diff options
Diffstat (limited to 'KM300/JavacardSharedSecret.cpp')
| -rw-r--r-- | KM300/JavacardSharedSecret.cpp | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/KM300/JavacardSharedSecret.cpp b/KM300/JavacardSharedSecret.cpp new file mode 100644 index 0000000..5c70445 --- /dev/null +++ b/KM300/JavacardSharedSecret.cpp @@ -0,0 +1,99 @@ +/****************************************************************************** + ** + ** The original Work has been changed by NXP. + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + ** + ** Copyright 2021-2022 NXP + ** + *********************************************************************************/ +#define LOG_TAG "javacard.strongbox.keymint.operation-impl" +#include "JavacardSharedSecret.h" + +#include <android-base/logging.h> + +#include <KeyMintUtils.h> +#include <memunreachable/memunreachable.h> + +/* 1 sec delay till OMAPI service initialized (~ 30 to 40 secs) + * 20 retry as per transport layer retry logic. + * Each retry logic takes 11~12 secs*/ +#define MAX_SHARED_SECRET_RETRY_COUNT 60 + +namespace aidl::android::hardware::security::sharedsecret { +using ::keymint::javacard::Instruction; + +static uint8_t getSharedSecretRetryCount = 0x00; + +ScopedAStatus JavacardSharedSecret::getSharedSecretParameters(SharedSecretParameters* params) { + auto error = card_->initializeJavacard(); + if (error != KM_ERROR_OK) { + LOG(ERROR) << "Error in initializing javacard."; + } + auto [item, err] = card_->sendRequest(Instruction::INS_GET_SHARED_SECRET_PARAM_CMD); +#ifdef NXP_EXTNS + if (err != KM_ERROR_OK && (getSharedSecretRetryCount < MAX_SHARED_SECRET_RETRY_COUNT)) { + getSharedSecretRetryCount++; + } else if (err != KM_ERROR_OK) { + std::vector<uint8_t> refNonceSeed = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + params->seed.assign(refNonceSeed.begin(), refNonceSeed.end()); + params->nonce.assign(refNonceSeed.begin(), refNonceSeed.end()); + err = KM_ERROR_OK; + return ScopedAStatus::ok(); + } +#endif + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending in getSharedSecretParameters."; + return keymint::km_utils::kmError2ScopedAStatus(err); + } + auto optSSParams = cbor_.getSharedSecretParameters(item, 1); + if (!optSSParams) { + LOG(ERROR) << "Error in sending in getSharedSecretParameters."; + return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR); + } + *params = std::move(optSSParams.value()); + return ScopedAStatus::ok(); +} + +ScopedAStatus +JavacardSharedSecret::computeSharedSecret(const std::vector<SharedSecretParameters>& params, + std::vector<uint8_t>* secret) { + card_->sendPendingEvents(); + auto error = card_->initializeJavacard(); + if (error != KM_ERROR_OK) { + LOG(ERROR) << "Error in initializing javacard."; + } + cppbor::Array request; + cbor_.addSharedSecretParameters(request, params); + auto [item, err] = card_->sendRequest(Instruction::INS_COMPUTE_SHARED_SECRET_CMD, request); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending in computeSharedSecret."; + return keymint::km_utils::kmError2ScopedAStatus(err); + } + auto optSecret = cbor_.getByteArrayVec(item, 1); + if (!optSecret) { + LOG(ERROR) << "Error in decoding the response in computeSharedSecret."; + return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR); + } + *secret = std::move(optSecret.value()); + return ScopedAStatus::ok(); +} +binder_status_t JavacardSharedSecret::dump(int /* fd */, const char** /* p */, uint32_t /* q */) { + LOG(INFO) << "\n KeyMint-JavacardSharedSecret HAL MemoryLeak Info = \n" + << ::android::GetUnreachableMemoryString(true, 10000).c_str(); + return STATUS_OK; +} +} // namespace aidl::android::hardware::security::sharedsecret |