1 /*
2  **
3  ** Copyright 2020, The Android Open Source Project
4  **
5  ** Licensed under the Apache License, Version 2.0 (the "License");
6  ** you may not use this file except in compliance with the License.
7  ** You may obtain a copy of the License at
8  **
9  **     http://www.apache.org/licenses/LICENSE-2.0
10  **
11  ** Unless required by applicable law or agreed to in writing, software
12  ** distributed under the License is distributed on an "AS IS" BASIS,
13  ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  ** See the License for the specific language governing permissions and
15  ** limitations under the License.
16  */
17 /******************************************************************************
18  **
19  ** The original Work has been changed by NXP.
20  **
21  ** Licensed under the Apache License, Version 2.0 (the "License");
22  ** you may not use this file except in compliance with the License.
23  ** You may obtain a copy of the License at
24  **
25  ** http://www.apache.org/licenses/LICENSE-2.0
26  **
27  ** Unless required by applicable law or agreed to in writing, software
28  ** distributed under the License is distributed on an "AS IS" BASIS,
29  ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
30  ** See the License for the specific language governing permissions and
31  ** limitations under the License.
32  **
33  ** Copyright 2022-2023 NXP
34  **
35  *********************************************************************************/
36 #if defined OMAPI_TRANSPORT
37 #pragma once
38 
39 #include <aidl/android/se/omapi/BnSecureElementListener.h>
40 #include <aidl/android/se/omapi/ISecureElementChannel.h>
41 #include <aidl/android/se/omapi/ISecureElementListener.h>
42 #include <aidl/android/se/omapi/ISecureElementReader.h>
43 #include <aidl/android/se/omapi/ISecureElementService.h>
44 #include <aidl/android/se/omapi/ISecureElementSession.h>
45 // #include <aidl/android/se/omapi/SecureElementErrorCode.h>
46 #include <android/binder_manager.h>
47 
48 #include <map>
49 
50 #include "ITransport.h"
51 #include <AppletConnection.h>
52 #include <IntervalTimer.h>
53 #include <memory>
54 #include <vector>
55 
56 #include <SBAccessController.h>
57 
58 #define APP_NOT_FOUND_SW1 0x6A
59 #define APP_NOT_FOUND_SW2 0x82
60 
61 namespace keymint::javacard {
62 using std::shared_ptr;
63 using std::vector;
64 
65 /**
66  * OmapiTransport is derived from ITransport. This class gets the OMAPI service binder instance and uses IPC to
67  * communicate with OMAPI service. OMAPI inturn communicates with hardware via ISecureElement.
68  */
69 class OmapiTransport : public std::enable_shared_from_this<OmapiTransport>,
70                        public ITransport {
71 
72 public:
make(const std::vector<uint8_t> & mAppletAID)73   static shared_ptr<OmapiTransport> make(const std::vector<uint8_t> &mAppletAID) {
74     return std::shared_ptr<OmapiTransport>(new OmapiTransport(mAppletAID));
75   }
76   virtual ~OmapiTransport();
77 
78 #ifdef NXP_EXTNS
79   /**
80    * Sets Applet Aid
81    */
setAppletAid(const vector<uint8_t> & aid)82   bool setAppletAid(const vector<uint8_t> &aid) {
83     mSelectableAid = aid;
84     return true;
85   }
86 #endif
87     /**
88      * Gets the binder instance of ISEService, gets te reader corresponding to secure element,
89      * establishes a session and opens a basic channel.
90      */
91     bool openConnection() override;
92     /**
93      * Transmists the data over the opened basic channel and receives the data back.
94      */
95     bool sendData(const vector<uint8_t>& inData, vector<uint8_t>& output) override;
96     /**
97      * Closes the connection.
98      */
99     bool closeConnection() override;
100     /**
101      * Returns the state of the connection status. Returns true if the connection is active, false if connection is
102      * broken.
103      */
104     bool isConnected() override;
105 #ifdef NXP_EXTNS
106     /**
107      * Closes the opened channel.
108      */
109     void closeChannel();
110     /**
111      * set default Interval timer timeout value.
112      */
113     void setDefaultTimeout(int timeout);
114 #endif
115 
116   private:
117     //AppletConnection mAppletConnection;
118     SBAccessController mSBAccessController;
119     IntervalTimer mTimer;
120     int mTimeout;
121     std::vector<uint8_t> mSelectableAid;
122     std::shared_ptr<aidl::android::se::omapi::ISecureElementService> omapiSeService;
123     std::shared_ptr<aidl::android::se::omapi::ISecureElementReader> eSEReader;
124     std::shared_ptr<aidl::android::se::omapi::ISecureElementSession> session;
125     std::shared_ptr<aidl::android::se::omapi::ISecureElementChannel> channel;
126     std::map<std::string, std::shared_ptr<aidl::android::se::omapi::ISecureElementReader>>
127         mVSReaders;
128 #ifdef NXP_EXTNS
129     /* Applet ID Weaver */
130     const std::vector<uint8_t> kWeaverAID = {0xA0, 0x00, 0x00, 0x03, 0x96, 0x10, 0x10};
131 #endif
OmapiTransport(const std::vector<uint8_t> & mAppletAID)132     OmapiTransport(const std::vector<uint8_t> &mAppletAID)
133         : ITransport(mAppletAID), mTimeout(0), mSelectableAid(mAppletAID),
134           omapiSeService(nullptr), eSEReader(nullptr), session(nullptr),
135           channel(nullptr), mVSReaders({}) {
136 #ifdef NXP_EXTNS
137       mDeathRecipient = ::ndk::ScopedAIBinder_DeathRecipient(
138           AIBinder_DeathRecipient_new(BinderDiedCallback));
139 #endif
140     }
141     bool initialize();
142     bool internalTransmitApdu(
143             std::shared_ptr<aidl::android::se::omapi::ISecureElementReader> reader,
144             std::vector<uint8_t> apdu, std::vector<uint8_t>& transmitResponse);
145 
146 #ifdef NXP_EXTNS
147     ::ndk::ScopedAIBinder_DeathRecipient mDeathRecipient;
148     std::mutex mCookieKeysMutex;
149     std::vector<uintptr_t> mCookieKeys;
150 
151     static void BinderDiedCallback(void *cookie);
152     bool internalProtectedTransmitApdu(
153             std::shared_ptr<aidl::android::se::omapi::ISecureElementReader> reader,
154             std::vector<uint8_t> apdu, std::vector<uint8_t>& transmitResponse);
155     void prepareErrorRepsponse(std::vector<uint8_t>& resp);
156     bool openChannelToApplet();
157 #endif
158 #ifdef INTERVAL_TIMER
getApduStatus(std::vector<uint8_t> & inputData)159     inline uint16_t getApduStatus(std::vector<uint8_t> &inputData) {
160       // Last two bytes are the status SW0SW1
161       uint8_t SW0 = inputData.at(inputData.size() - 2);
162       uint8_t SW1 = inputData.at(inputData.size() - 1);
163       return (SW0 << 8 | SW1);
164     }
165 #endif
166 };
167 }  // namespace keymint::javacard
168 #endif
169