Coverage Report

Created: 2022-07-22 12:05

/libfido2/src/nfc.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) 2020-2022 Yubico AB. All rights reserved.
3
 * Use of this source code is governed by a BSD-style
4
 * license that can be found in the LICENSE file.
5
 */
6
7
#include <stdio.h>
8
#include <string.h>
9
10
#include "fido.h"
11
#include "fido/param.h"
12
#include "iso7816.h"
13
14
3.65k
#define TX_CHUNK_SIZE   240
15
16
static const uint8_t aid[] = { 0xa0, 0x00, 0x00, 0x06, 0x47, 0x2f, 0x00, 0x01 };
17
static const uint8_t v_u2f[] = { 'U', '2', 'F', '_', 'V', '2' };
18
static const uint8_t v_fido[] = { 'F', 'I', 'D', 'O', '_', '2', '_', '0' };
19
20
static int
21
tx_short_apdu(fido_dev_t *d, const iso7816_header_t *h, const uint8_t *payload,
22
    uint8_t payload_len, uint8_t cla_flags)
23
3.44k
{
24
3.44k
        uint8_t apdu[5 + UINT8_MAX + 1];
25
3.44k
        uint8_t sw[2];
26
3.44k
        size_t apdu_len;
27
3.44k
        int ok = -1;
28
29
3.44k
        memset(&apdu, 0, sizeof(apdu));
30
3.44k
        apdu[0] = h->cla | cla_flags;
31
3.44k
        apdu[1] = h->ins;
32
3.44k
        apdu[2] = h->p1;
33
3.44k
        apdu[3] = h->p2;
34
3.44k
        apdu[4] = payload_len;
35
3.44k
        memcpy(&apdu[5], payload, payload_len);
36
3.44k
        apdu_len = (size_t)(5 + payload_len + 1);
37
38
3.44k
        if (d->io.write(d->io_handle, apdu, apdu_len) < 0) {
39
44
                fido_log_debug("%s: write", __func__);
40
44
                goto fail;
41
44
        }
42
43
3.39k
        if (cla_flags & 0x10) {
44
183
                if (d->io.read(d->io_handle, sw, sizeof(sw), -1) != 2) {
45
79
                        fido_log_debug("%s: read", __func__);
46
79
                        goto fail;
47
79
                }
48
104
                if ((sw[0] << 8 | sw[1]) != SW_NO_ERROR) {
49
88
                        fido_log_debug("%s: unexpected sw", __func__);
50
88
                        goto fail;
51
88
                }
52
104
        }
53
54
3.23k
        ok = 0;
55
3.44k
fail:
56
3.44k
        explicit_bzero(apdu, sizeof(apdu));
57
58
3.44k
        return ok;
59
3.23k
}
60
61
static int
62
nfc_do_tx(fido_dev_t *d, const uint8_t *apdu_ptr, size_t apdu_len)
63
3.49k
{
64
3.49k
        iso7816_header_t h;
65
66
3.49k
        if (fido_buf_read(&apdu_ptr, &apdu_len, &h, sizeof(h)) < 0) {
67
67
                fido_log_debug("%s: header", __func__);
68
67
                return -1;
69
67
        }
70
3.42k
        if (apdu_len < 2) {
71
2
                fido_log_debug("%s: apdu_len %zu", __func__, apdu_len);
72
2
                return -1;
73
2
        }
74
75
3.42k
        apdu_len -= 2; /* trim le1 le2 */
76
77
3.44k
        while (apdu_len > TX_CHUNK_SIZE) {
78
183
                if (tx_short_apdu(d, &h, apdu_ptr, TX_CHUNK_SIZE, 0x10) < 0) {
79
167
                        fido_log_debug("%s: chain", __func__);
80
167
                        return -1;
81
167
                }
82
16
                apdu_ptr += TX_CHUNK_SIZE;
83
16
                apdu_len -= TX_CHUNK_SIZE;
84
16
        }
85
86
3.25k
        if (tx_short_apdu(d, &h, apdu_ptr, (uint8_t)apdu_len, 0) < 0) {
87
44
                fido_log_debug("%s: tx_short_apdu", __func__);
88
44
                return -1;
89
44
        }
90
91
3.21k
        return 0;
92
3.25k
}
93
94
int
95
fido_nfc_tx(fido_dev_t *d, uint8_t cmd, const unsigned char *buf, size_t count)
96
3.78k
{
97
3.78k
        iso7816_apdu_t *apdu = NULL;
98
3.78k
        const uint8_t *ptr;
99
3.78k
        size_t len;
100
3.78k
        int ok = -1;
101
102
3.78k
        switch (cmd) {
103
2.08k
        case CTAP_CMD_INIT: /* select */
104
2.08k
                if ((apdu = iso7816_new(0, 0xa4, 0x04, sizeof(aid))) == NULL ||
105
2.08k
                    iso7816_add(apdu, aid, sizeof(aid)) < 0) {
106
18
                        fido_log_debug("%s: iso7816", __func__);
107
18
                        goto fail;
108
18
                }
