Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (c) 2022 Micro Focus or one of its affiliates. |
3 | | * Copyright (c) 2022 Yubico AB. All rights reserved. |
4 | | * Use of this source code is governed by a BSD-style |
5 | | * license that can be found in the LICENSE file. |
6 | | */ |
7 | | |
8 | | #if __APPLE__ |
9 | | #include <PCSC/wintypes.h> |
10 | | #include <PCSC/winscard.h> |
11 | | #else |
12 | | #include <winscard.h> |
13 | | #endif /* __APPLE__ */ |
14 | | |
15 | | #include <errno.h> |
16 | | |
17 | | #include "fido.h" |
18 | | #include "fido/param.h" |
19 | | #include "iso7816.h" |
20 | | |
21 | | #if defined(_WIN32) && !defined(__MINGW32__) |
22 | | #define SCardConnect SCardConnectA |
23 | | #define SCardListReaders SCardListReadersA |
24 | | #endif |
25 | | |
26 | | #ifndef SCARD_PROTOCOL_Tx |
27 | 2.40k | #define SCARD_PROTOCOL_Tx SCARD_PROTOCOL_ANY |
28 | | #endif |
29 | | |
30 | 9.31k | #define BUFSIZE 1024 /* in bytes; passed to SCardListReaders() */ |
31 | | #define APDULEN 264 /* 261 rounded up to the nearest multiple of 8 */ |
32 | 3.10k | #define READERS 8 /* maximum number of readers */ |
33 | | |
34 | | struct pcsc { |
35 | | SCARDCONTEXT ctx; |
36 | | SCARDHANDLE h; |
37 | | SCARD_IO_REQUEST req; |
38 | | uint8_t rx_buf[APDULEN]; |
39 | | size_t rx_len; |
40 | | }; |
41 | | |
42 | | static LONG |
43 | | list_readers(SCARDCONTEXT ctx, char **buf) |
44 | 3.91k | { |
45 | 3.91k | LONG s; |
46 | 3.91k | DWORD len; |
47 | | |
48 | 3.91k | len = BUFSIZE; |
49 | 3.91k | if ((*buf = calloc(1, len)) == NULL) |
50 | 27 | goto fail; |
51 | 3.89k | if ((s = SCardListReaders(ctx, NULL, *buf, &len)) != SCARD_S_SUCCESS) { |
52 | 1.19k | fido_log_debug("%s: SCardListReaders 0x%lx", __func__, (long)s); |
53 | 1.19k | goto fail; |
54 | 1.19k | } |
55 | | /* sanity check "multi-string" */ |
56 | 2.69k | if (len > BUFSIZE || len < 2) { |
57 | 385 | fido_log_debug("%s: bogus len=%u", __func__, (unsigned)len); |
58 | 385 | goto fail; |
59 | 385 | } |
60 | 2.31k | if ((*buf)[len - 1] != 0 || (*buf)[len - 2] != '\0') { |
61 | 85 | fido_log_debug("%s: bogus buf", __func__); |
62 | 85 | goto fail; |
63 | 85 | } |
64 | 2.22k | return (LONG)SCARD_S_SUCCESS; |
65 | 1.68k | fail: |
66 | 1.68k | free(*buf); |
67 | 1.68k | *buf = NULL; |
68 | | |
69 | 1.68k | return (LONG)SCARD_E_NO_READERS_AVAILABLE; |
70 | 2.31k | } |
71 | | |
72 | | static char * |
73 | | get_reader(SCARDCONTEXT ctx, const char *path) |
74 | 4.69k | { |
75 | 4.69k | char *reader = NULL, *buf = NULL; |
76 | 4.69k | const char prefix[] = FIDO_PCSC_PREFIX "//slot"; |
77 | 4.69k | uint64_t n; |
78 | | |
79 | 4.69k | if (path == NULL) |
