, int dataType, byte[] tltOrKeyData, byte[] seAddress);
+ public native int installTrustlet(int spid,
+ byte[] uuid,
+ int dataType,
+ byte[] tltOrKeyData,
+ int minTltVersion,
+ byte[] tltPukHash,
+ int memoryType,
+ int numberOfInstances,
+ int flags,
+ byte[] seAddress);
public native int unregisterRootContainer(byte[] seAddress);
public native void setEnvironmentVariable(byte[] variable, byte[] value);
diff --git a/rootpa/Code/Android/app/src/com/gd/mobicore/pa/service/DeveloperService.java b/rootpa/Code/Android/app/src/com/gd/mobicore/pa/service/DeveloperService.java
index 9cc30bc..2f22828 100755
--- a/rootpa/Code/Android/app/src/com/gd/mobicore/pa/service/DeveloperService.java
+++ b/rootpa/Code/Android/app/src/com/gd/mobicore/pa/service/DeveloperService.java
@@ -50,6 +50,13 @@
private final RootPADeveloperIfc.Stub mBinder = new ServiceIfc();
private static final int DEVELOPER_UID_FOR_LOCK=0x22220000;
private static final int UUID_LENGTH=16;
+ private static final int EXTERNAL_MEMORY=2;
+ private static final int DEFAULT_MEMORY_TYPE=EXTERNAL_MEMORY;
+ private static final int DEFAULT_NUMBER_OF_INSTANCES=1;
+ private static final int DEFAULT_FLAGS=0;
+ private static final byte[] DEFAULT_PUKHASH={0,0,0,0,0,0,0,0,0,0,
+ 0,0,0,0,0,0,0,0,0,0,
+ 0,0,0,0,0,0,0,0,0,0,0,0};
private class ServiceIfc extends RootPADeveloperIfc.Stub {
public ServiceIfc(){
super();
@@ -73,10 +80,13 @@
return true;
}
- public CommandResult installTrustlet(int spid, byte[] uuid, byte[] trustletBinary, byte[] key){
- Log.d(TAG,">>DeveloperService.Stub.installTrustlet");
-
- if((trustletBinary == null && key == null) || (trustletBinary != null && key != null) || 0==spid || !uuidOk(uuid)){
+ public CommandResult installTrustletOrKey(int spid, byte[] uuid, byte[] trustletBinary, byte[] key, int minTltVersion, byte[] tltPukHash){
+ Log.d(TAG,">>DeveloperService.Stub.installTrustletOrKey");
+ if(tltPukHash==null){
+ tltPukHash=DEFAULT_PUKHASH;
+ }
+
+ if((trustletBinary == null && key == null) || (trustletBinary != null && key != null) || 0==spid || !uuidOk(uuid) ){
return new CommandResult(CommandResult.ROOTPA_ERROR_ILLEGAL_ARGUMENT);
}
@@ -98,7 +108,62 @@
dataType=REQUEST_DATA_KEY;
}
setupProxy();
- err=commonPAWrapper().installTrustlet(spid, uuid, dataType, data, se_);
+ err=commonPAWrapper().installTrustlet(spid,
+ uuid,
+ dataType,
+ data,
+ minTltVersion,
+ tltPukHash,
+ DEFAULT_MEMORY_TYPE,
+ DEFAULT_NUMBER_OF_INSTANCES,
+ DEFAULT_FLAGS,
+ se_);
+ }catch(Exception e){
+ Log.e(TAG,"CommonPAWrapper().installTrustletOrKey exception: ", e);
+ err=CommandResult.ROOTPA_ERROR_INTERNAL;
+ }
+
+ Log.d(TAG,"<<DeveloperService.Stub.installTrustletOrKey");
+ return new CommandResult(err);
+ }
+
+ public CommandResult installTrustlet(int spid,
+ byte[] uuid,
+ byte[] trustletBinary,
+ int minTltVersion,
+ byte[] tltPukHash,
+ int memoryType,
+ int numberOfInstances,
+ int flags){
+ Log.d(TAG,">>DeveloperService.Stub.installTrustlet");
+ if(tltPukHash==null){
+ tltPukHash=DEFAULT_PUKHASH;
+ }
+
+
+ if(trustletBinary == null || 0==spid || !uuidOk(uuid) || memoryType > EXTERNAL_MEMORY){
+ return new CommandResult(CommandResult.ROOTPA_ERROR_ILLEGAL_ARGUMENT);
+ }
+
+ int tmpSuid=DEVELOPER_UID_FOR_LOCK+new Random().nextInt();
+
+ if(!DeveloperService.this.acquireLock(tmpSuid, false).isOk()){
+ return new CommandResult(CommandResult.ROOTPA_ERROR_LOCK);
+ }
+ doProvisioningLockSuid_=tmpSuid;
+ int err=0;
+ try{
+ setupProxy();
+ err=commonPAWrapper().installTrustlet(spid,
+ uuid,
+ REQUEST_DATA_TLT,
+ trustletBinary,
+ minTltVersion,
+ tltPukHash,
+ memoryType,
+ numberOfInstances,
+ flags,
+ se_);
}catch(Exception e){
Log.e(TAG,"CommonPAWrapper().installTrustlet exception: ", e);
err=CommandResult.ROOTPA_ERROR_INTERNAL;
@@ -106,8 +171,7 @@
Log.d(TAG,"<<DeveloperService.Stub.installTrustlet");
return new CommandResult(err);
- }
-
+ }
}
@Override
diff --git a/rootpa/Code/Android/lib/src/com/gd/mobicore/pa/ifc/RootPADeveloperIfc.aidl b/rootpa/Code/Android/lib/src/com/gd/mobicore/pa/ifc/RootPADeveloperIfc.aidl
index 69d9e79..e69a760 100755
--- a/rootpa/Code/Android/lib/src/com/gd/mobicore/pa/ifc/RootPADeveloperIfc.aidl
+++ b/rootpa/Code/Android/lib/src/com/gd/mobicore/pa/ifc/RootPADeveloperIfc.aidl
@@ -54,7 +54,7 @@
* This method can be used for installing "developer trustlet" that is not tied to any
* service provider and/or service manager. It contacts Service Enabler and asks it to
* perform the tasks, so the device has to be connected to network in order for this to
- * succeed.
