1
1
/* ccid-driver.c - USB ChipCardInterfaceDevices driver
2
* Copyright (C) 2003, 2004 Free Software Foundation, Inc.
2
* Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
3
3
* Written by Werner Koch.
5
5
* This file is part of GnuPG.
17
17
* You should have received a copy of the GNU General Public License
18
18
* along with this program; if not, write to the Free Software
19
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
19
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21
22
* ALTERNATIVELY, this file may be distributed under the terms of the
22
23
* following license, in which case the provisions of this license are
52
53
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
53
54
* OF THE POSSIBILITY OF SUCH DAMAGE.
55
* $Id: ccid-driver.c,v 1.20 2004/12/28 07:30:57 wk Exp $
56
* $Date: 2005/06/16 08:11:59 $
120
118
log_debug (DRVNAME t,(a),(b)); } while (0)
121
119
# define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \
122
120
log_debug (DRVNAME t,(a),(b),(c));} while (0)
121
# define DEBUGOUT_4(t,a,b,c,d) do { if (debug_level) \
122
log_debug (DRVNAME t,(a),(b),(c),(d));} while (0)
123
123
# define DEBUGOUT_CONT(t) do { if (debug_level) \
124
124
log_printf (t); } while (0)
125
125
# define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \
141
141
fprintf (stderr, DRVNAME t, (a), (b)); } while (0)
142
142
# define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \
143
143
fprintf (stderr, DRVNAME t, (a), (b), (c)); } while (0)
144
# define DEBUGOUT_4(t,a,b,c,d) do { if (debug_level) \
145
fprintf (stderr, DRVNAME t, (a), (b), (c), (d));} while(0)
144
146
# define DEBUGOUT_CONT(t) do { if (debug_level) \
145
147
fprintf (stderr, t); } while (0)
146
148
# define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \
188
/* Two macro to detect whether a CCID command has failed and to get
189
the error code. These macros assume that we can access the
190
mandatory first 10 bytes of a CCID message in BUF. */
191
#define CCID_COMMAND_FAILED(buf) ((buf)[7] & 0x40)
192
#define CCID_ERROR_CODE(buf) (((unsigned char *)(buf))[8])
186
195
/* We need to know the vendor to do some hacks. */
198
VENDOR_CHERRY = 0x046a,
199
VENDOR_GEMPC = 0x08e6
218
229
static int initialized_usb; /* Tracks whether USB has been initialized. */
219
static int debug_level; /* Flag to control the debug output. */
230
static int debug_level; /* Flag to control the debug output.
233
2 = T=1 protocol tracing
222
237
static unsigned int compute_edc (const unsigned char *data, size_t datalen,
224
239
static int bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen);
225
240
static int bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
226
size_t *nread, int expected_type, int seqno);
241
size_t *nread, int expected_type, int seqno, int timeout,
228
244
/* Convert a little endian stored 4 byte value into an unsigned
262
/* Pint an error message for a failed CCID command including a textual
263
error code. MSG is shall be the CCID message of at least 10 bytes. */
265
print_command_failed (const unsigned char *msg)
274
ec = CCID_ERROR_CODE (msg);
277
case 0x00: t = "Command not supported"; break;
279
case 0xE0: t = "Slot busy"; break;
280
case 0xEF: t = "PIN cancelled"; break;
281
case 0xF0: t = "PIN timeout"; break;
283
case 0xF2: t = "Automatic sequence ongoing"; break;
284
case 0xF3: t = "Deactivated Protocol"; break;
