1 /******************************************************************************
2  *
3  *  Copyright 2023-2024 NXP
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 #pragma once
20 
21 #include <android-base/logging.h>
22 #include <android-base/stringprintf.h>
23 #include <cppbor.h>
24 #include <cppbor_parse.h>
25 
26 // Timeout value in seconds for invalid data status
27 #define INVALID_DATA_STATUS_TIMER_VALUE 0
28 
29 // Default timeout value in seconds for clear approved status.
30 #define CLEAR_APPROVE_STATUS_TIMER_VALUE 60
31 
32 // index 0 & 1 in hours, index 2 & 3 in seconds [hr] [hr] : [secs] [secs]
33 #define TIMEOUT_VECTOR_SIZE 4
34 
35 #define DEFAULT_SESSION_TIMEOUT (3 * 1000) // 3 secs,default value
36 
37 #define APDU_CLS 0x80
38 #define APDU_P1 0x00
39 #define APDU_P2 0x00
40 #define APDU_RESP_STATUS_OK 0x9000
41 #define INDEX_STATUS_VAL 0x00
42 #define INDEX_TIMER_VAL 0x01
43 
44 using android::base::StringPrintf;
45 
46 enum class Instruction {
47   INS_VERIFY_PIN = 0x20,
48   INS_CLEAR_APPROVED_STATUS = 0x30,
49 };
50 
51 /**
52  * AuthSecretHelper is a helper class for AuthSecret HAL implementation.
53  *
54  */
55 class AuthSecretHelper {
56 public:
57   /**
58    * \brief static function to get the singleton instance of
59    *        AuthSecretHelper class
60    *
61    * \retval timeout value.
62    */
63   static AuthSecretHelper *getInstance();
64   /**
65    * \brief Extracts timeout value from applet if applicable,
66    *        else returns default value.
67    *
68    * \retval timeout value.
69    *
70    * \param[data] Response APDU data from VERIFY PIN command.
71    */
72   uint64_t extractTimeoutValue(std::vector<uint8_t> data);
73 
74   /**
75    * \brief Check the status of VERIFY PIN command response
76    *        CBOR data.
77    *
78    * \retval true if VERIFY PIN is success, else returns false.
79    *
80    * \param[resp] Response APDU data from VERIFY PIN command.
81    */
82   bool checkVerifyStatus(std::vector<uint8_t> resp);
83 
84   /**
85    * \brief Function to frame the input data in to CBOR format
86    *        apdu
87    *
88    * \retval returns true if constructing CBOR APDU is success,
89    *         else returns false.
90    *
91    * \param[ins] Input instrution type.
92    * \param[input] Input payload data
93    * \param[out] Pointer for output CBOR APDU vector.
94    * \param[timeout] Timeout value as vector for VERIFY PIN Ins
95    */
96   bool constructApdu(Instruction ins, const std::vector<uint8_t> &input,
97                      std::vector<uint8_t> &out, std::vector<uint8_t> timeout);
98 
99 private:
100   static AuthSecretHelper *sInstance;
101 };
102