mirror of
https://github.com/status-im/op-geth.git
synced 2025-01-15 09:15:23 +00:00
7a22da98b9
* accounts/scwallet: Add a switch to enable smartcard support * accounts: change the meaning of the switch * disable card support in windows until tested * only activate account if pcscd socket file is present * the switch is now the path to the socket file * accounts/scwallet: holiman's review feedback * accounts/scwallet: send the path to go-pcsclite * accounts/scwallet: add default, per platform path * accounts/scwallet: fix error log warning * accounts/scwallet: update pcsc lib to latest * accounts/scwallet: use default path from pcsclite * scwallet: forgot to change switch name * cmd: minor style cleanups (error handling first, then happy path)
403 lines
13 KiB
Go
403 lines
13 KiB
Go
// BSD 3-Clause License
|
|
//
|
|
// Copyright (c) 2019, Guillaume Ballet
|
|
// All rights reserved.
|
|
//
|
|
// Redistribution and use in source and binary forms, with or without
|
|
// modification, are permitted provided that the following conditions are met:
|
|
//
|
|
// * Redistributions of source code must retain the above copyright notice, this
|
|
// list of conditions and the following disclaimer.
|
|
//
|
|
// * Redistributions in binary form must reproduce the above copyright notice,
|
|
// this list of conditions and the following disclaimer in the documentation
|
|
// and/or other materials provided with the distribution.
|
|
//
|
|
// * Neither the name of the copyright holder nor the names of its
|
|
// contributors may be used to endorse or promote products derived from
|
|
// this software without specific prior written permission.
|
|
//
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
|
// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
package pcsc
|
|
|
|
import (
|
|
"encoding/binary"
|
|
"fmt"
|
|
"net"
|
|
"sync"
|
|
"unsafe"
|
|
)
|
|
|
|
// Client contains all the information needed to establish
|
|
// and maintain a connection to the deamon/card.
|
|
type Client struct {
|
|
conn net.Conn
|
|
|
|
minor uint32
|
|
major uint32
|
|
|
|
ctx uint32
|
|
|
|
mutex sync.Mutex
|
|
|
|
readerStateDescriptors [MaxReaderStateDescriptors]ReaderState
|
|
}
|
|
|
|
// EstablishContext asks the PCSC daemon to create a context
|
|
// handle for further communication with connected cards and
|
|
// readers.
|
|
func EstablishContext(path string, scope uint32) (*Client, error) {
|
|
client := &Client{}
|
|
|
|
conn, err := clientSetupSession(path)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
client.conn = conn
|
|
|
|
payload := make([]byte, 12)
|
|
response := make([]byte, 12)
|
|
|
|
var code uint32
|
|
var minor uint32
|
|
for minor = ProtocolVersionMinor; minor <= ProtocolVersionMinor+1; minor++ {
|
|
/* Exchange version information */
|
|
binary.LittleEndian.PutUint32(payload, ProtocolVersionMajor)
|
|
binary.LittleEndian.PutUint32(payload[4:], minor)
|
|
binary.LittleEndian.PutUint32(payload[8:], SCardSuccess.Code())
|
|
err = messageSendWithHeader(CommandVersion, conn, payload)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
n, err := conn.Read(response)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if n != len(response) {
|
|
return nil, fmt.Errorf("invalid response length: expected %d, got %d", len(response), n)
|
|
}
|
|
code = binary.LittleEndian.Uint32(response[8:])
|
|
if code != SCardSuccess.Code() {
|
|
continue
|
|
}
|
|
client.major = binary.LittleEndian.Uint32(response)
|
|
client.minor = binary.LittleEndian.Uint32(response[4:])
|
|