80 | 953 | goto out; |
81 | 3.74k | if (strncmp(path, prefix, strlen(prefix)) != 0 || |
82 | 3.74k | fido_to_uint64(path + strlen(prefix), 10, &n) < 0 || |
83 | 3.74k | n > READERS - 1) { |
84 | 1.92k | fido_log_debug("%s: invalid path %s", __func__, path); |
85 | 1.92k | goto out; |
86 | 1.92k | } |
87 | 1.81k | if (list_readers(ctx, &buf) != SCARD_S_SUCCESS) { |
88 | 94 | fido_log_debug("%s: list_readers", __func__); |
89 | 94 | goto out; |
90 | 94 | } |
91 | 1.82k | for (const char *name = buf; *name != 0; name += strlen(name) + 1) { |
92 | 1.78k | if (n == 0) { |
93 | 1.68k | reader = strdup(name); |
94 | 1.68k | goto out; |
95 | 1.68k | } |
96 | 103 | n--; |
97 | 103 | } |
98 | 38 | fido_log_debug("%s: failed to find reader %s", __func__, path); |
99 | 4.69k | out: |
100 | 4.69k | free(buf); |
101 | | |
102 | 4.69k | return reader; |
103 | 38 | } |
104 | | |
105 | | static int |
106 | | prepare_io_request(DWORD prot, SCARD_IO_REQUEST *req) |
107 | 2.38k | { |
108 | 2.38k | switch (prot) { |
109 | 1.24k | case SCARD_PROTOCOL_T0: |
110 | 1.24k | req->dwProtocol = SCARD_PCI_T0->dwProtocol; |
111 | 1.24k | req->cbPciLength = SCARD_PCI_T0->cbPciLength; |
112 | 1.24k | break; |
113 | 1.11k | case SCARD_PROTOCOL_T1: |
114 | 1.11k | req->dwProtocol = SCARD_PCI_T1->dwProtocol; |
115 | 1.11k | req->cbPciLength = SCARD_PCI_T1->cbPciLength; |
116 | 1.11k | break; |
117 | 21 | default: |
118 | 21 | fido_log_debug("%s: unknown protocol %lu", __func__, |
119 | 21 | (u_long)prot); |
120 | 21 | return -1; |
121 | 2.38k | } |
122 | | |
123 | 2.36k | return 0; |
124 | 2.38k | } |
125 | | |
126 | | static int |
127 | | copy_info(fido_dev_info_t *di, SCARDCONTEXT ctx, const char *reader, size_t idx) |
128 | 718 | { |
129 | 718 | SCARDHANDLE h = 0; |
130 | 718 | SCARD_IO_REQUEST req; |
131 | 718 | DWORD prot = 0; |
132 | 718 | LONG s; |
133 | 718 | int ok = -1; |
134 | | |
135 | 718 | memset(di, 0, sizeof(*di)); |
136 | 718 | memset(&req, 0, sizeof(req)); |
137 | | |
138 | 718 | if ((s = SCardConnect(ctx, reader, SCARD_SHARE_SHARED, |
139 | 718 | SCARD_PROTOCOL_Tx, &h, &prot)) != SCARD_S_SUCCESS) { |
140 | 10 | fido_log_debug("%s: SCardConnect 0x%lx", __func__, (long)s); |
141 | 10 | goto fail; |
142 | 10 | } |
143 | 708 | if (prepare_io_request(prot, &req) < 0) { |
144 | 13 | fido_log_debug("%s: prepare_io_request", __func__); |
145 | 13 | goto fail; |
146 | 13 | } |
147 | 695 | if (asprintf(&di->path, "%s//slot%zu", FIDO_PCSC_PREFIX, idx) == -1) { |
148 | 10 | di->path = NULL; |
149 | 10 | fido_log_debug("%s: asprintf", __func__); |
150 | 10 | goto fail; |
151 | 10 | } |
152 | 685 | if ((di->manufacturer = strdup("PC/SC")) == NULL || |
