diff options
| -rw-r--r-- | secure_element/1.0/esehal/Android.bp | 46 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/checksum.c | 97 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/checksum.h | 39 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/compiler.h | 46 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/iso7816_t1.c | 812 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/iso7816_t1.h | 110 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/libse-gto-private.h | 58 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/libse-gto.c | 296 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/linux/se_gemalto.h | 37 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/log.c | 87 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/log.h | 81 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/se-gto/libse-gto.h | 193 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/spi.c | 100 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/spi.h | 32 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/transport.c | 168 | ||||
| -rw-r--r-- | secure_element/1.0/esehal/src/transport.h | 35 |
16 files changed, 0 insertions, 2237 deletions
diff --git a/secure_element/1.0/esehal/Android.bp b/secure_element/1.0/esehal/Android.bp deleted file mode 100644 index 795b4f4..0000000 --- a/secure_element/1.0/esehal/Android.bp +++ /dev/null @@ -1,46 +0,0 @@ -package { - // See: http://go/android-license-faq - // A large-scale-change added 'default_applicable_licenses' to import - // all of the 'license_kinds' from "hardware_st_secure_element2_license" - // to get the below license kinds: - // SPDX-license-identifier-Apache-2.0 - // SPDX-license-identifier-GPL-2.0 - default_applicable_licenses: ["hardware_st_secure_element2_license"], -} - -cc_library_shared { - name: "android.hardware.secure_element@1.2-impl-gto", - vendor: true, - srcs: [ - "src/checksum.c", - "src/iso7816_t1.c", - "src/libse-gto.c", - "src/spi.c", - "src/transport.c", - "src/log.c", - ], - - local_include_dirs: [ - "src", - ], - - cflags: [ - "-DANDROID", - "-DENABLE_LOGGING=1", - "-DENABLE_DEBUG=1", - "-Wno-unused-parameter", - "-Wno-unused-private-field", - "-Wno-error", - "-Wreturn-type", - ], - - shared_libs: [ - "libbase", - "libcutils", - "libhardware", - "libhidlbase", - "liblog", - "libutils", - ], - -} diff --git a/secure_element/1.0/esehal/src/checksum.c b/secure_element/1.0/esehal/src/checksum.c deleted file mode 100644 index 2fa9346..0000000 --- a/secure_element/1.0/esehal/src/checksum.c +++ /dev/null @@ -1,97 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * Implementation for both checksum alogrihtms used by T=1 transport. - * - */ - -#include <stddef.h> -#include <stdint.h> - -#include "checksum.h" - -unsigned -lrc8(const void *s, size_t n) -{ - const uint8_t *p = s; - uint8_t c = 0; - - if (p) - while (n) { - c ^= *p++; - n--; - } - return c; -} - -unsigned -crc_ccitt(uint16_t crc, const void *s, size_t n) -{ - /* CRC16 reference implementation can also be found in RFC 1662. - * But this is the CRC16/MCRF4XX variant used in T=1. - * http://reveng.sourceforge.net/crc-catalogue/all.htm#crc.cat.crc-16-mcrf4xx - * - * More information here: - * http://reveng.sourceforge.net/crc-catalogue/all.htm#appendix - */ - - static const uint16_t fast[256] = { - 0x0000, 0x1189, 0x2312, 0x329B, 0x4624, 0x57AD, 0x6536, 0x74BF, - 0x8C48, 0x9DC1, 0xAF5A, 0xBED3, 0xCA6C, 0xDBE5, 0xE97E, 0xF8F7, - 0x1081, 0x0108, 0x3393, 0x221A, 0x56A5, 0x472C, 0x75B7, 0x643E, - 0x9CC9, 0x8D40, 0xBFDB, 0xAE52, 0xDAED, 0xCB64, 0xF9FF, 0xE876, - 0x2102, 0x308B, 0x0210, 0x1399, 0x6726, 0x76AF, 0x4434, 0x55BD, - 0xAD4A, 0xBCC3, 0x8E58, 0x9FD1, 0xEB6E, 0xFAE7, 0xC87C, 0xD9F5, - 0x3183, 0x200A, 0x1291, 0x0318, 0x77A7, 0x662E, 0x54B5, 0x453C, - 0xBDCB, 0xAC42, 0x9ED9, 0x8F50, 0xFBEF, 0xEA66, 0xD8FD, 0xC974, - 0x4204, 0x538D, 0x6116, 0x709F, 0x0420, 0x15A9, 0x2732, 0x36BB, - 0xCE4C, 0xDFC5, 0xED5E, 0xFCD7, 0x8868, 0x99E1, 0xAB7A, 0xBAF3, - 0x5285, 0x430C, 0x7197, 0x601E, 0x14A1, 0x0528, 0x37B3, 0x263A, - 0xDECD, 0xCF44, 0xFDDF, 0xEC56, 0x98E9, 0x8960, 0xBBFB, 0xAA72, - 0x6306, 0x728F, 0x4014, 0x519D, 0x2522, 0x34AB, 0x0630, 0x17B9, - 0xEF4E, 0xFEC7, 0xCC5C, 0xDDD5, 0xA96A, 0xB8E3, 0x8A78, 0x9BF1, - 0x7387, 0x620E, 0x5095, 0x411C, 0x35A3, 0x242A, 0x16B1, 0x0738, - 0xFFCF, 0xEE46, 0xDCDD, 0xCD54, 0xB9EB, 0xA862, 0x9AF9, 0x8B70, - 0x8408, 0x9581, 0xA71A, 0xB693, 0xC22C, 0xD3A5, 0xE13E, 0xF0B7, - 0x0840, 0x19C9, 0x2B52, 0x3ADB, 0x4E64, 0x5FED, 0x6D76, 0x7CFF, - 0x9489, 0x8500, 0xB79B, 0xA612, 0xD2AD, 0xC324, 0xF1BF, 0xE036, - 0x18C1, 0x0948, 0x3BD3, 0x2A5A, 0x5EE5, 0x4F6C, 0x7DF7, 0x6C7E, - 0xA50A, 0xB483, 0x8618, 0x9791, 0xE32E, 0xF2A7, 0xC03C, 0xD1B5, - 0x2942, 0x38CB, 0x0A50, 0x1BD9, 0x6F66, 0x7EEF, 0x4C74, 0x5DFD, - 0xB58B, 0xA402, 0x9699, 0x8710, 0xF3AF, 0xE226, 0xD0BD, 0xC134, - 0x39C3, 0x284A, 0x1AD1, 0x0B58, 0x7FE7, 0x6E6E, 0x5CF5, 0x4D7C, - 0xC60C, 0xD785, 0xE51E, 0xF497, 0x8028, 0x91A1, 0xA33A, 0xB2B3, - 0x4A44, 0x5BCD, 0x6956, 0x78DF, 0x0C60, 0x1DE9, 0x2F72, 0x3EFB, - 0xD68D, 0xC704, 0xF59F, 0xE416, 0x90A9, 0x8120, 0xB3BB, 0xA232, - 0x5AC5, 0x4B4C, 0x79D7, 0x685E, 0x1CE1, 0x0D68, 0x3FF3, 0x2E7A, - 0xE70E, 0xF687, 0xC41C, 0xD595, 0xA12A, 0xB0A3, 0x8238, 0x93B1, - 0x6B46, 0x7ACF, 0x4854, 0x59DD, 0x2D62, 0x3CEB, 0x0E70, 0x1FF9, - 0xF78F, 0xE606, 0xD49D, 0xC514, 0xB1AB, 0xA022, 0x92B9, 0x8330, - 0x7BC7, 0x6A4E, 0x58D5, 0x495C, 0x3DE3, 0x2C6A, 0x1EF1, 0x0F78 - }; - - const uint8_t *p = s; - - if (s) - while(n) { - crc = (uint8_t)(crc >> 8) ^ fast[(uint8_t)(crc ^ *p++)]; - n--; - } - return crc; -} diff --git a/secure_element/1.0/esehal/src/checksum.h b/secure_element/1.0/esehal/src/checksum.h deleted file mode 100644 index 2328f9e..0000000 --- a/secure_element/1.0/esehal/src/checksum.h +++ /dev/null @@ -1,39 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * T=1 checksum algorithms. - * - */ - -#ifndef CHECKSUM_H -#define CHECKSUM_H - -/* Both function return checksum. - * - * When computing checksum. caller is responsible to store value at block end. - * In case of