if client.major != ProtocolVersionMajor || client.minor != minor {
|
|
continue
|
|
}
|
|
break
|
|
}
|
|
|
|
if code != SCardSuccess.Code() {
|
|
return nil, fmt.Errorf("invalid response code: expected %d, got %d (%v)", SCardSuccess, code, ErrorCode(code).Error())
|
|
}
|
|
if client.major != ProtocolVersionMajor || (client.minor != minor && client.minor+1 != minor) {
|
|
return nil, fmt.Errorf("invalid version found: expected %d.%d, got %d.%d", ProtocolVersionMajor, ProtocolVersionMinor, client.major, client.minor)
|
|
}
|
|
|
|
/* Establish the context proper */
|
|
binary.LittleEndian.PutUint32(payload, scope)
|
|
binary.LittleEndian.PutUint32(payload[4:], 0)
|
|
binary.LittleEndian.PutUint32(payload[8:], SCardSuccess.Code())
|
|
err = messageSendWithHeader(SCardEstablishContext, conn, payload)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
response = make([]byte, 12)
|
|
n, err := conn.Read(response)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if n != len(response) {
|
|
return nil, fmt.Errorf("invalid response length: expected %d, got %d", len(response), n)
|
|
}
|
|
code = binary.LittleEndian.Uint32(response[8:])
|
|
if code != SCardSuccess.Code() {
|
|
return nil, fmt.Errorf("invalid response code: expected %d, got %d (%v)", SCardSuccess, code, ErrorCode(code).Error())
|
|
}
|
|
client.ctx = binary.LittleEndian.Uint32(response[4:])
|
|
|
|
return client, nil
|
|
}
|
|
|
|
// ReleaseContext tells the daemon that the client will no longer
|
|
// need the context.
|
|
func (client *Client) ReleaseContext() error {
|
|
client.mutex.Lock()
|
|
defer client.mutex.Unlock()
|
|
|
|
data := [8]byte{}
|
|
binary.LittleEndian.PutUint32(data[:], client.ctx)
|
|
binary.LittleEndian.PutUint32(data[4:], SCardSuccess.Code())
|
|
err := messageSendWithHeader(SCardReleaseContext, client.conn, data[:])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
total := 0
|
|
for total < len(data) {
|
|
n, err := client.conn.Read(data[total:])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
total += n
|
|
}
|
|
code := binary.LittleEndian.Uint32(data[4:])
|
|
if code != SCardSuccess.Code() {
|
|
return fmt.Errorf("invalid return code: %x, %v", code, ErrorCode(code).Error())
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Constants related to the reader state structure
|
|
const (
|
|
ReaderStateNameLength = 128
|
|
ReaderStateMaxAtrSizeLength = 33
|
|
// NOTE: ATR is 32-byte aligned in the C version, which means it's
|
|
// actually 36 byte long and not 33.
|
|
ReaderStateDescriptorLength = ReaderStateNameLength + ReaderStateMaxAtrSizeLength + 5*4 + 3
|
|
|
|
MaxReaderStateDescriptors = 16
|
|
)
|
|
|
|
// ReaderState represent the state of a single reader, as reported
|
|
// by the PCSC daemon.
|
|
type ReaderState struct {
|
|
Name string /* reader name */
|
|
eventCounter uint32 /* number of card events */
|
|
readerState uint32 /* SCARD_* bit field */
|
|
readerSharing uint32 /* PCSCLITE_SHARING_* sharing status */
|
|
|
|
cardAtr [ReaderStateMaxAtrSizeLength]byte /* ATR */
|
|
cardAtrLength uint32 /* ATR length */
|
|
cardProtocol uint32 /* SCARD_PROTOCOL_* value */
|
|
}
|
|
|
|
func getReaderState(data []byte) (ReaderState, error) {
|
|
ret := ReaderState{}
|
|
if len(data) < ReaderStateDescriptorLength {
|
|
return ret, fmt.Errorf("could not unmarshall data of length %d < %d", len(data), ReaderStateDescriptorLength)
|
|
}
|
|
|
|
ret.Name = string(data[:ReaderStateNameLength])
|
|
ret.eventCounter = binary.LittleEndian.Uint32(data[unsafe.Offsetof(ret.eventCounter):])
|
|
