diff --git a/TODO b/TODO index 7a1f989b4..85e08ed16 100644 --- a/TODO +++ b/TODO @@ -1,100 +1,105 @@ -*- outline -*- * src/base64 ** Make parsing more robust Currently we don't cope with overlong lines in the best way. * sm/call-agent.c ** The protocol uses an incomplete S-expression We should always use valid S-Exp and not just parts. ** Some code should go into import.c ** When we allow concurrent service request in gpgsm, we might want to have an agent context for each service request (i.e. Assuan context). * sm/certreqgen.c ** Improve error reporting ** Do some basic checks on the supplied DNs * sm/certchain.c ** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent. * sm/decrypt.c ** replace leading zero in integer hack by a cleaner solution * sm/gpgsm.c ** Support --output for all commands ** mark all unimplemented commands and options. ** Implement --default-key ** support the anyPolicy semantic ** Check that we are really following the verification procedures in rfc3280. ** Implement a --card-status command. This is useful to check whether a card is supported at all. * sm/keydb.c ** Check file permissions ** Check that all error code mapping is done. ** Remove the inter-module dependencies between gpgsm and keybox ** Add an source_of_key field * agent/command.c ** Make sure that secure memory is used where appropriate * agent/pkdecrypt.c, agent/pksign.c ** Don't use stdio to return results. ** Support DSA * Move pkcs-1 encoding into libgcrypt. * Use a MAC to protect sensitive files. The problem here is that we need yet another key and it is unlikely that users are willing to remember that key too. It is possible to do this with a smartcard, though. * sm/export.c ** Return an error code or a status info per user ID. * scd/tlv.c The parse_sexp fucntion should not go into this file. Check whether we can change all S-expression handling code to make use of this function. * scd ** Application context vs. reader slot We have 2 concurrent method of tracking whether a read is in use: Using the session_list in command.c and the lock_table in app.c. IT would be better to do this just at one place. First we need to see how we can support cards with multiple applications. - +** Detecting a removed card works only after the ticker detected it. + We should check the card status in open-card to make this smoother. + Needs to be integrated with the status file update, though. It is + not a real problem because application will get a card removed status + and should the send a reset to try solving the problem. + * tests ** Makefile.am We use printf(1) to setup the library path, this is not portable. Furthermore LD_LIBRARY_PATH is not used on all systems. It doesn't matter for now, because we use some GNU/*BSDish features anyway. ** Add a test to check the extkeyusage. * doc/ ** Explain how to setup a root CA key as trusted ** Explain how trustlist.txt might be managed. ** Write a script to generate man pages from texi. In progress (yatm) * Windows port ** gpgsm's LISTKEYS does not yet work Fix is to change everything to libestream ** Signals are not support This means we can't reread a configuration ** No card status notifications. * sm/ ** --include-certs is as of now still a dummy command line option ** check that we issue NO_SECKEY xxx if a -u key was not found * gpg/ ** issue a NO_SECKEY xxxx if a -u key was not found. diff --git a/scd/ChangeLog b/scd/ChangeLog index 3b850a293..d539d210e 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,1384 +1,1400 @@ +2006-03-01 Werner Koch <wk@g10code.com> + + * command.c (status_file_update_lock): New. + (scd_update_reader_status_file): Use lock and factor existing code + out to .. + (update_reader_status_file): .. this. + (do_reset): Use the lock and call update_reader_status_file. + +2006-02-20 Werner Koch <wk@g10code.com> + + * apdu.c (open_pcsc_reader): Fixed double free. Thanks to Moritz. + 2006-02-09 Werner Koch <wk@g10code.com> + * command.c (get_reader_slot, do_reset) + (scd_update_reader_status_file): Rewrote. + * app.c (release_application): Factored code out to .. (deallocate_app): new function. (select_application): Introduce new saved application stuff. (application_notify_card_removed): New. - * command.c (update_card_removed): Call it. + * command.c (update_card_removed): Call it here. + (do_reset): And here. * app.c (check_application_conflict): New. * command.c (open_card): Use it here. (cmd_restart): New command. * command.c (cmd_lock): Fixed --wait option to actually terminate. 2006-02-08 Werner Koch <wk@g10code.com> * ccid-driver.c (ccid_get_atr): Read Parameter and select T=1 using these parameters. (scan_or_find_devices): Check for NULL r_fd. 2006-02-02 Werner Koch <wk@g10code.com> * ccid-driver.c (special_transport): New (ccid_open_reader, do_close_reader, ccid_shutdown_reader) (bulk_out, bulk_in): Add support for CardMan 4040 reader. * ccid-driver.c (scan_or_find_devices): Factored most code out to (scan_or_find_usb_device): .. new. (make_reader_id): Fixed vendor mask. 2006-01-01 Werner Koch <wk@g10code.com> * app-openpgp.c (do_sign): Give user error if hash algorithm is not supported by the card. 2005-12-06 Werner Koch <wk@g10code.com> * apdu.c (open_pcsc_reader): Check that pcsc-wrapper is actually installed. 2005-11-23 Werner Koch <wk@g10code.com> * app-nks.c (verify_pin): Give a special error message for a Nullpin. 2005-10-29 Werner Koch <wk@g10code.com> * ccid-driver.c (send_escape_cmd): New args RESULT, RESULTLEN and RESULTMAX. Changed all callers. (ccid_transceive_escape): New. 2005-10-27 Werner Koch <wk@g10code.com> * apdu.c [__CYGWIN__]: Make cygwin environment similar to _WIN32. Suggested by John P. Clizbe. * scdaemon.c [__CYGWIN__]: Set default PC/SC driver to winscard.dll. 2005-10-19 Werner Koch <wk@g10code.com> * ccid-driver.h (CCID_DRIVER_ERR_NO_KEYPAD): New. * apdu.h (SW_HOST_NO_KEYPAD): New. * iso7816.h (struct iso7816_pininfo_s): New. * iso7816.c (map_sw): Support new code. (iso7816_check_keypad): New. (iso7816_verify_kp, iso7816_change_reference_data_kp) (iso7816_reset_retry_counter_kp): New. Extended versions of the original functions. * apdu.c (host_sw_string): Support new code. (reader_table_s): New field CHECK_KEYPAD. (new_reader_slot, open_ct_reader, open_pcsc_reader) (open_ccid_reader, open_rapdu_reader): Initialize it. (check_ccid_keypad): New. (apdu_check_keypad): New. (apdu_send_le): Factored all code out to ... (send_le): .. new. Takes an additional arg; changed all callers of the orginal function to use this one with a NULL for the new arg. (apdu_send_simple_kp): New. (ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu) (send_apdu_ccid): New arg PININFO. (send_apdu_ccid): Use the new arg. * scdaemon.c: New option --disable-keypad. 2005-10-08 Marcus Brinkmann <marcus@g10code.de> * Makefile.am (scdaemon_LDADD): Add ../gl/libgnu.a after ../common/libcommon.a. 2005-09-20 Werner Koch <wk@g10code.com> * app-dinsig.c (verify_pin): Try ISO 9564 BCD encoding. * iso7816.c (iso7816_select_application): Add arg FLAGS. Changed all callers to pass 0. * app-openpgp.c (app_select_openpgp): But this one requires a special flag. * app-p15.c (app_select_p15): Don't use select application for the BELPIC. 2005-09-09 Werner Koch <wk@g10code.com> * pcsc-wrapper.c (main): Removed bogus free. * app-p15.c (do_auth): New. (do_getattr): New attribs $AUTHKEYID and $DISPSERIALNO. * app-openpgp.c (do_getattr): Ditto. 2005-09-08 Werner Koch <wk@g10code.com> * app-openpgp.c (do_getattr): New key $AUTHKEYID. 2005-09-06 Werner Koch <wk@g10code.com> * app-p15.c (do_sign): Tweaked for BELPIC cards. (read_home_df): New arg R_BELPIC. (app_select_p15): Set card type for BELPIC. 2005-09-05 Werner Koch <wk@g10code.com> * iso7816.c (iso7816_select_path): New. * app-p15.c (select_ef_by_path): Allow for direct path selection. (app_select_p15): Try using the Belgian variant of pkcs#15. (read_home_df): New. (read_ef_odf): Generalized. (read_ef_tokeninfo): New. (read_p15_info): Set serialnumber from TokenInfo. (app_select_p15): Don't munge serialNumber - that must be done only once. * iso7816.c (iso7816_read_binary): Use Le=0 when reading all data. Handle 6C00 error and take 6B00 as indication for EOF. * apdu.h (SW_EXACT_LENGTH_P): New. * apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status) (open_pcsc_reader): Set new reader state IS_T0. (apdu_send_le): When doing T=0 make sure not to send Lc and Le. Problem reported by Carl Meijer. (apdu_send_direct): Initialize RESULTLEN. * pcsc-wrapper.c (handle_status): Return the current protocol as a new third word. 2005-08-05 Werner Koch <wk@g10code.com> * apdu.c (open_rapdu_reader): Set the reader number. 2005-07-05 Werner Koch <wk@g10code.com> * app-openpgp.c (do_readkey): Return a mallcoed copy of the key as required by the description. Thanks to Moritz for tracking this problem down. 2005-06-21 Werner Koch <wk@g10code.com> * scdaemon.c (main): ifdef call to ccid_set_debug_level. * apdu.c (reset_pcsc_reader, open_pcsc_reader): Cast size_t to ulong for printf. 2005-06-06 Werner Koch <wk@g10code.com> * scdaemon.c (main): New option --debug-allow-core-dump. 2005-06-03 Werner Koch <wk@g10code.com> * scdaemon.c (handle_connections): Make sure that the signals we are handling are not blocked.Block signals while creating new threads. (handle_connections): Include the file descriptor into the name of the thread. 2005-06-02 Werner Koch <wk@g10code.com> * app.c (app_dump_state, dump_mutex_state): New. * scdaemon.c (handle_signal): Print it on SIGUSR1. * app-openpgp.c (do_writekey): Typo fix. * command.c (open_card): Check for locked state even if an application context is available. * app-common.h: Add REF_COUNT field. * app.c (release_application, select_application): Implement reference counting to share the context beween connections. * app.c (lock_reader, unlock_reader): Take SLOT instead of APP as argument. Changed all callers. (select_application): Unlock the reader on error. This should fix the hangs I noticed last week. * scdaemon.h: Removed card_ctx_t cruft. 2005-06-01 Werner Koch <wk@g10code.com> * scdaemon.c: Include mkdtemp.h. 2005-05-31 Werner Koch <wk@g10code.com> * tlv.c [GNUPG_MAJOR_VERSION==1]: Define constants instead of including a gnupg 1.4 header. 2005-05-30 Werner Koch <wk@g10code.com> * tlv.c: Add hack to compile without gpg-error.h when used with GnuPG 1.4. 2005-05-23 Werner Koch <wk@g10code.com> * Makefile.am: Do not build sc-copykeys anymore. * app-openpgp.c (app_openpgp_storekey, app_openpgp_readkey) (app_openpgp_cardinfo): Removed. * ccid-driver.c (parse_ccid_descriptor): SCR335 FW version 5.14 is good. (do_close_reader): Never do a reset. The caller should instead make sure that the reader has been closed properly. The new retry code in ccid_slot_status will make sure that the readersatrts up fine even if the last process didn't closed the USB connection properly. (ccid_get_atr): For certain readers try switching to ISO mode. Thanks to Ludovic Rousseau for this hint and the magic numbers. (print_command_failed): New. (bulk_in): Use it here. Add new arg NO_DEBUG. (ccid_slot_status): Disabled debugging. 2005-05-21 Werner Koch <wk@g10code.com> * scdaemon.c (handle_signal): Print thread info on SIGUSR1. 2005-05-20 Werner Koch <wk@g10code.com> * ccid-driver.c: Replaced macro DEBUG_T1 by a new debug level. (parse_ccid_descriptor): Mark SCR335 firmware version 5.18 good. (ccid_transceive): Arghhh. The seqno is another bit in the R-block than in the I block, this was wrong at one place. * scdaemon.c: New options --debug-ccid-driver and --debug-disable-ticker. * app-openpgp.c (do_genkey, do_writekey): Factored code to check for existing key out into .. (does_key_exist): .. New function. 2005-05-19 Werner Koch <wk@g10code.com> * tlv.c (parse_sexp): New. * command.c (cmd_writekey): New. * app.c (app_writekey): New. * app-common.c (app_t): Add function ptr WRITEKEY. * app-openpgp.c (do_writekey): New. * app-openpgp.c (do_readkey) [GNUPG_MAJOR_VERSION==1]: Return error. * app-common.h (app_t) [GNUPG_MAJOR_VERSION==1]: Add a field to store the Assuan context. 2005-05-17 Werner Koch <wk@g10code.com> * scdaemon.c: Removed non-pth code paths. (create_socket_name, create_server_socket): New. Taken from ../agent/gpg-agent. (cleanup): Changed to adjust for SOCKET_NAME now being malloced. (ticker_thread): Always use pth_event_occurred; it is again defined for all decent PTH versions. (handle_connections): New. Based on the gpg-agent code. (start_connection_thread): Ditto. (ticker_thread): Removed. (cleanup_sh): Removed. (main): Run the handler for the pipe server in a separate thread. This replaces the old ticker thread. (scd_get_socket_name): New. * command.c (cmd_getinfo): New command GETINFO. (scd_command_handler): Renamed argument and changed code to use an already connected FD. 2005-05-15 Werner Koch <wk@g10code.com> * app.c, app-common.h, app-nks.c, app-p15.c, app-dinsig.c * app-openpgp.c: Change most function return types from int to gpg_error_t. * command.c (pin_cb): Ditto. * sc-copykeys.c (pincb): Ditto. * app.c (lock_reader, unlock_reader): New. Changed call handler wrappers to make use of these functions. 2005-05-07 Werner Koch <wk@g10code.com> * ccid-driver.c (do_close_reader): Don't do a reset before close. Some folks reported that it makes the SCR335 hang less often. Look at the source on how to re-enable it. 2005-04-27 Werner Koch <wk@g10code.com> * app-p15.c (micardo_mse): New. (do_sign): Call it. * iso7816.c (iso7816_manage_security_env): Allow passing DATA as NULL to indicate an empty Lc. * tlv.c (find_tlv): Check that a found object fits into the buffer. (find_tlv_unchecked): New as replacement for the old non-checking variant. * app.c (select_application): Keep on using the non-checking variant. * app-openpgp.c (get_one_do, dump_all_do): Ditto. Removal of the old OpenSC based code. * app-p15.c: New. Basic support for pkcs15 cards without OpenSC. There are quite a couple of things missing but at least I can use my old TCOS cards from the Aegypten-1 development for signing. * app.c (select_application): Detect pkcs15 applications. * Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h and card-p15.c because they are now obsolete. Added app-p15.c. Removed all OpenSC stuff. * command.c (do_reset, open_card, cmd_serialno, cmd_learn) (cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed all special cases for the old card.c based mechanisms. * scdaemon.c, apdu.c: Removed all special cases for OpenSC. 2005-04-20 Werner Koch <wk@g10code.com> * command.c: Use GPG_ERR_LOCKED instead of EBUSY. 2005-04-14 Werner Koch <wk@g10code.com> * app-openpgp.c (retrieve_key_material): Rewritten. Return a proper error code. (retrieve_next_token): Removed. (retrieve_fpr_from_card): Rewritten to make use of DO caching and to take the KEYNO as arg. (get_public_key): Renamed variable for clarity. 2005-04-12 Werner Koch <wk@g10code.com> Basic support for several sessions. * command.c (scd_command_handler): Replace the primary_connection stuff by a real connection list. Release the local context on exit. (scd_update_reader_status_file): Update accordingly. Send signal to all connections who registered an event signal. (cmd_lock, cmd_unlock, register_commands): New commands LOCK and UNLOCK. (cmd_setdata, cmd_pksign, cmd_pkauth, cmd_pkdecrypt, cmd_setattr) (cmd_genkey, cmd_passwd, cmd_checkpin): Return an error if reader is locked. (do_reset): Handle locking. (open_card): Ditto. Share the reader slot with other sessions. (get_reader_slot): New. (update_card_removed): New. Use it in the TEST_CARD_REMOVAL macro. 2005-04-07 Werner Koch <wk@g10code.com> * app-openpgp.c (do_check_pin): Add hack to allow verification of CHV3. (get_public_key): Don't use gcry functions to create S-expressions. (do_deinit, do_readkey, do_genkey, send_keypair_info): Adjust for above change. 2005-03-29 Moritz Schulte <moritz@g10code.com> * app-openpgp.c (retrieve_fpr_from_card): New function. (retrieve_next_token): New function. (retrieve_key_material): New function. (get_public_key): Implement retrival of key through expernal helper (gpg) in case the openpgp card is not cooperative enough. 2005-03-16 Werner Koch <wk@g10code.com> * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround reader type specific. (scan_or_find_devices): Do not check the interface subclass in the SPR532 kludge, as this depends on the firmware version. (ccid_get_atr): Get the Slot status first. This solves the problem with readers hanging on recent Linux 2.6.x. (bulk_in): Add argument TIMEOUT and changed all callers to pass an appropriate one. Change the standard timeout from 10 to 5 seconds. (ccid_slot_status): Add a retry code with an initial short timeout. (do_close_reader): Do an usb_reset before closing the reader. 2005-02-25 Werner Koch <wk@g10code.com> * app-openpgp.c (get_public_key): Make sure not to return negative numbers. (do_sign): Allow passing of indata with algorithm prefix. (do_auth): Allow OPENPGP.3 as an alternative ID. * app.c (app_getattr): Return just the S/N but not the timestamp. 2005-02-24 Werner Koch <wk@g10code.com> * app.c (app_getattr): Return APPTYPE or SERIALNO type even if the application does dot support the getattr call. * app-openpgp.c (get_one_do): Never try to get a non cacheable object from the cache. (get_one_do): Add new arg to return an error code. Changed all callers. (do_getattr): Let it return a proper error code. * app.c (select_application): Return an error code and the application context in an new arg. * command.c (open_card): Adjusted for that. Don't use the fallback if no card is present. Return an error if the card has been removed without a reset. (do_reset, cmd_serialno): Clear that error flag. (TEST_CARD_REMOVAL): New. Use it with all command handlers. (scd_update_reader_status_file): Set the error flag on all changes. * scdaemon.c (ticker_thread): Termintate if a shutdown is pending. * apdu.c: Added some PCSC error codes. (pcsc_error_to_sw): New. (reset_pcsc_reader, pcsc_get_status, pcsc_send_apdu) (open_pcsc_reader): Do proper error code mapping. 2005-03-16 Werner Koch <wk@g10code.com> * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround reader type specific. (scan_or_find_devices): Do not check the interface subclass in the SPR532 kludge, as this depends on the firmware version. (ccid_get_atr): Get the Slot status first. This solves the problem with readers hanging on recent Linux 2.6.x. 2005-02-22 Werner Koch <wk@g10code.com> * app-openpgp.c (app_local_s): New field PK. (do_deinit, do_genkey, app_openpgp_storekey): Clear it. (get_public_key, send_keypair_info): New. (do_learn_status): Send KEYPAIR info * app-common.h (app_ctx_t): Add function pointer READKEY. * app.c (app_readkey): New. * command.c (cmd_readkey): Use READKEY function if possible. 2005-01-26 Werner Koch <wk@g10code.com> * ccid-driver.c (parse_ccid_descriptor): Need the CSM workaround also for newer firmware versions. Need to get a list of fixed firmware versions and use that. 2005-01-25 Werner Koch <wk@g10code.com> * apdu.c (apdu_send_le, apdu_send_direct): Fix some compiler warnings. * app-openpgp.c (get_cached_data): New arg GET_IMMEDIATE to bypass the cache. Changed all callers. (get_one_do): Bypass the cache if the value would have been read directly for v1.1 cards.It makes things a bit slower but obnly for 1.0 cards and there are not that many cards out in the wild. This is required to fix a caching bug when generating new keys; as a side effect of the retrieval of the the C4 DO from the 6E DO the cached fingerprint will get updated to the old value and later when signing the generated key the checking of the fingerprint fails because it won't match the new one. Thanks to Moritz for analyzing this problem. (verify_chv3): Removed the CHV status reread logic because we won't cache the C4 DO anymore. 2004-12-28 Werner Koch <wk@g10code.com> * ccid-driver.c (find_endpoint): New. (scan_or_find_devices): Add new args to return endpoint info and interface number. (ccid_open_reader, ccid_shutdown_reader): Take care of these new args. (bulk_in, bulk_out): Use the correct endpoints. (ccid_transceive_apdu_level): New. (ccid_transceive): Divert to above. (parse_ccid_descriptor): Allow APDU level exchange mode. (do_close_reader): Pass the interface number to usb_release_interface. 2004-12-21 Werner Koch <wk@g10code.com> * scdaemon.c (main): Use default_homedir(). 2004-12-18 Werner Koch <wk@g10code.com> * scdaemon.c (main) [W32]: Remove special Pth initialize.. * scdaemon.h (map_assuan_err): Define in terms of map_assuan_err_with_source. 2004-12-15 Werner Koch <wk@g10code.com> * scdaemon.c [W32]: Various hacks to make it run under W32. * command.c (scd_update_reader_status_file) [W32]: Don't use kill. * apdu.c [W32]: Disable use of pcsc_wrapper. * Makefile.am (scdaemon_LDADD): Reorder libs. (sc_copykeys_LDADD): Add libassuan because it is needed for W32. 2004-12-06 Werner Koch <wk@g10code.com> * Makefile.am (pkglib_PROGRAMS): Build only for W32. 2004-10-22 Werner Koch <wk@g10code.com> * app-openpgp.c (verify_chv3): The minium length for CHV3 is 8. Changed string to match the other ones. 2004-10-21 Werner Koch <wk@g10code.com> * app-openpgp.c (do_sign): Replace asprintf by direct allocation. This avoids problems with missing vasprintf implementations in gnupg 1.4. * app-common.h (app_openpgp_storekey: Add prototype. 2004-10-20 Werner Koch <wk@g10code.com> * sc-investigate: Removed. * Makefile.am (sc_investigate): Removed. * pcsc-wrapper.c (load_pcsc_driver): Load get_status_change func. (handle_open): Succeed even without a present card. (handle_status, handle_reset): New. * apdu.c (apdu_open_reader): Load pcsc_get_status_change fucntion. (pcsc_get_status): Implemented. (reset_pcsc_reader): Implemented. (open_pcsc_reader): Succeed even with no card inserted. (open_ccid_reader): Set LAST_STATUS. * iso7816.c (iso7816_select_application): Always use 0 for P1. 2004-10-18 Werner Koch <wk@g10code.com> * ccid-driver.c (ccid_get_atr): Reset T=1 state info. 2004-10-14 Werner Koch <wk@g10code.com> * app-openpgp.c (parse_login_data): New. (app_select_openpgp): Call it. (do_setattr): Reparse it after change. 2004-10-06 Werner Koch <wk@g10code.de> * ccid-driver.c (ccid_open_reader): Store the vendor ID. (ccid_transceive_secure): New. (parse_ccid_descriptor): Workaround for an SCM reader problem. 2004-10-04 Werner Koch <wk@g10code.de> * ccid-driver.c (send_escape_cmd): New. 2004-09-30 Werner Koch <wk@g10code.com> * Makefile.am: Adjusted for gettext 0.14. * app-openpgp.c (do_sign): Add the error string to the verify failed messages. 2004-09-27 Werner Koch <wk@g10code.com> From gnupg 1.3 * app-openpgp.c: Made all strings translatable. (verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin available for use in gnupg 2. (verify_chv3): Reimplemented countdown showing to use only functions from this module. Flush the CVH status cache on a successful read. (get_one_do): Hack to bypass the cache for cards versions > 1.0. (store_fpr): Store the creation date for card version > 1.0. * app-openpgp.c (app_openpgp_storekey): Call flush_cache. (get_cached_data): Move local data initialization to .. (app_select_openpgp): .. here. Read some flags for later use. (do_getattr): New read-only attribute EXTCAP. * apdu.c (open_pcsc_reader): Do not print empty reader string. * ccid-driver.c (do_close_reader): Factored some code out from ... (ccid_close_reader): ..here. (ccid_shutdown_reader): New. * apdu.c (apdu_shutdown_reader): New. (shutdown_ccid_reader): New. * apdu.c (open_ccid_reader): New arg PORTSTR. Pass it to ccid_open_reader. (apdu_open_reader): Pass portstr to open_ccid_reader. (apdu_open_reader): No fallback if a full CCID reader id has been given. * ccid-driver.c (ccid_get_reader_list): New. (ccid_open_reader): Changed API to take a string for the reader. Removed al the cruft for the libusb development vesion which seems not to be maintained anymore and there are no packages anyway. The stable library works just fine. (struct ccid_reader_id_s): Deleted and replaced everywhere by a simple string. (usb_get_string_simple): Removed. (bulk_in): Do valgrind hack here and not just everywhere. * ccid-driver.c (read_device_info): Removed. (make_reader_id, scan_or_find_devices): New. (ccid_open_reader): Simplified by make use of the new functions. (ccid_set_debug_level): New. Changed the macros to make use of it. It has turned out that it is often useful to enable debugging at runtime so I added this option. From gnupg 1.3 - David Shaw <dshaw@jabberwocky.com> * app-openpgp.c (verify_chv3): Show a countdown of how many wrong admin PINs can be entered before the card is locked. * app-openpgp.c (get_cached_data): Avoid mallocing zero since it breaks us when using --enable-m-guard. * ccid-driver.c (usb_get_string_simple): Replacement function to work with older libusb. * ccid-driver.c (read_device_info): Fix segfault when usb device is not accessible. (ccid_open_reader): Allow working with an even older version of libusb (usb_busses global instead of usb_get_busses()). 2004-09-11 Werner Koch <wk@g10code.com> * app-openpgp.c (app_select_openpgp): Its app_munge_serialno and not app_number_serialno. 2004-08-20 Werner Koch <wk@g10code.de> * app.c (select_application): Fixed serial number extraction and added the BMI card workaround. (app_munge_serialno): New. * app-openpgp.c (app_select_openpgp): Try munging serialno. 2004-08-05 Werner Koch <wk@g10code.de> * scdaemon.c (main): New option --disable-application. * app.c (is_app_allowed): New. (select_application): Use it to check for disabled applications. * ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New. * ccid-driver.c (ccid_open_reader): Support the stable 0.1 version of libusb. (ccid_get_atr): Handle short messages. * apdu.c (my_rapdu_get_status): Implemented. 2004-07-27 Moritz Schulte <moritz@g10code.com> * apdu.c: Include <signal.h>. * Makefile.am: Use @DL_LIBS@ instead of -ldl. 2004-07-22 Werner Koch <wk@g10code.de> * Makefile.am: Make OpenSC lib link after libgcrypt. Do not link to pth. * apdu.c: Don't use Pth if we use OpenSC. * sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used. * scdaemon.c (main): Bumbed thread stack size up to 512k. 2004-07-16 Werner Koch <wk@gnupg.org> * apdu.c (reader_table_s): Add function pointers for the backends. (apdu_close_reader, apdu_get_status, apdu_activate) (send_apdu): Make use of them. (new_reader_slot): Intialize them to NULL. (dump_ccid_reader_status, ct_dump_reader_status): New. (dump_pcsc_reader_status): New. (open_ct_reader, open_pcsc_reader, open_ccid_reader) (open_osc_reader, open_rapdu_reader): Intialize function pointers. (ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu) (error_string): Removed. Replaced by apdu_strerror. (get_ccid_error_string): Removed. (ct_activate_card): Remove the unused loop. (reset_ct_reader): Implemented. (ct_send_apdu): Activate the card if not yet done. (pcsc_send_apdu): Ditto. 2004-07-15 Werner Koch <wk@gnupg.org> * ccid-driver.h: Add error codes. * ccid-driver.c: Implement more or less proper error codes all over the place. * apdu.c (apdu_send_direct): New. (get_ccid_error_string): Add some error code mappings. (send_apdu): Pass error codes along for drivers already supporting them. (host_sw_string): New. (get_ccid_error_string): Use above. (send_apdu_ccid): Reset the reader if it has not yet been done. (open_ccid_reader): Don't care if the ATR can't be read. (apdu_activate_card): New. (apdu_strerror): New. (dump_reader_status): Only enable it with opt.VERBOSE. * iso7816.c (map_sw): Add mappings for the new error codes. 2004-07-02 Werner Koch <wk@gnupg.org> * apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader) (reset_ccid_reader, open_osc_reader): Call dump_reader_status only in verbose mode. 2004-07-01 Werner Koch <wk@gnupg.org> * sc-investigate.c: Initialize Pth which is now required. (interactive_shell): New command "readpk". * app-openpgp.c (do_getattr): Fix for sending CA-FPR. 2004-06-30 Werner Koch <wk@gnupg.org> * app-openpgp.c (app_openpgp_readkey): Fixed check for valid exponent. 2004-06-18 Werner Koch <wk@g10code.com> * sc-investigate.c (my_read_line): Renamed from read_line. 2004-06-16 Werner Koch <wk@gnupg.org> * apdu.c (osc_get_status): Fixed type in function name. Noted by Axel Thimm. Yes, I didn't tested it with OpenSC :-(. 2004-04-28 Werner Koch <wk@gnupg.org> * app-openpgp.c (do_setattr): Sync FORCE_CHV1. 2004-04-27 Werner Koch <wk@gnupg.org> * app-common.h: Do not include ksba.h for gnupg 1. 2004-04-26 Werner Koch <wk@gnupg.org> * app-common.h: New members FNC.DEINIT and APP_LOCAL. * app.c (release_application): Call new deconstructor. * app-openpgp.c (do_deinit): New. (get_cached_data, flush_cache_item, flush_cache_after_error) (flush_cache): New. (get_one_do): Replaced arg SLOT by APP. Make used of cached data. (verify_chv2, verify_chv3): Flush some cache item after error. (do_change_pin): Ditto. (do_sign): Ditto. (do_setattr): Flush cache item. (do_genkey): Flush the entire cache. (compare_fingerprint): Use cached data. * scdaemon.c (main): Do the last change the usual way. This is so that we can easily test for versioned config files above. 2004-04-26 Marcus Brinkmann <marcus@g10code.de> * scdaemon.c (main): For now, always print default filename for --gpgconf-list, and never /dev/null. 2004-04-21 Werner Koch <wk@gnupg.org> * command.c (scd_update_reader_status_file): Send a signal back to the client. (option_handler): Parse the new event-signal option. * scdaemon.c (handle_signal): Do not use SIGUSR{1,2} anymore for changing the verbosity. 2004-04-20 Werner Koch <wk@gnupg.org> * command.c (scd_update_reader_status_file): Write status files. * app-help.c (app_help_read_length_of_cert): Fixed calculation of R_CERTOFF. * pcsc-wrapper.c: New. * Makefile.am (pkglib_PROGRAMS): Install it here. * apdu.c (writen, readn): New. (open_pcsc_reader, pcsc_send_apdu, close_pcsc_reader): Use the pcsc-wrapper if we are using Pth. (apdu_send_le): Reinitialize RESULTLEN. Handle SW_EOF_REACHED like SW_SUCCESS. 