1
1
/* ccid-driver.c - USB ChipCardInterfaceDevices driver
2
* Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
3
* Written by Werner Koch.
2
* Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation, Inc.
3
* Written by Werner Koch.
5
5
* This file is part of GnuPG.
7
7
* GnuPG is free software; you can redistribute it and/or modify
8
8
* it under the terms of the GNU General Public License as published by
9
* the Free Software Foundation; either version 2 of the License, or
9
* the Free Software Foundation; either version 3 of the License, or
10
10
* (at your option) any later version.
12
12
* GnuPG is distributed in the hope that it will be useful,
706
/* Helper for scan_or_find_devices. This function returns true if a
707
requested device has been found or the caller should stop scanning
708
for other reasons. */
710
scan_or_find_usb_device (int scan_mode,
711
int *readerno, int *count, char **rid_list,
712
const char *readerid,
713
struct usb_device *dev,
715
struct usb_device **r_dev,
716
usb_dev_handle **r_idev,
717
unsigned char **ifcdesc_extra,
718
size_t *ifcdesc_extra_len,
719
int *interface_number,
720
int *ep_bulk_out, int *ep_bulk_in, int *ep_intr)
725
struct usb_config_descriptor *config;
726
struct usb_interface *interface;
727
struct usb_interface_descriptor *ifcdesc;
729
usb_dev_handle *idev;
733
for (cfg_no=0; cfg_no < dev->descriptor.bNumConfigurations; cfg_no++)
735
config = dev->config + cfg_no;
739
for (ifc_no=0; ifc_no < config->bNumInterfaces; ifc_no++)
741
interface = config->interface + ifc_no;
745
for (set_no=0; set_no < interface->num_altsetting; set_no++)
747
ifcdesc = (interface->altsetting + set_no);
748
/* The second condition is for older SCM SPR 532 who did
749
not know about the assigned CCID class. Instead of
750
trying to interpret the strings we simply check the
752
if (ifcdesc && ifcdesc->extra
753
&& ((ifcdesc->bInterfaceClass == 11
754
&& ifcdesc->bInterfaceSubClass == 0
755
&& ifcdesc->bInterfaceProtocol == 0)
756
|| (ifcdesc->bInterfaceClass == 255
757
&& dev->descriptor.idVendor == VENDOR_SCM
758
&& dev->descriptor.idProduct == 0xe003)))
760
idev = usb_open (dev);
763
DEBUGOUT_1 ("usb_open failed: %s\n",
765
continue; /* with next setting. */
768
rid = make_reader_id (idev,
769
dev->descriptor.idVendor,
770
dev->descriptor.idProduct,
771
dev->descriptor.iSerialNumber);
778
/* We are collecting infos about all
779
available CCID readers. Store them and
781
DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n",
783
p = malloc ((*rid_list? strlen (*rid_list):0) + 1
790
strcat (p, *rid_list);
797
else /* Out of memory. */
806
&& !strcmp (readerid, rid)))
808
/* We found the requested reader. */
809
if (ifcdesc_extra && ifcdesc_extra_len)
811
*ifcdesc_extra = malloc (ifcdesc
817
return 1; /* Out of core. */
819
memcpy (*ifcdesc_extra, ifcdesc->extra,
821
*ifcdesc_extra_len = ifcdesc->extralen;
824
if (interface_number)
825
*interface_number = (ifcdesc->bInterfaceNumber);
828
*ep_bulk_out = find_endpoint (ifcdesc, 0);
830
*ep_bulk_in = find_endpoint (ifcdesc, 1);
832
*ep_intr = find_endpoint (ifcdesc, 2);
845
return 1; /* Found requested device. */
849
/* This is not yet the reader we want.
850
fixme: We should avoid the extra usb_open
662
869
/* Combination function to either scan all CCID devices or to find and
663
870
open one specific device.
872
The function returns 0 if a reader has been found or when a scan
873
returned without error.
