1*a61ed2ceSHans Rosenfeld /*
2*a61ed2ceSHans Rosenfeld  * This file and its contents are supplied under the terms of the
3*a61ed2ceSHans Rosenfeld  * Common Development and Distribution License ("CDDL"), version 1.0.
4*a61ed2ceSHans Rosenfeld  * You may only use this file in accordance with the terms of version
5*a61ed2ceSHans Rosenfeld  * 1.0 of the CDDL.
6*a61ed2ceSHans Rosenfeld  *
7*a61ed2ceSHans Rosenfeld  * A full copy of the text of the CDDL should have accompanied this
8*a61ed2ceSHans Rosenfeld  * source.  A copy of the CDDL is also available via the Internet at
9*a61ed2ceSHans Rosenfeld  * http://www.illumos.org/license/CDDL.
10*a61ed2ceSHans Rosenfeld  */
11*a61ed2ceSHans Rosenfeld 
12*a61ed2ceSHans Rosenfeld /*
13*a61ed2ceSHans Rosenfeld  * Copyright 2019, Joyent, Inc.
14*a61ed2ceSHans Rosenfeld  */
15*a61ed2ceSHans Rosenfeld 
16*a61ed2ceSHans Rosenfeld /*
17*a61ed2ceSHans Rosenfeld  * Verify that we can issue ICC_MODIFY ioctls. Also, check some of the failure
18*a61ed2ceSHans Rosenfeld  * modes.
19*a61ed2ceSHans Rosenfeld  */
20*a61ed2ceSHans Rosenfeld 
21*a61ed2ceSHans Rosenfeld #include <err.h>
22*a61ed2ceSHans Rosenfeld #include <stdlib.h>
23*a61ed2ceSHans Rosenfeld #include <sys/types.h>
24*a61ed2ceSHans Rosenfeld #include <sys/stat.h>
25*a61ed2ceSHans Rosenfeld #include <fcntl.h>
26*a61ed2ceSHans Rosenfeld #include <strings.h>
27*a61ed2ceSHans Rosenfeld #include <unistd.h>
28*a61ed2ceSHans Rosenfeld #include <sys/debug.h>
29*a61ed2ceSHans Rosenfeld #include <errno.h>
30*a61ed2ceSHans Rosenfeld #include <sys/mman.h>
31*a61ed2ceSHans Rosenfeld #include <sys/param.h>
32*a61ed2ceSHans Rosenfeld 
33*a61ed2ceSHans Rosenfeld #include <sys/usb/clients/ccid/uccid.h>
34*a61ed2ceSHans Rosenfeld 
35*a61ed2ceSHans Rosenfeld static const uint8_t yk_req[] = {
36*a61ed2ceSHans Rosenfeld 	0x00, 0xa4, 0x04, 0x00, 0x07, 0xa0, 0x00, 0x00, 0x05, 0x27, 0x20, 0x01
37*a61ed2ceSHans Rosenfeld };
38*a61ed2ceSHans Rosenfeld 
39*a61ed2ceSHans Rosenfeld int
main(int argc,char * argv[])40*a61ed2ceSHans Rosenfeld main(int argc, char *argv[])
41*a61ed2ceSHans Rosenfeld {
42*a61ed2ceSHans Rosenfeld 	int fd, ret;
43*a61ed2ceSHans Rosenfeld 	uccid_cmd_icc_modify_t uci;
44*a61ed2ceSHans Rosenfeld 	uccid_cmd_status_t ucs;
45*a61ed2ceSHans Rosenfeld 	uccid_cmd_txn_begin_t begin;
46*a61ed2ceSHans Rosenfeld 	uint8_t buf[UCCID_APDU_SIZE_MAX];
47*a61ed2ceSHans Rosenfeld 
48*a61ed2ceSHans Rosenfeld 	if (argc != 2) {
49*a61ed2ceSHans Rosenfeld 		errx(EXIT_FAILURE, "missing required ccid path");
50*a61ed2ceSHans Rosenfeld 	}
51*a61ed2ceSHans Rosenfeld 
52*a61ed2ceSHans Rosenfeld 	if ((fd = open(argv[1], O_RDWR)) < 0) {
53*a61ed2ceSHans Rosenfeld 		err(EXIT_FAILURE, "failed to open %s", argv[1]);
54*a61ed2ceSHans Rosenfeld 	}
55*a61ed2ceSHans Rosenfeld 
56*a61ed2ceSHans Rosenfeld 	/* power off the card outside of a transaction */
57*a61ed2ceSHans Rosenfeld 	bzero(&uci, sizeof (uci));
58*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_CURRENT_VERSION;
59*a61ed2ceSHans Rosenfeld 	uci.uci_action = UCCID_ICC_POWER_OFF;
60*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
61*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
62*a61ed2ceSHans Rosenfeld 
63*a61ed2ceSHans Rosenfeld 	/* make sure the card is inactive now */
64*a61ed2ceSHans Rosenfeld 	bzero(&ucs, sizeof (ucs));
65*a61ed2ceSHans Rosenfeld 	ucs.ucs_version = UCCID_CURRENT_VERSION;
66*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
67*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
68*a61ed2ceSHans Rosenfeld 	VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, ==, 0);
69*a61ed2ceSHans Rosenfeld 
70*a61ed2ceSHans Rosenfeld 	/* power on the card outside of a transaction */
71*a61ed2ceSHans Rosenfeld 	bzero(&uci, sizeof (uci));
72*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_CURRENT_VERSION;