2004-04-19 Werner Koch <wk@gnupg.org> * ccid-driver.c (parse_ccid_descriptor): Store some of the reader features away. New arg HANDLE (read_device_info): New arg HANDLE. Changed caller. (bulk_in): Handle time extension requests. (ccid_get_atr): Setup parameters and the IFSD. (compute_edc): New. Factored out code. (ccid_transceive): Use default NADs when required. 2004-04-14 Werner Koch <wk@gnupg.org> * scdaemon.h (server_control_s): Add member READER_SLOT. * scdaemon.c (scd_init_default_ctrl): Initialize READER_SLOT to -1. * command.c (open_card): Reuse an open slot. (reset_notify): Just reset the slot if supported by the reader. (do_reset): Factored code from above out. (scd_command_handler): Use it for cleanup. * apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED, SW_HOST_LOCKING_FAILED and SW_HOST_BUSY. * iso7816.c (map_sw): Map it. * ccid-driver.c (ccid_slot_status): Add arg STATUSBITS. * apdu.c (apdu_get_status): New. (ct_get_status, pcsc_get_status, ocsc_get_status): New stubs. (get_status_ccid): New. (apdu_reset): New. (reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs. (reset_ccid_reader): New. (apdu_enum_reader): New. * apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers. (new_reader_slot) [USE_GNU_PTH]: Init mutex. (apdu_reset, apdu_get_status, apdu_send_le): Run functions in locked mode. * command.c (scd_update_reader_status_file): New. * scdaemon.c (handle_tick): Call it. 2004-04-13 Werner Koch <wk@gnupg.org> * scdaemon.c: Convert to a Pth application. (handle_signal, ticker_thread, handle_tick): New. (main): Fire up the ticker thread in server mode. 2004-03-23 Werner Koch <wk@gnupg.org> * scdaemon.c (main) <gpgconf_list>: Fixed output for pcsc_driver. 2004-03-17 Werner Koch <wk@gnupg.org> * tlv.c (parse_ber_header): Do not check for tag overflow - it does not make sense. Simplified the check for length overflow. * scdaemon.c (main) <gpgconf>: Fixed default value quoting. 2004-03-16 Werner Koch <wk@gnupg.org> * app-dinsig.c: Implemented. Based on app-nks.c and card-dinsig.c * app-nks.c (get_length_of_cert): Removed. * app-help.c: New. (app_help_read_length_of_cert): New. Code taken from above. New optional arg R_CERTOFF. * card-dinsig.c: Removed. * card.c (card_get_serial_and_stamp): Do not bind to the old and never finsiged card-dinsig.c. * iso7816.c (iso7816_read_binary): Allow for an NMAX > 254. 2004-03-11 Werner Koch <wk@gnupg.org> * scdaemon.h (out_of_core): Removed. Replaced callers by standard gpg_error function. * apdu.c, iso7816.c, ccid-driver.c [GNUPG_SCD_MAIN_HEADER]: Allow to include a header defined by the compiler. This helps us to reuse the source in other software. 2004-03-10 Werner Koch <wk@gnupg.org> * iso7816.c (iso7816_read_record): New arg SHORT_EF. Changed all callers. 2004-02-18 Werner Koch <wk@gnupg.org> * sc-investigate.c (main): Setup the used character set. * scdaemon.c (main): Ditto. * scdaemon.c (set_debug): New. Add option --debug-level. (main): Add option --gpgconf-list. 2004-02-12 Werner Koch <wk@gnupg.org> * Makefile.am: Include cmacros.am for common flags. 2004-01-29 Werner Koch <wk@gnupg.org> * command.c (reset_notify): Release the application context and close the reader. 2004-01-28 Werner Koch <wk@gnupg.org> * iso7816.c (iso7816_manage_security_env): New. (iso7816_decipher): Add PADIND argument. 2004-01-27 Werner Koch <wk@gnupg.org> * command.c (cmd_readcert, cmd_readkey): Work on a copy of LINE. * app-common.h (app_ctx_s): Added readcert field. * app.c (app_readcert): New. * tlv.c (parse_ber_header): Added; taken from libksba. 2004-01-26 Werner Koch <wk@gnupg.org> * card.c (map_sc_err): Use SCD as the error source. * command.c (open_card): ADD arg NAME to allow requesting a specific application. Changed all callers. (cmd_serialno): Allow optional argument to select the desired application. * app-nks.c: New. * scdaemon.h (opt): Add READER_PORT. * scdaemon.c (main): Set it here. * app.c (app_set_default_reader_port): Removed. (select_application): Add NAME arg and figure out a default serial number from the GDO. Add SLOT arg and remove all reader management. (release_application): New. (app_write_learn_status): Output an APPTYPE status line. * command.c (open_card): Adapt for select_application change. * app-openpgp.c (app_select_openpgp): Removed SN and SNLEN args and set it directly. Changed all callers. 2004-01-25 Werner Koch <wk@gnupg.org> * iso7816.c (iso7816_select_application): P1 kludge for OpenPGP card. * app-openpgp.c (find_tlv): Factor out this function to .. * tlv.c, tlv.h: .. new. * scdaemon.h: Introduced app_t and ctrl_t as the new types for APP and CTRL. 2004-01-21 Werner Koch <wk@gnupg.org> * apdu.c (apdu_send_le): Treat SW_EOF_REACHED as a warning. 2004-01-20 Werner Koch <wk@gnupg.org> * iso7816.c (iso7816_read_binary): New. (iso7816_select_file): New. (iso7816_list_directory): New. * sc-investigate.c: Add option -i. (select_app, read_line, interactive_shell): New. 2004-01-16 Werner Koch <wk@gnupg.org> * apdu.h: Add SW_FILE_NOT_FOUND. * iso7816.c (map_sw): Map it to GPG_ERR_ENOENT. * iso7816.c (iso7816_select_file): New. * app-dinsig.c: New file w/o any real code yet. * Makefile.am (scdaemon_SOURCES,sc_investigate_SOURCES): Add file. * sc-investigate.c: Add option --disable-ccid. 2003-12-19 Werner Koch <wk@gnupg.org> * apdu.c (apdu_send_le): Send a get_response with the indicated length and not the 64 bytes we used for testing. * app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the minimum length of the passphrase, so that we don't need to decrement the retry counter. 2003-12-17 Werner Koch <wk@gnupg.org> * card-p15.c (p15_enum_keypairs): Replaced KRC by RC. * card-dinsig.c (dinsig_enum_keypairs): Ditto. 2003-12-16 Werner Koch <wk@gnupg.org> * scdaemon.c (main): Set the prefixes for assuan logging. 2003-11-17 Werner Koch <wk@gnupg.org> * scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin. * app-openpgp.c (verify_chv3): Check it here. 2003-11-12 Werner Koch <wk@gnupg.org> Adjusted for API changes in Libksba. 2003-10-30 Werner Koch <wk@gnupg.org> * apdu.c (close_ct_reader, close_pcsc_reader): Implemented. (get_ccid_error_string): New. Not very useful messages, though. 2003-10-25 Werner Koch <wk@gnupg.org> * ccid-driver.c (ccid_open_reader): Return an error if no USB devices are found. * command.c (cmd_genkey, cmd_passwd): Fixed faulty use of !spacep(). * apdu.c (apdu_open_reader): Hacks for PC/SC under Windows. 2003-10-20 Werner Koch <wk@gnupg.org> * command.c (cmd_checkpin): New. (register_commands): Add command CHECKPIN. * app.c (app_check_pin): New. * app-openpgp.c (check_against_given_fingerprint): New. Factored out that code elsewhere. (do_check_pin): New. 2003-10-10 Werner Koch <wk@gnupg.org> * ccid-driver.c (ccid_close_reader): New. * apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader) (close_osc_reader, apdu_close_reader): New. Not all are properly implemented yet. 2003-10-09 Werner Koch <wk@gnupg.org> * ccid-driver.c (ccid_transceive): Add T=1 chaining for sending. 2003-10-08 Werner Koch <wk@gnupg.org> * app-openpgp.c (do_getattr): Support SERIALNO and AID. 2003-10-01 Werner Koch <wk@gnupg.org> * ccid-driver.c: Detect GnuPG 1.3 and include appropriate files. * apdu.c: Ditto. * app-openpgp.c: Ditto. * iso7816.c: Ditto. (generate_keypair): Renamed to .. (do_generate_keypair): .. this. * app-common.h [GNUPG_MAJOR_VERSION]: New. * iso7816.h [GNUPG_MAJOR_VERSION]: Include cardglue.h 2003-09-30 Werner Koch <wk@gnupg.org> * command.c (cmd_getattr): New command GETATTR. * app.c (app_setattr): New. (do_getattr): New. (do_learn_status): Reimplemented in terms of do_getattr. * app-openpgp.c (do_change_pin): Make sure CVH1 and CHV2 are always synced. (verify_chv2, verify_chv3): New. Factored out common code. (do_setattr, do_sign, do_auth, do_decipher): Change the names of the prompts to match that we have only 2 different PINs. (app_select_openpgp): Check whether the card enforced CHV1. (convert_sig_counter_value): New. Factor out code from get_sig_counter. 2003-09-28 Werner Koch <wk@gnupg.org> * app-openpgp.c (dump_all_do): Use gpg_err_code and not gpg_error. 2003-09-19 Werner Koch <wk@gnupg.org> * ccid-driver.c (parse_ccid_descriptor): New. (read_device_info): New. (ccid_open_reader): Check that the device has all required features. 2003-09-06 Werner Koch <wk@gnupg.org> * scdaemon.c (main): --pcsc-driver again defaults to pcsclite. David Corcoran was so kind to remove the GPL incompatible advertisng clause from pcsclite. * apdu.c (apdu_open_reader): Actually make pcsc-driver option work. 2003-09-05 Werner Koch <wk@gnupg.org> * ccid-driver.c: More work, data can now actually be retrieved. * ccid-driver.c, ccid-driver.h: Alternativley allow use under BSD conditions. 2003-09-02 Werner Koch <wk@gnupg.org> * scdaemon.c, scdaemon.h: New option --pcsc-ccid. * ccid-driver.c, ccid-driver.h: New but far from being useful. * Makefile.am: Add above. * apdu.c: Add support for that ccid driver. 2003-08-26 Timo Schulz <twoaday@freakmail.de> * apdu.c (new_reader_slot): Only set 'is_osc' when OpenSC is used. 2003-08-25 Werner Koch <wk@gnupg.org> * command.c (cmd_setattr): Use a copy of LINE. (cmd_genkey): Use a copy of KEYNO. (cmd_passwd): Use a copy of CHVNOSTR. (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): s/strdup/xtrystrdup/. 2003-08-19 Werner Koch <wk@gnupg.org> * scdaemon.c, scdaemon.h: New option --pcsc-driver. * apdu.c (apdu_open_reader): Use that option here instead of a hardcoded one. 2003-08-18 Werner Koch <wk@gnupg.org> * Makefile.am: Add OPENSC_LIBS to all programs. * scdaemon.c, scdaemon.h: New option --disable-opensc. * card.c (card_open): Implement it. * apdu.c (open_osc_reader, osc_send_apdu): New. (apdu_open_reader) [HAVE_OPENSC]: Use the opensc driver if not disabled. (error_string) [HAVE_OPENSC]: Use sc_strerror. (send_apdu) [HAVE_OPENSC]: Call osc_apdu_send. * card-p15.c (p15_enum_keypairs, p15_prepare_key): Adjusted for libgpg-error. 2003-08-14 Timo Schulz <twoaday@freakmail.de> * apdu.c (ct_activate_card): Change the code a little to avoid problems with other readers. * Always use 'dynload.h' instead of 'dlfcn.h'. 2003-08-05 Werner Koch <wk@gnupg.org> * app-openpgp.c (dump_all_do): Don't analyze constructed DOs after an error. 2003-08-04 Werner Koch <wk@gnupg.org> * app.c (app_set_default_reader_port): New. (select_application): Use it here. * scdaemon.c (main): and here. * sc-copykeys.c: --reader-port does now take a string. * sc-investigate.c, scdaemon.c: Ditto. * apdu.c (apdu_open_reader): Ditto. Load pcsclite if no ctapi driver is configured. Always include code for ctapi. (new_reader_slot): Don't test for already used ports and remove port arg. (open_pcsc_reader, pcsc_send_apdu, pcsc_error_string): New. (apdu_send_le): Changed RC to long to cope with PC/SC. * scdaemon.c, scdaemon.h: New option --ctapi-driver. * sc-investigate.c, sc-copykeys.c: Ditto. 2003-07-31 Werner Koch <wk@gnupg.org> * Makefile.am (scdaemon_LDADD): Added INTLLIBS. 2003-07-28 Werner Koch <wk@gnupg.org> * app-openpgp.c (do_setattr): Change implementation. Allow all useful DOs. 2003-07-27 Werner Koch <wk@gnupg.org> Adjusted for gcry_mpi_print and gcry_mpi_scan API change. 2003-07-24 Werner Koch <wk@gnupg.org> * app-openpgp.c (do_learn_status): Print more status information. (app_select_openpgp): Store the card version. (store_fpr): Add argument card_version and fix DOs for old cards. (app_openpgp_storekey): Likewise. 2003-07-23 Werner Koch <wk@gnupg.org> * command.c (cmd_pkauth): New. (cmd_setdata): Check whether data was given at all to avoid passing 0 to malloc. * app.c (app_auth): New. * app-openpgp.c (do_auth): New. 2003-07-22 Werner Koch <wk@gnupg.org> * command.c (cmd_passwd): New. * app.c (app_change_pin): New. * app-openpgp.c (do_change_pin): New. * iso7816.c (iso7816_reset_retry_counter): Implemented. * sc-investigate.c (main): New option --gen-random. * iso7816.c (iso7816_get_challenge): Don't create APDUs with a length larger than 255. 2003-07-17 Werner Koch <wk@gnupg.org> * command.c (cmd_random): New command RANDOM. * iso7816.c (map_sw): New. Use it in this file to return meaningful error messages. Changed all public fucntions to return a gpg_error_t. (iso7816_change_reference_data): New. * apdu.c (apdu_open_reader): Use faked status words for soem system errors. 2003-07-16 Werner Koch <wk@gnupg.org> * apdu.c (apdu_send_simple): Use apdu_send_le so that we can specify not to send Le as it should be. 2003-07-15 Werner Koch <wk@gnupg.org> * Makefile.am: Add sc-copykeys program. * sc-copykeys.c: New. * app-openpgp.c (app_openpgp_storekey): New. (app_openpgp_cardinfo): New. (count_bits): New. (store_fpr): And use it here to get the actual length in bit. 2003-07-03 Werner Koch <wk@gnupg.org> * app-openpgp.c (do_setattr): Add setting of the URL. (app_select_openpgp): Dump card data only in very verbose mode. (do_decipher): New. 2003-07-02 Werner Koch <wk@gnupg.org> * app-openpgp.c (get_sig_counter): New. (do_sign): Print the signature counter and enable the PIN callback. (do_genkey): Implement the PIN callback. 2003-07-01 Werner Koch <wk@gnupg.org> * app-openpgp.c (store_fpr): Fixed fingerprint calculation. 2003-06-26 Werner Koch <wk@gnupg.org> * app-openpgp.c (find_tlv): Fixed length header parsing. * app.c (app_genkey): New. * command.c (cmd_genkey): New. 2003-06-25 Werner Koch <wk@gnupg.org> * command.c (percent_plus_unescape): New. (cmd_setattr): New. 2003-06-24 Werner Koch <wk@gnupg.org> * command.c (send_status_info): New. * app-openpgp.c (app_select_openpgp): Replace SLOT arg by APP arg and setup the function pointers in APP on success. Changed callers. * app.c: New. * app-common.h: New. * scdaemon.h (APP): New type to handle applications. (server_control_s): Add an APP context field. * command.c (cmd_serialno): Handle applications. (cmd_pksign): Ditto. (cmd_pkdecrypt): Ditto. (reset_notify): Ditto. (cmd_learn): For now return error for application contexts. (cmd_readcert): Ditto. (cmd_readkey): Ditto. 2003-06-04 Werner Koch <wk@gnupg.org> * card.c (map_sc_err): Renamed gpg_make_err to gpg_err_make. Renamed error codes from INVALID to INV and removed _ERROR suffixes. 2003-06-03 Werner Koch <wk@gnupg.org> Changed all error codes in all files to the new libgpg-error scheme. * scdaemon.h: Include gpg-error.h and errno.h * card.c (map_sc_err): Use unknown for the error source. * Makefile.am: Link with libgpg-error 2003-05-14 Werner Koch <wk@gnupg.org> * atr.c, atr.h: New. * sc-investigate.c: Dump the ATR in a human readable format. 2003-05-08 Werner Koch <wk@gnupg.org> * scdaemon.h (DBG_CARD_IO_VALUE): New. * sc-investigate.c: New. * scdaemon.c (main): Removed --print-atr option. * iso7816.c, iso7816.h, app-openpgp.c: New. 2003-04-29 Werner Koch <wk@gnupg.org> * scdaemon.c: New options --print-atr and --reader-port * apdu.c, apdu.h: New * card.c, card-p15.c, card-dinsig.c: Allow build without OpenSC. * Makefile.am (LDFLAGS): Removed. * command.c (register_commands): Adjusted for new Assuan semantics. 2002-08-21 Werner Koch <wk@gnupg.org> * scdaemon.c (main): New option --daemon so that the program is not accidently started in the background. 2002-08-16 Werner Koch <wk@gnupg.org> * scdaemon.c: Include i18n.h. * card-common.h (struct p15_private_s): Forward declaration. Add it to card_ctx_s. * card.c (card_close): Make sure private data is released. (card_enum_certs): New. * card-p15.c (p15_release_private_data): New. (init_private_data): New to work around an OpenSC weirdness. (p15_enum_keypairs): Do an OpenSC get_objects only once. (p15_enum_certs): New. (card_p15_bind): Bind new function. * command.c (cmd_learn): Return information about the certificates. 2002-08-09 Werner Koch <wk@gnupg.org> * card.c (card_get_serial_and_stamp): Use the tokeinfo serial number as a fallback. Add a special prefix for serial numbers. 2002-07-30 Werner Koch <wk@gnupg.org> Changes to cope with OpenSC 0.7.0: * card.c: Removed the check for the packed opensc version. Changed include file names of opensc. (map_sc_err): Adjusted error codes for new opensc version. * card-p15.c: Changed include filename of opensc. * card-dinsig.c: Ditto. * card-p15.c (p15_decipher): Add flags argument to OpenSC call. 2002-07-24 Werner Koch <wk@gnupg.org> * card.c (find_simple_tlv, find_iccsn): New. (card_get_serial_and_stamp): Improved serial number parser. 2002-06-27 Werner Koch <wk@gnupg.org> * scdaemon.c (main): Use GNUPG_DEFAULT_HOMEDIR constant. 2002-06-15 Werner Koch <wk@gnupg.org> * card-dinsig.c: Documented some stuff from the DIN norm. 2002-04-15 Werner Koch <wk@gnupg.org> * command.c (cmd_pksign, cmd_pkdecrypt): Use a copy of the key ID. 2002-04-12 Werner Koch <wk@gnupg.org> * scdaemon.c: New option --debug-sc N. * card.c (card_open): set it here. * card-p15.c (p15_prepare_key): Factored out common code from ... (p15_sign, p15_decipher): here and made the decryption work the regular way. 2002-04-10 Werner Koch <wk@gnupg.org> * card.c (card_open): Return immediately when no reader is available. 2002-03-27 Werner Koch <wk@gnupg.org> * card.c (card_open, card_close): Adjusted for changes in OpenSC. 2002-03-10 Werner Koch <wk@gnupg.org> * card-p15.c, card-dinsig.c, card-common.h: New. * card.c: Factored most code out to the new modules, so that we can better support different types of card applications. 2002-01-26 Werner Koch <wk@gnupg.org> * scdaemon.c scdaemon.h, command.c: New. Based on the code from the gpg-agent. Copyright 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/scd/apdu.c b/scd/apdu.c index 5a5f18b43..adaaec612 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1,3021 +1,3021 @@ /* apdu.c - ISO 7816 APDU functions and low level I/O * Copyright (C) 2003, 2004 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA. * * $Id$ */ /* NOTE: This module is also used by other software, thus the use of the macro USE_GNU_PTH is mandatory. For GnuPG this macro is guaranteed to be defined true. */ #include <config.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <assert.h> #include <signal.h> #ifdef USE_GNU_PTH # include <pth.h> # include <unistd.h> # include <fcntl.h> #endif /* If requested include the definitions for the remote APDU protocol code. */ #ifdef USE_G10CODE_RAPDU #include "rapdu.h" #endif /*USE_G10CODE_RAPDU*/ #if defined(GNUPG_SCD_MAIN_HEADER) #include GNUPG_SCD_MAIN_HEADER #elif GNUPG_MAJOR_VERSION == 1 /* This is used with GnuPG version < 1.9. The code has been source copied from the current GnuPG >= 1.9 and is maintained over there. */ #include "options.h" #include "errors.h" #include "memory.h" #include "util.h" #include "i18n.h" #include "cardglue.h" #else /* GNUPG_MAJOR_VERSION != 1 */ #include "scdaemon.h" #endif /* GNUPG_MAJOR_VERSION != 1 */ #include "apdu.h" #include "dynload.h" #include "ccid-driver.h" /* Due to conflicting use of threading libraries we usually can't link against libpcsclite. Instead we use a wrapper program. */ #ifdef USE_GNU_PTH #if !defined(HAVE_W32_SYSTEM) && !defined(__CYGWIN__) #define NEED_PCSC_WRAPPER 1 #endif #endif #define MAX_READER 4 /* Number of readers we support concurrently. */ #if defined(_WIN32) || defined(__CYGWIN__) #define DLSTDCALL __stdcall #else #define DLSTDCALL #endif #ifdef _POSIX_OPEN_MAX #define MAX_OPEN_FDS _POSIX_OPEN_MAX #else #define MAX_OPEN_FDS 20 #endif /* Helper to pass patrameters related to keypad based operations. */ struct pininfo_s { int mode; int minlen; int maxlen; int padlen; }; /* A structure to collect information pertaining to one reader slot. */ struct reader_table_s { int used; /* True if slot is used. */ unsigned short port; /* Port number: 0 = unused, 1 - dev/tty */ /* Function pointers intialized to the various backends. */ int (*close_reader)(int); int (*shutdown_reader)(int); int (*reset_reader)(int); int (*get_status_reader)(int, unsigned int *); int (*send_apdu_reader)(int,unsigned char *,size_t, unsigned char *, size_t *, struct pininfo_s *); int (*check_keypad)(int, int, int, int, int, int); void (*dump_status_reader)(int); struct { ccid_driver_t handle; } ccid; struct { unsigned long context; unsigned long card; unsigned long protocol; #ifdef NEED_PCSC_WRAPPER int req_fd; int rsp_fd; pid_t pid; #endif /*NEED_PCSC_WRAPPER*/ } pcsc; #ifdef USE_G10CODE_RAPDU struct { rapdu_t handle; } rapdu; #endif /*USE_G10CODE_RAPDU*/ char *rdrname; /* Name of the connected reader or NULL if unknown. */ int last_status; int status; int is_t0; /* True if we know that we are running T=0. */ unsigned char atr[33]; size_t atrlen; /* A zero length indicates that the ATR has not yet been read; i.e. the card is not ready for use. */ unsigned int change_counter; #ifdef USE_GNU_PTH int lock_initialized; pth_mutex_t lock; #endif }; typedef struct reader_table_s *reader_table_t; /* A global table to keep track of active readers. */ static struct reader_table_s reader_table[MAX_READER]; /* ct API function pointer. */ static char (* DLSTDCALL CT_init) (unsigned short ctn, unsigned short Pn); static char (* DLSTDCALL CT_data) (unsigned short ctn, unsigned char *dad, unsigned char *sad, unsigned short lc, unsigned char *cmd, unsigned short *lr, unsigned char *rsp); static char (* DLSTDCALL CT_close) (unsigned short ctn); /* PC/SC constants and function pointer. */ #define PCSC_SCOPE_USER 0 #define PCSC_SCOPE_TERMINAL 1 #define PCSC_SCOPE_SYSTEM 2 #define PCSC_SCOPE_GLOBAL 3 #define PCSC_PROTOCOL_T0 1 #define PCSC_PROTOCOL_T1 2 #define PCSC_PROTOCOL_RAW 4 #define PCSC_SHARE_EXCLUSIVE 1 #define PCSC_SHARE_SHARED 2 #define PCSC_SHARE_DIRECT 3 #define PCSC_LEAVE_CARD 0 #define PCSC_RESET_CARD 1 #define PCSC_UNPOWER_CARD 2 #define PCSC_EJECT_CARD 3 #define PCSC_UNKNOWN 0x0001 #define PCSC_ABSENT 0x0002 /* Card is absent. */ #define PCSC_PRESENT 0x0004 /* Card is present. */ #define PCSC_SWALLOWED 0x0008 /* Card is present and electrical connected. */ #define PCSC_POWERED 0x0010 /* Card is powered. */ #define PCSC_NEGOTIABLE 0x0020 /* Card is awaiting PTS. */ #define PCSC_SPECIFIC 0x0040 /* Card is ready for use. */ #define PCSC_STATE_UNAWARE 0x0000 /* Want status. */ #define PCSC_STATE_IGNORE 0x0001 /* Ignore this reader. */ #define PCSC_STATE_CHANGED 0x0002 /* State has changed. */ #define PCSC_STATE_UNKNOWN 0x0004 /* Reader unknown. */ #define PCSC_STATE_UNAVAILABLE 0x0008 /* Status unavailable. */ #define PCSC_STATE_EMPTY 0x0010 /* Card removed. */ #define PCSC_STATE_PRESENT 0x0020 /* Card inserted. */ #define PCSC_STATE_ATRMATCH 0x0040 /* ATR matches card. */ #define PCSC_STATE_EXCLUSIVE 0x0080 /* Exclusive Mode. */ #define PCSC_STATE_INUSE 0x0100 /* Shared mode. */ #define PCSC_STATE_MUTE 0x0200 /* Unresponsive card. */ /* Some PC/SC error codes. */ #define PCSC_E_CANCELLED 0x80100002 #define PCSC_E_CANT_DISPOSE 0x8010000E #define PCSC_E_INSUFFICIENT_BUFFER 0x80100008 #define PCSC_E_INVALID_ATR 0x80100015 #define PCSC_E_INVALID_HANDLE 0x80100003 #define PCSC_E_INVALID_PARAMETER 0x80100004 #define PCSC_E_INVALID_TARGET 0x80100005 #define PCSC_E_INVALID_VALUE 0x80100011 #define PCSC_E_NO_MEMORY 0x80100006 #define PCSC_E_UNKNOWN_READER 0x80100009 #define PCSC_E_TIMEOUT 0x8010000A #define PCSC_E_SHARING_VIOLATION 0x8010000B #define PCSC_E_NO_SMARTCARD 0x8010000C #define PCSC_E_UNKNOWN_CARD 0x8010000D #define PCSC_E_PROTO_MISMATCH 0x8010000F #define PCSC_E_NOT_READY 0x80100010 #define PCSC_E_SYSTEM_CANCELLED 0x80100012 #define PCSC_E_NOT_TRANSACTED 0x80100016 #define PCSC_E_READER_UNAVAILABLE 0x80100017 #define PCSC_W_REMOVED_CARD 0x80100069 struct pcsc_io_request_s { unsigned long protocol; unsigned long pci_len; }; typedef struct pcsc_io_request_s *pcsc_io_request_t; struct pcsc_readerstate_s { const char *reader; void *user_data; unsigned long current_state; unsigned long event_state; unsigned long atrlen; unsigned char atr[33]; }; typedef struct pcsc_readerstate_s *pcsc_readerstate_t; long (* DLSTDCALL pcsc_establish_context) (unsigned long scope, const void *reserved1, const void *reserved2, unsigned long *r_context); long (* DLSTDCALL pcsc_release_context) (unsigned long context); long (* DLSTDCALL pcsc_list_readers) (unsigned long context, const char *groups, char *readers, unsigned long*readerslen); long (* DLSTDCALL pcsc_get_status_change) (unsigned long context, unsigned long timeout, pcsc_readerstate_t readerstates, unsigned long nreaderstates); long (* DLSTDCALL pcsc_connect) (unsigned long context, const char *reader, unsigned long share_mode, unsigned long preferred_protocols, unsigned long *r_card, unsigned long *r_active_protocol); long (* DLSTDCALL pcsc_reconnect) (unsigned long card, unsigned long share_mode, unsigned long preferred_protocols, unsigned long initialization, unsigned long *r_active_protocol); long (* DLSTDCALL pcsc_disconnect) (unsigned long card, unsigned long disposition); long (* DLSTDCALL pcsc_status) (unsigned long card, char *reader, unsigned long *readerlen, unsigned long *r_state, unsigned long *r_protocol, unsigned char *atr, unsigned long *atrlen); long (* DLSTDCALL pcsc_begin_transaction) (unsigned long card); long (* DLSTDCALL pcsc_end_transaction) (unsigned long card); long (* DLSTDCALL pcsc_transmit) (unsigned long card, const pcsc_io_request_t send_pci, const unsigned char *send_buffer, unsigned long send_len, pcsc_io_request_t recv_pci, unsigned char *recv_buffer, unsigned long *recv_len); long (* DLSTDCALL pcsc_set_timeout) (unsigned long context, unsigned long timeout); /* Prototypes. */ static int pcsc_get_status (int slot, unsigned int *status); /* Helper */ /* Find an unused reader slot for PORTSTR and put it into the reader table. Return -1 on error or the index into the reader table. */ static int new_reader_slot (void) { int i, reader = -1; for (i=0; i < MAX_READER; i++) { if (!reader_table[i].used && reader == -1) reader = i; } if (reader == -1) { log_error ("new_reader_slot: out of slots\n"); return -1; } #ifdef USE_GNU_PTH if (!reader_table[reader].lock_initialized) { if (!pth_mutex_init (&reader_table[reader].lock)) { log_error ("error initializing mutex: %s\n", strerror (errno)); return -1; } reader_table[reader].lock_initialized = 1; } #endif /*USE_GNU_PTH*/ reader_table[reader].close_reader = NULL; reader_table[reader].shutdown_reader = NULL; reader_table[reader].reset_reader = NULL; reader_table[reader].get_status_reader = NULL; reader_table[reader].send_apdu_reader = NULL; reader_table[reader].check_keypad = NULL; reader_table[reader].dump_status_reader = NULL; reader_table[reader].used = 1; reader_table[reader].last_status = 0; reader_table[reader].is_t0 = 1; #ifdef NEED_PCSC_WRAPPER reader_table[reader].pcsc.req_fd = -1; reader_table[reader].pcsc.rsp_fd = -1; reader_table[reader].pcsc.pid = (pid_t)(-1); #endif return reader; } static void dump_reader_status (int slot) { if (!opt.verbose) return; if (reader_table[slot].dump_status_reader) reader_table[slot].dump_status_reader (slot); if (reader_table[slot].status != -1 && reader_table[slot].atrlen) { log_info ("slot %d: ATR=", slot); log_printhex ("", reader_table[slot].atr, reader_table[slot].atrlen); } } static const char * host_sw_string (long err) { switch (err) { case 0: return "okay"; case SW_HOST_OUT_OF_CORE: return "out of core"; case SW_HOST_INV_VALUE: return "invalid value"; case SW_HOST_NO_DRIVER: return "no driver"; case SW_HOST_NOT_SUPPORTED: return "not supported"; case SW_HOST_LOCKING_FAILED: return "locking failed"; case SW_HOST_BUSY: return "busy"; case SW_HOST_NO_CARD: return "no card"; case SW_HOST_CARD_INACTIVE: return "card inactive"; case SW_HOST_CARD_IO_ERROR: return "card I/O error"; case SW_HOST_GENERAL_ERROR: return "general error"; case SW_HOST_NO_READER: return "no reader"; case SW_HOST_ABORTED: return "aborted"; case SW_HOST_NO_KEYPAD: return "no keypad"; default: return "unknown host status error"; } } const char * apdu_strerror (int rc) { switch (rc) { case SW_EOF_REACHED : return "eof reached"; case SW_EEPROM_FAILURE : return "eeprom failure"; case SW_WRONG_LENGTH : return "wrong length"; case SW_CHV_WRONG : return "CHV wrong"; case SW_CHV_BLOCKED : return "CHV blocked"; case SW_USE_CONDITIONS : return "use conditions not satisfied"; case SW_BAD_PARAMETER : return "bad parameter"; case SW_NOT_SUPPORTED : return "not supported"; case SW_FILE_NOT_FOUND : return "file not found"; case SW_RECORD_NOT_FOUND:return "record not found"; case SW_REF_NOT_FOUND : return "reference not found"; case SW_BAD_P0_P1 : return "bad P0 or P1"; case SW_INS_NOT_SUP : return "instruction not supported"; case SW_CLA_NOT_SUP : return "class not supported"; case SW_SUCCESS : return "success"; default: if ((rc & ~0x00ff) == SW_MORE_DATA) return "more data available"; if ( (rc & 0x10000) ) return host_sw_string (rc); return "unknown status error"; } } /* ct API Interface */ static const char * ct_error_string (long err) { switch (err) { case 0: return "okay"; case -1: return "invalid data"; case -8: return "ct error"; case -10: return "transmission error"; case -11: return "memory allocation error"; case -128: return "HTSI error"; default: return "unknown CT-API error"; } } static void ct_dump_reader_status (int slot) { log_info ("reader slot %d: %s\n", slot, reader_table[slot].status == 1? "Processor ICC present" : reader_table[slot].status == 0? "Memory ICC present" : "ICC not present" ); } /* Wait for the card in SLOT and activate it. Return a status word error or 0 on success. */ static int ct_activate_card (int slot) { int rc; unsigned char dad[1], sad[1], cmd[11], buf[256]; unsigned short buflen; /* Check whether card has been inserted. */ dad[0] = 1; /* Destination address: CT. */ sad[0] = 2; /* Source address: Host. */ cmd[0] = 0x20; /* Class byte. */ cmd[1] = 0x13; /* Request status. */ cmd[2] = 0x00; /* From kernel. */ cmd[3] = 0x80; /* Return card's DO. */ cmd[4] = 0x00; buflen = DIM(buf); rc = CT_data (slot, dad, sad, 5, cmd, &buflen, buf); if (rc || buflen < 2 || buf[buflen-2] != 0x90) { log_error ("ct_activate_card: can't get status of reader %d: %s\n", slot, ct_error_string (rc)); return SW_HOST_CARD_IO_ERROR; } /* Connected, now