Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Saturday, June 27, 2015

PySCard 1.7.0 released

Release 1.7.0

I just released a new official pyscard version 1.7.0 of pyscard. pyscard is a python module adding smart cards support (PC/SC) to python.

Changes:

1.7.0 (June 2015)
  • PCSCCardConnection: Fix a problem with mode=SCARD_SHARE_DIRECT
  • add support of cygwin as a build platform
  • Fix a problem with Windows Remote Desktop
  • Switch from distutils to setuptools
  • dropped support for Python 2.5 and earlier (Alex Willmer)
  • dropped support for OS X 10.5 (Leopard) and earlier (Alex Willmer)
  • minor bugs fixed

Provided software

The source code archive pyscard-1.7.0.tar.gz is of course provided.

I also provide a binary installer pyscard-1.7.0.macosx-10.10-intel.tar.gz for Mac OS X 10.10 Yosemite and Python 2.7.

Continuous Integration

The PySCard project now uses two continuous integration platforms:

Windows installers?

Maybe AppVeyor can be used to provide binary installers for Windows. Your help is welcome on this task because I am not a Windows user.

Friday, June 19, 2015

PCSC framework will stay in Mac OS X 10.11 El Capitan



In a previous article "PCSC framework removed in Mac OS X 10.11 El Capitan?" I was afraid that the PCSC framework would be removed in the next version of Mac OS X: El Capitan.

I learned that this will not the be case. It was a misinterpretation on my side.

PCSC framework

On the page "OS X v.10.11 API Diffs" PCSC is removed in the 'Modules' section but is not removed in the 'Framework' section. The PCSC framework is still provided and supported in El Capitan.

This means that PCSC.framework public API will not changed at all and is perfectly usable from C/C++/ObjC applications.

Swift

For developing smart card applications with Swift, CryptoTokenKit framework/module is recommended by Apple.

The effect that PCSC Module is removed is that it will not be possible to import PCSC in a Swift application on El Capitan.

On Yosemite you can import PCSC but no SCard functions nor declarations are actually visible and nothing could be used, the import is in fact broken. So using El Capitan should not break existing Swift application.

Maybe someone will write a PC/SC wrapper for Swift so I can add it to my list "PC/SC sample in different languages".

Conclusion

PCSC framework will be available in Mac OS X 10.11 El Capitan. No need to stress and rewrite/port all existing PC/SC applications to CryptoTokenKit.

I "guess" Apple will bring other surprises on the PC/SC front in El Capitan (but I can't tell now). If you have tried the beta version you may already know :-).

Thursday, June 18, 2015

OS X Yosemite bug: SCardGetStatusChange blocks forever

This is part of the series: "OS X Yosemite and smart cards: known bugs".

SCardGetStatusChange() blocks forever after some time

SCardGetStatusChange() does not work correctly on Mac OS X 10.10 Yosemite. Sometimes the function blocks and does not return.

The execution do not always block at the same iteration. It looks like an internal dead lock in some circumstances.

See also

The problem was reported to me by Paolo S. Thanks to him.

Apple bug report #21437286 "PC/SC SCardGetStatusChange() blocks forever after some time".
Closed by Apple on 27th June 2015, as duplicate of  #20517200.

Sample code

Code from Paolo S.

#include <stdio.h>
#include <stdlib.h>

#ifdef __APPLE__
#include <PCSC/winscard.h>
#include <PCSC/wintypes.h>
#else
#include <winscard.h>
#endif

#define CHECK(f, rv) \
 if (SCARD_S_SUCCESS != rv) \
 { \
  printf(f ": %s\n", pcsc_stringify_error(rv)); \
  return -1; \
 }

int main(void) {
    LONG rv;

    SCARDCONTEXT hContext;
    LPTSTR mszReaders;
    DWORD dwReaders;

    unsigned int i;

    rv = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);
    CHECK("SCardEstablishContext", rv)

    rv = SCardListReaders(hContext, NULL, NULL, &dwReaders);
    CHECK("SCardListReaders", rv)

    mszReaders = calloc(dwReaders, sizeof(char));
    rv = SCardListReaders(hContext, NULL, mszReaders, &dwReaders);
    CHECK("SCardListReaders", rv)

    if (dwReaders <= 1) {
        puts("No reader found");
        goto end ;
    }

    printf("reader name: %s\n", mszReaders);

