1
/* ccid-driver.c - USB ChipCardInterfaceDevices driver
2
* Copyright (C) 2003, 2004 Free Software Foundation, Inc.
3
* Written by Werner Koch.
5
* This file is part of GnuPG.
7
* GnuPG is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
10
* (at your option) any later version.
12
* GnuPG is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU General Public License for more details.
17
* You should have received a copy of the GNU General Public License
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
21
* ALTERNATIVELY, this file may be distributed under the terms of the
22
* following license, in which case the provisions of this license are
23
* required INSTEAD OF the GNU General Public License. If you wish to
24
* allow use of your version of this file only under the terms of the
25
* GNU General Public License, and not to allow others to use your
26
* version of this file under the terms of the following license,
27
* indicate your decision by deleting this paragraph and the license
30
* Redistribution and use in source and binary forms, with or without
31
* modification, are permitted provided that the following conditions
33
* 1. Redistributions of source code must retain the above copyright
34
* notice, and the entire permission notice in its entirety,
35
* including the disclaimer of warranties.
36
* 2. Redistributions in binary form must reproduce the above copyright
37
* notice, this list of conditions and the following disclaimer in the
38
* documentation and/or other materials provided with the distribution.
39
* 3. The name of the author may not be used to endorse or promote
40
* products derived from this software without specific prior
43
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
44
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
45
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
46
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
47
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
48
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
49
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
51
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
52
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53
* OF THE POSSIBILITY OF SUCH DAMAGE.
55
* $Id: ccid-driver.c,v 1.1.2.22 2004/12/28 07:13:24 wk Exp $
59
/* CCID (ChipCardInterfaceDevices) is a specification for accessing
60
smartcard via a reader connected to the USB.
62
This is a limited driver allowing to use some CCID drivers directly
63
without any other specila drivers. This is a fallback driver to be
64
used when nothing else works or the system should be kept minimal
65
for security reasons. It makes use of the libusb library to gain
66
portable access to USB.
68
This driver has been tested with the SCM SCR335 and SPR532
69
smartcard readers and requires that a reader implements the TPDU
70
level exchange and does fully automatic initialization.
77
#if defined(HAVE_LIBUSB) || defined(TEST)
87
#include "ccid-driver.h"
89
#define DRVNAME "ccid-driver: "
92
/* Depending on how this source is used we either define our error
93
output to go to stderr or to the jnlib based logging functions. We
94
use the latter when GNUPG_MAJOR_VERSION is defines or when both,
95
GNUPG_SCD_MAIN_HEADER and HAVE_JNLIB_LOGGING are defined.
97
#if defined(GNUPG_MAJOR_VERSION) \
98
|| (defined(GNUPG_SCD_MAIN_HEADER) && defined(HAVE_JNLIB_LOGGING))
100
#if defined(GNUPG_SCD_MAIN_HEADER)
101
# include GNUPG_SCD_MAIN_HEADER
102
#elif GNUPG_MAJOR_VERSION == 1 /* GnuPG Version is < 1.9. */
103
# include "options.h"
106
# include "cardglue.h"
107
# else /* This is the modularized GnuPG 1.9 or later. */
108
# include "scdaemon.h"
111
/* Define to print information pertaining the T=1 protocol. */
115
# define DEBUGOUT(t) do { if (debug_level) \
116
log_debug (DRVNAME t); } while (0)
117
# define DEBUGOUT_1(t,a) do { if (debug_level) \
118
log_debug (DRVNAME t,(a)); } while (0)
119
# define DEBUGOUT_2(t,a,b) do { if (debug_level) \
120
log_debug (DRVNAME t,(a),(b)); } while (0)
121
# define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \
122
log_debug (DRVNAME t,(a),(b),(c));} while (0)
123
# define DEBUGOUT_CONT(t) do { if (debug_level) \
124
log_printf (t); } while (0)
125
# define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \
126
log_printf (t,(a)); } while (0)
127
# define DEBUGOUT_CONT_2(t,a,b) do { if (debug_level) \
128
log_printf (t,(a),(b)); } while (0)
129
# define DEBUGOUT_CONT_3(t,a,b,c) do { if (debug_level) \
130
log_printf (t,(a),(b),(c)); } while (0)
131
# define DEBUGOUT_LF() do { if (debug_level) \
132
log_printf ("\n"); } while (0)
134
#else /* Other usage of this source - don't use gnupg specifics. */
136
# define DEBUGOUT(t) do { if (debug_level) \
137
fprintf (stderr, DRVNAME t); } while (0)
138
# define DEBUGOUT_1(t,a) do { if (debug_level) \
139
fprintf (stderr, DRVNAME t, (a)); } while (0)
140
# define DEBUGOUT_2(t,a,b) do { if (debug_level) \
141
fprintf (stderr, DRVNAME t, (a), (b)); } while (0)
142
# define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \
143
fprintf (stderr, DRVNAME t, (a), (b), (c)); } while (0)
144
# define DEBUGOUT_CONT(t) do { if (debug_level) \
145
fprintf (stderr, t); } while (0)
146
# define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \
147
fprintf (stderr, t, (a)); } while (0)
148
# define DEBUGOUT_CONT_2(t,a,b) do { if (debug_level) \
149
fprintf (stderr, t, (a), (b)); } while (0)
150
# define DEBUGOUT_CONT_3(t,a,b,c) do { if (debug_level) \
151
fprintf (stderr, t, (a), (b), (c)); } while (0)
152
# define DEBUGOUT_LF() do { if (debug_level) \
153
putc ('\n', stderr); } while (0)
155
#endif /* This source not used by scdaemon. */
160
RDR_to_PC_NotifySlotChange= 0x50,
161
RDR_to_PC_HardwareError = 0x51,
163
PC_to_RDR_SetParameters = 0x61,
164
PC_to_RDR_IccPowerOn = 0x62,
165
PC_to_RDR_IccPowerOff = 0x63,
166
PC_to_RDR_GetSlotStatus = 0x65,
167
PC_to_RDR_Secure = 0x69,
168
PC_to_RDR_T0APDU = 0x6a,
169
PC_to_RDR_Escape = 0x6b,
170
PC_to_RDR_GetParameters = 0x6c,
171
PC_to_RDR_ResetParameters = 0x6d,
172
PC_to_RDR_IccClock = 0x6e,
173
PC_to_RDR_XfrBlock = 0x6f,
174
PC_to_RDR_Mechanical = 0x71,
175
PC_to_RDR_Abort = 0x72,
176
PC_to_RDR_SetDataRate = 0x73,
178
RDR_to_PC_DataBlock = 0x80,
179
RDR_to_PC_SlotStatus = 0x81,
180
RDR_to_PC_Parameters = 0x82,
181
RDR_to_PC_Escape = 0x83,
182
RDR_to_PC_DataRate = 0x84
186