activate the card. */ dad[0] = 1; /* Destination address: CT. */ sad[0] = 2; /* Source address: Host. */ cmd[0] = 0x20; /* Class byte. */ cmd[1] = 0x12; /* Request ICC. */ cmd[2] = 0x01; /* From first interface. */ cmd[3] = 0x01; /* Return card's ATR. */ cmd[4] = 0x00; buflen = DIM(buf); rc = CT_data (slot, dad, sad, 5, cmd, &buflen, buf); if (rc || buflen < 2 || buf[buflen-2] != 0x90) { log_error ("ct_activate_card(%d): activation failed: %s\n", slot, ct_error_string (rc)); if (!rc) log_printhex (" received data:", buf, buflen); return SW_HOST_CARD_IO_ERROR; } /* Store the type and the ATR. */ if (buflen - 2 > DIM (reader_table[0].atr)) { log_error ("ct_activate_card(%d): ATR too long\n", slot); return SW_HOST_CARD_IO_ERROR; } reader_table[slot].status = buf[buflen - 1]; memcpy (reader_table[slot].atr, buf, buflen - 2); reader_table[slot].atrlen = buflen - 2; return 0; } static int close_ct_reader (int slot) { CT_close (slot); reader_table[slot].used = 0; return 0; } static int reset_ct_reader (int slot) { /* FIXME: Check is this is sufficient do do a reset. */ return ct_activate_card (slot); } static int ct_get_status (int slot, unsigned int *status) { *status = 1|2|4; /* FIXME */ return 0; return SW_HOST_NOT_SUPPORTED; } /* Actually send the APDU of length APDULEN to SLOT and return a maximum of *BUFLEN data in BUFFER, the actual retruned size will be set to BUFLEN. Returns: CT API error code. */ static int ct_send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo) { int rc; unsigned char dad[1], sad[1]; unsigned short ctbuflen; /* If we don't have an ATR, we need to reset the reader first. */ if (!reader_table[slot].atrlen && (rc = reset_ct_reader (slot))) return rc; dad[0] = 0; /* Destination address: Card. */ sad[0] = 2; /* Source address: Host. */ ctbuflen = *buflen; if (DBG_CARD_IO) log_printhex (" CT_data:", apdu, apdulen); rc = CT_data (slot, dad, sad, apdulen, apdu, &ctbuflen, buffer); *buflen = ctbuflen; return rc? SW_HOST_CARD_IO_ERROR: 0; } /* Open a reader and return an internal handle for it. PORT is a non-negative value with the port number of the reader. USB readers do have port numbers starting at 32769. */ static int open_ct_reader (int port) { int rc, reader; if (port < 0 || port > 0xffff) { log_error ("open_ct_reader: invalid port %d requested\n", port); return -1; } reader = new_reader_slot (); if (reader == -1) return reader; reader_table[reader].port = port; rc = CT_init (reader, (unsigned short)port); if (rc) { log_error ("apdu_open_ct_reader failed on port %d: %s\n", port, ct_error_string (rc)); reader_table[reader].used = 0; return -1; } /* Only try to activate the card. */ rc = ct_activate_card (reader); if (rc) { reader_table[reader].atrlen = 0; rc = 0; } reader_table[reader].close_reader = close_ct_reader; reader_table[reader].reset_reader = reset_ct_reader; reader_table[reader].get_status_reader = ct_get_status; reader_table[reader].send_apdu_reader = ct_send_apdu; reader_table[reader].check_keypad = NULL; reader_table[reader].dump_status_reader = ct_dump_reader_status; dump_reader_status (reader); return reader; } /* PC/SC Interface */ #ifdef NEED_PCSC_WRAPPER static int writen (int fd, const void *buf, size_t nbytes) { size_t nleft = nbytes; int nwritten; /* log_printhex (" writen:", buf, nbytes); */ while (nleft > 0) { #ifdef USE_GNU_PTH nwritten = pth_write (fd, buf, nleft); #else nwritten = write (fd, buf, nleft); #endif if (nwritten < 0 && errno == EINTR) continue; if (nwritten < 0) return -1; nleft -= nwritten; buf = (const char*)buf + nwritten; } return 0; } /* Read up to BUFLEN bytes from FD and return the number of bytes actually read in NREAD. Returns -1 on error or 0 on success. */ static int readn (int fd, void *buf, size_t buflen, size_t *nread) { size_t nleft = buflen; int n; /* void *orig_buf = buf; */ while (nleft > 0) { #ifdef USE_GNU_PTH n = pth_read (fd, buf, nleft); #else n = read (fd, buf, nleft); #endif if (n < 0 && errno == EINTR) continue; if (n < 0) return -1; /* read error. */ if (!n) break; /* EOF */ nleft -= n; buf = (char*)buf + n; } if (nread) *nread = buflen - nleft; /* log_printhex (" readn:", orig_buf, *nread); */ return 0; } #endif /*NEED_PCSC_WRAPPER*/ static const char * pcsc_error_string (long err) { const char *s; if (!err) return "okay"; if ((err & 0x80100000) != 0x80100000) return "invalid PC/SC error code"; err &= 0xffff; switch (err) { case 0x0002: s = "cancelled"; break; case 0x000e: s = "can't dispose"; break; case 0x0008: s = "insufficient buffer"; break; case 0x0015: s = "invalid ATR"; break; case 0x0003: s = "invalid handle"; break; case 0x0004: s = "invalid parameter"; break; case 0x0005: s = "invalid target"; break; case 0x0011: s = "invalid value"; break; case 0x0006: s = "no memory"; break; case 0x0013: s = "comm error"; break; case 0x0001: s = "internal error"; break; case 0x0014: s = "unknown error"; break; case 0x0007: s = "waited too long"; break; case 0x0009: s = "unknown reader"; break; case 0x000a: s = "timeout"; break; case 0x000b: s = "sharing violation"; break; case 0x000c: s = "no smartcard"; break; case 0x000d: s = "unknown card"; break; case 0x000f: s = "proto mismatch"; break; case 0x0010: s = "not ready"; break; case 0x0012: s = "system cancelled"; break; case 0x0016: s = "not transacted"; break; case 0x0017: s = "reader unavailable"; break; case 0x0065: s = "unsupported card"; break; case 0x0066: s = "unresponsive card"; break; case 0x0067: s = "unpowered card"; break; case 0x0068: s = "reset card"; break; case 0x0069: s = "removed card"; break; case 0x006a: s = "inserted card"; break; case 0x001f: s = "unsupported feature"; break; case 0x0019: s = "PCI too small"; break; case 0x001a: s = "reader unsupported"; break; case 0x001b: s = "duplicate reader"; break; case 0x001c: s = "card unsupported"; break; case 0x001d: s = "no service"; break; case 0x001e: s = "service stopped"; break; default: s = "unknown PC/SC error code"; break; } return s; } /* Map PC/SC error codes to our special host status words. */ static int pcsc_error_to_sw (long ec) { int rc; switch (ec) { case 0: rc = 0; break; case PCSC_E_CANCELLED: rc = SW_HOST_ABORTED; break; case PCSC_E_NO_MEMORY: rc = SW_HOST_OUT_OF_CORE; break; case PCSC_E_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break; case PCSC_E_SHARING_VIOLATION: rc = SW_HOST_LOCKING_FAILED; break; case PCSC_E_NO_SMARTCARD: rc = SW_HOST_NO_CARD; break; case PCSC_W_REMOVED_CARD: rc = SW_HOST_NO_CARD; break; case PCSC_E_INVALID_TARGET: case PCSC_E_INVALID_VALUE: case PCSC_E_INVALID_HANDLE: case PCSC_E_INVALID_PARAMETER: case PCSC_E_INSUFFICIENT_BUFFER: rc = SW_HOST_INV_VALUE; break; default: rc = SW_HOST_GENERAL_ERROR; break; } return rc; } static void dump_pcsc_reader_status (int slot) { log_info ("reader slot %d: active protocol:", slot); if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T0)) log_printf (" T0"); else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1)) log_printf (" T1"); else if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_RAW)) log_printf (" raw"); log_printf ("\n"); } /* Send an PC/SC reset command and return a status word on error or 0 on success. */ static int reset_pcsc_reader (int slot) { #ifdef NEED_PCSC_WRAPPER long err; reader_table_t slotp; size_t len; int i, n; unsigned char msgbuf[9]; unsigned int dummy_status; int sw = SW_HOST_CARD_IO_ERROR; slotp = reader_table + slot; if (slotp->pcsc.req_fd == -1 || slotp->pcsc.rsp_fd == -1 || slotp->pcsc.pid == (pid_t)(-1) ) { log_error ("pcsc_get_status: pcsc-wrapper not running\n"); return sw; } msgbuf[0] = 0x05; /* RESET command. */ len = 0; msgbuf[1] = (len >> 24); msgbuf[2] = (len >> 16); msgbuf[3] = (len >> 8); msgbuf[4] = (len ); if ( writen (slotp->pcsc.req_fd, msgbuf, 5) ) { log_error ("error sending PC/SC RESET request: %s\n", strerror (errno)); goto command_failed; } /* Read the response. */ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) { log_error ("error receiving PC/SC RESET response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ if (len > DIM (slotp->atr)) { log_error ("PC/SC returned a too large ATR (len=%lx)\n", (unsigned long)len); sw = SW_HOST_GENERAL_ERROR; goto command_failed; } err = (msgbuf[5] << 24) | (msgbuf[6] << 16) | (msgbuf[7] << 8 ) | msgbuf[8]; if (err) { log_error ("PC/SC RESET failed: %s (0x%lx)\n", pcsc_error_string (err), err); /* If the error code is no smart card, we should not considere this a major error and close the wrapper. */ sw = pcsc_error_to_sw (err); if (err == PCSC_E_NO_SMARTCARD) return sw; goto command_failed; } /* The open function may return a zero for the ATR length to indicate that no card is present. */ n = len; if (n) { if ((i=readn (slotp->pcsc.rsp_fd, slotp->atr, n, &len)) || len != n) { log_error ("error receiving PC/SC RESET response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } } slotp->atrlen = len; /* Read the status so that IS_T0 will be set. */ pcsc_get_status (slot, &dummy_status); return 0; command_failed: close (slotp->pcsc.req_fd); close (slotp->pcsc.rsp_fd); slotp->pcsc.req_fd = -1; slotp->pcsc.rsp_fd = -1; kill (slotp->pcsc.pid, SIGTERM); slotp->pcsc.pid = (pid_t)(-1); slotp->used = 0; return sw; #else /* !NEED_PCSC_WRAPPER */ long err; char reader[250]; unsigned long nreader, atrlen; unsigned long card_state, card_protocol; if (reader_table[slot].pcsc.card) { err = pcsc_disconnect (reader_table[slot].pcsc.card, PCSC_LEAVE_CARD); if (err) { log_error ("pcsc_disconnect failed: %s (0x%lx)\n", pcsc_error_string (err), err); return SW_HOST_CARD_IO_ERROR; } reader_table[slot].pcsc.card = 0; } err = pcsc_connect (reader_table[slot].pcsc.context, reader_table[slot].rdrname, PCSC_SHARE_EXCLUSIVE, PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, &reader_table[slot].pcsc.card, &reader_table[slot].pcsc.protocol); if (err) { log_error ("pcsc_connect failed: %s (0x%lx)\n", pcsc_error_string (err), err); reader_table[slot].pcsc.card = 0; return pcsc_error_to_sw (err); } atrlen = 33; nreader = sizeof reader - 1; err = pcsc_status (reader_table[slot].pcsc.card, reader, &nreader, &card_state, &card_protocol, reader_table[slot].atr, &atrlen); if (err) { log_error ("pcsc_status failed: %s (0x%lx)\n", pcsc_error_string (err), err); reader_table[slot].atrlen = 0; return pcsc_error_to_sw (err); } if (atrlen >= DIM (reader_table[0].atr)) log_bug ("ATR returned by pcsc_status is too large\n"); reader_table[slot].atrlen = atrlen; reader_table[slot].is_t0 = !!(card_protocol & PCSC_PROTOCOL_T0); return 0; #endif /* !NEED_PCSC_WRAPPER */ } static int pcsc_get_status (int slot, unsigned int *status) { #ifdef NEED_PCSC_WRAPPER long err; reader_table_t slotp; size_t len, full_len; int i, n; unsigned char msgbuf[9]; unsigned char buffer[16]; int sw = SW_HOST_CARD_IO_ERROR; slotp = reader_table + slot; if (slotp->pcsc.req_fd == -1 || slotp->pcsc.rsp_fd == -1 || slotp->pcsc.pid == (pid_t)(-1) ) { log_error ("pcsc_get_status: pcsc-wrapper not running\n"); return sw; } msgbuf[0] = 0x04; /* STATUS command. */ len = 0; msgbuf[1] = (len >> 24); msgbuf[2] = (len >> 16); msgbuf[3] = (len >> 8); msgbuf[4] = (len ); if ( writen (slotp->pcsc.req_fd, msgbuf, 5) ) { log_error ("error sending PC/SC STATUS request: %s\n", strerror (errno)); goto command_failed; } /* Read the response. */ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) { log_error ("error receiving PC/SC STATUS response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ err = (msgbuf[5] << 24) | (msgbuf[6] << 16) | (msgbuf[7] << 8 ) | msgbuf[8]; if (err) { log_error ("pcsc_status failed: %s (0x%lx)\n", pcsc_error_string (err), err); /* This is a proper error code, so return immediately. */ return pcsc_error_to_sw (err); } full_len = len; /* The current version returns 3 words but we allow also for old versions returning only 2 words. */ n = 12 < len ? 12 : len; if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || (len != 8 && len != 12)) { log_error ("error receiving PC/SC STATUS response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } slotp->is_t0 = (len == 12 && !!(buffer[11] & PCSC_PROTOCOL_T0)); full_len -= len; /* Newer versions of the wrapper might send more status bytes. Read them. */ while (full_len) { unsigned char dummybuf[128]; n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf); if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n) { log_error ("error receiving PC/SC TRANSMIT response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } full_len -= n; } /* We are lucky: The wrapper already returns the data in the required format. */ *status = buffer[3]; return 0; command_failed: close (slotp->pcsc.req_fd); close (slotp->pcsc.rsp_fd); slotp->pcsc.req_fd = -1; slotp->pcsc.rsp_fd = -1; kill (slotp->pcsc.pid, SIGTERM); slotp->pcsc.pid = (pid_t)(-1); slotp->used = 0; return sw; #else /*!NEED_PCSC_WRAPPER*/ long err; struct pcsc_readerstate_s rdrstates[1]; memset (rdrstates, 0, sizeof *rdrstates); rdrstates[0].reader = reader_table[slot].rdrname; rdrstates[0].current_state = PCSC_STATE_UNAWARE; err = pcsc_get_status_change (reader_table[slot].pcsc.context, 0, rdrstates, 1); if (err == PCSC_E_TIMEOUT) err = 0; /* Timeout is no error error here. */ if (err) { log_error ("pcsc_get_status_change failed: %s (0x%lx)\n", pcsc_error_string (err), err); return pcsc_error_to_sw (err); } /* log_debug */ /* ("pcsc_get_status_change: %s%s%s%s%s%s%s%s%s%s\n", */ /* (rdrstates[0].event_state & PCSC_STATE_IGNORE)? " ignore":"", */ /* (rdrstates[0].event_state & PCSC_STATE_CHANGED)? " changed":"", */ /* (rdrstates[0].event_state & PCSC_STATE_UNKNOWN)? " unknown":"", */ /* (rdrstates[0].event_state & PCSC_STATE_UNAVAILABLE)?" unavail":"", */ /* (rdrstates[0].event_state & PCSC_STATE_EMPTY)? " empty":"", */ /* (rdrstates[0].event_state & PCSC_STATE_PRESENT)? " present":"", */ /* (rdrstates[0].event_state & PCSC_STATE_ATRMATCH)? " atr":"", */ /* (rdrstates[0].event_state & PCSC_STATE_EXCLUSIVE)? " excl":"", */ /* (rdrstates[0].event_state & PCSC_STATE_INUSE)? " unuse":"", */ /* (rdrstates[0].event_state & PCSC_STATE_MUTE)? " mute":"" ); */ *status = 0; if ( (rdrstates[0].event_state & PCSC_STATE_PRESENT) ) *status |= 2; if ( !(rdrstates[0].event_state & PCSC_STATE_MUTE) ) *status |= 4; /* We indicate a useful card if it is not in use by another application. This is because we only use exclusive access mode. */ if ( (*status & 6) == 6 && !(rdrstates[0].event_state & PCSC_STATE_INUSE) ) *status |= 1; return 0; #endif /*!NEED_PCSC_WRAPPER*/ } /* Actually send the APDU of length APDULEN to SLOT and return a maximum of *BUFLEN data in BUFFER, the actual returned size will be set to BUFLEN. Returns: CT API error code. */ static int pcsc_send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo) { #ifdef NEED_PCSC_WRAPPER long err; reader_table_t slotp; size_t len, full_len; int i, n; unsigned char msgbuf[9]; int sw = SW_HOST_CARD_IO_ERROR; if (!reader_table[slot].atrlen && (err = reset_pcsc_reader (slot))) return err; if (DBG_CARD_IO) log_printhex (" PCSC_data:", apdu, apdulen); slotp = reader_table + slot; if (slotp->pcsc.req_fd == -1 || slotp->pcsc.rsp_fd == -1 || slotp->pcsc.pid == (pid_t)(-1) ) { log_error ("pcsc_send_apdu: pcsc-wrapper not running\n"); return sw; } msgbuf[0] = 0x03; /* TRANSMIT command. */ len = apdulen; msgbuf[1] = (len >> 24); msgbuf[2] = (len >> 16); msgbuf[3] = (len >> 8); msgbuf[4] = (len ); if ( writen (slotp->pcsc.req_fd, msgbuf, 5) || writen (slotp->pcsc.req_fd, apdu, len)) { log_error ("error sending PC/SC TRANSMIT request: %s\n", strerror (errno)); goto command_failed; } /* Read the response. */ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) { log_error ("error receiving PC/SC TRANSMIT response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ err = (msgbuf[5] << 24) | (msgbuf[6] << 16) | (msgbuf[7] << 8 ) | msgbuf[8]; if (err) { log_error ("pcsc_transmit failed: %s (0x%lx)\n", pcsc_error_string (err), err); return pcsc_error_to_sw (err); } full_len = len; n = *buflen < len ? *buflen : len; if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || len != n) { log_error ("error receiving PC/SC TRANSMIT response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } *buflen = n; full_len -= len; if (full_len) { log_error ("pcsc_send_apdu: provided buffer too short - truncated\n"); err = SW_HOST_INV_VALUE; } /* We need to read any rest of the response, to keep the protocol runnng. */ while (full_len) { unsigned char dummybuf[128]; n = full_len < DIM (dummybuf) ? full_len : DIM (dummybuf); if ((i=readn (slotp->pcsc.rsp_fd, dummybuf, n, &len)) || len != n) { log_error ("error receiving PC/SC TRANSMIT response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } full_len -= n; } return err; command_failed: close (slotp->pcsc.req_fd); close (slotp->pcsc.rsp_fd); slotp->pcsc.req_fd = -1; slotp->pcsc.rsp_fd = -1; kill (slotp->pcsc.pid, SIGTERM); slotp->pcsc.pid = (pid_t)(-1); slotp->used = 0; return sw; #else /*!NEED_PCSC_WRAPPER*/ long err; struct pcsc_io_request_s send_pci; unsigned long recv_len; if (!reader_table[slot].atrlen && (err = reset_pcsc_reader (slot))) return err; if (DBG_CARD_IO) log_printhex (" PCSC_data:", apdu, apdulen); if ((reader_table[slot].pcsc.protocol & PCSC_PROTOCOL_T1)) send_pci.protocol = PCSC_PROTOCOL_T1; else send_pci.protocol = PCSC_PROTOCOL_T0; send_pci.pci_len = sizeof send_pci; recv_len = *buflen; err = pcsc_transmit (reader_table[slot].pcsc.card, &send_pci, apdu, apdulen, NULL, buffer, &recv_len); *buflen = recv_len; if (err) log_error ("pcsc_transmit failed: %s (0x%lx)\n", pcsc_error_string (err), err); return pcsc_error_to_sw (err); #endif /*!NEED_PCSC_WRAPPER*/ } static int close_pcsc_reader (int slot) { #ifdef NEED_PCSC_WRAPPER long err; reader_table_t slotp; size_t len; int i; unsigned char msgbuf[9]; slotp = reader_table + slot; if (slotp->pcsc.req_fd == -1 || slotp->pcsc.rsp_fd == -1 || slotp->pcsc.pid == (pid_t)(-1) ) { log_error ("close_pcsc_reader: pcsc-wrapper not running\n"); return 0; } msgbuf[0] = 0x02; /* CLOSE command. */ len = 0; msgbuf[1] = (len >> 24); msgbuf[2] = (len >> 16); msgbuf[3] = (len >> 8); msgbuf[4] = (len ); if ( writen (slotp->pcsc.req_fd, msgbuf, 5) ) { log_error ("error sending PC/SC CLOSE request: %s\n", strerror (errno)); goto command_failed; } /* Read the response. */ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) { log_error ("error receiving PC/SC CLOSE response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ err = (msgbuf[5] << 24) | (msgbuf[6] << 16) | (msgbuf[7] << 8 ) | msgbuf[8]; if (err) log_error ("pcsc_close failed: %s (0x%lx)\n", pcsc_error_string (err), err); /* We will close the wrapper in any case - errors are merely informational. */ command_failed: close (slotp->pcsc.req_fd); close (slotp->pcsc.rsp_fd); slotp->pcsc.req_fd = -1; slotp->pcsc.rsp_fd = -1; kill (slotp->pcsc.pid, SIGTERM); slotp->pcsc.pid = (pid_t)(-1); slotp->used = 0; return 0; #else /*!NEED_PCSC_WRAPPER*/ pcsc_release_context (reader_table[slot].pcsc.context); xfree (reader_table[slot].rdrname); reader_table[slot].rdrname = NULL; reader_table[slot].used = 0; return 0; #endif /*!NEED_PCSC_WRAPPER*/ } /* Note: It is a pitty that we can't return proper error codes. */ static int open_pcsc_reader (const char *portstr) { #ifdef NEED_PCSC_WRAPPER /* Open the PC/SC reader using the pcsc_wrapper program. This is needed to cope with different thread models and other peculiarities of libpcsclite. */ int slot; reader_table_t slotp; int fd, rp[2], wp[2]; int n, i; pid_t pid; size_t len; unsigned char msgbuf[9]; int err; unsigned int dummy_status; int sw = SW_HOST_CARD_IO_ERROR; const char *wrapperpgm = GNUPG_LIBDIR "/pcsc-wrapper"; if (access (wrapperpgm, X_OK)) { log_error ("can't run PC/SC access module `%s': %s\n", wrapperpgm, strerror (errno)); return -1; } slot = new_reader_slot (); if (slot == -1) return -1; slotp = reader_table + slot; /* Fire up the pcsc wrapper. We don't use any fork/exec code from the common directy but implement it direclty so that this file may still be source copied. */ if (pipe (rp) == -1) { log_error ("error creating a pipe: %s\n", strerror (errno)); slotp->used = 0; return -1; } if (pipe (wp) == -1) { log_error ("error creating a pipe: %s\n", strerror (errno)); close (rp[0]); close (rp[1]); slotp->used = 0; return -1; } pid = fork (); if (pid == -1) { log_error ("error forking process: %s\n", strerror (errno)); close (rp[0]); close (rp[1]); close (wp[0]); close (wp[1]); slotp->used = 0; return -1; } slotp->pcsc.pid = pid; if (!pid) { /* === Child === */ /* Double fork. */ pid = fork (); if (pid == -1) _exit (31); if (pid) _exit (0); /* Immediate exit this parent, so that the child gets cleaned up by the init process. */ /* Connect our pipes. */ if (wp[0] != 0 && dup2 (wp[0], 0) == -1) log_fatal ("dup2 stdin failed: %s\n", strerror (errno)); if (rp[1] != 1 && dup2 (rp[1], 1) == -1) log_fatal ("dup2 stdout failed: %s\n", strerror (errno)); /* Send stderr to the bit bucket. */ fd = open ("/dev/null", O_WRONLY); if (fd == -1) log_fatal ("can't open `/dev/null': %s", strerror (errno)); if (fd != 2 && dup2 (fd, 2) == -1) log_fatal ("dup2 stderr failed: %s\n", strerror (errno)); /* Close all other files. */ n = sysconf (_SC_OPEN_MAX); if (n < 0) n = MAX_OPEN_FDS; for (i=3; i < n; i++) close(i); errno = 0; execl (wrapperpgm, "pcsc-wrapper", "--", "1", /* API version */ opt.pcsc_driver, /* Name of the PC/SC library. */ NULL); _exit (31); } /* === Parent === */ close (wp[0]); close (rp[1]); slotp->pcsc.req_fd = wp[1]; slotp->pcsc.rsp_fd = rp[0]; /* Wait for the intermediate child to terminate. */ #ifdef USE_GNU_PTH #define WAIT pth_waitpid #else #define WAIT waitpid #endif while ( (i=WAIT (pid, NULL, 0)) == -1 && errno == EINTR) ; #undef X /* Now send the open request. */ msgbuf[0] = 0x01; /* OPEN command. */ len = portstr? strlen (portstr):0; msgbuf[1] = (len >> 24); msgbuf[2] = (len >> 16); msgbuf[3] = (len >> 8); msgbuf[4] = (len ); if ( writen (slotp->pcsc.req_fd, msgbuf, 5) || (portstr && writen (slotp->pcsc.req_fd, portstr, len))) { log_error ("error sending PC/SC OPEN request: %s\n", strerror (errno)); goto command_failed; } /* Read the response. */ if ((i=readn (slotp->pcsc.rsp_fd, msgbuf, 9, &len)) || len != 9) { log_error ("error receiving PC/SC OPEN response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; if (msgbuf[0] != 0x81 || len < 4) { log_error ("invalid response header from PC/SC received\n"); goto command_failed; } len -= 4; /* Already read the error code. */ if (len > DIM (slotp->atr)) { log_error ("PC/SC returned a too large ATR (len=%lx)\n", (unsigned long)len); goto command_failed; } err = (msgbuf[5] << 24) | (msgbuf[6] << 16) | (msgbuf[7] << 8 ) | msgbuf[8]; if (err) { log_error ("PC/SC OPEN failed: %s\n", pcsc_error_string (err)); sw = pcsc_error_to_sw (err); goto command_failed; } slotp->last_status = 0; /* The open request may return a zero for the ATR length to indicate that no card is present. */ n = len; if (n) { if ((i=readn (slotp->pcsc.rsp_fd, slotp->atr, n, &len)) || len != n) { log_error ("error receiving PC/SC OPEN response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } /* If we got to here we know that a card is present and usable. Thus remember this. */ slotp->last_status = (1|2|4| 0x8000); } slotp->atrlen = len; reader_table[slot].close_reader = close_pcsc_reader; reader_table[slot].reset_reader = reset_pcsc_reader; reader_table[slot].get_status_reader = pcsc_get_status; reader_table[slot].send_apdu_reader = pcsc_send_apdu; reader_table[slot].check_keypad = NULL; reader_table[slot].dump_status_reader = dump_pcsc_reader_status; /* Read the status so that IS_T0 will be set. */ pcsc_get_status (slot, &dummy_status); dump_reader_status (slot); return slot; command_failed: close (slotp->pcsc.req_fd); close (slotp->pcsc.rsp_fd); slotp->pcsc.req_fd = -1; slotp->pcsc.rsp_fd = -1; kill (slotp->pcsc.pid, SIGTERM); slotp->pcsc.pid = (pid_t)(-1); slotp->used = 0; /* There is no way to return SW. */ return -1; #else /*!NEED_PCSC_WRAPPER */ long err; int slot; char *list = NULL; unsigned long nreader, listlen, atrlen; char *p; unsigned long card_state, card_protocol; slot = new_reader_slot (); if (slot == -1) return -1; err = pcsc_establish_context (PCSC_SCOPE_SYSTEM, NULL, NULL, &reader_table[slot].pcsc.context); if (err) { log_error ("pcsc_establish_context failed: %s (0x%lx)\n", pcsc_error_string (err), err); reader_table[slot].used = 0; return -1; } err = pcsc_list_readers (reader_table[slot].pcsc.context, NULL, NULL, &nreader); if (!err) { list = xtrymalloc (nreader+1); /* Better add 1 for safety reasons. */ if (!list) { log_error ("error allocating memory for reader list\n"); pcsc_release_context (reader_table[slot].pcsc.context); reader_table[slot].used = 0; return -1 /*SW_HOST_OUT_OF_CORE*/; } err = pcsc_list_readers (reader_table[slot].pcsc.context, NULL, list, &nreader); } if (err) { log_error ("pcsc_list_readers failed: %s (0x%lx)\n", pcsc_error_string (err), err); pcsc_release_context (reader_table[slot].pcsc.context); reader_table[slot].used = 0; xfree (list); return -1 /*pcsc_error_to_sw (err)*/; } listlen = nreader; p = list; while (nreader) { if (!*p && !p[1]) break; if (*p) log_info ("detected reader `%s'\n", p); if (nreader < (strlen (p)+1)) { log_error ("invalid response from pcsc_list_readers\n"); break; } nreader -= strlen (p)+1; p += strlen (p) + 1; } reader_table[slot].rdrname = xtrymalloc (strlen (portstr? portstr : list)+1); if (!reader_table[slot].rdrname) { log_error ("error allocating memory for reader name\n"); pcsc_release_context (reader_table[slot].pcsc.context); reader_table[slot].used = 0; return -1 /*SW_HOST_OUT_OF_CORE*/; } strcpy (reader_table[slot].rdrname, portstr? portstr : list); xfree (list); + list = NULL; err = pcsc_connect (reader_table[slot].pcsc.context, reader_table[slot].rdrname, PCSC_SHARE_EXCLUSIVE, PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, &reader_table[slot].pcsc.card, &reader_table[slot].pcsc.protocol); if (err == PCSC_E_NO_SMARTCARD) reader_table[slot].pcsc.card = 0; else if (err) { log_error ("pcsc_connect failed: %s (0x%lx)\n", pcsc_error_string (err), err); pcsc_release_context (reader_table[slot].pcsc.context); xfree (reader_table[slot].rdrname); reader_table[slot].rdrname = NULL; reader_table[slot].used = 0; - xfree (list); return -1 /*pcsc_error_to_sw (err)*/; } reader_table[slot].atrlen = 0; reader_table[slot].last_status = 0; if (!err) { char reader[250]; unsigned long readerlen; atrlen = 32; readerlen = sizeof reader -1 ; err = pcsc_status (reader_table[slot].pcsc.card, reader, &readerlen, &card_state, &card_protocol, reader_table[slot].atr, &atrlen); if (err) log_error ("pcsc_status failed: %s (0x%lx) %lu\n", pcsc_error_string (err), err, readerlen); else { if (atrlen >= DIM (reader_table[0].atr)) log_bug ("ATR returned by pcsc_status is too large\n"); reader_table[slot].atrlen = atrlen; /* If we got to here we know that a card is present and usable. Thus remember this. */ reader_table[slot].last_status = (1|2|4| 0x8000); reader_table[slot].is_t0 = !!