153 | 685 | (di->product = strdup(reader)) == NULL) |
154 | 29 | goto fail; |
155 | | |
156 | 656 | ok = 0; |
157 | 718 | fail: |
158 | 718 | if (h != 0) |
159 | 708 | SCardDisconnect(h, SCARD_LEAVE_CARD); |
160 | 718 | if (ok < 0) { |
161 | 62 | free(di->path); |
162 | 62 | free(di->manufacturer); |
163 | 62 | free(di->product); |
164 | 62 | explicit_bzero(di, sizeof(*di)); |
165 | 62 | } |
166 | | |
167 | 718 | return ok; |
168 | 656 | } |
169 | | |
170 | | int |
171 | | fido_pcsc_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) |
172 | 4.09k | { |
173 | 4.09k | SCARDCONTEXT ctx = 0; |
174 | 4.09k | char *buf = NULL; |
175 | 4.09k | LONG s; |
176 | 4.09k | size_t idx = 0; |
177 | 4.09k | int r = FIDO_ERR_INTERNAL; |
178 | | |
179 | 4.09k | *olen = 0; |
180 | | |
181 | 4.09k | if (ilen == 0) |
182 | 989 | return FIDO_OK; |
183 | 3.10k | if (devlist == NULL) |
184 | 970 | return FIDO_ERR_INVALID_ARGUMENT; |
185 | | |
186 | 2.13k | if ((s = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, |
187 | 2.13k | &ctx)) != SCARD_S_SUCCESS || ctx == 0) { |
188 | 32 | fido_log_debug("%s: SCardEstablishContext 0x%lx", __func__, |
189 | 32 | (long)s); |
190 | 32 | if (s == (LONG)SCARD_E_NO_SERVICE || |
191 | 32 | s == (LONG)SCARD_E_NO_SMARTCARD) |
192 | 16 | r = FIDO_OK; /* suppress error */ |
193 | 32 | goto out; |
194 | 32 | } |
195 | 2.10k | if ((s = list_readers(ctx, &buf)) != SCARD_S_SUCCESS) { |
196 | 1.59k | fido_log_debug("%s: list_readers 0x%lx", __func__, (long)s); |
197 | 1.59k | if (s == (LONG)SCARD_E_NO_READERS_AVAILABLE) |
198 | 1.59k | r = FIDO_OK; /* suppress error */ |
199 | 1.59k | goto out; |
200 | 1.59k | } |
201 | | |
202 | 1.20k | for (const char *name = buf; *name != 0; name += strlen(name) + 1) { |
203 | 723 | if (idx == READERS) { |
204 | 5 | fido_log_debug("%s: stopping at %zu readers", __func__, |
205 | 5 | idx); |
206 | 5 | r = FIDO_OK; |
207 | 5 | goto out; |
208 | 5 | } |
209 | 718 | if (copy_info(&devlist[*olen], ctx, name, idx++) == 0) { |
210 | 656 | devlist[*olen].io = (fido_dev_io_t) { |
211 | 656 | fido_pcsc_open, |
212 | 656 | fido_pcsc_close, |
213 | 656 | fido_pcsc_read, |
214 | 656 | fido_pcsc_write, |
215 | 656 | }; |
216 | 656 | devlist[*olen].transport = (fido_dev_transport_t) { |
217 | 656 | fido_pcsc_rx, |
218 | 656 | fido_pcsc_tx, |
219 | 656 | }; |
220 | 656 | if (++(*olen) == ilen) |
221 | 15 | break; |
222 | 656 | } |
223 | 718 | } |
224 | | |
225 | 500 | r = FIDO_OK; |
226 | 2.13k | out: |
227 | 2.13k | free(buf); |
228 | 2.13k | if (ctx != 0) |
229 | 2.12k | SCardReleaseContext(ctx); |
230 | | |
231 | 2.13k | return r; |