CRC16, this is lowest byte first, followed by higher byte. - * - * When verifying checksum, function returns zero for a correct checksum. - * - */ - -unsigned lrc8(const void *s, size_t n); -unsigned crc_ccitt(uint16_t crc, const void *s, size_t n); - -#endif /* CHECKSUM_H */ diff --git a/secure_element/1.0/esehal/src/compiler.h b/secure_element/1.0/esehal/src/compiler.h deleted file mode 100644 index 24a4366..0000000 --- a/secure_element/1.0/esehal/src/compiler.h +++ /dev/null @@ -1,46 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * Compiler specific definition. Currently target gcc and clang. - * - * We need offsetof() and containerof(). - * - */ - -#ifndef COMPILER_H -#define COMPILER_H - -#include <stdint.h> -# include <stddef.h> - -#define container_of(ptr, type, member) \ - ({ const typeof(((type *)0)->member) * __mp = (ptr); \ - (type *)((char *)__mp - offsetof(type, member)); }) - -#define __COMPILE_ASSERT(cond) ((void)sizeof(char[1 - 2 * !(cond)])) -#define _COMPILE_ASSERT(cond) __COMPILE_ASSERT(cond) -#define COMPILE_ASSERT(cond) _COMPILE_ASSERT(!!(cond)) - -#ifdef __GNUC__ -# define check_printf(f, v) __attribute__((format(printf, f, v))) -#else -# define check_printf(f, v) -#endif - -#endif /* ifndef COMPILER_H */ diff --git a/secure_element/1.0/esehal/src/iso7816_t1.c b/secure_element/1.0/esehal/src/iso7816_t1.c deleted file mode 100644 index 6011ef9..0000000 --- a/secure_element/1.0/esehal/src/iso7816_t1.c +++ /dev/null @@ -1,812 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * T=1 implementation. - * - */ - -#include <stddef.h> -#include <string.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <stdarg.h> -#include <unistd.h> -#include <ctype.h> -#include <stdint.h> -#include <fcntl.h> -#include <log/log.h> - -#include "iso7816_t1.h" -#include "checksum.h" -#include "transport.h" - -#define T1_REQUEST_RESYNC 0x00 -#define T1_REQUEST_IFS 0x01 -#define T1_REQUEST_ABORT 0x02 -#define T1_REQUEST_WTX 0x03 -#define T1_REQUEST_RESET 0x05 /* Custom RESET for SPI version */ - -#define MAX_RETRIES 3 - -#define MAX_WTX_ROUNDS 200 - -#define WTX_MAX_VALUE 1 - -static void -t1_init_recv_window(struct t1_state *t1, void *buf, size_t n) -{ - t1->recv.start = t1->recv.end = buf; - t1->recv.size = n; -} - -static ptrdiff_t -t1_recv_window_free_size(struct t1_state *t1) -{ - return (ptrdiff_t)t1->recv.size - (t1->recv.end - t1->recv.start); -} - -static void -t1_recv_window_append(struct t1_state *t1, const void *buf, int n) -{ - ptrdiff_t free = t1_recv_window_free_size(t1); - ALOGE("gto_esehal SecureElement:t1_recv_window_append free = %d\n", free); - if (n > free) - n = (int)free; - if (n > 0) { - memcpy(t1->recv.end, buf, (size_t)n); - t1->recv.end += n; - } -} - -static ptrdiff_t -t1_recv_window_size(struct t1_state *t1) -{ - return t1->recv.end - t1->recv.start; -} - -static void -t1_close_recv_window(struct t1_state *t1) -{ - t1->recv.start = t1->recv.end; - t1->recv.size = 0; -} - -static void -t1_init_send_window(struct t1_state *t1, const void *buf, size_t n) -{ - t1->send.start = buf; - t1->send.end = t1->send.start + n; -} - -static ptrdiff_t -t1_send_window_size(struct t1_state *t1) -{ - return t1->send.end - t1->send.start; -} - -static void -t1_close_send_window(struct t1_state *t1) -{ - t1->send.end = t1->send.start; -} - -static int -do_chk(struct t1_state *t1, uint8_t *buf) -{ - int n = 3 + buf[2]; - - switch (t1->chk_algo) { - case CHECKSUM_LRC: - buf[n] = lrc8(buf, n); - n++; - break; - - case CHECKSUM_CRC: { - uint16_t crc = crc_ccitt(0xFFFF, buf, n); - buf[n++] = (uint8_t)(crc >> 8); - buf[n++] = (uint8_t)(crc); - break; - } - } - return n; -} - -static int -chk_is_good(struct t1_state *t1, const uint8_t *buf) -{ - int n = 3 + buf[2]; - int match; - - switch (t1->chk_algo) { - case CHECKSUM_LRC: - match = (buf[n] == lrc8(buf, n)); - break; - - case CHECKSUM_CRC: { - uint16_t crc = crc_ccitt(0xFFFF, buf, n); - match = (crc == (buf[n + 1] | (buf[n] << 8))); - break; - } - - default: - match = 0; - } - return match; -} - -static int -write_iblock(struct t1_state *t1, uint8_t *buf) -{ - ptrdiff_t n = t1_send_window_size(t1); - uint8_t pcb; - - /* Card asking for more data whereas nothing is left.*/ - if (n <= 0) - return -EBADMSG; - - if (n > t1->ifsc) - n = t1->ifsc, pcb = 0x20; - else - pcb = 0; - - if (t1->send.next) - pcb |= 0x40; - - buf[0] = t1->nad; - buf[1] = pcb; - buf[2] = (uint8_t)n; - memcpy(buf + 3, t1->send.start, (size_t)n); - return do_chk(t1, buf); -} - -static int -write_rblock(struct t1_state *t1, int n, uint8_t *buf) -{ - buf[0] = t1->nad; - buf[1] = 0x80 | (n & 3); - if (t1->recv.next) - buf[1] |= 0x10; - buf[2] = 0; - return do_chk(t1, buf); -} - -static int -write_request(struct t1_state *t1, int request, uint8_t *buf) -{ - buf[0] = t1->nad; - buf[1] = 0xC0 | request; - - request &= 0x1F; - if (T1_REQUEST_IFS == request) { - /* On response, resend card IFS, else this is request for device IFS */ - buf[2] = 1; - if (buf[1] & 0x20) - buf[3] = t1->ifsc; - else - buf[3] = t1->ifsd; - } else if (T1_REQUEST_WTX == request) { - buf[2] = 1; - buf[3] = t1->wtx; - } else - buf[2] = 0; - - return do_chk(t1, buf); -} - -static void -ack_iblock(struct t1_state *t1) -{ - ptrdiff_t n = t1_send_window_size(t1); - - if (n > t1->ifsc) - n = t1->ifsc; - t1->send.start += n; - - /* Next packet sequence number */ - t1->send.next ^= 1; -} - -/* 0 if not more block, 1 otherwize */ -static int -parse_iblock(struct t1_state *t1, uint8_t *buf) -{ - uint8_t pcb = buf[1]; - uint8_t next = !!(pcb & 0x40); - - if (t1->recv.next == next) { - t1->recv.next ^= 1; - t1_recv_window_append(t1, buf + 3, buf[2]); - t1->recv_size += buf[2]; - } - - /* 1 if more to come */ - return !!(pcb & 0x20); -} - -static int -parse_rblock(struct t1_state *t1, uint8_t *buf) -{ - int r = 0; - uint8_t pcb = buf[1]; - uint8_t next = !!