1 /******************************************************************************
2 *
3 * Copyright (C) 2018 ST Microelectronics S.A.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 *
18 ******************************************************************************/
19 #define LOG_TAG "StEse-SecureElement"
20 #include <android_logmsg.h>
21
22 #include <stdlib.h>
23 #include <string.h>
24 #include "SecureElement.h"
25
26 extern bool ese_debug_enabled;
27 static bool OpenLogicalChannelProcessing = false;
28 static bool OpenBasicChannelProcessing = false;
29
30 namespace android {
31 namespace hardware {
32 namespace secure_element {
33 namespace V1_1 {
34 namespace implementation {
35
36 sp<V1_1::ISecureElementHalCallback> SecureElement::mCallbackV1_1 = nullptr;
37 sp<V1_0::ISecureElementHalCallback> SecureElement::mCallbackV1_0 = nullptr;
38
SecureElement()39 SecureElement::SecureElement()
40 : mOpenedchannelCount(0), mOpenedChannels{false, false, false, false} {}
41
init(const sp<::android::hardware::secure_element::V1_0::ISecureElementHalCallback> & clientCallback)42 Return<void> SecureElement::init(
43 const sp<
44 ::android::hardware::secure_element::V1_0::ISecureElementHalCallback>&
45 clientCallback) {
46 ESESTATUS status = ESESTATUS_SUCCESS;
47 STLOG_HAL_D("%s: Enter", __func__);
48 if (clientCallback == nullptr) {
49 return Void();
50 } else {
51 mCallbackV1_0 = clientCallback;
52 mCallbackV1_1 = nullptr;
53 if (!mCallbackV1_0->linkToDeath(this, 0 /*cookie*/)) {
54 STLOG_HAL_E("%s: Failed to register death notification", __func__);
55 }
56 }
57
58 if (isSeInitialized()) {
59 clientCallback->onStateChange(true);
60 return Void();
61 }
62
63 status = seHalInit();
64 if (status != ESESTATUS_SUCCESS) {
65 clientCallback->onStateChange(false);
66 return Void();
67 } else {
68 clientCallback->onStateChange(true);
69 return Void();
70 }
71 }
init_1_1(const sp<::android::hardware::secure_element::V1_1::ISecureElementHalCallback> & clientCallback)72 Return<void> SecureElement::init_1_1(
73 const sp<
74 ::android::hardware::secure_element::V1_1::ISecureElementHalCallback>&
75 clientCallback) {
76 ESESTATUS status = ESESTATUS_SUCCESS;
77 STLOG_HAL_D("%s: Enter", __func__);
78 if (clientCallback == nullptr) {
79 return Void();
80 } else {
81 mCallbackV1_1 = clientCallback;
82 mCallbackV1_0 = nullptr;
83 if (!mCallbackV1_1->linkToDeath(this, 0 /*cookie*/)) {
84 STLOG_HAL_E("%s: Failed to register death notification", __func__);
85 }
86 }
87
88 if (isSeInitialized()) {
89 clientCallback->onStateChange_1_1(true, "SE already initialized");
90 return Void();
91 }
92
93 status = seHalInit();
94 if (status != ESESTATUS_SUCCESS) {
95 clientCallback->onStateChange_1_1(false, "SE initialization failed");
96 return Void();
97 } else {
98 clientCallback->onStateChange_1_1(true, "SE initialized");
99 return Void();
100 }
101 }
102
getAtr(getAtr_cb _hidl_cb)103 Return<void> SecureElement::getAtr(getAtr_cb _hidl_cb) {
104 STLOG_HAL_D("%s: Enter", __func__);