+ * succeed.
*
* The service progress is informed with the same Intents as is progress of the
* @ref RootPAServiceIfc#doProvisioning, however there is an additional
@@ -64,20 +64,71 @@
*
* There are constants related to the intents in @ref RootPAProvisioningIntents
*
+ * @param spid service provider id
+ * @param uuid uuid of the trustlet in hex, without dashes. Needs to be correct length.
+ * @param trustletBinary trustlet binary to be encrypted with and returned back.
+ * If the binary is already encrypted, this array must be empty. The binary
+ * has to be encrypted for transfer. Note that only either trustletBinary
+ * or key can be given. There are sperate instructions on how the binary is to
+ * be encrypted and packaged. Key and trustletBinary are exclusive, only one of
+ * them can be given. This methods uses default values for memoryType (2),
+ * numberOfInstances (1) and flags (0) when trustlet binary is installed.
+ * @param key a key that has been used to encrypt the trustlet binary in case when
+ * the trustlet binary is not given as a parameter. This key has to be
+ * encrypted for transfer. There are sperate instructions on how the key is to
+ * be encrypted and packaged. Key and trustletBinary are exclusive, only one of
+ * them can be given.
+ * @param minTltVersion minimum version of the trustlet
+ * @param tltPukHash this field is not used at the moment, null is fine here.
+ *
+ * @return indication of successful start of provisioning thread (ROOTPA_OK) or an error code
+ */
+ CommandResult installTrustletOrKey(in int spid,
+ in byte[] uuid,
+ in byte[] trustletBinary,
+ in byte[] key,
+ in int minTltVersion,
+ in byte[] tltPukHash);
+
+ /**
+ * This method can be used for installing "developer trustlet" that is not tied to any
+ * service provider and/or service manager. It contacts Service Enabler and asks it to
+ * perform the tasks, so the device has to be connected to network in order for this to
+ * succeed.
+ *
+ * The service progress is informed with the same Intents as is progress of the
+ * @ref RootPAServiceIfc#doProvisioning, however there is an additional
+ * Intent com.gd.mobicore.pa.service.INSTALL_TRUSTLET for returning the encrypted
+ * trustlet binary.
+ *
+ * There are constants related to the intents in @ref RootPAProvisioningIntents
*
* @param spid service provider id
* @param uuid uuid of the trustlet in hex, without dashes. Needs to be correct length.
* @param trustletBinary trustlet binary to be encrypted with and returned back.
* If the binary is already encrypted, this array must be empty. The binary
* has to be encrypted for transfer. Note that only either trustletBinary
- * or key can be given.
- * @param key a key that has been used to encrypt the trustlet binary in case when
- * the trustlet binary is not given as a parameter. This The key has to be
- * encrypted for transfer. Note that only either trustletBinary
- * or key can be given.
+ * or key can be given. There are sperate instructions on how the binary is to
+ * be encrypted and packaged.
+ * @param minTltVersion minimum version of the trustlet
+ * @param tltPukHash this field is not used at the moment, null is fine here.