665
875
With READERNO = -1 and READERID is NULL, scan mode is used and
666
876
R_RID should be the address where to store the list of reader_ids
667
877
we found. If on return this list is empty, no CCID device has been
671
881
With READERNO >= 0 or READERID is not NULL find mode is used. This
672
882
uses the same algorithm as the scan mode but stops and returns at
673
883
the entry number READERNO and return the handle for the the opened
674
USB device. If R_ID is not NULL it will receive the reader ID of
884
USB device. If R_RID is not NULL it will receive the reader ID of
675
885
that device. If R_DEV is not NULL it will the device pointer of
676
886
that device. If IFCDESC_EXTRA is NOT NULL it will receive a
677
887
malloced copy of the interfaces "extra: data filed;
678
IFCDESC_EXTRA_LEN receive the lengtyh of this field. If there is
888
IFCDESC_EXTRA_LEN receive the length of this field. If there is
679
889
no reader with number READERNO or that reader is not usable by our
680
890
implementation NULL will be returned. The caller must close a
681
891
returned USB device handle and free (if not passed as NULL) the
684
894
IFCDESC_EXTRA_LEN. With READERID being -1 the function stops if
685
895
the READERID was found.
897
If R_FD is not -1 on return the device is not using USB for
898
transport but the device associated with that file descriptor. In
899
this case INTERFACE will receive the transport type and the other
900
USB specific return values are not used; the return value is
687
903
Note that the first entry of the returned reader ID list in scan mode
688
904
corresponds with a READERNO of 0 in find mode.
690
static usb_dev_handle *
691
907
scan_or_find_devices (int readerno, const char *readerid,
693
909
struct usb_device **r_dev,
694
910
unsigned char **ifcdesc_extra,
695
911
size_t *ifcdesc_extra_len,
696
912
int *interface_number,
697
int *ep_bulk_out, int *ep_bulk_in, int *ep_intr)
913
int *ep_bulk_out, int *ep_bulk_in, int *ep_intr,
914
usb_dev_handle **r_idev,
699
917
char *rid_list = NULL;
735
958
for (dev = bus->devices; dev; dev = dev->next)
739
for (cfg_no=0; cfg_no < dev->descriptor.bNumConfigurations; cfg_no++)
960
if (scan_or_find_usb_device (scan_mode, &readerno, &count, &rid_list,
969
ep_bulk_out, ep_bulk_in, ep_intr))
741
struct usb_config_descriptor *config = dev->config + cfg_no;
747
for (ifc_no=0; ifc_no < config->bNumInterfaces; ifc_no++)
971
/* Found requested device or out of core. */
749
struct usb_interface *interface
750
= config->interface + ifc_no;
756
for (set_no=0; set_no < interface->num_altsetting; set_no++)
758
struct usb_interface_descriptor *ifcdesc
759
= interface->altsetting + set_no;
762
/* The second condition is for some SCM Micro
763
SPR 532 which does not know about the
764
assigned CCID class. Instead of trying to
765
interpret the strings we simply look at the
767
if (ifcdesc && ifcdesc->extra
768
&& ( (ifcdesc->bInterfaceClass == 11
769
&& ifcdesc->bInterfaceSubClass == 0
770
&& ifcdesc->bInterfaceProtocol == 0)
771
|| (ifcdesc->bInterfaceClass == 255
772
&& dev->descriptor.idVendor == 0x04e6
773
&& dev->descriptor.idProduct == 0xe003)))
775
idev = usb_open (dev);
778
DEBUGOUT_1 ("usb_open failed: %s\n",
783
rid = make_reader_id (idev,
784
dev->descriptor.idVendor,
785
dev->descriptor.idProduct,
786
dev->descriptor.iSerialNumber);
793
/* We are collecting infos about all
794
available CCID readers. Store
795
them and continue. */
796
DEBUGOUT_2 ("found CCID reader %d "
799
if ((p = malloc ((rid_list?