(pcb & 0x10); - - switch (pcb & 0x2F) { - case 0: - if ((t1->send.next ^ next) != 0) { - /* Acknowledge previous block */ - t1->retries = MAX_RETRIES; - ack_iblock(t1); - } else { - t1->retries--; - if (t1->retries <= 0) r = -ETIMEDOUT; - } - break; - - case 1: - t1->retries--; - t1->send.next = next; - r = -EREMOTEIO; - /* CRC error on previous block, will resend */ - break; - - case 2: - /* Error */ - t1->state.halt = 1; r = -EIO; - break; - - case 3: - t1->retries--; - r = -EREMOTEIO; - t1->state.request = 1; - t1->request = T1_REQUEST_RESYNC; - break; - - default: - t1->state.halt = 1; r = -EOPNOTSUPP; - break; - } - return r; -} - -static int -parse_request(struct t1_state *t1, uint8_t *buf) -{ - int n = 0; - - uint8_t request = buf[1] & 0x3F; - - t1->request = request; - switch (request) { - case T1_REQUEST_RESYNC: - n = -EOPNOTSUPP; - break; - - case T1_REQUEST_IFS: - if (buf[2] != 1) - n = -EBADMSG; - else if ((buf[3] == 0) || (buf[3] == 0xFF)) - n = -EBADMSG; - else - t1->ifsc = buf[3]; - break; - - case T1_REQUEST_ABORT: - if (buf[2] == 0) { - t1->state.aborted = 1; - t1_close_send_window(t1); - t1_close_recv_window(t1); - } else - n = -EBADMSG; - break; - - case T1_REQUEST_WTX: - if (buf[2] > 1) { - n = -EBADMSG; - break; - } else if (buf[2] == 1) { - t1->wtx = buf[3]; - if (t1->wtx_max_value) - if (t1->wtx > WTX_MAX_VALUE) - t1->wtx = WTX_MAX_VALUE; - if (t1->wtx_max_rounds) { - t1->wtx_rounds--; - if (t1->wtx_rounds <= 0) { - t1->retries = 0; - n = -EBADE; - } - } - } - break; - - default: - n = -EOPNOTSUPP; - break; - } - - /* Prepare response for next loop step */ - if (n == 0) - t1->state.reqresp = 1; - - return n; -} - -/* Find if ATR is changing IFSC value */ -static void -parse_atr(struct t1_state *t1) -{ - const uint8_t *atr = t1->atr; - size_t n = t1->atr_length; - int c, y, tck, proto = 0, ifsc = -1; - - /* Parse T0 byte */ - tck = y = (n > 0 ? atr[0] : 0); - - /* Parse interface bytes */ - for (size_t j = 1; j < n; j++) { - c = atr[j]; - tck ^= c; - - if ((y & 0xF0) == 0x80) - /* This is TDi byte */ - y = c, proto |= (1 << (c & 15)); - else if (y >= 16) { - /* First TA for T=1 */ - if ((ifsc < 0) && ((y & 0x1F) == 0x11)) - ifsc = c; - /* Clear interface byte flag just seen */ - y &= y - 16; - } else /* No more interface bytes */ - y = -1; - } - - /* If TA for T=1 seen and ATR checksum is valid */ - if ((proto & 2) && (tck == 0)) - t1->ifsc = (uint8_t)ifsc; -} - -/* 1 if expected response, 0 if reemit I-BLOCK, negative value is error */ -static int -parse_response(struct t1_state *t1, uint8_t *buf) -{ - int r; - uint8_t pcb = buf[1]; - - r = 0; - - /* Not a response ? */ - if (pcb & 0x20) { - pcb &= 0x1F; - if (pcb == t1->request) { - r = 1; - switch (pcb) { - case T1_REQUEST_IFS: - t1->need_ifsd_sync = 0; - if ((buf[2] != 1) && (buf[3] != t1->ifsd)) - r = -EBADMSG; - break; - - case T1_REQUEST_RESET: - t1->need_reset = 0; - if (buf[2] <= sizeof(t1->atr)) { - t1->atr_length = buf[2]; - if (t1->atr_length) - memcpy(t1->atr, buf + 3, t1->atr_length); - parse_atr(t1); - } else - r = -EBADMSG; - break; - case T1_REQUEST_RESYNC: - t1->need_resync = 0; - t1->send.next = 0; - t1->recv.next = 0; - break; - case T1_REQUEST_ABORT: - - default: - /* We never emitted those requests */ - r = -EBADMSG; - break; - } - } - } - return r; -} - -enum { T1_IBLOCK, T1_RBLOCK, T1_SBLOCK }; - -static int -block_kind(const uint8_t *buf) -{ - if ((buf[1] & 0x80) == 0) - return T1_IBLOCK; - else if ((buf[1] & 0x40) == 0) - return T1_RBLOCK; - else - return T1_SBLOCK; -} - -static int -read_block(struct t1_state *t1) -{ - int n; - - n = block_recv(t1, t1->buf, sizeof(t1->buf)); - - if (n < 0) - return n; - else if (n < 3) - return -EBADMSG; - else { - if (!chk_is_good(t1, t1->buf)) - return -EREMOTEIO; - - if (t1->buf[0] != t1->nadc) - return -EBADMSG; - - if (t1->buf[2] == 255) - return -EBADMSG; - } - - return n; -} - -static int -t1_loop(struct t1_state *t1) -{ - int len; - int n = 0; - - /* Will happen on first run */ - if (t1->need_reset) { - t1->state.request = 1; - t1->request = T1_REQUEST_RESET; - } else if (t1->need_resync) { - t1->state.request = 1; - t1->request = T1_REQUEST_RESYNC; - }else if(t1->need_ifsd_sync){ - t1->state.request = 1; - t1->request = T1_REQUEST_IFS; - t1->ifsd = 254; - } - - while (!t1->state.halt && t1->retries) { - if (t1->state.request) - n = write_request(t1, t1->request, t1->buf); - else if (t1->state.reqresp) { - n = write_request(t1, 0x20 | t1->request, t1->buf); - /* If response is not seen, card will repost request */ - t1->state.reqresp = 0; - } else if (t1->state.badcrc) - /* FIXME "1" -> T1_RBLOCK_CRC_ERROR */ - n = write_rblock(t1, 1, t1->buf); - else if (t1->state.timeout) - n = write_rblock(t1, 0, t1->buf); - else if (t1_send_window_size(t1)) - n = write_iblock(t1, t1->buf); - else if (t1->state.aborted) - n = -EPIPE; - else if (t1_recv_window_size(t1) >= 0) - /* Acknowledges block received so far */ - n = write_rblock(t1, 0, t1->buf); - else - /* Card did not send an I-BLOCK for response */ - n = -EBADMSG; - - if (n < 0) - break; - - len = block_send(t1, t1->buf, n); - if (len < 0) { - /* failure to send is permanent, give up immediately */ - n = len; - break; - } - - n = read_block(t1); - if (n < 0) { - t1->retries--; - switch (n) { - /* Error that trigger recovery */ - case -EREMOTEIO: - /* Emit checksum error R-BLOCK */ - t1->state.badcrc = 1; - continue; - - case -ETIMEDOUT: - /* resend block */ - t1->state.timeout = 1; - /* restore checksum failure error */ - if (t1->state.badcrc) - n = -EREMOTEIO; - continue; - - /* Block read implementation failed */ - case -EBADMSG: /* fall through */ - - /* Other errors are platform specific and not recoverable. */ - default: - t1->retries = 0; - continue; - } - /* Shall never reach this line */ - break; - } - - if (t1->state.badcrc) - if ((t1->buf[1] & 0xEF) == 0x81) { - /* Resent bad checksum R-BLOCK when response is CRC failure. */ - t1->retries--; - n = -EREMOTEIO; - continue; - } - - t1->state.badcrc = 0; - t1->state.timeout = 0; - - if (t1->state.request) { - if (block_kind(t1->buf) == T1_SBLOCK) { - n = parse_response(t1, t1->buf); - switch (n) { - case 0: - /* Asked to emit same former I-BLOCK */ - break; - - case 1: - t1->state.request = 0; - /* Nothing