Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (c) 2022 Micro Focus or one of its affiliates. |
3 | | * Copyright (c) 2022 Yubico AB. All rights reserved. |
4 | | * Use of this source code is governed by a BSD-style |
5 | | * license that can be found in the LICENSE file. |
6 | | */ |
7 | | |
8 | | #if __APPLE__ |
9 | | #include <PCSC/wintypes.h> |
10 | | #include <PCSC/winscard.h> |
11 | | #else |
12 | | #include <winscard.h> |
13 | | #endif /* __APPLE__ */ |
14 | | |
15 | | #include <errno.h> |
16 | | |
17 | | #include "fido.h" |
18 | | #include "fido/param.h" |
19 | | #include "iso7816.h" |
20 | | |
21 | | #if defined(_WIN32) && !defined(__MINGW32__) |
22 | | #define SCardConnect SCardConnectA |
23 | | #define SCardListReaders SCardListReadersA |
24 | | #endif |
25 | | |
26 | | #ifndef SCARD_PROTOCOL_Tx |
27 | 2.96k | #define SCARD_PROTOCOL_Tx SCARD_PROTOCOL_ANY |
28 | | #endif |
29 | | |
30 | 9.10k | #define BUFSIZE 1024 /* in bytes; passed to SCardListReaders() */ |
31 | | #define APDULEN 264 /* 261 rounded up to the nearest multiple of 8 */ |
32 | 3.59k | #define READERS 8 /* maximum number of readers */ |
33 | | |
34 | | struct pcsc { |
35 | | SCARDCONTEXT ctx; |
36 | | SCARDHANDLE h; |
37 | | SCARD_IO_REQUEST req; |
38 | | uint8_t rx_buf[APDULEN]; |
39 | | size_t rx_len; |
40 | | }; |
41 | | |
42 | | static LONG |
43 | | list_readers(SCARDCONTEXT ctx, char **buf) |
44 | 3.75k | { |
45 | 3.75k | LONG s; |
46 | 3.75k | DWORD len; |
47 | | |
48 | 3.75k | len = BUFSIZE; |
49 | 3.75k | if ((*buf = calloc(1, len)) == NULL) |
50 | 16 | goto fail; |
51 | 3.73k | if ((s = SCardListReaders(ctx, NULL, *buf, &len)) != SCARD_S_SUCCESS) { |
52 | 1.06k | fido_log_debug("%s: SCardListReaders 0x%lx", __func__, (long)s); |
53 | 1.06k | goto fail; |
54 | 1.06k | } |
55 | | /* sanity check "multi-string" */ |
56 | 2.67k | if (len > BUFSIZE || len < 2) { |
57 | 241 | fido_log_debug("%s: bogus len=%u", __func__, (unsigned)len); |
58 | 241 | goto fail; |
59 | 241 | } |
60 | 2.43k | if ((*buf)[len - 1] != 0 || (*buf)[len - 2] != '\0') { |
61 | 66 | fido_log_debug("%s: bogus buf", __func__); |
62 | 66 | goto fail; |
63 | 66 | } |
64 | 2.36k | return (LONG)SCARD_S_SUCCESS; |
65 | 1.38k | fail: |
66 | 1.38k | free(*buf); |
67 | 1.38k | *buf = NULL; |
68 | | |
69 | 1.38k | return (LONG)SCARD_E_NO_READERS_AVAILABLE; |
70 | 2.43k | } |
71 | | |
72 | | static char * |
73 | | get_reader(SCARDCONTEXT ctx, const char *path) |
74 | 4.67k | { |
75 | 4.67k | char *reader = NULL, *buf = NULL; |
76 | 4.67k | const char prefix[] = FIDO_PCSC_PREFIX "//slot"; |
77 | 4.67k | uint64_t n; |
78 | | |
79 | 4.67k | if (path == NULL) |
80 | 731 | goto out; |