    SCARD_READERSTATE sReaderState ;
    sReaderState.szReader = mszReaders ;

    i = 0 ;
    while(1) {
        i++ ;
        printf("Loop #%d: calling SCardGetStatusChange\n", i);
        rv = SCardGetStatusChange(hContext, 1, &sReaderState, 1);   // This hangs after random number of calls
        puts("returned");
        CHECK("SCardGetStatusChange", rv)
    }

    free(mszReaders);

end:
    rv = SCardReleaseContext(hContext);

    CHECK("SCardReleaseContext", rv)

    return 0;
}

Result (on Yosemite)

$ ./main
reader name: Gemalto PC Twin Reader
Loop #1: calling SCardGetStatusChange
returned
Loop #2: calling SCardGetStatusChange
[...]
Loop #11145: calling SCardGetStatusChange
returned
Loop #11146: calling SCardGetStatusChange
^C

I have to use Control-C to stop the execution.

Known workaround

Paolo S. has a workaround.
  1. detect the card presence by calling the SCardConnect() function (shared mode, default protocols). no errors = card inserted.
  2. detect the card extraction by calling the SCardReconnect() function (same parameters, no card reset or eject). no errors = card still inserted.

Update

This bug is now fixed in Mac OS X El Capitan 10.11.0.

Wednesday, June 10, 2015

PCSC framework removed in Mac OS X 10.11 El Capitan?

OS X El Capitan

You may know that Apple announced the new major version of OS during this week Apple WWDC 2015 (Worldwide Developers Conference). The next major version of OS X is 10.11, is planned for this Fall and is called El Capitan. See OS X El Capitan for some more details.

For even more details you have to go to the (public) web page "OS X v.10.11 API Diffs".

PCSC framework

According to the (public) web page "OS X v.10.11 API Diffs" we have:

It looks like Apple decided to remove the PCSC framework and replace it with CryptoTokenKit, already introduced in OS X 10.10 Yosemite (see "OS X Yosemite BETA and smart cards status" and "OS X Yosemite and smart cards status" for the beginning of the replacement story).

CryptoTokenKit

We also have some changes (to make it work for real?) in the CryptoTokenKit side (both framework and modules).

CryptoTokenKit framework

Full page at https://developer.apple.com/library/prerelease/mac/releasenotes/General/APIDiffsMacOSX10_11/frameworks/CryptoTokenKit.html

