Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Tuesday, October 29, 2013

OS X Mavericks and smart cards status

The new version of OS X 10.9 called Mavericks is now available since 22th October 2013. The operating system is now called OS X and not Mac OS X.



As I did with the previous major versions of Mac OS X Mountain Lion (and Lion) I will list changes in Maveriks regarding the smart card world.

pcsc-lite

Same version as in Mountain Lion. But seen bellow.

CCID driver

Same as in Mountain Lion.
CCID driver version 1.3.11.

$ grep -A 1 CFBundleShortVersionString /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist 
  <key>CFBundleShortVersionString</key>
  <string>1.3.11</string>

The binary is now 64-bits only in Mavericks when it was 32-bits only in Mountain Lion and previous versions.

$ file /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/MacOS/libccid.dylib
/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/MacOS/libccid.dylib: Mach-O 64-bit dynamically linked shared library x86_64

Source code

The source code is provided by Apple from the web site OS X 10.9 Source. The two components are available in:
The source code is not yet available in the subversion repository of the SmartCard Services project.

The source code for the smart card components in Mac OS X 10.8 is available at Mac OS X 10.8 Source. It is then easy to compare the two versions.

Changes


pcsc-lite


$ diff -ru SmartCardServices-55105 SmartCardServices-55111 | diffstat 
 Info-PCSC.plist                             |    2 
 SmartCardServices.xcodeproj/project.pbxproj |    7 -
 src/PCSC/PCSCDevice.h                       |    2 
 src/PCSC/PCSCDriverBundle.h                 |    2 
 src/PCSC/hotplug_macosx.cpp                 |    2 
 src/PCSC/pcscd_reader.h                     |    2 
 src/PCSC/pcscdaemon.c                       |   54 -----------
 src/PCSC/pcscdmonitor.h                     |    2 
 src/PCSC/pcscdserver.h                      |    2 
 src/PCSC/readerfactory.c                    |  127 ----------------------------
 src/PCSC/readerstate.h                      |    2 
 src/PCSC/sys_macosx.cpp                     |    2 
 12 files changed, 14 insertions(+), 192 deletions(-)

The respawn feature has been removed from pcscd. This feature has been added in Lion and allows a 64-bits pcscd to restart in 32-bits if it find a 32-bits only driver. See Mac OS X Lion and smart cards status for some more details.

I also note that the support of Rosetta is still present. This has been added during Tiger (10.4 released in 2006) to support the migration from PowerPC and Intel processors. The idea is to be able to use a PowerPC (big endian) PC/SC client talking to an Intel (little endian) pcscd server. Some functions inside pcsc-lite are used to do the needed conversions like SHSharedSegmentMsgToNetworkOrder() and SHSharedSegmentMsgToHostOrder() in src/PCSC/winscard_msg.cpp.

libccid


$ diff -ru SmartcardCCID-55000 SmartcardCCID-55005 | diffstat 
diff: SmartcardCCID-55000/libusb/libusb/compile: No such file or directory
diff: SmartcardCCID-55000/libusb/libusb/config.guess: No such file or directory
diff: SmartcardCCID-55000/libusb/libusb/config.sub: No such file or directory
diff: SmartcardCCID-55000/libusb/libusb/depcomp: No such file or directory
diff: SmartcardCCID-55000/libusb/libusb/install-sh: No such file or directory
diff: SmartcardCCID-55000/libusb/libusb/ltmain.sh: No such file or directory
diff: SmartcardCCID-55000/libusb/libusb/missing: No such file or directory
 Makefile                       |    2 
 files/automake_copy.patch      |only
 files/darwin_no_seize.patch    |only
 libusb/Makefile.in             |  372 -
 libusb/aclocal.m4              | 1404 +++-
 libusb/autogen.sh              |    4 
 libusb/autom4te.cache/output.0 |11877 +++++++++++++++++++----------------------
 libusb/autom4te.cache/output.1 |11877 +++++++++++++++++++----------------------
 libusb/autom4te.cache/requests |   80 
 libusb/autom4te.cache/traces.0 |  754 +-
 libusb/autom4te.cache/traces.1 |  155 
 libusb/config.h.in             |   20 
 libusb/configure               |11767 +++++++++++++++++++---------------------
 libusb/darwin.c                |    6 
 libusb/doc/Makefile.in         |   51 
 libusb/tests/Makefile.in       |  168 
 16 files changed, 18722 insertions(+), 19815 deletions(-)

Only some files needed to rebuild the binary have been updated. libusb version is still libusb-0.1.13b and libccid is still ccid-1.3.11.

Impacts of the changes


Since the respawn feature has been removed from pcscd a 32-bits (Intel) only driver will not be usable on Mavericks. You have to provide a 64-bits (or Universal Binary with 32-bits and 64-bits) so it can be used on Mavericks.