105 hidl_vec<uint8_t> response;
106 uint8_t* ATR;
107 ATR = StEse_getAtr();
108 if (ATR != nullptr) {
109 uint8_t len = *ATR;
110 if (len) {
111 response.resize(len);
112 memcpy(&response[0], ATR, len);
113 }
114 }
115 _hidl_cb(response);
116 return Void();
117 }
118
isCardPresent()119 Return<bool> SecureElement::isCardPresent() { return true; }
120
transmit(const hidl_vec<uint8_t> & data,transmit_cb _hidl_cb)121 Return<void> SecureElement::transmit(const hidl_vec<uint8_t>& data,
122 transmit_cb _hidl_cb) {
123 ESESTATUS status = ESESTATUS_FAILED;
124 StEse_data cmdApdu;
125 StEse_data rspApdu;
126 memset(&cmdApdu, 0x00, sizeof(StEse_data));
127 memset(&rspApdu, 0x00, sizeof(StEse_data));
128
129 STLOG_HAL_D("%s: Enter", __func__);
130 cmdApdu.len = data.size();
131 if (cmdApdu.len >= MIN_APDU_LENGTH) {
132 cmdApdu.p_data = (uint8_t*)malloc(data.size() * sizeof(uint8_t));
133 memcpy(cmdApdu.p_data, data.data(), cmdApdu.len);
134 status = StEse_Transceive(&cmdApdu, &rspApdu);
135 }
136
137 hidl_vec<uint8_t> result;
138 if (status != ESESTATUS_SUCCESS) {
139 STLOG_HAL_E("%s: transmit failed!!!", __func__);
140 seHalResetSe();
141 } else {
142 result.resize(rspApdu.len);
143 memcpy(&result[0], rspApdu.p_data, rspApdu.len);
144 }
145 _hidl_cb(result);
146 free(cmdApdu.p_data);
147 free(rspApdu.p_data);
148 return Void();
149 }
150
openLogicalChannel(const hidl_vec<uint8_t> & aid,uint8_t p2,openLogicalChannel_cb _hidl_cb)151 Return<void> SecureElement::openLogicalChannel(const hidl_vec<uint8_t>& aid,
152 uint8_t p2,
153 openLogicalChannel_cb _hidl_cb) {
154 hidl_vec<uint8_t> manageChannelCommand = {0x00, 0x70, 0x00, 0x00, 0x01};
155 OpenLogicalChannelProcessing = true;
156 LogicalChannelResponse resApduBuff;
157 resApduBuff.channelNumber = 0xff;
158 memset(&resApduBuff, 0x00, sizeof(resApduBuff));
159 STLOG_HAL_D("%s: Enter", __func__);
160
161 if (aid.size() > 16) {
162 STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
163 _hidl_cb(resApduBuff, SecureElementStatus::FAILED);
164 OpenLogicalChannelProcessing = false;
165 return Void();
166 }
167
168 if (!isSeInitialized()) {
169 STLOG_HAL_D("%s: Enter SeInitialized", __func__);
170 ESESTATUS status = seHalInit();
171 if (status != ESESTATUS_SUCCESS) {
172 STLOG_HAL_E("%s: seHalInit Failed!!!", __func__);
173 _hidl_cb(resApduBuff, SecureElementStatus::IOERROR);
174 OpenLogicalChannelProcessing = false;
175 return Void();
176 }
177 }
178
179 SecureElementStatus sestatus = SecureElementStatus::FAILED;
180 ESESTATUS status = ESESTATUS_FAILED;
181 StEse_data cmdApdu;
182 StEse_data rspApdu;
183
184 memset(&cmdApdu, 0x00, sizeof(StEse_data));
185 memset(&rspApdu, 0x00, sizeof(StEse_data));
186
187 cmdApdu.len = manageChannelCommand.size();
188 cmdApdu.p_data =
189 (uint8_t*)malloc(manageChannelCommand.size() * sizeof(uint8_t));
190 if (cmdApdu.p_data != NULL) {
191 memcpy(cmdApdu.p_data, manageChannelCommand.data(), cmdApdu.len);
192 status = StEse_Transceive(&cmdApdu, &rspApdu);