73*a61ed2ceSHans Rosenfeld 	uci.uci_action = UCCID_ICC_POWER_ON;
74*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
75*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
76*a61ed2ceSHans Rosenfeld 
77*a61ed2ceSHans Rosenfeld 	/* make sure the card is active again */
78*a61ed2ceSHans Rosenfeld 	bzero(&ucs, sizeof (ucs));
79*a61ed2ceSHans Rosenfeld 	ucs.ucs_version = UCCID_CURRENT_VERSION;
80*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
81*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
82*a61ed2ceSHans Rosenfeld 	VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
83*a61ed2ceSHans Rosenfeld 
84*a61ed2ceSHans Rosenfeld 
85*a61ed2ceSHans Rosenfeld 	/* enter transaction */
86*a61ed2ceSHans Rosenfeld 	bzero(&begin, sizeof (begin));
87*a61ed2ceSHans Rosenfeld 	begin.uct_version = UCCID_CURRENT_VERSION;
88*a61ed2ceSHans Rosenfeld 	if (ioctl(fd, UCCID_CMD_TXN_BEGIN, &begin) != 0) {
89*a61ed2ceSHans Rosenfeld 		err(EXIT_FAILURE, "failed to issue begin ioctl");
90*a61ed2ceSHans Rosenfeld 	}
91*a61ed2ceSHans Rosenfeld 
92*a61ed2ceSHans Rosenfeld 	/* make sure the card is active (power on) */
93*a61ed2ceSHans Rosenfeld 	bzero(&ucs, sizeof (ucs));
94*a61ed2ceSHans Rosenfeld 	ucs.ucs_version = UCCID_CURRENT_VERSION;
95*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
96*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
97*a61ed2ceSHans Rosenfeld 	VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
98*a61ed2ceSHans Rosenfeld 
99*a61ed2ceSHans Rosenfeld 	/* power off the card */
100*a61ed2ceSHans Rosenfeld 	bzero(&uci, sizeof (uci));
101*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_CURRENT_VERSION;
102*a61ed2ceSHans Rosenfeld 	uci.uci_action = UCCID_ICC_POWER_OFF;
103*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
104*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
105*a61ed2ceSHans Rosenfeld 
106*a61ed2ceSHans Rosenfeld 	/* make sure the card is inactive now */
107*a61ed2ceSHans Rosenfeld 	bzero(&ucs, sizeof (ucs));
108*a61ed2ceSHans Rosenfeld 	ucs.ucs_version = UCCID_CURRENT_VERSION;
109*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
110*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
111*a61ed2ceSHans Rosenfeld 	VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, ==, 0);
112*a61ed2ceSHans Rosenfeld 
113*a61ed2ceSHans Rosenfeld 	/* power on the card */
114*a61ed2ceSHans Rosenfeld 	bzero(&uci, sizeof (uci));
115*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_CURRENT_VERSION;
116*a61ed2ceSHans Rosenfeld 	uci.uci_action = UCCID_ICC_POWER_ON;
117*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
118*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
119*a61ed2ceSHans Rosenfeld 
120*a61ed2ceSHans Rosenfeld 	/* make sure the card is active again */
121*a61ed2ceSHans Rosenfeld 	bzero(&ucs, sizeof (ucs));
122*a61ed2ceSHans Rosenfeld 	ucs.ucs_version = UCCID_CURRENT_VERSION;
123*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
124*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
125*a61ed2ceSHans Rosenfeld 	VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
126*a61ed2ceSHans Rosenfeld 
127*a61ed2ceSHans Rosenfeld 	/* do a warm reset of the card */
128*a61ed2ceSHans Rosenfeld 	bzero(&uci, sizeof (uci));
129*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_CURRENT_VERSION;
130*a61ed2ceSHans Rosenfeld 	uci.uci_action = UCCID_ICC_WARM_RESET;
131*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
132*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
133*a61ed2ceSHans Rosenfeld 
134*a61ed2ceSHans Rosenfeld 	/* make sure the card is still active */
135*a61ed2ceSHans Rosenfeld 	bzero(&ucs, sizeof (ucs));
136*a61ed2ceSHans Rosenfeld 	ucs.ucs_version = UCCID_CURRENT_VERSION;
137*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
