1 /* -*- Mode: C; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /*
3 Copyright (C) 2010-2016 Red Hat, Inc.
4
5 This library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 This library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with this library; if not, see <http://www.gnu.org/licenses/>.
17 */
18 #include <config.h>
19
20 #include <arpa/inet.h>
21 #ifdef USE_SMARTCARD
22 #include <libcacard.h>
23 #endif
24
25 #include "reds.h"
26 #include "char-device.h"
27 #include "smartcard.h"
28 #include "smartcard-channel-client.h"
29 #include "migration-protocol.h"
30
31 /*
32 * TODO: the code doesn't really support multiple readers.
33 * For example: smartcard_char_device_add_to_readers calls smartcard_init,
34 * which can be called only once.
35 * We should allow different readers, at least one reader per client.
36 * In addition the implementation should be changed: instead of one channel for
37 * all readers, we need to have different channles for different readers,
38 * similarly to spicevmc.
39 *
40 */
41 #define SMARTCARD_MAX_READERS 10
42
43 // Maximal length of APDU
44 #define APDUBufSize 270
45
46 struct RedSmartcardChannel final: public RedChannel
47 {
48 RedSmartcardChannel(RedsState *reds);
49 void on_connect(RedClient *client, RedStream *stream, int migration,
50 RedChannelCapabilities *caps) override;
51 };
52
53 struct RedCharDeviceSmartcardPrivate {
54 SPICE_CXX_GLIB_ALLOCATOR
55
56 RedCharDeviceSmartcardPrivate();
57 ~RedCharDeviceSmartcardPrivate();
58
59 uint32_t reader_id;
60 /* read_from_device buffer */
61 uint8_t *buf;
62 uint32_t buf_size;
63 uint8_t *buf_pos;
64 uint32_t buf_used;
65
66 SmartCardChannelClient *scc; // client providing the remote card
67 int reader_added; // has reader_add been sent to the device
68 };
69
70 struct RedMsgItem: public RedPipeItemNum<RED_PIPE_ITEM_TYPE_SMARTCARD_DATA> {
71 red::glib_unique_ptr<VSCMsgHeader> vheader;
72 };
73
74 static red::shared_ptr<RedMsgItem>
75 smartcard_new_vsc_msg_item(unsigned int reader_id, const VSCMsgHeader *vheader);
76
77 static struct Readers {
78 uint32_t num;
79 SpiceCharDeviceInstance* sin[SMARTCARD_MAX_READERS];
80 } g_smartcard_readers = {0, {NULL}};
81
82 static int smartcard_char_device_add_to_readers(RedsState *reds, SpiceCharDeviceInstance *sin);
83
84 static red::shared_ptr<RedMsgItem>
85 smartcard_char_device_on_message_from_device(RedCharDeviceSmartcard *dev, VSCMsgHeader *header);
86 static void smartcard_init(RedsState *reds);
87
smartcard_read_buf_prepare(RedCharDeviceSmartcard * dev,VSCMsgHeader * vheader)88 static void smartcard_read_buf_prepare(RedCharDeviceSmartcard *dev, VSCMsgHeader *vheader)
89 {
90 uint32_t msg_len;
91
92 msg_len = ntohl(vheader->length);
93 if (msg_len > dev->priv->buf_size) {
94 dev->priv->buf_size = MAX(dev->priv->buf_size * 2, msg_len + sizeof(VSCMsgHeader));
95 dev->priv->buf = (uint8_t*) g_realloc(dev->priv->buf, dev->priv->buf_size);
96 }
97 }
98
99 RedPipeItemPtr
read_one_msg_from_device()100 RedCharDeviceSmartcard::read_one_msg_from_device()
101 {
102 RedCharDeviceSmartcard *dev = this;
103 VSCMsgHeader *vheader = (VSCMsgHeader*)dev->priv->buf;
104 int remaining;
105 int actual_length;
106
107 while (true) {
108 // it's possible we already got a full message from a previous partial
109 // read. In this case we don't need to read any byte
110 if (dev->priv->buf_used < sizeof(VSCMsgHeader) ||
111 dev->priv->buf_used - sizeof(VSCMsgHeader) < ntohl(vheader->length)) {
112 int n = read(dev->priv->buf_pos, dev->priv->buf_size - dev->priv->buf_used);
