1 /*
2  * Copyright 2020, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 /******************************************************************************
17  **
18  ** The original Work has been changed by NXP.
19  **
20  ** Licensed under the Apache License, Version 2.0 (the "License");
21  ** you may not use this file except in compliance with the License.
22  ** You may obtain a copy of the License at
23  **
24  ** http://www.apache.org/licenses/LICENSE-2.0
25  **
26  ** Unless required by applicable law or agreed to in writing, software
27  ** distributed under the License is distributed on an "AS IS" BASIS,
28  ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
29  ** See the License for the specific language governing permissions and
30  ** limitations under the License.
31  **
32  ** Copyright 2020-2024 NXP
33  **
34  *********************************************************************************/
35 #define LOG_TAG "javacard.strongbox-service"
36 
37 #include <aidl/android/hardware/security/keymint/SecurityLevel.h>
38 #include <android-base/logging.h>
39 #include <android-base/properties.h>
40 #include <android/binder_manager.h>
41 #include <android/binder_process.h>
42 
43 #include "JavacardKeyMintDevice.h"
44 #include "JavacardRemotelyProvisionedComponentDevice.h"
45 #include "JavacardSecureElement.h"
46 #include "JavacardSharedSecret.h"
47 #if defined OMAPI_TRANSPORT
48 #include <OmapiTransport.h>
49 #elif defined HAL_TO_HAL_TRANSPORT
50 #include <HalToHalTransport.h>
51 #else
52 #include <SocketTransport.h>
53 #endif
54 #include "keymint_utils.h"
55 
56 using aidl::android::hardware::security::keymint::JavacardKeyMintDevice;
57 using aidl::android::hardware::security::keymint::JavacardRemotelyProvisionedComponentDevice;
58 using aidl::android::hardware::security::keymint::SecurityLevel;
59 using aidl::android::hardware::security::sharedsecret::JavacardSharedSecret;
60 using keymint::javacard::getOsPatchlevel;
61 using keymint::javacard::getOsVersion;
62 using keymint::javacard::getVendorPatchlevel;
63 using keymint::javacard::ITransport;
64 using keymint::javacard::JavacardSecureElement;
65 #if defined OMAPI_TRANSPORT
66 using keymint::javacard::OmapiTransport;
67 #elif defined HAL_TO_HAL_TRANSPORT
68 using keymint::javacard::HalToHalTransport;
69 #else
70 using keymint::javacard::SocketTransport;
71 #endif
72 
73 const std::vector<uint8_t> gStrongBoxAppletAID = {0xA0, 0x00, 0x00, 0x00, 0x62};
74 
addService(Args &&...args)75 template <typename T, class... Args> std::shared_ptr<T> addService(Args&&... args) {
76     std::shared_ptr<T> ser = ndk::SharedRefBase::make<T>(std::forward<Args>(args)...);
77     auto instanceName = std::string(T::descriptor) + "/strongbox";
78     LOG(INFO) << "adding javacard strongbox service instance: " << instanceName;
79     binder_status_t status =
80         AServiceManager_addService(ser->asBinder().get(), instanceName.c_str());
81     CHECK(status == STATUS_OK);
82     return ser;
83 }
84 
main()85 int main() {
86     LOG(INFO) << "Starting javacard strongbox service";
87     ABinderProcess_setThreadPoolMaxThreadCount(0);
88     // Javacard Secure Element
89 #if defined OMAPI_TRANSPORT
90     std::shared_ptr<JavacardSecureElement> card =
91         std::make_shared<JavacardSecureElement>(
92             OmapiTransport::make(gStrongBoxAppletAID));
93 #elif defined HAL_TO_HAL_TRANSPORT
94     std::shared_ptr<JavacardSecureElement> card =
95         std::make_shared<JavacardSecureElement>(
96             std::make_shared<HalToHalTransport>(gStrongBoxAppletAID));
97 #else
98     std::shared_ptr<JavacardSecureElement> card =
99         std::make_shared<JavacardSecureElement>(
100             std::make_shared<SocketTransport>(gStrongBoxAppletAID));
101 #endif
102     // Add Keymint Service
103     addService<JavacardKeyMintDevice>(card);
104     // Add Shared Secret Service
105     addService<JavacardSharedSecret>(card);
106     // Add Remotely Provisioned Component Service
107     addService<JavacardRemotelyProvisionedComponentDevice>(card);
108 
109     LOG(INFO) << "Joining thread pool";
110     ABinderProcess_joinThreadPool();
111     return EXIT_FAILURE;  // should not reach
112 }
113