1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 /*
17  * Contributed by: Giesecke & Devrient GmbH.
18  */
19 
20 package com.android.se;
21 
22 /**
23  * Validates APDU command format and throw IllegalArgumentException, if anything is wrong.
24  */
25 public class CommandApduValidator {
26 
27     private static final int CMD_APDU_LENGTH_CASE1 = 4;
28     private static final int CMD_APDU_LENGTH_CASE2 = 5;
29     private static final int CMD_APDU_LENGTH_CASE2_EXTENDED = 7;
30     private static final int CMD_APDU_LENGTH_CASE3_WITHOUT_DATA = 5;
31     private static final int CMD_APDU_LENGTH_CASE3_WITHOUT_DATA_EXTENDED = 7;
32     private static final int CMD_APDU_LENGTH_CASE4_WITHOUT_DATA = 6;
33     private static final int CMD_APDU_LENGTH_CASE4_WITHOUT_DATA_EXTENDED = 9;
34 
35     private static final int MAX_EXPECTED_DATA_LENGTH = 65536;
36 
37     private static final int OFFSET_CLA = 0;
38     private static final int OFFSET_INS = 1;
39     private static final int OFFSET_P3 = 4;
40     private static final int OFFSET_DATA = 5;
41     private static final int OFFSET_DATA_EXTENDED = 7;
42 
CommandApduValidator()43     private CommandApduValidator() {
44     }
45 
46     /**
47      * Executes the validation for the specified APDU command.
48      *
49      * @param apdu a command APDU as byte array.
50      *
51      * @throws IllegalArgumentException If the command does not follow the APDU command format.
52      */
execute(byte[] apdu)53     public static void execute(byte[] apdu) throws IllegalArgumentException {
54         if (apdu.length < CMD_APDU_LENGTH_CASE1) {
55             throw new IllegalArgumentException("Invalid length for command (" + apdu.length + ").");
56         }
57         checkCla(apdu[OFFSET_CLA]);
58         checkIns(apdu[OFFSET_INS]);
59 
60         if (apdu.length == CMD_APDU_LENGTH_CASE1) {
61             return; // Case 1
62         }
63 
64         if (apdu.length == CMD_APDU_LENGTH_CASE2) {
65             checkLe((int) 0x0FF & apdu[OFFSET_P3]);
66             return; // Case 2S
67         }
68 
69         if (apdu[OFFSET_P3] != (byte) 0x00) {
70             int lc = ((int) 0x0FF & apdu[OFFSET_P3]);
71             if (apdu.length == CMD_APDU_LENGTH_CASE3_WITHOUT_DATA + lc) {
72                 return; // Case 3S
73             }
74             if (apdu.length == CMD_APDU_LENGTH_CASE4_WITHOUT_DATA + lc) {
75                 checkLe((int) 0x0FF & apdu[apdu.length - 1]);
76                 return; // Case 4S
77             }
78             throw new IllegalArgumentException("Unexpected value of Lc (" + lc + ")");
79         }
80 
81         if (apdu.length == CMD_APDU_LENGTH_CASE2_EXTENDED) {
82             checkLe((((int) 0x0FF & apdu[OFFSET_DATA]) << 8)
83                     + ((int) 0x0FF & apdu[OFFSET_DATA + 1]));
84             return; // Case 2E
85         }
86 
87         if (apdu.length <= OFFSET_DATA_EXTENDED) {
88             throw new IllegalArgumentException("Unexpected value of Lc or Le" + apdu.length);
89         }
90 
91         int lc = (((int) 0x0FF & apdu[OFFSET_DATA]) << 8) + ((int) 0x0FF & apdu[OFFSET_DATA + 1]);
92         if (lc == 0) {
93             throw new IllegalArgumentException("Lc can't be 0");
94         }
95 
96         if (apdu.length == CMD_APDU_LENGTH_CASE3_WITHOUT_DATA_EXTENDED
97                 + lc) {
98             return; // Case 3E
99         }
100 
101         if (apdu.length == CMD_APDU_LENGTH_CASE4_WITHOUT_DATA_EXTENDED + lc) {
102             checkLe((((int) 0x0FF & apdu[apdu.length - 2]) << 8)
103                     + ((int) 0x0FF & apdu[apdu.length - 1]));
104             return; // Case 4E
105         }
106         throw new IllegalArgumentException("Unexpected value of Lc (" + lc + ")");
107     }
108 
checkCla(byte cla)109     private static void checkCla(byte cla) throws IllegalArgumentException {
110         if (cla == (byte) 0xFF) {
111             throw new IllegalArgumentException(
112                     "Invalid value of CLA (" + Integer.toHexString(cla) + ")");
113         }
114     }
115 
checkIns(byte ins)116     private static void checkIns(byte ins) throws IllegalArgumentException {
117         if ((ins & 0x0F0) == 0x60 || ((ins & 0x0F0) == 0x90)) {
118             throw new IllegalArgumentException(
119                     "Invalid value of INS (" + Integer.toHexString(ins) + "). "
120                             + "0x6X and 0x9X are not valid values");
121         }
122     }
123 
checkLe(int le)124     private static void checkLe(int le) throws IllegalArgumentException {
125         if (le < 0 || le > MAX_EXPECTED_DATA_LENGTH) {
126             throw new IllegalArgumentException(
127                     "Invalid value for le parameter (" + le + ").");
128         }
129     }
130 }
131