113 if (n <= 0) {
114 break;
115 }
116 dev->priv->buf_pos += n;
117 dev->priv->buf_used += n;
118
119 if (dev->priv->buf_used < sizeof(VSCMsgHeader)) {
120 continue;
121 }
122 smartcard_read_buf_prepare(dev, vheader);
123 vheader = (VSCMsgHeader*)dev->priv->buf;
124 }
125 actual_length = ntohl(vheader->length);
126 if (dev->priv->buf_used - sizeof(VSCMsgHeader) < actual_length) {
127 continue;
128 }
129 auto msg_to_client = smartcard_char_device_on_message_from_device(dev, vheader);
130 remaining = dev->priv->buf_used - sizeof(VSCMsgHeader) - actual_length;
131 if (remaining > 0) {
132 memmove(dev->priv->buf, dev->priv->buf_pos - remaining, remaining);
133 }
134 dev->priv->buf_pos = dev->priv->buf + remaining;
135 dev->priv->buf_used = remaining;
136 if (msg_to_client && dev->priv->scc) {
137 dev->priv->scc->pipe_add_push(std::move(msg_to_client));
138 }
139 }
140 return RedPipeItemPtr();
141 }
142
remove_client(RedCharDeviceClientOpaque * opaque)143 void RedCharDeviceSmartcard::remove_client(RedCharDeviceClientOpaque *opaque)
144 {
145 SmartCardChannelClient *scc = (SmartCardChannelClient *) opaque;
146
147 spice_assert(priv->scc && priv->scc == scc);
148 scc->shutdown();
149 }
150
151 red::shared_ptr<RedMsgItem>
smartcard_char_device_on_message_from_device(RedCharDeviceSmartcard * dev,VSCMsgHeader * vheader)152 smartcard_char_device_on_message_from_device(RedCharDeviceSmartcard *dev,
153 VSCMsgHeader *vheader)
154 {
155 vheader->type = ntohl(vheader->type);
156 vheader->length = ntohl(vheader->length);
157 vheader->reader_id = ntohl(vheader->reader_id);
158
159 if (vheader->type == VSC_Init) {
160 return red::shared_ptr<RedMsgItem>();
161 }
162 /* We pass any VSC_Error right now - might need to ignore some? */
163 if (dev->priv->reader_id == VSCARD_UNDEFINED_READER_ID) {
164 red_channel_warning(dev->priv->scc->get_channel(),
165 "error: reader_id not assigned for message of type %d",
166 vheader->type);
167 }
168 if (dev->priv->scc == NULL) {
169 return red::shared_ptr<RedMsgItem>();
170 }
171 return smartcard_new_vsc_msg_item(dev->priv->reader_id, vheader);
172 }
173
174 XXX_CAST(RedCharDevice, RedCharDeviceSmartcard, RED_CHAR_DEVICE_SMARTCARD);
175
smartcard_char_device_add_to_readers(RedsState * reds,SpiceCharDeviceInstance * char_device)176 static int smartcard_char_device_add_to_readers(RedsState *reds, SpiceCharDeviceInstance *char_device)
177 {
178 RedCharDeviceSmartcard *dev = RED_CHAR_DEVICE_SMARTCARD(char_device->st);
179
180 if (g_smartcard_readers.num >= SMARTCARD_MAX_READERS) {
181 return -1;
182 }
183 dev->priv->reader_id = g_smartcard_readers.num;
184 g_smartcard_readers.sin[g_smartcard_readers.num++] = char_device;
185 smartcard_init(reds);
186 return 0;
187 }
188
smartcard_readers_get(uint32_t reader_id)189 SpiceCharDeviceInstance *smartcard_readers_get(uint32_t reader_id)
190 {
191 if (reader_id >= g_smartcard_readers.num) {
192 return NULL;
193 }
194 return g_smartcard_readers.sin[reader_id];
195 }
196
197 /* TODO: fix implementation for multiple readers. Each reader should have a separated
198 * channel */
smartcard_readers_get_unattached(void)199 SpiceCharDeviceInstance *smartcard_readers_get_unattached(void)
200 {
201 int i;
202 RedCharDeviceSmartcard* dev;
203
204 for (i = 0; i < g_smartcard_readers.num; ++i) {
205 dev = RED_CHAR_DEVICE_SMARTCARD(g_smartcard_readers.sin[i]->st);
206 if (!dev->priv->scc) {
207 return g_smartcard_readers.sin[i];
208 }
209 }
210 return NULL;
211 }
212