(card_protocol & PCSC_PROTOCOL_T0); } } reader_table[slot].close_reader = close_pcsc_reader; reader_table[slot].reset_reader = reset_pcsc_reader; reader_table[slot].get_status_reader = pcsc_get_status; reader_table[slot].send_apdu_reader = pcsc_send_apdu; reader_table[slot].check_keypad = NULL; reader_table[slot].dump_status_reader = dump_pcsc_reader_status; /* log_debug ("state from pcsc_status: 0x%lx\n", card_state); */ /* log_debug ("protocol from pcsc_status: 0x%lx\n", card_protocol); */ dump_reader_status (slot); return slot; #endif /*!NEED_PCSC_WRAPPER */ } #ifdef HAVE_LIBUSB /* Internal CCID driver interface. */ static void dump_ccid_reader_status (int slot) { log_info ("reader slot %d: using ccid driver\n", slot); } static int close_ccid_reader (int slot) { ccid_close_reader (reader_table[slot].ccid.handle); reader_table[slot].used = 0; return 0; } static int shutdown_ccid_reader (int slot) { ccid_shutdown_reader (reader_table[slot].ccid.handle); return 0; } static int reset_ccid_reader (int slot) { int err; reader_table_t slotp = reader_table + slot; unsigned char atr[33]; size_t atrlen; err = ccid_get_atr (slotp->ccid.handle, atr, sizeof atr, &atrlen); if (err) return err; /* If the reset was successful, update the ATR. */ assert (sizeof slotp->atr >= sizeof atr); slotp->atrlen = atrlen; memcpy (slotp->atr, atr, atrlen); dump_reader_status (slot); return 0; } static int get_status_ccid (int slot, unsigned int *status) { int rc; int bits; rc = ccid_slot_status (reader_table[slot].ccid.handle, &bits); if (rc) return -1; if (bits == 0) *status = 1|2|4; else if (bits == 1) *status = 2; else *status = 0; return 0; } /* Actually send the APDU of length APDULEN to SLOT and return a maximum of *BUFLEN data in BUFFER, the actual returned size will be set to BUFLEN. Returns: Internal CCID driver error code. */ static int send_apdu_ccid (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo) { long err; size_t maxbuflen; /* If we don't have an ATR, we need to reset the reader first. */ if (!reader_table[slot].atrlen && (err = reset_ccid_reader (slot))) return err; if (DBG_CARD_IO) log_printhex (" APDU_data:", apdu, apdulen); maxbuflen = *buflen; if (pininfo) err = ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, apdulen, pininfo->mode, pininfo->minlen, pininfo->maxlen, pininfo->padlen, buffer, maxbuflen, buflen); else err = ccid_transceive (reader_table[slot].ccid.handle, apdu, apdulen, buffer, maxbuflen, buflen); if (err) log_error ("ccid_transceive failed: (0x%lx)\n", err); return err; } /* Check whether the CCID reader supports the ISO command code COMMAND on the keypad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ static int check_ccid_keypad (int slot, int command, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen) { unsigned char apdu[] = { 0, 0, 0, 0x81 }; apdu[1] = command; return ccid_transceive_secure (reader_table[slot].ccid.handle, apdu, sizeof apdu, pin_mode, pinlen_min, pinlen_max, pin_padlen, NULL, 0, NULL); } /* Open the reader and try to read an ATR. */ static int open_ccid_reader (const char *portstr) { int err; int slot; reader_table_t slotp; slot = new_reader_slot (); if (slot == -1) return -1; slotp = reader_table + slot; err = ccid_open_reader (&slotp->ccid.handle, portstr); if (err) { slotp->used = 0; return -1; } err = ccid_get_atr (slotp->ccid.handle, slotp->atr, sizeof slotp->atr, &slotp->atrlen); if (err) { slotp->atrlen = 0; err = 0; } else { /* If we got to here we know that a card is present and usable. Thus remember this. */ reader_table[slot].last_status = (1|2|4| 0x8000); } reader_table[slot].close_reader = close_ccid_reader; reader_table[slot].shutdown_reader = shutdown_ccid_reader; reader_table[slot].reset_reader = reset_ccid_reader; reader_table[slot].get_status_reader = get_status_ccid; reader_table[slot].send_apdu_reader = send_apdu_ccid; reader_table[slot].check_keypad = check_ccid_keypad; reader_table[slot].dump_status_reader = dump_ccid_reader_status; dump_reader_status (slot); return slot; } #endif /* HAVE_LIBUSB */ #ifdef USE_G10CODE_RAPDU /* The Remote APDU Interface. This uses the Remote APDU protocol to contact a reader. The port number is actually an index into the list of ports as returned via the protocol. */ static int rapdu_status_to_sw (int status) { int rc; switch (status) { case RAPDU_STATUS_SUCCESS: rc = 0; break; case RAPDU_STATUS_INVCMD: case RAPDU_STATUS_INVPROT: case RAPDU_STATUS_INVSEQ: case RAPDU_STATUS_INVCOOKIE: case RAPDU_STATUS_INVREADER: rc = SW_HOST_INV_VALUE; break; case RAPDU_STATUS_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break; case RAPDU_STATUS_CARDIO: rc = SW_HOST_CARD_IO_ERROR; break; case RAPDU_STATUS_NOCARD: rc = SW_HOST_NO_CARD; break; case RAPDU_STATUS_CARDCHG: rc = SW_HOST_NO_CARD; break; case RAPDU_STATUS_BUSY: rc = SW_HOST_BUSY; break; case RAPDU_STATUS_NEEDRESET: rc = SW_HOST_CARD_INACTIVE; break; default: rc = SW_HOST_GENERAL_ERROR; break; } return rc; } static int close_rapdu_reader (int slot) { rapdu_release (reader_table[slot].rapdu.handle); reader_table[slot].used = 0; return 0; } static int reset_rapdu_reader (int slot) { int err; reader_table_t slotp; rapdu_msg_t msg = NULL; slotp = reader_table + slot; err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_RESET); if (err) { log_error ("sending rapdu command RESET failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } err = rapdu_read_msg (slotp->rapdu.handle, &msg); if (err) { log_error ("receiving rapdu message failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen) { int sw = rapdu_status_to_sw (msg->cmd); log_error ("rapdu command RESET failed: %s\n", rapdu_strerror (msg->cmd)); rapdu_msg_release (msg); return sw; } if (msg->datalen >= DIM (slotp->atr)) { log_error ("ATR returned by the RAPDU layer is too large\n"); rapdu_msg_release (msg); return SW_HOST_INV_VALUE; } slotp->atrlen = msg->datalen; memcpy (slotp->atr, msg->data, msg->datalen); rapdu_msg_release (msg); return 0; } static int my_rapdu_get_status (int slot, unsigned int *status) { int err; reader_table_t slotp; rapdu_msg_t msg = NULL; int oldslot; slotp = reader_table + slot; oldslot = rapdu_set_reader (slotp->rapdu.handle, slot); err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_GET_STATUS); rapdu_set_reader (slotp->rapdu.handle, oldslot); if (err) { log_error ("sending rapdu command GET_STATUS failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); return rapdu_status_to_sw (err); } err = rapdu_read_msg (slotp->rapdu.handle, &msg); if (err) { log_error ("receiving rapdu message failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen) { int sw = rapdu_status_to_sw (msg->cmd); log_error ("rapdu command GET_STATUS failed: %s\n", rapdu_strerror (msg->cmd)); rapdu_msg_release (msg); return sw; } *status = msg->data[0]; rapdu_msg_release (msg); return 0; } /* Actually send the APDU of length APDULEN to SLOT and return a maximum of *BUFLEN data in BUFFER, the actual returned size will be set to BUFLEN. Returns: APDU error code. */ static int my_rapdu_send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo) { int err; reader_table_t slotp; rapdu_msg_t msg = NULL; size_t maxlen = *buflen; slotp = reader_table + slot; *buflen = 0; if (DBG_CARD_IO) log_printhex (" APDU_data:", apdu, apdulen); if (apdulen < 4) { log_error ("rapdu_send_apdu: APDU is too short\n"); return SW_HOST_INV_VALUE; } err = rapdu_send_apdu (slotp->rapdu.handle, apdu, apdulen); if (err) { log_error ("sending rapdu command APDU failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } err = rapdu_read_msg (slotp->rapdu.handle, &msg); if (err) { log_error ("receiving rapdu message failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); rapdu_msg_release (msg); return rapdu_status_to_sw (err); } if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen) { int sw = rapdu_status_to_sw (msg->cmd); log_error ("rapdu command APDU failed: %s\n", rapdu_strerror (msg->cmd)); rapdu_msg_release (msg); return sw; } if (msg->datalen > maxlen) { log_error ("rapdu response apdu too large\n"); rapdu_msg_release (msg); return SW_HOST_INV_VALUE; } *buflen = msg->datalen; memcpy (buffer, msg->data, msg->datalen); rapdu_msg_release (msg); return 0; } static int open_rapdu_reader (int portno, const unsigned char *cookie, size_t length, int (*readfnc) (void *opaque, void *buffer, size_t size), void *readfnc_value, int (*writefnc) (void *opaque, const void *buffer, size_t size), void *writefnc_value, void (*closefnc) (void *opaque), void *closefnc_value) { int err; int slot; reader_table_t slotp; rapdu_msg_t msg = NULL; slot = new_reader_slot (); if (slot == -1) return -1; slotp = reader_table + slot; slotp->rapdu.handle = rapdu_new (); if (!slotp->rapdu.handle) { slotp->used = 0; return -1; } rapdu_set_reader (slotp->rapdu.handle, portno); rapdu_set_iofunc (slotp->rapdu.handle, readfnc, readfnc_value, writefnc, writefnc_value, closefnc, closefnc_value); rapdu_set_cookie (slotp->rapdu.handle, cookie, length); /* First try to get the current ATR, but if the card is inactive issue a reset instead. */ err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_GET_ATR); if (err == RAPDU_STATUS_NEEDRESET) err = rapdu_send_cmd (slotp->rapdu.handle, RAPDU_CMD_RESET); if (err) { log_info ("sending rapdu command GET_ATR/RESET failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); goto failure; } err = rapdu_read_msg (slotp->rapdu.handle, &msg); if (err) { log_info ("receiving rapdu message failed: %s\n", err < 0 ? strerror (errno): rapdu_strerror (err)); goto failure; } if (msg->cmd != RAPDU_STATUS_SUCCESS || !msg->datalen) { log_info ("rapdu command GET ATR failed: %s\n", rapdu_strerror (msg->cmd)); goto failure; } if (msg->datalen >= DIM (slotp->atr)) { log_error ("ATR returned by the RAPDU layer is too large\n"); goto failure; } slotp->atrlen = msg->datalen; memcpy (slotp->atr, msg->data, msg->datalen); reader_table[slot].close_reader = close_rapdu_reader; reader_table[slot].reset_reader = reset_rapdu_reader; reader_table[slot].get_status_reader = my_rapdu_get_status; reader_table[slot].send_apdu_reader = my_rapdu_send_apdu; reader_table[slot].check_keypad = NULL; reader_table[slot].dump_status_reader = NULL; dump_reader_status (slot); rapdu_msg_release (msg); return slot; failure: rapdu_msg_release (msg); rapdu_release (slotp->rapdu.handle); slotp->used = 0; return -1; } #endif /*USE_G10CODE_RAPDU*/ /* Driver Access */ static int lock_slot (int slot) { #ifdef USE_GNU_PTH if (!pth_mutex_acquire (&reader_table[slot].lock, 0, NULL)) { log_error ("failed to acquire apdu lock: %s\n", strerror (errno)); return SW_HOST_LOCKING_FAILED; } #endif /*USE_GNU_PTH*/ return 0; } static int trylock_slot (int slot) { #ifdef USE_GNU_PTH if (!pth_mutex_acquire (&reader_table[slot].lock, TRUE, NULL)) { if (errno == EBUSY) return SW_HOST_BUSY; log_error ("failed to acquire apdu lock: %s\n", strerror (errno)); return SW_HOST_LOCKING_FAILED; } #endif /*USE_GNU_PTH*/ return 0; } static void unlock_slot (int slot) { #ifdef USE_GNU_PTH if (!pth_mutex_release (&reader_table[slot].lock)) log_error ("failed to release apdu lock: %s\n", strerror (errno)); #endif /*USE_GNU_PTH*/ } /* Open the reader and return an internal slot number or -1 on error. If PORTSTR is NULL we default to a suitable port (for ctAPI: the first USB reader. For PC/SC the first listed reader). */ int apdu_open_reader (const char *portstr) { static int pcsc_api_loaded, ct_api_loaded; #ifdef HAVE_LIBUSB if (!opt.disable_ccid) { int slot, i; const char *s; slot = open_ccid_reader (portstr); if (slot != -1) return slot; /* got one */ /* If a CCID reader specification has been given, the user does not want a fallback to other drivers. */ if (portstr) for (s=portstr, i=0; *s; s++) if (*s == ':' && (++i == 3)) return -1; } #endif /* HAVE_LIBUSB */ if (opt.ctapi_driver && *opt.ctapi_driver) { int port = portstr? atoi (portstr) : 32768; if (!ct_api_loaded) { void *handle; handle = dlopen (opt.ctapi_driver, RTLD_LAZY); if (!handle) { log_error ("apdu_open_reader: failed to open driver: %s\n", dlerror ()); return -1; } CT_init = dlsym (handle, "CT_init"); CT_data = dlsym (handle, "CT_data"); CT_close = dlsym (handle, "CT_close"); if (!CT_init || !CT_data || !CT_close) { log_error ("apdu_open_reader: invalid CT-API driver\n"); dlclose (handle); return -1; } ct_api_loaded = 1; } return open_ct_reader (port); } /* No ctAPI configured, so lets try the PC/SC API */ if (!pcsc_api_loaded) { #ifndef NEED_PCSC_WRAPPER void *handle; handle = dlopen (opt.pcsc_driver, RTLD_LAZY); if (!handle) { log_error ("apdu_open_reader: failed to open driver `%s': %s\n", opt.pcsc_driver, dlerror ()); return -1; } pcsc_establish_context = dlsym (handle, "SCardEstablishContext"); pcsc_release_context = dlsym (handle, "SCardReleaseContext"); pcsc_list_readers = dlsym (handle, "SCardListReaders"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_list_readers) pcsc_list_readers = dlsym (handle, "SCardListReadersA"); #endif pcsc_get_status_change = dlsym (handle, "SCardGetStatusChange"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_get_status_change) pcsc_get_status_change = dlsym (handle, "SCardGetStatusChangeA"); #endif pcsc_connect = dlsym (handle, "SCardConnect"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_connect) pcsc_connect = dlsym (handle, "SCardConnectA"); #endif pcsc_reconnect = dlsym (handle, "SCardReconnect"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_reconnect) pcsc_reconnect = dlsym (handle, "SCardReconnectA"); #endif pcsc_disconnect = dlsym (handle, "SCardDisconnect"); pcsc_status = dlsym (handle, "SCardStatus"); #if defined(_WIN32) || defined(__CYGWIN__) if (!pcsc_status) pcsc_status = dlsym (handle, "SCardStatusA"); #endif pcsc_begin_transaction = dlsym (handle, "SCardBeginTransaction"); pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); pcsc_transmit = dlsym (handle, "SCardTransmit"); pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); if (!pcsc_establish_context || !pcsc_release_context || !pcsc_list_readers || !pcsc_get_status_change || !pcsc_connect || !pcsc_reconnect || !pcsc_disconnect || !pcsc_status || !pcsc_begin_transaction || !pcsc_end_transaction || !pcsc_transmit /* || !pcsc_set_timeout */) { /* Note that set_timeout is currently not used and also not available under Windows. */ log_error ("apdu_open_reader: invalid PC/SC driver " "(%d%d%d%d%d%d%d%d%d%d%d%d)\n", !!pcsc_establish_context, !!pcsc_release_context, !!pcsc_list_readers, !!pcsc_get_status_change, !!pcsc_connect, !!pcsc_reconnect, !!pcsc_disconnect, !!pcsc_status, !!pcsc_begin_transaction, !!pcsc_end_transaction, !!pcsc_transmit, !!pcsc_set_timeout ); dlclose (handle); return -1; } #endif /*!NEED_PCSC_WRAPPER*/ pcsc_api_loaded = 1; } return open_pcsc_reader (portstr); } /* Open an remote reader and return an internal slot number or -1 on error. This function is an alternative to apdu_open_reader and used with remote readers only. Note that the supplied CLOSEFNC will only be called once and the slot will not be valid afther this. If PORTSTR is NULL we default to the first availabe port. */ int apdu_open_remote_reader (const char *portstr, const unsigned char *cookie, size_t length, int (*readfnc) (void *opaque, void *buffer, size_t size), void *readfnc_value, int (*writefnc) (void *opaque, const void *buffer, size_t size), void *writefnc_value, void (*closefnc) (void *opaque), void *closefnc_value) { #ifdef USE_G10CODE_RAPDU return open_rapdu_reader (portstr? atoi (portstr) : 0, cookie, length, readfnc, readfnc_value, writefnc, writefnc_value, closefnc, closefnc_value); #else #ifdef _WIN32 errno = ENOENT; #else errno = ENOSYS; #endif return -1; #endif } int apdu_close_reader (int slot) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (reader_table[slot].close_reader) return reader_table[slot].close_reader (slot); return SW_HOST_NOT_SUPPORTED; } /* Shutdown a reader; that is basically the same as a close but keeps - the handle ready for later use. A apdu_reset_header should be used + the handle ready for later use. A apdu_reset_reader should be used to get it active again. */ int apdu_shutdown_reader (int slot) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (reader_table[slot].shutdown_reader) return reader_table[slot].shutdown_reader (slot); return SW_HOST_NOT_SUPPORTED; } /* Enumerate all readers and return information on whether this reader is in use. The caller should start with SLOT set to 0 and increment it with each call until an error is returned. */ int apdu_enum_reader (int slot, int *used) { if (slot < 0 || slot >= MAX_READER) return SW_HOST_NO_DRIVER; *used = reader_table[slot].used; return 0; } /* Do a reset for the card in reader at SLOT. */ int apdu_reset (int slot) { int sw; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if ((sw = lock_slot (slot))) return sw; reader_table[slot].last_status = 0; if (reader_table[slot].reset_reader) sw = reader_table[slot].reset_reader (slot); if (!sw) { /* If we got to here we know that a card is present and usable. Thus remember this. */ reader_table[slot].last_status = (1|2|4| 0x8000); } unlock_slot (slot); return sw; } /* Activate a card if it has not yet been done. This is a kind of reset-if-required. It is useful to test for presence of a card before issuing a bunch of apdu commands. It does not wait on a locked card. */ int apdu_activate (int slot) { int sw; unsigned int s; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if ((sw = trylock_slot (slot))) return sw; if (reader_table[slot].get_status_reader) sw = reader_table[slot].get_status_reader (slot, &s); if (!sw) { if (!(s & 2)) /* Card not present. */ sw = SW_HOST_NO_CARD; else if ( ((s & 2) && !(s & 4)) || !reader_table[slot].atrlen ) { /* We don't have an ATR or a card is present though inactive: do a reset now. */ if (reader_table[slot].reset_reader) { reader_table[slot].last_status = 0; sw = reader_table[slot].reset_reader (slot); if (!sw) { /* If we got to here we know that a card is present and usable. Thus remember this. */ reader_table[slot].last_status = (1|2|4| 0x8000); } } } } unlock_slot (slot); return sw; } unsigned char * apdu_get_atr (int slot, size_t *atrlen) { unsigned char *buf; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return NULL; buf = xtrymalloc (reader_table[slot].atrlen); if (!buf) return NULL; memcpy (buf, reader_table[slot].atr, reader_table[slot].atrlen); *atrlen = reader_table[slot].atrlen; return buf; } /* Retrieve the status for SLOT. The function does only wait for the card to become available if HANG is set to true. On success the bits in STATUS will be set to bit 0 = card present and usable bit 1 = card present bit 2 = card active bit 3 = card access locked [not yet implemented] For must application, testing bit 0 is sufficient. CHANGED will receive the value of the counter tracking the number of card insertions. This value may be used to detect a card change. */ int apdu_get_status (int slot, int hang, unsigned int *status, unsigned int *changed) { int sw; unsigned int s; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if ((sw = hang? lock_slot (slot) : trylock_slot (slot))) return sw; if (reader_table[slot].get_status_reader) sw = reader_table[slot].get_status_reader (slot, &s); unlock_slot (slot); if (sw) { reader_table[slot].last_status = 0; return sw; } /* Keep track of changes. We use one extra bit to test whether we have checked the status at least once. */ if ( s != (reader_table[slot].last_status & 0x07ff) || !reader_table[slot].last_status ) { reader_table[slot].change_counter++; /* Make sure that the ATR is invalid so that a reset will be by activate. */ reader_table[slot].atrlen = 0; } reader_table[slot].last_status = (s | 0x8000); if (status) *status = s; if (changed) *changed = reader_table[slot].change_counter; return 0; } /* Check whether the reader supports the ISO command code COMMAND on the keypad. Return 0 on success. For a description of the pin parameters, see ccid-driver.c */ int apdu_check_keypad (int slot, int command, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (reader_table[slot].check_keypad) return reader_table[slot].check_keypad (slot, command, pin_mode, pinlen_min, pinlen_max, pin_padlen); else return SW_HOST_NOT_SUPPORTED; } /* Dispatcher for the actual send_apdu function. Note, that this function should be called in locked state. */ static int send_apdu (int slot, unsigned char *apdu, size_t apdulen, unsigned char *buffer, size_t *buflen, struct pininfo_s *pininfo) { if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (reader_table[slot].send_apdu_reader) return reader_table[slot].send_apdu_reader (slot, apdu, apdulen, buffer, buflen, pininfo); else return SW_HOST_NOT_SUPPORTED; } /* Core APDU trabceiver function. Parameters are described at apdu_send_le with the exception of PININFO which indicates keypad related operations if not NULL. */ static int send_le (int slot, int class, int ins, int p0, int p1, int lc, const char *data, int le, unsigned char **retbuf, size_t *retbuflen, struct pininfo_s *pininfo) { #define RESULTLEN 256 unsigned char result[RESULTLEN+10]; /* 10 extra in case of bugs in the driver. */ size_t resultlen; unsigned char apdu[5+256+1]; size_t apdulen; int sw; long rc; /* we need a long here due to PC/SC. */ if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if (DBG_CARD_IO) log_debug ("send apdu: c=%02X i=%02X p0=%02X p1=%02X lc=%d le=%d\n", class, ins, p0, p1, lc, le); if (lc != -1 && (lc > 255 || lc < 0)) return SW_WRONG_LENGTH; if (le != -1 && (le > 256 || le < 0)) return SW_WRONG_LENGTH; if ((!data && lc != -1) || (data && lc == -1)) return SW_HOST_INV_VALUE; if ((sw = lock_slot (slot))) return sw; apdulen = 0; apdu[apdulen++] = class; apdu[apdulen++] = ins; apdu[apdulen++] = p0; apdu[apdulen++] = p1; if (lc != -1) { apdu[apdulen++] = lc; memcpy (apdu+apdulen, data, lc); apdulen += lc; /* T=0 does not allow the use of Lc together with Le; thus disable Le in this case. */ if (reader_table[slot].is_t0) le = -1; } if (le != -1) apdu[apdulen++] = le; /* Truncation is okay because 0 means 256. */ assert (sizeof (apdu) >= apdulen); /* As safeguard don't pass any garbage from the stack to the driver. */ memset (apdu+apdulen, 0, sizeof (apdu) - apdulen); resultlen = RESULTLEN; rc = send_apdu (slot, apdu, apdulen, result, &resultlen, pininfo); if (rc || resultlen < 2) { log_error ("apdu_send_simple(%d) failed: %s\n", slot, apdu_strerror (rc)); unlock_slot (slot); return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; /* store away the returned data but strip the statusword. */ resultlen -= 2; if (DBG_CARD_IO) { log_debug (" response: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); if ( !retbuf && (sw == SW_SUCCESS || (sw & 0xff00) == SW_MORE_DATA)) log_printhex (" dump: ", result, resultlen); } if (sw == SW_SUCCESS || sw == SW_EOF_REACHED) { if (retbuf) { *retbuf = xtrymalloc (resultlen? resultlen : 1); if (!*retbuf) { unlock_slot (slot); return SW_HOST_OUT_OF_CORE; } *retbuflen = resultlen; memcpy (*retbuf, result, resultlen); } } else if ((sw & 0xff00) == SW_MORE_DATA) { unsigned char *p = NULL, *tmp; size_t bufsize = 4096; /* It is likely that we need to return much more data, so we start off with a large buffer. */ if (retbuf) { *retbuf = p = xtrymalloc (bufsize); if (!*retbuf) { unlock_slot (slot); return SW_HOST_OUT_OF_CORE; } assert (resultlen < bufsize); memcpy (p, result, resultlen); p += resultlen; } do { int len = (sw & 0x00ff); if (DBG_CARD_IO) log_debug ("apdu_send_simple(%d): %d more bytes available\n", slot, len); apdulen = 0; apdu[apdulen++] = class; apdu[apdulen++] = 0xC0; apdu[apdulen++] = 0; apdu[apdulen++] = 0; apdu[apdulen++] = len; memset (apdu+apdulen, 0, sizeof (apdu) - apdulen); resultlen = RESULTLEN; rc = send_apdu (slot, apdu, apdulen, result, &resultlen, NULL); if (rc || resultlen < 2) { log_error ("apdu_send_simple(%d) for get response failed: %s\n", slot, apdu_strerror (rc)); unlock_slot (slot); return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; resultlen -= 2; if (DBG_CARD_IO) { log_debug (" more: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); if (!retbuf && (sw==SW_SUCCESS || (sw&0xff00)==SW_MORE_DATA)) log_printhex (" dump: ", result, resultlen); } if ((sw & 0xff00) == SW_MORE_DATA || sw == SW_SUCCESS || sw == SW_EOF_REACHED ) { if (retbuf && resultlen) { if (p - *retbuf + resultlen > bufsize) { bufsize += resultlen > 4096? resultlen: 4096; tmp = xtryrealloc (*retbuf, bufsize); if (!tmp) { unlock_slot (slot); return SW_HOST_OUT_OF_CORE; } p = tmp + (p - *retbuf); *retbuf = tmp; } memcpy (p, result, resultlen); p += resultlen; } } else log_info ("apdu_send_simple(%d) " "got unexpected status %04X from get response\n", slot, sw); } while ((sw & 0xff00) == SW_MORE_DATA); if (retbuf) { *retbuflen = p - *retbuf; tmp = xtryrealloc (*retbuf, *retbuflen); if (tmp) *retbuf = tmp; } } unlock_slot (slot); if (DBG_CARD_IO && retbuf && sw == SW_SUCCESS) log_printhex (" dump: ", *retbuf, *retbuflen); return sw; #undef RESULTLEN } /* Send an APDU to the card in SLOT. The APDU is created from all given parameters: CLASS, INS, P0, P1, LC, DATA, LE. A value of -1 for LC won't sent this field and the data field; in this case DATA must also be passed as NULL. The return value is the status word or -1 for an invalid SLOT or other non card related error. If RETBUF is not NULL, it will receive an allocated buffer with the returned data. The length of that data will be put into *RETBUFLEN. The caller is reponsible for releasing the buffer even in case of errors. */ int apdu_send_le(int slot, int class, int ins, int p0, int p1, int lc, const char *data, int le, unsigned char **retbuf, size_t *retbuflen) { return send_le (slot, class, ins, p0, p1, lc, data, le, retbuf, retbuflen, NULL); } /* Send an APDU to the card in SLOT. The APDU is created from all given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for LC won't sent this field and the data field; in this case DATA must also be passed as NULL. The return value is the status word or -1 for an invalid SLOT or other non card related error. If RETBUF is not NULL, it will receive an allocated buffer with the returned data. The length of that data will be put into *RETBUFLEN. The caller is reponsible for releasing the buffer even in case of errors. */ int apdu_send (int slot, int class, int ins, int p0, int p1, int lc, const char *data, unsigned char **retbuf, size_t *retbuflen) { return send_le (slot, class, ins, p0, p1, lc, data, 256, retbuf, retbuflen, NULL); } /* Send an APDU to the card in SLOT. The APDU is created from all given parameters: CLASS, INS, P0, P1, LC, DATA. A value of -1 for LC won't sent this field and the data field; in this case DATA must also be passed as NULL. The return value is the status word or -1 for an invalid SLOT or other non card related error. No data will be returned. */ int apdu_send_simple (int slot, int class, int ins, int p0, int p1, int lc, const char *data) { return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, NULL); } /* Same as apdu_send_simple but uses the keypad of the reader. */ int apdu_send_simple_kp (int slot, int class, int ins, int p0, int p1, int lc, const char *data, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen) { struct pininfo_s pininfo; pininfo.mode = pin_mode; pininfo.minlen = pinlen_min; pininfo.maxlen = pinlen_max; pininfo.padlen = pin_padlen; return send_le (slot, class, ins, p0, p1, lc, data, -1, NULL, NULL, &pininfo); } /* This is a more generic version of the apdu sending routine. It takes an already formatted APDU in APDUDATA or length APDUDATALEN and returns the with the APDU including the status word. With HANDLE_MORE set to true this function will handle the MORE DATA status and return all APDUs concatenated with one status word at the end. The function does not return a regular status word but 0 on success. If the slot is locked, the fucntion returns immediately.*/ int apdu_send_direct (int slot, const unsigned char *apdudata, size_t apdudatalen, int handle_more, unsigned char **retbuf, size_t *retbuflen) { #define RESULTLEN 256 unsigned char apdu[5+256+1]; size_t apdulen; unsigned char result[RESULTLEN+10]; /* 10 extra in case of bugs in the driver. */ size_t resultlen; int sw; long rc; /* we need a long here due to PC/SC. */ int class; if (slot < 0 || slot >= MAX_READER || !reader_table[slot].used ) return SW_HOST_NO_DRIVER; if ((sw = trylock_slot (slot))) return sw; /* We simply trunctate a too long APDU. */ if (apdudatalen > sizeof apdu) apdudatalen = sizeof apdu; apdulen = apdudatalen; memcpy (apdu, apdudata, apdudatalen); class = apdulen? *apdu : 0; resultlen = RESULTLEN; rc = send_apdu (slot, apdu, apdulen, result, &resultlen, NULL); if (rc || resultlen < 2) { log_error ("apdu_send_direct(%d) failed: %s\n", slot, apdu_strerror (rc)); unlock_slot (slot); return rc? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; /* Store away the returned data but strip the statusword. */ resultlen -= 2; if (DBG_CARD_IO) { log_debug (" response: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); if ( !retbuf && (sw == SW_SUCCESS || (sw & 0xff00) == SW_MORE_DATA)) log_printhex (" dump: ", result, resultlen); } if (handle_more && (sw & 0xff00) == SW_MORE_DATA) { unsigned char *p = NULL, *tmp; size_t bufsize = 4096; /* It is likely that we need to return much more data, so we start off with a large buffer. */ if (retbuf) { *retbuf = p = xtrymalloc (bufsize + 2); if (!*retbuf) { unlock_slot (slot); return SW_HOST_OUT_OF_CORE; } assert (resultlen < bufsize); memcpy (p, result, resultlen); p += resultlen; } do { int len = (sw & 0x00ff); if (DBG_CARD_IO) log_debug ("apdu_send_direct(%d): %d more bytes available\n", slot, len); apdulen = 0; apdu[apdulen++] = class; apdu[apdulen++] = 0xC0; apdu[apdulen++] = 0; apdu[apdulen++] = 0; apdu[apdulen++] = len; memset (apdu+apdulen, 0, sizeof (apdu) - apdulen); resultlen = RESULTLEN; rc = send_apdu (slot, apdu, apdulen, result, &resultlen, NULL); if (rc || resultlen < 2) { log_error ("apdu_send_direct(%d) for get response failed: %s\n", slot, apdu_strerror (rc)); unlock_slot (slot); return rc ? rc : SW_HOST_INCOMPLETE_CARD_RESPONSE; } sw = (result[resultlen-2] << 8) | result[resultlen-1]; resultlen -= 2; if (DBG_CARD_IO) { log_debug (" more: sw=%04X datalen=%d\n", sw, (unsigned int)resultlen); if (!retbuf && (sw==SW_SUCCESS || (sw&0xff00)==SW_MORE_DATA)) log_printhex (" dump: ", result, resultlen); } if ((sw & 0xff00) == SW_MORE_DATA || sw == SW_SUCCESS || sw == SW_EOF_REACHED ) { if (retbuf && resultlen) { if (p - *retbuf + resultlen > bufsize) { bufsize += resultlen > 4096? resultlen: 4096; tmp = xtryrealloc (*retbuf, bufsize + 2); if (!tmp) { unlock_slot (slot); return SW_HOST_OUT_OF_CORE; } p = tmp + (p - *retbuf); *retbuf = tmp; } memcpy (p, result, resultlen); p += resultlen; } } else log_info ("apdu_send_sdirect(%d) " "got unexpected status %04X from get response\n", slot, sw); } while ((sw & 0xff00) == SW_MORE_DATA); if (retbuf) { *retbuflen = p - *retbuf; tmp = xtryrealloc (*retbuf, *retbuflen + 2); if (tmp) *retbuf = tmp; } } else { if (retbuf) { *retbuf = xtrymalloc ((resultlen? resultlen : 1)+2); if (!*retbuf) { unlock_slot (slot); return SW_HOST_OUT_OF_CORE; } *retbuflen = resultlen; memcpy (*retbuf, result, resultlen); } } unlock_slot (slot); /* Append the status word - we reseved the two extra bytes while allocating the buffer. */ if (retbuf) { (*retbuf)[(*retbuflen)++] = (sw >> 8); (*retbuf)[(*retbuflen)++] = sw; } if (DBG_CARD_IO && retbuf) log_printhex (" dump: ", *retbuf, *retbuflen); return 0; #undef RESULTLEN } diff --git a/scd/app.c b/scd/app.c index fad45ed85..7f6a8cc9f 100644 --- a/scd/app.c +++ b/scd/app.c @@ -1,848 +1,852 @@ /* app.c - Application selection. * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include <config.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> # include <pth.h> #include "scdaemon.h" #include "app-common.h" #include "apdu.h" #include "iso7816.h" #include "tlv.h" /* This table is used to keep track of locks on a per reader base. The index into the table is the slot number of the reader. The mutex will be initialized on demand (one of the advantages of a userland threading system). */ static struct { int initialized; pth_mutex_t lock; app_t app; /* Application context in use or NULL. */ app_t last_app; /* Last application object used as this slot or NULL. */ } lock_table[10]; static void deallocate_app (app_t app); /* Lock the reader SLOT. This function shall be used right before calling any of the actual application functions to serialize access to the reader. We do this always even if the reader is not actually used. This allows an actual connection to assume that it never shares a reader (while performing one command). Returns 0 on success; only then the unlock_reader function must be called after returning from the handler. */ static gpg_error_t lock_reader (int slot) { gpg_error_t err; if (slot < 0 || slot >= DIM (lock_table)) return gpg_error (slot<0? GPG_ERR_INV_VALUE : GPG_ERR_RESOURCE_LIMIT); if (!lock_table[slot].initialized) { if (!pth_mutex_init (&lock_table[slot].lock)) { err = gpg_error_from_errno (errno); log_error ("error initializing mutex: %s\n", strerror (errno)); return err; } lock_table[slot].initialized = 1; lock_table[slot].app = NULL; lock_table[slot].last_app = NULL; } if (!pth_mutex_acquire (&lock_table[slot].lock, 0, NULL)) { err = gpg_error_from_errno (errno); log_error ("failed to acquire APP lock for slot %d: %s\n", slot, strerror (errno)); return err; } return 0; } /* Release a lock on the reader. See lock_reader(). */ static void unlock_reader (int slot) { if (slot < 0 || slot >= DIM (lock_table) || !lock_table[slot].initialized) log_bug ("unlock_reader called for invalid slot %d\n", slot); if (!pth_mutex_release (&lock_table[slot].lock)) log_error ("failed to release APP lock for slot %d: %s\n", slot, strerror (errno)); } static void dump_mutex_state (pth_mutex_t *m) { if (!