807
strcat (p, rid_list);
814
else /* Out of memory. */
822
&& !strcmp (readerid, rid)))
824
/* We found the requested reader. */
825
if (ifcdesc_extra && ifcdesc_extra_len)
827
*ifcdesc_extra = malloc (ifcdesc
833
return NULL; /* Out of core. */
835
memcpy (*ifcdesc_extra, ifcdesc->extra,
837
*ifcdesc_extra_len = ifcdesc->extralen;
839
if (interface_number)
840
*interface_number = (ifcdesc->
843
*ep_bulk_out = find_endpoint (ifcdesc, 0);
845
*ep_bulk_in = find_endpoint (ifcdesc, 1);
847
*ep_intr = find_endpoint (ifcdesc, 2);
859
return idev; /* READY. */
863
/* This is not yet the reader we
864
want. fixme: We could avoid the
865
extra usb_open in this case. */
975
return -1; /* error */
983
/* Now check whether there are any devices with special transport types. */
984
for (i=0; transports[i].name; i++)
989
fd = open (transports[i].name, O_RDWR);
990
if (fd == -1 && scan_mode && errno == EBUSY)
992
/* Ignore this error in scan mode because it indicates that
993
the device exists but is already open (most likely by us)
994
and thus in general suitable as a reader. */
998
DEBUGOUT_2 ("failed to open `%s': %s\n",
999
transports[i].name, strerror (errno));
1003
rid = malloc (strlen (transports[i].name) + 30 + 10);
1009
return -1; /* Error. */
1011
sprintf (rid, "0000:%04X:%s:0", transports[i].type, transports[i].name);
1014
DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n", count, rid);
1015
p = malloc ((rid_list? strlen (rid_list):0) + 1 + strlen (rid) + 1);
1022
return -1; /* Error. */
1027
strcat (p, rid_list);
1035
else if (!readerno ||
1036
(readerno < 0 && readerid && !strcmp (readerid, rid)))
1038
/* Found requested device. */
1039
if (interface_number)
1040
*interface_number = transports[i].type;
1047
return 0; /* Okay, found device */
1049
else /* This is not yet the reader we want. */
891
/* Set the level of debugging to to usea dn return the old level. -1
1069
/* Set the level of debugging to LEVEL and return the old level. -1
892
1070
just returns the old level. A level of 0 disables debugging, 1
893
1071
enables debugging, 2 enables additional tracing of the T=1
894
1072
protocol, other values are not yet defined. */
960
1140
readerno = 0; /* Default. */
962
idev = scan_or_find_devices (readerno, readerid, &rid, &dev,
963
&ifcdesc_extra, &ifcdesc_extra_len,
964
&ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr);
1142
if (scan_or_find_devices (readerno, readerid, &rid, &dev,
1143
&ifcdesc_extra, &ifcdesc_extra_len,
1144
&ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr,
967
1147
if (readerno == -1)
968
1148
DEBUGOUT_1 ("no CCID reader with ID %s\n", readerid );
980
1160
rc = CCID_DRIVER_ERR_OUT_OF_CORE;
983
(*handle)->idev = idev;
984
1163
(*handle)->rid = rid;
985
(*handle)->id_vendor = dev->descriptor.idVendor;
986
(*handle)->id_product = dev->descriptor.idProduct;
987
(*handle)->bcd_device = dev->descriptor.bcdDevice;
988
(*handle)->ifc_no = ifc_no;
989
(*handle)->ep_bulk_out = ep_bulk_out;
990