TKError.h

Added TKErrorCodeBadParameter

TKSmartCard.h

Removed TKSmartCardNoSlot
Removed TKSmartCardSlotEmpty
Removed TKSmartCardSlotMuteCard
Removed TKSmartCardSlotProbing
Removed TKSmartCardSlotValidCard
Added -[TKSmartCard userInteractionForSecurePINChangeWithPINFormat:APDU:currentPINByteOffset:newPINByteOffset:]
Added -[TKSmartCard userInteractionForSecurePINVerificationWithPINFormat:APDU:PINByteOffset:]
Added TKSmartCardPINFormat
Added TKSmartCardPINFormat.charset
Added TKSmartCardPINFormat.encoding
Added TKSmartCardPINFormat.maxPINLength
Added TKSmartCardPINFormat.minPINLength
Added TKSmartCardPINFormat.PINBitOffset
Added TKSmartCardPINFormat.PINBlockByteLength
Added TKSmartCardPINFormat.PINJustification
Added TKSmartCardPINFormat.PINLengthBitOffset
Added TKSmartCardPINFormat.PINLengthBitSize
Added TKSmartCardSlot.screen
Added -[TKSmartCardSlot userInteractionForConfirmation]
Added -[TKSmartCardSlot userInteractionForStringEntry]
Added TKSmartCardSlotScreen
Added -[TKSmartCardSlotScreen displayMessage:x:y:duration:clearScreen:]
Added TKSmartCardSlotScreen.physicalColumnCount
Added TKSmartCardSlotScreen.physicalRowCount
Added TKSmartCardSlotScreen.virtualColumnCount
Added TKSmartCardSlotScreen.virtualRowCount
Added TKSmartCardUserInteraction
Added -[TKSmartCardUserInteraction cancel]
Added TKSmartCardUserInteraction.delegate
Added TKSmartCardUserInteraction.initialTimeout
Added TKSmartCardUserInteraction.interactionTimeout
Added -[TKSmartCardUserInteraction runWithReply:]
Added TKSmartCardUserInteractionDelegate
Added -[TKSmartCardUserInteractionDelegate characterEnteredInUserInteraction:]
Added -[TKSmartCardUserInteractionDelegate correctionKeyPressedInUserInteraction:]
Added -[TKSmartCardUserInteractionDelegate invalidCharacterEnteredInUserInteraction:]
Added -[TKSmartCardUserInteractionDelegate newPINConfirmationRequestedInUserInteraction:]
Added -[TKSmartCardUserInteractionDelegate newPINRequestedInUserInteraction:]
Added -[TKSmartCardUserInteractionDelegate oldPINRequestedInUserInteraction:]
Added -[TKSmartCardUserInteractionDelegate validationKeyPressedInUserInteraction:]
Added TKSmartCardUserInteractionForConfirmation
Added TKSmartCardUserInteractionForConfirmation.result
Added TKSmartCardUserInteractionForPINOperation
Added TKSmartCardUserInteractionForPINOperation.locale
Added TKSmartCardUserInteractionForPINOperation.PINCompletion
Added TKSmartCardUserInteractionForPINOperation.PINMessageIndices
Added TKSmartCardUserInteractionForPINOperation.resultData
Added TKSmartCardUserInteractionForPINOperation.resultSW
Added TKSmartCardUserInteractionForSecurePINChange
Added TKSmartCardUserInteractionForSecurePINChange.PINConfirmation
Added TKSmartCardUserInteractionForSecurePINVerification
Added TKSmartCardUserInteractionForStringEntry
Added TKSmartCardUserInteractionForStringEntry.result
Added TKSmartCardPINCharset
Added TKSmartCardPINCharsetAlphanumeric
Added TKSmartCardPINCharsetNumeric
Added TKSmartCardPINCharsetUpperAlphanumeric
Added TKSmartCardPINCompletion
Added TKSmartCardPINCompletionKey
Added TKSmartCardPINCompletionMaxLength
Added TKSmartCardPINCompletionTimeout
Added TKSmartCardPINConfirmation
Added TKSmartCardPINConfirmationCurrent
Added TKSmartCardPINConfirmationNew
Added TKSmartCardPINConfirmationNone
Added TKSmartCardPINEncoding
Added TKSmartCardPINEncodingASCII
Added TKSmartCardPINEncodingBCD
Added TKSmartCardPINEncodingBinary
Added TKSmartCardPINJustification
Added TKSmartCardPINJustificationLeft
Added TKSmartCardPINJustificationRight

and many functions modified.

CryptoTokenKit modules

Full page at https://developer.apple.com/library/prerelease/mac/releasenotes/General/APIDiffsMacOSX10_11/modules/CryptoTokenKit.html