+ * @param memoryType memory where the trustlet is to be loaded and executed: 0 - if enough space is available,
+ load the Trustlet into the internal memory, otherwise into the external memory, 1 - internal memory,
+ 2 - external memory
+ * @param numberOfInstances indicates how many instances of a trustlet can be installed (run) in parallel
+ * @param flags current flags are: 1 - permanent, 2 - service has no WSW control interface, 4 - debuggable
+ *
* @return indication of successful start of provisioning thread (ROOTPA_OK) or an error code
*/
- CommandResult installTrustlet(in int spid, in byte[] uuid, in byte[] trustletBinary, in byte[] key);
+ CommandResult installTrustlet(in int spid,
+ in byte[] uuid,
+ in byte[] trustletBinary,
+ in int minTltVersion,
+ in byte[] tltPukHash,
+ in int memoryType,
+ in int numberOfInstances,
+ in int flags);
+
}
/**@}*/
diff --git a/rootpa/Code/Common/commandhandler.c b/rootpa/Code/Common/commandhandler.c
index 2b5c88f..a80ad7b 100755
--- a/rootpa/Code/Common/commandhandler.c
+++ b/rootpa/Code/Common/commandhandler.c
@@ -367,6 +367,7 @@
if(((provisioningparams_t*)paramsP)->tltInstallationDataP)
{
free((char*)((provisioningparams_t*)paramsP)->tltInstallationDataP->dataP);
+ free((char*)((provisioningparams_t*)paramsP)->tltInstallationDataP->tltPukHashP);
free(((provisioningparams_t*)paramsP)->tltInstallationDataP);
}
free(paramsP);
@@ -400,8 +401,13 @@
return ROOTPA_ERROR_OUT_OF_MEMORY;
}
+ // copy the whole struct
+
memset(paramsP->tltInstallationDataP,0,sizeof(trustletInstallationData_t)); // initialize in order to satisfy valgrind
+ memcpy(paramsP->tltInstallationDataP, tltDataP, sizeof(trustletInstallationData_t));
+ // malloc and copy data from/to the pointers
+
paramsP->tltInstallationDataP->dataP=malloc(tltDataP->dataLength);
if(!paramsP->tltInstallationDataP->dataP)
{
@@ -410,11 +416,18 @@
return ROOTPA_ERROR_OUT_OF_MEMORY;
}
memset((char*)paramsP->tltInstallationDataP->dataP,0,tltDataP->dataLength); // initialize in order to satisfy valgrind
- memcpy((char*)paramsP->tltInstallationDataP->dataP, tltDataP->dataP, sizeof(tltDataP->dataLength));
+ memcpy((char*)paramsP->tltInstallationDataP->dataP, tltDataP->dataP, tltDataP->dataLength);
- paramsP->tltInstallationDataP->dataLength = tltDataP->dataLength;
- paramsP->tltInstallationDataP->dataType = tltDataP->dataType;
- memcpy(¶msP->tltInstallationDataP->uuid, &tltDataP->uuid, UUID_LENGTH);
+ paramsP->tltInstallationDataP->tltPukHashP=malloc(tltDataP->tltPukHashLength);
+ if(!paramsP->tltInstallationDataP->tltPukHashP)
+ {
+ free((void*) paramsP->tltInstallationDataP->dataP);
+ free((void*) paramsP->tltInstallationDataP);
+ free(paramsP);
+ return ROOTPA_ERROR_OUT_OF_MEMORY;
+ }
+ memset((char*)paramsP->tltInstallationDataP->tltPukHashP,0,tltDataP->tltPukHashLength); // initialize in order to satisfy valgrind
+ memcpy((char*)paramsP->tltInstallationDataP->tltPukHashP, tltDataP->tltPukHashP, tltDataP->tltPukHashLength);
}
else
{
diff --git a/rootpa/Code/Common/enrollmentservicexmlschema.h b/rootpa/Code/Common/enrollmentservicexmlschema.h
index 4210f04..4e62c32 100755
--- a/rootpa/Code/Common/enrollmentservicexmlschema.h
+++ b/rootpa/Code/Common/enrollmentservicexmlschema.h
@@ -92,6 +92,58 @@
<xsd:attribute name=\"id\" type=\"xsd:int\" use=\"required\" /> \
</xsd:complexType> \
\
+ <xsd:complexType name=\"TrustletEncryptionKey\"> \
+ <xsd:simpleContent> \
+ <xsd:extension base=\"xsd:base64Binary\"> \
+ <xsd:attribute name=\"minTltVersion\" type=\"mcpt:Version\" use=\"required\" /> \
+ <xsd:attribute name=\"tltPukHash\" type=\"xsd:base64Binary\" use=\"required\" /> \
+ </xsd:extension> \
+ </xsd:simpleContent> \
+ </xsd:complexType> \
+\
+ <xsd:simpleType name=\"TrustletMemoryType\"> \
+ <xsd:restriction base=\"xsd:int\"> \
+ <xsd:enumeration value=\"0\"> \
+ <xsd:annotation> \
+ <xsd:documentation> \
+ If enough space is available in the internal \