285
case 0xF4: t = "Procedure byte conflict"; break;
286
case 0xF5: t = "ICC class not supported"; break;
287
case 0xF6: t = "ICC protocol not supported"; break;
288
case 0xF7: t = "Bad checksum in ATR"; break;
289
case 0xF8: t = "Bad TS in ATR"; break;
291
case 0xFB: t = "An all inclusive hardware error occurred"; break;
292
case 0xFC: t = "Overrun error while talking to the ICC"; break;
293
case 0xFD: t = "Parity error while talking to the ICC"; break;
294
case 0xFE: t = "CCID timed out while talking to the ICC"; break;
295
case 0xFF: t = "Host aborted the current activity"; break;
298
if (ec > 0 && ec < 128)
299
sprintf (buffer, "Parameter error at offset %d", ec);
301
sprintf (buffer, "Error code %02X", ec);
305
DEBUGOUT_1 ("CCID command failed: %s\n", t);
248
311
/* Parse a CCID descriptor, optionally print all available features
403
466
if (buf[49] == 0xff)
404
467
DEBUGOUT_CONT ("echo\n");
406
DEBUGOUT_1 (" %02X\n", buf[48]);
469
DEBUGOUT_CONT_1 (" %02X\n", buf[48]);
408
471
DEBUGOUT ( " wlcdLayout ");
409
472
if (!buf[50] && !buf[51])
446
509
send a frame of n*wMaxPacketSize back to us. Given that
447
510
wMaxPacketSize is 64 for these readers we set the IFSD to a value
449
64 - 10 CCID header - 4 T1frame - 2 reserved = 48 */
512
64 - 10 CCID header - 4 T1frame - 2 reserved = 48
450
519
if (handle->id_vendor == VENDOR_SCM
451
/* FIXME: check whether it is the same
452
firmware version for all drivers. */
453
&& handle->bcd_device < 0x0513
454
&& handle->max_ifsd > 48)
520
&& handle->max_ifsd > 48
521
&& ( (handle->id_product == 0xe001 && handle->bcd_device < 0x0516)
522
||(handle->id_product == 0x5111 && handle->bcd_device < 0x0620)
523
||(handle->id_product == 0x5115 && handle->bcd_device < 0x0514)
524
||(handle->id_product == 0xe003 && handle->bcd_device < 0x0504)
456
527
DEBUGOUT ("enabling workaround for buggy SCM readers\n");
457
528
handle->max_ifsd = 48;
485
556
all in a 2 bute Unicode encoding using little endian. */
486
557
rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
487
558
(USB_DT_STRING << 8), 0,
488
buf, sizeof buf, 1000 /* ms timeout */);
559
(char*)buf, sizeof buf, 1000 /* ms timeout */);
490
561
langid = 0x0409; /* English. */
494
565
rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR,
495
566
(USB_DT_STRING << 8) + idx, langid,
496
buf, sizeof buf, 1000 /* ms timeout */);
567
(char*)buf, sizeof buf, 1000 /* ms timeout */);
497
568
if (rc < 2 || buf[1] != USB_DT_STRING)
498
569
return NULL; /* Error or not a string. */
699
770
&& ifcdesc->bInterfaceProtocol == 0)
700
771
|| (ifcdesc->bInterfaceClass == 255
701
772
&& dev->descriptor.idVendor == 0x04e6
702
&& dev->descriptor.idProduct == 0xe003
703
&& ifcdesc->bInterfaceSubClass == 1
704
&& ifcdesc->bInterfaceProtocol == 1)))
773
&& dev->descriptor.idProduct == 0xe003)))
706
775
idev = usb_open (dev);
822
891
/* Set the level of debugging to to usea dn return the old level. -1
823
892
just returns the old level. A level of 0 disables debugging, 1
824
enables debugging, other values are not yet defined. */
893
enables debugging, 2 enables additional tracing of the T=1
894
protocol, other values are not yet defined. */
826
896
ccid_set_debug_level (int level)
975
1045
rc = bulk_out (handle, msg, msglen);
977
bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus,seqno);
1047
bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus,