/* We need to know the vendor to do some hacks. */
192
/* Store information on the driver's state. A pointer to such a
193
structure is used as handle for most functions. */
196
usb_dev_handle *idev;
198
unsigned short id_vendor;
199
unsigned short id_product;
200
unsigned short bcd_device;
214
int apdu_level; /* Reader supports short APDU level exchange. */
218
static int initialized_usb; /* Tracks whether USB has been initialized. */
219
static int debug_level; /* Flag to control the debug output. */
222
static unsigned int compute_edc (const unsigned char *data, size_t datalen,
224
static int bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen);
225
static int bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
226
size_t *nread, int expected_type, int seqno);
228
/* Convert a little endian stored 4 byte value into an unsigned
231
convert_le_u32 (const unsigned char *buf)
233
return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24);
237
set_msg_len (unsigned char *msg, unsigned int length)
240
msg[2] = length >> 8;
241
msg[3] = length >> 16;
242
msg[4] = length >> 24;
248
/* Parse a CCID descriptor, optionally print all available features
249
and test whether this reader is usable by this driver. Returns 0
252
Note, that this code is based on the one in lsusb.c of the
253
usb-utils package, I wrote on 2003-09-01. -wk. */
255
parse_ccid_descriptor (ccid_driver_t handle,
256
const unsigned char *buf, size_t buflen)
260
int have_t1 = 0, have_tpdu=0, have_auto_conf = 0;
263
handle->nonnull_nad = 0;
264
handle->auto_ifsd = 0;
265
handle->max_ifsd = 32;
267
handle->has_pinpad = 0;
268
handle->apdu_level = 0;
269
DEBUGOUT_3 ("idVendor: %04X idProduct: %04X bcdDevice: %04X\n",
270
handle->id_vendor, handle->id_product, handle->bcd_device);
271
if (buflen < 54 || buf[0] < 54)
273
DEBUGOUT ("CCID device descriptor is too short\n");
277
DEBUGOUT ("ChipCard Interface Descriptor:\n");
278
DEBUGOUT_1 (" bLength %5u\n", buf[0]);
279
DEBUGOUT_1 (" bDescriptorType %5u\n", buf[1]);
280
DEBUGOUT_2 (" bcdCCID %2x.%02x", buf[3], buf[2]);
281
if (buf[3] != 1 || buf[2] != 0)
282
DEBUGOUT_CONT(" (Warning: Only accurate for version 1.0)");
285
DEBUGOUT_1 (" nMaxSlotIndex %5u\n", buf[4]);
286
DEBUGOUT_2 (" bVoltageSupport %5u %s\n",
287
buf[5], (buf[5] == 1? "5.0V" : buf[5] == 2? "3.0V"
288
: buf[5] == 3? "1.8V":"?"));
290
us = convert_le_u32 (buf+6);
291
DEBUGOUT_1 (" dwProtocols %5u ", us);
293
DEBUGOUT_CONT (" T=0");
296
DEBUGOUT_CONT (" T=1");
300
DEBUGOUT_CONT (" (Invalid values detected)");
303
us = convert_le_u32(buf+10);
304
DEBUGOUT_1 (" dwDefaultClock %5u\n", us);
305
us = convert_le_u32(buf+14);
306
DEBUGOUT_1 (" dwMaxiumumClock %5u\n", us);
307
DEBUGOUT_1 (" bNumClockSupported %5u\n", buf[18]);
308
us = convert_le_u32(buf+19);
309
DEBUGOUT_1 (" dwDataRate %7u bps\n", us);
310
us = convert_le_u32(buf+23);
311
DEBUGOUT_1 (" dwMaxDataRate %7u bps\n", us);
312
DEBUGOUT_1 (" bNumDataRatesSupp. %5u\n", buf[27]);
314
us = convert_le_u32(buf+28);
315
DEBUGOUT_1 (" dwMaxIFSD %5u\n", us);
316
handle->max_ifsd = us;
318
us = convert_le_u32(buf+32);
319
DEBUGOUT_1 (" dwSyncProtocols %08X ", us);
321
DEBUGOUT_CONT ( " 2-wire");
323
DEBUGOUT_CONT ( " 3-wire");
325
DEBUGOUT_CONT ( " I2C");
328
us = convert_le_u32(buf+36);
329
DEBUGOUT_1 (" dwMechanical %08X ", us);
331
DEBUGOUT_CONT (" accept");
333
DEBUGOUT_CONT (" eject");
335
DEBUGOUT_CONT (" capture");
337
DEBUGOUT_CONT (" lock");
340
us = convert_le_u32(buf+40);
341
DEBUGOUT_1 (" dwFeatures %08X\n", us);
344
DEBUGOUT (" Auto configuration based on ATR\n");
348
DEBUGOUT (" Auto activation on insert\n");
350
DEBUGOUT (" Auto voltage selection\n");
352
DEBUGOUT (" Auto clock change\n");
354
DEBUGOUT (" Auto baud rate change\n");
356
DEBUGOUT (" Auto parameter negotation made by CCID\n");
357
else if ((us & 0x0080))
358
DEBUGOUT (" Auto PPS made by CCID\n");
359
else if ((us & (0x0040 | 0x0080)))
360
DEBUGOUT (" WARNING: conflicting negotation features\n");
363
DEBUGOUT (" CCID can set ICC in clock stop mode\n");
366
DEBUGOUT (" NAD value other than 0x00 accepted\n");
367
handle->nonnull_nad = 1;
371
DEBUGOUT (" Auto IFSD exchange\n");
372
handle->auto_ifsd = 1;
375
if ((us & 0x00010000))
377
DEBUGOUT (" TPDU level exchange\n");
380
else if ((us & 0x00020000))
382
DEBUGOUT (" Short APDU level exchange\n");
383
handle->apdu_level = 1;
385
else if ((us & 0x00040000))
387
DEBUGOUT (" Short and extended APDU level exchange\n");
388
handle->apdu_level = 1;
390
else if ((us & 0x00070000))
391
DEBUGOUT (" WARNING: conflicting exchange levels\n");
393
us = convert_le_u32(buf+44);
394
DEBUGOUT_1 (" dwMaxCCIDMsgLen %5u\n", us);
396
DEBUGOUT ( " bClassGetResponse ");
398
DEBUGOUT_CONT ("echo\n");
400
DEBUGOUT_CONT_1 (" %02X\n", buf[48]);
402
DEBUGOUT ( " bClassEnvelope ");
404
DEBUGOUT_CONT ("echo\n");
406
DEBUGOUT_1 (" %02X\n", buf[48]);
408
DEBUGOUT ( " wlcdLayout ");
409
if (!buf[50] && !buf[51])
410
DEBUGOUT_CONT ("none\n");
412
DEBUGOUT_CONT_2 ("%u cols %u lines\n", buf[50], buf[51]);
414
DEBUGOUT_1 (" bPINSupport %5u ", buf[52]);
417
DEBUGOUT_CONT ( " verification");
418
handle->has_pinpad |= 1;
422
DEBUGOUT_CONT ( " modification");
423
handle->has_pinpad |= 2;
427
DEBUGOUT_1 (" bMaxCCIDBusySlots %5u\n", buf[53]);
431
for (i=54; i < buf[0]-54; i++)
432
DEBUGOUT_CONT_1 (" %02X", buf[i]);
436
if (!have_t1 || !(have_tpdu || handle->apdu_level) || !have_auto_conf)
438
DEBUGOUT ("this drivers requires that the reader supports T=1, "
439
"TPDU or APDU level exchange and auto configuration - "
440
"this is not available\n");
445
/* SCM drivers get stuck in their internal USB stack if they try to
446
send a frame of n*wMaxPacketSize back to us. Given that
447
wMaxPacketSize is 64 for these readers we set the IFSD to a value
449
64 - 10 CCID header - 4 T1frame - 2 reserved = 48 */
450
if (handle->id_vendor == VENDOR_SCM
451
/* FIXME: check whether it is the same
452
firmware version for all drivers. */
453
&& handle->bcd_device < 0x0513
454
&& handle->max_ifsd > 48)
456
DEBUGOUT ("enabling workaround for buggy SCM readers\n");
457
handle->max_ifsd = 48;
466
get_escaped_usb_string (usb_dev_handle *idev, int idx,
467
const char *prefix, const char *suffix)
470
unsigned char buf[280];
479
/* Fixme: The next line is for the current Valgrid without support
481
memset (buf, 0, sizeof buf);
483
/* First get the list of supported languages and use the first one.