193 }
194 if (status != ESESTATUS_SUCCESS) {
195 /*Transceive failed*/
196 sestatus = SecureElementStatus::IOERROR;
197 } else if (rspApdu.p_data[rspApdu.len - 2] == 0x90 &&
198 rspApdu.p_data[rspApdu.len - 1] == 0x00) {
199 /*ManageChannel successful*/
200 resApduBuff.channelNumber = rspApdu.p_data[0];
201 mOpenedchannelCount++;
202 mOpenedChannels[resApduBuff.channelNumber] = true;
203 sestatus = SecureElementStatus::SUCCESS;
204 } else if (rspApdu.p_data[rspApdu.len - 2] == 0x6A &&
205 rspApdu.p_data[rspApdu.len - 1] == 0x81) {
206 sestatus = SecureElementStatus::CHANNEL_NOT_AVAILABLE;
207 } else if (((rspApdu.p_data[rspApdu.len - 2] == 0x6E) ||
208 (rspApdu.p_data[rspApdu.len - 2] == 0x6D)) &&
209 rspApdu.p_data[rspApdu.len - 1] == 0x00) {
210 sestatus = SecureElementStatus::UNSUPPORTED_OPERATION;
211 }
212 /*Free the allocations*/
213 free(cmdApdu.p_data);
214 cmdApdu.p_data = NULL;
215 free(rspApdu.p_data);
216 rspApdu.p_data = NULL;
217 if (sestatus != SecureElementStatus::SUCCESS) {
218 /* if the SE is unresponsive, reset it */
219 if (sestatus == SecureElementStatus::IOERROR) {
220 seHalResetSe();
221 }
222
223 /*If manageChannel is failed in any of above cases
224 send the callback and return*/
225 _hidl_cb(resApduBuff, sestatus);
226 STLOG_HAL_E("%s: Exit - manage channel failed!!", __func__);
227 OpenLogicalChannelProcessing = false;
228 return Void();
229 }
230
231 STLOG_HAL_D("%s: Sending selectApdu", __func__);
232 /*Reset variables if manageChannel is success*/
233 sestatus = SecureElementStatus::FAILED;
234 status = ESESTATUS_FAILED;
235
236 memset(&cmdApdu, 0x00, sizeof(StEse_data));
237 memset(&rspApdu, 0x00, sizeof(StEse_data));
238
239 cmdApdu.len = (int32_t)(6 + aid.size());
240 cmdApdu.p_data = (uint8_t*)malloc(cmdApdu.len * sizeof(uint8_t));
241 if (cmdApdu.p_data != NULL) {
242 uint8_t xx = 0;
243 cmdApdu.p_data[xx++] = resApduBuff.channelNumber;
244 cmdApdu.p_data[xx++] = 0xA4; // INS
245 cmdApdu.p_data[xx++] = 0x04; // P1
246 cmdApdu.p_data[xx++] = p2; // P2
247 cmdApdu.p_data[xx++] = aid.size(); // Lc
248 memcpy(&cmdApdu.p_data[xx], aid.data(), aid.size());
249 cmdApdu.p_data[xx + aid.size()] = 0x00; // Le
250 status = StEse_Transceive(&cmdApdu, &rspApdu);
251 }
252
253 if (status != ESESTATUS_SUCCESS) {
254 /*Transceive failed*/
255 sestatus = SecureElementStatus::IOERROR;
256 } else {
257 uint8_t sw1 = rspApdu.p_data[rspApdu.len - 2];
258 uint8_t sw2 = rspApdu.p_data[rspApdu.len - 1];
259 /*Return response on success, empty vector on failure*/
260 /*Status is success*/
261 if (sw1 == 0x90 && sw2 == 0x00) {
262 /*Copy the response including status word*/
263 resApduBuff.selectResponse.resize(rspApdu.len);
264 memcpy(&resApduBuff.selectResponse[0], rspApdu.p_data, rspApdu.len);
265 sestatus = SecureElementStatus::SUCCESS;
266 }
267 /*AID provided doesn't match any applet on the secure element*/
268 else if (sw1 == 0x6A && sw2 == 0x82) {
269 sestatus = SecureElementStatus::NO_SUCH_ELEMENT_ERROR;