978
1049
handle->powered_off = 1;
980
1051
if (handle->idev)
1102
1173
BUFFER and return the actual read number if bytes in NREAD. SEQNO
1103
1174
is the sequence number used to send the request and EXPECTED_TYPE
1104
1175
the type of message we expect. Does checks on the ccid
1105
header. Returns 0 on success. */
1176
header. TIMEOUT is the timeout value in ms. NO_DEBUG may be set to
1177
avoid debug messages in case of no error. Returns 0 on success. */
1107
1179
bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length,
1108
size_t *nread, int expected_type, int seqno)
1180
size_t *nread, int expected_type, int seqno, int timeout,
1117
1190
rc = usb_bulk_read (handle->idev,
1118
1191
handle->ep_bulk_in,
1120
10000 /* ms timeout */ );
1121
/* Fixme: instead of using a 10 second timeout we should better
1122
handle the timeout here and retry if appropriate. */
1192
(char*)buffer, length,
1125
1196
DEBUGOUT_1 ("usb_bulk_read error: %s\n", strerror (errno));
1157
1228
buffer[7], buffer[8]);
1161
DEBUGOUT_3 ("status: %02X error: %02X octet[9]: %02X\n"
1162
" data:", buffer[7], buffer[8], buffer[9] );
1163
for (i=10; i < msglen; i++)
1164
DEBUGOUT_CONT_1 (" %02X", buffer[i]);
1234
DEBUGOUT_3 ("status: %02X error: %02X octet[9]: %02X\n"
1235
" data:", buffer[7], buffer[8], buffer[9] );
1236
for (i=10; i < msglen; i++)
1237
DEBUGOUT_CONT_1 (" %02X", buffer[i]);
1240
if (CCID_COMMAND_FAILED (buffer))
1241
print_command_failed (buffer);
1243
/* Check whether a card is at all available. */
1167
1244
switch ((buffer[7] & 0x03))
1169
1246
case 0: /* no error */ break;
1206
1283
rc = bulk_out (handle, msg, msglen);
1209
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Escape, seqno);
1286
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Escape,
1288
1368
rc = bulk_out (handle, msg, 10);
1291
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus, seqno);
1371
/* Note that we set the NO_DEBUG flag here, so that the logs won't
1372
get cluttered up by a ticker function checking for the slot
1373
status and debugging enabled. */
1374
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus,
1375
seqno, retries? 1000 : 200, 1);
1376
if (rc == CCID_DRIVER_ERR_CARD_IO_ERROR && retries < 3)
1380
DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n");
1381
usb_clear_halt (handle->idev, handle->ep_bulk_in);
1382
usb_clear_halt (handle->idev, handle->ep_bulk_out);
1385
DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n");
1292
1389
if (rc && rc != CCID_DRIVER_ERR_NO_CARD
1293
1390
&& rc != CCID_DRIVER_ERR_CARD_INACTIVE)
1310
1408
int use_crc = 0;
1311
1409
unsigned int edc;
1413
/* First check whether a card is available. */
1414
rc = ccid_slot_status (handle, &statusbits);
1417
if (statusbits == 2)
1418
return CCID_DRIVER_ERR_NO_CARD;
1420
/* For an inactive and also for an active card, issue the PowerOn
1421
command to get the ATR. */
1314
1423
msg[0] = PC_to_RDR_IccPowerOn;
1315
1424
msg[5] = 0; /* slot */
1316
1425
msg[6] = seqno = handle->seqno++;
1323
1432
rc = bulk_out (handle, msg, msglen);
1326
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, seqno);
1435
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock,
1439
if (!tried_iso && CCID_COMMAND_FAILED (msg) && CCID_ERROR_CODE (msg) == 0xbb
1440
&& ((handle->id_vendor == VENDOR_CHERRY
1441
&& handle->id_product == 0x0005)
1442
|| (handle->id_vendor == VENDOR_GEMPC