484
If we do don't find it we try to use English. Note that this is
485
all in a 2 bute Unicode encoding using little endian. */
486
rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
487
(USB_DT_STRING << 8), 0,
488
buf, sizeof buf, 1000 /* ms timeout */);
490
langid = 0x0409; /* English. */
492
langid = (buf[3] << 8) | buf[2];
494
rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
495
(USB_DT_STRING << 8) + idx, langid,
496
buf, sizeof buf, 1000 /* ms timeout */);
497
if (rc < 2 || buf[1] != USB_DT_STRING)
498
return NULL; /* Error or not a string. */
501
return NULL; /* Larger than our buffer. */
503
for (s=buf+2, i=2, n=0; i+1 < len; i += 2, s += 2)
506
n++; /* High byte set. */
507
else if (*s <= 0x20 || *s >= 0x7f || *s == '%' || *s == ':')
513
result = malloc (strlen (prefix) + n + strlen (suffix) + 1);
517
strcpy (result, prefix);
519
for (s=buf+2, i=2; i+1 < len; i += 2, s += 2)
522
result[n++] = '\xff'; /* High byte set. */
523
else if (*s <= 0x20 || *s >= 0x7f || *s == '%' || *s == ':')
525
sprintf (result+n, "%%%02X", *s);
531
strcpy (result+n, suffix);
536
/* This function creates an reader id to be used to find the same
537
physical reader after a reset. It returns an allocated and possibly
538
percent escaped string or NULL if not enough memory is available. */
540
make_reader_id (usb_dev_handle *idev,
541
unsigned int vendor, unsigned int product,
542
unsigned char serialno_index)
547
sprintf (prefix, "%04X:%04X:", (vendor & 0xfff), (product & 0xffff));
548
rid = get_escaped_usb_string (idev, serialno_index, prefix, ":0");
551
rid = malloc (strlen (prefix) + 3 + 1);
554
strcpy (rid, prefix);
561
/* Helper to find the endpoint from an interface descriptor. */
563
find_endpoint (struct usb_interface_descriptor *ifcdesc, int mode)
566
int want_bulk_in = 0;
570
for (no=0; no < ifcdesc->bNumEndpoints; no++)
572
struct usb_endpoint_descriptor *ep = ifcdesc->endpoint + no;
573
if (ep->bDescriptorType != USB_DT_ENDPOINT)
576
&& ((ep->bmAttributes & USB_ENDPOINT_TYPE_MASK)
577
== USB_ENDPOINT_TYPE_INTERRUPT)
578
&& (ep->bEndpointAddress & 0x80))
579
return (ep->bEndpointAddress & 0x0f);
580
else if (((ep->bmAttributes & USB_ENDPOINT_TYPE_MASK)
581
== USB_ENDPOINT_TYPE_BULK)
582
&& (ep->bEndpointAddress & 0x80) == want_bulk_in)
583
return (ep->bEndpointAddress & 0x0f);
585
/* Should never happen. */
586
return mode == 2? 0x83 : mode == 1? 0x82 :1;
591
/* Combination function to either scan all CCID devices or to find and
592
open one specific device.
594
With READERNO = -1 and READERID is NULL, scan mode is used and
595
R_RID should be the address where to store the list of reader_ids
596
we found. If on return this list is empty, no CCID device has been
597
found; otherwise it points to an allocated linked list of reader
598
IDs. Note that in this mode the function always returns NULL.
600
With READERNO >= 0 or READERID is not NULL find mode is used. This
601
uses the same algorithm as the scan mode but stops and returns at
602
the entry number READERNO and return the handle for the the opened
603
USB device. If R_ID is not NULL it will receive the reader ID of
604
that device. If R_DEV is not NULL it will the device pointer of
605
that device. If IFCDESC_EXTRA is NOT NULL it will receive a
606
malloced copy of the interfaces "extra: data filed;
607
IFCDESC_EXTRA_LEN receive the lengtyh of this field. If there is
608
no reader with number READERNO or that reader is not usable by our
609
implementation NULL will be returned. The caller must close a
610
returned USB device handle and free (if not passed as NULL) the
611
returned reader ID info as well as the IFCDESC_EXTRA. On error
612
NULL will get stored at R_RID, R_DEV, IFCDESC_EXTRA and
613
IFCDESC_EXTRA_LEN. With READERID being -1 the function stops if
614
the READERID was found.
616
Note that the first entry of the returned reader ID list in scan mode
617
corresponds with a READERNO of 0 in find mode.
619
static usb_dev_handle *
620
scan_or_find_devices (int readerno, const char *readerid,
622
struct usb_device **r_dev,
623
unsigned char **ifcdesc_extra,
624
size_t *ifcdesc_extra_len,
625
int *interface_number,
626
int *ep_bulk_out, int *ep_bulk_in, int *ep_intr)
628
char *rid_list = NULL;
630
struct usb_bus *busses, *bus;
631
struct usb_device *dev = NULL;
632
usb_dev_handle *idev = NULL;
633
int scan_mode = (readerno == -1 && !readerid);
635
/* Set return values to a default. */
641
*ifcdesc_extra = NULL;
642
if (ifcdesc_extra_len)
643
*ifcdesc_extra_len = 0;
644
if (interface_number)
645
*interface_number = 0;
647
/* See whether we want scan or find mode. */
656
#ifdef HAVE_USB_GET_BUSSES
657
busses = usb_get_busses();
662
for (bus = busses; bus; bus = bus->next)
664
for (dev = bus->devices; dev; dev = dev->next)
668
for (cfg_no=0; cfg_no < dev->descriptor.bNumConfigurations; cfg_no++)
670
struct usb_config_descriptor *config = dev->config + cfg_no;
676
for (ifc_no=0; ifc_no < config->bNumInterfaces; ifc_no++)
678
struct usb_interface *interface
679
= config->interface + ifc_no;
685
for (set_no=0; set_no < interface->num_altsetting; set_no++)
687
struct usb_interface_descriptor *ifcdesc
688
= interface->altsetting + set_no;
691
/* The second condition is for some SCM Micro
692
SPR 532 which does not know about the
693
assigned CCID class. Instead of trying to
694
interpret the strings we simply look at the
696
if (ifcdesc && ifcdesc->extra
697
&& ( (ifcdesc->bInterfaceClass == 11
698
&& ifcdesc->bInterfaceSubClass == 0
699
&& ifcdesc->bInterfaceProtocol == 0)
700
|| (ifcdesc->bInterfaceClass == 255
701
&& dev->descriptor.idVendor == 0x04e6
702
&& dev->descriptor.idProduct == 0xe003
703
&& ifcdesc->bInterfaceSubClass == 1
704
&& ifcdesc->bInterfaceProtocol == 1)))
706
idev = usb_open (dev);
709
DEBUGOUT_1 ("usb_open failed: %s\n",
714
rid = make_reader_id (idev,
715
dev->descriptor.idVendor,
716
dev->descriptor.idProduct,
717
dev->descriptor.iSerialNumber);
724
/* We are collecting infos about all
725
available CCID readers. Store
726
them and continue. */
727
DEBUGOUT_2 ("found CCID reader %d "
730
if ((p = malloc ((rid_list?