138*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
139*a61ed2ceSHans Rosenfeld 	VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
140*a61ed2ceSHans Rosenfeld 
141*a61ed2ceSHans Rosenfeld 	/* write a command to the card, which is assumed to be a YubiKey */
142*a61ed2ceSHans Rosenfeld 	if ((ret = write(fd, yk_req, sizeof (yk_req))) < 0) {
143*a61ed2ceSHans Rosenfeld 		err(EXIT_FAILURE, "failed to write data");
144*a61ed2ceSHans Rosenfeld 	}
145*a61ed2ceSHans Rosenfeld 
146*a61ed2ceSHans Rosenfeld 	/* power off the card */
147*a61ed2ceSHans Rosenfeld 	bzero(&uci, sizeof (uci));
148*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_CURRENT_VERSION;
149*a61ed2ceSHans Rosenfeld 	uci.uci_action = UCCID_ICC_POWER_OFF;
150*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
151*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
152*a61ed2ceSHans Rosenfeld 
153*a61ed2ceSHans Rosenfeld 	/* make sure the card is inactive now */
154*a61ed2ceSHans Rosenfeld 	bzero(&ucs, sizeof (ucs));
155*a61ed2ceSHans Rosenfeld 	ucs.ucs_version = UCCID_CURRENT_VERSION;
156*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
157*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
158*a61ed2ceSHans Rosenfeld 	VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, ==, 0);
159*a61ed2ceSHans Rosenfeld 
160*a61ed2ceSHans Rosenfeld 	/* try to read the answer from the YubiKey. */
161*a61ed2ceSHans Rosenfeld 	ret = read(fd, buf, sizeof (buf));
162*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, -1);
163*a61ed2ceSHans Rosenfeld 	VERIFY3S(errno, ==, ENXIO);
164*a61ed2ceSHans Rosenfeld 
165*a61ed2ceSHans Rosenfeld 	/* power on the card */
166*a61ed2ceSHans Rosenfeld 	bzero(&uci, sizeof (uci));
167*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_CURRENT_VERSION;
168*a61ed2ceSHans Rosenfeld 	uci.uci_action = UCCID_ICC_POWER_ON;
169*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
170*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
171*a61ed2ceSHans Rosenfeld 
172*a61ed2ceSHans Rosenfeld 	/* make sure the card is active again */
173*a61ed2ceSHans Rosenfeld 	bzero(&ucs, sizeof (ucs));
174*a61ed2ceSHans Rosenfeld 	ucs.ucs_version = UCCID_CURRENT_VERSION;
175*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_STATUS, &ucs);
176*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, 0);
177*a61ed2ceSHans Rosenfeld 	VERIFY3U(ucs.ucs_status & UCCID_STATUS_F_CARD_ACTIVE, !=, 0);
178*a61ed2ceSHans Rosenfeld 
179*a61ed2ceSHans Rosenfeld 	/* test various failure modes */
180*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_VERSION_ONE - 1;
181*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
182*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, -1);
183*a61ed2ceSHans Rosenfeld 	VERIFY3S(errno, ==, EINVAL);
184*a61ed2ceSHans Rosenfeld 
185*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_VERSION_ONE + 1;
186*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
187*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, -1);
188*a61ed2ceSHans Rosenfeld 	VERIFY3S(errno, ==, EINVAL);
189*a61ed2ceSHans Rosenfeld 
190*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_CURRENT_VERSION;
191*a61ed2ceSHans Rosenfeld 	uci.uci_action = 0;
192*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
193*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, -1);
194*a61ed2ceSHans Rosenfeld 	VERIFY3S(errno, ==, EINVAL);
195*a61ed2ceSHans Rosenfeld 
196*a61ed2ceSHans Rosenfeld 	uci.uci_version = UCCID_CURRENT_VERSION;
197*a61ed2ceSHans Rosenfeld 	uci.uci_action = -1;
198*a61ed2ceSHans Rosenfeld 	ret = ioctl(fd, UCCID_CMD_ICC_MODIFY, &uci);
199*a61ed2ceSHans Rosenfeld 	VERIFY3S(ret, ==, -1);
200*a61ed2ceSHans Rosenfeld 	VERIFY3S(errno, ==, EINVAL);
201*a61ed2ceSHans Rosenfeld 
202*a61ed2ceSHans Rosenfeld 	return (0);
203*a61ed2ceSHans Rosenfeld }
204