+ memory the trustlet will be loaded into the internal memory, else into the external \
+ </xsd:documentation> \
+ </xsd:annotation> \
+ </xsd:enumeration> \
+ <xsd:enumeration value=\"1\"> \
+ <xsd:annotation> \
+ <xsd:documentation> \
+ Use internal memory only. \
+ </xsd:documentation> \
+ </xsd:annotation> \
+ </xsd:enumeration> \
+ <xsd:enumeration value=\"2\"> \
+ <xsd:annotation> \
+ <xsd:documentation> \
+ Use external memory only. \
+ </xsd:documentation> \
+ </xsd:annotation> \
+ </xsd:enumeration> \
+ </xsd:restriction> \
+ </xsd:simpleType> \
+ \
+ <xsd:complexType name=\"TrustletAXF\"> \
+ <xsd:simpleContent> \
+ <xsd:extension base=\"xsd:base64Binary\"> \
+ <xsd:attribute name=\"minTltVersion\" type=\"mcpt:Version\" \
+ use=\"required\" /> \
+ <xsd:attribute name=\"tltPukHash\" type=\"xsd:base64Binary\" \
+ use=\"required\" /> \
+ <xsd:attribute name=\"memoryType\" type=\"mces:TrustletMemoryType\" \
+ default=\"2\" /> \
+ <xsd:attribute name=\"numberOfInstances\" type=\"xsd:int\" \
+ default=\"1\" /> \
+ <xsd:attribute name=\"flags\" type=\"xsd:int\" default=\"0\" /> \
+ </xsd:extension> \
+ </xsd:simpleContent> \
+ </xsd:complexType> \
+\
<xsd:complexType name=\"TrustletInstallationRequest\"> \
<xsd:annotation> \
<xsd:documentation> \
@@ -123,12 +175,12 @@
</xsd:annotation> \
<xsd:sequence> \
<xsd:choice> \
- <xsd:element name=\"tltBinary\" type=\"xsd:base64Binary\" /> \
- <xsd:element name=\"tltEncryptionKey\" type=\"xsd:base64Binary\" /> \
+ <xsd:element name=\"trustletAxf\" type=\"mces:TrustletAXF\" /> \
+ <xsd:element name=\"tltEncryptionKey\" type=\"mces:TrustletEncryptionKey\" /> \
</xsd:choice> \
</xsd:sequence> \
</xsd:complexType> \
- \
+\
<xsd:complexType name=\"CommandResultList\"> \
<xsd:sequence> \
<xsd:element name=\"commandResult\" type=\"mces:CommandResult\" maxOccurs=\"unbounded\" /> \
@@ -185,7 +237,7 @@
xmlns:mcpt=\"http://www.mcore.gi-de.com/2012/02/schema/MCPlatformTypes\" \
targetNamespace=\"http://www.mcore.gi-de.com/2012/02/schema/MCPlatformTypes\" \
elementFormDefault=\"qualified\"> \
- \
+\
<xsd:simpleType name=\"Version\"> \
<xsd:annotation> \
<xsd:documentation> \
@@ -194,7 +246,7 @@
</xsd:annotation> \
<xsd:restriction base=\"xsd:int\" /> \
</xsd:simpleType> \
- \
+\
<xsd:complexType name=\"McVersion\"> \
<xsd:annotation> \
<xsd:documentation> \
@@ -231,6 +283,7 @@
<xsd:attribute name=\"manufacturer\" type=\"xsd:string\" use=\"optional\" /> \
<xsd:attribute name=\"hardware\" type=\"xsd:string\" use=\"optional\" /> \
<xsd:attribute name=\"model\" type=\"xsd:string\" use=\"optional\" /> \
+ <xsd:attribute name=\"sip\" type=\"xsd:string\" use=\"optional\" /> \
<xsd:attribute name=\"version\" type=\"xsd:string\" use=\"optional\" /> \
</xsd:complexType> \
</xsd:schema>"
diff --git a/rootpa/Code/Common/include/rootpa.h b/rootpa/Code/Common/include/rootpa.h
index fe35267..7f1e4d8 100755
--- a/rootpa/Code/Common/include/rootpa.h
+++ b/rootpa/Code/Common/include/rootpa.h
@@ -194,6 +194,40 @@
uuid of the trustlet
*/
mcUuid_t uuid;
+
+ /**
+ minimum version of the trustlet
+ */
+ uint32_t minTltVersion;
+
+ /**
+ pointer to tltPukHash
+ */
+ const uint8_t* tltPukHashP;
+
+ /**
+ length of data pointed by tltPukHashP
+ */
+ uint32_t tltPukHashLength;
+
+ /**
+ memory where the trustlet is to be loaded and executed:
+ 0 - if enough space is available, load the Trustlet into the internal memory, otherwise into the external memory,
+ 1 - internal memory,
+ 2 - external memory
+ */
+ uint32_t memoryType;
+
+ /**
+ indicates how many instances of a trustlet can be installed (run) in parallel
+ */
+ uint32_t numberOfInstances;
+
+ /**
+ current flags are: 1 - permanent, 2 - service has no WSW control interface, 4 - debuggable
+ */
+ uint32_t flags;
+
}trustletInstallationData_t;
#ifdef __cplusplus
diff --git a/rootpa/Code/Common/include/version.h b/rootpa/Code/Common/include/version.h
index 043ba73..2c4bd53 100755
--- a/rootpa/Code/Common/include/version.h
+++ b/rootpa/Code/Common/include/version.h