to do ? leave */ - if (t1_recv_window_free_size(t1) == 0) - t1->state.halt = 1, n = 0; - t1->retries = MAX_RETRIES; - if(t1->request == T1_REQUEST_RESET) { - t1->state.request = 1; - t1->request = T1_REQUEST_IFS; - t1->ifsd = 254; - t1->need_ifsd_sync = 1; - } - continue; - - default: /* Negative return is error */ - t1->state.halt = 1; - continue; - } - } - /* Re-emit request until response received */ - t1->retries--; - n = -EBADE; - } else { - switch (block_kind(t1->buf)) { - case T1_IBLOCK: - t1->retries = MAX_RETRIES; - if (t1_send_window_size(t1)) - /* Acknowledges last IBLOCK sent */ - ack_iblock(t1); - n = parse_iblock(t1, t1->buf); - if (t1->state.aborted) - continue; - if (t1->recv_size > t1->recv_max) { - /* Too much data received */ - n = -EMSGSIZE; - t1->state.halt = 1; - continue; - } - if ((n == 0) && (t1_send_window_size(t1) == 0)) - t1->state.halt = 1; - t1->wtx_rounds = t1->wtx_max_rounds; - break; - - case T1_RBLOCK: - n = parse_rblock(t1, t1->buf); - t1->wtx_rounds = t1->wtx_max_rounds; - break; - - case T1_SBLOCK: - n = parse_request(t1, t1->buf); - if (n == 0) - /* Send request response on next loop. */ - t1->state.reqresp = 1; - else if ((n == -EBADMSG) || (n == -EOPNOTSUPP)) - t1->state.halt = 1; - break; - } - } - } - return n; -} - -static void -t1_clear_states(struct t1_state *t1) -{ - t1->state.halt = 0; - t1->state.request = 0; - t1->state.reqresp = 0; - t1->state.badcrc = 0; - t1->state.timeout = 0; - t1->state.aborted = 0; - - t1->wtx = 1; - t1->retries = MAX_RETRIES; - t1->request = 0xFF; - - t1->wtx_rounds = t1->wtx_max_rounds; - - t1->send.start = t1->send.end = NULL; - t1->recv.start = t1->recv.end = NULL; - t1->recv.size = 0; - - t1->recv_size = 0; /* Also count discarded bytes */ -} - -static void -t1_init(struct t1_state *t1) -{ - t1_clear_states(t1); - - t1->chk_algo = CHECKSUM_LRC; - t1->ifsc = 32; - t1->ifsd = 32; - t1->bwt = 300; /* milliseconds */ - - t1->send.next = 0; - t1->recv.next = 0; - - t1->need_reset = 1; - t1->need_resync = 0; - t1->spi_fd = -1; - - t1->wtx_max_rounds = MAX_WTX_ROUNDS; - t1->wtx_max_value = 1; - - t1->recv_max = 65536 + 2; /* Maximum for extended APDU response */ - t1->recv_size = 0; -} - -static void -t1_release(struct t1_state *t1) -{ - t1->state.halt = 1; -} - -static void -t1_bind(struct t1_state *t1, int src, int dst) -{ - src &= 7; - dst &= 7; - - t1->nad = src | (dst << 4); - t1->nadc = dst | (src << 4); -} - -static int -t1_reset(struct t1_state *t1); - -static int -t1_transceive(struct t1_state *t1, const void *snd_buf, - size_t snd_len, void *rcv_buf, size_t rcv_len) -{ - int n, r; - - t1_clear_states(t1); - - t1_init_send_window(t1, snd_buf, snd_len); - t1_init_recv_window(t1, rcv_buf, rcv_len); - - n = t1_loop(t1); - if (n == 0) - /* Received APDU response */ - n = (int)t1_recv_window_size(t1); - else if (n < 0 && t1->state.aborted != 1){ - if (!(t1->state.request == 1 && t1->request == T1_REQUEST_RESET)) - { - /*Request Soft RESET to the secure element*/ - r = t1_reset(t1); - if (r < 0) n = -0xDEAD; /*Fatal error meaning eSE is not responding to reset*/ - } - } - return n; -} - -static int -t1_negotiate_ifsd(struct t1_state *t1, int ifsd) -{ - t1_clear_states(t1); - t1->state.request = 1; - - t1->request = T1_REQUEST_IFS; - t1->ifsd = ifsd; - return t1_loop(t1); -} - -static int -t1_reset(struct t1_state *t1) -{ - t1_clear_states(t1); - t1->need_reset = 1; - - return t1_loop(t1); -} - -static int -t1_resync(struct t1_state *t1) -{ - t1_clear_states(t1); - t1->need_resync = 1; - - return t1_loop(t1); -} - -void -isot1_init(struct t1_state *t1) -{ - return t1_init(t1); -} - -void -isot1_release(struct t1_state *t1) -{ - t1_release(t1); -} - -void -isot1_bind(struct t1_state *t1, int src, int dst) -{ - t1_bind(t1, src, dst); -} - -int -isot1_transceive(struct t1_state *t1, const void *snd_buf, - size_t snd_len, void *rcv_buf, size_t rcv_len) -{ - return t1_transceive(t1, snd_buf, snd_len, rcv_buf, rcv_len); -} - -int -isot1_negotiate_ifsd(struct t1_state *t1, int ifsd) -{ - return t1_negotiate_ifsd(t1, ifsd); -} - -int -isot1_reset(struct t1_state *t1) -{ - return t1_reset(t1); -} - -int -isot1_resync(struct t1_state *t1) -{ - return t1_resync(t1); -} - -int -isot1_get_atr(struct t1_state *t1, void *atr, size_t n) -{ - int r = 0; - - if (t1->need_reset) - r = t1_reset(t1); - if (r >= 0) { - if (t1->atr_length <= n) { - r = t1->atr_length; - memcpy(atr, t1->atr, r); - } else - r = -EFAULT; - } - return r; -} diff --git a/secure_element/1.0/esehal/src/iso7816_t1.h b/secure_element/1.0/esehal/src/iso7816_t1.h deleted file mode 100644 index f31c45f..0000000 --- a/secure_element/1.0/esehal/src/iso7816_t1.h +++ /dev/null @@ -1,110 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * ISO7816 T=1 interface. - * - */ - -#ifndef ISO7816_T1_H -#define ISO7816_T1_H - -#include <stdint.h> - -struct t1_state { - int spi_fd; /* File descriptor for transport */ - - struct { - /* Ordered by decreasing priority */ - unsigned halt : 1; /* Halt dispatch loop */ - unsigned request : 1; /* Build a SBLOCK request */ - unsigned reqresp : 1; /* Build a SBLOCK response */ - unsigned badcrc : 1; /* Build a RBLOCK for CRC error */ - unsigned timeout : 1; /* Resend S-BLOCK or send R-BLOCK */ - unsigned aborted : 1; /* Abort was requested */ - } state; - - uint8_t ifsc; /* IFS for card */ - uint8_t ifsd; /* IFS for device */ - uint8_t nad; /* NAD byte for device */ - uint8_t nadc; /* NAD byte for card */ - uint8_t wtx; /* Read timeout scaler */ - - unsigned bwt; /* Block Waiting Timeout */ - - uint8_t chk_algo; /* One of CHECKSUM_LRC or CHECKSUM_CRC */ - uint8_t retries; /* Remaining retries in case of incorrect block */ - uint8_t request; /* Current pending request, valid only during request */ - - int wtx_rounds; /* Limit number of WTX round from card */ - int wtx_max_rounds; /* Maximum number of WTX rounds from card */ - int wtx_max_value; /* Maximum value of WTX supported by host */ - - uint8_t need_reset; /* Need to send a reset on first start */ - uint8_t need_resync; /* Need