232 | 500 | } |
233 | | |
234 | | void * |
235 | | fido_pcsc_open(const char *path) |
236 | 4.85k | { |
237 | 4.85k | char *reader = NULL; |
238 | 4.85k | struct pcsc *dev = NULL; |
239 | 4.85k | SCARDCONTEXT ctx = 0; |
240 | 4.85k | SCARDHANDLE h = 0; |
241 | 4.85k | SCARD_IO_REQUEST req; |
242 | 4.85k | DWORD prot = 0; |
243 | 4.85k | LONG s; |
244 | | |
245 | 4.85k | memset(&req, 0, sizeof(req)); |
246 | | |
247 | 4.85k | if ((s = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, |
248 | 4.85k | &ctx)) != SCARD_S_SUCCESS || ctx == 0) { |
249 | 152 | fido_log_debug("%s: SCardEstablishContext 0x%lx", __func__, |
250 | 152 | (long)s); |
251 | 152 | goto fail; |
252 | | |
253 | 152 | } |
254 | 4.69k | if ((reader = get_reader(ctx, path)) == NULL) { |
255 | 3.01k | fido_log_debug("%s: get_reader(%s)", __func__, path); |
256 | 3.01k | goto fail; |
257 | 3.01k | } |
258 | 1.68k | if ((s = SCardConnect(ctx, reader, SCARD_SHARE_SHARED, |
259 | 1.68k | SCARD_PROTOCOL_Tx, &h, &prot)) != SCARD_S_SUCCESS) { |
260 | 9 | fido_log_debug("%s: SCardConnect 0x%lx", __func__, (long)s); |
261 | 9 | goto fail; |
262 | 9 | } |
263 | 1.67k | if (prepare_io_request(prot, &req) < 0) { |
264 | 8 | fido_log_debug("%s: prepare_io_request", __func__); |
265 | 8 | goto fail; |
266 | 8 | } |
267 | 1.66k | if ((dev = calloc(1, sizeof(*dev))) == NULL) |
268 | 13 | goto fail; |
269 | | |
270 | 1.65k | dev->ctx = ctx; |
271 | 1.65k | dev->h = h; |
272 | 1.65k | dev->req = req; |
273 | 1.65k | ctx = 0; |
274 | 1.65k | h = 0; |
275 | 4.85k | fail: |
276 | 4.85k | if (h != 0) |
277 | 21 | SCardDisconnect(h, SCARD_LEAVE_CARD); |
278 | 4.85k | if (ctx != 0) |
279 | 3.15k | SCardReleaseContext(ctx); |
280 | 4.85k | free(reader); |
281 | | |
282 | 4.85k | return dev; |
283 | 1.65k | } |
284 | | |
285 | | void |
286 | | fido_pcsc_close(void *handle) |
287 | 1.65k | { |
288 | 1.65k | struct pcsc *dev = handle; |
289 | | |
290 | 1.65k | if (dev->h != 0) |
291 | 1.65k | SCardDisconnect(dev->h, SCARD_LEAVE_CARD); |
292 | 1.65k | if (dev->ctx != 0) |
293 | 1.65k | SCardReleaseContext(dev->ctx); |
294 | | |
295 | 1.65k | explicit_bzero(dev->rx_buf, sizeof(dev->rx_buf)); |
296 | 1.65k | free(dev); |
297 | 1.65k | } |
298 | | |
299 | | int |
300 | | fido_pcsc_read(void *handle, unsigned char *buf, size_t len, int ms) |
301 | 1.13k | { |
302 | 1.13k | struct pcsc *dev = handle; |
303 | 1.13k | int r; |
304 | | |
305 | 1.13k | (void)ms; |
306 | 1.13k | if (dev->rx_len == 0 || dev->rx_len > len || |
307 | 1.13k | dev->rx_len > sizeof(dev->rx_buf)) { |
308 | 434 | fido_log_debug("%s: rx_len", __func__); |
309 | 434 | return -1; |
310 | 434 | } |