81 | 3.94k | if (strncmp(path, prefix, strlen(prefix)) != 0 || |
82 | 3.94k | fido_to_uint64(path + strlen(prefix), 10, &n) < 0 || |
83 | 3.94k | n > READERS - 1) { |
84 | 1.94k | fido_log_debug("%s: invalid path %s", __func__, path); |
85 | 1.94k | goto out; |
86 | 1.94k | } |
87 | 2.00k | if (list_readers(ctx, &buf) != SCARD_S_SUCCESS) { |
88 | 87 | fido_log_debug("%s: list_readers", __func__); |
89 | 87 | goto out; |
90 | 87 | } |
91 | 4.62k | for (const char *name = buf; *name != 0; name += strlen(name) + 1) { |
92 | 4.57k | if (n == 0) { |
93 | 1.86k | reader = strdup(name); |
94 | 1.86k | goto out; |
95 | 1.86k | } |
96 | 2.71k | n--; |
97 | 2.71k | } |
98 | 46 | fido_log_debug("%s: failed to find reader %s", __func__, path); |
99 | 4.67k | out: |
100 | 4.67k | free(buf); |
101 | | |
102 | 4.67k | return reader; |
103 | 46 | } |
104 | | |
105 | | static int |
106 | | prepare_io_request(DWORD prot, SCARD_IO_REQUEST *req) |
107 | 2.94k | { |
108 | 2.94k | switch (prot) { |
109 | 1.46k | case SCARD_PROTOCOL_T0: |
110 | 1.46k | req->dwProtocol = SCARD_PCI_T0->dwProtocol; |
111 | 1.46k | req->cbPciLength = SCARD_PCI_T0->cbPciLength; |
112 | 1.46k | break; |
113 | 1.45k | case SCARD_PROTOCOL_T1: |
114 | 1.45k | req->dwProtocol = SCARD_PCI_T1->dwProtocol; |
115 | 1.45k | req->cbPciLength = SCARD_PCI_T1->cbPciLength; |
116 | 1.45k | break; |
117 | 29 | default: |
118 | 29 | fido_log_debug("%s: unknown protocol %lu", __func__, |
119 | 29 | (u_long)prot); |
120 | 29 | return -1; |
121 | 2.94k | } |
122 | | |
123 | 2.91k | return 0; |
124 | 2.94k | } |
125 | | |
126 | | static int |
127 | | copy_info(fido_dev_info_t *di, SCARDCONTEXT ctx, const char *reader, size_t idx) |
128 | 1.10k | { |
129 | 1.10k | SCARDHANDLE h = 0; |
130 | 1.10k | SCARD_IO_REQUEST req; |
131 | 1.10k | DWORD prot = 0; |
132 | 1.10k | LONG s; |
133 | 1.10k | int ok = -1; |
134 | | |
135 | 1.10k | memset(di, 0, sizeof(*di)); |
136 | 1.10k | memset(&req, 0, sizeof(req)); |
137 | | |
138 | 1.10k | if ((s = SCardConnect(ctx, reader, SCARD_SHARE_SHARED, |
139 | 1.10k | SCARD_PROTOCOL_Tx, &h, &prot)) != SCARD_S_SUCCESS) { |
140 | 8 | fido_log_debug("%s: SCardConnect 0x%lx", __func__, (long)s); |
141 | 8 | goto fail; |
142 | 8 | } |
143 | 1.09k | if (prepare_io_request(prot, &req) < 0) { |
144 | 13 | fido_log_debug("%s: prepare_io_request", __func__); |
145 | 13 | goto fail; |
146 | 13 | } |
147 | 1.08k | if (asprintf(&di->path, "%s//slot%zu", FIDO_PCSC_PREFIX, idx) == -1) { |
148 | 6 | di->path = NULL; |
149 | 6 | fido_log_debug("%s: asprintf", __func__); |
150 | 6 | goto fail; |
151 | 6 | } |
152 | 1.08k | if (nfc_is_fido(di->path) == false) { |
153 | 1.00k | fido_log_debug("%s: nfc_is_fido: %s", __func__, di->path); |