RedCharDeviceSmartcardPrivate()213 RedCharDeviceSmartcardPrivate::RedCharDeviceSmartcardPrivate()
214 {
215 reader_id = VSCARD_UNDEFINED_READER_ID;
216 buf_size = APDUBufSize + sizeof(VSCMsgHeader);
217 buf = (uint8_t*) g_malloc(buf_size);
218 buf_pos = buf;
219 }
220
~RedCharDeviceSmartcardPrivate()221 RedCharDeviceSmartcardPrivate::~RedCharDeviceSmartcardPrivate()
222 {
223 g_free(buf);
224 }
225
RedCharDeviceSmartcard(RedsState * reds,SpiceCharDeviceInstance * sin)226 RedCharDeviceSmartcard::RedCharDeviceSmartcard(RedsState *reds, SpiceCharDeviceInstance *sin):
227 RedCharDevice(reds, sin, 0, ~0ULL)
228 {
229 }
230
smartcard_device_connect(RedsState * reds,SpiceCharDeviceInstance * char_device)231 red::shared_ptr<RedCharDeviceSmartcard> smartcard_device_connect(RedsState *reds, SpiceCharDeviceInstance *char_device)
232 {
233 auto dev =
234 red::make_shared<RedCharDeviceSmartcard>(reds, char_device);
235
236 if (smartcard_char_device_add_to_readers(reds, char_device) == -1) {
237 dev.reset();
238 }
239 return dev;
240 }
241
smartcard_char_device_notify_reader_add(RedCharDeviceSmartcard * dev)242 void smartcard_char_device_notify_reader_add(RedCharDeviceSmartcard *dev)
243 {
244 RedCharDeviceWriteBuffer *write_buf;
245 VSCMsgHeader *vheader;
246
247 write_buf = dev->write_buffer_get_server(sizeof(*vheader), true);
248 if (!write_buf) {
249 spice_error("failed to allocate write buffer");
250 return;
251 }
252 dev->priv->reader_added = TRUE;
253 vheader = (VSCMsgHeader *)write_buf->buf;
254 vheader->type = VSC_ReaderAdd;
255 vheader->reader_id = dev->priv->reader_id;
256 vheader->length = 0;
257 smartcard_channel_write_to_reader(write_buf);
258 }
259
smartcard_char_device_attach_client(SpiceCharDeviceInstance * char_device,SmartCardChannelClient * scc)260 void smartcard_char_device_attach_client(SpiceCharDeviceInstance *char_device,
261 SmartCardChannelClient *scc)
262 {
263 RedCharDeviceSmartcard *dev = RED_CHAR_DEVICE_SMARTCARD(char_device->st);
264 int client_added;
265
266 spice_assert(!smartcard_channel_client_get_char_device(scc) && !dev->priv->scc);
267 dev->priv->scc = scc;
268 smartcard_channel_client_set_char_device(scc, dev);
269 client_added = dev->client_add((RedCharDeviceClientOpaque *)scc, FALSE, 0,
270 ~0, ~0, scc->is_waiting_for_migrate_data());
271 if (!client_added) {
272 spice_warning("failed");
273 dev->priv->scc = NULL;
274 smartcard_channel_client_set_char_device(scc, NULL);
275 scc->disconnect();
276 } else {
277 SpiceCharDeviceInterface *sif = spice_char_device_get_interface(char_device);
278 if (sif->state) {
279 sif->state(char_device, 1);
280 }
281 }
282 }
283
smartcard_char_device_notify_reader_remove(RedCharDeviceSmartcard * dev)284 gboolean smartcard_char_device_notify_reader_remove(RedCharDeviceSmartcard *dev)
285 {
286 RedCharDeviceWriteBuffer *write_buf;
287 VSCMsgHeader *vheader;
288
289 if (!dev->priv->reader_added) {
290 spice_debug("reader add was never sent to the device");
291 return FALSE;
292 }
293 write_buf = dev->write_buffer_get_server(sizeof(*vheader), true);
294 if (!write_buf) {
295 spice_error("failed to allocate write buffer");
296 return FALSE;
297 }
298 dev->priv->reader_added = FALSE;
299 vheader = (VSCMsgHeader *)write_buf->buf;
300 vheader->type = VSC_ReaderRemove;
301 vheader->reader_id = dev->priv->reader_id;
302 vheader->length = 0;
303 smartcard_channel_write_to_reader(write_buf);
304
305 return TRUE;
306 }
307
smartcard_char_device_detach_client(RedCharDeviceSmartcard * smartcard,SmartCardChannelClient * scc)308 void smartcard_char_device_detach_client(RedCharDeviceSmartcard *smartcard,