738
strcat (p, rid_list);
745
else /* Out of memory. */
753
&& !strcmp (readerid, rid)))
755
/* We found the requested reader. */
756
if (ifcdesc_extra && ifcdesc_extra_len)
758
*ifcdesc_extra = malloc (ifcdesc
764
return NULL; /* Out of core. */
766
memcpy (*ifcdesc_extra, ifcdesc->extra,
768
*ifcdesc_extra_len = ifcdesc->extralen;
770
if (interface_number)
771
*interface_number = (ifcdesc->
774
*ep_bulk_out = find_endpoint (ifcdesc, 0);
776
*ep_bulk_in = find_endpoint (ifcdesc, 1);
778
*ep_intr = find_endpoint (ifcdesc, 2);
790
return idev; /* READY. */
794
/* This is not yet the reader we
795
want. fixme: We could avoid the
796
extra usb_open in this case. */
822
/* Set the level of debugging to to usea dn return the old level. -1
823
just returns the old level. A level of 0 disables debugging, 1
824
enables debugging, other values are not yet defined. */
826
ccid_set_debug_level (int level)
828
int old = debug_level;
836
ccid_get_reader_list (void)
840
if (!initialized_usb)
846
scan_or_find_devices (-1, NULL, &reader_list, NULL, NULL, NULL, NULL,
852
/* Open the reader with the internal number READERNO and return a
853
pointer to be used as handle in HANDLE. Returns 0 on success. */
855
ccid_open_reader (ccid_driver_t *handle, const char *readerid)
858
struct usb_device *dev = NULL;
859
usb_dev_handle *idev = NULL;
861
unsigned char *ifcdesc_extra = NULL;
862
size_t ifcdesc_extra_len;
864
int ifc_no, ep_bulk_out, ep_bulk_in, ep_intr;
868
if (!initialized_usb)
874
/* See whether we want to use the reader ID string or a reader
875
number. A readerno of -1 indicates that the reader ID string is
877
if (readerid && strchr (readerid, ':'))
878
readerno = -1; /* We want to use the readerid. */
881
readerno = atoi (readerid);
884
DEBUGOUT ("no CCID readers found\n");
885
rc = CCID_DRIVER_ERR_NO_READER;
890
readerno = 0; /* Default. */
892
idev = scan_or_find_devices (readerno, readerid, &rid, &dev,
893
&ifcdesc_extra, &ifcdesc_extra_len,
894
&ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr);
898
DEBUGOUT_1 ("no CCID reader with ID %s\n", readerid );
900
DEBUGOUT_1 ("no CCID reader with number %d\n", readerno );
901
rc = CCID_DRIVER_ERR_NO_READER;
905
/* Okay, this is a CCID reader. */
906
*handle = calloc (1, sizeof **handle);
909
DEBUGOUT ("out of memory\n");
910
rc = CCID_DRIVER_ERR_OUT_OF_CORE;
913
(*handle)->idev = idev;
914
(*handle)->rid = rid;
915
(*handle)->id_vendor = dev->descriptor.idVendor;
916
(*handle)->id_product = dev->descriptor.idProduct;
917
(*handle)->bcd_device = dev->descriptor.bcdDevice;
918
(*handle)->ifc_no = ifc_no;
919
(*handle)->ep_bulk_out = ep_bulk_out;
920
(*handle)->ep_bulk_in = ep_bulk_in;
921
(*handle)->ep_intr = ep_intr;
923
DEBUGOUT_2 ("using CCID reader %d (ID=%s)\n", readerno, rid );
926
if (parse_ccid_descriptor (*handle, ifcdesc_extra, ifcdesc_extra_len))
928
DEBUGOUT ("device not supported\n");
929
rc = CCID_DRIVER_ERR_NO_READER;
933
rc = usb_claim_interface (idev, ifc_no);
936
DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
937
rc = CCID_DRIVER_ERR_CARD_IO_ERROR;
942
free (ifcdesc_extra);
957
do_close_reader (ccid_driver_t handle)
960
unsigned char msg[100];
964
if (!handle->powered_off)
966
msg[0] = PC_to_RDR_IccPowerOff;
967
msg[5] = 0; /* slot */
968
msg[6] = seqno = handle->seqno++;
969
msg[7] = 0; /* RFU */
970
msg[8] = 0; /* RFU */
971
msg[9] = 0; /* RFU */
972
set_msg_len (msg, 0);
975
rc = bulk_out (handle, msg, msglen);
977
bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus,seqno);
978
handle->powered_off = 1;
982
usb_release_interface (handle->idev, handle->ifc_no);
983
usb_close (handle->idev);
989
/* Reset a reader on HANDLE. This is useful in case a reader has been
990
plugged of and inserted at a different port. By resetting the
991
handle, the same reader will be get used. Note, that on error the
992
handle won't get released.
994
This does not return an ATR, so ccid_get_atr should be called right
998
ccid_shutdown_reader (ccid_driver_t handle)
1001
struct usb_device *dev = NULL;
1002
usb_dev_handle *idev = NULL;
1003
unsigned char *ifcdesc_extra = NULL;
1004
size_t ifcdesc_extra_len;
1005
int ifc_no, ep_bulk_out, ep_bulk_in, ep_intr;
1007
if (!handle || !handle->rid)
1008
return CCID_DRIVER_ERR_INV_VALUE;
1010
do_close_reader (handle);
1012
idev = scan_or_find_devices (-1, handle->rid, NULL, &dev,
1013
&ifcdesc_extra, &ifcdesc_extra_len,
1014
&ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr);
1017
DEBUGOUT_1 ("no CCID reader with ID %s\n", handle->rid);
1018
return CCID_DRIVER_ERR_NO_READER;
1022
handle->idev = idev;
1023
handle->ifc_no = ifc_no;
1024
handle->ep_bulk_out = ep_bulk_out;
1025
handle->ep_bulk_in = ep_bulk_in;
1026
handle->ep_intr = ep_intr;
1028
if (parse_ccid_descriptor (handle, ifcdesc_extra, ifcdesc_extra_len))
1030
DEBUGOUT ("device not supported\n");
1031
rc = CCID_DRIVER_ERR_NO_READER;
1035
rc = usb_claim_interface (idev, ifc_no);
1038
DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
1039
rc = CCID_DRIVER_ERR_CARD_IO_ERROR;
1044
free (ifcdesc_extra);
1047
usb_close (handle->idev);
1048
handle->idev = NULL;
1056
/* Close the reader HANDLE. */
1058
ccid_close_reader (ccid_driver_t handle)
1060
if (!handle || !handle->idev)
1063
do_close_reader (handle);
1070
/* Return False if a card is present and powered. */
1072
ccid_check_card_presence (ccid_driver_t handle)
1079
/* Write a MSG of length MSGLEN to the designated bulk out endpoint.
