1 /* 2 ** 3 ** Copyright 2020, The Android Open Source Project 4 ** 5 ** Licensed under the Apache License, Version 2.0 (the "License"); 6 ** you may not use this file except in compliance with the License. 7 ** You may obtain a copy of the License at 8 ** 9 ** http://www.apache.org/licenses/LICENSE-2.0 10 ** 11 ** Unless required by applicable law or agreed to in writing, software 12 ** distributed under the License is distributed on an "AS IS" BASIS, 13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 ** See the License for the specific language governing permissions and 15 ** limitations under the License. 16 */ 17 /****************************************************************************** 18 ** 19 ** The original Work has been changed by NXP. 20 ** 21 ** Licensed under the Apache License, Version 2.0 (the "License"); 22 ** you may not use this file except in compliance with the License. 23 ** You may obtain a copy of the License at 24 ** 25 ** http://www.apache.org/licenses/LICENSE-2.0 26 ** 27 ** Unless required by applicable law or agreed to in writing, software 28 ** distributed under the License is distributed on an "AS IS" BASIS, 29 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 30 ** See the License for the specific language governing permissions and 31 ** limitations under the License. 32 ** 33 ** Copyright 2022-2023 NXP 34 ** 35 *********************************************************************************/ 36 #if defined OMAPI_TRANSPORT 37 #pragma once 38 39 #include <aidl/android/se/omapi/BnSecureElementListener.h> 40 #include <aidl/android/se/omapi/ISecureElementChannel.h> 41 #include <aidl/android/se/omapi/ISecureElementListener.h> 42 #include <aidl/android/se/omapi/ISecureElementReader.h> 43 #include <aidl/android/se/omapi/ISecureElementService.h> 44 #include <aidl/android/se/omapi/ISecureElementSession.h> 45 // #include <aidl/android/se/omapi/SecureElementErrorCode.h> 46 #include <android/binder_manager.h> 47 48 #include <map> 49 50 #include "ITransport.h" 51 #include <AppletConnection.h> 52 #include <IntervalTimer.h> 53 #include <memory> 54 #include <vector> 55 56 #include <SBAccessController.h> 57 58 #define APP_NOT_FOUND_SW1 0x6A 59 #define APP_NOT_FOUND_SW2 0x82 60 61 namespace keymint::javacard { 62 using std::shared_ptr; 63 using std::vector; 64 65 /** 66 * OmapiTransport is derived from ITransport. This class gets the OMAPI service binder instance and uses IPC to 67 * communicate with OMAPI service. OMAPI inturn communicates with hardware via ISecureElement. 68 */ 69 class OmapiTransport : public std::enable_shared_from_this<OmapiTransport>, 70 public ITransport { 71 72 public: make(const std::vector<uint8_t> & mAppletAID)73 static shared_ptr<OmapiTransport> make(const std::vector<uint8_t> &mAppletAID) { 74 return std::shared_ptr<OmapiTransport>(new OmapiTransport(mAppletAID)); 75 } 76 virtual ~OmapiTransport(); 77 78 #ifdef NXP_EXTNS 79 /** 80 * Sets Applet Aid 81 */ setAppletAid(const vector<uint8_t> & aid)82 bool setAppletAid(const vector<uint8_t> &aid) { 83 mSelectableAid = aid; 84 return true; 85 } 86 #endif 87 /** 88 * Gets the binder instance of ISEService, gets te reader corresponding to secure element, 89 * establishes a session and opens a basic channel. 90 */ 91 bool openConnection() override; 92 /** 93 * Transmists the data over the opened basic channel and receives the data back. 94 */ 95 bool sendData(const vector<uint8_t>& inData, vector<uint8_t>& output) override; 96 /** 97 * Closes the connection. 98 */ 99 bool closeConnection() override; 100 /** 101 * Returns the state of the connection status. Returns true if the connection is active, false if connection is 102 * broken. 103 */ 104 bool isConnected() override; 105 #ifdef NXP_EXTNS 106 /** 107 * Closes the opened channel. 108 */ 109 void closeChannel(); 110 /** 111 * set default Interval timer timeout value. 112 */ 113 void setDefaultTimeout(int timeout); 114 #endif 115 116 private: 117 //AppletConnection mAppletConnection; 118 SBAccessController mSBAccessController; 119 IntervalTimer mTimer; 120 int mTimeout; 121 std::vector<uint8_t> mSelectableAid; 122 std::shared_ptr<aidl::android::se::omapi::ISecureElementService> omapiSeService; 123 std::shared_ptr<aidl::android::se::omapi::ISecureElementReader> eSEReader; 124 std::shared_ptr<aidl::android::se::omapi::ISecureElementSession> session; 125 std::shared_ptr<aidl::android::se::omapi::ISecureElementChannel> channel; 126 std::map<std::string, std::shared_ptr<aidl::android::se::omapi::ISecureElementReader>> 127 mVSReaders; 128 #ifdef NXP_EXTNS 129 /* Applet ID Weaver */ 130 const std::vector<uint8_t> kWeaverAID = {0xA0, 0x00, 0x00, 0x03, 0x96, 0x10, 0x10}; 131 #endif OmapiTransport(const std::vector<uint8_t> & mAppletAID)132 OmapiTransport(const std::vector<uint8_t> &mAppletAID) 133 : ITransport(mAppletAID), mTimeout(0), mSelectableAid(mAppletAID), 134 omapiSeService(nullptr), eSEReader(nullptr), session(nullptr), 135 channel(nullptr), mVSReaders({}) { 136 #ifdef NXP_EXTNS 137 mDeathRecipient = ::ndk::ScopedAIBinder_DeathRecipient( 138 AIBinder_DeathRecipient_new(BinderDiedCallback)); 139 #endif 140 } 141 bool initialize(); 142 bool internalTransmitApdu( 143 std::shared_ptr<aidl::android::se::omapi::ISecureElementReader> reader, 144 std::vector<uint8_t> apdu, std::vector<uint8_t>& transmitResponse); 145 146 #ifdef NXP_EXTNS 147 ::ndk::ScopedAIBinder_DeathRecipient mDeathRecipient; 148 std::mutex mCookieKeysMutex; 149 std::vector<uintptr_t> mCookieKeys; 150 151 static void BinderDiedCallback(void *cookie); 152 bool internalProtectedTransmitApdu( 153 std::shared_ptr<aidl::android::se::omapi::ISecureElementReader> reader, 154 std::vector<uint8_t> apdu, std::vector<uint8_t>& transmitResponse); 155 void prepareErrorRepsponse(std::vector<uint8_t>& resp); 156 bool openChannelToApplet(); 157 #endif 158 #ifdef INTERVAL_TIMER getApduStatus(std::vector<uint8_t> & inputData)159 inline uint16_t getApduStatus(std::vector<uint8_t> &inputData) { 160 // Last two bytes are the status SW0SW1 161 uint8_t SW0 = inputData.at(inputData.size() - 2); 162 uint8_t SW1 = inputData.at(inputData.size() - 1); 163 return (SW0 << 8 | SW1); 164 } 165 #endif 166 }; 167 } // namespace keymint::javacard 168 #endif 169