Removed TKSmartCardProtocol.init(_: UInt)
Added TKErrorCode.CodeBadParameter
Added TKSmartCard.userInteractionForSecurePINChangeWithPINFormat(_: TKSmartCardPINFormat, APDU: NSData, currentPINByteOffset: Int, newPINByteOffset: Int) -> TKSmartCardUserInteractionForSecurePINChange?
Added TKSmartCard.userInteractionForSecurePINVerificationWithPINFormat(_: TKSmartCardPINFormat, APDU: NSData, PINByteOffset: Int) -> TKSmartCardUserInteractionForSecurePINVerification?
Added TKSmartCardPINCharset [enum]
Added TKSmartCardPINCharset.Alphanumeric
Added TKSmartCardPINCharset.Numeric
Added TKSmartCardPINCharset.UpperAlphanumeric
Added TKSmartCardPINCompletion [struct]
Added TKSmartCardPINCompletion.init(rawValue: UInt)
Added TKSmartCardPINCompletion.Key
Added TKSmartCardPINCompletion.MaxLength
Added TKSmartCardPINCompletion.Timeout
Added TKSmartCardPINConfirmation [struct]
Added TKSmartCardPINConfirmation.Current
Added TKSmartCardPINConfirmation.init(rawValue: UInt)
Added TKSmartCardPINConfirmation.New
Added TKSmartCardPINConfirmation.None
Added TKSmartCardPINEncoding [enum]
Added TKSmartCardPINEncoding.ASCII
Added TKSmartCardPINEncoding.BCD
Added TKSmartCardPINEncoding.Binary
Added TKSmartCardPINFormat
Added TKSmartCardPINFormat.charset
Added TKSmartCardPINFormat.encoding
Added TKSmartCardPINFormat.maxPINLength
Added TKSmartCardPINFormat.minPINLength
Added TKSmartCardPINFormat.PINBitOffset
Added TKSmartCardPINFormat.PINBlockByteLength
Added TKSmartCardPINFormat.PINJustification
Added TKSmartCardPINFormat.PINLengthBitOffset
Added TKSmartCardPINFormat.PINLengthBitSize
Added TKSmartCardPINJustification [enum]
Added TKSmartCardPINJustification.Left
Added TKSmartCardPINJustification.Right
Added TKSmartCardSlot.screen
Added TKSmartCardSlot.userInteractionForConfirmation() -> TKSmartCardUserInteractionForConfirmation?
Added TKSmartCardSlot.userInteractionForStringEntry() -> TKSmartCardUserInteractionForStringEntry?
Added TKSmartCardSlotScreen
Added TKSmartCardSlotScreen.displayMessage(_: String, x: Int, y: Int, duration: NSTimeInterval, clearScreen: Bool) -> Bool
Added TKSmartCardSlotScreen.physicalColumnCount
Added TKSmartCardSlotScreen.physicalRowCount
Added TKSmartCardSlotScreen.virtualColumnCount
Added TKSmartCardSlotScreen.virtualRowCount
Added TKSmartCardUserInteraction
Added TKSmartCardUserInteraction.cancel() -> Bool
Added TKSmartCardUserInteraction.delegate
Added TKSmartCardUserInteraction.initialTimeout
Added TKSmartCardUserInteraction.interactionTimeout
Added TKSmartCardUserInteraction.runWithReply(_: (Bool, NSError?) -> Void)
Added TKSmartCardUserInteractionDelegate
Added TKSmartCardUserInteractionDelegate.characterEnteredInUserInteraction(_: TKSmartCardUserInteraction)
Added TKSmartCardUserInteractionDelegate.correctionKeyPressedInUserInteraction(_: TKSmartCardUserInteraction)
Added TKSmartCardUserInteractionDelegate.invalidCharacterEnteredInUserInteraction(_: TKSmartCardUserInteraction)
Added TKSmartCardUserInteractionDelegate.newPINConfirmationRequestedInUserInteraction(_: TKSmartCardUserInteraction)
Added TKSmartCardUserInteractionDelegate.newPINRequestedInUserInteraction(_: TKSmartCardUserInteraction)
Added TKSmartCardUserInteractionDelegate.oldPINRequestedInUserInteraction(_: TKSmartCardUserInteraction)
Added TKSmartCardUserInteractionDelegate.validationKeyPressedInUserInteraction(_: TKSmartCardUserInteraction)
Added TKSmartCardUserInteractionForConfirmation
Added TKSmartCardUserInteractionForConfirmation.result
Added TKSmartCardUserInteractionForPINOperation
Added TKSmartCardUserInteractionForPINOperation.locale
Added TKSmartCardUserInteractionForPINOperation.PINCompletion
Added TKSmartCardUserInteractionForPINOperation.PINMessageIndices
Added TKSmartCardUserInteractionForPINOperation.resultData
Added TKSmartCardUserInteractionForPINOperation.resultSW
Added TKSmartCardUserInteractionForSecurePINChange
Added TKSmartCardUserInteractionForSecurePINChange.PINConfirmation
Added TKSmartCardUserInteractionForSecurePINVerification
Added TKSmartCardUserInteractionForStringEntry
Added TKSmartCardUserInteractionForStringEntry.result

and many functions modified.

WWDC sessions

Apple provides 2 security related sessions at the WWDC according to the schedule.

Security and Your Apps
System Frameworks
Your reputation depends on protecting your users' data. Do this by taking advantage of the Security frameworks built into iOS, OS X and watchOS. Find out about new developments in Security and learn the best practices to develop secure apps and protect your users' data.

Security and Privacy Lab
System Frameworks
Get together with the Apple security and privacy teams for expert advice on protecting your apps, safeguarding your users' data, and honoring your users' privacy. Bring your code and your questions.
It may be interesting to watch the videos of the sessions once they are available. Or may they are not related to smart card at all.

Conclusion

PC/SC application developers, maintainers and vendors will have some work to port/rewrite the PC/SC code to CryptoTokenKit. And the delay is very short to be ready for the release of OS X El Capitan (in 3 months ?).

Thanks to Karl T. for the notice.

Update

PCSC framework will be present in El Capitan. See "PCSC framework will stay in Mac OS X 10.11 El Capitan".