Conclusion

Apple has not really updated the smart card components in Mavericks, or Mountain Lion or Lion. No bug or limitation has been fixed. And no new bug have been introduced.
Only 64-bits smart card drivers are usable on Mavericks.

The CCID driver provided (version 1.3.11) has been released on July 2009, 4 years ago. Since this version 146 readers have been added (112% more). Yes, more readers have been added since 1.3.11 than readers supported in version 1.3.11.

Sunday, October 20, 2013

New version of pcsc-lite: 1.8.10

I just released a new version of pcsc-lite 1.8.10.

This version is a bug fix for the version 1.8.9 I released 3 days ago.

When making the Debian package for pcsc-lite the lintian tool reported that a new symbol log_msg was exported by the client library libpcsclite.so.1. This symbol is NOT part of the WinSCard API and should not be exported. It was a bug and needed to be fixed soon to avoid problems in PC/SC applications (like symbol conflict).

Changes:
pcsc-lite-1.8.10: Ludovic Rousseau
19 October 2013
  • do not export the internal log_msg symbol from libpcsclite.so.1

Wednesday, October 16, 2013

New version of pcsc-lite: 1.8.9

I just released a new version of pcsc-lite 1.8.9.

Changes:
pcsc-lite-1.8.9: Ludovic Rousseau
16 October 2013
  • SCardEndTransaction(): Return an error if is called with no corresponding SCardBeginTransaction()
  • SCardGetAttrib(): Add support of SCARD_ATTR_DEVICE_SYSTEM_NAME
  • SCardGetAttrib(): Fix bug in SCARD_ATTR_DEVICE_FRIENDLY_NAME
  • SCardBeginTransaction() was not correctly releasing a mutex when the hCard handle was invalidated
    The problem was that SCardGetStatusChange() was blocked because SCardBeginTransaction() had not released the context mutex.
  • PCSC/reader.h: Use C99 flexible array member
    The structures PIN_MODIFY_STRUCTURE and PIN_VERIFY_STRUCTURE now use a C99 flexible array member when available for abData field.
    uint8_t abData[];
  • Add support of --reader-name-no-serial and --reader-name-no-interface
    It is now possible to NOT add the USB serial number of the reader using --reader-name-no-serial
    It is now possible to NOT add the CCID interface name of the reader using --reader-name-no-interface
  • Add support of serialconfdir pkg-config variable
    It is now possible to use pkg-config to get the directory used by pcscd to fetch serial drivers configurations.
    $ pkg-config libpcsclite --variable=serialconfdir
    /etc/reader.conf.d
  • pcsc-spy: Try to display the thread in the order they appear in the log
  • pcsc-spy: Add SCARD_ATTR_DEVICE_SYSTEM_NAME
  • Check the Info.plist file is (a minimum) correct
  • Update PROTOCOL_VERSION_MINOR from 2 to 3
    We broke the API between version 1.8.3 and 1.8.4 by changing the value of MAX_READERNAME. This change should have been made before releasing version 1.8.4 to make mix of versions clearly non working instead of failing with strange errors.
  • hotplug_libudev.c: Fix a memory leak in case of error
  • Fix OpenBSD 5.2 compilation regarding dlopen
  • correctly manage thread safe multi-slot readers
  • Do not use pthread_atfork() any more (fix problem on FreeBSD)
  • fix memory leaks.
    This was not really a problem unless you embedd pcscd in another process and do init/deinit pcscd without exiting the process (as maybe used on Android or iOS).
  • pcscd.8 manpage: add documentation for --max-thread, --max-card-handle-per-thread, --max-card-handle-per-reader, --force-reader-polling, --error, --critical and --color
  • Some other minor improvements and bug corrections

Wednesday, October 9, 2013

New version of libccid: 1.4.13

I just released a version 1.4.13 of libccid the free software CCID class smart card reader driver.

Changes:
1.4.13 - 9 October 2013, Ludovic Rousseau
  • Add support of
    • Access IS ePassport Reader
    • Planeta RC700-NFC CCID
  • Add support of Windows value for CM_IOCTL_GET_FEATURE_REQUEST
    Windows uses 0x313520 for SCARD_CTL_CODE(3400) pcsc-lite uses 0x42000D48 for SCARD_CTL_CODE(3400)
    RDP aplications (like rdesktop) will convert SCardControl() commands from a Windows application (so using 0x313520) to pcsc-lite.
  • fix multi-slot support for card movement notification (introduced in 1.4.12)
  • Mac OS X: differentiate each libccid library by the dynamic linker using --prefix=/fake/$BUNDLE_ID
  • some minor bugs removed