1080
Returns 0 on success. */
1082
bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen)
1086
rc = usb_bulk_write (handle->idev,
1087
handle->ep_bulk_out,
1089
1000 /* ms timeout */);
1094
DEBUGOUT_1 ("usb_bulk_write error: %s\n", strerror (errno));
1096
DEBUGOUT_1 ("usb_bulk_write failed: %d\n", rc);
1097
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1101
/* Read a maximum of LENGTH bytes from the bulk in endpoint into
1102
BUFFER and return the actual read number if bytes in NREAD. SEQNO
1103
is the sequence number used to send the request and EXPECTED_TYPE
1104
the type of message we expect. Does checks on the ccid
1105
header. Returns 0 on success. */
1107
bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
1108
size_t *nread, int expected_type, int seqno)
1113
/* Fixme: The next line for the current Valgrind without support
1115
memset (buffer, 0, length);
1117
rc = usb_bulk_read (handle->idev,
1120
10000 /* ms timeout */ );
1121
/* Fixme: instead of using a 10 second timeout we should better
1122
handle the timeout here and retry if appropriate. */
1125
DEBUGOUT_1 ("usb_bulk_read error: %s\n", strerror (errno));
1126
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1129
*nread = msglen = rc;
1133
DEBUGOUT_1 ("bulk-in msg too short (%u)\n", (unsigned int)msglen);
1134
return CCID_DRIVER_ERR_INV_VALUE;
1136
if (buffer[0] != expected_type)
1138
DEBUGOUT_1 ("unexpected bulk-in msg type (%02x)\n", buffer[0]);
1139
return CCID_DRIVER_ERR_INV_VALUE;
1143
DEBUGOUT_1 ("unexpected bulk-in slot (%d)\n", buffer[5]);
1144
return CCID_DRIVER_ERR_INV_VALUE;
1146
if (buffer[6] != seqno)
1148
DEBUGOUT_2 ("bulk-in seqno does not match (%d/%d)\n",
1150
return CCID_DRIVER_ERR_INV_VALUE;
1153
if ( !(buffer[7] & 0x03) && (buffer[7] & 0xC0) == 0x80)
1155
/* Card present and active, time extension requested. */
1156
DEBUGOUT_2 ("time extension requested (%02X,%02X)\n",
1157
buffer[7], buffer[8]);
1161
DEBUGOUT_3 ("status: %02X error: %02X octet[9]: %02X\n"
1162
" data:", buffer[7], buffer[8], buffer[9] );
1163
for (i=10; i < msglen; i++)
1164
DEBUGOUT_CONT_1 (" %02X", buffer[i]);
1167
switch ((buffer[7] & 0x03))
1169
case 0: /* no error */ break;
1170
case 1: return CCID_DRIVER_ERR_CARD_INACTIVE;
1171
case 2: return CCID_DRIVER_ERR_NO_CARD;
1172
case 3: /* RFU */ break;
1178
/* Note that this fucntion won't return the error codes NO_CARD or
1181
send_escape_cmd (ccid_driver_t handle,
1182
const unsigned char *data, size_t datalen)
1185
unsigned char msg[100];
1187
unsigned char seqno;
1189
if (datalen > sizeof msg - 10)
1190
return CCID_DRIVER_ERR_INV_VALUE; /* Escape data too large. */
1192
msg[0] = PC_to_RDR_Escape;
1193
msg[5] = 0; /* slot */
1194
msg[6] = seqno = handle->seqno++;
1195
msg[7] = 0; /* RFU */
1196
msg[8] = 0; /* RFU */
1197
msg[9] = 0; /* RFU */
1198
memcpy (msg+10, data, datalen);
1199
msglen = 10 + datalen;
1200
set_msg_len (msg, datalen);
1202
DEBUGOUT ("sending");
1203
for (i=0; i < msglen; i++)
1204
DEBUGOUT_CONT_1 (" %02X", msg[i]);
1206
rc = bulk_out (handle, msg, msglen);
1209
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Escape, seqno);
1217
ccid_poll (ccid_driver_t handle)
1220
unsigned char msg[10];
1224
rc = usb_bulk_read (handle->idev,
1227
0 /* ms timeout */ );
1228
if (rc < 0 && errno == ETIMEDOUT)
1233
DEBUGOUT_1 ("usb_intr_read error: %s\n", strerror (errno));
1234
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1242
DEBUGOUT ("intr-in msg too short\n");
1243
return CCID_DRIVER_ERR_INV_VALUE;
1246
if (msg[0] == RDR_to_PC_NotifySlotChange)
1248
DEBUGOUT ("notify slot change:");
1249
for (i=1; i < msglen; i++)
1250
for (j=0; j < 4; j++)
1251
DEBUGOUT_CONT_3 (" %d:%c%c",
1253
(msg[i] & (1<<(j*2)))? 'p':'-',
1254
(msg[i] & (2<<(j*2)))? '*':' ');
1257
else if (msg[0] == RDR_to_PC_HardwareError)
1259
DEBUGOUT ("hardware error occured\n");
1263
DEBUGOUT_1 ("unknown intr-in msg of type %02X\n", msg[0]);
1270
/* Note that this fucntion won't return the error codes NO_CARD or
1273
ccid_slot_status (ccid_driver_t handle, int *statusbits)
1276
unsigned char msg[100];
1278
unsigned char seqno;
1280
msg[0] = PC_to_RDR_GetSlotStatus;
1281
msg[5] = 0; /* slot */
1282
msg[6] = seqno = handle->seqno++;
1283
msg[7] = 0; /* RFU */
1284
msg[8] = 0; /* RFU */
1285
msg[9] = 0; /* RFU */
1286
set_msg_len (msg, 0);
1288
rc = bulk_out (handle, msg, 10);
1291
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus, seqno);
1292
if (rc && rc != CCID_DRIVER_ERR_NO_CARD
1293
&& rc != CCID_DRIVER_ERR_CARD_INACTIVE)
1295
*statusbits = (msg[7] & 3);
1302
ccid_get_atr (ccid_driver_t handle,
1303
unsigned char *atr, size_t maxatrlen, size_t *atrlen)
1306
unsigned char msg[100];
1307
unsigned char *tpdu;
1308
size_t msglen, tpdulen;
1309
unsigned char seqno;
1314
msg[0] = PC_to_RDR_IccPowerOn;
1315
msg[5] = 0; /* slot */
1316
msg[6] = seqno = handle->seqno++;
1317
msg[7] = 0; /* power select (0=auto, 1=5V, 2=3V, 3=1.8V) */
1318
msg[8] = 0; /* RFU */
1319
msg[9] = 0; /* RFU */
1320
set_msg_len (msg, 0);
1323
rc = bulk_out (handle, msg, msglen);
1326
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, seqno);
1330
handle->powered_off = 0;
1334
size_t n = msglen - 10;
1338
memcpy (atr, msg+10, n);
1342
/* Setup parameters to select T=1. */
1343
msg[0] = PC_to_RDR_SetParameters;
1344
msg[5] = 0; /* slot */
1345
msg[6] = seqno = handle->seqno++;
1346
msg[7] = 1; /* Select T=1. */
1347
msg[8] = 0; /* RFU */
1348
msg[9] = 0; /* RFU */
1350
/* FIXME: Get those values from the ATR. */
1351
msg[10]= 0x01; /* Fi/Di */
1352
msg[11]= 0x10; /* LRC, direct convention. */
1353
msg[12]= 0; /* Extra guardtime. */
1354
msg[13]= 0x41; /* BWI/CWI */
1355
msg[14]= 0; /* No clock stoppping. */
1356
msg[15]= 254; /* IFSC */
1357
msg[16]= 0; /* Does not support non default NAD values. */
1358
set_msg_len (msg, 7);
1361
DEBUGOUT ("sending");
