Home | History | Annotate | Download | only in se 
      1 /*
      2  * Copyright (C) 2018 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 /*
     17  * Contributed by: Giesecke & Devrient GmbH.
     18  */
     19 
     20 package com.android.se;
     21 
     22 /**
     23  * Validates APDU command format and throw IllegalArgumentException, if anything is wrong.
     24  */
     25 public class CommandApduValidator {
     26 
     27     private static final int CMD_APDU_LENGTH_CASE1 = 4;
     28     private static final int CMD_APDU_LENGTH_CASE2 = 5;
     29     private static final int CMD_APDU_LENGTH_CASE2_EXTENDED = 7;
     30     private static final int CMD_APDU_LENGTH_CASE3_WITHOUT_DATA = 5;
     31     private static final int CMD_APDU_LENGTH_CASE3_WITHOUT_DATA_EXTENDED = 7;
     32     private static final int CMD_APDU_LENGTH_CASE4_WITHOUT_DATA = 6;
     33     private static final int CMD_APDU_LENGTH_CASE4_WITHOUT_DATA_EXTENDED = 9;
     34 
     35     private static final int MAX_EXPECTED_DATA_LENGTH = 65536;
     36 
     37     private static final int OFFSET_CLA = 0;
     38     private static final int OFFSET_INS = 1;
     39     private static final int OFFSET_P3 = 4;
     40     private static final int OFFSET_DATA = 5;
     41     private static final int OFFSET_DATA_EXTENDED = 7;
     42 
     43     private CommandApduValidator() {
     44     }
     45 
     46     /**
     47      * Executes the validation for the specified APDU command.
     48      *
     49      * @param apdu a command APDU as byte array.
     50      *
     51      * @throws IllegalArgumentException If the command does not follow the APDU command format.
     52      */
     53     public static void execute(byte[] apdu) throws IllegalArgumentException {
     54         if (apdu.length < CMD_APDU_LENGTH_CASE1) {
     55             throw new IllegalArgumentException("Invalid length for command (" + apdu.length + ").");
     56         }
     57         checkCla(apdu[OFFSET_CLA]);
     58         checkIns(apdu[OFFSET_INS]);
     59 
     60         if (apdu.length == CMD_APDU_LENGTH_CASE1) {
     61             return; // Case 1
     62         }
     63 
     64         if (apdu.length == CMD_APDU_LENGTH_CASE2) {
     65             checkLe((int) 0x0FF & apdu[OFFSET_P3]);
     66             return; // Case 2S
     67         }
     68 
     69         if (apdu[OFFSET_P3] != (byte) 0x00) {
     70             int lc = ((int) 0x0FF & apdu[OFFSET_P3]);
     71             if (apdu.length == CMD_APDU_LENGTH_CASE3_WITHOUT_DATA + lc) {
     72                 return; // Case 3S
     73             }
     74             if (apdu.length == CMD_APDU_LENGTH_CASE4_WITHOUT_DATA + lc) {
     75                 checkLe((int) 0x0FF & apdu[apdu.length - 1]);
     76                 return; // Case 4S
     77             }
     78             throw new IllegalArgumentException("Unexpected value of Lc (" + lc + ")");
     79         }
     80 
     81         if (apdu.length == CMD_APDU_LENGTH_CASE2_EXTENDED) {
     82             checkLe((((int) 0x0FF & apdu[OFFSET_DATA]) << 8)
     83                     + ((int) 0x0FF & apdu[OFFSET_DATA + 1]));
     84             return; // Case 2E
     85         }
     86 
     87         if (apdu.length <= OFFSET_DATA_EXTENDED) {
     88             throw new IllegalArgumentException("Unexpected value of Lc or Le" + apdu.length);
     89         }
     90 
     91         int lc = (((int) 0x0FF & apdu[OFFSET_DATA]) << 8) + ((int) 0x0FF & apdu[OFFSET_DATA + 1]);
     92         if (lc == 0) {
     93             throw new IllegalArgumentException("Lc can't be 0");
     94         }
     95 
     96         if (apdu.length == CMD_APDU_LENGTH_CASE3_WITHOUT_DATA_EXTENDED
     97                 + lc) {
     98             return; // Case 3E
     99         }
    100 
    101         if (apdu.length == CMD_APDU_LENGTH_CASE4_WITHOUT_DATA_EXTENDED + lc) {
    102             checkLe((((int) 0x0FF & apdu[apdu.length - 2]) << 8)
    103                     + ((int) 0x0FF & apdu[apdu.length - 1]));
    104             return; // Case 4E
    105         }
    106         throw new IllegalArgumentException("Unexpected value of Lc (" + lc + ")");
    107     }
    108 
    109     private static void checkCla(byte cla) throws IllegalArgumentException {
    110         if (cla == (byte) 0xFF) {
    111             throw new IllegalArgumentException(
    112                     "Invalid value of CLA (" + Integer.toHexString(cla) + ")");
    113         }
    114     }
    115 
    116     private static void checkIns(byte ins) throws IllegalArgumentException {
    117         if ((ins & 0x0F0) == 0x60 || ((ins & 0x0F0) == 0x90)) {
    118             throw new IllegalArgumentException(
    119                     "Invalid value of INS (" + Integer.toHexString(ins) + "). "
    120                             + "0x6X and 0x9X are not valid values");
    121         }
    122     }
    123 
    124     private static void checkLe(int le) throws IllegalArgumentException {
    125         if (le < 0 || le > MAX_EXPECTED_DATA_LENGTH) {
    126             throw new IllegalArgumentException(
    127                     "Invalid value for le parameter (" + le + ").");
    128         }
    129     }
    130 }
    131