154 | 1.00k | goto fail; |
155 | 1.00k | } |
156 | 77 | if ((di->manufacturer = strdup("PC/SC")) == NULL || |
157 | 77 | (di->product = strdup(reader)) == NULL) |
158 | 2 | goto fail; |
159 | | |
160 | 75 | ok = 0; |
161 | 1.10k | fail: |
162 | 1.10k | if (h != 0) |
163 | 1.09k | SCardDisconnect(h, SCARD_LEAVE_CARD); |
164 | 1.10k | if (ok < 0) { |
165 | 1.03k | free(di->path); |
166 | 1.03k | free(di->manufacturer); |
167 | 1.03k | free(di->product); |
168 | 1.03k | explicit_bzero(di, sizeof(*di)); |
169 | 1.03k | } |
170 | | |
171 | 1.10k | return ok; |
172 | 75 | } |
173 | | |
174 | | int |
175 | | fido_pcsc_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) |
176 | 3.28k | { |
177 | 3.28k | SCARDCONTEXT ctx = 0; |
178 | 3.28k | char *buf = NULL; |
179 | 3.28k | LONG s; |
180 | 3.28k | size_t idx = 0; |
181 | 3.28k | int r = FIDO_ERR_INTERNAL; |
182 | | |
183 | 3.28k | *olen = 0; |
184 | | |
185 | 3.28k | if (ilen == 0) |
186 | 762 | return FIDO_OK; |
187 | 2.52k | if (devlist == NULL) |
188 | 751 | return FIDO_ERR_INVALID_ARGUMENT; |
189 | | |
190 | 1.77k | if ((s = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, |
191 | 1.77k | &ctx)) != SCARD_S_SUCCESS || ctx == 0) { |
192 | 23 | fido_log_debug("%s: SCardEstablishContext 0x%lx", __func__, |
193 | 23 | (long)s); |
194 | 23 | if (s == (LONG)SCARD_E_NO_SERVICE || |
195 | 23 | s == (LONG)SCARD_E_NO_SMARTCARD) |
196 | 14 | r = FIDO_OK; /* suppress error */ |
197 | 23 | goto out; |
198 | 23 | } |
199 | 1.75k | if ((s = list_readers(ctx, &buf)) != SCARD_S_SUCCESS) { |
200 | 1.30k | fido_log_debug("%s: list_readers 0x%lx", __func__, (long)s); |
201 | 1.30k | if (s == (LONG)SCARD_E_NO_READERS_AVAILABLE) |
202 | 1.30k | r = FIDO_OK; /* suppress error */ |
203 | 1.30k | goto out; |
204 | 1.30k | } |
205 | | |
206 | 1.55k | for (const char *name = buf; *name != 0; name += strlen(name) + 1) { |
207 | 1.12k | if (idx == READERS) { |
208 | 18 | fido_log_debug("%s: stopping at %zu readers", __func__, |
209 | 18 | idx); |
210 | 18 | r = FIDO_OK; |
211 | 18 | goto out; |
212 | 18 | } |
213 | 1.10k | if (copy_info(&devlist[*olen], ctx, name, idx++) == 0) { |
214 | 75 | devlist[*olen].io = (fido_dev_io_t) { |
215 | 75 | fido_pcsc_open, |
216 | 75 | fido_pcsc_close, |
217 | 75 | fido_pcsc_read, |
218 | 75 | fido_pcsc_write, |
219 | 75 | }; |
220 | 75 | devlist[*olen].transport = (fido_dev_transport_t) { |
221 | 75 | fido_pcsc_rx, |
222 | 75 | fido_pcsc_tx, |
223 | 75 | }; |
224 | 75 | if (++(*olen) == ilen) |
225 | 2 | break; |
226 | 75 | } |
227 | 1.10k | } |
228 | | |
229 | 434 | r = FIDO_OK; |
230 | 1.77k | out: |
231 | 1.77k | free(buf); |
232 | 1.77k | if (ctx != 0) |
