common/AccessCondition.cpp

   1 /*
   2 * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
   3 *
   4 * Licensed under the Apache License, Version 2.0 (the "License");
   5 * you may not use this file except in compliance with the License.
   6 * You may obtain a copy of the License at
   7 *
   8 * http://www.apache.org/licenses/LICENSE-2.0
   9 *
  10 * Unless required by applicable law or agreed to in writing, software
  11 * distributed under the License is distributed on an "AS IS" BASIS,
  12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 * See the License for the specific language governing permissions and
  14 * limitations under the License.
  15 */
  16
  17
  18 /* standard library header */
  19 #include <stdio.h>
  20
  21 /* SLP library header */
  22
  23 /* local header */
  24 #include "Debug.h"
  25 #include "SimpleTLV.h"
  26 #include "AccessCondition.h"
  27
  28 namespace smartcard_service_api
  29 {
  30         void APDUAccessRule::loadAPDUAccessRule(const ByteArray &data)
  31         {
  32                 SimpleTLV tlv(data);
  33
  34                 if (tlv.decodeTLV() == true)
  35                 {
  36                         switch (tlv.getTag())
  37                         {
  38                         case 0xA0 : /* CHOICE 0 : APDUPermission */
  39                                 permission = SimpleTLV::getBoolean(tlv.getValue());
  40                                 break;
  41
  42                         case 0xA1 : /* CHOICE 1 : APDUFilters */
  43                                 tlv.enterToValueTLV();
  44                                 while (tlv.decodeTLV() == true)
  45                                 {
  46                                         if (tlv.getTag() == 0x04) /* OCTET STRING */
  47                                         {
  48                                                 ByteArray apdu, mask, value;
  49
  50                                                 value = tlv.getValue();
  51
  52                                                 SCARD_DEBUG("APDU rule : %s", value.toString());
  53
  54                                                 if (value.getLength() == 8) /* apdu 4 bytes + mask 4 bytes */
  55                                                 {
  56                                                         apdu.setBuffer(value.getBuffer(), 4);
  57                                                         mask.setBuffer(value.getBuffer(4), 4);
  58
  59                                                         pair<ByteArray, ByteArray> newItem(apdu, mask);
  60
  61                                                         mapApduFilters.insert(newItem);
  62                                                 }
  63                                                 else
  64                                                 {
  65                                                         SCARD_DEBUG_ERR("Invalid APDU rule : %s", value.toString());
  66                                                 }
  67                                         }
  68                                         else
  69                                         {
  70                                                 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
  71                                         }
  72                                 }
  73                                 tlv.returnToParentTLV();
  74                                 break;
  75
  76                         default :
  77                                 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
  78                                 break;
  79                         }
  80                 }
  81         }
  82
  83         bool APDUAccessRule::isAuthorizedAccess(const ByteArray &command)
  84         {
  85                 bool result = false;
  86
  87                 if (mapApduFilters.size() > 0)
  88                 {
  89                         /* TODO : search command and check validity */
  90                 }
  91                 else
  92                 {
  93                         /* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
  94                         result = permission;
  95                 }
  96
  97                 return result;
  98         }
  99
 100         void APDUAccessRule::printAPDUAccessRules()
 101         {
 102                 SCARD_DEBUG("  +-- APDU Access Rule");
 103
 104                 if (mapApduFilters.size() > 0)
 105                 {
 106                         map<ByteArray, ByteArray>::iterator iterMap;
 107
 108                         for (iterMap = mapApduFilters.begin(); iterMap != mapApduFilters.end(); iterMap++)
 109                         {
 110                                 SCARD_DEBUG("  +--- APDU : %s, Mask : %s", ((ByteArray)(iterMap->first)).toString(), iterMap->second.toString());
 111                         }
 112                 }
 113                 else
 114                 {
 115                         SCARD_DEBUG("  +--- permission : %s", permission ? "granted all" : "denied all");
 116                 }
 117         }
 118
 119         void NFCAccessRule::loadNFCAccessRule(const ByteArray &data)
 120         {
 121                 permission = SimpleTLV::getBoolean(data);
 122         }
 123
 124         bool NFCAccessRule::isAuthorizedAccess(void)
 125         {
 126                 bool result = false;
 127
 128                 result = permission;
 129
 130                 return result;
 131         }
 132
 133         void NFCAccessRule::printNFCAccessRules()
 134         {
 135                 SCARD_DEBUG("   +-- NFC Access Rule");
 136                 SCARD_DEBUG("   +--- permission : %s", permission ? "granted all" : "denied all");
 137         }
 138
 139         void AccessCondition::loadAccessCondition(ByteArray &aid, ByteArray &data)
 140         {
 141                 if (data.getLength() > 0)
 142                 {
 143                         SimpleTLV tlv(data);
 144
 145                         while (tlv.decodeTLV() == true && tlv.getTag() == 0x30) /* SEQUENCE */
 146                         {
 147                                 if (tlv.getLength() > 0)
 148                                 {