ret.readerState = binary.LittleEndian.Uint32(data[unsafe.Offsetof(ret.readerState):])
|
|
ret.readerSharing = binary.LittleEndian.Uint32(data[unsafe.Offsetof(ret.readerSharing):])
|
|
copy(ret.cardAtr[:], data[unsafe.Offsetof(ret.cardAtr):unsafe.Offsetof(ret.cardAtr)+ReaderStateMaxAtrSizeLength])
|
|
ret.cardAtrLength = binary.LittleEndian.Uint32(data[unsafe.Offsetof(ret.cardAtrLength):])
|
|
ret.cardProtocol = binary.LittleEndian.Uint32(data[unsafe.Offsetof(ret.cardProtocol):])
|
|
|
|
return ret, nil
|
|
}
|
|
|
|
// ListReaders gets the list of readers from the daemon
|
|
func (client *Client) ListReaders() ([]string, error) {
|
|
client.mutex.Lock()
|
|
defer client.mutex.Unlock()
|
|
|
|
err := messageSendWithHeader(CommandGetReaderState, client.conn, []byte{})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
response := make([]byte, ReaderStateDescriptorLength*MaxReaderStateDescriptors)
|
|
total := 0
|
|
for total < len(response) {
|
|
n, err := client.conn.Read(response[total:])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
total += n
|
|
}
|
|
|
|
var names []string
|
|
for i := range client.readerStateDescriptors {
|
|
desc, err := getReaderState(response[i*ReaderStateDescriptorLength:])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
client.readerStateDescriptors[i] = desc
|
|
if desc.Name[0] == 0 {
|
|
break
|
|
}
|
|
names = append(names, desc.Name)
|
|
}
|
|
|
|
return names, nil
|
|
}
|
|
|
|
// Offsets into the Connect request/response packet
|
|
const (
|
|
SCardConnectReaderNameOffset = 4
|
|
SCardConnectShareModeOffset = SCardConnectReaderNameOffset + ReaderStateNameLength
|
|
SCardConnectPreferredProtocolOffset = SCardConnectShareModeOffset + 4
|
|
SCardConnectReturnValueOffset = SCardConnectPreferredProtocolOffset + 12
|
|
)
|
|
|
|
// Card represents the connection to a card
|
|
type Card struct {
|
|
handle uint32
|
|
activeProto uint32
|
|
client *Client
|
|
}
|
|
|
|
// Connect asks the daemon to connect to the card
|
|
func (client *Client) Connect(name string, shareMode uint32, preferredProtocol uint32) (*Card, error) {
|
|
client.mutex.Lock()
|
|
defer client.mutex.Unlock()
|
|
|
|
request := make([]byte, ReaderStateNameLength+4*6)
|
|
binary.LittleEndian.PutUint32(request, client.ctx)
|
|
copy(request[SCardConnectReaderNameOffset:], []byte(name))
|
|
binary.LittleEndian.PutUint32(request[SCardConnectShareModeOffset:], shareMode)
|
|
binary.LittleEndian.PutUint32(request[SCardConnectPreferredProtocolOffset:], preferredProtocol)
|
|
binary.LittleEndian.PutUint32(request[SCardConnectReturnValueOffset:], SCardSuccess.Code())
|
|
|
|
err := messageSendWithHeader(SCardConnect, client.conn, request)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
response := make([]byte, ReaderStateNameLength+4*6)
|
|
total := 0
|
|
for total < len(response) {
|
|
n, err := client.conn.Read(response[total:])
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
// fmt.Println("total, n", total, n, response)
|
|
total += n
|
|
}
|
|
code := binary.LittleEndian.Uint32(response[148:])
|
|
if code != SCardSuccess.Code() {
|
|
return nil, fmt.Errorf("invalid return code: %x (%v)", code, ErrorCode(code).Error())
|
|
}
|
|
handle := binary.LittleEndian.Uint32(response[140:])
|
|
active := binary.LittleEndian.Uint32(response[SCardConnectPreferredProtocolOffset:])
|
|
|
|
return &Card{handle: handle, activeProto: active, client: client}, nil
|
|
}
|
|
|
|
/**
|
|
* @brief contained in \ref SCARD_TRANSMIT Messages.
|
|
*
|
|
* These data are passed throw the field \c sharedSegmentMsg.data.