@@ -34,7 +34,7 @@
#ifndef ROOTPA_VERSION_H_
#define ROOTPA_VERSION_H_
-#define ROOTPA_VERSION_MAJOR 1
-#define ROOTPA_VERSION_MINOR 3
+#define ROOTPA_VERSION_MAJOR 2
+#define ROOTPA_VERSION_MINOR 16
#endif /** ROOTPA_VERSION_H_ */
diff --git a/rootpa/Code/Common/provisioningengine.c b/rootpa/Code/Common/provisioningengine.c
index a8ba1bd..67d0547 100755
--- a/rootpa/Code/Common/provisioningengine.c
+++ b/rootpa/Code/Common/provisioningengine.c
@@ -44,14 +44,14 @@
-static const char* const SE_URL="https://se.cgbe.trustonic.com:8443/"; // note that there has to be slash at the end since we are adding suid to it next
-//static const char* const SE_URL="http://se.cgbe.trustonic.com:8080/"; // note that there has to be slash at the end since we are adding suid to it next
+static const char* const SE_URL="https://se.cgbe.trustonic.com:8443/service-enabler/enrollment/"; // note that there has to be slash at the end since we are adding suid to it next
+
static const char* const RELATION_SELF = "relation/self";
static const char* const RELATION_SYSTEMINFO = "relation/system_info";
static const char* const RELATION_RESULT = "relation/command_result";
static const char* const RELATION_NEXT = "relation/next";
-static const uint8_t* const SLASH="/";
+static const uint8_t* const SLASH= (uint8_t*)"/";
static const char* const RELATION_INITIAL_POST="initial_post"; // this will make us to send HTTP GET, which
// is the right thing to do since we do not
@@ -73,7 +73,7 @@
void addBytesToUri(char* uriP, uint8_t* bytes, uint32_t length, bool uuid )
{
- LOGD(">>add bytes to URI %d", length);
+ LOGD(">>addBytesToUri %d", length);
int uriidx=strlen(uriP);
int i;
uint8_t singleNumber=0;
@@ -85,12 +85,13 @@
singleNumber=(bytes[i]&0x0F);
singleNumber=((singleNumber<0xA)?(singleNumber+0x30):(singleNumber+0x57));
uriP[uriidx++]=singleNumber;
+
if(true==uuid && (3 == i || 5 == i || 7 == i || 9 == i))
{
uriP[uriidx++]='-';
}
}
- LOGD("<<add bytes to URI %s %d", uriP, uriidx);
+ LOGD("<<addBytesToUri %s %d", uriP, uriidx);
}
void addIntToUri(char* uriP, uint32_t addThis)
@@ -397,7 +398,7 @@
workToDo=false;
}
- LOGD("end of provisioning loop work to do: %d, responseP %ld", workToDo, responseP);
+ LOGD("end of provisioning loop work to do: %d, responseP %ld", workToDo, (long int) responseP);
}
// last round cleaning in order to make sure both original and user pointers are released, but only once
diff --git a/rootpa/Code/Common/seclient.c b/rootpa/Code/Common/seclient.c
index a4fd992..0cb6600 100755
--- a/rootpa/Code/Common/seclient.c
+++ b/rootpa/Code/Common/seclient.c
@@ -185,7 +185,7 @@
}
else
{
- LOGD("curl: no debug msg %d %d", info, debugMessageSize);
+ LOGD("curl: no debug msg %d %d", info, (int) debugMessageSize);
}
return 0;
}
@@ -458,7 +458,7 @@
bool setPostOpt(CURL* curl_handle, const char* inputP)
{
- LOGD(">>setPostOpt %ld %d", inputP, inputP?strlen(inputP):0);
+ LOGD(">>setPostOpt %ld %d", (long int) inputP, inputP?(int)strlen(inputP):0);
if (curl_easy_setopt(curl_handle, CURLOPT_POST, 1L)!=CURLE_OK)
{
diff --git a/rootpa/Code/Common/xmlmessagehandler.c b/rootpa/Code/Common/xmlmessagehandler.c
index 7de588d..861fd6f 100755
--- a/rootpa/Code/Common/xmlmessagehandler.c
+++ b/rootpa/Code/Common/xmlmessagehandler.c
@@ -58,6 +58,11 @@
#define UNKNOWN_ID 0xFFFFFFFF
+#define EXTERNAL_MEMORY 2
+#define DEFAULT_MEMORY_TYPE EXTERNAL_MEMORY
+#define DEFAULT_NUMBER_OF_INSTANCES 1
+#define DEFAULT_FLAGS 0
+
typedef enum
{
CMP,
@@ -452,7 +457,7 @@
{
LOGD(">>handleUploadResponses %d", numberOfUploadResponses);
rootpaerror_t ret=ROOTPA_OK;
-
+ char zero=0;
uint32_t i;
for(i=0; (i < numberOfUploadResponses) && (ROOTPA_OK==ret); i++)
{
@@ -460,8 +465,8 @@
if(ROOTPA_OK == uploadResponsesP[i].ret)
{
// in success case TLT_UPLOAD and SO_UPLOAD return "0" (encoded) in the resultValue
- // field (discussed and agreed with Dimi Jan 10, 2013 */
- encodedResponseP=base64EncodeAddEndZero("0", 1);