 149                                         /* access granted for specific applications */
 150                                         tlv.enterToValueTLV();
 151                                         if (tlv.decodeTLV())
 152                                         {
 153                                                 switch (tlv.getTag())
 154                                                 {
 155                                                 case 0x04 : /* OCTET STRING : CertHash */
 156                                                         SCARD_DEBUG("aid : %s, hash : %s", aid.toString(), tlv.getValue().toString());
 157
 158                                                         hashes.push_back(tlv.getValue());
 159                                                         break;
 160
 161                                                 case 0xA0 : /* CHOICE 0 : AccessRules */
 162                                                         tlv.enterToValueTLV();
 163                                                         if (tlv.decodeTLV())
 164                                                         {
 165                                                                 switch (tlv.getTag())
 166                                                                 {
 167                                                                 case 0xA0 : /* CHOICE 0 : APDUAccessRule */
 168                                                                         apduRule.loadAPDUAccessRule(tlv.getValue());
 169                                                                         break;
 170
 171                                                                 case 0xA1 : /* CHOICE 1 : NFCAccessRule */
 172                                                                         nfcRule.loadNFCAccessRule(tlv.getValue());
 173                                                                         break;
 174
 175                                                                 default :
 176                                                                         SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
 177                                                                         break;
 178                                                                 }
 179                                                         }
 180                                                         else
 181                                                         {
 182                                                                 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
 183                                                         }
 184                                                         tlv.returnToParentTLV();
 185                                                         break;
 186
 187                                                 default :
 188                                                         SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
 189                                                         break;
 190                                                 }
 191                                         }
 192                                         else
 193                                         {
 194                                                 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
 195                                         }
 196                                         tlv.returnToParentTLV();
 197                                 }
 198                                 else
 199                                 {
 200                                         SCARD_DEBUG("access granted for all applications, aid : %s", aid.toString());
 201
 202                                         permission = true;
 203                                         break;
 204                                 }
 205                         }
 206                 }
 207                 else
 208                 {
 209                         SCARD_DEBUG("access denied for all applications, aid : %s", aid.toString());
 210
 211                         permission = false;
 212                 }
 213         }
 214
 215         bool AccessCondition::isAuthorizedAccess(ByteArray &certHash)
 216         {
 217                 bool result = false;
 218
 219                 if (hashes.size() > 0)
 220                 {
 221                         size_t i;
 222
 223                         for (i = 0; i < hashes.size(); i++)
 224                         {
 225                                 if (certHash == hashes[i])
 226                                 {
 227                                         result = true;
 228                                         break;
 229                                 }
 230                         }
 231                 }
 232                 else
 233                 {
 234                         result = permission;
 235                 }
 236
 237                 return result;
 238         }
 239
 240         bool AccessCondition::isAuthorizedAPDUAccess(ByteArray &command)
 241         {
 242                 bool result = false;
 243
 244                 result = apduRule.isAuthorizedAccess(command);
 245
 246                 return result;
 247         }
 248
 249         bool AccessCondition::isAuthorizedNFCAccess()
 250         {
 251                 bool result = false;
 252
 253                 result = nfcRule.isAuthorizedAccess();
 254
 255                 return result;
 256         }
 257
 258         void AccessCondition::printAccessConditions()
 259         {
 260                 SCARD_DEBUG(" +-- Access Condition");
 261
 262                 if (hashes.size() > 0)
 263                 {
 264                         size_t i;
 265
 266                         for (i = 0; i < hashes.size(); i++)
 267                         {
 268                                 SCARD_DEBUG(" +--- hash : %s", hashes[i].toString());
 269                         }
 270                 }
 271                 else
 272                 {
 273                         SCARD_DEBUG(" +--- permission : %s", permission ? "granted all" : "denied all");
 274                 }
 275         }
 276 } /* namespace smartcard_service_api */