to send a reset on first start */ - uint8_t need_ifsd_sync; /* Need to send a IFSD request after RESET */ - uint8_t atr[32]; /* ISO7816 defines ATR with a maximum of 32 bytes */ - uint8_t atr_length; /* Never over 32 */ - - /* Emission window */ - struct t1_send { - const uint8_t *start; - const uint8_t *end; - uint8_t next; /* N(S) */ - } send; - - /* Reception window */ - struct t1_recv { - uint8_t *start; - uint8_t *end; - uint8_t next; /* N(R) */ - size_t size; /* Maximum window size */ - } recv; - - size_t recv_max; /* Maximum number of expected bytes on reception */ - size_t recv_size; /* Received number of bytes so far */ - - /* Max size is: - * - 3 bytes header, - * - 254 bytes data, - * - 2 bytes CRC - * - * Use 255 bytes data in case of invalid block length of 255. - */ - uint8_t buf[3 + 255 + 2]; -}; - -enum { CHECKSUM_LRC, CHECKSUM_CRC }; - -void isot1_init(struct t1_state *t1); -void isot1_release(struct t1_state *t1); -void isot1_bind(struct t1_state *t1, int src, int dst); -int isot1_transceive(struct t1_state *t1, const void *snd_buf, - size_t snd_len, void *rcv_buf, size_t rcv_len); -int isot1_negotiate_ifsd(struct t1_state *t1, int ifsd); -int isot1_reset(struct t1_state *t1); -int isot1_resync(struct t1_state *t1); -int isot1_get_atr(struct t1_state *t1, void *atr, size_t n); - -/* for check.c */ -typedef struct t1_state t1_state_t; - -#ifndef EREMOTEIO -# define EREMOTEIO EIO -#endif - -#endif /* ISO7816_T1_H */ diff --git a/secure_element/1.0/esehal/src/libse-gto-private.h b/secure_element/1.0/esehal/src/libse-gto-private.h deleted file mode 100644 index 638acab..0000000 --- a/secure_element/1.0/esehal/src/libse-gto-private.h +++ /dev/null @@ -1,58 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * Internal of libspiplus. - * - */ - -#ifndef LIBSE_GTO_PRIVATE_H -#define LIBSE_GTO_PRIVATE_H - -#include <se-gto/libse-gto.h> -#include "iso7816_t1.h" - -#define SE_GTO_EXPORT __attribute__((visibility("default"))) - -/** - * SECTION:libspiplus - * @short_description: libspiplus context - * - * The context contains the default values for the library user, - * and is passed to all library operations. - */ -struct se_gto_ctx { - void *userdata; - - int log_level; - se_gto_log_fn *log_fn; - char *log_buf; - - const char *gtodev; - - void *spi_buffer; - int spi_nbuffer; - - struct t1_state t1; - - uint8_t check_alive; -}; - -#include "log.h" - -#endif /* ifndef LIBSE_GTO_PRIVATE_H */ diff --git a/secure_element/1.0/esehal/src/libse-gto.c b/secure_element/1.0/esehal/src/libse-gto.c deleted file mode 100644 index cc54910..0000000 --- a/secure_element/1.0/esehal/src/libse-gto.c +++ /dev/null @@ -1,296 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * libse-gto main functions. - * - */ - -#include <ctype.h> -#include <cutils/properties.h> -#include <errno.h> -#include <fcntl.h> -#include <log/log.h> -#include <stdarg.h> -#include <stddef.h> -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/ioctl.h> -#include <unistd.h> - -#include "libse-gto-private.h" -#include "se-gto/libse-gto.h" -#include "spi.h" - -#define SE_GTO_GTODEV "/dev/gto" - -SE_GTO_EXPORT void * -se_gto_get_userdata(struct se_gto_ctx *ctx) -{ - if (ctx == NULL) - return NULL; - - return ctx->userdata; -} - -SE_GTO_EXPORT void -se_gto_set_userdata(struct se_gto_ctx *ctx, void *userdata) -{ - if (ctx == NULL) - return; - - ctx->userdata = userdata; -} - -static int -log_level(const char *priority) -{ - char *endptr; - int prio; - - prio = strtol(priority, &endptr, 10); - if ((endptr[0] == '\0') || isspace(endptr[0])) - return prio; - - if (strncmp(priority, "err", 3) == 0) - return 0; - - if (strncmp(priority, "info", 4) == 0) - return 3; - - if (strncmp(priority, "debug", 5) == 0) - return 4; - - return 0; -} - -static void -log_stderr(struct se_gto_ctx *ctx, const char *s) -{ - //fputs(s, stderr); - ALOGD("%s",s); -} - -SE_GTO_EXPORT int -se_gto_new(struct se_gto_ctx **c) -{ - const char *env; - struct se_gto_ctx *ctx; - - ctx = calloc(1, sizeof(struct se_gto_ctx)); - if (!ctx) { - errno = ENOMEM; - return -1; - } - - isot1_init(&ctx->t1); - - ctx->log_fn = log_stderr; - - ctx->gtodev = SE_GTO_GTODEV; - - ctx->log_level = 2; - /* environment overwrites config */ - env = getenv("SE_GTO_LOG"); - if (env != NULL) - se_gto_set_log_level(ctx, log_level(env)); - - dbg("ctx %p created\n", ctx); - dbg("log_level=%d\n", ctx->log_level); - *c = ctx; - return 0; -} - -SE_GTO_EXPORT int -se_gto_get_log_level(struct se_gto_ctx *ctx) -{ - return ctx->log_level; -} - -SE_GTO_EXPORT void -se_gto_set_log_level(struct se_gto_ctx *ctx, int level) -{ - if (level < 0) - level = 0; - else if (level > 4) - level = 4; - ctx->log_level = level; -} - -SE_GTO_EXPORT se_gto_log_fn * -se_gto_get_log_fn(struct se_gto_ctx *ctx) -{ - return ctx->log_fn; -} - -SE_GTO_EXPORT void -se_gto_set_log_fn(struct se_gto_ctx *ctx, se_gto_log_fn *fn) -{ - ctx->log_fn = fn; -} - -SE_GTO_EXPORT const char * -se_gto_get_gtodev(struct se_gto_ctx *ctx) -{ - return ctx->gtodev; -} - -SE_GTO_EXPORT void -se_gto_set_gtodev(struct se_gto_ctx *ctx, const char *gtodev) -{ - ctx->gtodev = strdup(gtodev); -} - -SE_GTO_EXPORT int -se_gto_reset(struct se_gto_ctx *ctx, void *atr, size_t r) -{ - int err; - - err = isot1_reset(&ctx->t1); - if (err < 0) { - errno = -err; - ctx->check_alive = 1; - } - else { - err = isot1_get_atr(&ctx->t1, atr, r); - if (err < 0) - errno = -err; - } - return err; -} - -SE_GTO_EXPORT int -se_gto_apdu_transmit(struct se_gto_ctx *ctx, const void *apdu, int n, void *resp, int r) -{ - if (!apdu || (n < 4) || !resp || (r < 2)) { - errno = EINVAL; - return -1; - } - r = isot1_transceive(&ctx->t1, apdu, n, resp, r); - dbg("isot1_transceive: r=%d\n", r); - dbg("isot1_transceive: ctx->t1.recv.end - ctx->t1.recv.start = %d\n", ctx->t1.recv.end - ctx->t1.recv.start); - dbg("isot1_transceive: ctx->t1.recv.size = %zu\n", ctx->t1.recv.size); - dbg("isot1_transceive: ctx->t1.buf[2] = %02X\n", ctx->t1.buf[2]); - if (r < 0) { - errno = -r; - err("failed to read APDU response, %s\n", strerror(-r)); - } else if (r < 2) { - err("APDU response too short, only %d bytes, needs 2 at least\n", r); - } - if (r < 2){ - ctx->check_alive = 1; - return -1; - } else - return r; -} - -SE_GTO_EXPORT int -se_gto_open(struct se_gto_ctx *ctx) -{ - info("eSE GTO: using %s\n", ctx->gtodev); - - if (spi_setup(ctx) < 0) { - err("failed to set up se-gto.