1 /******************************************************************************
2  **
3  ** The original Work has been changed by NXP.
4  **
5  ** Licensed under the Apache License, Version 2.0 (the "License");
6  ** you may not use this file except in compliance with the License.
7  ** You may obtain a copy of the License at
8  **
9  ** http://www.apache.org/licenses/LICENSE-2.0
10  **
11  ** Unless required by applicable law or agreed to in writing, software
12  ** distributed under the License is distributed on an "AS IS" BASIS,
13  ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  ** See the License for the specific language governing permissions and
15  ** limitations under the License.
16  **
17  ** Copyright 2021-2022 NXP
18  **
19  *********************************************************************************/
20 #define LOG_TAG "javacard.strongbox.keymint.operation-impl"
21 #include "JavacardSharedSecret.h"
22 
23 #include <android-base/logging.h>
24 
25 #include <KeyMintUtils.h>
26 #include <memunreachable/memunreachable.h>
27 
28 /* 1 sec delay till OMAPI service initialized (~ 30 to 40 secs)
29  * 20 retry as per transport layer retry logic.
30  * Each retry logic takes 11~12 secs*/
31 #define MAX_SHARED_SECRET_RETRY_COUNT 60
32 
33 namespace aidl::android::hardware::security::sharedsecret {
34 using ::keymint::javacard::Instruction;
35 
36 static uint8_t getSharedSecretRetryCount = 0x00;
37 
getSharedSecretParameters(SharedSecretParameters * params)38 ScopedAStatus JavacardSharedSecret::getSharedSecretParameters(SharedSecretParameters* params) {
39     auto error = card_->initializeJavacard();
40     if (error != KM_ERROR_OK) {
41         LOG(ERROR) << "Error in initializing javacard.";
42     }
43     auto [item, err] = card_->sendRequest(Instruction::INS_GET_SHARED_SECRET_PARAM_CMD);
44 #ifdef NXP_EXTNS
45     if (err != KM_ERROR_OK && (getSharedSecretRetryCount < MAX_SHARED_SECRET_RETRY_COUNT)) {
46         getSharedSecretRetryCount++;
47     } else if (err != KM_ERROR_OK) {
48         std::vector<uint8_t> refNonceSeed = {
49           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
50           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
51           0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
52         params->seed.assign(refNonceSeed.begin(), refNonceSeed.end());
53         params->nonce.assign(refNonceSeed.begin(), refNonceSeed.end());
54         err = KM_ERROR_OK;
55         return ScopedAStatus::ok();
56     }
57 #endif
58     if (err != KM_ERROR_OK) {
59         LOG(ERROR) << "Error in sending in getSharedSecretParameters.";
60         return keymint::km_utils::kmError2ScopedAStatus(err);
61     }
62     auto optSSParams = cbor_.getSharedSecretParameters(item, 1);
63     if (!optSSParams) {
64         LOG(ERROR) << "Error in sending in getSharedSecretParameters.";
65         return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
66     }
67     *params = std::move(optSSParams.value());
68     return ScopedAStatus::ok();
69 }
70 
71 ScopedAStatus
computeSharedSecret(const std::vector<SharedSecretParameters> & params,std::vector<uint8_t> * secret)72 JavacardSharedSecret::computeSharedSecret(const std::vector<SharedSecretParameters>& params,
73                                           std::vector<uint8_t>* secret) {
74     card_->sendPendingEvents();
75     auto error = card_->initializeJavacard();
76     if (error != KM_ERROR_OK) {
77         LOG(ERROR) << "Error in initializing javacard.";
78     }
79     cppbor::Array request;
80     cbor_.addSharedSecretParameters(request, params);
81     auto [item, err] = card_->sendRequest(Instruction::INS_COMPUTE_SHARED_SECRET_CMD, request);
82     if (err != KM_ERROR_OK) {
83         LOG(ERROR) << "Error in sending in computeSharedSecret.";
84         return keymint::km_utils::kmError2ScopedAStatus(err);
85     }
86     auto optSecret = cbor_.getByteArrayVec(item, 1);
87     if (!optSecret) {
88         LOG(ERROR) << "Error in decoding the response in computeSharedSecret.";
89         return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
90     }
91     *secret = std::move(optSecret.value());
92     return ScopedAStatus::ok();
93 }
dump(int,const char **,uint32_t)94 binder_status_t JavacardSharedSecret::dump(int /* fd */, const char** /* p */, uint32_t /* q */) {
95     LOG(INFO) << "\n KeyMint-JavacardSharedSecret HAL MemoryLeak Info = \n"
96               << ::android::GetUnreachableMemoryString(true, 10000).c_str();
97     return STATUS_OK;
98 }
99 }  // namespace aidl::android::hardware::security::sharedsecret
100