270 }
271 /*Operation provided by the P2 parameter is not permitted by the applet.*/
272 else if (sw1 == 0x6A && sw2 == 0x86) {
273 sestatus = SecureElementStatus::UNSUPPORTED_OPERATION;
274 }
275 }
276
277 if (sestatus != SecureElementStatus::SUCCESS) {
278 /* if the SE is unresponsive, reset it */
279 if (sestatus == SecureElementStatus::IOERROR) {
280 seHalResetSe();
281 } else {
282 STLOG_HAL_E("%s: Select APDU failed! Close channel..", __func__);
283 SecureElementStatus closeChannelStatus =
284 closeChannel(resApduBuff.channelNumber);
285 if (closeChannelStatus != SecureElementStatus::SUCCESS) {
286 STLOG_HAL_E("%s: closeChannel Failed", __func__);
287 } else {
288 resApduBuff.channelNumber = 0xff;
289 }
290 }
291 }
292 _hidl_cb(resApduBuff, sestatus);
293 free(cmdApdu.p_data);
294 free(rspApdu.p_data);
295 STLOG_HAL_V("%s: Exit", __func__);
296 OpenLogicalChannelProcessing = false;
297 return Void();
298 }
299
openBasicChannel(const hidl_vec<uint8_t> & aid,uint8_t p2,openBasicChannel_cb _hidl_cb)300 Return<void> SecureElement::openBasicChannel(const hidl_vec<uint8_t>& aid,
301 uint8_t p2,
302 openBasicChannel_cb _hidl_cb) {
303 hidl_vec<uint8_t> result;
304 OpenBasicChannelProcessing = true;
305 STLOG_HAL_D("%s: Enter", __func__);
306
307 if (aid.size() > 16) {
308 STLOG_HAL_E("%s: Invalid AID size: %u", __func__, (unsigned)aid.size());
309 _hidl_cb(result, SecureElementStatus::FAILED);
310 OpenBasicChannelProcessing = false;
311 return Void();
312 }
313
314 if (!isSeInitialized()) {
315 ESESTATUS status = seHalInit();
316 if (status != ESESTATUS_SUCCESS) {
317 STLOG_HAL_E("%s: seHalInit Failed!!!", __func__);
318 _hidl_cb(result, SecureElementStatus::IOERROR);
319 OpenBasicChannelProcessing = false;
320 return Void();
321 }
322 }
323
324 SecureElementStatus sestatus = SecureElementStatus::FAILED;
325 ESESTATUS status = ESESTATUS_FAILED;
326 StEse_data cmdApdu;
327 StEse_data rspApdu;
328
329 memset(&cmdApdu, 0x00, sizeof(StEse_data));
330 memset(&rspApdu, 0x00, sizeof(StEse_data));
331
332 cmdApdu.len = (int32_t)(6 + aid.size());
333 cmdApdu.p_data = (uint8_t*)malloc(cmdApdu.len * sizeof(uint8_t));
334 if (cmdApdu.p_data != NULL) {
335 uint8_t xx = 0;
336 cmdApdu.p_data[xx++] = 0x00; // basic channel
337 cmdApdu.p_data[xx++] = 0xA4; // INS
338 cmdApdu.p_data[xx++] = 0x04; // P1
339 cmdApdu.p_data[xx++] = p2; // P2
340 cmdApdu.p_data[xx++] = aid.size(); // Lc
341 memcpy(&cmdApdu.p_data[xx], aid.data(), aid.size());
342 cmdApdu.p_data[xx + aid.size()] = 0x00; // Le
343
344 status = StEse_Transceive(&cmdApdu, &rspApdu);
345 }
346
347 if (status != ESESTATUS_SUCCESS) {
348 /* Transceive failed */
349 sestatus = SecureElementStatus::IOERROR;
350 } else {
351 uint8_t sw1 = rspApdu.p_data[rspApdu.len - 2];
352 uint8_t sw2 = rspApdu.p_data[rspApdu.len - 1];
353 /*Return response on success, empty vector on failure*/
354 /*Status is success*/
355 if ((sw1 == 0x90) && (sw2 == 0x00)) {
356 /*Copy the response including status word*/