233 | 1.77k | SCardReleaseContext(ctx); |
234 | | |
235 | 1.77k | return r; |
236 | 434 | } |
237 | | |
238 | | void * |
239 | | fido_pcsc_open(const char *path) |
240 | 4.81k | { |
241 | 4.81k | char *reader = NULL; |
242 | 4.81k | struct pcsc *dev = NULL; |
243 | 4.81k | SCARDCONTEXT ctx = 0; |
244 | 4.81k | SCARDHANDLE h = 0; |
245 | 4.81k | SCARD_IO_REQUEST req; |
246 | 4.81k | DWORD prot = 0; |
247 | 4.81k | LONG s; |
248 | | |
249 | 4.81k | memset(&req, 0, sizeof(req)); |
250 | | |
251 | 4.81k | if ((s = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, |
252 | 4.81k | &ctx)) != SCARD_S_SUCCESS || ctx == 0) { |
253 | 140 | fido_log_debug("%s: SCardEstablishContext 0x%lx", __func__, |
254 | 140 | (long)s); |
255 | 140 | goto fail; |
256 | | |
257 | 140 | } |
258 | 4.67k | if ((reader = get_reader(ctx, path)) == NULL) { |
259 | 2.81k | fido_log_debug("%s: get_reader(%s)", __func__, path); |
260 | 2.81k | goto fail; |
261 | 2.81k | } |
262 | 1.85k | if ((s = SCardConnect(ctx, reader, SCARD_SHARE_SHARED, |
263 | 1.85k | SCARD_PROTOCOL_Tx, &h, &prot)) != SCARD_S_SUCCESS) { |
264 | 17 | fido_log_debug("%s: SCardConnect 0x%lx", __func__, (long)s); |
265 | 17 | goto fail; |
266 | 17 | } |
267 | 1.84k | if (prepare_io_request(prot, &req) < 0) { |
268 | 16 | fido_log_debug("%s: prepare_io_request", __func__); |
269 | 16 | goto fail; |
270 | 16 | } |
271 | 1.82k | if ((dev = calloc(1, sizeof(*dev))) == NULL) |
272 | 13 | goto fail; |
273 | | |
274 | 1.81k | dev->ctx = ctx; |
275 | 1.81k | dev->h = h; |
276 | 1.81k | dev->req = req; |
277 | 1.81k | ctx = 0; |
278 | 1.81k | h = 0; |
279 | 4.81k | fail: |
280 | 4.81k | if (h != 0) |
281 | 29 | SCardDisconnect(h, SCARD_LEAVE_CARD); |
282 | 4.81k | if (ctx != 0) |
283 | 2.96k | SCardReleaseContext(ctx); |
284 | 4.81k | free(reader); |
285 | | |
286 | 4.81k | return dev; |
287 | 1.81k | } |
288 | | |
289 | | void |
290 | | fido_pcsc_close(void *handle) |
291 | 1.81k | { |
292 | 1.81k | struct pcsc *dev = handle; |
293 | | |
294 | 1.81k | if (dev->h != 0) |
295 | 1.81k | SCardDisconnect(dev->h, SCARD_LEAVE_CARD); |
296 | 1.81k | if (dev->ctx != 0) |
297 | 1.81k | SCardReleaseContext(dev->ctx); |
298 | | |
299 | 1.81k | explicit_bzero(dev->rx_buf, sizeof(dev->rx_buf)); |
300 | 1.81k | free(dev); |
301 | 1.81k | } |
302 | | |
303 | | int |
304 | | fido_pcsc_read(void *handle, unsigned char *buf, size_t len, int ms) |
305 | 1.59k | { |
306 | 1.59k | struct pcsc *dev = handle; |
307 | 1.59k | int r; |
308 | | |
309 | 1.59k | (void)ms; |
310 | 1.59k | if (dev->rx_len == 0 || dev->rx_len > len || |
311 | 1.59k | dev->rx_len > sizeof(dev->rx_buf)) { |
312 | 918 | fido_log_debug("%s: rx_len", __func__); |