(m->mx_state & PTH_MUTEX_INITIALIZED)) log_printf ("not_initialized"); else if (!(m->mx_state & PTH_MUTEX_LOCKED)) log_printf ("not_locked"); else log_printf ("locked tid=0x%lx count=%lu", (long)m->mx_owner, m->mx_count); } /* This function may be called to print information pertaining to the current state of this module to the log. */ void app_dump_state (void) { int slot; for (slot=0; slot < DIM (lock_table); slot++) if (lock_table[slot].initialized) { log_info ("app_dump_state: slot=%d lock=", slot); dump_mutex_state (&lock_table[slot].lock); if (lock_table[slot].app) { log_printf (" app=%p", lock_table[slot].app); if (lock_table[slot].app->apptype) log_printf (" type=`%s'", lock_table[slot].app->apptype); } if (lock_table[slot].last_app) { log_printf (" lastapp=%p", lock_table[slot].last_app); if (lock_table[slot].last_app->apptype) log_printf (" type=`%s'", lock_table[slot].last_app->apptype); } log_printf ("\n"); } } /* Check wether the application NAME is allowed. This does not mean we have support for it though. */ static int is_app_allowed (const char *name) { strlist_t l; for (l=opt.disabled_applications; l; l = l->next) if (!strcmp (l->d, name)) return 0; /* no */ return 1; /* yes */ } /* This may be called to tell this module about a removed card. */ void application_notify_card_removed (int slot) { if (slot < 0 || slot >= DIM (lock_table)) return; /* Deallocate a saved application for that slot, so that we won't - try to reuse it. */ - if (lock_table[slot].initialized && lock_table[slot].last_app) + try to reuse it. If there is no saved application, set a flag so + that we won't save the current state. */ + if (lock_table[slot].initialized) { app_t app = lock_table[slot].last_app; - lock_table[slot].last_app = NULL; - deallocate_app (app); + if (app) + { + lock_table[slot].last_app = NULL; + deallocate_app (app); + } } } /* This fucntion is used by the serialno command to check for an application conflict which may appear if the serialno command is used to request a specific application and the connection has already done a select_application. */ gpg_error_t check_application_conflict (ctrl_t ctrl, const char *name) { int slot = ctrl->reader_slot; app_t app; if (slot < 0 || slot >= DIM (lock_table)) return gpg_error (GPG_ERR_INV_VALUE); app = lock_table[slot].initialized ? lock_table[slot].app : NULL; if (app && app->apptype && name) if ( ascii_strcasecmp (app->apptype, name)) return gpg_error (GPG_ERR_CONFLICT); return 0; } /* If called with NAME as NULL, select the best fitting application and return a context; otherwise select the application with NAME and return a context. SLOT identifies the reader device. Returns an error code and stores NULL at R_APP if no application was found or no card is present. */ gpg_error_t select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app) { gpg_error_t err; app_t app = NULL; unsigned char *result = NULL; size_t resultlen; *r_app = NULL; err = lock_reader (slot); if (err) return err; /* First check whether we already have an application to share. */ app = lock_table[slot].initialized ? lock_table[slot].app : NULL; if (app && name) if (!app->apptype || ascii_strcasecmp (app->apptype, name)) { unlock_reader (slot); if (app->apptype) log_info ("application `%s' in use by reader %d - can't switch\n", app->apptype, slot); return gpg_error (GPG_ERR_CONFLICT); } /* If we don't have an app, check whether we have a saved application for that slot. This is useful so that a card does not get reset even if only one session is using the card - so the PIN cache and other cached data are preserved. */ if (!app && lock_table[slot].initialized && lock_table[slot].last_app) { app = lock_table[slot].last_app; if (!name || (app->apptype && !ascii_strcasecmp (app->apptype, name)) ) { /* Yes, we can reuse this application - either the caller requested an unspecific one or the requested one matches the saved one. */ lock_table[slot].app = app; lock_table[slot].last_app = NULL; } else { /* No, this saved application can't be used - deallocate it. */ lock_table[slot].last_app = NULL; deallocate_app (app); app = NULL; } } /* If we can reuse an application, bump the reference count and return it. */ if (app) { if (app->slot != slot) log_bug ("slot mismatch %d/%d\n", app->slot, slot); app->ref_count++; *r_app = app; unlock_reader (slot); return 0; /* Okay: We share that one. */ } /* Need to allocate a new one. */ app = xtrycalloc (1, sizeof *app); if (!app) { err = gpg_error_from_errno (errno); log_info ("error allocating context: %s\n", gpg_strerror (err)); unlock_reader (slot); return err; } app->slot = slot; /* Fixme: We should now first check whether a card is at all present. */ /* Try to read the GDO file first to get a default serial number. */ err = iso7816_select_file (slot, 0x3F00, 1, NULL, NULL); if (!err) err = iso7816_select_file (slot, 0x2F02, 0, NULL, NULL); if (!err) err = iso7816_read_binary (slot, 0, 0, &result, &resultlen); if (!err) { size_t n; const unsigned char *p; p = find_tlv_unchecked (result, resultlen, 0x5A, &n); if (p) resultlen -= (p-result); if (p && n > resultlen && n == 0x0d && resultlen+1 == n) { /* The object it does not fit into the buffer. This is an invalid encoding (or the buffer is too short. However, I have some test cards with such an invalid encoding and therefore I use this ugly workaround to return something I can further experiment with. */ log_info ("enabling BMI testcard workaround\n"); n--; } if (p && n <= resultlen) { /* The GDO file is pretty short, thus we simply reuse it for storing the serial number. */ memmove (result, p, n); app->serialno = result; app->serialnolen = n; err = app_munge_serialno (app); if (err) goto leave; } else xfree (result); result = NULL; } /* For certain error codes, there is no need to try more. */ if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT) goto leave; /* Figure out the application to use. */ err = gpg_error (GPG_ERR_NOT_FOUND); if (err && is_app_allowed ("openpgp") && (!name || !strcmp (name, "openpgp"))) err = app_select_openpgp (app); if (err && is_app_allowed ("nks") && (!name || !strcmp (name, "nks"))) err = app_select_nks (app); if (err && is_app_allowed ("p15") && (!name || !strcmp (name, "p15"))) err = app_select_p15 (app); if (err && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig"))) err = app_select_dinsig (app); if (err && name) err = gpg_error (GPG_ERR_NOT_SUPPORTED); leave: if (err) { if (name) log_info ("can't select application `%s': %s\n", name, gpg_strerror (err)); else log_info ("no supported card application found: %s\n", gpg_strerror (err)); xfree (app); unlock_reader (slot); return err; } app->initialized = 1; app->ref_count = 1; lock_table[slot].app = app; *r_app = app; unlock_reader (slot); return 0; } /* Deallocate the application. */ static void deallocate_app (app_t app) { if (app->fnc.deinit) { app->fnc.deinit (app); app->fnc.deinit = NULL; } xfree (app->serialno); xfree (app); } /* Free the resources associated with the application APP. APP is allowed to be NULL in which case this is a no-op. Note that we are using reference counting to track the users of the application and - actually deferiing the deallcoation to allow for a later resuse by + actually deferring the deallocation to allow for a later reuse by a new connection. */ void release_application (app_t app) { int slot; if (!app) return; if (app->ref_count < 1) log_bug ("trying to release an already released context\n"); if (--app->ref_count) return; /* Move the reference to the application in the lock table. */ for (slot = 0; slot < DIM (lock_table); slot++) if (lock_table[slot].initialized && lock_table[slot].app == app) { if (lock_table[slot].last_app) deallocate_app (lock_table[slot].last_app); lock_table[slot].last_app = lock_table[slot].app; lock_table[slot].app = NULL; return; } log_debug ("application missing in lock table - deallocating anyway\n"); deallocate_app (app); } /* The serial number may need some cosmetics. Do it here. This function shall only be called once after a new serial number has been put into APP->serialno. Prefixes we use: FF 00 00 = For serial numbers starting with an FF FF 01 00 = Some german p15 cards return an empty serial number so the serial number from the EF(TokenInfo) is used instead. All other serial number not starting with FF are used as they are. */ gpg_error_t app_munge_serialno (app_t app) { if (app->serialnolen && app->serialno[0] == 0xff) { /* The serial number starts with our special prefix. This requires that we put our default prefix "FF0000" in front. */ unsigned char *p = xtrymalloc (app->serialnolen + 3); if (!p) return gpg_error (gpg_err_code_from_errno (errno)); memcpy (p, "\xff\0", 3); memcpy (p+3, app->serialno, app->serialnolen); app->serialnolen += 3; xfree (app->serialno); app->serialno = p; } return 0; } /* Retrieve the serial number and the time of the last update of the card. The serial number is returned as a malloced string (hex encoded) in SERIAL and the time of update is returned in STAMP. If no update time is available the returned value is 0. Caller must free SERIAL unless the function returns an error. If STAMP is not of interest, NULL may be passed. */ gpg_error_t app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp) { char *buf, *p; int i; if (!app || !serial) return gpg_error (GPG_ERR_INV_VALUE); *serial = NULL; if (stamp) *stamp = 0; /* not available */ buf = xtrymalloc (app->serialnolen * 2 + 1); if (!buf) return gpg_error_from_errno (errno); for (p=buf, i=0; i < app->serialnolen; p +=2, i++) sprintf (p, "%02X", app->serialno[i]); *p = 0; *serial = buf; return 0; } /* Write out the application specifig status lines for the LEARN command. */ gpg_error_t app_write_learn_status (app_t app, CTRL ctrl) { gpg_error_t err; if (!app) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.learn_status) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); if (app->apptype) send_status_info (ctrl, "APPTYPE", app->apptype, strlen (app->apptype), NULL, 0); err = lock_reader (app->slot); if (err) return err; err = app->fnc.learn_status (app, ctrl); unlock_reader (app->slot); return err; } /* Read the certificate with id CERTID (as returned by learn_status in the CERTINFO status lines) and return it in the freshly allocated buffer put into CERT and the length of the certificate put into CERTLEN. */ gpg_error_t app_readcert (app_t app, const char *certid, unsigned char **cert, size_t *certlen) { gpg_error_t err; if (!app) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.readcert) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.readcert (app, certid, cert, certlen); unlock_reader (app->slot); return err; } /* Read the key with ID KEYID. On success a canonical encoded S-expression with the public key will get stored at PK and its length (for assertions) at PKLEN; the caller must release that buffer. On error NULL will be stored at PK and PKLEN and an error code returned. This function might not be supported by all applications. */ gpg_error_t app_readkey (app_t app, const char *keyid, unsigned char **pk, size_t *pklen) { gpg_error_t err; if (pk) *pk = NULL; if (pklen) *pklen = 0; if (!app || !keyid || !pk || !pklen) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.readkey) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err= app->fnc.readkey (app, keyid, pk, pklen); unlock_reader (app->slot); return err; } /* Perform a GETATTR operation. */ gpg_error_t app_getattr (app_t app, CTRL ctrl, const char *name) { gpg_error_t err; if (!app || !name || !*name) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (app->apptype && name && !strcmp (name, "APPTYPE")) { send_status_info (ctrl, "APPTYPE", app->apptype, strlen (app->apptype), NULL, 0); return 0; } if (name && !strcmp (name, "SERIALNO")) { char *serial; time_t stamp; int rc; rc = app_get_serial_and_stamp (app, &serial, &stamp); if (rc) return rc; send_status_info (ctrl, "SERIALNO", serial, strlen (serial), NULL, 0); xfree (serial); return 0; } if (!app->fnc.getattr) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.getattr (app, ctrl, name); unlock_reader (app->slot); return err; } /* Perform a SETATTR operation. */ gpg_error_t app_setattr (app_t app, const char *name, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *value, size_t valuelen) { gpg_error_t err; if (!app || !name || !*name || !value) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.setattr) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.setattr (app, name, pincb, pincb_arg, value, valuelen); unlock_reader (app->slot); return err; } /* Create the signature and return the allocated result in OUTDATA. If a PIN is required the PINCB will be used to ask for the PIN; it should return the PIN in an allocated buffer and put it into PIN. */ gpg_error_t app_sign (app_t app, const char *keyidstr, int hashalgo, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { gpg_error_t err; if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.sign) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.sign (app, keyidstr, hashalgo, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); unlock_reader (app->slot); if (opt.verbose) log_info ("operation sign result: %s\n", gpg_strerror (err)); return err; } /* Create the signature using the INTERNAL AUTHENTICATE command and return the allocated result in OUTDATA. If a PIN is required the PINCB will be used to ask for the PIN; it should return the PIN in an allocated buffer and put it into PIN. */ gpg_error_t app_auth (app_t app, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { gpg_error_t err; if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.auth) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.auth (app, keyidstr, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); unlock_reader (app->slot); if (opt.verbose) log_info ("operation auth result: %s\n", gpg_strerror (err)); return err; } /* Decrypt the data in INDATA and return the allocated result in OUTDATA. If a PIN is required the PINCB will be used to ask for the PIN; it should return the PIN in an allocated buffer and put it into PIN. */ gpg_error_t app_decipher (app_t app, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *indata, size_t indatalen, unsigned char **outdata, size_t *outdatalen ) { gpg_error_t err; if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.decipher) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.decipher (app, keyidstr, pincb, pincb_arg, indata, indatalen, outdata, outdatalen); unlock_reader (app->slot); if (opt.verbose) log_info ("operation decipher result: %s\n", gpg_strerror (err)); return err; } /* Perform the WRITEKEY operation. */ gpg_error_t app_writekey (app_t app, ctrl_t ctrl, const char *keyidstr, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const unsigned char *keydata, size_t keydatalen) { gpg_error_t err; if (!app || !keyidstr || !*keyidstr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.writekey) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.writekey (app, ctrl, keyidstr, flags, pincb, pincb_arg, keydata, keydatalen); unlock_reader (app->slot); if (opt.verbose) log_info ("operation writekey result: %s\n", gpg_strerror (err)); return err; } /* Perform a SETATTR operation. */ gpg_error_t app_genkey (app_t app, CTRL ctrl, const char *keynostr, unsigned int flags, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; if (!app || !keynostr || !*keynostr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.genkey) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.genkey (app, ctrl, keynostr, flags, pincb, pincb_arg); unlock_reader (app->slot); if (opt.verbose) log_info ("operation genkey result: %s\n", gpg_strerror (err)); return err; } /* Perform a GET CHALLENGE operation. This fucntion is special as it directly accesses the card without any application specific wrapper. */ gpg_error_t app_get_challenge (app_t app, size_t nbytes, unsigned char *buffer) { gpg_error_t err; if (!app || !nbytes || !buffer) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); err = lock_reader (app->slot); if (err) return err; err = iso7816_get_challenge (app->slot, nbytes, buffer); unlock_reader (app->slot); return err; } /* Perform a CHANGE REFERENCE DATA or RESET RETRY COUNTER operation. */ gpg_error_t app_change_pin (app_t app, CTRL ctrl, const char *chvnostr, int reset_mode, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; if (!app || !chvnostr || !*chvnostr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.change_pin) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.change_pin (app, ctrl, chvnostr, reset_mode, pincb, pincb_arg); unlock_reader (app->slot); if (opt.verbose) log_info ("operation change_pin result: %s\n", gpg_strerror (err)); return err; } /* Perform a VERIFY operation without doing anything lese. This may be used to initialze a the PIN cache for long lasting other operations. Its use is highly application dependent. */ gpg_error_t app_check_pin (app_t app, const char *keyidstr, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; if (!app || !keyidstr || !*keyidstr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); if (!app->initialized) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.check_pin) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); err = lock_reader (app->slot); if (err) return err; err = app->fnc.check_pin (app, keyidstr, pincb, pincb_arg); unlock_reader (app->slot); if (opt.verbose) log_info ("operation check_pin result: %s\n", gpg_strerror (err)); return err; } diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 519cb5f2d..e990f757a 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1,2745 +1,2758 @@ /* ccid-driver.c - USB ChipCardInterfaceDevices driver * Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc. * Written by Werner Koch. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, * USA. * * ALTERNATIVELY, this file may be distributed under the terms of the * following license, in which case the provisions of this license are * required INSTEAD OF the GNU General Public License. If you wish to * allow use of your version of this file only under the terms of the * GNU General Public License, and not to allow others to use your * version of this file under the terms of the following license, * indicate your decision by deleting this paragraph and the license * below. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * * $Date$ */ /* CCID (ChipCardInterfaceDevices) is a specification for accessing smartcard via a reader connected to the USB. This is a limited driver allowing to use some CCID drivers directly without any other specila drivers. This is a fallback driver to be used when nothing else works or the system should be kept minimal for security reasons. It makes use of the libusb library to gain portable access to USB. This driver has been tested with the SCM SCR335 and SPR532 smartcard readers and requires that a reader implements APDU or TPDU level exchange and does fully automatic initialization. */ #ifdef HAVE_CONFIG_H # include <config.h> #endif #if defined(HAVE_LIBUSB) || defined(TEST) #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <assert.h> #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> #include <usb.h> #include "ccid-driver.h" #define DRVNAME "ccid-driver: " /* Depending on how this source is used we either define our error output to go to stderr or to the jnlib based logging functions. We use the latter when GNUPG_MAJOR_VERSION is defines or when both, GNUPG_SCD_MAIN_HEADER and HAVE_JNLIB_LOGGING are defined. */ #if defined(GNUPG_MAJOR_VERSION) \ || (defined(GNUPG_SCD_MAIN_HEADER) && defined(HAVE_JNLIB_LOGGING)) #if defined(GNUPG_SCD_MAIN_HEADER) # include GNUPG_SCD_MAIN_HEADER #elif GNUPG_MAJOR_VERSION == 1 /* GnuPG Version is < 1.9. */ # include "options.h" # include "util.h" # include "memory.h" # include "cardglue.h" # else /* This is the modularized GnuPG 1.9 or later. */ # include "scdaemon.h" #endif # define DEBUGOUT(t) do { if (debug_level) \ log_debug (DRVNAME t); } while (0) # define DEBUGOUT_1(t,a) do { if (debug_level) \ log_debug (DRVNAME t,(a)); } while (0) # define DEBUGOUT_2(t,a,b) do { if (debug_level) \ log_debug (DRVNAME t,(a),(b)); } while (0) # define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \ log_debug (DRVNAME t,(a),(b),(c));} while (0) # define DEBUGOUT_4(t,a,b,c,d) do { if (debug_level) \ log_debug (DRVNAME t,(a),(b),(c),(d));} while (0) # define DEBUGOUT_CONT(t) do { if (debug_level) \ log_printf (t); } while (0) # define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \ log_printf (t,(a)); } while (0) # define DEBUGOUT_CONT_2(t,a,b) do { if (debug_level) \ log_printf (t,(a),(b)); } while (0) # define DEBUGOUT_CONT_3(t,a,b,c) do { if (debug_level) \ log_printf (t,(a),(b),(c)); } while (0) # define DEBUGOUT_LF() do { if (debug_level) \ log_printf ("\n"); } while (0) #else /* Other usage of this source - don't use gnupg specifics. */ # define DEBUGOUT(t) do { if (debug_level) \ fprintf (stderr, DRVNAME t); } while (0) # define DEBUGOUT_1(t,a) do { if (debug_level) \ fprintf (stderr, DRVNAME t, (a)); } while (0) # define DEBUGOUT_2(t,a,b) do { if (debug_level) \ fprintf (stderr, DRVNAME t, (a), (b)); } while (0) # define DEBUGOUT_3(t,a,b,c) do { if (debug_level) \ fprintf (stderr, DRVNAME t, (a), (b), (c)); } while (0) # define DEBUGOUT_4(t,a,b,c,d) do { if (debug_level) \ fprintf (stderr, DRVNAME t, (a), (b), (c), (d));} while(0) # define DEBUGOUT_CONT(t) do { if (debug_level) \ fprintf (stderr, t); } while (0) # define DEBUGOUT_CONT_1(t,a) do { if (debug_level) \ fprintf (stderr, t, (a)); } while (0) # define DEBUGOUT_CONT_2(t,a,b) do { if (debug_level) \ fprintf (stderr, t, (a), (b)); } while (0) # define DEBUGOUT_CONT_3(t,a,b,c) do { if (debug_level) \ fprintf (stderr, t, (a), (b), (c)); } while (0) # define DEBUGOUT_LF() do { if (debug_level) \ putc ('\n', stderr); } while (0) #endif /* This source not used by scdaemon. */ enum { RDR_to_PC_NotifySlotChange= 0x50, RDR_to_PC_HardwareError = 0x51, PC_to_RDR_SetParameters = 0x61, PC_to_RDR_IccPowerOn = 0x62, PC_to_RDR_IccPowerOff = 0x63, PC_to_RDR_GetSlotStatus = 0x65, PC_to_RDR_Secure = 0x69, PC_to_RDR_T0APDU = 0x6a, PC_to_RDR_Escape = 0x6b, PC_to_RDR_GetParameters = 0x6c, PC_to_RDR_ResetParameters = 0x6d, PC_to_RDR_IccClock = 0x6e, PC_to_RDR_XfrBlock = 0x6f, PC_to_RDR_Mechanical = 0x71, PC_to_RDR_Abort = 0x72, PC_to_RDR_SetDataRate = 0x73, RDR_to_PC_DataBlock = 0x80, RDR_to_PC_SlotStatus = 0x81, RDR_to_PC_Parameters = 0x82, RDR_to_PC_Escape = 0x83, RDR_to_PC_DataRate = 0x84 }; /* Two macro to detect whether a CCID command has failed and to get the error code. These macros assume that we can access the mandatory first 10 bytes of a CCID message in BUF. */ #define CCID_COMMAND_FAILED(buf) ((buf)[7] & 0x40) #define CCID_ERROR_CODE(buf) (((unsigned char *)(buf))[8]) /* We need to know the vendor to do some hacks. */ enum { VENDOR_CHERRY = 0x046a, VENDOR_SCM = 0x04e6, VENDOR_OMNIKEY= 0x076b, VENDOR_GEMPC = 0x08e6 }; /* A list and a table with special transport descriptions. */ enum { TRANSPORT_USB = 0, /* Standard USB transport. */ TRANSPORT_CM4040 = 1 /* As used by the Cardman 4040. */ }; static struct { char *name; /* Device name. */ int type; } transports[] = { { "/dev/cmx0", TRANSPORT_CM4040 }, { "/dev/cmx1", TRANSPORT_CM4040 }, { NULL }, }; /* Store information on the driver's state. A pointer to such a structure is used as handle for most functions. */ struct ccid_driver_s { usb_dev_handle *idev; char *rid; int dev_fd; /* -1 for USB transport or file descriptor of the transport device. */ unsigned short id_vendor; unsigned short id_product; unsigned short bcd_device; int ifc_no; int ep_bulk_out; int ep_bulk_in; int ep_intr; int seqno; unsigned char t1_ns; unsigned char t1_nr; int nonnull_nad; int auto_ifsd; int max_ifsd; int ifsd; int powered_off; int has_pinpad; int apdu_level; /* Reader supports short APDU level exchange. */ }; static int initialized_usb; /* Tracks whether USB has been initialized. */ static int debug_level; /* Flag to control the debug output. 0 = No debugging 1 = USB I/O info 2 = T=1 protocol tracing */ static unsigned int compute_edc (const unsigned char *data, size_t datalen, int use_crc); static int bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen); static int bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length, size_t *nread, int expected_type, int seqno, int timeout, int no_debug); /* Convert a little endian stored 4 byte value into an unsigned integer. */ static unsigned int convert_le_u32 (const unsigned char *buf) { return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); } static void set_msg_len (unsigned char *msg, unsigned int length) { msg[1] = length; msg[2] = length >> 8; msg[3] = length >> 16; msg[4] = length >> 24; } /* Pint an error message for a failed CCID command including a textual error code. MSG is shall be the CCID message of at least 10 bytes. */ static void print_command_failed (const unsigned char *msg) { const char *t; char buffer[100]; int ec; if (!debug_level) return; ec = CCID_ERROR_CODE (msg); switch (ec) { case 0x00: t = "Command not supported"; break; case 0xE0: t = "Slot busy"; break; case 0xEF: t = "PIN cancelled"; break; case 0xF0: t = "PIN timeout"; break; case 0xF2: t = "Automatic sequence ongoing"; break; case 0xF3: t = "Deactivated Protocol"; break; case 0xF4: t = "Procedure byte conflict"; break; case 0xF5: t = "ICC class not supported"; break; case 0xF6: t = "ICC protocol not supported"; break; case 0xF7: t = "Bad checksum in ATR"; break; case 0xF8: t = "Bad TS in ATR"; break; case 0xFB: t = "An all inclusive hardware error occurred"; break; case 0xFC: t = "Overrun error while talking to the ICC"; break; case 0xFD: t = "Parity error while talking to the ICC"; break; case 0xFE: t = "CCID timed out while talking to the ICC"; break; case 0xFF: t = "Host aborted the current activity"; break; default: if (ec > 0 && ec < 128) sprintf (buffer, "Parameter error at offset %d", ec); else sprintf (buffer, "Error code %02X", ec); t = buffer; break; } DEBUGOUT_1 ("CCID command failed: %s\n", t); } /* Given a handle used for special transport prepare it for use. In particular setup all information in way that resembles what parse_cccid_descriptor does. */ static void prepare_special_transport (ccid_driver_t handle) { assert (!handle->id_vendor); handle->nonnull_nad = 0; handle->auto_ifsd = 0; handle->max_ifsd = 32; handle->ifsd = 0; handle->has_pinpad = 0; handle->apdu_level = 0; switch (handle->id_product) { case TRANSPORT_CM4040: DEBUGOUT ("setting up transport for CardMan 4040\n"); handle->apdu_level = 1; break; default: assert (!"transport not defined"); } } /* Parse a CCID descriptor, optionally print all available features and test whether this reader is usable by this driver. Returns 0 if it is usable. Note, that this code is based on the one in lsusb.c of the usb-utils package, I wrote on 2003-09-01. -wk. */ static int parse_ccid_descriptor (ccid_driver_t handle, const unsigned char *buf, size_t buflen) { unsigned int i; unsigned int us; int have_t1 = 0, have_tpdu=0, have_auto_conf = 0; handle->nonnull_nad = 0; handle->auto_ifsd = 0; handle->max_ifsd = 32; handle->ifsd = 0; handle->has_pinpad = 0; handle->apdu_level = 0; DEBUGOUT_3 ("idVendor: %04X idProduct: %04X bcdDevice: %04X\n", handle->id_vendor, handle->id_product, handle->bcd_device); if (buflen < 54 || buf[0] < 54) { DEBUGOUT ("CCID device descriptor is too short\n"); return -1; } DEBUGOUT ("ChipCard Interface Descriptor:\n"); DEBUGOUT_1 (" bLength %5u\n", buf[0]); DEBUGOUT_1 (" bDescriptorType %5u\n", buf[1]); DEBUGOUT_2 (" bcdCCID %2x.