109
2.07k
                break;
110
2.07k
        case CTAP_CMD_CBOR: /* wrap cbor */
111
898
                if (count > UINT16_MAX || (apdu = iso7816_new(0x80, 0x10, 0x00,
112
895
                    (uint16_t)count)) == NULL ||
113
898
                    iso7816_add(apdu, buf, count) < 0) {
114
21
                        fido_log_debug("%s: iso7816", __func__);
115
21
                        goto fail;
116
21
                }
117
877
                break;
118
877
        case CTAP_CMD_MSG: /* already an apdu */
119
548
                break;
120
253
        default:
121
253
                fido_log_debug("%s: cmd=%02x", __func__, cmd);
122
253
                goto fail;
123
3.78k
        }
124
125
3.49k
        if (apdu != NULL) {
126
2.94k
                ptr = iso7816_ptr(apdu);
127
2.94k
                len = iso7816_len(apdu);
128
2.94k
        } else {
129
548
                ptr = buf;
130
548
                len = count;
131
548
        }
132
133
3.49k
        if (nfc_do_tx(d, ptr, len) < 0) {
134
280
                fido_log_debug("%s: nfc_do_tx", __func__);
135
280
                goto fail;
136
280
        }
137
138
3.21k
        ok = 0;
139
3.78k
fail:
140
3.78k
        iso7816_free(&apdu);
141
142
3.78k
        return ok;
143
3.21k
}
144
145
static int
146
rx_init(fido_dev_t *d, unsigned char *buf, size_t count, int ms)
147
2.01k
{
148
2.01k
        fido_ctap_info_t *attr = (fido_ctap_info_t *)buf;
149
2.01k
        uint8_t f[64];
150
2.01k
        int n;
151
152
2.01k
        if (count != sizeof(*attr)) {
153
187
                fido_log_debug("%s: count=%zu", __func__, count);
154
187
                return -1;
155
187
        }
156
157
1.82k
        memset(attr, 0, sizeof(*attr));
158
159
1.82k
        if ((n = d->io.read(d->io_handle, f, sizeof(f), ms)) < 2 ||
160
1.82k
            (f[n - 2] << 8 | f[n - 1]) != SW_NO_ERROR) {
161
1.16k
                fido_log_debug("%s: read", __func__);
162
1.16k
                return -1;
163
1.16k
        }
164
165
669
        n -= 2;
166
167
669
        if (n == sizeof(v_u2f) && memcmp(f, v_u2f, sizeof(v_u2f)) == 0)
168
8
                attr->flags = FIDO_CAP_CBOR;
169
661
        else if (n == sizeof(v_fido) && memcmp(f, v_fido, sizeof(v_fido)) == 0)
170
1
                attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG;
171
660
        else {
172
660
                fido_log_debug("%s: unknown version string", __func__);
173
660
#ifdef FIDO_FUZZ
174
660
                attr->flags = FIDO_CAP_CBOR | FIDO_CAP_NMSG;
175
#else
176
                return -1;
177
#endif
178
660
        }
179
180
669
        memcpy(&attr->nonce, &d->nonce, sizeof(attr->nonce)); /* XXX */
181
182
669
        return (int)count;
183
1.82k
}
184
185
static int
186
tx_get_response(fido_dev_t *d, uint8_t count)
187
108
{
188
108
        uint8_t apdu[5];
189
190
108
        memset(apdu, 0, sizeof(apdu));
191
108
        apdu[1] = 0xc0; /* GET_RESPONSE */
192
108
        apdu[4] = count;
193
194
108
        if (d->io.write(d->io_handle, apdu, sizeof(apdu)) < 0) {
195
10
                fido_log_debug("%s: write", __func__);
196
10
                return -1;
197
10
        }
198
199
98
        return 0;
200
108
}
201
202
static int
203
rx_apdu(fido_dev_t *d, uint8_t sw[2], unsigned char **buf, size_t *count, int *ms)
204
1.40k
{
205
1.40k
        uint8_t f[256 + 2];
206
1.40k
        struct timespec ts;
207
1.40k
        int n, ok = -1;
208
209
1.40k
        if (fido_time_now(&ts) != 0)
210
21
                goto fail;
211
212
1.38k
        if ((n = d->io.read(d->io_handle, f, sizeof(f), *ms)) < 2) {
213
894
                fido_log_debug("%s: read", __func__);
214
894
                goto fail;
215
894
        }
216
217
490
        if (fido_time_delta(&ts, ms) != 0)
218
12
                goto fail;
219
220
478
        if (fido_buf_write(buf, count, f, (size_t)(n - 2)) < 0) {
221
0
                fido_log_debug("%s: fido_buf_write", __func__);