+ // field (discussed and agreed with Dimi Jan 10, 2013)
+ encodedResponseP=base64EncodeAddEndZero(&zero, 1);
}
if( addCommandResultData(rspResultElementP, uploadResponsesP[i].id, encodedResponseP, uploadResponsesP[i].ret, uploadResponsesP[i].intRet )==false)
@@ -873,6 +878,7 @@
rootpaerror_t buildXmlTrustletInstallationRequest(const char** responseP, trustletInstallationData_t data )
{
+ char intBuffer[11];
LOGD(">>buildXmlTrustletInstallationRequest %ld (%ld %d %d)", (long int) responseP, (long int) data.dataP, data.dataLength, data.dataType);
rootpaerror_t ret=ROOTPA_OK;
if(NULL == responseP) return ROOTPA_ERROR_ILLEGAL_ARGUMENT; // data content checked earlier in commandhandler.c
@@ -888,18 +894,65 @@
char* encodedDataP=base64EncodeAddEndZero((char*) data.dataP, data.dataLength);
if(NULL==encodedDataP)
{
- LOGE("buildXmlTrustletInstallationRequest: base64 encoding failed");
+ LOGE("buildXmlTrustletInstallationRequest: base64 encoding of data failed");
return ROOTPA_ERROR_INTERNAL;
}
if(data.dataType == REQUEST_DATA_TLT)
{
- mcDataNode = xmlNewChild(systemInfoNode, nameSpace_, BAD_CAST "tltBinary", BAD_CAST encodedDataP);
+ mcDataNode = xmlNewChild(systemInfoNode, nameSpace_, BAD_CAST "trustletAxf", BAD_CAST encodedDataP);
+ if(data.memoryType != DEFAULT_MEMORY_TYPE)
+ {
+ sprintf(intBuffer,"%d",data.memoryType);
+ if(xmlNewProp(mcDataNode, BAD_CAST "memoryType", BAD_CAST intBuffer)==NULL)
+ {
+ free(encodedDataP);
+ return ROOTPA_ERROR_XML;
+ }
+ }
+
+ if(data.numberOfInstances != DEFAULT_NUMBER_OF_INSTANCES)
+ {
+ sprintf(intBuffer,"%d",data.numberOfInstances);
+ if(xmlNewProp(mcDataNode, BAD_CAST "numberOfInstances", BAD_CAST intBuffer)==NULL)
+ {
+ free(encodedDataP);
+ return ROOTPA_ERROR_XML;
+ }
+ }
+
+ if(data.flags != DEFAULT_FLAGS)
+ {
+ sprintf(intBuffer,"%d",data.flags);
+ if(xmlNewProp(mcDataNode, BAD_CAST "flags", BAD_CAST intBuffer)==NULL)
+ {
+ free(encodedDataP);
+ return ROOTPA_ERROR_XML;
+ }
+ }
}
else
{
- mcDataNode = xmlNewChild(systemInfoNode, nameSpace_, BAD_CAST "tltEncryptionKey", BAD_CAST encodedDataP);
+ mcDataNode = xmlNewChild(systemInfoNode, nameSpace_, BAD_CAST "trustletEncryptionKey", BAD_CAST encodedDataP);
}
+
+ sprintf(intBuffer,"%d",data.minTltVersion);
+ if(xmlNewProp(mcDataNode, BAD_CAST "minTltVersion", BAD_CAST intBuffer)==NULL)
+ {
+ free(encodedDataP);
+ return ROOTPA_ERROR_XML;
+ }
+
+ char* pukHashStringP=base64EncodeAddEndZero((char*) data.tltPukHashP, data.tltPukHashLength);
+ if(NULL==pukHashStringP)
+ {
+ LOGE("buildXmlTrustletInstallationRequest: base64 encoding of PukHash failed");
+ free(encodedDataP);
+ return ROOTPA_ERROR_INTERNAL;
+ }
+ if(xmlNewProp(mcDataNode, BAD_CAST "tltPukHash", BAD_CAST pukHashStringP)==NULL) return ROOTPA_ERROR_XML;
+
+ free(pukHashStringP);
free(encodedDataP);
if(NULL==mcDataNode) return ROOTPA_ERROR_XML;
diff --git a/rootpa/Test/Android/RootPAClient/res/values/version.xml b/rootpa/Test/Android/RootPAClient/res/values/version.xml
index a943b2a..9828166 100644
--- a/rootpa/Test/Android/RootPAClient/res/values/version.xml
+++ b/rootpa/Test/Android/RootPAClient/res/values/version.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
- <string name="name">1.0003 (34387)</string>
- <integer name="code">0x10003</integer>
+ <string name="name">2.0016 (35920)</string>
+ <integer name="code">0x20010</integer>
</resources>
diff --git a/rootpa/Test/Android/RootPAClient/src/com/gd/mobicore/pa/service/Test/RootPAClient.java b/rootpa/Test/Android/RootPAClient/src/com/gd/mobicore/pa/service/Test/RootPAClient.java
index f3b9abf..33836a5 100755
--- a/rootpa/Test/Android/RootPAClient/src/com/gd/mobicore/pa/service/Test/RootPAClient.java
+++ b/rootpa/Test/Android/RootPAClient/src/com/gd/mobicore/pa/service/Test/RootPAClient.java
@@ -128,13 +128,14 @@
psintent.putExtra("LOG", loggingLevel);
bindService(psintent, provisioningServiceConnection_, Context.BIND_AUTO_CREATE);
provisioningServiceIsBound_=true;
+ callCounter_++;