(*handle)->ep_bulk_in = ep_bulk_in;
991
(*handle)->ep_intr = ep_intr;
1164
if (idev) /* Regular USB transport. */
1166
(*handle)->idev = idev;
1167
(*handle)->dev_fd = -1;
1168
(*handle)->id_vendor = dev->descriptor.idVendor;
1169
(*handle)->id_product = dev->descriptor.idProduct;
1170
(*handle)->bcd_device = dev->descriptor.bcdDevice;
1171
(*handle)->ifc_no = ifc_no;
1172
(*handle)->ep_bulk_out = ep_bulk_out;
1173
(*handle)->ep_bulk_in = ep_bulk_in;
1174
(*handle)->ep_intr = ep_intr;
1176
else if (dev_fd != -1) /* Device transport. */
1178
(*handle)->idev = NULL;
1179
(*handle)->dev_fd = dev_fd;
1180
(*handle)->id_vendor = 0; /* Magic vendor for special transport. */
1181
(*handle)->id_product = ifc_no; /* Transport type */
1182
prepare_special_transport (*handle);
1186
assert (!"no transport"); /* Bug. */
993
1189
DEBUGOUT_2 ("using CCID reader %d (ID=%s)\n", readerno, rid );
1193
if (parse_ccid_descriptor (*handle, ifcdesc_extra, ifcdesc_extra_len))
1195
DEBUGOUT ("device not supported\n");
1196
rc = CCID_DRIVER_ERR_NO_READER;
1200
rc = usb_claim_interface (idev, ifc_no);
1203
DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
1204
rc = CCID_DRIVER_ERR_CARD_IO_ERROR;
996
if (parse_ccid_descriptor (*handle, ifcdesc_extra, ifcdesc_extra_len))
998
DEBUGOUT ("device not supported\n");
999
rc = CCID_DRIVER_ERR_NO_READER;
1003
rc = usb_claim_interface (idev, ifc_no);
1006
DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
1007
rc = CCID_DRIVER_ERR_CARD_IO_ERROR;
1012
1210
free (ifcdesc_extra);
1081
1286
do_close_reader (handle);
1083
idev = scan_or_find_devices (-1, handle->rid, NULL, &dev,
1084
&ifcdesc_extra, &ifcdesc_extra_len,
1085
&ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr);
1288
if (scan_or_find_devices (-1, handle->rid, NULL, &dev,
1289
&ifcdesc_extra, &ifcdesc_extra_len,
1290
&ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr,
1291
&idev, NULL) || !idev)
1088
1293
DEBUGOUT_1 ("no CCID reader with ID %s\n", handle->rid);
1089
1294
return CCID_DRIVER_ERR_NO_READER;
1093
handle->idev = idev;
1094
handle->ifc_no = ifc_no;
1095
handle->ep_bulk_out = ep_bulk_out;
1096
handle->ep_bulk_in = ep_bulk_in;
1097
handle->ep_intr = ep_intr;
1099
if (parse_ccid_descriptor (handle, ifcdesc_extra, ifcdesc_extra_len))
1101
DEBUGOUT ("device not supported\n");
1102
rc = CCID_DRIVER_ERR_NO_READER;
1106
rc = usb_claim_interface (idev, ifc_no);
1109
DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
1110
rc = CCID_DRIVER_ERR_CARD_IO_ERROR;
1299
handle->idev = idev;
1300
handle->ifc_no = ifc_no;
1301
handle->ep_bulk_out = ep_bulk_out;
1302
handle->ep_bulk_in = ep_bulk_in;
1303
handle->ep_intr = ep_intr;
1305
if (parse_ccid_descriptor (handle, ifcdesc_extra, ifcdesc_extra_len))
1307
DEBUGOUT ("device not supported\n");
1308
rc = CCID_DRIVER_ERR_NO_READER;
1312
rc = usb_claim_interface (idev, ifc_no);
1315
DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc);
1316
rc = CCID_DRIVER_ERR_CARD_IO_ERROR;
1115
1322
free (ifcdesc_extra);
1118
