1 /*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 /******************************************************************************
17 **
18 ** The original Work has been changed by NXP.
19 **
20 ** Licensed under the Apache License, Version 2.0 (the "License");
21 ** you may not use this file except in compliance with the License.
22 ** You may obtain a copy of the License at
23 **
24 ** http://www.apache.org/licenses/LICENSE-2.0
25 **
26 ** Unless required by applicable law or agreed to in writing, software
27 ** distributed under the License is distributed on an "AS IS" BASIS,
28 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
29 ** See the License for the specific language governing permissions and
30 ** limitations under the License.
31 **
32 ** Copyright 2020-2023 NXP
33 **
34 *********************************************************************************/
35 #define LOG_TAG "javacard.strongbox-service"
36
37 #include <aidl/android/hardware/security/keymint/SecurityLevel.h>
38 #include <android-base/logging.h>
39 #include <android-base/properties.h>
40 #include <android/binder_manager.h>
41 #include <android/binder_process.h>
42
43 #include "JavacardKeyMintDevice.h"
44 #include "JavacardRemotelyProvisionedComponentDevice.h"
45 #include "JavacardSecureElement.h"
46 #include "JavacardSharedSecret.h"
47 #if defined OMAPI_TRANSPORT
48 #include <OmapiTransport.h>
49 #elif defined HAL_TO_HAL_TRANSPORT
50 #include <HalToHalTransport.h>
51 #else
52 #include <SocketTransport.h>
53 #endif
54 #include "keymint_utils.h"
55
56 using aidl::android::hardware::security::keymint::JavacardKeyMintDevice;
57 using aidl::android::hardware::security::keymint::JavacardRemotelyProvisionedComponentDevice;
58 using aidl::android::hardware::security::keymint::SecurityLevel;
59 using aidl::android::hardware::security::sharedsecret::JavacardSharedSecret;
60 using keymint::javacard::getOsPatchlevel;
61 using keymint::javacard::getOsVersion;
62 using keymint::javacard::getVendorPatchlevel;
63 using keymint::javacard::ITransport;
64 using keymint::javacard::JavacardSecureElement;
65 #if defined OMAPI_TRANSPORT
66 using keymint::javacard::OmapiTransport;
67 #elif defined HAL_TO_HAL_TRANSPORT
68 #else
69 using keymint::javacard::SocketTransport;
70 #endif
71
72 const std::vector<uint8_t> gStrongBoxAppletAID = {0xA0, 0x00, 0x00, 0x00, 0x62};
73
addService(Args &&...args)74 template <typename T, class... Args> std::shared_ptr<T> addService(Args&&... args) {
75 std::shared_ptr<T> ser = ndk::SharedRefBase::make<T>(std::forward<Args>(args)...);
76 auto instanceName = std::string(T::descriptor) + "/strongbox";
77 LOG(INFO) << "adding javacard strongbox service instance: " << instanceName;
78 binder_status_t status =
79 AServiceManager_addService(ser->asBinder().get(), instanceName.c_str());
80 CHECK(status == STATUS_OK);
81 return ser;
82 }
83
main()84 int main() {
85 LOG(INFO) << "Starting javacard strongbox service";
86 ABinderProcess_setThreadPoolMaxThreadCount(0);
87 // Javacard Secure Element
88 #if defined OMAPI_TRANSPORT
89 std::shared_ptr<JavacardSecureElement> card =
90 std::make_shared<JavacardSecureElement>(
91 OmapiTransport::make(gStrongBoxAppletAID));
92 #elif defined HAL_TO_HAL_TRANSPORT
93 std::shared_ptr<JavacardSecureElement> card =
94 std::make_shared<JavacardSecureElement>(
95 std::make_shared<HalToHalTransport>(gStrongBoxAppletAID));
96 #else
97 std::shared_ptr<JavacardSecureElement> card =
98 std::make_shared<JavacardSecureElement>(
99 std::make_shared<SocketTransport>(gStrongBoxAppletAID));
100 #endif
101 // Add Keymint Service
102 addService<JavacardKeyMintDevice>(card);
103 // Add Shared Secret Service
104 addService<JavacardSharedSecret>(card);
105 // Add Remotely Provisioned Component Service
106 addService<JavacardRemotelyProvisionedComponentDevice>(card);
107
108 LOG(INFO) << "Joining thread pool";
109 ABinderProcess_joinThreadPool();
110 return EXIT_FAILURE; // should not reach
111 }
112