1443
&& handle->id_product == 0x4433)
1447
/* Try switching to ISO mode. */
1448
if (!send_escape_cmd (handle, (const unsigned char*)"\xF1\x01", 2))
1451
else if (CCID_COMMAND_FAILED (msg))
1452
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1330
1455
handle->powered_off = 0;
1369
1494
/* Note that we ignore the error code on purpose. */
1370
bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, seqno);
1495
bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters,
1372
1498
handle->t1_ns = 0;
1373
1499
handle->t1_nr = 0;
1401
1527
DEBUGOUT_CONT_1 (" %02X", msg[i]);
1402
1528
DEBUGOUT_LF ();
1405
fprintf (stderr, "T1: put %c-block seq=%d\n",
1406
((msg[11] & 0xc0) == 0x80)? 'R' :
1407
(msg[11] & 0x80)? 'S' : 'I',
1408
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)));
1530
if (debug_level > 1)
1531
DEBUGOUT_3 ("T=1: put %c-block seq=%d%s\n",
1532
((msg[11] & 0xc0) == 0x80)? 'R' :
1533
(msg[11] & 0x80)? 'S' : 'I',
1534
((msg[11] & 0x80)? !!(msg[11]& 0x10)
1535
: !!(msg[11] & 0x40)),
1536
(!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":""));
1411
1538
rc = bulk_out (handle, msg, msglen);
1416
1543
rc = bulk_in (handle, msg, sizeof msg, &msglen,
1417
RDR_to_PC_DataBlock, seqno);
1544
RDR_to_PC_DataBlock, seqno, 5000, 0);
1424
1551
if (tpdulen < 4)
1425
1552
return CCID_DRIVER_ERR_ABORTED;
1428
fprintf (stderr, "T1: got %c-block seq=%d err=%d\n",
1429
((msg[11] & 0xc0) == 0x80)? 'R' :
1430
(msg[11] & 0x80)? 'S' : 'I',
1431
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)),
1432
((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0
1554
if (debug_level > 1)
1555
DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n",
1556
((msg[11] & 0xc0) == 0x80)? 'R' :
1557
(msg[11] & 0x80)? 'S' : 'I',
1558
((msg[11] & 0x80)? !!(msg[11]& 0x10)
1559
: !!(msg[11] & 0x40)),
1560
((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0,
1561
(!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":""));
1435
1563
if ((tpdu[1] & 0xe0) != 0xe0 || tpdu[2] != 1)
1437
1565
DEBUGOUT ("invalid response for S-block (Change-IFSD)\n");
1511
1639
msg = recv_buffer;
1512
1640
rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
1513
RDR_to_PC_DataBlock, seqno);
1641
RDR_to_PC_DataBlock, seqno, 5000, 0);
1670
1798
DEBUGOUT_CONT_1 (" %02X", msg[i]);
1671
1799
DEBUGOUT_LF ();
1674
fprintf (stderr, "T1: put %c-block seq=%d\n",
1675
((msg[11] & 0xc0) == 0x80)? 'R' :
1676
(msg[11] & 0x80)? 'S' : 'I',
1677
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)));
1801
if (debug_level > 1)
1802
DEBUGOUT_3 ("T=1: put %c-block seq=%d%s\n",
1803
((msg[11] & 0xc0) == 0x80)? 'R' :
1804
(msg[11] & 0x80)? 'S' : 'I',
1805
((msg[11] & 0x80)? !!(msg[11]& 0x10)
1806
: !!(msg[11] & 0x40)),
1807
(!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":""));
1680
1809
rc = bulk_out (handle, msg, msglen);
1684
1813
msg = recv_buffer;
1685
1814
rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
1686
RDR_to_PC_DataBlock, seqno);
1815
RDR_to_PC_DataBlock, seqno, 5000, 0);
1693
1822
if (tpdulen < 4)
1695
usb_clear_halt (handle->idev, 0x82);
1824
usb_clear_halt (handle->idev, handle->ep_bulk_in);
1696
1825
return CCID_DRIVER_ERR_ABORTED;
1699
fprintf (stderr, "T1: got %c-block seq=%d err=%d\n",
1700
((msg[11] & 0xc0) == 0x80)? 'R' :
1701
(msg[11] & 0x80)? 'S' : 'I',
1702
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)),
1703