usb_close (handle->idev);
1326
usb_close (handle->idev);
1119
1327
handle->idev = NULL;
1328
if (handle->dev_fd != -1)
1329
close (handle->dev_fd);
1330
handle->dev_fd = -1;
1157
rc = usb_bulk_write (handle->idev,
1158
handle->ep_bulk_out,
1160
1000 /* ms timeout */);
1165
DEBUGOUT_1 ("usb_bulk_write error: %s\n", strerror (errno));
1395
rc = usb_bulk_write (handle->idev,
1396
handle->ep_bulk_out,
1398
1000 /* ms timeout */);
1402
DEBUGOUT_1 ("usb_bulk_write error: %s\n", strerror (errno));
1404
DEBUGOUT_1 ("usb_bulk_write failed: %d\n", rc);
1167
DEBUGOUT_1 ("usb_bulk_write failed: %d\n", rc);
1408
rc = writen (handle->dev_fd, msg, msglen);
1411
DEBUGOUT_2 ("writen to %d failed: %s\n",
1412
handle->dev_fd, strerror (errno));
1168
1415
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1187
1434
for USB IOCTLs. */
1188
1435
memset (buffer, 0, length);
1190
rc = usb_bulk_read (handle->idev,
1192
(char*)buffer, length,
1196
DEBUGOUT_1 ("usb_bulk_read error: %s\n", strerror (errno));
1197
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1439
rc = usb_bulk_read (handle->idev,
1441
(char*)buffer, length,
1445
DEBUGOUT_1 ("usb_bulk_read error: %s\n", strerror (errno));
1446
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1448
*nread = msglen = rc;
1452
rc = read (handle->dev_fd, buffer, length);
1455
DEBUGOUT_2 ("read from %d failed: %s\n",
1456
handle->dev_fd, strerror (errno));
1457
return CCID_DRIVER_ERR_CARD_IO_ERROR;
1459
*nread = msglen = rc;
1200
*nread = msglen = rc;
1202
1463
if (msglen < 10)
1204
1465
DEBUGOUT_1 ("bulk-in msg too short (%u)\n", (unsigned int)msglen);
1205
1466
return CCID_DRIVER_ERR_INV_VALUE;
1207
if (buffer[0] != expected_type)
1209
DEBUGOUT_1 ("unexpected bulk-in msg type (%02x)\n", buffer[0]);
1210
return CCID_DRIVER_ERR_INV_VALUE;
1212
1468
if (buffer[5] != 0)
1214
1470
DEBUGOUT_1 ("unexpected bulk-in slot (%d)\n", buffer[5]);
1783
msg[0] = PC_to_RDR_GetParameters;
1784
msg[5] = 0; /* slot */
1785
msg[6] = seqno = handle->seqno++;
1786
msg[7] = 0; /* RFU */
1787
msg[8] = 0; /* RFU */
1788
msg[9] = 0; /* RFU */
1789
set_msg_len (msg, 0);
1791
rc = bulk_out (handle, msg, msglen);
1793
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters,
1796
DEBUGOUT ("GetParameters failed\n");
1799
DEBUGOUT ("GetParametes returned");
1800
for (i=0; i < msglen; i++)
1801
DEBUGOUT_CONT_1 (" %02X", msg[i]);
1805
DEBUGOUT_1 (" protocol ..........: T=%d\n", msg[9]);
1806
if (msglen == 17 && msg[9] == 1)
1808
DEBUGOUT_1 (" bmFindexDindex ....: %02X\n", msg[10]);
1809
DEBUGOUT_1 (" bmTCCKST1 .........: %02X\n", msg[11]);
1810
DEBUGOUT_1 (" bGuardTimeT1 ......: %02X\n", msg[12]);
1811
DEBUGOUT_1 (" bmWaitingIntegersT1: %02X\n", msg[13]);
1812
DEBUGOUT_1 (" bClockStop ........: %02X\n", msg[14]);
1813
DEBUGOUT_1 (" bIFSC .............: %d\n", msg[15]);
1814
DEBUGOUT_1 (" bNadValue .........: %d\n", msg[16]);
1508
1820
/* Setup parameters to select T=1. */
1509
1821
msg[0] = PC_to_RDR_SetParameters;
1510
1822
msg[5] = 0; /* slot */
