1 /*
2 * This file and its contents are supplied under the terms of the
3 * Common Development and Distribution License ("CDDL"), version 1.0.
4 * You may only use this file in accordance with the terms of version
5 * 1.0 of the CDDL.
6 *
7 * A full copy of the text of the CDDL should have accompanied this
8 * source. A copy of the CDDL is also available via the Internet at
9 * http://www.illumos.org/license/CDDL.
10 */
11
12 /*
13 * Copyright 2019, Joyent, Inc.
14 */
15
16 /*
17 * Verify that we can issue ICC_MODIFY ioctls. Also, check some of the failure
18 * modes.
19 */
20
21 #include <err.h>
22 #include <stdlib.h>
23 #include <sys/types.h>
24 #include <sys/stat.h>
25 #include <fcntl.h>
26 #include <strings.h>
27 #include <unistd.h>
28 #include <sys/debug.h>
29 #include <errno.h>
30 #include <sys/mman.h>
31 #include <sys/param.h>
32
33 #include <sys/usb/clients/ccid/uccid.h>
34
35 static const uint8_t yk_req[] = {
36 0x00, 0xa4, 0x04, 0x00, 0x07, 0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01
37 };
38
39 int
main(int argc,char * argv[])40 main(int argc, char *argv[])
41 {
42 int fd, ret;
43 uccid_cmd_icc_modify_t uci;
44 uccid_cmd_status_t ucs;
45 uccid_cmd_txn_begin_t begin;
46 uint8_t buf[UCCID_APDU_SIZE_MAX];
47
48 if (argc != 2) {
49 errx(EXIT_FAILURE, "missing required ccid path");
50 }
51
52 if ((fd = open(argv[1], O_RDWR)) < 0) {
53 err(EXIT_FAILURE, "failed to open %s", argv[1]);
54 }
55
56 /* power off the card outside of a transaction */
57 bzero(&uci, sizeof (uci));
58 uci.uci_version = UCCID_CURRENT_VERSION;
59 uci.uci_action = UCCID_ICC_POWER_OFF;
60 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
61 VERIFY3S(ret, ==, 0);
62
63 /* make sure the card is inactive now */
64 bzero(&ucs, sizeof (ucs));
65 ucs.ucs_version = UCCID_CURRENT_VERSION;
66 ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
67 VERIFY3S(ret, ==, 0);
68 VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, ==, 0);
69
70 /* power on the card outside of a transaction */
71 bzero(&uci, sizeof (uci));
72 uci.uci_version = UCCID_CURRENT_VERSION;
73 uci.uci_action = UCCID_ICC_POWER_ON;
74 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
75 VERIFY3S(ret, ==, 0);
76
77 /* make sure the card is active again */
78 bzero(&ucs, sizeof (ucs));
79 ucs.ucs_version = UCCID_CURRENT_VERSION;
80 ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
81 VERIFY3S(ret, ==, 0);
82 VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
83
84
85 /* enter transaction */
86 bzero(&begin, sizeof (begin));
87 begin.uct_version = UCCID_CURRENT_VERSION;
88 if (ioctl(fd, UCCID_CMD_TXN_BEGIN, &begin) != 0) {
89 err(EXIT_FAILURE, "failed to issue begin ioctl");
90 }
91
92 /* make sure the card is active (power on) */
93 bzero(&ucs, sizeof (ucs));
94 ucs.ucs_version = UCCID_CURRENT_VERSION;
95 ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
96 VERIFY3S(ret, ==, 0);
97 VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
98
99 /* power off the card */
100 bzero(&uci, sizeof (uci));
101 uci.uci_version = UCCID_CURRENT_VERSION;
102 uci.uci_action = UCCID_ICC_POWER_OFF;
103 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
104 VERIFY3S(ret, ==, 0);
105
106 /* make sure the card is inactive now */
107 bzero(&ucs, sizeof (ucs));
108 ucs.ucs_version = UCCID_CURRENT_VERSION;
109 ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
110 VERIFY3S(ret, ==, 0);
111 VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, ==, 0);
112
113 /* power on the card */
114 bzero(&uci, sizeof (uci));
115 uci.uci_version = UCCID_CURRENT_VERSION;
116 uci.uci_action = UCCID_ICC_POWER_ON;
117 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
118 VERIFY3S(ret, ==, 0);
119
120 /* make sure the card is active again */
121 bzero(&ucs, sizeof (ucs));
122 ucs.ucs_version = UCCID_CURRENT_VERSION;
123 ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
124 VERIFY3S(ret, ==, 0);
125 VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
126
127 /* do a warm reset of the card */
128 bzero(&uci, sizeof (uci));
129 uci.uci_version = UCCID_CURRENT_VERSION;
130 uci.uci_action = UCCID_ICC_WARM_RESET;
131 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
132 VERIFY3S(ret, ==, 0);
133
134 /* make sure the card is still active */
135 bzero(&ucs, sizeof (ucs));
136 ucs.ucs_version = UCCID_CURRENT_VERSION;
137 ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
138 VERIFY3S(ret, ==, 0);
139 VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
140
141 /* write a command to the card, which is assumed to be a YubiKey */
142 if ((ret = write(fd, yk_req, sizeof (yk_req))) < 0) {
143 err(EXIT_FAILURE, "failed to write data");
144 }
145
146 /* power off the card */
147 bzero(&uci, sizeof (uci));
148 uci.uci_version = UCCID_CURRENT_VERSION;
149 uci.uci_action = UCCID_ICC_POWER_OFF;
150 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
151 VERIFY3S(ret, ==, 0);
152
153 /* make sure the card is inactive now */
154 bzero(&ucs, sizeof (ucs));
155 ucs.ucs_version = UCCID_CURRENT_VERSION;
156 ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
157 VERIFY3S(ret, ==, 0);
158 VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, ==, 0);
159
160 /* try to read the answer from the YubiKey. */
161 ret = read(fd, buf, sizeof (buf));
162 VERIFY3S(ret, ==, -1);
163 VERIFY3S(errno, ==, ENXIO);
164
165 /* power on the card */
166 bzero(&uci, sizeof (uci));
167 uci.uci_version = UCCID_CURRENT_VERSION;
168 uci.uci_action = UCCID_ICC_POWER_ON;
169 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
170 VERIFY3S(ret, ==, 0);
171
172 /* make sure the card is active again */
173 bzero(&ucs, sizeof (ucs));
174 ucs.ucs_version = UCCID_CURRENT_VERSION;
175 ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
176 VERIFY3S(ret, ==, 0);
177 VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
178
179 /* test various failure modes */
180 uci.uci_version = UCCID_VERSION_ONE - 1;
181 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
182 VERIFY3S(ret, ==, -1);
183 VERIFY3S(errno, ==, EINVAL);
184
185 uci.uci_version = UCCID_VERSION_ONE + 1;
186 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
187 VERIFY3S(ret, ==, -1);
188 VERIFY3S(errno, ==, EINVAL);
189
190 uci.uci_version = UCCID_CURRENT_VERSION;
191 uci.uci_action = 0;
192 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
193 VERIFY3S(ret, ==, -1);
194 VERIFY3S(errno, ==, EINVAL);
195
196 uci.uci_version = UCCID_CURRENT_VERSION;
197 uci.uci_action = -1;
198 ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
199 VERIFY3S(ret, ==, -1);
200 VERIFY3S(errno, ==, EINVAL);
201
202 return (0);
203 }
204