1 /******************************************************************************
2 **
3 ** The original Work has been changed by NXP.
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 **
17 ** Copyright 2021-2022, 2024 NXP
18 **
19 *********************************************************************************/
20 #define LOG_TAG "javacard.strongbox.keymint.operation-impl"
21 #include "JavacardSharedSecret.h"
22
23 #include <android-base/logging.h>
24
25 #include <KeyMintUtils.h>
26 #include <memunreachable/memunreachable.h>
27
28 /* 1 sec delay till OMAPI service initialized (~ 30 to 40 secs)
29 * 20 retry as per transport layer retry logic.
30 * Each retry logic takes 11~12 secs*/
31 #define MAX_SHARED_SECRET_RETRY_COUNT 60
32
33 namespace aidl::android::hardware::security::sharedsecret {
34 using ::keymint::javacard::Instruction;
35
36 static uint8_t getSharedSecretRetryCount = 0x00;
37
getSharedSecretParameters(SharedSecretParameters * params)38 ScopedAStatus JavacardSharedSecret::getSharedSecretParameters(SharedSecretParameters* params) {
39 #ifdef INIT_USING_SEHAL_TRANSPORT
40 auto [item, err] = card_->sendRequestSeHal(Instruction::INS_GET_SHARED_SECRET_PARAM_CMD);
41 #else
42 auto [item, err] = card_->sendRequest(Instruction::INS_GET_SHARED_SECRET_PARAM_CMD);
43 #endif
44 #ifdef NXP_EXTNS
45 if (err == KM_ERROR_SECURE_HW_COMMUNICATION_FAILED &&
46 (getSharedSecretRetryCount < MAX_SHARED_SECRET_RETRY_COUNT)) {
47 getSharedSecretRetryCount++;
48 } else if (err != KM_ERROR_OK) {
49 std::vector<uint8_t> refNonceSeed = {
50 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
51 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
52 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
53 params->seed.assign(refNonceSeed.begin(), refNonceSeed.end());
54 params->nonce.assign(refNonceSeed.begin(), refNonceSeed.end());
55 err = KM_ERROR_OK;
56 return ScopedAStatus::ok();
57 }
58 #endif
59 if (err != KM_ERROR_OK) {
60 LOG(ERROR) << "Error in sending in getSharedSecretParameters.";
61 return keymint::km_utils::kmError2ScopedAStatus(err);
62 }
63 auto optSSParams = cbor_.getSharedSecretParameters(item, 1);
64 if (!optSSParams) {
65 LOG(ERROR) << "Error in sending in getSharedSecretParameters.";
66 return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
67 }
68 *params = std::move(optSSParams.value());
69 return ScopedAStatus::ok();
70 }
71
computeSharedSecret(const std::vector<SharedSecretParameters> & params,std::vector<uint8_t> * secret)72 ScopedAStatus JavacardSharedSecret::computeSharedSecret(
73 const std::vector<SharedSecretParameters>& params, std::vector<uint8_t>* secret) {
74 cppbor::Array request;
75 cbor_.addSharedSecretParameters(request, params);
76 #ifdef INIT_USING_SEHAL_TRANSPORT
77 auto [item, err] =
78 card_->sendRequestSeHal(Instruction::INS_COMPUTE_SHARED_SECRET_CMD, request.encode());
79 #else
80 auto [item, err] =
81 card_->sendRequest(Instruction::INS_COMPUTE_SHARED_SECRET_CMD, request.encode());
82 #endif
83 if (err != KM_ERROR_OK) {
84 LOG(ERROR) << "Error in sending in computeSharedSecret.";
85 return keymint::km_utils::kmError2ScopedAStatus(err);
86 }
87 auto optSecret = cbor_.getByteArrayVec(item, 1);
88 if (!optSecret) {
89 LOG(ERROR) << "Error in decoding the response in computeSharedSecret.";
90 return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
91 }
92 *secret = std::move(optSecret.value());
93 return ScopedAStatus::ok();
94 }
dump(int,const char **,uint32_t)95 binder_status_t JavacardSharedSecret::dump(int /* fd */, const char** /* p */, uint32_t /* q */) {
96 LOG(INFO) << "\n KeyMint-JavacardSharedSecret HAL MemoryLeak Info = \n"
97 << ::android::GetUnreachableMemoryString(true, 10000).c_str();
98 return STATUS_OK;
99 }
100 } // namespace aidl::android::hardware::security::sharedsecret
101