Intent dsintent=new Intent(RootPAProvisioningIntents.DEVELOPER_SERVICE);
dsintent.putExtra("SE", address);
dsintent.putExtra("LOG", loggingLevel);
bindService(dsintent, developerServiceConnection_, Context.BIND_AUTO_CREATE);
developerServiceIsBound_=true;
- callCounter_++;
+ callCounter_++;
Intent osintent=new Intent(RootPAProvisioningIntents.OEM_SERVICE);
osintent.putExtra("SE", address);
diff --git a/rootpa/Test/Android/RootPAClient/src/com/gd/mobicore/pa/service/Test/TestDeveloperService.java b/rootpa/Test/Android/RootPAClient/src/com/gd/mobicore/pa/service/Test/TestDeveloperService.java
index 89fe741..0b266c4 100755
--- a/rootpa/Test/Android/RootPAClient/src/com/gd/mobicore/pa/service/Test/TestDeveloperService.java
+++ b/rootpa/Test/Android/RootPAClient/src/com/gd/mobicore/pa/service/Test/TestDeveloperService.java
@@ -57,6 +57,7 @@
RootPADeveloperIfc developerServiceIfc_=null;
private static final String TESTTAG = "RootPA-Test";
private static final String TAG = "RootPA-T";
+ private byte[] pukHash_={1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2};
RootPAClient parent_=null;
TestDeveloperService(RootPAClient parent){
@@ -181,7 +182,7 @@
// installTrustlet, trustlet binary
try{
- tret=developerServiceIfc_.installTrustlet(TLT_INSTALL_TEST_SPID, CmpTest.TLTUUID, TEST_TRUSTLET, null);
+ tret=developerServiceIfc_.installTrustlet(TLT_INSTALL_TEST_SPID, CmpTest.TLTUUID, TEST_TRUSTLET, 1, pukHash_, 1, 3, 4);
}catch(Throwable e){
logi = logi.concat("FAILURE: call to installTrustlet with trustlet failed: " + e + "\n");
overallsuccess=false;
@@ -212,7 +213,7 @@
done_=false; // another call
try{
- kret=developerServiceIfc_.installTrustlet(TLT_INSTALL_TEST_SPID, CmpTest.TLTUUID, null, TEST_KEY);
+ kret=developerServiceIfc_.installTrustletOrKey(TLT_INSTALL_TEST_SPID, CmpTest.TLTUUID, null, TEST_KEY, 1, pukHash_);
}catch(Throwable e){
logi = logi.concat("FAILURE: call to installTrustlet with key failed: " + e + "\n");
overallsuccess=false;
@@ -254,7 +255,7 @@
// error cases
CommandResult err1ret=new CommandResult(0x0FFF0000);
try{
- err1ret=developerServiceIfc_.installTrustlet(TLT_INSTALL_TEST_SPID, CmpTest.TLTUUID, TEST_TRUSTLET, TEST_KEY);
+ err1ret=developerServiceIfc_.installTrustletOrKey(TLT_INSTALL_TEST_SPID, CmpTest.TLTUUID, TEST_TRUSTLET, TEST_KEY, 1, pukHash_);
}catch(Throwable e){
logi = logi.concat("FAILURE: call to installTrustlet with trustlet failed: " + e + "\n");
overallsuccess=false;
@@ -263,7 +264,7 @@
CommandResult err2ret=new CommandResult(0x0FFF0000);
try{
- err2ret=developerServiceIfc_.installTrustlet(TLT_INSTALL_TEST_SPID, CmpTest.TLTUUID, null, null);
+ err2ret=developerServiceIfc_.installTrustletOrKey(TLT_INSTALL_TEST_SPID, CmpTest.TLTUUID, null, null, 1, pukHash_);
}catch(Throwable e){
logi = logi.concat("FAILURE: call to installTrustlet with trustlet failed: " + e + "\n");
overallsuccess=false;
diff --git a/rootpa/Test/Linux/commonClient/Makefile b/rootpa/Test/Linux/commonClient/Makefile
index 23679e5..afead74 100755
--- a/rootpa/Test/Linux/commonClient/Makefile
+++ b/rootpa/Test/Linux/commonClient/Makefile
@@ -53,7 +53,8 @@
VALGRIND=valgrind
VALGRINDPARAMS=-v --leak-check=full --show-reachable=yes --track-origins=yes
-CFLAGS= -Wall -D_GNU_SOURCE # -D_GNU_SOURCE is here for removing warnings and making sure strcasestr works properly
+CFLAGS= -Wall -D_GNU_SOURCE # -D_GNU_SOURCE is here for removing warnings and making sure strcasestr works properly
+CFLAGS+= -Wall -D__DEBUG
LDFLAGS=rcs
INCDIR=-I../../../Code/Common/include -I/usr/include/libxml2 -I/usr/include/curl -I$(TLSDK)/Out/Public/MobiCore/inc -I$(TLCM)/Out/Public -I$(MOBICOREDRIVERLIB)/Out/Public
diff --git a/rootpa/Test/Linux/commonClient/rootpaclient.cpp b/rootpa/Test/Linux/commonClient/rootpaclient.cpp
index b9ee744..31d8105 100755
--- a/rootpa/Test/Linux/commonClient/rootpaclient.cpp
+++ b/rootpa/Test/Linux/commonClient/rootpaclient.cpp
@@ -66,7 +66,7 @@
static const int EXPECTED_SP_CONT_STATE = MC_CONT_STATE_SP_LOCKED; // 4