1362
for (i=0; i < msglen; i++)
1363
DEBUGOUT_CONT_1 (" %02X", msg[i]);
1366
rc = bulk_out (handle, msg, msglen);
1369
/* Note that we ignore the error code on purpose. */
1370
bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, seqno);
1375
/* Send an S-Block with our maximun IFSD to the CCID. */
1376
if (!handle->auto_ifsd)
1379
/* NAD: DAD=1, SAD=0 */
1380
tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0;
1381
tpdu[1] = (0xc0 | 0 | 1); /* S-block request: change IFSD */
1383
tpdu[3] = handle->max_ifsd? handle->max_ifsd : 32;
1385
edc = compute_edc (tpdu, tpdulen, use_crc);
1387
tpdu[tpdulen++] = (edc >> 8);
1388
tpdu[tpdulen++] = edc;
1390
msg[0] = PC_to_RDR_XfrBlock;
1391
msg[5] = 0; /* slot */
1392
msg[6] = seqno = handle->seqno++;
1394
msg[8] = 0; /* RFU */
1395
msg[9] = 0; /* RFU */
1396
set_msg_len (msg, tpdulen);
1397
msglen = 10 + tpdulen;
1399
DEBUGOUT ("sending");
1400
for (i=0; i < msglen; i++)
1401
DEBUGOUT_CONT_1 (" %02X", msg[i]);
1405
fprintf (stderr, "T1: put %c-block seq=%d\n",
1406
((msg[11] & 0xc0) == 0x80)? 'R' :
1407
(msg[11] & 0x80)? 'S' : 'I',
1408
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)));
1411
rc = bulk_out (handle, msg, msglen);
1416
rc = bulk_in (handle, msg, sizeof msg, &msglen,
1417
RDR_to_PC_DataBlock, seqno);
1422
tpdulen = msglen - 10;
1425
return CCID_DRIVER_ERR_ABORTED;
1428
fprintf (stderr, "T1: got %c-block seq=%d err=%d\n",
1429
((msg[11] & 0xc0) == 0x80)? 'R' :
1430
(msg[11] & 0x80)? 'S' : 'I',
1431
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)),
1432
((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0
1435
if ((tpdu[1] & 0xe0) != 0xe0 || tpdu[2] != 1)
1437
DEBUGOUT ("invalid response for S-block (Change-IFSD)\n");
1440
DEBUGOUT_1 ("IFSD has been set to %d\n", tpdu[3]);
1450
compute_edc (const unsigned char *data, size_t datalen, int use_crc)
1454
return 0x42; /* Not yet implemented. */
1458
unsigned char crc = 0;
1460
for (; datalen; datalen--)
1467
/* Helper for ccid_transceive used for APDU level exchanges. */
1469
ccid_transceive_apdu_level (ccid_driver_t handle,
1470
const unsigned char *apdu_buf, size_t apdu_buflen,
1471
unsigned char *resp, size_t maxresplen,
1475
unsigned char send_buffer[10+259], recv_buffer[10+259];
1476
const unsigned char *apdu;
1480
unsigned char seqno;
1486
apdulen = apdu_buflen;
1490
return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */
1492
msg[0] = PC_to_RDR_XfrBlock;
1493
msg[5] = 0; /* slot */
1494
msg[6] = seqno = handle->seqno++;
1495
msg[7] = 4; /* bBWI */
1496
msg[8] = 0; /* RFU */
1497
msg[9] = 0; /* RFU */
1498
memcpy (msg+10, apdu, apdulen);
1499
set_msg_len (msg, apdulen);
1500
msglen = 10 + apdulen;
1502
DEBUGOUT ("sending");
1503
for (i=0; i < msglen; i++)
1504
DEBUGOUT_CONT_1 (" %02X", msg[i]);
1507
rc = bulk_out (handle, msg, msglen);
1512
rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
1513
RDR_to_PC_DataBlock, seqno);
1518
apdulen = msglen - 10;
1522
if (apdulen > maxresplen)
1524
DEBUGOUT_2 ("provided buffer too short for received data "
1526
(unsigned int)apdulen, (unsigned int)maxresplen);
1527
return CCID_DRIVER_ERR_INV_VALUE;
1530
memcpy (resp, apdu, apdulen);
1540
Protocol T=1 overview
1544
1 byte Node Address (NAD)
1545
1 byte Protocol Control Byte (PCB)
1548
0-254 byte APDU or Control Information (INF)
1550
1 byte Error Detection Code (EDC)
1554
bit 4..6 Destination Node Address (DAD)
1556
bit 2..0 Source Node Address (SAD)
1558
If node adresses are not used, SAD and DAD should be set to 0 on
1559
the first block sent to the card. If they are used they should
1560
have different values (0 for one is okay); that first block sets up
1561
the addresses of the nodes.
1564
Information Block (I-Block):
1566
bit 6 Sequence number (yep, that is modulo 2)
1569
Received-Ready Block (R-Block):
1573
bit 4 Sequence number
1574
bit 3..0 0 = no error
1575
1 = EDC or parity error
1577
other values are reserved
1578
Supervisory Block (S-Block):
1581
bit 5 clear=request,set=response
1582
bit 4..0 0 = resyncronisation request
1583
1 = information field size request
1585
3 = extension of BWT request
1587
other values are reserved
1592
ccid_transceive (ccid_driver_t handle,
1593
const unsigned char *apdu_buf, size_t apdu_buflen,
1594
unsigned char *resp, size_t maxresplen, size_t *nresp)
1597
unsigned char send_buffer[10+259], recv_buffer[10+259];
1598
const unsigned char *apdu;
1600
unsigned char *msg, *tpdu, *p;
1601
size_t msglen, tpdulen, last_tpdulen, n;
1602
unsigned char seqno;
1612
nresp = &dummy_nresp;
1615
/* Smarter readers allow to send APDUs directly; divert here. */
1616
if (handle->apdu_level)
1617
return ccid_transceive_apdu_level (handle, apdu_buf, apdu_buflen,
1618
resp, maxresplen, nresp);
1620
/* The other readers we support require sending TPDUs. */
1622
tpdulen = 0; /* Avoid compiler warning about no initialization. */
1631
apdulen = apdu_buflen;
1634
/* Construct an I-Block. */
1636
return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */
1639
/* NAD: DAD=1, SAD=0 */
1640
tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0;
1641
tpdu[1] = ((handle->t1_ns & 1) << 6); /* I-block */
1642
if (apdulen > 128 /* fixme: replace by ifsc */)
1647
tpdu[1] |= (1 << 5); /* Set more bit. */
1650
memcpy (tpdu+3, apdu, apdulen);
1651
tpdulen = 3 + apdulen;
1652
edc = compute_edc (tpdu, tpdulen, use_crc);
1654
tpdu[tpdulen++] = (edc >> 8);
1655
tpdu[tpdulen++] = edc;
1658
msg[0] = PC_to_RDR_XfrBlock;
1659
msg[5] = 0; /* slot */
1660
msg[6] = seqno = handle->seqno++;
1661
msg[7] = 4; /* bBWI */
1662
msg[8] = 0; /* RFU */
1663
msg[9] = 0; /* RFU */
1664
set_msg_len (msg, tpdulen);
1665
msglen = 10 + tpdulen;
1666
last_tpdulen = tpdulen;
1668
DEBUGOUT ("sending");
1669
for (i=0; i < msglen; i++)
1670
DEBUGOUT_CONT_1 (" %02X", msg[i]);
1674
fprintf (stderr, "T1: put %c-block seq=%d\n",