1513
1825
msg[8] = 0; /* RFU */
1514
1826
msg[9] = 0; /* RFU */
1516
/* FIXME: Get those values from the ATR. */
1517
msg[10]= 0x01; /* Fi/Di */
1518
msg[11]= 0x10; /* LRC, direct convention. */
1519
msg[12]= 0; /* Extra guardtime. */
1520
msg[13]= 0x41; /* BWI/CWI */
1521
msg[14]= 0; /* No clock stoppping. */
1522
msg[15]= 254; /* IFSC */
1523
msg[16]= 0; /* Does not support non default NAD values. */
1830
/* FIXME: Get those values from the ATR. */
1831
msg[10]= 0x01; /* Fi/Di */
1832
msg[11]= 0x10; /* LRC, direct convention. */
1833
msg[12]= 0; /* Extra guardtime. */
1834
msg[13]= 0x41; /* BWI/CWI */
1835
msg[14]= 0; /* No clock stoppping. */
1836
msg[15]= 254; /* IFSC */
1837
msg[16]= 0; /* Does not support non default NAD values. */
1524
1839
set_msg_len (msg, 7);
1525
1840
msglen = 10 + 7;
1532
1847
rc = bulk_out (handle, msg, msglen);
1535
/* Note that we ignore the error code on purpose. */
1536
bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters,
1850
rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters,
1853
DEBUGOUT ("SetParameters failed (ignored)\n");
1539
1855
handle->t1_ns = 0;
1540
1856
handle->t1_nr = 0;
1542
/* Send an S-Block with our maximun IFSD to the CCID. */
1543
if (!handle->auto_ifsd)
1858
/* Send an S-Block with our maximum IFSD to the CCID. */
1859
if (!handle->apdu_level && !handle->auto_ifsd)
1546
1862
/* NAD: DAD=1, SAD=0 */
2058
2375
|| pinlen_min > pinlen_max)
2059
2376
return CCID_DRIVER_ERR_INV_VALUE;
2061
/* We have only tested this with an SCM reader so better don't risk
2062
anything and do not allow the use with other readers. */
2063
if (handle->id_vendor != VENDOR_SCM)
2064
return CCID_DRIVER_ERR_NOT_SUPPORTED;
2378
/* We have only tested a few readers so better don't risk anything
2379
and do not allow the use with other readers. */
2380
switch (handle->id_vendor)
2382
case VENDOR_SCM: /* Tested with SPR 532. */
2383
case VENDOR_KAAN: /* Tested with KAAN Advanced (1.02). */
2386
/* The CHERRY XX44 keyboard echos an asterisk for each entered
2387
character on the keyboard channel. We use a special variant
2388
of PC_to_RDR_Secure which directs these characters to the
2389
smart card's bulk-in channel. We also need to append a zero
2390
Lc byte to the APDU. It seems that it will be replaced with
2391
the actual length instead of being appended before the APDU
2392
is send to the card. */
2396
return CCID_DRIVER_ERR_NOT_SUPPORTED;
2067
2400
return 0; /* Success */
2134
2473
msg = recv_buffer;
2135
2474
rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen,
2136
RDR_to_PC_DataBlock, seqno, 5000, 0);
2475
RDR_to_PC_DataBlock, seqno, 30000, 0);
2140
2479
tpdu = msg + 10;
2141
2480
tpdulen = msglen - 10;
2482
if (handle->apdu_level)
2486
if (tpdulen > maxresplen)
2488
DEBUGOUT_2 ("provided buffer too short for received data "
2490
(unsigned int)tpdulen, (unsigned int)maxresplen);
2491
return CCID_DRIVER_ERR_INV_VALUE;
2494
memcpy (resp, tpdu, tpdulen);
2143
2500
if (tpdulen < 4)