309 SmartCardChannelClient *scc)
310 {
311 SpiceCharDeviceInterface *sif;
312 SpiceCharDeviceInstance *sin;
313
314 sin = smartcard->get_device_instance();
315 sif = spice_char_device_get_interface(sin);
316
317 spice_assert(smartcard->priv->scc == scc);
318 smartcard->client_remove((RedCharDeviceClientOpaque *)scc);
319 smartcard_channel_client_set_char_device(scc, NULL);
320 smartcard->priv->scc = NULL;
321
322 if (sif->state) {
323 sif->state(sin, 0);
324 }
325 }
326
smartcard_char_device_get_client(RedCharDeviceSmartcard * smartcard)327 SmartCardChannelClient* smartcard_char_device_get_client(RedCharDeviceSmartcard *smartcard)
328 {
329 return smartcard->priv->scc;
330 }
331
smartcard_channel_send_msg(RedChannelClient * rcc,SpiceMarshaller * m,RedPipeItem * item)332 static void smartcard_channel_send_msg(RedChannelClient *rcc,
333 SpiceMarshaller *m, RedPipeItem *item)
334 {
335 RedMsgItem* msg_item = static_cast<RedMsgItem*>(item);
336
337 smartcard_channel_client_send_data(rcc, m, item, msg_item->vheader.get());
338 }
339
smartcard_channel_send_migrate_data(SmartCardChannelClient * scc,SpiceMarshaller * m,RedPipeItem * item)340 static void smartcard_channel_send_migrate_data(SmartCardChannelClient *scc,
341 SpiceMarshaller *m, RedPipeItem *item)
342 {
343 SpiceMarshaller *m2;
344
345 auto dev = smartcard_channel_client_get_char_device(scc);
346 scc->init_send_data(SPICE_MSG_MIGRATE_DATA);
347 spice_marshaller_add_uint32(m, SPICE_MIGRATE_DATA_SMARTCARD_MAGIC);
348 spice_marshaller_add_uint32(m, SPICE_MIGRATE_DATA_SMARTCARD_VERSION);
349
350 if (!dev) {
351 RedCharDevice::migrate_data_marshall_empty(m);
352 spice_marshaller_add_uint8(m, 0);
353 spice_marshaller_add_uint32(m, 0);
354 spice_marshaller_add_uint32(m, 0);
355 spice_debug("null char dev");
356 } else {
357 dev->migrate_data_marshall(m);
358 spice_marshaller_add_uint8(m, dev->priv->reader_added);
359 spice_marshaller_add_uint32(m, dev->priv->buf_used);
360 m2 = spice_marshaller_get_ptr_submarshaller(m);
361 spice_marshaller_add(m2, dev->priv->buf, dev->priv->buf_used);
362 spice_debug("reader added %d partial read size %u", dev->priv->reader_added, dev->priv->buf_used);
363 }
364 }
365
send_item(RedPipeItem * item)366 void SmartCardChannelClient::send_item(RedPipeItem *item)
367 {
368 SpiceMarshaller *m = get_marshaller();
369
370 switch (item->type) {
371 case RED_PIPE_ITEM_TYPE_ERROR:
372 smartcard_channel_client_send_error(this, m, item);
373 break;
374 case RED_PIPE_ITEM_TYPE_SMARTCARD_DATA:
375 smartcard_channel_send_msg(this, m, item);
376 break;
377 case RED_PIPE_ITEM_TYPE_SMARTCARD_MIGRATE_DATA:
378 smartcard_channel_send_migrate_data(this, m, item);
379 break;
380 default:
381 spice_error("bad pipe item %d", item->type);
382 return;
383 }
384 begin_send_message();
385 }
386
387 static red::shared_ptr<RedMsgItem>
smartcard_new_vsc_msg_item(unsigned int reader_id,const VSCMsgHeader * vheader)388 smartcard_new_vsc_msg_item(unsigned int reader_id, const VSCMsgHeader *vheader)
389 {
390 auto msg_item = red::make_shared<RedMsgItem>();
391
392 msg_item->vheader.reset((VSCMsgHeader*) g_memdup(vheader, sizeof(*vheader) + vheader->length));
393 /* We patch the reader_id, since the device only knows about itself, and
394 * we know about the sum of readers. */
395 msg_item->vheader->reader_id = reader_id;
396 return msg_item;
397 }
398
smartcard_channel_write_to_reader(RedCharDeviceWriteBuffer * write_buf)399 void smartcard_channel_write_to_reader(RedCharDeviceWriteBuffer *write_buf)