313 | 918 | return -1; |
314 | 918 | } |
315 | 677 | fido_log_xxd(dev->rx_buf, dev->rx_len, "%s: reading", __func__); |
316 | 677 | memcpy(buf, dev->rx_buf, dev->rx_len); |
317 | 677 | explicit_bzero(dev->rx_buf, sizeof(dev->rx_buf)); |
318 | 677 | r = (int)dev->rx_len; |
319 | 677 | dev->rx_len = 0; |
320 | | |
321 | 677 | return r; |
322 | 1.59k | } |
323 | | |
324 | | int |
325 | | fido_pcsc_write(void *handle, const unsigned char *buf, size_t len) |
326 | 2.40k | { |
327 | 2.40k | struct pcsc *dev = handle; |
328 | 2.40k | DWORD n; |
329 | 2.40k | LONG s; |
330 | | |
331 | 2.40k | if (len > INT_MAX) { |
332 | 751 | fido_log_debug("%s: len", __func__); |
333 | 751 | return -1; |
334 | 751 | } |
335 | | |
336 | 1.65k | explicit_bzero(dev->rx_buf, sizeof(dev->rx_buf)); |
337 | 1.65k | dev->rx_len = 0; |
338 | 1.65k | n = (DWORD)sizeof(dev->rx_buf); |
339 | | |
340 | 1.65k | fido_log_xxd(buf, len, "%s: writing", __func__); |
341 | | |
342 | 1.65k | if ((s = SCardTransmit(dev->h, &dev->req, buf, (DWORD)len, NULL, |
343 | 1.65k | dev->rx_buf, &n)) != SCARD_S_SUCCESS) { |
344 | 24 | fido_log_debug("%s: SCardTransmit 0x%lx", __func__, (long)s); |
345 | 24 | explicit_bzero(dev->rx_buf, sizeof(dev->rx_buf)); |
346 | 24 | return -1; |
347 | 24 | } |
348 | 1.62k | dev->rx_len = (size_t)n; |
349 | | |
350 | 1.62k | fido_log_xxd(dev->rx_buf, dev->rx_len, "%s: read", __func__); |
351 | | |
352 | 1.62k | return (int)len; |
353 | 1.65k | } |
354 | | |
355 | | int |
356 | | fido_pcsc_tx(fido_dev_t *d, uint8_t cmd, const u_char *buf, size_t count) |
357 | 1.86k | { |
358 | 1.86k | return fido_nfc_tx(d, cmd, buf, count); |
359 | 1.86k | } |
360 | | |
361 | | int |
362 | | fido_pcsc_rx(fido_dev_t *d, uint8_t cmd, u_char *buf, size_t count, int ms) |
363 | 1.82k | { |
364 | 1.82k | return fido_nfc_rx(d, cmd, buf, count, ms); |
365 | 1.82k | } |
366 | | |
367 | | bool |
368 | | fido_is_pcsc(const char *path) |
369 | 492k | { |
370 | 492k | return strncmp(path, FIDO_PCSC_PREFIX, strlen(FIDO_PCSC_PREFIX)) == 0; |
371 | 492k | } |
372 | | |
373 | | int |
374 | | fido_dev_set_pcsc(fido_dev_t *d) |
375 | 4.07k | { |
376 | 4.07k | if (d->io_handle != NULL) { |
377 | 0 | fido_log_debug("%s: device open", __func__); |
378 | 0 | return -1; |
379 | 0 | } |
380 | 4.07k | d->io_own = true; |
381 | 4.07k | d->io = (fido_dev_io_t) { |
382 | 4.07k | fido_pcsc_open, |
383 | 4.07k | fido_pcsc_close, |
384 | 4.07k | fido_pcsc_read, |
385 | 4.07k | fido_pcsc_write, |
386 | 4.07k | }; |
387 | 4.07k | d->transport = (fido_dev_transport_t) { |
388 | 4.07k | fido_pcsc_rx, |
389 | 4.07k | fido_pcsc_tx, |
390 | 4.07k | }; |
391 | | |
392 | 4.07k | return 0; |
393 | 4.07k | } |