| /* |
| * Copyright (C) 2017 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| /* |
| * Copyright (c) 2015-2017, The Linux Foundation. |
| */ |
| |
| /* |
| * Copyright (C) 2011 Deutsche Telekom, A.G. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| /* |
| * Contributed by: Giesecke & Devrient GmbH. |
| */ |
| |
| package com.android.se.security.arf; |
| |
| import android.util.Log; |
| |
| import com.android.se.Channel; |
| import com.android.se.Terminal; |
| import com.android.se.security.ChannelAccess; |
| import com.android.se.security.arf.pkcs15.EF; |
| import com.android.se.security.gpac.AID_REF_DO; |
| import com.android.se.security.gpac.Hash_REF_DO; |
| import com.android.se.security.gpac.REF_DO; |
| |
| import java.io.IOException; |
| import java.util.MissingResourceException; |
| import java.util.NoSuchElementException; |
| |
| /** |
| * Provides high-level functions for SE communication |
| */ |
| public class SecureElement { |
| public final String mTag = "SecureElement-ARF"; |
| // Logical channel used for SE communication (optional) |
| private Channel mArfChannel = null; |
| // Handle to a built-in "Secure Element" |
| private Terminal mTerminalHandle = null; |
| // Arf Controller within the SCAPI handler |
| private ArfController mArfHandler = null; |
| |
| /** |
| * Constructor |
| * |
| * @param arfHandler - handle to the owning arf controller object |
| * @param handle - handle to the SE terminal to be accessed. |
| */ |
| public SecureElement(ArfController arfHandler, Terminal handle) { |
| mTerminalHandle = handle; |
| mArfHandler = arfHandler; |
| } |
| |
| /** |
| * Transmits ADPU commands |
| * |
| * @param cmd APDU command |
| * @return Data returned by the APDU command |
| */ |
| public byte[] exchangeAPDU(EF ef, byte[] cmd) throws IOException, SecureElementException { |
| try { |
| return mArfChannel.transmit(cmd); |
| } catch (IOException e) { |
| // Communication error happened while the terminal sending a command. |
| throw e; |
| } catch (Exception e) { |
| throw new SecureElementException( |
| "Secure Element access error " + e.getLocalizedMessage()); |
| } |
| } |
| |
| /** |
| * Opens a logical channel to ARF Applet or ADF |
| * |
| * @param aid Applet identifier |
| * @return Handle to "Logical Channel" allocated by the SE; <code>0</code> if error occurred |
| */ |
| public Channel openLogicalArfChannel(byte[] aid) throws IOException, MissingResourceException, |
| NoSuchElementException { |
| try { |
| mArfChannel = mTerminalHandle.openLogicalChannelWithoutChannelAccess(aid); |
| if (mArfChannel == null) { |
| throw new MissingResourceException("No channel was available", "", ""); |
| } |
| setUpChannelAccess(mArfChannel); |
| return mArfChannel; |
| } catch (IOException | MissingResourceException | NoSuchElementException e) { |
| throw e; |
| } catch (Exception e) { |
| Log.e(mTag, "Error opening logical channel " + e.getLocalizedMessage()); |
| mArfChannel = null; |
| return null; |
| } |
| } |
| |
| /** |
| * Closes a logical channel previously allocated by the SE |
| */ |
| public void closeArfChannel() { |
| try { |
| if (mArfChannel != null) { |
| mArfChannel.close(); |
| mArfChannel = null; |
| } |
| |
| } catch (Exception e) { |
| Log.e(mTag, "Error closing channel " + e.getLocalizedMessage()); |
| } |
| } |
| |
| /** |
| * Set up channel access to allow, so that PKCS15 files can be read. |
| */ |
| private void setUpChannelAccess(Channel channel) { |
| // set access conditions to access ARF. |
| ChannelAccess arfChannelAccess = new ChannelAccess(); |
| arfChannelAccess.setAccess(ChannelAccess.ACCESS.ALLOWED, ""); |
| arfChannelAccess.setApduAccess(ChannelAccess.ACCESS.ALLOWED); |
| channel.setChannelAccess(arfChannelAccess); |
| } |
| |
| /** Fetches the Refresh Tag */ |
| public byte[] getRefreshTag() { |
| if (mArfHandler != null) { |
| return mArfHandler.getAccessRuleCache().getRefreshTag(); |
| } |
| return null; |
| } |
| |
| /** Sets the given Refresh Tag */ |
| public void setRefreshTag(byte[] refreshTag) { |
| if (mArfHandler != null) { |
| mArfHandler.getAccessRuleCache().setRefreshTag(refreshTag); |
| } |
| } |
| |
| /** Addsthe Access Rule to the Cache */ |
| public void putAccessRule( |
| AID_REF_DO aidRefDo, Hash_REF_DO hashRefDo, ChannelAccess channelAccess) { |
| |
| REF_DO ref_do = new REF_DO(aidRefDo, hashRefDo); |
| mArfHandler.getAccessRuleCache().putWithMerge(ref_do, channelAccess); |
| } |
| |
| /** Resets the Access Rule Cache */ |
| public void resetAccessRules() { |
| this.mArfHandler.getAccessRuleCache().reset(); |
| } |
| |
| /** Clears the Access Rule Cache */ |
| public void clearAccessRuleCache() { |
| this.mArfHandler.getAccessRuleCache().clearCache(); |
| } |
| } |