layer23/sap_interface.c: reimplement (BT)SAP interface

The (BT)SAP (Bluetooth SIM Access Profile) is a part of Bluetooth
specifications, that defines the protocol and procedures that
shall be used to access a smart card (usually GSM SIM) via
a Bluetooth link.

The profile defines two roles:

  - Server - the side that has direct access to a smart card.
    It acts as a SIM card reader, which assists the Client
    in accessing and controlling the smart card.

  - Client - the side that accesses and controls the smart card
    inside the Server through the connection with Server.

Typical examples of a Server are a simple SIM card holder or
a portable phone in the car environment. A typical example of
a Client is a car phone, which uses a subscription module in
the Server for a connection to the cellular network.

OsmocomBB implements the Client role providing abstract SAP
interface API to the higher layers. Instead of Bluetooth,
a UNIX socket is used to communicate with a Server.

The previous implementation of (BT)SAP interface was incomplete
and hard to maintain. This change (re)implements it almost from
scratch on top of the Osmocom FSM framework.

Besides that, the most significant changes are:

  - The implementation is separated into three parts:
    - sap_interface.{c|h} - public SAP interface API,
    - sap_proto.{c|h} - SAP protocol definition,
    - sap_fsm.{c|h} - SAP FSM implementation.

  - Both 'sap_message' and 'sap_param' structures follow the
    SAP message format definition according to 5.1 and 5.2.

  - The message parsing is done more carefully in order to
    prevent buffer overflow and NULL-pointer dereference.

  - Introduced public API for getting / adding message
    parameters, and checking the ResultCode.

  - Introduced public API for opening / closing a connection
    with the server, powering on / off and resetting the SIM
    card, sending ATR and APDU.

  - Introduced a call-back for handling the response message.

  - Card reader state is also a part of the public API.

The new implementation was tested against softsim [1]. The
only limitation is Server-initiated Release, that allows the
Server to 'ask' a Client to release connection as soon as
communication with the smart card is finished. This is not
implemented (yet), and leads to immediate release.

[1] https://git.osmocom.org/softsim/

Change-Id: I77bb108615bb2c94c441568f195b04e0a5421643

1 files changed, 49 insertions, 0 deletions

diff --git a/src/host/layer23/src/mobile/subscriber.c b/src/host/layer23/src/mobile/subscriber.c
index b2be5549..e1e63318 100644
--- a/src/host/layer23/src/mobile/subscriber.c
+++ b/src/host/layer23/src/mobile/subscriber.c
@@ -29,6 +29,7 @@
 #include <osmocom/bb/common/logging.h>
 #include <osmocom/bb/common/osmocom_data.h>
 #include <osmocom/bb/common/sap_interface.h>
+#include <osmocom/bb/common/sap_proto.h>
 #include <osmocom/bb/common/networks.h>
 #include <osmocom/bb/mobile/vty.h>
 
@@ -1306,3 +1307,51 @@ int gsm_subscr_remove_sapcard(struct osmocom_ms *ms)
 {
 	return sap_close(ms);
 }
+
+int gsm_subscr_sap_rsp_cb(struct osmocom_ms *ms, int res_code,
+	uint8_t res_type, uint16_t param_len, const uint8_t *param_val)
+{
+	struct msgb *msg;
+	int rc = 0;
+
+	/* Response parameter is not encoded in case of error */
+	if (res_code != SAP_RESULT_OK_REQ_PROC_CORR)
+		goto ignore_rsp;
+
+	switch (res_type) {
+	case SAP_TRANSFER_APDU_RESP:
+		/* Prevent NULL-pointer dereference */
+		if (!param_len || !param_val) {
+			rc = -EINVAL;
+			goto ignore_rsp;
+		}
+
+		/* FIXME: why do we use this length? */
+		msg = msgb_alloc(GSM_SAP_LENGTH, "sap_apdu");
+		if (!msg) {
+			rc = -ENOMEM;
+			goto ignore_rsp;
+		}
+
+		msg->data = msgb_put(msg, param_len);
+		memcpy(msg->data, param_val, param_len);
+
+		return sim_apdu_resp(ms, msg);
+
+	case SAP_TRANSFER_ATR_RESP:
+		/* TODO: don't read SIM again (if already) */
+		LOGP(DSAP, LOGL_INFO, "SAP card is ready, start reading...\n");
+		return subscr_sim_request(ms);
+
+	default:
+		rc = -ENOTSUP;
+		goto ignore_rsp;
+	}
+
+	return 0;
+
+ignore_rsp:
+	LOGP(DSAP, LOGL_NOTICE, "Ignored SAP response '%s' (code=%d)\n",
+		get_value_string(sap_msg_names, res_type), res_code);
+	return rc;
+}