ledger-secure-sdk/io_8c_source.html

/*****************************************************************************

 *   (c) 2021 Ledger SAS.

 *

 *  Licensed under the Apache License, Version 2.0 (the "License");

 *  you may not use this file except in compliance with the License.

 *  You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 *  Unless required by applicable law or agreed to in writing, software

 *  distributed under the License is distributed on an "AS IS" BASIS,

 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 *  See the License for the specific language governing permissions and

 *  limitations under the License.

 *****************************************************************************/


#include <stdint.h>

#include <string.h>


#include "os.h"

#include "io.h"

#include "write.h"


#ifdef HAVE_SWAP

#include "swap.h"

#endif


#ifdef HAVE_NFC_READER

#include "os_io_nfc.h"

#endif  // HAVE_NFC_READER


// TODO: Temporary workaround, at some point all status words should be defined by the SDK and

// removed from the application

#define SW_OK                    0x9000

#define SW_WRONG_RESPONSE_LENGTH 0xB000


uint8_t G_io_seproxyhal_spi_buffer[IO_SEPROXYHAL_BUFFER_SIZE_B];


#ifdef HAVE_NFC_READER

struct nfc_reader_context G_io_reader_ctx;

#endif


static uint32_t G_output_len = 0;


static io_state_e G_io_state = READY;


#ifdef HAVE_BAGL

WEAK void io_seproxyhal_display(const bagl_element_t *element)

{

    io_seproxyhal_display_default(element);

}

#endif  // HAVE_BAGL


// This function can be used to declare a callback to SEPROXYHAL_TAG_TICKER_EVENT in the application

WEAK void app_ticker_event_callback(void) {}


WEAK uint8_t io_event(uint8_t channel)

{

    (void) channel;


    switch (G_io_seproxyhal_spi_buffer[0]) {

        case SEPROXYHAL_TAG_BUTTON_PUSH_EVENT:

            UX_BUTTON_PUSH_EVENT(G_io_seproxyhal_spi_buffer);

            break;

        case SEPROXYHAL_TAG_STATUS_EVENT:

            if (G_io_apdu_media == IO_APDU_MEDIA_USB_HID &&  //

                !(U4BE(G_io_seproxyhal_spi_buffer, 3) &      //

                  SEPROXYHAL_TAG_STATUS_EVENT_FLAG_USB_POWERED)) {

                THROW(EXCEPTION_IO_RESET);

            }

            __attribute__((fallthrough));

        case SEPROXYHAL_TAG_DISPLAY_PROCESSED_EVENT:

#ifdef HAVE_BAGL

            UX_DISPLAYED_EVENT({});

#endif  // HAVE_BAGL

#ifdef HAVE_NBGL

            UX_DEFAULT_EVENT();

#endif  // HAVE_NBGL

            break;

#ifdef HAVE_NBGL

        case SEPROXYHAL_TAG_FINGER_EVENT:

            UX_FINGER_EVENT(G_io_seproxyhal_spi_buffer);

            break;

#endif  // HAVE_NBGL

        case SEPROXYHAL_TAG_TICKER_EVENT:

            app_ticker_event_callback();

            UX_TICKER_EVENT(G_io_seproxyhal_spi_buffer, {});

#ifdef HAVE_NFC_READER

            io_nfc_ticker();

            io_nfc_process_events();

#endif  // HAVE_NFC_READER

            break;

        default:

            UX_DEFAULT_EVENT();

            break;

    }


    if (!io_seproxyhal_spi_is_status_sent()) {

        io_seproxyhal_general_status();

    }


    return 1;

}


WEAK uint16_t io_exchange_al(uint8_t channel, uint16_t tx_len)

{

    switch (channel & ~(IO_FLAGS)) {

        case CHANNEL_KEYBOARD:

            break;

        case CHANNEL_SPI:

            if (tx_len) {

                io_seproxyhal_spi_send(G_io_apdu_buffer, tx_len);


                if (channel & IO_RESET_AFTER_REPLIED) {

                    halt();

                }


                return 0;

            }

            else {

                return io_seproxyhal_spi_recv(G_io_apdu_buffer, sizeof(G_io_apdu_buffer), 0);

            }

        default:

            THROW(INVALID_PARAMETER);

    }


    return 0;

}


WEAK void io_init()

{

    // Reset length of APDU response

    G_output_len = 0;

    G_io_state   = READY;

}


WEAK int io_recv_command()

{

    int ret = -1;


    switch (G_io_state) {

        case READY:

            ret        = io_exchange(CHANNEL_APDU | IO_CONTINUE_RX, G_output_len);

            G_io_state = RECEIVED;

            break;

        case RECEIVED:

            G_io_state = WAITING;

            ret        = io_exchange(CHANNEL_APDU | IO_ASYNCH_REPLY, G_output_len);

            G_io_state = RECEIVED;

            break;

        case WAITING:

            G_io_state = READY;

            ret        = -1;

            break;

    }


    return ret;

}


WEAK int io_send_response_buffers(const buffer_t *rdatalist, size_t count, uint16_t sw)

{

    int ret = -1;


    G_output_len = 0;

    if (rdatalist && count > 0) {

        for (size_t i = 0; i < count; i++) {

            const buffer_t *rdata = &rdatalist[i];


            if (!buffer_copy(rdata,

                             G_io_apdu_buffer + G_output_len,

                             sizeof(G_io_apdu_buffer) - G_output_len - 2)) {

                return io_send_sw(SW_WRONG_RESPONSE_LENGTH);