1675
((msg[11] & 0xc0) == 0x80)? 'R' :
1676
(msg[11] & 0x80)? 'S' : 'I',
1677
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)));
1680
rc = bulk_out (handle, msg, msglen);
1685
rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
1686
RDR_to_PC_DataBlock, seqno);
1691
tpdulen = msglen - 10;
1695
usb_clear_halt (handle->idev, 0x82);
1696
return CCID_DRIVER_ERR_ABORTED;
1699
fprintf (stderr, "T1: got %c-block seq=%d err=%d\n",
1700
((msg[11] & 0xc0) == 0x80)? 'R' :
1701
(msg[11] & 0x80)? 'S' : 'I',
1702
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)),
1703
((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0
1707
if (!(tpdu[1] & 0x80))
1708
{ /* This is an I-block. */
1711
{ /* last block sent was successful. */
1716
if (!!(tpdu[1] & 0x40) != handle->t1_nr)
1717
{ /* Reponse does not match our sequence number. */
1720
/* NAD: DAD=1, SAD=0 */
1721
tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0;
1722
tpdu[1] = (0x80 | (handle->t1_nr & 1) << 4 | 2); /* R-block */
1725
edc = compute_edc (tpdu, tpdulen, use_crc);
1727
tpdu[tpdulen++] = (edc >> 8);
1728
tpdu[tpdulen++] = edc;
1735
p = tpdu + 3; /* Skip the prologue field. */
1736
n = tpdulen - 3 - 1; /* Strip the epilogue field. */
1737
/* fixme: verify the checksum. */
1742
DEBUGOUT_2 ("provided buffer too short for received data "
1744
(unsigned int)n, (unsigned int)maxresplen);
1745
return CCID_DRIVER_ERR_INV_VALUE;
1748
memcpy (resp, p, n);
1754
if (!(tpdu[1] & 0x20))
1755
return 0; /* No chaining requested - ready. */
1759
/* NAD: DAD=1, SAD=0 */
1760
tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0;
1761
tpdu[1] = (0x80 | (handle->t1_nr & 1) << 4); /* R-block */
1764
edc = compute_edc (tpdu, tpdulen, use_crc);
1766
tpdu[tpdulen++] = (edc >> 8);
1767
tpdu[tpdulen++] = edc;
1769
else if ((tpdu[1] & 0xc0) == 0x80)
1770
{ /* This is a R-block. */
1771
if ( (tpdu[1] & 0x0f))
1772
{ /* Error: repeat last block */
1775
DEBUGOUT ("3 failed retries\n");
1776
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1779
tpdulen = last_tpdulen;
1781
else if (sending && !!(tpdu[1] & 0x40) == handle->t1_ns)
1782
{ /* Reponse does not match our sequence number. */
1783
DEBUGOUT ("R-block with wrong seqno received on more bit\n");
1784
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1787
{ /* Send next chunk. */
1795
DEBUGOUT ("unexpected ACK R-block received\n");
1796
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1800
{ /* This is a S-block. */
1802
DEBUGOUT_2 ("T1 S-block %s received cmd=%d\n",
1803
(tpdu[1] & 0x20)? "response": "request",
1805
if ( !(tpdu[1] & 0x20) && (tpdu[1] & 0x1f) == 3 && tpdu[2])
1806
{ /* Wait time extension request. */
1807
unsigned char bwi = tpdu[3];
1810
/* NAD: DAD=1, SAD=0 */
1811
tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0;
1812
tpdu[1] = (0xc0 | 0x20 | 3); /* S-block response */
1816
edc = compute_edc (tpdu, tpdulen, use_crc);
1818
tpdu[tpdulen++] = (edc >> 8);
1819
tpdu[tpdulen++] = edc;
1820
DEBUGOUT_1 ("T1 waittime extension of bwi=%d\n", bwi);
1823
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1825
} /* end T=1 protocol loop. */
1831
/* Send the CCID Secure command to the reader. APDU_BUF should contain the APDU template. PIN_MODE defines now the pin gets formatted:
1833
1 := The PIN is ASCII encoded and of variable length. The
1834
length of the PIN entered will be put into Lc by the reader.
1835
The APDU should me made up of 4 bytes without Lc.
1837
PINLEN_MIN and PINLEN_MAX define the limits for the pin length. 0
1838
may be used t enable usbale defaults. PIN_PADLEN should be 0
1840
When called with RESP and NRESP set to NULL, the function will
1841
merely check whether the reader supports the secure command for the
1842
given APDU and PIN_MODE. */
1844
ccid_transceive_secure (ccid_driver_t handle,
1845
const unsigned char *apdu_buf, size_t apdu_buflen,
1846
int pin_mode, int pinlen_min, int pinlen_max,
1848
unsigned char *resp, size_t maxresplen, size_t *nresp)
1851
unsigned char send_buffer[10+259], recv_buffer[10+259];
1852
unsigned char *msg, *tpdu, *p;
1853
size_t msglen, tpdulen, n;
1854
unsigned char seqno;
1859
testmode = !resp && !nresp;
1862
nresp = &dummy_nresp;
1865
if (apdu_buflen >= 4 && apdu_buf[1] == 0x20 && (handle->has_pinpad & 1))
1867
else if (apdu_buflen >= 4 && apdu_buf[1] == 0x24 && (handle->has_pinpad & 2))
1868
return CCID_DRIVER_ERR_NOT_SUPPORTED; /* Not yet by our code. */
1870
return CCID_DRIVER_ERR_NOT_SUPPORTED;
1873
return CCID_DRIVER_ERR_NOT_SUPPORTED;
1875
if (pin_padlen != 0)
1876
return CCID_DRIVER_ERR_NOT_SUPPORTED;
1883
/* Note that the 25 is the maximum value the SPR532 allows. */
1884
if (pinlen_min < 1 || pinlen_min > 25
1885
|| pinlen_max < 1 || pinlen_max > 25
1886
|| pinlen_min > pinlen_max)
1887
return CCID_DRIVER_ERR_INV_VALUE;
1889
/* We have only tested this with an SCM reader so better don't risk
1890
anything and do not allow the use with other readers. */
1891
if (handle->id_vendor != VENDOR_SCM)
1892
return CCID_DRIVER_ERR_NOT_SUPPORTED;
1895
return 0; /* Success */
1898
if (handle->id_vendor == VENDOR_SCM)
1900
DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n");
1901
rc = send_escape_cmd (handle, "\x80\x02\x00", 3);
1906
msg[0] = PC_to_RDR_Secure;
1907
msg[5] = 0; /* slot */
1908
msg[6] = seqno = handle->seqno++;
1909
msg[7] = 4; /* bBWI */
1910
msg[8] = 0; /* RFU */
1911
msg[9] = 0; /* RFU */
1912
msg[10] = 0; /* Perform PIN verification. */
1913
msg[11] = 0; /* Timeout in seconds. */
1914
msg[12] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */
1915
if (handle->id_vendor == VENDOR_SCM)
1917
/* For the SPR532 the next 2 bytes need to be zero. We do this
1918
for all SCM product. Kudos to to Martin Paljak for this
1920
msg[13] = msg[14] = 0;
1924
msg[13] = 0x00; /* bmPINBlockString:
1925
0 bits of pin length to insert.
