common/AccessCondition.cpp

   1 /*
   2  * Copyright (c) 2012, 2013 Samsung Electronics Co., Ltd.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /* standard library header */
  18 #include <stdio.h>
  19
  20 /* SLP library header */
  21
  22 /* local header */
  23 #include "Debug.h"
  24 #include "SimpleTLV.h"
  25 #include "AccessCondition.h"
  26
  27 namespace smartcard_service_api
  28 {
  29         void APDUAccessRule::loadAPDUAccessRule(const ByteArray &data)
  30         {
  31                 SimpleTLV tlv(data);
  32
  33                 if (tlv.decodeTLV() == true)
  34                 {
  35                         switch (tlv.getTag())
  36                         {
  37                         case 0xA0 : /* CHOICE 0 : APDUPermission */
  38                                 permission = SimpleTLV::getBoolean(tlv.getValue());
  39                                 break;
  40
  41                         case 0xA1 : /* CHOICE 1 : APDUFilters */
  42                                 tlv.enterToValueTLV();
  43                                 while (tlv.decodeTLV() == true)
  44                                 {
  45                                         if (tlv.getTag() == 0x04) /* OCTET STRING */
  46                                         {
  47                                                 ByteArray apdu, mask, value;
  48
  49                                                 value = tlv.getValue();
  50
  51                                                 SCARD_DEBUG("APDU rule : %s", value.toString());
  52
  53                                                 if (value.getLength() == 8) /* apdu 4 bytes + mask 4 bytes */
  54                                                 {
  55                                                         apdu.setBuffer(value.getBuffer(), 4);
  56                                                         mask.setBuffer(value.getBuffer(4), 4);
  57
  58                                                         pair<ByteArray, ByteArray> newItem(apdu, mask);
  59
  60                                                         mapApduFilters.insert(newItem);
  61                                                 }
  62                                                 else
  63                                                 {
  64                                                         SCARD_DEBUG_ERR("Invalid APDU rule : %s", value.toString());
  65                                                 }
  66                                         }
  67                                         else
  68                                         {
  69                                                 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
  70                                         }
  71                                 }
  72                                 tlv.returnToParentTLV();
  73                                 break;
  74
  75                         default :
  76                                 SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
  77                                 break;
  78                         }
  79                 }
  80         }
  81
  82         bool APDUAccessRule::isAuthorizedAccess(const ByteArray &command)
  83         {
  84                 bool result = false;
  85
  86                 if (mapApduFilters.size() > 0)
  87                 {
  88                         /* TODO : search command and check validity */
  89                 }
  90                 else
  91                 {
  92                         /* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
  93                         result = permission;
  94                 }
  95
  96                 return result;
  97         }
  98
  99         void APDUAccessRule::printAPDUAccessRules()
 100         {
 101                 SCARD_DEBUG("  +-- APDU Access Rule");
 102
 103                 if (mapApduFilters.size() > 0)
 104                 {
 105                         map<ByteArray, ByteArray>::iterator iterMap;
 106
 107                         for (iterMap = mapApduFilters.begin(); iterMap != mapApduFilters.end(); iterMap++)
 108                         {
 109                                 SCARD_DEBUG("  +--- APDU : %s, Mask : %s", ((ByteArray)(iterMap->first)).toString(), iterMap->second.toString());
 110                         }
 111                 }
 112                 else
 113                 {
 114                         SCARD_DEBUG("  +--- permission : %s", permission ? "granted all" : "denied all");
 115                 }
 116         }
 117
 118         void NFCAccessRule::loadNFCAccessRule(const ByteArray &data)
 119         {
 120                 permission = SimpleTLV::getBoolean(data);
 121         }
 122
 123         bool NFCAccessRule::isAuthorizedAccess(void)
 124         {
 125                 bool result = false;
 126
 127                 result = permission;
 128
 129                 return result;
 130         }
 131
 132         void NFCAccessRule::printNFCAccessRules()
 133         {
 134                 SCARD_DEBUG("   +-- NFC Access Rule");
 135                 SCARD_DEBUG("   +--- permission : %s", permission ? "granted all" : "denied all");
 136         }
 137
 138         void AccessCondition::loadAccessCondition(ByteArray &aid, ByteArray &data)
 139         {
 140                 if (data.getLength() > 0)
 141                 {
 142                         SimpleTLV tlv(data);
 143
 144                         while (tlv.decodeTLV() == true && tlv.getTag() == 0x30) /* SEQUENCE */
 145                         {
 146                                 if (tlv.getLength() > 0)
 147                                 {
 148                                         /* access granted for specific applications */
 149                                         tlv.enterToValueTLV();
 150                                         if (tlv.decodeTLV())
 151                                         {