\n"); - return -1; - } - - ctx->check_alive = 0; - - isot1_bind(&ctx->t1, 0x2, 0x1); - - dbg("fd: spi=%d\n", ctx->t1.spi_fd); - return 0; -} - -#define SPI_IOC_MAGIC 'k' -#define ST54SPI_IOC_WR_POWER _IOW(SPI_IOC_MAGIC, 99, __u32) - -int se_gto_Spi_Reset(struct se_gto_ctx *ctx) -{ - uint32_t io_code; - uint32_t power = 0; - - printf("Send software reset via ioctl\n"); - io_code = ST54SPI_IOC_WR_POWER; - power = 1; - if (-1 == ioctl (ctx->t1.spi_fd, io_code, &power)) { - perror("unable to soft reset via ioctl\n"); - return -1; - } - - isot1_resync(&ctx->t1); - return 0; -} - -int gtoSPI_checkAlive(struct se_gto_ctx *ctx); -int gtoSPI_checkAlive(struct se_gto_ctx *ctx) -{ - int ret = 0; - unsigned char apdu[5]= {0x80,0xCA,0x9F,0x7F,0x2D}; - unsigned char resp[258] = {0,}; - - /*Check Alive implem*/ - for(int count = 0; count < 3; count++) { - ret = se_gto_apdu_transmit(ctx, apdu, 5, resp, sizeof(resp)); - if(ret < 0){ - if (count == 2) return -1; - /*Run SPI reset*/ - se_gto_Spi_Reset(ctx); - } - } - - return 0; -} - -SE_GTO_EXPORT int -se_gto_close(struct se_gto_ctx *ctx) -{ - int status = 0; - const char ese_reset_property[] = "persist.vendor.se.reset"; - - if (ctx){ - dbg("se_gto_close check_alive = %d\n", ctx->check_alive); - } - if (ctx->check_alive == 1) { - if (gtoSPI_checkAlive(ctx) != 0) { - status = -(0xDEAD); - // eSE needs cold reset. - if (strncmp(ctx->gtodev, "/dev/st54spi", 12) == 0 ) { - property_set(ese_reset_property, "needed"); - } - } else { - // Set noneed if SPI worked normally. - if (strncmp(ctx->gtodev, "/dev/st54spi", 12) == 0 ) { - property_set(ese_reset_property, "noneed"); - } - } - } else { - // Set noneed if SPI worked normally. - if (strncmp(ctx->gtodev, "/dev/st54spi", 12) == 0 ) { - property_set(ese_reset_property, "noneed"); - } - } - - (void)isot1_release(&ctx->t1); - (void)spi_teardown(ctx); - log_teardown(ctx); - if(ctx) free(ctx); - return status; -} diff --git a/secure_element/1.0/esehal/src/linux/se_gemalto.h b/secure_element/1.0/esehal/src/linux/se_gemalto.h deleted file mode 100644 index 0bdbaa4..0000000 --- a/secure_element/1.0/esehal/src/linux/se_gemalto.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * se_gemalto.h - Access Gemalto Secure Element over SPI. - * - * 2019 Gemalto – a Thales Company - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -#ifndef SE_GEMALTO_H -#define SE_GEMALTO_H - -#include <linux/types.h> - -#define GTO_IOC_MAGIC 'g' - -/* Read / Write of power configuration (GTO_POWER_ON, GTO_POWER_OFF) */ -#define GTO_IOC_RD_POWER _IOR(GTO_IOC_MAGIC, 1, __s32) -#define GTO_IOC_WR_POWER _IOW(GTO_IOC_MAGIC, 1, __s32) -#define GTO_IOC_WR_RESET _IOW(GTO_IOC_MAGIC, 2, __s32) - -/* Read / Write of clock speed configuration */ -#define GTO_IOC_RD_CLK_SPEED _IOR(GTO_IOC_MAGIC, 2, __s32) -#define GTO_IOC_WR_CLK_SPEED _IOW(GTO_IOC_MAGIC, 2, __s32) - -#endif /* ifndef SE_GEMALTO_H */ diff --git a/secure_element/1.0/esehal/src/log.c b/secure_element/1.0/esehal/src/log.c deleted file mode 100644 index b1dfb57..0000000 --- a/secure_element/1.0/esehal/src/log.c +++ /dev/null @@ -1,87 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * Logging facilities. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <stdarg.h> -#include <string.h> - -#include "libse-gto-private.h" - -#ifdef ENABLE_LOGGING - -# define BUFSIZE 1024 - -static const char *levels[] = { - "ERROR:", "WARNING:", "NOTICE:", "INFO:", "DEBUG:", "????:" -}; - -void -vsay(struct se_gto_ctx *ctx, const char *fmt, va_list args) -{ - static int k = 0; - char *buf; - - if (!ctx->log_fn) - return; - - if (!ctx->log_buf) { - ctx->log_buf = malloc(BUFSIZE); - if (!ctx->log_buf) - return; - } - - if (fmt[0] == 1) { - int n = fmt[1] - '0'; - n = (n < 0 || n > 4) ? 5 : n; - if (n <= ctx->log_level) { - if (k == 0) - strcpy(ctx->log_buf, levels[n]); - k += strlen(ctx->log_buf + k); - k += vsnprintf(ctx->log_buf + k, BUFSIZE - k, fmt + 2, args); - } - } else - k += vsnprintf(ctx->log_buf + k, 1024 - k, fmt, args); - - if (k >= BUFSIZE) - k = BUFSIZE - 1; - buf = ctx->log_buf; - if (k >= 0) { - buf[k] = '\000'; - if ((k > 0 && (buf[k - 1] == '\n')) || (k == (BUFSIZE - 1))) { - k = 0; - ctx->log_fn(ctx, buf); - } - } -} - -#endif /* ifdef ENABLE_LOGGING */ - -void -log_teardown(struct se_gto_ctx *ctx) -{ - if (ctx->log_buf) { - free(ctx->log_buf); - ctx->log_buf = NULL; - } -} diff --git a/secure_element/1.0/esehal/src/log.h b/secure_element/1.0/esehal/src/log.h deleted file mode 100644 index 976f714..0000000 --- a/secure_element/1.0/esehal/src/log.h +++ /dev/null @@ -1,81 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * Interface to log facilities. - * - */ - -#ifndef LOG_H -#define LOG_H - -#ifdef ENABLE_LOGGING - -# include "compiler.h" -# include <stdarg.h> - -# define LOG_ESC "\001" -# define LOG_ERR LOG_ESC "0" -# define LOG_WARN LOG_ESC "1" -# define LOG_NOTICE LOG_ESC "2" -# define LOG_INFO LOG_ESC "3" -# define LOG_DEBUG LOG_ESC "4" - -# define err(fmt, ...) say(ctx, LOG_ERR fmt, ## __VA_ARGS__) -# define warn(fmt, ...) say(ctx, LOG_WARN fmt, ## __VA_ARGS__) -# define notice(fmt, ...) say(ctx, LOG_NOTICE fmt, ## __VA_ARGS__) -# define info(fmt, ...) say(ctx, LOG_INFO fmt, ## __VA_ARGS__) -# ifdef ENABLE_DEBUG -# define dbg(fmt, ...) say(ctx, LOG_DEBUG fmt, ## __VA_ARGS__) -# else -# define dbg(fmt, ...) nosay(ctx, LOG_DEBUG fmt, ## __VA_ARGS__) -# endif - -void vsay(struct se_gto_ctx *ctx, const char *fmt, va_list args); - -static inline void -check_printf(2, 3) -say(struct se_gto_ctx *ctx, const char *fmt, ...) { - va_list args; - - va_start(args, fmt); - vsay(ctx, fmt, args); - va_end(args); -} - -#else /* ifdef ENABLE_LOGGING */ - -# define err(fmt, ...) nosay(ctx, fmt, ## __VA_ARGS__) -# define