400 {
401 SpiceCharDeviceInstance *sin;
402 RedCharDeviceSmartcard *dev;
403 VSCMsgHeader *vheader;
404 uint32_t actual_length;
405
406 vheader = (VSCMsgHeader *)write_buf->buf;
407 actual_length = vheader->length;
408
409 spice_assert(vheader->reader_id <= g_smartcard_readers.num);
410 sin = g_smartcard_readers.sin[vheader->reader_id];
411 dev = RED_CHAR_DEVICE_SMARTCARD(sin->st);
412 spice_assert(!dev->priv->scc ||
413 dev == smartcard_channel_client_get_char_device(dev->priv->scc).get());
414 /* protocol requires messages to be in network endianness */
415 vheader->type = htonl(vheader->type);
416 vheader->length = htonl(vheader->length);
417 vheader->reader_id = htonl(vheader->reader_id);
418 write_buf->buf_used = actual_length + sizeof(VSCMsgHeader);
419 /* pushing the buffer to the write queue; It will be released
420 * when it will be fully consumed by the device */
421 sin->st->write_buffer_add(write_buf);
422 }
423
smartcard_device_restore_partial_read(RedCharDeviceSmartcard * dev,SpiceMigrateDataSmartcard * mig_data)424 static void smartcard_device_restore_partial_read(RedCharDeviceSmartcard *dev,
425 SpiceMigrateDataSmartcard *mig_data)
426 {
427 uint8_t *read_data;
428
429 spice_debug("read_size %u", mig_data->read_size);
430 read_data = (uint8_t *)mig_data + mig_data->read_data_ptr - sizeof(SpiceMigrateDataHeader);
431 if (mig_data->read_size < sizeof(VSCMsgHeader)) {
432 spice_assert(dev->priv->buf_size >= mig_data->read_size);
433 } else {
434 smartcard_read_buf_prepare(dev, (VSCMsgHeader *)read_data);
435 }
436 memcpy(dev->priv->buf, read_data, mig_data->read_size);
437 dev->priv->buf_used = mig_data->read_size;
438 dev->priv->buf_pos = dev->priv->buf + mig_data->read_size;
439 }
440
smartcard_char_device_handle_migrate_data(RedCharDeviceSmartcard * smartcard,SpiceMigrateDataSmartcard * mig_data)441 int smartcard_char_device_handle_migrate_data(RedCharDeviceSmartcard *smartcard,
442 SpiceMigrateDataSmartcard *mig_data)
443 {
444 smartcard->priv->reader_added = mig_data->reader_added;
445
446 smartcard_device_restore_partial_read(smartcard, mig_data);
447 return smartcard->restore(&mig_data->base);
448 }
449
on_connect(RedClient * client,RedStream * stream,int migration,RedChannelCapabilities * caps)450 void RedSmartcardChannel::on_connect(RedClient *client, RedStream *stream, int migration,
451 RedChannelCapabilities *caps)
452 {
453 SpiceCharDeviceInstance *char_device =
454 smartcard_readers_get_unattached();
455
456 auto scc = smartcard_channel_client_create(this, client, stream, caps);
457
458 if (!scc) {
459 return;
460 }
461 scc->ack_zero_messages_window();
462
463 if (char_device) {
464 smartcard_char_device_attach_client(char_device, scc);
465 } else {
466 red_channel_warning(this, "char dev unavailable");
467 }
468 }
469
RedSmartcardChannel(RedsState * reds)470 RedSmartcardChannel::RedSmartcardChannel(RedsState *reds):
471 RedChannel(reds, SPICE_CHANNEL_SMARTCARD, 0, RedChannel::MigrateAll)
472 {
473 reds_register_channel(reds, this);
474 }
475
smartcard_init(RedsState * reds)476 static void smartcard_init(RedsState *reds)
477 {
478 spice_assert(!reds_find_channel(reds, SPICE_CHANNEL_SMARTCARD, 0));
479
480 red::make_shared<RedSmartcardChannel>(reds);
481 }
482
483
~RedCharDeviceSmartcard()484 RedCharDeviceSmartcard::~RedCharDeviceSmartcard()
485 {
486 }
487
smartcard_get_n_readers(void)488 uint32_t smartcard_get_n_readers(void)
489 {
490 return g_smartcard_readers.num;
491 }
492