1 /****************************************************************************** 2 * 3 * Copyright 2023-2024 NXP 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #pragma once 20 21 #include <android-base/logging.h> 22 #include <android-base/stringprintf.h> 23 #include <cppbor.h> 24 #include <cppbor_parse.h> 25 26 // Timeout value in seconds for invalid data status 27 #define INVALID_DATA_STATUS_TIMER_VALUE 0 28 29 // Default timeout value in seconds for clear approved status. 30 #define CLEAR_APPROVE_STATUS_TIMER_VALUE 60 31 32 // index 0 & 1 in hours, index 2 & 3 in seconds [hr] [hr] : [secs] [secs] 33 #define TIMEOUT_VECTOR_SIZE 4 34 35 #define DEFAULT_SESSION_TIMEOUT (3 * 1000) // 3 secs,default value 36 37 #define APDU_CLS 0x80 38 #define APDU_P1 0x00 39 #define APDU_P2 0x00 40 #define APDU_RESP_STATUS_OK 0x9000 41 #define INDEX_STATUS_VAL 0x00 42 #define INDEX_TIMER_VAL 0x01 43 44 using android::base::StringPrintf; 45 46 enum class Instruction { 47 INS_VERIFY_PIN = 0x20, 48 INS_CLEAR_APPROVED_STATUS = 0x30, 49 }; 50 51 /** 52 * AuthSecretHelper is a helper class for AuthSecret HAL implementation. 53 * 54 */ 55 class AuthSecretHelper { 56 public: 57 /** 58 * \brief static function to get the singleton instance of 59 * AuthSecretHelper class 60 * 61 * \retval timeout value. 62 */ 63 static AuthSecretHelper *getInstance(); 64 /** 65 * \brief Extracts timeout value from applet if applicable, 66 * else returns default value. 67 * 68 * \retval timeout value. 69 * 70 * \param[data] Response APDU data from VERIFY PIN command. 71 */ 72 uint64_t extractTimeoutValue(std::vector<uint8_t> data); 73 74 /** 75 * \brief Check the status of VERIFY PIN command response 76 * CBOR data. 77 * 78 * \retval true if VERIFY PIN is success, else returns false. 79 * 80 * \param[resp] Response APDU data from VERIFY PIN command. 81 */ 82 bool checkVerifyStatus(std::vector<uint8_t> resp); 83 84 /** 85 * \brief Function to frame the input data in to CBOR format 86 * apdu 87 * 88 * \retval returns true if constructing CBOR APDU is success, 89 * else returns false. 90 * 91 * \param[ins] Input instrution type. 92 * \param[input] Input payload data 93 * \param[out] Pointer for output CBOR APDU vector. 94 * \param[timeout] Timeout value as vector for VERIFY PIN Ins 95 */ 96 bool constructApdu(Instruction ins, const std::vector<uint8_t> &input, 97 std::vector<uint8_t> &out, std::vector<uint8_t> timeout); 98 99 private: 100 static AuthSecretHelper *sInstance; 101 }; 102