1926
0 bytes of PIN block size. */
1927
msg[14] = 0x00; /* bmPINLengthFormat:
1928
Units are bytes, position is 0. */
1930
msg[15] = pinlen_min; /* wPINMaxExtraDigit-Minimum. */
1931
msg[16] = pinlen_max; /* wPINMaxExtraDigit-Maximum. */
1932
msg[17] = 0x02; /* bEntryValidationCondition:
1933
Validation key pressed */
1934
if (pinlen_min && pinlen_max && pinlen_min == pinlen_max)
1935
msg[17] |= 0x01; /* Max size reached. */
1936
msg[18] = 0xff; /* bNumberMessage: Default. */
1937
msg[19] = 0x04; /* wLangId-High. */
1938
msg[20] = 0x09; /* wLangId-Low: English FIXME: use the first entry. */
1939
msg[21] = 0; /* bMsgIndex. */
1940
/* bTeoProlog follows: */
1941
msg[22] = handle->nonnull_nad? ((1 << 4) | 0): 0;
1942
msg[23] = ((handle->t1_ns & 1) << 6); /* I-block */
1943
msg[24] = 4; /* apdulen. */
1945
msg[25] = apdu_buf[0]; /* CLA */
1946
msg[26] = apdu_buf[1]; /* INS */
1947
msg[27] = apdu_buf[2]; /* P1 */
1948
msg[28] = apdu_buf[3]; /* P2 */
1950
set_msg_len (msg, msglen - 10);
1952
DEBUGOUT ("sending");
1953
for (i=0; i < msglen; i++)
1954
DEBUGOUT_CONT_1 (" %02X", msg[i]);
1957
rc = bulk_out (handle, msg, msglen);
1962
rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
1963
RDR_to_PC_DataBlock, seqno);
1968
tpdulen = msglen - 10;
1972
usb_clear_halt (handle->idev, handle->ep_bulk_in);
1973
return CCID_DRIVER_ERR_ABORTED;
1976
fprintf (stderr, "T1: got %c-block seq=%d err=%d\n",
1977
((msg[11] & 0xc0) == 0x80)? 'R' :
1978
(msg[11] & 0x80)? 'S' : 'I',
1979
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)),
1980
((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0
1984
if (!(tpdu[1] & 0x80))
1985
{ /* This is an I-block. */
1986
/* Last block sent was successful. */
1989
if (!!(tpdu[1] & 0x40) != handle->t1_nr)
1990
{ /* Reponse does not match our sequence number. */
1991
DEBUGOUT ("I-block with wrong seqno received\n");
1992
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1997
p = tpdu + 3; /* Skip the prologue field. */
1998
n = tpdulen - 3 - 1; /* Strip the epilogue field. */
1999
/* fixme: verify the checksum. */
2004
DEBUGOUT_2 ("provided buffer too short for received data "
2006
(unsigned int)n, (unsigned int)maxresplen);
2007
return CCID_DRIVER_ERR_INV_VALUE;
2010
memcpy (resp, p, n);
2016
if (!(tpdu[1] & 0x20))
2017
return 0; /* No chaining requested - ready. */
2019
DEBUGOUT ("chaining requested but not supported for Secure operation\n");
2020
return CCID_DRIVER_ERR_CARD_IO_ERROR;
2022
else if ((tpdu[1] & 0xc0) == 0x80)
2023
{ /* This is a R-block. */
2024
if ( (tpdu[1] & 0x0f))
2025
{ /* Error: repeat last block */
2026
DEBUGOUT ("No retries supported for Secure operation\n");
2027
return CCID_DRIVER_ERR_CARD_IO_ERROR;
2029
else if (!!(tpdu[1] & 0x40) == handle->t1_ns)
2030
{ /* Reponse does not match our sequence number. */
2031
DEBUGOUT ("R-block with wrong seqno received on more bit\n");
2032
return CCID_DRIVER_ERR_CARD_IO_ERROR;
2035
{ /* Send next chunk. */
2036
DEBUGOUT ("chaining not supported on Secure operation\n");
2037
return CCID_DRIVER_ERR_CARD_IO_ERROR;
2041
{ /* This is a S-block. */
2042
DEBUGOUT_2 ("T1 S-block %s received cmd=%d for Secure operation\n",
2043
(tpdu[1] & 0x20)? "response": "request",
2045
return CCID_DRIVER_ERR_CARD_IO_ERROR;
2058
print_error (int err)
2065
case 0: p = "success";
2066
case CCID_DRIVER_ERR_OUT_OF_CORE: p = "out of core"; break;
2067
case CCID_DRIVER_ERR_INV_VALUE: p = "invalid value"; break;
2068
case CCID_DRIVER_ERR_NO_DRIVER: p = "no driver"; break;
2069
case CCID_DRIVER_ERR_NOT_SUPPORTED: p = "not supported"; break;
2070
case CCID_DRIVER_ERR_LOCKING_FAILED: p = "locking failed"; break;
2071
case CCID_DRIVER_ERR_BUSY: p = "busy"; break;
2072
case CCID_DRIVER_ERR_NO_CARD: p = "no card"; break;
2073
case CCID_DRIVER_ERR_CARD_INACTIVE: p = "card inactive"; break;
2074
case CCID_DRIVER_ERR_CARD_IO_ERROR: p = "card I/O error"; break;
2075
case CCID_DRIVER_ERR_GENERAL_ERROR: p = "general error"; break;
2076
case CCID_DRIVER_ERR_NO_READER: p = "no reader"; break;
2077
case CCID_DRIVER_ERR_ABORTED: p = "aborted"; break;
2078
default: sprintf (buf, "0x%05x", err); p = buf; break;
2080
fprintf (stderr, "operation failed: %s\n", p);
2084
print_data (const unsigned char *data, size_t length)
2088
fprintf (stderr, "operation status: %02X%02X\n",
2089
data[length-2], data[length-1]);
2094
fputs (" returned data:", stderr);
2095
for (; length; length--, data++)
2096
fprintf (stderr, " %02X", *data);
2097
putc ('\n', stderr);
2102
print_result (int rc, const unsigned char *data, size_t length)
2107
print_data (data, length);
2111
main (int argc, char **argv)
2115
unsigned int slotstat;
2116
unsigned char result[512];
2119
int verify_123456 = 0;
2131
if ( !strcmp (*argv, "--list"))
2134
p = ccid_get_reader_list ();
2141
else if ( !strcmp (*argv, "--debug"))
2143
ccid_set_debug_level (1);
2146
else if ( !strcmp (*argv, "--no-poll"))
2151
else if ( !strcmp (*argv, "--no-pinpad"))
2156
else if ( !strcmp (*argv, "--verify-123456"))
2165
rc = ccid_open_reader (&ccid, argc? *argv:NULL);
2171
fputs ("getting ATR ...\n", stderr);
2172
rc = ccid_get_atr (ccid, NULL, 0, NULL);
2181
fputs ("getting slot status ...\n", stderr);
2182
rc = ccid_slot_status (ccid, &slotstat);
2192
fputs ("selecting application OpenPGP ....\n", stderr);
2194
static unsigned char apdu[] = {
2195
0, 0xA4, 4, 0, 6, 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01};
2196
rc = ccid_transceive (ccid,
2198
result, sizeof result, &resultlen);
2199
print_result (rc, result, resultlen);
2206
fputs ("getting OpenPGP DO 0x65 ....\n", stderr);
2208
static unsigned char apdu[] = { 0, 0xCA, 0, 0x65, 254 };
2209
rc = ccid_transceive (ccid, apdu, sizeof apdu,
2210
result, sizeof result, &resultlen);
2211
print_result (rc, result, resultlen);
2220
static unsigned char apdu[] = { 0, 0x20, 0, 0x81 };
2223
if (ccid_transceive_secure (ccid,
2227
fputs ("can't verify using a PIN-Pad reader\n", stderr);
2230
fputs ("verifying CHV1 using the PINPad ....\n", stderr);
2232
rc = ccid_transceive_secure (ccid,
2235
result, sizeof result, &resultlen);
2236
print_result (rc, result, resultlen);
2241
if (verify_123456 && !did_verify)
2243
fputs ("verifying that CHV1 is 123456....\n", stderr);
2245
static unsigned char apdu[] = {0, 0x20, 0, 0x81,
2246
6, '1','2','3','4','5','6'};
2247
rc = ccid_transceive (ccid, apdu, sizeof apdu,
2248
result, sizeof result, &resultlen);
2249
print_result (rc, result, resultlen);
2255
fputs ("getting OpenPGP DO 0x5E ....\n", stderr);
2257
static unsigned char apdu[] = { 0, 0xCA, 0, 0x5E, 254 };
2258
rc = ccid_transceive (ccid, apdu, sizeof apdu,
2259
result, sizeof result, &resultlen);
2260
print_result (rc, result, resultlen);
2264
ccid_close_reader (ccid);
2271
* compile-command: "gcc -DTEST -Wall -I/usr/local/include -lusb -g ccid-driver.c"
2275
#endif /*HAVE_LIBUSB*/