%02x", buf[3], buf[2]); if (buf[3] != 1 || buf[2] != 0) DEBUGOUT_CONT(" (Warning: Only accurate for version 1.0)"); DEBUGOUT_LF (); DEBUGOUT_1 (" nMaxSlotIndex %5u\n", buf[4]); DEBUGOUT_2 (" bVoltageSupport %5u %s\n", buf[5], (buf[5] == 1? "5.0V" : buf[5] == 2? "3.0V" : buf[5] == 3? "1.8V":"?")); us = convert_le_u32 (buf+6); DEBUGOUT_1 (" dwProtocols %5u ", us); if ((us & 1)) DEBUGOUT_CONT (" T=0"); if ((us & 2)) { DEBUGOUT_CONT (" T=1"); have_t1 = 1; } if ((us & ~3)) DEBUGOUT_CONT (" (Invalid values detected)"); DEBUGOUT_LF (); us = convert_le_u32(buf+10); DEBUGOUT_1 (" dwDefaultClock %5u\n", us); us = convert_le_u32(buf+14); DEBUGOUT_1 (" dwMaxiumumClock %5u\n", us); DEBUGOUT_1 (" bNumClockSupported %5u\n", buf[18]); us = convert_le_u32(buf+19); DEBUGOUT_1 (" dwDataRate %7u bps\n", us); us = convert_le_u32(buf+23); DEBUGOUT_1 (" dwMaxDataRate %7u bps\n", us); DEBUGOUT_1 (" bNumDataRatesSupp. %5u\n", buf[27]); us = convert_le_u32(buf+28); DEBUGOUT_1 (" dwMaxIFSD %5u\n", us); handle->max_ifsd = us; us = convert_le_u32(buf+32); DEBUGOUT_1 (" dwSyncProtocols %08X ", us); if ((us&1)) DEBUGOUT_CONT ( " 2-wire"); if ((us&2)) DEBUGOUT_CONT ( " 3-wire"); if ((us&4)) DEBUGOUT_CONT ( " I2C"); DEBUGOUT_LF (); us = convert_le_u32(buf+36); DEBUGOUT_1 (" dwMechanical %08X ", us); if ((us & 1)) DEBUGOUT_CONT (" accept"); if ((us & 2)) DEBUGOUT_CONT (" eject"); if ((us & 4)) DEBUGOUT_CONT (" capture"); if ((us & 8)) DEBUGOUT_CONT (" lock"); DEBUGOUT_LF (); us = convert_le_u32(buf+40); DEBUGOUT_1 (" dwFeatures %08X\n", us); if ((us & 0x0002)) { DEBUGOUT (" Auto configuration based on ATR\n"); have_auto_conf = 1; } if ((us & 0x0004)) DEBUGOUT (" Auto activation on insert\n"); if ((us & 0x0008)) DEBUGOUT (" Auto voltage selection\n"); if ((us & 0x0010)) DEBUGOUT (" Auto clock change\n"); if ((us & 0x0020)) DEBUGOUT (" Auto baud rate change\n"); if ((us & 0x0040)) DEBUGOUT (" Auto parameter negotation made by CCID\n"); else if ((us & 0x0080)) DEBUGOUT (" Auto PPS made by CCID\n"); else if ((us & (0x0040 | 0x0080))) DEBUGOUT (" WARNING: conflicting negotation features\n"); if ((us & 0x0100)) DEBUGOUT (" CCID can set ICC in clock stop mode\n"); if ((us & 0x0200)) { DEBUGOUT (" NAD value other than 0x00 accepted\n"); handle->nonnull_nad = 1; } if ((us & 0x0400)) { DEBUGOUT (" Auto IFSD exchange\n"); handle->auto_ifsd = 1; } if ((us & 0x00010000)) { DEBUGOUT (" TPDU level exchange\n"); have_tpdu = 1; } else if ((us & 0x00020000)) { DEBUGOUT (" Short APDU level exchange\n"); handle->apdu_level = 1; } else if ((us & 0x00040000)) { DEBUGOUT (" Short and extended APDU level exchange\n"); handle->apdu_level = 1; } else if ((us & 0x00070000)) DEBUGOUT (" WARNING: conflicting exchange levels\n"); us = convert_le_u32(buf+44); DEBUGOUT_1 (" dwMaxCCIDMsgLen %5u\n", us); DEBUGOUT ( " bClassGetResponse "); if (buf[48] == 0xff) DEBUGOUT_CONT ("echo\n"); else DEBUGOUT_CONT_1 (" %02X\n", buf[48]); DEBUGOUT ( " bClassEnvelope "); if (buf[49] == 0xff) DEBUGOUT_CONT ("echo\n"); else DEBUGOUT_CONT_1 (" %02X\n", buf[48]); DEBUGOUT ( " wlcdLayout "); if (!buf[50] && !buf[51]) DEBUGOUT_CONT ("none\n"); else DEBUGOUT_CONT_2 ("%u cols %u lines\n", buf[50], buf[51]); DEBUGOUT_1 (" bPINSupport %5u ", buf[52]); if ((buf[52] & 1)) { DEBUGOUT_CONT ( " verification"); handle->has_pinpad |= 1; } if ((buf[52] & 2)) { DEBUGOUT_CONT ( " modification"); handle->has_pinpad |= 2; } DEBUGOUT_LF (); DEBUGOUT_1 (" bMaxCCIDBusySlots %5u\n", buf[53]); if (buf[0] > 54) { DEBUGOUT (" junk "); for (i=54; i < buf[0]-54; i++) DEBUGOUT_CONT_1 (" %02X", buf[i]); DEBUGOUT_LF (); } if (!have_t1 || !(have_tpdu || handle->apdu_level) || !have_auto_conf) { DEBUGOUT ("this drivers requires that the reader supports T=1, " "TPDU or APDU level exchange and auto configuration - " "this is not available\n"); return -1; } /* SCM drivers get stuck in their internal USB stack if they try to send a frame of n*wMaxPacketSize back to us. Given that wMaxPacketSize is 64 for these readers we set the IFSD to a value lower than that: 64 - 10 CCID header - 4 T1frame - 2 reserved = 48 Product Ids: 0xe001 - SCR 331 0x5111 - SCR 331-DI 0x5115 - SCR 335 0xe003 - SPR 532 */ if (handle->id_vendor == VENDOR_SCM && handle->max_ifsd > 48 && ( (handle->id_product == 0xe001 && handle->bcd_device < 0x0516) ||(handle->id_product == 0x5111 && handle->bcd_device < 0x0620) ||(handle->id_product == 0x5115 && handle->bcd_device < 0x0514) ||(handle->id_product == 0xe003 && handle->bcd_device < 0x0504) )) { DEBUGOUT ("enabling workaround for buggy SCM readers\n"); handle->max_ifsd = 48; } return 0; } static char * get_escaped_usb_string (usb_dev_handle *idev, int idx, const char *prefix, const char *suffix) { int rc; unsigned char buf[280]; unsigned char *s; unsigned int langid; size_t i, n, len; char *result; if (!idx) return NULL; /* Fixme: The next line is for the current Valgrid without support for USB IOCTLs. */ memset (buf, 0, sizeof buf); /* First get the list of supported languages and use the first one. If we do don't find it we try to use English. Note that this is all in a 2 bute Unicode encoding using little endian. */ rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR, (USB_DT_STRING << 8), 0, (char*)buf, sizeof buf, 1000 /* ms timeout */); if (rc < 4) langid = 0x0409; /* English. */ else langid = (buf[3] << 8) | buf[2]; rc = usb_control_msg (idev, USB_ENDPOINT_IN, USB_REQ_GET_DESCRIPTOR, (USB_DT_STRING << 8) + idx, langid, (char*)buf, sizeof buf, 1000 /* ms timeout */); if (rc < 2 || buf[1] != USB_DT_STRING) return NULL; /* Error or not a string. */ len = buf[0]; if (len > rc) return NULL; /* Larger than our buffer. */ for (s=buf+2, i=2, n=0; i+1 < len; i += 2, s += 2) { if (s[1]) n++; /* High byte set. */ else if (*s <= 0x20 || *s >= 0x7f || *s == '%' || *s == ':') n += 3 ; else n++; } result = malloc (strlen (prefix) + n + strlen (suffix) + 1); if (!result) return NULL; strcpy (result, prefix); n = strlen (prefix); for (s=buf+2, i=2; i+1 < len; i += 2, s += 2) { if (s[1]) result[n++] = '\xff'; /* High byte set. */ else if (*s <= 0x20 || *s >= 0x7f || *s == '%' || *s == ':') { sprintf (result+n, "%%%02X", *s); n += 3; } else result[n++] = *s; } strcpy (result+n, suffix); return result; } /* This function creates an reader id to be used to find the same physical reader after a reset. It returns an allocated and possibly percent escaped string or NULL if not enough memory is available. */ static char * make_reader_id (usb_dev_handle *idev, unsigned int vendor, unsigned int product, unsigned char serialno_index) { char *rid; char prefix[20]; sprintf (prefix, "%04X:%04X:", (vendor & 0xffff), (product & 0xffff)); rid = get_escaped_usb_string (idev, serialno_index, prefix, ":0"); if (!rid) { rid = malloc (strlen (prefix) + 3 + 1); if (!rid) return NULL; strcpy (rid, prefix); strcat (rid, "X:0"); } return rid; } /* Helper to find the endpoint from an interface descriptor. */ static int find_endpoint (struct usb_interface_descriptor *ifcdesc, int mode) { int no; int want_bulk_in = 0; if (mode == 1) want_bulk_in = 0x80; for (no=0; no < ifcdesc->bNumEndpoints; no++) { struct usb_endpoint_descriptor *ep = ifcdesc->endpoint + no; if (ep->bDescriptorType != USB_DT_ENDPOINT) ; else if (mode == 2 && ((ep->bmAttributes & USB_ENDPOINT_TYPE_MASK) == USB_ENDPOINT_TYPE_INTERRUPT) && (ep->bEndpointAddress & 0x80)) return (ep->bEndpointAddress & 0x0f); else if (((ep->bmAttributes & USB_ENDPOINT_TYPE_MASK) == USB_ENDPOINT_TYPE_BULK) && (ep->bEndpointAddress & 0x80) == want_bulk_in) return (ep->bEndpointAddress & 0x0f); } /* Should never happen. */ return mode == 2? 0x83 : mode == 1? 0x82 :1; } /* Helper for scan_or_find_devices. This function returns true if a requested device has been found or the caller should stop scanning for other reasons. */ static int scan_or_find_usb_device (int scan_mode, int *readerno, int *count, char **rid_list, const char *readerid, struct usb_device *dev, char **r_rid, struct usb_device **r_dev, usb_dev_handle **r_idev, unsigned char **ifcdesc_extra, size_t *ifcdesc_extra_len, int *interface_number, int *ep_bulk_out, int *ep_bulk_in, int *ep_intr) { int cfg_no; int ifc_no; int set_no; struct usb_config_descriptor *config; struct usb_interface *interface; struct usb_interface_descriptor *ifcdesc; char *rid; usb_dev_handle *idev; *r_idev = NULL; for (cfg_no=0; cfg_no < dev->descriptor.bNumConfigurations; cfg_no++) { config = dev->config + cfg_no; if(!config) continue; for (ifc_no=0; ifc_no < config->bNumInterfaces; ifc_no++) { interface = config->interface + ifc_no; if (!interface) continue; for (set_no=0; set_no < interface->num_altsetting; set_no++) { ifcdesc = (interface->altsetting + set_no); /* The second condition is for older SCM SPR 532 who did not know about the assigned CCID class. Instead of trying to interpret the strings we simply check the product ID. */ if (ifcdesc && ifcdesc->extra && ((ifcdesc->bInterfaceClass == 11 && ifcdesc->bInterfaceSubClass == 0 && ifcdesc->bInterfaceProtocol == 0) || (ifcdesc->bInterfaceClass == 255 && dev->descriptor.idVendor == VENDOR_SCM && dev->descriptor.idProduct == 0xe003))) { idev = usb_open (dev); if (!idev) { DEBUGOUT_1 ("usb_open failed: %s\n", strerror (errno)); continue; /* with next setting. */ } rid = make_reader_id (idev, dev->descriptor.idVendor, dev->descriptor.idProduct, dev->descriptor.iSerialNumber); if (rid) { if (scan_mode) { char *p; /* We are collecting infos about all available CCID readers. Store them and continue. */ DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n", *count, rid ); p = malloc ((*rid_list? strlen (*rid_list):0) + 1 + strlen (rid) + 1); if (p) { *p = 0; if (*rid_list) { strcat (p, *rid_list); free (*rid_list); } strcat (p, rid); strcat (p, "\n"); *rid_list = p; } else /* Out of memory. */ free (rid); rid = NULL; ++*count; } else if (!*readerno || (*readerno < 0 && readerid && !strcmp (readerid, rid))) { /* We found the requested reader. */ if (ifcdesc_extra && ifcdesc_extra_len) { *ifcdesc_extra = malloc (ifcdesc ->extralen); if (!*ifcdesc_extra) { usb_close (idev); free (rid); return 1; /* Out of core. */ } memcpy (*ifcdesc_extra, ifcdesc->extra, ifcdesc->extralen); *ifcdesc_extra_len = ifcdesc->extralen; } if (interface_number) *interface_number = (ifcdesc->bInterfaceNumber); if (ep_bulk_out) *ep_bulk_out = find_endpoint (ifcdesc, 0); if (ep_bulk_in) *ep_bulk_in = find_endpoint (ifcdesc, 1); if (ep_intr) *ep_intr = find_endpoint (ifcdesc, 2); if (r_dev) *r_dev = dev; if (r_rid) { *r_rid = rid; rid = NULL; } else free (rid); *r_idev = idev; return 1; /* Found requested device. */ } else { /* This is not yet the reader we want. fixme: We should avoid the extra usb_open in this case. */ if (*readerno >= 0) --*readerno; } free (rid); } usb_close (idev); idev = NULL; return 0; } } } } return 0; } /* Combination function to either scan all CCID devices or to find and open one specific device. The function returns 0 if a reader has been found or when a scan returned without error. With READERNO = -1 and READERID is NULL, scan mode is used and R_RID should be the address where to store the list of reader_ids we found. If on return this list is empty, no CCID device has been found; otherwise it points to an allocated linked list of reader IDs. Note that in this mode the function always returns NULL. With READERNO >= 0 or READERID is not NULL find mode is used. This uses the same algorithm as the scan mode but stops and returns at the entry number READERNO and return the handle for the the opened USB device. If R_RID is not NULL it will receive the reader ID of that device. If R_DEV is not NULL it will the device pointer of that device. If IFCDESC_EXTRA is NOT NULL it will receive a malloced copy of the interfaces "extra: data filed; IFCDESC_EXTRA_LEN receive the length of this field. If there is no reader with number READERNO or that reader is not usable by our implementation NULL will be returned. The caller must close a returned USB device handle and free (if not passed as NULL) the returned reader ID info as well as the IFCDESC_EXTRA. On error NULL will get stored at R_RID, R_DEV, IFCDESC_EXTRA and IFCDESC_EXTRA_LEN. With READERID being -1 the function stops if the READERID was found. If R_FD is not -1 on return the device is not using USB for transport but the device associated with that file descriptor. In this case INTERFACE will receive the transport type and the other USB specific return values are not used; the return value is (void*)(1). Note that the first entry of the returned reader ID list in scan mode corresponds with a READERNO of 0 in find mode. */ static int scan_or_find_devices (int readerno, const char *readerid, char **r_rid, struct usb_device **r_dev, unsigned char **ifcdesc_extra, size_t *ifcdesc_extra_len, int *interface_number, int *ep_bulk_out, int *ep_bulk_in, int *ep_intr, usb_dev_handle **r_idev, int *r_fd) { char *rid_list = NULL; int count = 0; struct usb_bus *busses, *bus; struct usb_device *dev = NULL; usb_dev_handle *idev = NULL; int scan_mode = (readerno == -1 && !readerid); int i; /* Set return values to a default. */ if (r_rid) *r_rid = NULL; if (r_dev) *r_dev = NULL; if (ifcdesc_extra) *ifcdesc_extra = NULL; if (ifcdesc_extra_len) *ifcdesc_extra_len = 0; if (interface_number) *interface_number = 0; if (r_idev) *r_idev = NULL; if (r_fd) *r_fd = -1; /* See whether we want scan or find mode. */ if (scan_mode) { assert (r_rid); } usb_find_busses(); usb_find_devices(); #ifdef HAVE_USB_GET_BUSSES busses = usb_get_busses(); #else busses = usb_busses; #endif for (bus = busses; bus; bus = bus->next) { for (dev = bus->devices; dev; dev = dev->next) { if (scan_or_find_usb_device (scan_mode, &readerno, &count, &rid_list, readerid, dev, r_rid, r_dev, &idev, ifcdesc_extra, ifcdesc_extra_len, interface_number, ep_bulk_out, ep_bulk_in, ep_intr)) { /* Found requested device or out of core. */ if (!idev) { free (rid_list); return -1; /* error */ } *r_idev = idev; return 0; } } } /* Now check whether there are any devices with special transport types. */ for (i=0; transports[i].name; i++) { int fd; char *rid, *p; fd = open (transports[i].name, O_RDWR); if (fd == -1) - continue; + { + log_debug ("failed to open `%s': %s\n", + transports[i].name, strerror (errno)); + continue; + } + log_debug ("opened `%s': fd=%d\n", transports[i].name, fd); rid = malloc (strlen (transports[i].name) + 30 + 10); if (!rid) { close (fd); free (rid_list); return -1; /* Error. */ } sprintf (rid, "0000:%04X:%s:0", transports[i].type, transports[i].name); if (scan_mode) { DEBUGOUT_2 ("found CCID reader %d (ID=%s)\n", count, rid); p = malloc ((rid_list? strlen (rid_list):0) + 1 + strlen (rid) + 1); if (!p) { close (fd); free (rid_list); free (rid); return -1; /* Error. */ } *p = 0; if (rid_list) { strcat (p, rid_list); free (rid_list); } strcat (p, rid); strcat (p, "\n"); rid_list = p; ++count; } else if (!readerno || (readerno < 0 && readerid && !strcmp (readerid, rid))) { /* Found requested device. */ if (interface_number) *interface_number = transports[i].type; if (r_rid) *r_rid = rid; else free (rid); if (r_fd) *r_fd = fd; return 0; /* Okay, found device */ } else /* This is not yet the reader we want. */ { if (readerno >= 0) --readerno; } free (rid); close (fd); + log_debug ("closed fd %d\n", fd); } if (scan_mode) { *r_rid = rid_list; return 0; } else return -1; } /* Set the level of debugging to LEVEL and return the old level. -1 just returns the old level. A level of 0 disables debugging, 1 enables debugging, 2 enables additional tracing of the T=1 protocol, other values are not yet defined. */ int ccid_set_debug_level (int level) { int old = debug_level; if (level != -1) debug_level = level; return old; } char * ccid_get_reader_list (void) { char *reader_list; if (!initialized_usb) { usb_init (); initialized_usb = 1; } if (scan_or_find_devices (-1, NULL, &reader_list, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL)) return NULL; /* Error. */ return reader_list; } /* Open the reader with the internal number READERNO and return a pointer to be used as handle in HANDLE. Returns 0 on success. */ int ccid_open_reader (ccid_driver_t *handle, const char *readerid) { int rc = 0; struct usb_device *dev = NULL; usb_dev_handle *idev = NULL; int dev_fd = -1; char *rid = NULL; unsigned char *ifcdesc_extra = NULL; size_t ifcdesc_extra_len; int readerno; int ifc_no, ep_bulk_out, ep_bulk_in, ep_intr; *handle = NULL; if (!initialized_usb) { usb_init (); initialized_usb = 1; } /* See whether we want to use the reader ID string or a reader number. A readerno of -1 indicates that the reader ID string is to be used. */ if (readerid && strchr (readerid, ':')) readerno = -1; /* We want to use the readerid. */ else if (readerid) { readerno = atoi (readerid); if (readerno < 0) { DEBUGOUT ("no CCID readers found\n"); rc = CCID_DRIVER_ERR_NO_READER; goto leave; } } else readerno = 0; /* Default. */ if (scan_or_find_devices (readerno, readerid, &rid, &dev, &ifcdesc_extra, &ifcdesc_extra_len, &ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr, &idev, &dev_fd) ) { if (readerno == -1) DEBUGOUT_1 ("no CCID reader with ID %s\n", readerid ); else DEBUGOUT_1 ("no CCID reader with number %d\n", readerno ); rc = CCID_DRIVER_ERR_NO_READER; goto leave; } /* Okay, this is a CCID reader. */ *handle = calloc (1, sizeof **handle); if (!*handle) { DEBUGOUT ("out of memory\n"); rc = CCID_DRIVER_ERR_OUT_OF_CORE; goto leave; } (*handle)->rid = rid; if (idev) /* Regular USB transport. */ { (*handle)->idev = idev; (*handle)->dev_fd = -1; (*handle)->id_vendor = dev->descriptor.idVendor; (*handle)->id_product = dev->descriptor.idProduct; (*handle)->bcd_device = dev->descriptor.bcdDevice; (*handle)->ifc_no = ifc_no; (*handle)->ep_bulk_out = ep_bulk_out; (*handle)->ep_bulk_in = ep_bulk_in; (*handle)->ep_intr = ep_intr; } else if (dev_fd != -1) /* Device transport. */ { (*handle)->idev = NULL; (*handle)->dev_fd = dev_fd; (*handle)->id_vendor = 0; /* Magic vendor for special transport. */ (*handle)->id_product = ifc_no; /* Transport type */ prepare_special_transport (*handle); } else { assert (!"no transport"); /* Bug. */ } DEBUGOUT_2 ("using CCID reader %d (ID=%s)\n", readerno, rid ); if (idev) { if (parse_ccid_descriptor (*handle, ifcdesc_extra, ifcdesc_extra_len)) { DEBUGOUT ("device not supported\n"); rc = CCID_DRIVER_ERR_NO_READER; goto leave; } rc = usb_claim_interface (idev, ifc_no); if (rc) { DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc); rc = CCID_DRIVER_ERR_CARD_IO_ERROR; goto leave; } } leave: free (ifcdesc_extra); if (rc) { free (rid); if (idev) usb_close (idev); if (dev_fd != -1) - close (dev_fd); + { + close (dev_fd); + log_debug ("closed fd %d\n", dev_fd); + } free (*handle); *handle = NULL; } return rc; } static void do_close_reader (ccid_driver_t handle) { int rc; unsigned char msg[100]; size_t msglen; unsigned char seqno; if (!handle->powered_off) { msg[0] = PC_to_RDR_IccPowerOff; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, 0); msglen = 10; rc = bulk_out (handle, msg, msglen); if (!rc) bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus, seqno, 2000, 0); handle->powered_off = 1; } if (handle->idev) { usb_release_interface (handle->idev, handle->ifc_no); usb_close (handle->idev); handle->idev = NULL; } if (handle->dev_fd != -1) { close (handle->dev_fd); + log_debug ("closed fd %d\n", handle->dev_fd); handle->dev_fd = -1; } } /* Reset a reader on HANDLE. This is useful in case a reader has been plugged of and inserted at a different port. By resetting the handle, the same reader will be get used. Note, that on error the handle won't get released. This does not return an ATR, so ccid_get_atr should be called right after this one. */ int ccid_shutdown_reader (ccid_driver_t handle) { int rc = 0; struct usb_device *dev = NULL; usb_dev_handle *idev = NULL; unsigned char *ifcdesc_extra = NULL; size_t ifcdesc_extra_len; int ifc_no, ep_bulk_out, ep_bulk_in, ep_intr; if (!handle || !handle->rid) return CCID_DRIVER_ERR_INV_VALUE; do_close_reader (handle); if (scan_or_find_devices (-1, handle->rid, NULL, &dev, &ifcdesc_extra, &ifcdesc_extra_len, &ifc_no, &ep_bulk_out, &ep_bulk_in, &ep_intr, &idev, NULL) || !idev) { DEBUGOUT_1 ("no CCID reader with ID %s\n", handle->rid); return CCID_DRIVER_ERR_NO_READER; } if (idev) { handle->idev = idev; handle->ifc_no = ifc_no; handle->ep_bulk_out = ep_bulk_out; handle->ep_bulk_in = ep_bulk_in; handle->ep_intr = ep_intr; if (parse_ccid_descriptor (handle, ifcdesc_extra, ifcdesc_extra_len)) { DEBUGOUT ("device not supported\n"); rc = CCID_DRIVER_ERR_NO_READER; goto leave; } rc = usb_claim_interface (idev, ifc_no); if (rc) { DEBUGOUT_1 ("usb_claim_interface failed: %d\n", rc); rc = CCID_DRIVER_ERR_CARD_IO_ERROR; goto leave; } } leave: free (ifcdesc_extra); if (rc) { if (handle->idev) usb_close (handle->idev); handle->idev = NULL; if (handle->dev_fd != -1) - close (handle->dev_fd); + { + close (handle->dev_fd); + log_debug ("closed fd %d\n", handle->dev_fd); + } handle->dev_fd = -1; } return rc; } /* Close the reader HANDLE. */ int ccid_close_reader (ccid_driver_t handle) { - if (!handle || !handle->idev) + if (!handle || (!handle->idev && handle->dev_fd == -1)) return 0; do_close_reader (handle); free (handle->rid); free (handle); return 0; } /* Return False if a card is present and powered. */ int ccid_check_card_presence (ccid_driver_t handle) { return -1; } /* Write NBYTES of BUF to file descriptor FD. */ static int writen (int fd, const void *buf, size_t nbytes) { size_t nleft = nbytes; int nwritten; while (nleft > 0) { nwritten = write (fd, buf, nleft); if (nwritten < 0) { if (errno == EINTR) nwritten = 0; else return -1; } nleft -= nwritten; buf = (const char*)buf + nwritten; } return 0; } /* Write a MSG of length MSGLEN to the designated bulk out endpoint. Returns 0 on success. */ static int bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen) { int rc; if (handle->idev) { rc = usb_bulk_write (handle->idev, handle->ep_bulk_out, (char*)msg, msglen, 1000 /* ms timeout */); if (rc == msglen) return 0; if (rc == -1) DEBUGOUT_1 ("usb_bulk_write error: %s\n", strerror (errno)); else DEBUGOUT_1 ("usb_bulk_write failed: %d\n", rc); } else { rc = writen (handle->dev_fd, msg, msglen); if (!rc) return 0; DEBUGOUT_2 ("writen to %d failed: %s\n", handle->dev_fd, strerror (errno)); } return CCID_DRIVER_ERR_CARD_IO_ERROR; } /* Read a maximum of LENGTH bytes from the bulk in endpoint into BUFFER and return the actual read number if bytes in NREAD. SEQNO is the sequence number used to send the request and EXPECTED_TYPE the type of message we expect. Does checks on the ccid header. TIMEOUT is the timeout value in ms. NO_DEBUG may be set to avoid debug messages in case of no error. Returns 0 on success. */ static int bulk_in (ccid_driver_t handle, unsigned char *buffer, size_t length, size_t *nread, int expected_type, int seqno, int timeout, int no_debug) { int i, rc; size_t msglen; /* Fixme: The next line for the current Valgrind without support for USB IOCTLs. */ memset (buffer, 0, length); retry: if (handle->idev) { rc = usb_bulk_read (handle->idev, handle->ep_bulk_in, (char*)buffer, length, timeout); if (rc < 0) { DEBUGOUT_1 ("usb_bulk_read error: %s\n", strerror (errno)); return CCID_DRIVER_ERR_CARD_IO_ERROR; } *nread = msglen = rc; } else { rc = read (handle->dev_fd, buffer, length); if (rc < 0) { DEBUGOUT_2 ("read from %d failed: %s\n", handle->dev_fd, strerror (errno)); return CCID_DRIVER_ERR_CARD_IO_ERROR; } *nread = msglen = rc; } if (msglen < 10) { DEBUGOUT_1 ("bulk-in msg too short (%u)\n", (unsigned int)msglen); return CCID_DRIVER_ERR_INV_VALUE; } if (buffer[0] != expected_type) { DEBUGOUT_1 ("unexpected bulk-in msg type (%02x)\n", buffer[0]); return CCID_DRIVER_ERR_INV_VALUE; } if (buffer[5] != 0) { DEBUGOUT_1 ("unexpected bulk-in slot (%d)\n", buffer[5]); return CCID_DRIVER_ERR_INV_VALUE; } if (buffer[6] != seqno) { DEBUGOUT_2 ("bulk-in seqno does not match (%d/%d)\n", seqno, buffer[6]); return CCID_DRIVER_ERR_INV_VALUE; } if ( !(buffer[7] & 0x03) && (buffer[7] & 0xC0) == 0x80) { /* Card present and active, time extension requested. */ DEBUGOUT_2 ("time extension requested (%02X,%02X)\n", buffer[7], buffer[8]); goto retry; } if (!no_debug) { DEBUGOUT_3 ("status: %02X error: %02X octet[9]: %02X\n" " data:", buffer[7], buffer[8], buffer[9] ); for (i=10; i < msglen; i++) DEBUGOUT_CONT_1 (" %02X", buffer[i]); DEBUGOUT_LF (); } if (CCID_COMMAND_FAILED (buffer)) print_command_failed (buffer); /* Check whether a card is at all available. Note: If you add new error codes here, check whether they need to be ignored in send_escape_cmd. */ switch ((buffer[7] & 0x03)) { case 0: /* no error */ break; case 1: return CCID_DRIVER_ERR_CARD_INACTIVE; case 2: return CCID_DRIVER_ERR_NO_CARD; case 3: /* RFU */ break; } return 0; } /* Note that this function won't return the error codes NO_CARD or CARD_INACTIVE. IF RESULT is not NULL, the result from the operation will get returned in RESULT and its length in RESULTLEN. If the response is larger than RESULTMAX, an error is returned and the required buffer length returned in RESULTLEN. */ static int send_escape_cmd (ccid_driver_t handle, const unsigned char *data, size_t datalen, unsigned char *result, size_t resultmax, size_t *resultlen) { int i, rc; unsigned char msg[100]; size_t msglen; unsigned char seqno; if (resultlen) *resultlen = 0; if (datalen > sizeof msg - 10) return CCID_DRIVER_ERR_INV_VALUE; /* Escape data too large. */ msg[0] = PC_to_RDR_Escape; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ memcpy (msg+10, data, datalen); msglen = 10 + datalen; set_msg_len (msg, datalen); DEBUGOUT ("sending"); for (i=0; i < msglen; i++) DEBUGOUT_CONT_1 (" %02X", msg[i]); DEBUGOUT_LF (); rc = bulk_out (handle, msg, msglen); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Escape, seqno, 5000, 0); if (result) switch (rc) { /* We need to ignore certain errorcode here. */ case 0: case CCID_DRIVER_ERR_CARD_INACTIVE: case CCID_DRIVER_ERR_NO_CARD: { if (msglen > resultmax) rc = CCID_DRIVER_ERR_INV_VALUE; /* Response too large. */ else { memcpy (result, msg, msglen); *resultlen = msglen; } rc = 0; } break; default: break; } return rc; } int ccid_transceive_escape (ccid_driver_t handle, const unsigned char *data, size_t datalen, unsigned char *resp, size_t maxresplen, size_t *nresp) { return send_escape_cmd (handle, data, datalen, resp, maxresplen, nresp); } /* experimental */ int ccid_poll (ccid_driver_t handle) { int rc; unsigned char msg[10]; size_t msglen; int i, j; if (handle->idev) { rc = usb_bulk_read (handle->idev, handle->ep_intr, (char*)msg, sizeof msg, 0 /* ms timeout */ ); if (rc < 0 && errno == ETIMEDOUT) return 0; } else return 0; if (rc < 0) { DEBUGOUT_1 ("usb_intr_read error: %s\n", strerror (errno)); return CCID_DRIVER_ERR_CARD_IO_ERROR; } msglen = rc; rc = 0; if (msglen < 1) { DEBUGOUT ("intr-in msg too short\n"); return CCID_DRIVER_ERR_INV_VALUE; } if (msg[0] == RDR_to_PC_NotifySlotChange) { DEBUGOUT ("notify slot change:"); for (i=1; i < msglen; i++) for (j=0; j < 4; j++) DEBUGOUT_CONT_3 (" %d:%c%c", (i-1)*4+j, (msg[i] & (1<<(j*2)))? 'p':'-', (msg[i] & (2<<(j*2)))? '*':' '); DEBUGOUT_LF (); } else if (msg[0] == RDR_to_PC_HardwareError) { DEBUGOUT ("hardware error occured\n"); } else { DEBUGOUT_1 ("unknown intr-in msg of type %02X\n", msg[0]); } return 0; } /* Note that this fucntion won't return the error codes NO_CARD or CARD_INACTIVE */ int ccid_slot_status (ccid_driver_t handle, int *statusbits) { int rc; unsigned char msg[100]; size_t msglen; unsigned char seqno; int retries = 0; retry: msg[0] = PC_to_RDR_GetSlotStatus; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, 0); rc = bulk_out (handle, msg, 10); if (rc) return rc; /* Note that we set the NO_DEBUG flag here, so that the logs won't get cluttered up by a ticker function checking for the slot status and debugging enabled. */ rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_SlotStatus, seqno, retries? 1000 : 200, 1); if (rc == CCID_DRIVER_ERR_CARD_IO_ERROR && retries < 3) { if (!retries) { DEBUGOUT ("USB: CALLING USB_CLEAR_HALT\n"); usb_clear_halt (handle->idev, handle->ep_bulk_in); usb_clear_halt (handle->idev, handle->ep_bulk_out); } else DEBUGOUT ("USB: RETRYING bulk_in AGAIN\n"); retries++; goto retry; } if (rc && rc != CCID_DRIVER_ERR_NO_CARD && rc != CCID_DRIVER_ERR_CARD_INACTIVE) return rc; *statusbits = (msg[7] & 3); return 0; } int ccid_get_atr (ccid_driver_t handle, unsigned char *atr, size_t maxatrlen, size_t *atrlen) { int rc; int statusbits; unsigned char msg[100]; unsigned char *tpdu; size_t msglen, tpdulen; unsigned char seqno; int use_crc = 0; unsigned int edc; int i; int tried_iso = 0; int got_param; /* First check whether a card is available. */ rc = ccid_slot_status (handle, &statusbits); if (rc) return rc; if (statusbits == 2) return CCID_DRIVER_ERR_NO_CARD; /* For an inactive and also for an active card, issue the PowerOn command to get the ATR. */ again: msg[0] = PC_to_RDR_IccPowerOn; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* power select (0=auto, 1=5V, 2=3V, 3=1.8V) */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, 0); msglen = 10; rc = bulk_out (handle, msg, msglen); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, seqno, 5000, 0); if (rc) return rc; if (!tried_iso && CCID_COMMAND_FAILED (msg) && CCID_ERROR_CODE (msg) == 0xbb && ((handle->id_vendor == VENDOR_CHERRY && handle->id_product == 0x0005) || (handle->id_vendor == VENDOR_GEMPC && handle->id_product == 0x4433) )) { tried_iso = 1; /* Try switching to ISO mode. */ if (!send_escape_cmd (handle, (const unsigned char*)"\xF1\x01", 2, NULL, 0, NULL)) goto again; } else if (CCID_COMMAND_FAILED (msg)) return CCID_DRIVER_ERR_CARD_IO_ERROR; handle->powered_off = 0; if (atr) { size_t n = msglen - 10; if (n > maxatrlen) n = maxatrlen; memcpy (atr, msg+10, n); *atrlen = n; } got_param = 0; msg[0] = PC_to_RDR_GetParameters; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; /* RFU */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, 0); msglen = 10; rc = bulk_out (handle, msg, msglen); if (!rc) rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, seqno, 2000, 0); if (rc) DEBUGOUT ("GetParameters failed\n"); else { DEBUGOUT ("GetParametes returned"); for (i=0; i < msglen; i++) DEBUGOUT_CONT_1 (" %02X", msg[i]); DEBUGOUT_LF (); if (msglen >= 10) { DEBUGOUT_1 (" protocol ..........: T=%d\n", msg[9]); if (msglen == 17 && msg[9] == 1) { DEBUGOUT_1 (" bmFindexDindex ....: %02X\n", msg[10]); DEBUGOUT_1 (" bmTCCKST1 .........: %02X\n", msg[11]); DEBUGOUT_1 (" bGuardTimeT1 ......: %02X\n", msg[12]); DEBUGOUT_1 (" bmWaitingIntegersT1: %02X\n", msg[13]); DEBUGOUT_1 (" bClockStop ........: %02X\n", msg[14]); DEBUGOUT_1 (" bIFSC .............: %d\n", msg[15]); DEBUGOUT_1 (" bNadValue .........: %d\n", msg[16]); got_param = 1; } } } /* Setup parameters to select T=1. */ msg[0] = PC_to_RDR_SetParameters; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 1; /* Select T=1. */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ if (!got_param) { /* FIXME: Get those values from the ATR. */ msg[10]= 0x01; /* Fi/Di */ msg[11]= 0x10; /* LRC, direct convention. */ msg[12]= 0; /* Extra guardtime. */ msg[13]= 0x41; /* BWI/CWI */ msg[14]= 0; /* No clock stoppping. */ msg[15]= 254; /* IFSC */ msg[16]= 0; /* Does not support non default NAD values. */ } set_msg_len (msg, 7); msglen = 10 + 7; DEBUGOUT ("sending"); for (i=0; i < msglen; i++) DEBUGOUT_CONT_1 (" %02X", msg[i]); DEBUGOUT_LF (); rc = bulk_out (handle, msg, msglen); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_Parameters, seqno, 5000, 0); if (rc) DEBUGOUT ("SetParameters failed (ignored)\n"); handle->t1_ns = 0; handle->t1_nr = 0; /* Send an S-Block with our maximum IFSD to the CCID. */ if (!handle->apdu_level && !handle->auto_ifsd) { tpdu = msg+10; /* NAD: DAD=1, SAD=0 */ tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0; tpdu[1] = (0xc0 | 0 | 1); /* S-block request: change IFSD */ tpdu[2] = 1; tpdu[3] = handle->max_ifsd? handle->max_ifsd : 32; tpdulen = 4; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 0; msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, tpdulen); msglen = 10 + tpdulen; DEBUGOUT ("sending"); for (i=0; i < msglen; i++) DEBUGOUT_CONT_1 (" %02X", msg[i]); DEBUGOUT_LF (); if (debug_level > 1) DEBUGOUT_3 ("T=1: put %c-block seq=%d%s\n", ((msg[11] & 0xc0) == 0x80)? 