((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0
1828
if (debug_level > 1)
1829
DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n",
1830
((msg[11] & 0xc0) == 0x80)? 'R' :
1831
(msg[11] & 0x80)? 'S' : 'I',
1832
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)),
1833
((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0,
1834
(!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":""));
1707
1836
if (!(tpdu[1] & 0x80))
1708
1837
{ /* This is an I-block. */
1778
1907
msg = send_buffer;
1779
1908
tpdulen = last_tpdulen;
1781
else if (sending && !!(tpdu[1] & 0x40) == handle->t1_ns)
1782
{ /* Reponse does not match our sequence number. */
1910
else if (sending && !!(tpdu[1] & 0x10) == handle->t1_ns)
1911
{ /* Response does not match our sequence number. */
1783
1912
DEBUGOUT ("R-block with wrong seqno received on more bit\n");
1784
1913
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1800
1929
{ /* This is a S-block. */
1802
DEBUGOUT_2 ("T1 S-block %s received cmd=%d\n",
1931
DEBUGOUT_2 ("T=1 S-block %s received cmd=%d\n",
1803
1932
(tpdu[1] & 0x20)? "response": "request",
1804
1933
(tpdu[1] & 0x1f));
1805
1934
if ( !(tpdu[1] & 0x20) && (tpdu[1] & 0x1f) == 3 && tpdu[2])
1818
1947
tpdu[tpdulen++] = (edc >> 8);
1819
1948
tpdu[tpdulen++] = edc;
1820
DEBUGOUT_1 ("T1 waittime extension of bwi=%d\n", bwi);
1949
DEBUGOUT_1 ("T=1 waittime extension of bwi=%d\n", bwi);
1823
1952
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1898
2027
if (handle->id_vendor == VENDOR_SCM)
1900
2029
DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n");
1901
rc = send_escape_cmd (handle, "\x80\x02\x00", 3);
2030
rc = send_escape_cmd (handle, (const unsigned char*)"\x80\x02\x00", 3);
1961
2090
msg = recv_buffer;
1962
2091
rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
1963
RDR_to_PC_DataBlock, seqno);
2092
RDR_to_PC_DataBlock, seqno, 5000, 0);
1972
2101
usb_clear_halt (handle->idev, handle->ep_bulk_in);
1973
2102
return CCID_DRIVER_ERR_ABORTED;
1976
fprintf (stderr, "T1: got %c-block seq=%d err=%d\n",
1977
((msg[11] & 0xc0) == 0x80)? 'R' :
1978
(msg[11] & 0x80)? 'S' : 'I',
1979
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)),
1980
((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0
2104
if (debug_level > 1)
2105
DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n",
2106
((msg[11] & 0xc0) == 0x80)? 'R' :
2107
(msg[11] & 0x80)? 'S' : 'I',
2108
((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)),
2109
((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0,
2110
(!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":""));
1984
2112
if (!(tpdu[1] & 0x80))
1985
2113
{ /* This is an I-block. */
2026
2154
DEBUGOUT ("No retries supported for Secure operation\n");
2027
2155
return CCID_DRIVER_ERR_CARD_IO_ERROR;
2029
else if (!!(tpdu[1] & 0x40) == handle->t1_ns)
2157
else if (!!(tpdu[1] & 0x10) == handle->t1_ns)
2030
2158
{ /* Reponse does not match our sequence number. */
2031
2159
DEBUGOUT ("R-block with wrong seqno received on more bit\n");
2032
2160
return CCID_DRIVER_ERR_CARD_IO_ERROR;
2041
2169
{ /* This is a S-block. */
2042
DEBUGOUT_2 ("T1 S-block %s received cmd=%d for Secure operation\n",
2170
DEBUGOUT_2 ("T=1 S-block %s received cmd=%d for Secure operation\n",
2043
2171
(tpdu[1] & 0x20)? "response": "request",
2044
2172
(tpdu[1] & 0x1f));
2045
2173
return CCID_DRIVER_ERR_CARD_IO_ERROR;