222
0
                goto fail;
223
0
        }
224
225
478
        memcpy(sw, f + n - 2, 2);
226
227
478
        ok = 0;
228
1.40k
fail:
229
1.40k
        explicit_bzero(f, sizeof(f));
230
231
1.40k
        return ok;
232
478
}
233
234
static int
235
rx_msg(fido_dev_t *d, unsigned char *buf, size_t count, int ms)
236
1.30k
{
237
1.30k
        uint8_t sw[2];
238
1.30k
        const size_t bufsiz = count;
239
240
1.30k
        if (rx_apdu(d, sw, &buf, &count, &ms) < 0) {
241
854
                fido_log_debug("%s: preamble", __func__);
242
854
                return -1;
243
854
        }
244
245
478
        while (sw[0] == SW1_MORE_DATA)
246
108
                if (tx_get_response(d, sw[1]) < 0 ||
247
108
                    rx_apdu(d, sw, &buf, &count, &ms) < 0) {
248
83
                        fido_log_debug("%s: chain", __func__);
249
83
                        return -1;
250
83
                }
251
252
370
        if (fido_buf_write(&buf, &count, sw, sizeof(sw)) < 0) {
253
0
                fido_log_debug("%s: sw", __func__);
254
0
                return -1;
255
0
        }
256
257
370
        if (bufsiz - count > INT_MAX) {
258
0
                fido_log_debug("%s: bufsiz", __func__);
259
0
                return -1;
260
0
        }
261
262
370
        return (int)(bufsiz - count);
263
370
}
264
265
static int
266
rx_cbor(fido_dev_t *d, unsigned char *buf, size_t count, int ms)
267
794
{
268
794
        int r;
269
270
794
        if ((r = rx_msg(d, buf, count, ms)) < 2)
271
533
                return -1;
272
273
261
        return r - 2;
274
794
}
275
276
int
277
fido_nfc_rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms)
278
3.52k
{
279
3.52k
        switch (cmd) {
280
2.01k
        case CTAP_CMD_INIT:
281
2.01k
                return rx_init(d, buf, count, ms);
282
794
        case CTAP_CMD_CBOR:
283
794
                return rx_cbor(d, buf, count, ms);
284
513
        case CTAP_CMD_MSG:
285
513
                return rx_msg(d, buf, count, ms);
286
201
        default:
287
201
                fido_log_debug("%s: cmd=%02x", __func__, cmd);
288
201
                return -1;
289
3.52k
        }
290
3.52k
}
291
292
bool
293
nfc_is_fido(const char *path)
294
456k
{
295
456k
        bool fido = false;
296
456k
        fido_dev_t *d;
297
456k
        int r;
298
299
456k
        if ((d = fido_dev_new()) == NULL) {
300
1.12k
                fido_log_debug("%s: fido_dev_new", __func__);
301
1.12k
                goto fail;
302
1.12k
        }
303
        /* fido_dev_open selects the fido applet */
304
455k
        if ((r = fido_dev_open(d, path)) != FIDO_OK) {
305
455k
                fido_log_debug("%s: fido_dev_open: 0x%x", __func__, r);
306
455k
                goto fail;
307
455k
        }
308
77
        if ((r = fido_dev_close(d)) != FIDO_OK) {
309
0
                fido_log_debug("%s: fido_dev_close: 0x%x", __func__, r);
310
0
                goto fail;
311
312
0
        }
313
314
77
        fido = true;
315
456k
fail:
316
456k
        fido_dev_free(&d);
317
318
456k
        return fido;
319
77
}
320
321
#ifdef USE_NFC
322
bool
323
fido_is_nfc(const char *path)
324
492k
{
325
492k
        return strncmp(path, FIDO_NFC_PREFIX, strlen(FIDO_NFC_PREFIX)) == 0;
326
492k
}
327
328
int
329
fido_dev_set_nfc(fido_dev_t *d)
330
454k
{
331
454k
        if (d->io_handle != NULL) {
332
0
                fido_log_debug("%s: device open", __func__);
333
0
                return -1;
334
0
        }
335
454k
        d->io_own = true;
336
454k
        d->io = (fido_dev_io_t) {
337
454k
                fido_nfc_open,
338
454k
                fido_nfc_close,
339
454k
                fido_nfc_read,
340
454k
                fido_nfc_write,
341
454k
        };
342
454k
        d->transport = (fido_dev_transport_t) {
343
454k
                fido_nfc_rx,
344
454k
                fido_nfc_tx,
345
454k
        };
346
347
454k
        return 0;
348
454k
}
349
#endif /* USE_NFC */