'R' : (msg[11] & 0x80)? 'S' : 'I', ((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)), (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":"")); rc = bulk_out (handle, msg, msglen); if (rc) return rc; rc = bulk_in (handle, msg, sizeof msg, &msglen, RDR_to_PC_DataBlock, seqno, 5000, 0); if (rc) return rc; tpdu = msg + 10; tpdulen = msglen - 10; if (tpdulen < 4) return CCID_DRIVER_ERR_ABORTED; if (debug_level > 1) DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n", ((msg[11] & 0xc0) == 0x80)? 'R' : (msg[11] & 0x80)? 'S' : 'I', ((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)), ((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0, (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":"")); if ((tpdu[1] & 0xe0) != 0xe0 || tpdu[2] != 1) { DEBUGOUT ("invalid response for S-block (Change-IFSD)\n"); return -1; } DEBUGOUT_1 ("IFSD has been set to %d\n", tpdu[3]); } return 0; } static unsigned int compute_edc (const unsigned char *data, size_t datalen, int use_crc) { if (use_crc) { return 0x42; /* Not yet implemented. */ } else { unsigned char crc = 0; for (; datalen; datalen--) crc ^= *data++; return crc; } } /* Helper for ccid_transceive used for APDU level exchanges. */ static int ccid_transceive_apdu_level (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; unsigned char send_buffer[10+259], recv_buffer[10+259]; const unsigned char *apdu; size_t apdulen; unsigned char *msg; size_t msglen; unsigned char seqno; int i; msg = send_buffer; apdu = apdu_buf; apdulen = apdu_buflen; assert (apdulen); if (apdulen > 254) return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */ msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 4; /* bBWI */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ memcpy (msg+10, apdu, apdulen); set_msg_len (msg, apdulen); msglen = 10 + apdulen; DEBUGOUT ("sending"); for (i=0; i < msglen; i++) DEBUGOUT_CONT_1 (" %02X", msg[i]); DEBUGOUT_LF (); rc = bulk_out (handle, msg, msglen); if (rc) return rc; msg = recv_buffer; rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen, RDR_to_PC_DataBlock, seqno, 5000, 0); if (rc) return rc; apdu = msg + 10; apdulen = msglen - 10; if (resp) { if (apdulen > maxresplen) { DEBUGOUT_2 ("provided buffer too short for received data " "(%u/%u)\n", (unsigned int)apdulen, (unsigned int)maxresplen); return CCID_DRIVER_ERR_INV_VALUE; } memcpy (resp, apdu, apdulen); *nresp = apdulen; } return 0; } /* Protocol T=1 overview Block Structure: Prologue Field: 1 byte Node Address (NAD) 1 byte Protocol Control Byte (PCB) 1 byte Length (LEN) Information Field: 0-254 byte APDU or Control Information (INF) Epilogue Field: 1 byte Error Detection Code (EDC) NAD: bit 7 unused bit 4..6 Destination Node Address (DAD) bit 3 unused bit 2..0 Source Node Address (SAD) If node adresses are not used, SAD and DAD should be set to 0 on the first block sent to the card. If they are used they should have different values (0 for one is okay); that first block sets up the addresses of the nodes. PCB: Information Block (I-Block): bit 7 0 bit 6 Sequence number (yep, that is modulo 2) bit 5 Chaining flag bit 4..0 reserved Received-Ready Block (R-Block): bit 7 1 bit 6 0 bit 5 0 bit 4 Sequence number bit 3..0 0 = no error 1 = EDC or parity error 2 = other error other values are reserved Supervisory Block (S-Block): bit 7 1 bit 6 1 bit 5 clear=request,set=response bit 4..0 0 = resyncronisation request 1 = information field size request 2 = abort request 3 = extension of BWT request 4 = VPP error other values are reserved */ int ccid_transceive (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; unsigned char send_buffer[10+259], recv_buffer[10+259]; const unsigned char *apdu; size_t apdulen; unsigned char *msg, *tpdu, *p; size_t msglen, tpdulen, last_tpdulen, n; unsigned char seqno; int i; unsigned int edc; int use_crc = 0; size_t dummy_nresp; int next_chunk = 1; int sending = 1; int retries = 0; if (!nresp) nresp = &dummy_nresp; *nresp = 0; /* Smarter readers allow to send APDUs directly; divert here. */ if (handle->apdu_level) return ccid_transceive_apdu_level (handle, apdu_buf, apdu_buflen, resp, maxresplen, nresp); /* The other readers we support require sending TPDUs. */ tpdulen = 0; /* Avoid compiler warning about no initialization. */ msg = send_buffer; for (;;) { if (next_chunk) { next_chunk = 0; apdu = apdu_buf; apdulen = apdu_buflen; assert (apdulen); /* Construct an I-Block. */ if (apdulen > 254) return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */ tpdu = msg+10; /* NAD: DAD=1, SAD=0 */ tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0; tpdu[1] = ((handle->t1_ns & 1) << 6); /* I-block */ if (apdulen > 128 /* fixme: replace by ifsc */) { apdulen = 128; apdu_buf += 128; apdu_buflen -= 128; tpdu[1] |= (1 << 5); /* Set more bit. */ } tpdu[2] = apdulen; memcpy (tpdu+3, apdu, apdulen); tpdulen = 3 + apdulen; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; } msg[0] = PC_to_RDR_XfrBlock; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 4; /* bBWI */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ set_msg_len (msg, tpdulen); msglen = 10 + tpdulen; last_tpdulen = tpdulen; DEBUGOUT ("sending"); for (i=0; i < msglen; i++) DEBUGOUT_CONT_1 (" %02X", msg[i]); DEBUGOUT_LF (); if (debug_level > 1) DEBUGOUT_3 ("T=1: put %c-block seq=%d%s\n", ((msg[11] & 0xc0) == 0x80)? 'R' : (msg[11] & 0x80)? 'S' : 'I', ((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)), (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":"")); rc = bulk_out (handle, msg, msglen); if (rc) return rc; msg = recv_buffer; rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen, RDR_to_PC_DataBlock, seqno, 5000, 0); if (rc) return rc; tpdu = msg + 10; tpdulen = msglen - 10; if (tpdulen < 4) { usb_clear_halt (handle->idev, handle->ep_bulk_in); return CCID_DRIVER_ERR_ABORTED; } if (debug_level > 1) DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n", ((msg[11] & 0xc0) == 0x80)? 'R' : (msg[11] & 0x80)? 'S' : 'I', ((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)), ((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0, (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":"")); if (!(tpdu[1] & 0x80)) { /* This is an I-block. */ retries = 0; if (sending) { /* last block sent was successful. */ handle->t1_ns ^= 1; sending = 0; } if (!!(tpdu[1] & 0x40) != handle->t1_nr) { /* Reponse does not match our sequence number. */ msg = send_buffer; tpdu = msg+10; /* NAD: DAD=1, SAD=0 */ tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0; tpdu[1] = (0x80 | (handle->t1_nr & 1) << 4 | 2); /* R-block */ tpdu[2] = 0; tpdulen = 3; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; continue; } handle->t1_nr ^= 1; p = tpdu + 3; /* Skip the prologue field. */ n = tpdulen - 3 - 1; /* Strip the epilogue field. */ /* fixme: verify the checksum. */ if (resp) { if (n > maxresplen) { DEBUGOUT_2 ("provided buffer too short for received data " "(%u/%u)\n", (unsigned int)n, (unsigned int)maxresplen); return CCID_DRIVER_ERR_INV_VALUE; } memcpy (resp, p, n); resp += n; *nresp += n; maxresplen -= n; } if (!(tpdu[1] & 0x20)) return 0; /* No chaining requested - ready. */ msg = send_buffer; tpdu = msg+10; /* NAD: DAD=1, SAD=0 */ tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0; tpdu[1] = (0x80 | (handle->t1_nr & 1) << 4); /* R-block */ tpdu[2] = 0; tpdulen = 3; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; } else if ((tpdu[1] & 0xc0) == 0x80) { /* This is a R-block. */ if ( (tpdu[1] & 0x0f)) { /* Error: repeat last block */ if (++retries > 3) { DEBUGOUT ("3 failed retries\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } msg = send_buffer; tpdulen = last_tpdulen; } else if (sending && !!(tpdu[1] & 0x10) == handle->t1_ns) { /* Response does not match our sequence number. */ DEBUGOUT ("R-block with wrong seqno received on more bit\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } else if (sending) { /* Send next chunk. */ retries = 0; msg = send_buffer; next_chunk = 1; handle->t1_ns ^= 1; } else { DEBUGOUT ("unexpected ACK R-block received\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } } else { /* This is a S-block. */ retries = 0; DEBUGOUT_2 ("T=1 S-block %s received cmd=%d\n", (tpdu[1] & 0x20)? "response": "request", (tpdu[1] & 0x1f)); if ( !(tpdu[1] & 0x20) && (tpdu[1] & 0x1f) == 3 && tpdu[2]) { /* Wait time extension request. */ unsigned char bwi = tpdu[3]; msg = send_buffer; tpdu = msg+10; /* NAD: DAD=1, SAD=0 */ tpdu[0] = handle->nonnull_nad? ((1 << 4) | 0): 0; tpdu[1] = (0xc0 | 0x20 | 3); /* S-block response */ tpdu[2] = 1; tpdu[3] = bwi; tpdulen = 4; edc = compute_edc (tpdu, tpdulen, use_crc); if (use_crc) tpdu[tpdulen++] = (edc >> 8); tpdu[tpdulen++] = edc; DEBUGOUT_1 ("T=1 waittime extension of bwi=%d\n", bwi); } else return CCID_DRIVER_ERR_CARD_IO_ERROR; } } /* end T=1 protocol loop. */ return 0; } /* Send the CCID Secure command to the reader. APDU_BUF should contain the APDU template. PIN_MODE defines how the pin gets formatted: 1 := The PIN is ASCII encoded and of variable length. The length of the PIN entered will be put into Lc by the reader. The APDU should me made up of 4 bytes without Lc. PINLEN_MIN and PINLEN_MAX define the limits for the pin length. 0 may be used t enable reasonable defaults. PIN_PADLEN should be 0. When called with RESP and NRESP set to NULL, the function will merely check whether the reader supports the secure command for the given APDU and PIN_MODE. */ int ccid_transceive_secure (ccid_driver_t handle, const unsigned char *apdu_buf, size_t apdu_buflen, int pin_mode, int pinlen_min, int pinlen_max, int pin_padlen, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; unsigned char send_buffer[10+259], recv_buffer[10+259]; unsigned char *msg, *tpdu, *p; size_t msglen, tpdulen, n; unsigned char seqno; int i; size_t dummy_nresp; int testmode; testmode = !resp && !nresp; if (!nresp) nresp = &dummy_nresp; *nresp = 0; if (apdu_buflen >= 4 && apdu_buf[1] == 0x20 && (handle->has_pinpad & 1)) ; else if (apdu_buflen >= 4 && apdu_buf[1] == 0x24 && (handle->has_pinpad & 2)) return CCID_DRIVER_ERR_NOT_SUPPORTED; /* Not yet by our code. */ else return CCID_DRIVER_ERR_NO_KEYPAD; if (pin_mode != 1) return CCID_DRIVER_ERR_NOT_SUPPORTED; if (pin_padlen != 0) return CCID_DRIVER_ERR_NOT_SUPPORTED; if (!pinlen_min) pinlen_min = 1; if (!pinlen_max) pinlen_max = 25; /* Note that the 25 is the maximum value the SPR532 allows. */ if (pinlen_min < 1 || pinlen_min > 25 || pinlen_max < 1 || pinlen_max > 25 || pinlen_min > pinlen_max) return CCID_DRIVER_ERR_INV_VALUE; /* We have only tested this with an SCM reader so better don't risk anything and do not allow the use with other readers. */ if (handle->id_vendor != VENDOR_SCM) return CCID_DRIVER_ERR_NOT_SUPPORTED; if (testmode) return 0; /* Success */ msg = send_buffer; if (handle->id_vendor == VENDOR_SCM) { DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n"); rc = send_escape_cmd (handle, (const unsigned char*)"\x80\x02\x00", 3, NULL, 0, NULL); if (rc) return rc; } msg[0] = PC_to_RDR_Secure; msg[5] = 0; /* slot */ msg[6] = seqno = handle->seqno++; msg[7] = 4; /* bBWI */ msg[8] = 0; /* RFU */ msg[9] = 0; /* RFU */ msg[10] = 0; /* Perform PIN verification. */ msg[11] = 0; /* Timeout in seconds. */ msg[12] = 0x82; /* bmFormatString: Byte, pos=0, left, ASCII. */ if (handle->id_vendor == VENDOR_SCM) { /* For the SPR532 the next 2 bytes need to be zero. We do this for all SCM product. Kudos to Martin Paljak for this hint. */ msg[13] = msg[14] = 0; } else { msg[13] = 0x00; /* bmPINBlockString: 0 bits of pin length to insert. 0 bytes of PIN block size. */ msg[14] = 0x00; /* bmPINLengthFormat: Units are bytes, position is 0. */ } msg[15] = pinlen_min; /* wPINMaxExtraDigit-Minimum. */ msg[16] = pinlen_max; /* wPINMaxExtraDigit-Maximum. */ msg[17] = 0x02; /* bEntryValidationCondition: Validation key pressed */ if (pinlen_min && pinlen_max && pinlen_min == pinlen_max) msg[17] |= 0x01; /* Max size reached. */ msg[18] = 0xff; /* bNumberMessage: Default. */ msg[19] = 0x04; /* wLangId-High. */ msg[20] = 0x09; /* wLangId-Low: English FIXME: use the first entry. */ msg[21] = 0; /* bMsgIndex. */ /* bTeoProlog follows: */ msg[22] = handle->nonnull_nad? ((1 << 4) | 0): 0; msg[23] = ((handle->t1_ns & 1) << 6); /* I-block */ msg[24] = 4; /* apdulen. */ /* APDU follows: */ msg[25] = apdu_buf[0]; /* CLA */ msg[26] = apdu_buf[1]; /* INS */ msg[27] = apdu_buf[2]; /* P1 */ msg[28] = apdu_buf[3]; /* P2 */ msglen = 29; set_msg_len (msg, msglen - 10); DEBUGOUT ("sending"); for (i=0; i < msglen; i++) DEBUGOUT_CONT_1 (" %02X", msg[i]); DEBUGOUT_LF (); rc = bulk_out (handle, msg, msglen); if (rc) return rc; msg = recv_buffer; rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen, RDR_to_PC_DataBlock, seqno, 5000, 0); if (rc) return rc; tpdu = msg + 10; tpdulen = msglen - 10; if (tpdulen < 4) { usb_clear_halt (handle->idev, handle->ep_bulk_in); return CCID_DRIVER_ERR_ABORTED; } if (debug_level > 1) DEBUGOUT_4 ("T=1: got %c-block seq=%d err=%d%s\n", ((msg[11] & 0xc0) == 0x80)? 'R' : (msg[11] & 0x80)? 'S' : 'I', ((msg[11] & 0x80)? !!(msg[11]& 0x10) : !!(msg[11] & 0x40)), ((msg[11] & 0xc0) == 0x80)? (msg[11] & 0x0f) : 0, (!(msg[11] & 0x80) && (msg[11] & 0x20)? " [more]":"")); if (!(tpdu[1] & 0x80)) { /* This is an I-block. */ /* Last block sent was successful. */ handle->t1_ns ^= 1; if (!!(tpdu[1] & 0x40) != handle->t1_nr) { /* Reponse does not match our sequence number. */ DEBUGOUT ("I-block with wrong seqno received\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } handle->t1_nr ^= 1; p = tpdu + 3; /* Skip the prologue field. */ n = tpdulen - 3 - 1; /* Strip the epilogue field. */ /* fixme: verify the checksum. */ if (resp) { if (n > maxresplen) { DEBUGOUT_2 ("provided buffer too short for received data " "(%u/%u)\n", (unsigned int)n, (unsigned int)maxresplen); return CCID_DRIVER_ERR_INV_VALUE; } memcpy (resp, p, n); resp += n; *nresp += n; maxresplen -= n; } if (!(tpdu[1] & 0x20)) return 0; /* No chaining requested - ready. */ DEBUGOUT ("chaining requested but not supported for Secure operation\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } else if ((tpdu[1] & 0xc0) == 0x80) { /* This is a R-block. */ if ( (tpdu[1] & 0x0f)) { /* Error: repeat last block */ DEBUGOUT ("No retries supported for Secure operation\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } else if (!!(tpdu[1] & 0x10) == handle->t1_ns) { /* Reponse does not match our sequence number. */ DEBUGOUT ("R-block with wrong seqno received on more bit\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } else { /* Send next chunk. */ DEBUGOUT ("chaining not supported on Secure operation\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } } else { /* This is a S-block. */ DEBUGOUT_2 ("T=1 S-block %s received cmd=%d for Secure operation\n", (tpdu[1] & 0x20)? "response": "request", (tpdu[1] & 0x1f)); return CCID_DRIVER_ERR_CARD_IO_ERROR; } return 0; } #ifdef TEST static void print_error (int err) { const char *p; char buf[50]; switch (err) { case 0: p = "success"; case CCID_DRIVER_ERR_OUT_OF_CORE: p = "out of core"; break; case CCID_DRIVER_ERR_INV_VALUE: p = "invalid value"; break; case CCID_DRIVER_ERR_NO_DRIVER: p = "no driver"; break; case CCID_DRIVER_ERR_NOT_SUPPORTED: p = "not supported"; break; case CCID_DRIVER_ERR_LOCKING_FAILED: p = "locking failed"; break; case CCID_DRIVER_ERR_BUSY: p = "busy"; break; case CCID_DRIVER_ERR_NO_CARD: p = "no card"; break; case CCID_DRIVER_ERR_CARD_INACTIVE: p = "card inactive"; break; case CCID_DRIVER_ERR_CARD_IO_ERROR: p = "card I/O error"; break; case CCID_DRIVER_ERR_GENERAL_ERROR: p = "general error"; break; case CCID_DRIVER_ERR_NO_READER: p = "no reader"; break; case CCID_DRIVER_ERR_ABORTED: p = "aborted"; break; default: sprintf (buf, "0x%05x", err); p = buf; break; } fprintf (stderr, "operation failed: %s\n", p); } static void print_data (const unsigned char *data, size_t length) { if (length >= 2) { fprintf (stderr, "operation status: %02X%02X\n", data[length-2], data[length-1]); length -= 2; } if (length) { fputs (" returned data:", stderr); for (; length; length--, data++) fprintf (stderr, " %02X", *data); putc ('\n', stderr); } } static void print_result (int rc, const unsigned char *data, size_t length) { if (rc) print_error (rc); else if (data) print_data (data, length); } int main (int argc, char **argv) { int rc; ccid_driver_t ccid; unsigned int slotstat; unsigned char result[512]; size_t resultlen; int no_pinpad = 0; int verify_123456 = 0; int did_verify = 0; int no_poll = 0; if (argc) { argc--; argv++; } while (argc) { if ( !strcmp (*argv, "--list")) { char *p; p = ccid_get_reader_list (); if (!p) return 1; fputs (p, stderr); free (p); return 0; } else if ( !strcmp (*argv, "--debug")) { ccid_set_debug_level (1); argc--; argv++; } else if ( !strcmp (*argv, "--no-poll")) { no_poll = 1; argc--; argv++; } else if ( !strcmp (*argv, "--no-pinpad")) { no_pinpad = 1; argc--; argv++; } else if ( !strcmp (*argv, "--verify-123456")) { verify_123456 = 1; argc--; argv++; } else break; } rc = ccid_open_reader (&ccid, argc? *argv:NULL); if (rc) return 1; if (!no_poll) ccid_poll (ccid); fputs ("getting ATR ...\n", stderr); rc = ccid_get_atr (ccid, NULL, 0, NULL); if (rc) { print_error (rc); return 1; } if (!no_poll) ccid_poll (ccid); fputs ("getting slot status ...\n", stderr); rc = ccid_slot_status (ccid, &slotstat); if (rc) { print_error (rc); return 1; } if (!no_poll) ccid_poll (ccid); fputs ("selecting application OpenPGP ....\n", stderr); { static unsigned char apdu[] = { 0, 0xA4, 4, 0, 6, 0xD2, 0x76, 0x00, 0x01, 0x24, 0x01}; rc = ccid_transceive (ccid, apdu, sizeof apdu, result, sizeof result, &resultlen); print_result (rc, result, resultlen); } if (!no_poll) ccid_poll (ccid); fputs ("getting OpenPGP DO 0x65 ....\n", stderr); { static unsigned char apdu[] = { 0, 0xCA, 0, 0x65, 254 }; rc = ccid_transceive (ccid, apdu, sizeof apdu, result, sizeof result, &resultlen); print_result (rc, result, resultlen); } if (!no_pinpad) { } if (!no_pinpad) { static unsigned char apdu[] = { 0, 0x20, 0, 0x81 }; if (ccid_transceive_secure (ccid, apdu, sizeof apdu, 1, 0, 0, 0, NULL, 0, NULL)) fputs ("can't verify using a PIN-Pad reader\n", stderr); else { fputs ("verifying CHV1 using the PINPad ....\n", stderr); rc = ccid_transceive_secure (ccid, apdu, sizeof apdu, 1, 0, 0, 0, result, sizeof result, &resultlen); print_result (rc, result, resultlen); did_verify = 1; } } if (verify_123456 && !did_verify) { fputs ("verifying that CHV1 is 123456....\n", stderr); { static unsigned char apdu[] = {0, 0x20, 0, 0x81, 6, '1','2','3','4','5','6'}; rc = ccid_transceive (ccid, apdu, sizeof apdu, result, sizeof result, &resultlen); print_result (rc, result, resultlen); } } if (!rc) { fputs ("getting OpenPGP DO 0x5E ....\n", stderr); { static unsigned char apdu[] = { 0, 0xCA, 0, 0x5E, 254 }; rc = ccid_transceive (ccid, apdu, sizeof apdu, result, sizeof result, &resultlen); print_result (rc, result, resultlen); } } ccid_close_reader (ccid); return 0; } /* * Local Variables: * compile-command: "gcc -DTEST -Wall -I/usr/local/include -lusb -g ccid-driver.c" * End: */ #endif /*TEST*/ #endif /*HAVE_LIBUSB*/ diff --git a/scd/command.c b/scd/command.c index 1b7a8f67e..805164d0f 100644 --- a/scd/command.c +++ b/scd/command.c @@ -1,1608 +1,1636 @@ /* command.c - SCdaemon command handler * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. * * GnuPG is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * GnuPG is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include <config.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <ctype.h> #include <unistd.h> #include <signal.h> #ifdef USE_GNU_PTH # include <pth.h> #endif #include <assuan.h> #include "scdaemon.h" #include <ksba.h> #include "app-common.h" #include "apdu.h" /* Required for apdu_*_reader (). */ /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */ #define MAXLEN_PIN 100 /* Maximum allowed size of key data as used in inquiries. */ #define MAXLEN_KEYDATA 4096 #define set_error(e,t) assuan_set_error (ctx, ASSUAN_ ## e, (t)) /* Macro to flag a removed card. */ #define TEST_CARD_REMOVAL(c,r) \ do { \ int _r = (r); \ if (gpg_err_code (_r) == GPG_ERR_CARD_NOT_PRESENT \ || gpg_err_code (_r) == GPG_ERR_CARD_REMOVED) \ update_card_removed ((c)->reader_slot, 1); \ } while (0) #define IS_LOCKED(c) \ (locked_session && locked_session != (c)->server_local \ && (c)->reader_slot != -1 && locked_session->ctrl_backlink \ && (c)->reader_slot == locked_session->ctrl_backlink->reader_slot) +/* This structure is used to keep track of open readers (slots). */ +struct slot_status_s +{ + int valid; /* True if the other objects are valid. */ + int slot; /* Slot number of the reader or -1 if not open. */ + + int reset_failed; /* A reset failed. */ + + int any; /* Flag indicating whether any status check has been + done. This is set once to indicate that the status + tracking for the slot has been initialized. */ + unsigned int status; /* Last status of the slot. */ + unsigned int changed; /* Last change counter of teh slot. */ +}; + + /* Data used to associate an Assuan context with local server data. This object describes the local properties of one session. */ -struct server_local_s { +struct server_local_s +{ /* We keep a list of all active sessions with the anchor at SESSION_LIST (see below). This field is used for linking. */ struct server_local_s *next_session; /* This object is usually assigned to a CTRL object (which is globally visible). While enumerating all sessions we sometimes need to access data of the CTRL object; thus we keep a backpointer here. */ ctrl_t ctrl_backlink; /* The Assuan context used by this session/server. */ assuan_context_t assuan_ctx; int event_signal; /* Or 0 if not used. */ /* True if the card has been removed and a reset is required to continue operation. */ int card_removed; }; +/* The table with information on all used slots. */ +static struct slot_status_s slot_table[10]; + + /* To keep track of all running sessions, we link all active server contexts and the anchor in this variable. */ static struct server_local_s *session_list; /* If a session has been locked we store a link to its server object in this variable. */ static struct server_local_s *locked_session; +/* While doing a reset we need to make sure that the ticker does not + call scd_update_reader_status_file while we are using it. */ +static pth_mutex_t status_file_update_lock = PTH_MUTEX_INIT; + + +/*-- Local prototypes --*/ +static void update_reader_status_file (void); /* Update the CARD_REMOVED element of all sessions using the reader given by SLOT to VALUE */ static void update_card_removed (int slot, int value) { struct server_local_s *sl; for (sl=session_list; sl; sl = sl->next_session) if (sl->ctrl_backlink && sl->ctrl_backlink->reader_slot == slot) - sl->card_removed = value; + { + sl->card_removed = value; + } if (value) application_notify_card_removed (slot); } /* Check whether the option NAME appears in LINE */ static int has_option (const char *line, const char *name) { const char *s; int n = strlen (name); s = strstr (line, name); return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n))); } -/* Reset the card and free the application context. With DO_CLOSE set - to true and this is the last session with a reference to the - reader, close the reader and don't do just a reset. */ +/* Reset the card and free the application context. With SEND_RESET + set to true actually send a RESET to the reader. */ static void -do_reset (ctrl_t ctrl, int do_close) +do_reset (ctrl_t ctrl, int send_reset) { int slot = ctrl->reader_slot; + if (!(slot == -1 || (slot >= 0 && slot < DIM(slot_table)))) + BUG (); + if (ctrl->app_ctx) { release_application (ctrl->app_ctx); ctrl->app_ctx = NULL; } - if (ctrl->reader_slot != -1) - { - struct server_local_s *sl; - /* If we are the only session with the reader open we may close - it. If not, do a reset unless a lock is held on the - reader. */ - for (sl=session_list; sl; sl = sl->next_session) - if (sl != ctrl->server_local - && sl->ctrl_backlink->reader_slot == ctrl->reader_slot) - break; - if (sl) /* There is another session with the reader open. */ - { - if ( IS_LOCKED (ctrl) ) /* If it is locked, release it. */ - ctrl->reader_slot = -1; - else - { - if (do_close) /* Always mark reader unused. */ - ctrl->reader_slot = -1; - else if (apdu_reset (ctrl->reader_slot)) /* Reset only if - not locked */ - { - /* The reset failed. Mark the reader as closed. */ - ctrl->reader_slot = -1; - } - - if (locked_session && ctrl->server_local == locked_session) - { - locked_session = NULL; - log_debug ("implicitly unlocking due to RESET\n"); - } - } - } - else /* No other session has the reader open. */ + if (slot != -1 && send_reset && !IS_LOCKED (ctrl) ) + { + if (apdu_reset (slot)) { - if (do_close || apdu_reset (ctrl->reader_slot)) - { - apdu_close_reader (ctrl->reader_slot); - ctrl->reader_slot = -1; - } - if ( IS_LOCKED (ctrl) ) - { - log_debug ("WARNING: cleaning up stale session lock\n"); - locked_session = NULL; - } + slot_table[slot].reset_failed = 1; } } + ctrl->reader_slot = -1; + + /* If we hold a lock, unlock now. */ + if (locked_session && ctrl->server_local == locked_session) + { + locked_session = NULL; + log_info ("implicitly unlocking due to RESET\n"); + } - /* Reset card removed flag for the current reader. */ + /* Reset card removed flag for the current reader. We need to take + the lock here so that the ticker thread won't concurrently try to + update the file. Note that the update function will set the card + removed flag and we will later reset it - not a particualar nice + way of implementing it but it works. */ + if (!pth_mutex_acquire (&status_file_update_lock, 0, NULL)) + { + log_error ("failed to acquire status_fle_update lock\n"); + return; + } + update_reader_status_file (); update_card_removed (slot, 0); + if (!pth_mutex_release (&status_file_update_lock)) + log_error ("failed to release status_file_update lock\n"); } static void reset_notify (assuan_context_t ctx) { ctrl_t ctrl = assuan_get_pointer (ctx); - do_reset (ctrl, 0); + do_reset (ctrl, 1); } static int option_handler (assuan_context_t ctx, const char *key, const char *value) { ctrl_t ctrl = assuan_get_pointer (ctx); if (!strcmp (key, "event-signal")) { /* A value of 0 is allowed to reset the event signal. */ int i = *value? atoi (value) : -1; if (i < 0) return ASSUAN_Parameter_Error; ctrl->server_local->event_signal = i; } return 0; } /* Return the slot of the current reader or open the reader if no other sessions are using a reader. Note, that we currently support only one reader but most of the code (except for this function) should be able to cope with several readers. */ static int get_reader_slot (void) { - struct server_local_s *sl; - int slot= -1; + struct slot_status_s *ss; - for (sl=session_list; sl; sl = sl->next_session) - if (sl->ctrl_backlink - && (slot = sl->ctrl_backlink->reader_slot) != -1) - break; + ss = &slot_table[0]; /* One reader for now. */ - if (slot == -1) - slot = apdu_open_reader (opt.reader_port); + /* Initialize the item if needed. */ + if (!ss->valid) + { + ss->slot = -1; + ss->valid = 1; + } + + /* Try to open the reader. */ + if (ss->slot == -1) + ss->slot = apdu_open_reader (opt.reader_port); - return slot; + return ss->slot; } /* If the card has not yet been opened, do it. Note that this function returns an Assuan error, so don't map the error a second time */ static assuan_error_t open_card (ctrl_t ctrl, const char *apptype) { gpg_error_t err; int slot; /* If we ever got a card not present error code, return that. Only the SERIALNO command and a reset are able to clear from that state. */ if (ctrl->server_local->card_removed) return map_to_assuan_status (gpg_error (GPG_ERR_CARD_REMOVED)); if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); if (ctrl->app_ctx) { /* Already initialized for one specific application. Need to check that the client didn't requested a specific application different from the one in use. */ return check_application_conflict (ctrl, apptype); } if (ctrl->reader_slot != -1) slot = ctrl->reader_slot; else slot = get_reader_slot (); ctrl->reader_slot = slot; if (slot == -1) err = gpg_error (GPG_ERR_CARD); else err = select_application (ctrl, slot, apptype, &ctrl->app_ctx); TEST_CARD_REMOVAL (ctrl, err); return map_to_assuan_status (err); } /* Do the percent and plus/space unescaping in place and return the length of the valid buffer. */ static size_t percent_plus_unescape (unsigned char *string) { unsigned char *p = string; size_t n = 0; while (*string) { if (*string == '%' && string[1] && string[2]) { string++; *p++ = xtoi_2 (string); n++; string+= 2; } else if (*string == '+') { *p++ = ' '; n++; string++; } else { *p++ = *string++; n++; } } return n; } /* SERIALNO [APPTYPE] Return the serial number of the card using a status reponse. This functon should be used to check for the presence of a card. If APPTYPE is given, an application of that type is selected and an error is returned if the application