357 result.resize(rspApdu.len);
358 memcpy(&result[0], rspApdu.p_data, rspApdu.len);
359 /*Set basic channel reference if it is not set */
360 if (!mOpenedChannels[0]) {
361 mOpenedChannels[0] = true;
362 mOpenedchannelCount++;
363 }
364 sestatus = SecureElementStatus::SUCCESS;
365 }
366 /*AID provided doesn't match any applet on the secure element*/
367 else if (sw1 == 0x6A && sw2 == 0x82) {
368 sestatus = SecureElementStatus::NO_SUCH_ELEMENT_ERROR;
369 }
370 /*Operation provided by the P2 parameter is not permitted by the applet.*/
371 else if (sw1 == 0x6A && sw2 == 0x86) {
372 sestatus = SecureElementStatus::UNSUPPORTED_OPERATION;
373 }
374 }
375
376 /* if the SE is unresponsive, reset it */
377 if (sestatus == SecureElementStatus::IOERROR) {
378 seHalResetSe();
379 }
380
381 if ((sestatus != SecureElementStatus::SUCCESS) && mOpenedChannels[0]) {
382 SecureElementStatus closeChannelStatus =
383 closeChannel(DEFAULT_BASIC_CHANNEL);
384 if (closeChannelStatus != SecureElementStatus::SUCCESS) {
385 STLOG_HAL_E("%s: closeChannel Failed", __func__);
386 }
387 }
388 _hidl_cb(result, sestatus);
389 free(cmdApdu.p_data);
390 free(rspApdu.p_data);
391 STLOG_HAL_V("%s: Exit", __func__);
392 OpenBasicChannelProcessing = false;
393 return Void();
394 }
395
396 Return<::android::hardware::secure_element::V1_0::SecureElementStatus>
closeChannel(uint8_t channelNumber)397 SecureElement::closeChannel(uint8_t channelNumber) {
398 ESESTATUS status = ESESTATUS_FAILED;
399 SecureElementStatus sestatus = SecureElementStatus::FAILED;
400
401 StEse_data cmdApdu;
402 StEse_data rspApdu;
403
404 STLOG_HAL_D("%s: Enter : %d", __func__, channelNumber);
405
406 if ((channelNumber < DEFAULT_BASIC_CHANNEL) ||
407 (channelNumber >= MAX_LOGICAL_CHANNELS) ||
408 (mOpenedChannels[channelNumber] == false)) {
409 STLOG_HAL_E("%s: invalid channel!!!", __func__);
410 sestatus = SecureElementStatus::FAILED;
411 } else if (channelNumber > DEFAULT_BASIC_CHANNEL) {
412 memset(&cmdApdu, 0x00, sizeof(StEse_data));
413 memset(&rspApdu, 0x00, sizeof(StEse_data));
414 cmdApdu.p_data = (uint8_t*)malloc(5 * sizeof(uint8_t));
415 if (cmdApdu.p_data != NULL) {
416 uint8_t xx = 0;
417
418 cmdApdu.p_data[xx++] = channelNumber;
419 cmdApdu.p_data[xx++] = 0x70; // INS
420 cmdApdu.p_data[xx++] = 0x80; // P1
421 cmdApdu.p_data[xx++] = channelNumber; // P2
422 cmdApdu.p_data[xx++] = 0x00; // Lc
423 cmdApdu.len = xx;
424
425 status = StEse_Transceive(&cmdApdu, &rspApdu);
426 }
427 if (status != ESESTATUS_SUCCESS) {
428 sestatus = SecureElementStatus::FAILED;
429 } else if ((rspApdu.p_data[rspApdu.len - 2] == 0x90) &&
430 (rspApdu.p_data[rspApdu.len - 1] == 0x00)) {
431 sestatus = SecureElementStatus::SUCCESS;
432 } else {
433 sestatus = SecureElementStatus::FAILED;
434 }
435 free(cmdApdu.p_data);
436 free(rspApdu.p_data);
437 }
438
439 if ((channelNumber == DEFAULT_BASIC_CHANNEL) ||
440 (sestatus == SecureElementStatus::SUCCESS)) {
441 STLOG_HAL_D("%s: Closing channel : %d is successful ", __func__,