311 | 697 | fido_log_xxd(dev->rx_buf, dev->rx_len, "%s: reading", __func__); |
312 | 697 | memcpy(buf, dev->rx_buf, dev->rx_len); |
313 | 697 | explicit_bzero(dev->rx_buf, sizeof(dev->rx_buf)); |
314 | 697 | r = (int)dev->rx_len; |
315 | 697 | dev->rx_len = 0; |
316 | | |
317 | 697 | return r; |
318 | 1.13k | } |
319 | | |
320 | | int |
321 | | fido_pcsc_write(void *handle, const unsigned char *buf, size_t len) |
322 | 2.00k | { |
323 | 2.00k | struct pcsc *dev = handle; |
324 | 2.00k | DWORD n; |
325 | 2.00k | LONG s; |
326 | | |
327 | 2.00k | if (len > INT_MAX) { |
328 | 970 | fido_log_debug("%s: len", __func__); |
329 | 970 | return -1; |
330 | 970 | } |
331 | | |
332 | 1.03k | explicit_bzero(dev->rx_buf, sizeof(dev->rx_buf)); |
333 | 1.03k | dev->rx_len = 0; |
334 | 1.03k | n = (DWORD)sizeof(dev->rx_buf); |
335 | | |
336 | 1.03k | fido_log_xxd(buf, len, "%s: writing", __func__); |
337 | | |
338 | 1.03k | if ((s = SCardTransmit(dev->h, &dev->req, buf, (DWORD)len, NULL, |
339 | 1.03k | dev->rx_buf, &n)) != SCARD_S_SUCCESS) { |
340 | 15 | fido_log_debug("%s: SCardTransmit 0x%lx", __func__, (long)s); |
341 | 15 | explicit_bzero(dev->rx_buf, sizeof(dev->rx_buf)); |
342 | 15 | return -1; |
343 | 15 | } |
344 | 1.02k | dev->rx_len = (size_t)n; |
345 | | |
346 | 1.02k | fido_log_xxd(dev->rx_buf, dev->rx_len, "%s: read", __func__); |
347 | | |
348 | 1.02k | return (int)len; |
349 | 1.03k | } |
350 | | |
351 | | int |
352 | | fido_pcsc_tx(fido_dev_t *d, uint8_t cmd, const u_char *buf, size_t count) |
353 | 1.65k | { |
354 | 1.65k | return fido_nfc_tx(d, cmd, buf, count); |
355 | 1.65k | } |
356 | | |
357 | | int |
358 | | fido_pcsc_rx(fido_dev_t *d, uint8_t cmd, u_char *buf, size_t count, int ms) |
359 | 1.65k | { |
360 | 1.65k | return fido_nfc_rx(d, cmd, buf, count, ms); |
361 | 1.65k | } |
362 | | |
363 | | bool |
364 | | fido_is_pcsc(const char *path) |
365 | 69.4k | { |
366 | 69.4k | return strncmp(path, FIDO_PCSC_PREFIX, strlen(FIDO_PCSC_PREFIX)) == 0; |
367 | 69.4k | } |
368 | | |
369 | | int |
370 | | fido_dev_set_pcsc(fido_dev_t *d) |
371 | 3.88k | { |
372 | 3.88k | if (d->io_handle != NULL) { |
373 | 0 | fido_log_debug("%s: device open", __func__); |
374 | 0 | return -1; |
375 | 0 | } |
376 | 3.88k | d->io_own = true; |
377 | 3.88k | d->io = (fido_dev_io_t) { |
378 | 3.88k | fido_pcsc_open, |
379 | 3.88k | fido_pcsc_close, |
380 | 3.88k | fido_pcsc_read, |
381 | 3.88k | fido_pcsc_write, |
382 | 3.88k | }; |
383 | 3.88k | d->transport = (fido_dev_transport_t) { |
384 | 3.88k | fido_pcsc_rx, |
385 | 3.88k | fido_pcsc_tx, |
386 | 3.88k | }; |
387 | | |
388 | 3.88k | return 0; |
389 | 3.88k | } |