 152                                                 switch (tlv.getTag())
 153                                                 {
 154                                                 case 0x04 : /* OCTET STRING : CertHash */
 155                                                         SCARD_DEBUG("aid : %s, hash : %s", aid.toString(), tlv.getValue().toString());
 156
 157                                                         hashes.push_back(tlv.getValue());
 158                                                         break;
 159
 160                                                 case 0xA0 : /* CHOICE 0 : AccessRules */
 161                                                         tlv.enterToValueTLV();
 162                                                         if (tlv.decodeTLV())
 163                                                         {
 164                                                                 switch (tlv.getTag())
 165                                                                 {
 166                                                                 case 0xA0 : /* CHOICE 0 : APDUAccessRule */
 167                                                                         apduRule.loadAPDUAccessRule(tlv.getValue());
 168                                                                         break;
 169
 170                                                                 case 0xA1 : /* CHOICE 1 : NFCAccessRule */
 171                                                                         nfcRule.loadNFCAccessRule(tlv.getValue());
 172                                                                         break;
 173
 174                                                                 default :
 175                                                                         SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
 176                                                                         break;
 177                                                                 }
 178                                                         }
 179                                                         else
 180                                                         {
 181                                                                 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
 182                                                         }
 183                                                         tlv.returnToParentTLV();
 184                                                         break;
 185
 186                                                 default :
 187                                                         SCARD_DEBUG_ERR("Unknown tag : 0x%02X", tlv.getTag());
 188                                                         break;
 189                                                 }
 190                                         }
 191                                         else
 192                                         {
 193                                                 SCARD_DEBUG_ERR("tlv.decodeTLV failed");
 194                                         }
 195                                         tlv.returnToParentTLV();
 196                                 }
 197                                 else
 198                                 {
 199                                         SCARD_DEBUG("access granted for all applications, aid : %s", aid.toString());
 200
 201                                         permission = true;
 202                                         break;
 203                                 }
 204                         }
 205                 }
 206                 else
 207                 {
 208                         SCARD_DEBUG("access denied for all applications, aid : %s", aid.toString());
 209
 210                         permission = false;
 211                 }
 212         }
 213
 214         bool AccessCondition::isAuthorizedAccess(ByteArray &certHash)
 215         {
 216                 bool result = false;
 217
 218                 if (hashes.size() > 0)
 219                 {
 220                         size_t i;
 221
 222                         for (i = 0; i < hashes.size(); i++)
 223                         {
 224                                 if (certHash == hashes[i])
 225                                 {
 226                                         result = true;
 227                                         break;
 228                                 }
 229                         }
 230                 }
 231                 else
 232                 {
 233                         result = permission;
 234                 }
 235
 236                 return result;
 237         }
 238
 239         bool AccessCondition::isAuthorizedAPDUAccess(ByteArray &command)
 240         {
 241                 bool result = false;
 242
 243                 result = apduRule.isAuthorizedAccess(command);
 244
 245                 return result;
 246         }
 247
 248         bool AccessCondition::isAuthorizedNFCAccess()
 249         {
 250                 bool result = false;
 251
 252                 result = nfcRule.isAuthorizedAccess();
 253
 254                 return result;
 255         }
 256
 257         void AccessCondition::printAccessConditions()
 258         {
 259                 SCARD_DEBUG(" +-- Access Condition");
 260
 261                 if (hashes.size() > 0)
 262                 {
 263                         size_t i;
 264
 265                         for (i = 0; i < hashes.size(); i++)
 266                         {
 267                                 SCARD_DEBUG(" +--- hash : %s", hashes[i].toString());
 268                         }
 269                 }
 270                 else
 271                 {
 272                         SCARD_DEBUG(" +--- permission : %s", permission ? "granted all" : "denied all");
 273                 }
 274         }
 275 } /* namespace smartcard_service_api */