            }

            G_output_len += rdata->size - rdata->offset;

            if (count > 1) {

                PRINTF("<= FRAG (%u/%u) RData=%.*H\n", i + 1, count, rdata->size, rdata->ptr);

            }

        }

        PRINTF("<= SW=%04X | RData=%.*H\n", sw, G_output_len, G_io_apdu_buffer);

    }

    else {

        PRINTF("<= SW=%04X | RData=\n", sw);

    }


    write_u16_be(G_io_apdu_buffer, G_output_len, sw);

    G_output_len += 2;


#ifdef HAVE_SWAP

    // If we are in swap mode and have validated a TX, we send it and immediately quit

    if (G_called_from_swap && G_swap_response_ready) {

        PRINTF("Swap answer is processed. Send it\n");

        if (io_exchange(CHANNEL_APDU | IO_RETURN_AFTER_TX, G_output_len) == 0) {

            PRINTF("Returning to Exchange with status %d\n", (sw == SW_OK));

            *G_swap_signing_return_value_address = (sw == SW_OK);

            PRINTF("os_lib_end\n");

            os_lib_end();

        }

        else {

            PRINTF("Unrecoverable\n");

            os_sched_exit(-1);

        }

    }

#endif  // HAVE_SWAP


    switch (G_io_state) {

        case READY:

            ret = -1;

            break;

        case RECEIVED:

#ifdef STANDARD_APP_SYNC_RAPDU

            // Send synchronously the APDU response.

            // This is needed to send the response before displaying synchronous

            // status message on the screen.

            // This is not always done to spare the RAM (stack) on LNS.

            __attribute__((fallthrough));

#else

            G_io_state = READY;

            ret        = 0;

            break;

#endif

        case WAITING:

            ret          = io_exchange(CHANNEL_APDU | IO_RETURN_AFTER_TX, G_output_len);

            G_output_len = 0;

            G_io_state   = READY;

            break;

    }


    return ret;

}


#ifdef STANDARD_APP_SYNC_RAPDU

WEAK bool io_recv_and_process_event(void)

{

    int apdu_state = G_io_app.apdu_state;


    os_io_seph_recv_and_process(0);


    // If an APDU was received in previous os_io_seph_recv_and_process call and

    // is waiting to be processed, return true

    if (apdu_state == APDU_IDLE && G_io_app.apdu_state != APDU_IDLE) {

        return true;

    }


    return false;

}

#endif

buffer_copy
bool buffer_copy(const buffer_t *buffer, uint8_t *out, size_t out_len)
Definition buffer.c:153

G_io_seproxyhal_spi_buffer
uint8_t G_io_seproxyhal_spi_buffer[IO_SEPROXYHAL_BUFFER_SIZE_B]
Definition io.c:37

io_exchange_al
WEAK uint16_t io_exchange_al(uint8_t channel, uint16_t tx_len)
Definition io.c:111

SW_WRONG_RESPONSE_LENGTH
#define SW_WRONG_RESPONSE_LENGTH
Definition io.c:35

SW_OK
#define SW_OK
Definition io.c:34

io_send_response_buffers
WEAK int io_send_response_buffers(const buffer_t *rdatalist, size_t count, uint16_t sw)
Definition io.c:166

io_init
WEAK void io_init()
Definition io.c:136

io_event
WEAK uint8_t io_event(uint8_t channel)
Definition io.c:63

io_recv_command
WEAK int io_recv_command()
Definition io.c:143

app_ticker_event_callback
WEAK void app_ticker_event_callback(void)
Definition io.c:61

io.h

io_state_e
io_state_e
Definition io.h:14

RECEIVED
@ RECEIVED
ready for new event
Definition io.h:16

READY
@ READY
Definition io.h:15

WAITING
@ WAITING
data received
Definition io.h:17

WEAK
#define WEAK
Definition macros.h:8

__attribute__
__attribute__((section("._nbgl_fonts_"))) const
return the non-unicode font corresponding to the given font ID
Definition nbgl_fonts.c:67

bagl_element_e
Definition ux_bagl.h:57

buffer_t
Definition buffer.h:18

buffer_t::ptr
const uint8_t * ptr
Definition buffer.h:19

buffer_t::size
size_t size
Pointer to byte buffer.
Definition buffer.h:20

buffer_t::offset
size_t offset
Size of byte buffer.
Definition buffer.h:21

swap.h

G_called_from_swap
volatile bool G_called_from_swap

G_swap_response_ready
volatile bool G_swap_response_ready

G_swap_signing_return_value_address
volatile uint8_t * G_swap_signing_return_value_address

uint16_t
unsigned short uint16_t
Definition usbd_conf.h:54

uint8_t
unsigned char uint8_t
Definition usbd_conf.h:53

UX_TICKER_EVENT
#define UX_TICKER_EVENT(seph_packet, callback)
Definition ux_bagl.h:623

UX_FINGER_EVENT
#define UX_FINGER_EVENT(seph_packet)
Definition ux_bagl.h:618

io_seproxyhal_display
void io_seproxyhal_display(const bagl_element_t *element)

io_seproxyhal_display_default
void io_seproxyhal_display_default(const bagl_element_t *element)

UX_DEFAULT_EVENT
#define UX_DEFAULT_EVENT()
Definition ux_bagl.h:650

UX_BUTTON_PUSH_EVENT
#define UX_BUTTON_PUSH_EVENT(seph_packet)
Definition ux_bagl.h:607

UX_DISPLAYED_EVENT
#define UX_DISPLAYED_EVENT(displayed_callback)
Definition ux_bagl.h:569

write_u16_be
void write_u16_be(uint8_t *ptr, size_t offset, uint16_t value)
Definition write.c:20

write.h