is not supported or available. The default is to auto-select the application using a hardwired preference system. Note, that a future extension to this function may allow to specify a list and order of applications to try. This function is special in that it can be used to reset the card. Most other functions will return an error when a card change has been detected and the use of this function is therefore required. Background: We want to keep the client clear of handling card changes between operations; i.e. the client can assume that all operations are done on the same card unless he calls this function. */ static int cmd_serialno (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc = 0; char *serial_and_stamp; char *serial; time_t stamp; /* Clear the remove flag so that the open_card is able to reread it. */ if (ctrl->server_local->card_removed) { if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); - do_reset (ctrl, 0); + do_reset (ctrl, 1); } if ((rc = open_card (ctrl, *line? line:NULL))) return rc; rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp); if (rc) return map_to_assuan_status (rc); rc = asprintf (&serial_and_stamp, "%s %lu", serial, (unsigned long)stamp); xfree (serial); if (rc < 0) return ASSUAN_Out_Of_Core; rc = 0; assuan_write_status (ctx, "SERIALNO", serial_and_stamp); free (serial_and_stamp); return 0; } /* LEARN [--force] Learn all useful information of the currently inserted card. When used without the force options, the command might do an INQUIRE like this: INQUIRE KNOWNCARDP <hexstring_with_serialNumber> <timestamp> The client should just send an "END" if the processing should go on or a "CANCEL" to force the function to terminate with a Cancel error message. The response of this command is a list of status lines formatted as this: S APPTYPE <apptype> This returns the type of the application, currently the strings: P15 = PKCS-15 structure used DINSIG = DIN SIG OPENPGP = OpenPGP card are implemented. These strings are aliases for the AID S KEYPAIRINFO <hexstring_with_keygrip> <hexstring_with_id> If there is no certificate yet stored on the card a single "X" is returned as the keygrip. In addition to the keypair info, information about all certificates stored on the card is also returned: S CERTINFO <certtype> <hexstring_with_id> Where CERTTYPE is a number indicating the type of certificate: 0 := Unknown 100 := Regular X.509 cert 101 := Trusted X.509 cert 102 := Useful X.509 cert 110 := Root CA cert (DINSIG) For certain cards, more information will be returned: S KEY-FPR <no> <hexstring> For OpenPGP cards this returns the stored fingerprints of the keys. This can be used check whether a key is available on the card. NO may be 1, 2 or 3. S CA-FPR <no> <hexstring> Similar to above, these are the fingerprints of keys assumed to be ultimately trusted. S DISP-NAME <name_of_card_holder> The name of the card holder as stored on the card; percent escaping takes place, spaces are encoded as '+' S PUBKEY-URL <url> The URL to be used for locating the entire public key. Note, that this function may be even be used on a locked card. */ static int cmd_learn (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc = 0; if ((rc = open_card (ctrl, NULL))) return rc; /* Unless the force option is used we try a shortcut by identifying the card using a serial number and inquiring the client with that. The client may choose to cancel the operation if he already knows about this card */ { char *serial_and_stamp; char *serial; time_t stamp; rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp); if (rc) return map_to_assuan_status (rc); rc = asprintf (&serial_and_stamp, "%s %lu", serial, (unsigned long)stamp); xfree (serial); if (rc < 0) return ASSUAN_Out_Of_Core; rc = 0; assuan_write_status (ctx, "SERIALNO", serial_and_stamp); if (!has_option (line, "--force")) { char *command; rc = asprintf (&command, "KNOWNCARDP %s", serial_and_stamp); if (rc < 0) { free (serial_and_stamp); return ASSUAN_Out_Of_Core; } rc = 0; rc = assuan_inquire (ctx, command, NULL, NULL, 0); free (command); /* (must use standard free here) */ if (rc) { if (rc != ASSUAN_Canceled) log_error ("inquire KNOWNCARDP failed: %s\n", assuan_strerror (rc)); free (serial_and_stamp); return rc; } /* not canceled, so we have to proceeed */ } free (serial_and_stamp); } /* Let the application print out its collection of useful status information. */ if (!rc) rc = app_write_learn_status (ctrl->app_ctx, ctrl); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* READCERT <hexified_certid> Note, that this function may even be used on a locked card. */ static int cmd_readcert (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; unsigned char *cert; size_t ncert; if ((rc = open_card (ctrl, NULL))) return rc; line = xstrdup (line); /* Need a copy of the line. */ rc = app_readcert (ctrl->app_ctx, line, &cert, &ncert); if (rc) log_error ("app_readcert failed: %s\n", gpg_strerror (rc)); xfree (line); line = NULL; if (!rc) { rc = assuan_send_data (ctx, cert, ncert); xfree (cert); if (rc) return rc; } TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* READKEY <keyid> Return the public key for the given cert or key ID as an standard S-Expression. Note, that this function may even be used on a locked card. */ static int cmd_readkey (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; unsigned char *cert = NULL; size_t ncert, n; ksba_cert_t kc = NULL; ksba_sexp_t p; unsigned char *pk; size_t pklen; if ((rc = open_card (ctrl, NULL))) return rc; line = xstrdup (line); /* Need a copy of the line. */ /* If the application supports the READKEY function we use that. Otherwise we use the old way by extracting it from the certificate. */ rc = app_readkey (ctrl->app_ctx, line, &pk, &pklen); if (!rc) { /* Yeah, got that key - send it back. */ rc = assuan_send_data (ctx, pk, pklen); xfree (pk); rc = map_assuan_err (rc); xfree (line); line = NULL; goto leave; } if (gpg_err_code (rc) != GPG_ERR_UNSUPPORTED_OPERATION) log_error ("app_readkey failed: %s\n", gpg_strerror (rc)); else { rc = app_readcert (ctrl->app_ctx, line, &cert, &ncert); if (rc) log_error ("app_readcert failed: %s\n", gpg_strerror (rc)); } xfree (line); line = NULL; if (rc) goto leave; rc = ksba_cert_new (&kc); if (rc) { xfree (cert); goto leave; } rc = ksba_cert_init_from_mem (kc, cert, ncert); if (rc) { log_error ("failed to parse the certificate: %s\n", gpg_strerror (rc)); goto leave; } p = ksba_cert_get_public_key (kc); if (!p) { rc = gpg_error (GPG_ERR_NO_PUBKEY); goto leave; } n = gcry_sexp_canon_len (p, 0, NULL, NULL); rc = assuan_send_data (ctx, p, n); rc = map_assuan_err (rc); xfree (p); leave: ksba_cert_release (kc); xfree (cert); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* SETDATA <hexstring> The client should use this command to tell us the data he want to sign. */ static int cmd_setdata (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int n; char *p; unsigned char *buf; if (locked_session && locked_session != ctrl->server_local) return gpg_error (GPG_ERR_LOCKED); /* Parse the hexstring. */ for (p=line,n=0; hexdigitp (p); p++, n++) ; if (*p) return set_error (Parameter_Error, "invalid hexstring"); if (!n) return set_error (Parameter_Error, "no data given"); if ((n&1)) return set_error (Parameter_Error, "odd number of digits"); n /= 2; buf = xtrymalloc (n); if (!buf) return ASSUAN_Out_Of_Core; ctrl->in_data.value = buf; ctrl->in_data.valuelen = n; for (p=line, n=0; n < ctrl->in_data.valuelen; p += 2, n++) buf[n] = xtoi_2 (p); return 0; } static gpg_error_t pin_cb (void *opaque, const char *info, char **retstr) { assuan_context_t ctx = opaque; char *command; int rc; unsigned char *value; size_t valuelen; *retstr = NULL; log_debug ("asking for PIN '%s'\n", info); rc = asprintf (&command, "NEEDPIN %s", info); if (rc < 0) return gpg_error (gpg_err_code_from_errno (errno)); /* Fixme: Write an inquire function which returns the result in secure memory and check all further handling of the PIN. */ rc = assuan_inquire (ctx, command, &value, &valuelen, MAXLEN_PIN); free (command); if (rc) return map_assuan_err (rc); if (!valuelen || value[valuelen-1]) { /* We require that the returned value is an UTF-8 string */ xfree (value); return gpg_error (GPG_ERR_INV_RESPONSE); } *retstr = (char*)value; return 0; } /* PKSIGN <hexified_id> */ static int cmd_pksign (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; unsigned char *outdata; size_t outdatalen; char *keyidstr; if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; /* We have to use a copy of the key ID because the function may use the pin_cb which in turn uses the assuan line buffer and thus overwriting the original line with the keyid */ keyidstr = xtrystrdup (line); if (!keyidstr) return ASSUAN_Out_Of_Core; rc = app_sign (ctrl->app_ctx, keyidstr, GCRY_MD_SHA1, pin_cb, ctx, ctrl->in_data.value, ctrl->in_data.valuelen, &outdata, &outdatalen); xfree (keyidstr); if (rc) { log_error ("card_sign failed: %s\n", gpg_strerror (rc)); } else { rc = assuan_send_data (ctx, outdata, outdatalen); xfree (outdata); if (rc) return rc; /* that is already an assuan error code */ } TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* PKAUTH <hexified_id> */ static int cmd_pkauth (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; unsigned char *outdata; size_t outdatalen; char *keyidstr; if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; if (!ctrl->app_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); /* We have to use a copy of the key ID because the function may use the pin_cb which in turn uses the assuan line buffer and thus overwriting the original line with the keyid */ keyidstr = xtrystrdup (line); if (!keyidstr) return ASSUAN_Out_Of_Core; rc = app_auth (ctrl->app_ctx, keyidstr, pin_cb, ctx, ctrl->in_data.value, ctrl->in_data.valuelen, &outdata, &outdatalen); xfree (keyidstr); if (rc) { log_error ("app_auth_sign failed: %s\n", gpg_strerror (rc)); } else { rc = assuan_send_data (ctx, outdata, outdatalen); xfree (outdata); if (rc) return rc; /* that is already an assuan error code */ } TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* PKDECRYPT <hexified_id> */ static int cmd_pkdecrypt (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; unsigned char *outdata; size_t outdatalen; char *keyidstr; if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; keyidstr = xtrystrdup (line); if (!keyidstr) return ASSUAN_Out_Of_Core; rc = app_decipher (ctrl->app_ctx, keyidstr, pin_cb, ctx, ctrl->in_data.value, ctrl->in_data.valuelen, &outdata, &outdatalen); xfree (keyidstr); if (rc) { log_error ("card_create_signature failed: %s\n", gpg_strerror (rc)); } else { rc = assuan_send_data (ctx, outdata, outdatalen); xfree (outdata); if (rc) return rc; /* that is already an assuan error code */ } TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* GETATTR <name> This command is used to retrieve data from a smartcard. The allowed names depend on the currently selected smartcard application. NAME must be percent and '+' escaped. The value is returned through status message, see the LEARN command for details. However, the current implementation assumes that Name is not escaped; this works as long as noone uses arbitrary escaping. Note, that this function may even be used on a locked card. */ static int cmd_getattr (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; const char *keyword; if ((rc = open_card (ctrl, NULL))) return rc; keyword = line; for (; *line && !spacep (line); line++) ; if (*line) *line++ = 0; /* (We ignore any garbage for now.) */ /* FIXME: Applications should not return sensistive data if the card is locked. */ rc = app_getattr (ctrl->app_ctx, ctrl, keyword); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* SETATTR <name> <value> This command is used to store data on a a smartcard. The allowed names and values are depend on the currently selected smartcard application. NAME and VALUE must be percent and '+' escaped. However, the curent implementation assumes that Name is not escaped; this works as long as noone uses arbitrary escaping. A PIN will be requested for most NAMEs. See the corresponding setattr function of the actually used application (app-*.c) for details. */ static int cmd_setattr (assuan_context_t ctx, char *orig_line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; char *keyword; int keywordlen; size_t nbytes; char *line, *linebuf; if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; /* We need to use a copy of LINE, because PIN_CB uses the same context and thus reuses the Assuan provided LINE. */ line = linebuf = xtrystrdup (orig_line); if (!line) return ASSUAN_Out_Of_Core; keyword = line; for (keywordlen=0; *line && !spacep (line); line++, keywordlen++) ; if (*line) *line++ = 0; while (spacep (line)) line++; nbytes = percent_plus_unescape ((unsigned char*)line); rc = app_setattr (ctrl->app_ctx, keyword, pin_cb, ctx, (const unsigned char*)line, nbytes); xfree (linebuf); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* WRITEKEY [--force] <keyid> This command is used to store a secret key on a a smartcard. The allowed keyids depend on the currently selected smartcard application. The actual keydata is requested using the inquiry "KETDATA" and need to be provided without any protection. With --force set an existing key under this KEYID will get overwritten. The keydata is expected to be the usual canonical encoded S-expression. A PIN will be requested for most NAMEs. See the corresponding writekey function of the actually used application (app-*.c) for details. */ static int cmd_writekey (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; char *keyid; int force = has_option (line, "--force"); unsigned char *keydata; size_t keydatalen; if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); /* Skip over options. */ while ( *line == '-' && line[1] == '-' ) { while (*line && !spacep (line)) line++; while (spacep (line)) line++; } if (!*line) return set_error (Parameter_Error, "no keyid given"); keyid = line; while (*line && !spacep (line)) line++; *line = 0; if ((rc = open_card (ctrl, NULL))) return rc; if (!ctrl->app_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); keyid = xtrystrdup (keyid); if (!keyid) return ASSUAN_Out_Of_Core; /* Now get the actual keydata. */ rc = assuan_inquire (ctx, "KEYDATA", &keydata, &keydatalen, MAXLEN_KEYDATA); if (rc) { xfree (keyid); return rc; } /* Write the key to the card. */ rc = app_writekey (ctrl->app_ctx, ctrl, keyid, force? 1:0, pin_cb, ctx, keydata, keydatalen); xfree (keyid); xfree (keydata); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* GENKEY [--force] <no> Generate a key on-card identified by NO, which is application specific. Return values are application specific. For OpenPGP cards 2 status lines are returned: S KEY-FPR <hexstring> S KEY-CREATED-AT <seconds_since_epoch> S KEY-DATA [p|n] <hexdata> --force is required to overwrite an already existing key. The KEY-CREATED-AT is required for further processing because it is part of the hashed key material for the fingerprint. The public part of the key can also later be retrieved using the READKEY command. */ static int cmd_genkey (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; char *keyno; int force = has_option (line, "--force"); if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); /* Skip over options. */ while ( *line == '-' && line[1] == '-' ) { while (*line && !spacep (line)) line++; while (spacep (line)) line++; } if (!*line) return set_error (Parameter_Error, "no key number given"); keyno = line; while (*line && !spacep (line)) line++; *line = 0; if ((rc = open_card (ctrl, NULL))) return rc; if (!ctrl->app_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); keyno = xtrystrdup (keyno); if (!keyno) return ASSUAN_Out_Of_Core; rc = app_genkey (ctrl->app_ctx, ctrl, keyno, force? 1:0, pin_cb, ctx); xfree (keyno); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* RANDOM <nbytes> Get NBYTES of random from the card and send them back as data. Note, that this function may be even be used on a locked card. */ static int cmd_random (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; size_t nbytes; unsigned char *buffer; if (!*line) return set_error (Parameter_Error, "number of requested bytes missing"); nbytes = strtoul (line, NULL, 0); if ((rc = open_card (ctrl, NULL))) return rc; if (!ctrl->app_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); buffer = xtrymalloc (nbytes); if (!buffer) return ASSUAN_Out_Of_Core; rc = app_get_challenge (ctrl->app_ctx, nbytes, buffer); if (!rc) { rc = assuan_send_data (ctx, buffer, nbytes); xfree (buffer); return rc; /* that is already an assuan error code */ } xfree (buffer); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* PASSWD [--reset] <chvno> Change the PIN or reset the retry counter of the card holder verfication vector CHVNO. */ static int cmd_passwd (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; char *chvnostr; int reset_mode = has_option (line, "--reset"); if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); /* Skip over options. */ while (*line == '-' && line[1] == '-') { while (*line && !spacep (line)) line++; while (spacep (line)) line++; } if (!*line) return set_error (Parameter_Error, "no CHV number given"); chvnostr = line; while (*line && !spacep (line)) line++; *line = 0; if ((rc = open_card (ctrl, NULL))) return rc; if (!ctrl->app_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); chvnostr = xtrystrdup (chvnostr); if (!chvnostr) return ASSUAN_Out_Of_Core; rc = app_change_pin (ctrl->app_ctx, ctrl, chvnostr, reset_mode, pin_cb, ctx); if (rc) log_error ("command passwd failed: %s\n", gpg_strerror (rc)); xfree (chvnostr); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* CHECKPIN <idstr> Perform a VERIFY operation without doing anything else. This may be used to initialize a the PIN cache earlier to long lasting operations. Its use is highly application dependent. For OpenPGP: Perform a simple verify operation for CHV1 and CHV2, so that further operations won't ask for CHV2 and it is possible to do a cheap check on the PIN: If there is something wrong with the PIN entry system, only the regular CHV will get blocked and not the dangerous CHV3. IDSTR is the usual card's serial number in hex notation; an optional fingerprint part will get ignored. There is however a special mode if the IDSTR is sffixed with the literal string "[CHV3]": In this case the Admin PIN is checked if and only if the retry counter is still at 3. */ static int cmd_checkpin (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; char *keyidstr; if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); if ((rc = open_card (ctrl, NULL))) return rc; if (!ctrl->app_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); /* We have to use a copy of the key ID because the function may use the pin_cb which in turn uses the assuan line buffer and thus overwriting the original line with the keyid. */ keyidstr = xtrystrdup (line); if (!keyidstr) return ASSUAN_Out_Of_Core; rc = app_check_pin (ctrl->app_ctx, keyidstr, pin_cb, ctx); xfree (keyidstr); if (rc) log_error ("app_check_pin failed: %s\n", gpg_strerror (rc)); TEST_CARD_REMOVAL (ctrl, rc); return map_to_assuan_status (rc); } /* LOCK [--wait] Grant exclusive card access to this session. Note that there is no lock counter used and a second lock from the same session will be ignored. A single unlock (or RESET) unlocks the session. Return GPG_ERR_LOCKED if another session has locked the reader. If the option --wait is given the command will wait until a lock has been released. */ static int cmd_lock (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc = 0; retry: if (locked_session) { if (locked_session != ctrl->server_local) rc = gpg_error (GPG_ERR_LOCKED); } else locked_session = ctrl->server_local; #ifdef USE_GNU_PTH if (rc && has_option (line, "--wait")) { rc = 0; pth_sleep (1); /* Better implement an event mechanism. However, for card operations this should be sufficient. */ /* FIXME: Need to check that the connection is still alive. This can be done by issuing status messages. */ goto retry; } #endif /*USE_GNU_PTH*/ if (rc) log_error ("cmd_lock failed: %s\n", gpg_strerror (rc)); return map_to_assuan_status (rc); } /* UNLOCK Release exclusive card access. */ static int cmd_unlock (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); int rc = 0; if (locked_session) { if (locked_session != ctrl->server_local) rc = gpg_error (GPG_ERR_LOCKED); else locked_session = NULL; } else rc = gpg_error (GPG_ERR_NOT_LOCKED); if (rc) log_error ("cmd_unlock failed: %s\n", gpg_strerror (rc)); return map_to_assuan_status (rc); } /* GETINFO <what> Multi purpose command to return certain information. Supported values of WHAT are: socket_name - Return the name of the socket. */ static int cmd_getinfo (assuan_context_t ctx, char *line) { int rc = 0; if (!strcmp (line, "socket_name")) { const char *s = scd_get_socket_name (); if (s) rc = assuan_send_data (ctx, s, strlen (s)); else rc = gpg_error (GPG_ERR_NO_DATA); } else rc = set_error (Parameter_Error, "unknown value for WHAT"); return rc; } /* RESTART - Restart the current connection; this is a kind of warn reset. It + Restart the current connection; this is a kind of warm reset. It deletes the context used by this connection but does not send a RESET to the card. Thus the card itself won't get reset. This is used by gpg-agent to reuse a primary pipe connection and may be used by clients to backup from a conflict in the serial command; i.e. to select another application. */ static int cmd_restart (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); if (ctrl->app_ctx) { release_application (ctrl->app_ctx); ctrl->app_ctx = NULL; } if (locked_session && ctrl->server_local == locked_session) { locked_session = NULL; log_info ("implicitly unlocking due to RESTART\n"); } return 0; } /* Tell the assuan library about our commands */ static int register_commands (assuan_context_t ctx) { static struct { const char *name; int (*handler)(assuan_context_t, char *line); } table[] = { { "SERIALNO", cmd_serialno }, { "LEARN", cmd_learn }, { "READCERT", cmd_readcert }, { "READKEY", cmd_readkey }, { "SETDATA", cmd_setdata }, { "PKSIGN", cmd_pksign }, { "PKAUTH", cmd_pkauth }, { "PKDECRYPT", cmd_pkdecrypt }, { "INPUT", NULL }, { "OUTPUT", NULL }, { "GETATTR", cmd_getattr }, { "SETATTR", cmd_setattr }, { "WRITEKEY", cmd_writekey }, { "GENKEY", cmd_genkey }, { "RANDOM", cmd_random }, { "PASSWD", cmd_passwd }, { "CHECKPIN", cmd_checkpin }, { "LOCK", cmd_lock }, { "UNLOCK", cmd_unlock }, { "GETINFO", cmd_getinfo }, { "RESTART", cmd_restart }, { NULL } }; int i, rc; for (i=0; table[i].name; i++) { rc = assuan_register_command (ctx, table[i].name, table[i].handler); if (rc) return rc; } assuan_set_hello_line (ctx, "GNU Privacy Guard's Smartcard server ready"); assuan_register_reset_notify (ctx, reset_notify); assuan_register_option_handler (ctx, option_handler); return 0; } /* Startup the server. If FD is given as -1 this is simple pipe server, otherwise it is a regular server. */ void scd_command_handler (int fd) { int rc; assuan_context_t ctx; struct server_control_s ctrl; memset (&ctrl, 0, sizeof ctrl); scd_init_default_ctrl (&ctrl); if (fd == -1) { int filedes[2]; filedes[0] = 0; filedes[1] = 1; rc = assuan_init_pipe_server (&ctx, filedes); } else { rc = assuan_init_connected_socket_server (&ctx, fd); } if (rc) { log_error ("failed to initialize the server: %s\n", assuan_strerror(rc)); scd_exit (2); } rc = register_commands (ctx); if (rc) { log_error ("failed to register commands with Assuan: %s\n", assuan_strerror(rc)); scd_exit (2); } assuan_set_pointer (ctx, &ctrl); /* Allocate and initialize the server object. Put it into the list of active sessions. */ ctrl.server_local = xcalloc (1, sizeof *ctrl.server_local); ctrl.server_local->next_session = session_list; session_list = ctrl.server_local; ctrl.server_local->ctrl_backlink = &ctrl; ctrl.server_local->assuan_ctx = ctx; if (DBG_ASSUAN) assuan_set_log_stream (ctx, log_get_stream ()); /* We open the reader right at startup so that the ticker is able to update the status file. */ if (ctrl.reader_slot == -1) { ctrl.reader_slot = get_reader_slot (); } /* Command processing loop. */ for (;;) { rc = assuan_accept (ctx); if (rc == -1) { break; } else if (rc) { log_info ("Assuan accept problem: %s\n", assuan_strerror (rc)); break; } rc = assuan_process (ctx); if (rc) { log_info ("Assuan processing failed: %s\n", assuan_strerror (rc)); continue; } } /* Cleanup. */ - do_reset (&ctrl, 1); + do_reset (&ctrl, 0); /* Release the server object. */ if (session_list == ctrl.server_local) session_list = ctrl.server_local->next_session; else { struct server_local_s *sl; for (sl=session_list; sl->next_session; sl = sl->next_session) if (sl->next_session == ctrl.server_local) break; if (!sl->next_session) BUG (); sl->next_session = ctrl.server_local->next_session; } xfree (ctrl.server_local); /* Release the Assuan context. */ assuan_deinit_server (ctx); } /* Send a line with status information via assuan and escape all given buffers. The variable elements are pairs of (char *, size_t), terminated with a (NULL, 0). */ void send_status_info (ctrl_t ctrl, const char *keyword, ...) { va_list arg_ptr; const unsigned char *value; size_t valuelen; char buf[950], *p; size_t n; assuan_context_t ctx = ctrl->server_local->assuan_ctx; va_start (arg_ptr, keyword); p = buf; n = 0; while ( (value = va_arg (arg_ptr, const unsigned char *)) ) { valuelen = va_arg (arg_ptr, size_t); if (!valuelen) continue; /* empty buffer */ if (n) { *p++ = ' '; n++; } for ( ; valuelen && n < DIM (buf)-2; n++, valuelen--, value++) { if (*value < ' ' || *value == '+') { sprintf (p, "%%%02X", *value); p += 3; } else if (*value == ' ') *p++ = '+'; else *p++ = *value; } } *p = 0; assuan_write_status (ctx, keyword, buf); va_end (arg_ptr); } -/* This function is called by the ticker thread to check for changes - of the reader stati. It updates the reader status files and if - requested by the caller also send a signal to the caller. */ -void -scd_update_reader_status_file (void) +/* This is the core of scd_update_reader_status_file but the caller + needs to take care of the locking. */ +static void +update_reader_status_file (void) { - static struct { - int any; - unsigned int status; - unsigned int changed; - } last[10]; - int slot; - int used; + int idx; unsigned int status, changed; /* Note, that we only try to get the status, because it does not make sense to wait here for a operation to complete. If we are busy working with a card, delays in the status file update should be acceptable. */ - for (slot=0; (slot < DIM(last) - &&!apdu_enum_reader (slot, &used)); slot++) - if (used && !apdu_get_status (slot, 0, &status, &changed)) - { - if (!last[slot].any || last[slot].status != status - || last[slot].changed != changed ) - { - char *fname; - char templ[50]; - FILE *fp; - struct server_local_s *sl; - - log_info ("updating status of slot %d to 0x%04X\n", slot, status); - - sprintf (templ, "reader_%d.status", slot); - fname = make_filename (opt.homedir, templ, NULL ); - fp = fopen (fname, "w"); - if (fp) - { - fprintf (fp, "%s\n", - (status & 1)? "USABLE": - (status & 4)? "ACTIVE": - (status & 2)? "PRESENT": "NOCARD"); - fclose (fp); - } - xfree (fname); - - /* Set the card removed flag for all current sessions. We - will set this on any card change because a reset or - SERIALNO request must be done in any case. */ - if (last[slot].any) - update_card_removed (slot, 1); - - last[slot].any = 1; - last[slot].status = status; - last[slot].changed = changed; + for (idx=0; idx < DIM(slot_table); idx++) + { + struct slot_status_s *ss = slot_table + idx; + if (!ss->valid || ss->slot == -1) + continue; /* Not valid or reader not yet open. */ + + if ( apdu_get_status (ss->slot, 0, &status, &changed) ) + continue; /* Get status failed. */ - /* Send a signal to all clients who applied for it. */ - for (sl=session_list; sl; sl = sl->next_session) - if (sl->event_signal && sl->assuan_ctx) - { - pid_t pid = assuan_get_pid (sl->assuan_ctx); - int signo = sl->event_signal; + if (!ss->any || ss->status != status || ss->changed != changed ) + { + char *fname; + char templ[50]; + FILE *fp; + struct server_local_s *sl; - log_info ("client pid is %d, sending signal %d\n", - pid, signo); + log_info ("updating status of slot %d to 0x%04X\n", + ss->slot, status); + + sprintf (templ, "reader_%d.status", ss->slot); + fname = make_filename (opt.homedir, templ, NULL ); + fp = fopen (fname, "w"); + if (fp) + { + fprintf (fp, "%s\n", + (status & 1)? "USABLE": + (status & 4)? "ACTIVE": + (status & 2)? "PRESENT": "NOCARD"); + fclose (fp); + } + xfree (fname); + + /* Set the card removed flag for all current sessions. We + will set this on any card change because a reset or + SERIALNO request must be done in any case. */ + if (ss->any) + update_card_removed (ss->slot, 1); + + ss->any = 1; + ss->status = status; + ss->changed = changed; + + /* Send a signal to all clients who applied for it. */ + for (sl=session_list; sl; sl = sl->next_session) + if (sl->event_signal && sl->assuan_ctx) + { + pid_t pid = assuan_get_pid (sl->assuan_ctx); + int signo = sl->event_signal; + + log_info ("client pid is %d, sending signal %d\n", + pid, signo); #ifndef HAVE_W32_SYSTEM - if (pid != (pid_t)(-1) && pid && signo > 0) - kill (pid, signo); + if (pid != (pid_t)(-1) && pid && signo > 0) + kill (pid, signo); #endif - } - } - } + } + } + } +} + +/* This function is called by the ticker thread to check for changes + of the reader stati. It updates the reader status files and if + requested by the caller also send a signal to the caller. */ +void +scd_update_reader_status_file (void) +{ + if (!pth_mutex_acquire (&status_file_update_lock, 1, NULL)) + return; /* locked - give up. */ + update_reader_status_file (); + if (!pth_mutex_release (&status_file_update_lock)) + log_error ("failed to release status_file_update lock\n"); }