442 channelNumber);
443 mOpenedChannels[channelNumber] = false;
444 mOpenedchannelCount--;
445 /*If there are no channels remaining close secureElement*/
446 if ((mOpenedchannelCount == 0) && !OpenLogicalChannelProcessing &&
447 !OpenBasicChannelProcessing) {
448 sestatus = seHalDeInit();
449 } else {
450 sestatus = SecureElementStatus::SUCCESS;
451 }
452 }
453
454 STLOG_HAL_V("%s: Exit", __func__);
455 return sestatus;
456 }
457
serviceDied(uint64_t,const wp<IBase> &)458 void SecureElement::serviceDied(uint64_t /*cookie*/, const wp<IBase>& /*who*/) {
459 STLOG_HAL_E("%s: SecureElement serviceDied!!!", __func__);
460 SecureElementStatus sestatus = seHalDeInit();
461 if (sestatus != SecureElementStatus::SUCCESS) {
462 STLOG_HAL_E("%s: seHalDeInit Faliled!!!", __func__);
463 }
464 if (mCallbackV1_1 != nullptr) {
465 mCallbackV1_1->unlinkToDeath(this);
466 mCallbackV1_1 = nullptr;
467 }
468 }
469
isSeInitialized()470 bool SecureElement::isSeInitialized() { return StEseApi_isOpen(); }
471
seHalInit()472 ESESTATUS SecureElement::seHalInit() {
473 ESESTATUS status = ESESTATUS_SUCCESS;
474
475 STLOG_HAL_D("%s: Enter", __func__);
476 status = StEse_init();
477 if (status != ESESTATUS_SUCCESS) {
478 STLOG_HAL_E("%s: SecureElement open failed!!!", __func__);
479 }
480 STLOG_HAL_V("%s: Exit", __func__);
481 return status;
482 }
483
seHalResetSe()484 void SecureElement::seHalResetSe() {
485 ESESTATUS status = ESESTATUS_SUCCESS;
486
487 STLOG_HAL_D("%s: Enter", __func__);
488 if (!isSeInitialized()) {
489 ESESTATUS status = seHalInit();
490 if (status != ESESTATUS_SUCCESS) {
491 STLOG_HAL_E("%s: seHalInit Failed!!!", __func__);
492 }
493 }
494
495 if (status == ESESTATUS_SUCCESS) {
496 mCallbackV1_1->onStateChange_1_1(false, "reset the SE");
497
498 status = StEse_Reset();
499 if (status != ESESTATUS_SUCCESS) {
500 STLOG_HAL_E("%s: SecureElement reset failed!!", __func__);
501 } else {
502 for (uint8_t xx = 0; xx < MAX_LOGICAL_CHANNELS; xx++) {
503 mOpenedChannels[xx] = false;
504 }
505 mOpenedchannelCount = 0;
506 mCallbackV1_1->onStateChange_1_1(true, "SE initialized");
507 }
508 }
509 STLOG_HAL_V("%s: Exit", __func__);
510 }
511
512 Return<::android::hardware::secure_element::V1_0::SecureElementStatus>
seHalDeInit()513 SecureElement::seHalDeInit() {
514 STLOG_HAL_D("%s: Enter", __func__);
515 ESESTATUS status = ESESTATUS_SUCCESS;
516 SecureElementStatus sestatus = SecureElementStatus::FAILED;
517 status = StEse_close();
518 if (status != ESESTATUS_SUCCESS) {
519 sestatus = SecureElementStatus::FAILED;
520 } else {
521 sestatus = SecureElementStatus::SUCCESS;
522
523 for (uint8_t xx = 0; xx < MAX_LOGICAL_CHANNELS; xx++) {
524 mOpenedChannels[xx] = false;
525 }
526 mOpenedchannelCount = 0;
527 }
528 STLOG_HAL_V("%s: Exit", __func__);
529 return sestatus;
530 }
531
532 } // namespace implementation
533 } // namespace V1_1
534 } // namespace secure_element
535 } // namespace hardware
536 } // namespace android
537