warn(fmt, ...) nosay(ctx, fmt, ## __VA_ARGS__) -# define notice(fmt, ...) nosay(ctx, fmt, ## __VA_ARGS__) -# define info(fmt, ...) nosay(ctx, fmt, ## __VA_ARGS__) -# define dbg(fmt, ...) nosay(ctx, fmt, ## __VA_ARGS__) - -#endif /* ifdef ENABLE_LOGGING */ - -#if 0 /* when disabling logging compilation fail on nosay() definition */ -static inline void check_printf(2, 3) - nosay(struct se_gto_ctx *ctx, const char *fmt, ...) {} -#else -static inline void -nosay(struct se_gto_ctx *ctx, const char *fmt, ...) {} -#endif - -void log_teardown(struct se_gto_ctx *ctx); - -#endif /* ifndef LOG_H */ diff --git a/secure_element/1.0/esehal/src/se-gto/libse-gto.h b/secure_element/1.0/esehal/src/se-gto/libse-gto.h deleted file mode 100644 index 4c98436..0000000 --- a/secure_element/1.0/esehal/src/se-gto/libse-gto.h +++ /dev/null @@ -1,193 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * libse-gto to dialog with device T=1 protocol over SPI. - * - * This library is not thread safe on same context. - */ - -#ifndef LIBSE_GTO_H -#define LIBSE_GTO_H - -#ifdef __cplusplus -extern "C" { -#endif - -#define LOG_TAG "THALES_HAL" - -/** - * library user context - reads the config and system - * environment, user variables, allows custom logging. - * - * Default struct se_gto_ctx log to stderr file stream. - * Content is opaque to user. - */ -struct se_gto_ctx; - -/** Function callback to display log line. - * @s nul terminated string. - */ - -typedef void se_gto_log_fn (struct se_gto_ctx *ctx, const char *s); - - -/********************************* Core *************************************/ - -/** Create se-gto library context. - * - * This fills in the default values. Device node for eSE GTO is "@c /dev/gto". - * - * Use environment variable SE_GTO_LOG to alter default log level globally. - * SE_GTO_LOG=n with n from 0 to 4, or choice of SE_GTO_LOG to err, info, debug. - * - * @return a new se-gto library context - */ -int se_gto_new(struct se_gto_ctx **ctx); - -/** Allocates resources from environment and kernel. - * - * @c errno is set on error. - * - * @return -1 on error, 0 otherwise. - */ -int se_gto_open(struct se_gto_ctx *ctx); - -/** Release resources. - * - * @c errno is set on error. - * @return -1 on error, 0 otherwise. - */ -int se_gto_close(struct se_gto_ctx *ctx); - -/******************************* Facilities *********************************/ - -/** Returns current log level. - * - * @param ctx: se-gto library context - * - * @return the current logging level - **/ -int se_gto_get_log_level(struct se_gto_ctx *ctx); - -/** - * Set the current logging level. - * - * @param ctx se-gto library context - * @param level the new logging level - * - * @c level controls which messages are logged: - * 0 : error - * 1 : warning - * 2 : notice - * 3 : info - * 4 : debug - **/ -void se_gto_set_log_level(struct se_gto_ctx *ctx, int level); - -/** Get current function callback for log entries. - * - * Use this function if you want to chain log entries and replace current - * function by yours. - * - * @param ctx se-gto library context. - * - * @return current function for log string. - */ -se_gto_log_fn *se_gto_get_log_fn(struct se_gto_ctx *ctx); - -/** Set function callback for log entries. - * - * @param ctx se-gto library context. - * @param fn Function to dump nul terminated string. - */ -void se_gto_set_log_fn(struct se_gto_ctx *ctx, se_gto_log_fn *fn); - -void *se_gto_get_userdata(struct se_gto_ctx *ctx); - -/** Store custom userdata in the library context. - * - * @param ctx se-gto library context - * @param userdata data pointer - **/ -void se_gto_set_userdata(struct se_gto_ctx *ctx, void *userdata); - -/**************************** HW configuration ******************************/ - -/** Returns current device node for eSE. - * - * Returned string must not be modified. Copy returned string if you need to - * use it later. - * - * @param ctx se-gto library context. - * - * @return nul terminated string. - */ -const char *se_gto_get_gtodev(struct se_gto_ctx *ctx); - -/** Set device node used for eSE. - * - * @c gtodev is copied se-gto library. You can use a volatile string. - * - * @param ctx se-gto library context. - * @param gtodev full path to device node. - */ -void se_gto_set_gtodev(struct se_gto_ctx *ctx, const char *gtodev); - -/****************************** APDU protocol *******************************/ - -/** Send reset command to Secure Element and return ATR bytes. - * - * @param ctx se-gto library context - * @param atr byte buffer to receive ATR content - * @param r length of ATR byte buffer. - * - * @c errno is set on error. - * - * @return number of bytes in @c atr buffer or -1 on error. - */ -int se_gto_reset(struct se_gto_ctx *ctx, void *atr, size_t r); - -/** Transmit APDU to Secure Element - * - * If needed to comply with request from command, multiple ISO7816 Get - * Response can be emitted to collect the full response. - * - * @param ctx se-gto library context - * @param apdu APDU command to send - * @param n length of APDU command - * @param resp Response buffer - * @param r length of response buffer. - * - * @c errno is set on error. - * - * @return number of bytes filled in @c resp buffer. -1 on error. - * - * @resp buffer last two bytes are SW1 and SW2 respectively. Response length - * will always be at least 2 bytes. Maximum response size will be 257 bytes. - * - * Slave timeout is used waiting for APDU response. Each Extension Time packet - * will restart response timeout. - */ -int se_gto_apdu_transmit(struct se_gto_ctx *ctx, const void *apdu, int n, void *resp, int r); - -#ifdef __cplusplus -} /* extern "C" */ -#endif - -#endif /* ifndef LIBSE_GTO_H */ diff --git a/secure_element/1.0/esehal/src/spi.c b/secure_element/1.0/esehal/src/spi.c deleted file mode 100644 index 83fb2fb..0000000 --- a/secure_element/1.0/esehal/src/spi.c +++ /dev/null @@ -1,100 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * Low level interface to SPI/eSE driver. - * - */ - -#include <string.h> -#include <errno.h> -#include <unistd.h> -#include <sys/types.h> -#include <fcntl.h> -#include <sys/ioctl.h> -#include <linux/se_gemalto.h> - -#include "libse-gto-private.h" -#include "spi.h" - -#define USE_OPEN_RETRY -#define MAX_RETRY_CNT 10 - -int -spi_setup(struct se_gto_ctx *ctx) -{ -#ifdef USE_OPEN_RETRY - int retryCnt = 0; - -retry: - ctx->t1.spi_fd = open(ctx->gtodev, O_RDWR); - if (ctx->t1.spi_fd < 0) { - err("cannot use %s for spi device, errno = 0x%x\n", ctx->gtodev, errno); - if(errno == -EBUSY || errno == EBUSY) { - retryCnt++; - err("Retry open driver - retry cnt : %d\n", retryCnt); - if(retryCnt < MAX_RETRY_CNT) { - sleep(1); - goto retry; - } - } - return -1; - } -#else - ctx->t1.spi_fd = open(ctx->gtodev, O_RDWR); - if (ctx->t1.spi_fd < 0) { - err("cannot use %s for spi device\n", ctx->gtodev); - return -1; - } -#endif - return ctx->t1.spi_fd < 0; -} - -int -spi_teardown(struct se_gto_ctx *ctx) -{ - if (ctx->t1.spi_fd >= 0) - if (close(ctx->t1.spi_fd) < 0) - warn("failed to close fd to %s, %s.\n", ctx->gtodev, strerror(errno)); - ctx->t1.spi_fd = -1; - return 0; -} - -int -spi_write(int fd, const void *buf, size_t count) -{ - ssize_t n; - - n = write(fd, buf, count); - if ((int)n != n) - return -EFAULT; - - return (int)n; -} - -int -spi_read(int fd, void *buf, size_t count) -{ - ssize_t n; - - n = read(fd, buf, count); - if ((int)n != n) - return -EFAULT; - - return (int)n; -} diff --git a/secure_element/1.0/esehal/src/spi.h b/secure_element/1.0/esehal/src/spi.h deleted file mode 100644 index 08dbd0f..0000000 --- a/secure_element/1.0/esehal/src/spi.h +++ /dev/null @@ -1,32 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * Interface to transport to transparently send/receive data. - * - */ - -#ifndef SPI_H -#define SPI_H - -int spi_setup(struct se_gto_ctx *ctx); -int spi_teardown(struct se_gto_ctx *ctx); -int spi_write(int fd, const void *buf, size_t count); -int spi_read(int fd, void *buf, size_t count); - -#endif /* SPI_H */ diff --git a/secure_element/1.0/esehal/src/transport.c b/secure_element/1.0/esehal/src/transport.c deleted file mode 100644 index 4b56b08..0000000 --- a/secure_element/1.0/esehal/src/transport.c +++ /dev/null @@ -1,168 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * eSE Gemalto kernel driver transport. - * - */ - -#include <stdlib.h> -#include <string.h> -#include <stdint.h> -#include <unistd.h> -#include <errno.h> -#include <fcntl.h> -#include <time.h> - -#include "iso7816_t1.h" -#include "transport.h" -#include "spi.h" - -#define NSEC_PER_SEC 1000000000L -#define NSEC_PER_MSEC 1000000L - -#define ESE_NAD 0x21 - -/* < 0 if t1 < t2, - * > 0 if t1 > t2, - * 0 if t1 == t2. - */ -static int -ts_compare(const struct timespec *t1, const struct timespec *t2) -{ - if (t1->tv_sec < t2->tv_sec) - return -1; - else if (t1->tv_sec > t2->tv_sec) - return 1; - else - return t1->tv_nsec - t2->tv_nsec; -} - -static uint32_t -div_uint64_rem(uint64_t dividend, uint32_t divisor, uint64_t *remainder) -{ - uint32_t r = 0; - - /* Compiler will optimize to modulo on capable platform */ - while (dividend >= divisor) - dividend -= divisor, r++; - - *remainder = dividend; - return r; -} - -static struct timespec -ts_add_ns(const struct timespec ta, uint64_t ns) -{ - time_t sec = ta.tv_sec + - div_uint64_rem(ta.tv_nsec + ns, NSEC_PER_SEC, &ns); - struct timespec ts = { sec, ns }; - - return ts; -} - -static int -crc_length(struct t1_state *t1) -{ - int n = 0; - - switch (t1->chk_algo) { - case CHECKSUM_LRC: - n = 1; - break; - - case CHECKSUM_CRC: - n = 2; - break; - } - return n; -} - -int -block_send(struct t1_state *t1, const void *block, size_t n) -{ - if (n < 4) - return -EINVAL; - - return spi_write(t1->spi_fd, block, n); -} - -int -block_recv(struct t1_state *t1, void *block, size_t n) -{ - uint8_t c; - int fd; - uint8_t *s, i; - int len, max; - long bwt; - - struct timespec ts, ts_timeout; - - if (n < 4) - return -EINVAL; - - fd = t1->spi_fd; - s = block; - - clock_gettime(CLOCK_MONOTONIC, &ts); - bwt = t1->bwt * (t1->wtx ? t1->wtx : 1); - t1->wtx = 1; - - ts_timeout = ts_add_ns(ts, bwt * NSEC_PER_MSEC); - - /* Pull every 2ms */ - i = 0; - do { - /* Wait for 2ms */ - ts = ts_add_ns(ts, 2 * NSEC_PER_MSEC); - while (clock_nanosleep(CLOCK_MONOTONIC, TIMER_ABSTIME, &ts, NULL)) - if (errno != EINTR) - break; - - len = spi_read(fd, &c, 1); - if (len < 0) - return len; - - if (ts_compare(&ts, &ts_timeout) >= 0) - return -ETIMEDOUT; - } while (c != ESE_NAD); - - s[i++] = c; - - /* Minimal length is 3 + sizeof(checksum) */ - max = 2 + crc_length(t1); - len = spi_read(fd, s + 1, max); - if (len < 0) - return len; - - i += len; - - /* verify that buffer is large enough. */ - max += s[2]; - if ((size_t)max > n) - return -ENOMEM; - - /* get block remaining if present */ - if (s[2]) { - len = spi_read(fd, s + 4, s[2]); - if (len < 0) - return len; - } - - return max + 1; -} diff --git a/secure_element/1.0/esehal/src/transport.h b/secure_element/1.0/esehal/src/transport.h deleted file mode 100644 index 50d0f41..0000000 --- a/secure_element/1.0/esehal/src/transport.h +++ /dev/null @@ -1,35 +0,0 @@ -/***************************************************************************** - * Copyright ©2017-2019 Gemalto – a Thales Company. All rights Reserved. - * - * This copy is licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * http://www.apache.org/licenses/LICENSE-2.0 or https://www.apache.org/licenses/LICENSE-2.0.html - * - * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and limitations under the License. - - ****************************************************************************/ - -/** - * @file - * $Author$ - * $Revision$ - * $Date$ - * - * Interface to transport to transparently send/receive data. - * - */ - -#ifndef TRANSPORT_H -#define TRANSPORT_H - -struct se_gto_ctx; -struct t1_state; - -int transport_setup(struct se_gto_ctx *ctx); -int transport_teardown(struct se_gto_ctx *ctx); -int block_send(struct t1_state *t1, const void *block, size_t n); -int block_recv(struct t1_state *t1, void *block, size_t n); - -#endif /* TRANSPORT_H */ |