static const int EXPECTED_TLT_CONT_STATE = MC_CONT_STATE_SP_LOCKED; // 4
static const mcUuid_t EXPECTED_TLT_ID={{0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04, 0x05, 0x05, 0x05, 0x05, 0x06, 0x06, 0x06, 0x06}};
-
+static const int WAIT_TIMEOUT=15;
static bool testStatus_=true;
#define STATES_DONE_IDX 0
@@ -168,7 +168,7 @@
if(false==result)
{
cout << "==== FAILURE: "<< testCase << "\n";
- testStatus_ = false;
+ testStatus_ = false;
}
else
{
@@ -185,7 +185,7 @@
int main(int argc, char* argv[] )
{
// printSizes();
- setPaths("./", "./");
+ setPaths(".", ".");
checkResult(setSeAddress(SEADDRESS, sizeof(SEADDRESS)),"setSeAddress");
checkResult(openSessionToCmtl(), "openSessionToCmtl");
@@ -247,34 +247,56 @@
memset(states_,0,NUMBER_OF_STATES);
if(checkResult(doProvisioning(spid, stateCallback, sysInfoCallback),"doProvisioning"))
{
- checkResult(waitUntilDone(4), "doProvisioning, waitUntilDone");
- statesOkProvisioning();
+ checkResult(waitUntilDone(WAIT_TIMEOUT), "doProvisioning, waitUntilDone");
+ if(!statesOkProvisioning())
+ {
+ testStatus_=false;
+ }
}
memset(states_,0,NUMBER_OF_STATES);
if(checkResult(unregisterRootContainer(stateCallback, sysInfoCallback),"unregisterRootContainer"))
{
- checkResult(waitUntilDone(4), "unregisterRootContainer, waitUntilDone");
- statesOkDelete();
+ checkResult(waitUntilDone(WAIT_TIMEOUT), "unregisterRootContainer, waitUntilDone");
+ if(!statesOkDelete())
+ {
+ testStatus_=false;
+ }
}
trustletInstallationData_t tltData;
+ memset(&tltData, 0, sizeof(tltData));
tltData.dataP=(uint8_t*)"AAAAAAAAAABBBBBBBBBBCCCCCCCCCC";
tltData.dataLength=30;
tltData.dataType=REQUEST_DATA_TLT;
+ memcpy(&tltData.uuid, &EXPECTED_TLT_ID,sizeof(EXPECTED_TLT_ID));
+ tltData.minTltVersion=1;
+ tltData.tltPukHashP=(uint8_t*)"DDDDDDDDDDEEEEEEEEEEFFFFFFFFFF00";
+ tltData.tltPukHashLength=32;
+ tltData.memoryType=2;
+ tltData.numberOfInstances=1;
+ tltData.flags=0;
+
+
memset(states_,0,NUMBER_OF_STATES);
if(checkResult(installTrustlet(spid, stateCallback, sysInfoCallback, &tltData),"installTrustlet tlt"))
{
- checkResult(waitUntilDone(4), "installTrustlet tlt, waitUntilDone");
- statesOkInstall();
+ checkResult(waitUntilDone(WAIT_TIMEOUT), "installTrustlet tlt, waitUntilDone");
+ if(!statesOkInstall())
+ {
+ testStatus_=false;
+ }
}
tltData.dataType=REQUEST_DATA_KEY; // since we are not dealing with real data we use the same for both
memset(states_,0,NUMBER_OF_STATES);
if(checkResult(installTrustlet(spid, stateCallback, sysInfoCallback, &tltData),"installTrustlet key"))
{
- checkResult(waitUntilDone(4), "installTrustlet key, waitUntilDone");
- statesOkProvisioning(); // not checking install state since the tlt will not be sent back
+ checkResult(waitUntilDone(WAIT_TIMEOUT), "installTrustlet key, waitUntilDone");
+ if(!statesOkProvisioning()) // not checking install state since the tlt will not be sent back
+ {
+ testStatus_=false;
+ }
}
CmpMessage* commandsP=NULL;
@@ -284,7 +306,10 @@
if(checkResult( executeCmpCommands(numberOfCommands, commandsP, responsesP, &internalError),"executeCmpCommands" ))
{
checkResult( 0==internalError,"executeCmpCommands, internalError");
- testStatus_=checkCmpResults(numberOfCommands, responsesP);
+ if(checkCmpResults(numberOfCommands, responsesP)==false)
+ {
+ testStatus_=false;
+ }
}
cleanup(numberOfCommands, commandsP, responsesP);
diff --git a/rootpa/Test/Misc/httpd.conf b/rootpa/Test/Misc/httpd.conf
index 74555df..cdb4921 100755
--- a/rootpa/Test/Misc/httpd.conf
+++ b/rootpa/Test/Misc/httpd.conf
@@ -32,7 +32,7 @@
# intial POST/Install uses this
-<Location /00000000445566778899aabbccddeeff/10/03030303040404040505050506060606>
+<Location /00000000445566778899aabbccddeeff/10/03030303-0404-0404-0505-050506060606>
Header set Link <http://10.0.2.2/activity/00000000-4455-6677-8899-aabbccddee00>;rel="http://10.0.2.2/relation/command_result"
SetHandler perl-script
PerlResponseHandler ReceiveDeleteCommand