|
|
*/
|
|
type transmit struct {
|
|
hCard uint32
|
|
ioSendPciProtocol uint32
|
|
ioSendPciLength uint32
|
|
cbSendLength uint32
|
|
ioRecvPciProtocol uint32
|
|
ioRecvPciLength uint32
|
|
pcbRecvLength uint32
|
|
rv uint32
|
|
}
|
|
|
|
// SCardIoRequest contains the info needed for performing an IO request
|
|
type SCardIoRequest struct {
|
|
proto uint32
|
|
length uint32
|
|
}
|
|
|
|
const (
|
|
TransmitRequestLength = 32
|
|
)
|
|
|
|
// Transmit sends request data to a card and returns the response
|
|
func (card *Card) Transmit(adpu []byte) ([]byte, *SCardIoRequest, error) {
|
|
card.client.mutex.Lock()
|
|
defer card.client.mutex.Unlock()
|
|
|
|
request := [TransmitRequestLength]byte{}
|
|
binary.LittleEndian.PutUint32(request[:], card.handle)
|
|
binary.LittleEndian.PutUint32(request[4:] /*card.activeProto*/, 2)
|
|
binary.LittleEndian.PutUint32(request[8:], 8)
|
|
binary.LittleEndian.PutUint32(request[12:], uint32(len(adpu)))
|
|
binary.LittleEndian.PutUint32(request[16:], 0)
|
|
binary.LittleEndian.PutUint32(request[20:], 0)
|
|
binary.LittleEndian.PutUint32(request[24:], 0x10000)
|
|
binary.LittleEndian.PutUint32(request[28:], SCardSuccess.Code())
|
|
err := messageSendWithHeader(SCardTransmit, card.client.conn, request[:])
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
// Add the ADPU payload after the transmit descriptor
|
|
n, err := card.client.conn.Write(adpu)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
if n != len(adpu) {
|
|
return nil, nil, fmt.Errorf("Invalid number of bytes written: expected %d, got %d", len(adpu), n)
|
|
}
|
|
response := [TransmitRequestLength]byte{}
|
|
total := 0
|
|
for total < len(response) {
|
|
n, err = card.client.conn.Read(response[total:])
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
total += n
|
|
}
|
|
|
|
code := binary.LittleEndian.Uint32(response[28:])
|
|
if code != SCardSuccess.Code() {
|
|
return nil, nil, fmt.Errorf("invalid return code: %x (%v)", code, ErrorCode(code).Error())
|
|
}
|
|
|
|
// Recover the response data
|
|
recvProto := binary.LittleEndian.Uint32(response[16:])
|
|
recvLength := binary.LittleEndian.Uint32(response[20:])
|
|
recv := &SCardIoRequest{proto: recvProto, length: recvLength}
|
|
recvLength = binary.LittleEndian.Uint32(response[24:])
|
|
recvData := make([]byte, recvLength)
|
|
total = 0
|
|
for uint32(total) < recvLength {
|
|
n, err := card.client.conn.Read(recvData[total:])
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
total += n
|
|
}
|
|
|
|
return recvData, recv, nil
|
|
}
|
|
|
|
// Disconnect tells the PCSC daemon that the client is no longer
|
|
// interested in communicating with the card.
|
|
func (card *Card) Disconnect(disposition uint32) error {
|
|
card.client.mutex.Lock()
|
|
defer card.client.mutex.Unlock()
|
|
|
|
data := [12]byte{}
|
|
binary.LittleEndian.PutUint32(data[:], card.handle)
|
|
binary.LittleEndian.PutUint32(data[4:], disposition)
|
|
binary.LittleEndian.PutUint32(data[8:], SCardSuccess.Code())
|
|
err := messageSendWithHeader(SCardDisConnect, card.client.conn, data[:])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
total := 0
|
|
for total < len(data) {
|
|
n, err := card.client.conn.Read(data[total:])
|
|
if err != nil {
|
|
return err
|
|
}
|
|
total += n
|
|
}
|
|
code := binary.LittleEndian.Uint32(data[8:])
|
|
if code != SCardSuccess.Code() {
|
|
return fmt.Errorf("invalid return code: %x (%v)", code, ErrorCode(code).Error())
|
|
}
|
|
|
|
return nil
|
|
}
|