2 ccid.c: CCID common code
3 Copyright (C) 2003-2010 Ludovic Rousseau
5 This library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 This library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public License
16 along with this library; if not, write to the Free Software Foundation,
17 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
36 #include <ifdhandler.h>
41 #include "ccid_ifdhandler.h"
46 #include <CoreFoundation/CoreFoundation.h>
49 /*****************************************************************************
53 ****************************************************************************/
54 int ccid_open_hack_pre(unsigned int reader_index)
56 _ccid_descriptor *ccid_descriptor = get_ccid_descriptor(reader_index);
58 switch (ccid_descriptor->readerID)
61 ccid_descriptor->dwMaxIFSD = 254;
65 /* the firmware needs some time to initialize */
67 ccid_descriptor->readTimeout = 60*1000; /* 60 seconds */
74 /* Only the chipset with firmware version 2.00 is "bogus"
75 * The reader may send packets of 0 bytes when the reader is
76 * connected to a USB 3 port */
77 if (0x0200 == ccid_descriptor->IFD_bcdDevice)
79 ccid_descriptor->zlp = TRUE;
80 DEBUG_INFO1("ZLP fixup");
87 ccid_descriptor->dwMaxDataRate = 9600;
90 case ElatecTWN4_CCID_CDC:
92 /* Use a timeout of 1000 ms instead of 100 ms in
93 * CmdGetSlotStatus() used by CreateChannelByNameOrChannel()
94 * The reader answers after up to 1 s if no tag is present */
95 ccid_descriptor->readTimeout = DEFAULT_COM_READ_TIMEOUT * 10;
99 case IDENTIV_uTrust3700F:
100 case IDENTIV_uTrust3701F:
101 case IDENTIV_uTrust4701F:
102 /* The SCM SCL011 reader needs 350 ms to answer */
103 ccid_descriptor->readTimeout = DEFAULT_COM_READ_TIMEOUT * 4;
108 if ((PROTOCOL_CCID == ccid_descriptor->bInterfaceProtocol)
109 && (3 == ccid_descriptor -> bNumEndpoints))
112 /* just wait for 100ms in case a notification is in the pipe */
113 (void)InterruptRead(reader_index, 100);
118 if (PROTOCOL_ICCD_A == ccid_descriptor->bInterfaceProtocol)
120 unsigned char tmp[MAX_ATR_SIZE];
121 unsigned int n = sizeof(tmp);
123 DEBUG_COMM("ICCD type A");
124 (void)CmdPowerOff(reader_index);
125 (void)CmdPowerOn(reader_index, &n, tmp, VOLTAGE_AUTO);
126 (void)CmdPowerOff(reader_index);
130 if (PROTOCOL_ICCD_B == ccid_descriptor->bInterfaceProtocol)
132 unsigned char tmp[MAX_ATR_SIZE];
133 unsigned int n = sizeof(tmp);
135 DEBUG_COMM("ICCD type B");
136 if (CCID_CLASS_SHORT_APDU ==
137 (ccid_descriptor->dwFeatures & CCID_CLASS_EXCHANGE_MASK))
139 /* use the extended APDU comm alogorithm */
140 ccid_descriptor->dwFeatures &= ~CCID_CLASS_EXCHANGE_MASK;
141 ccid_descriptor->dwFeatures |= CCID_CLASS_EXTENDED_APDU;
144 (void)CmdPowerOff(reader_index);
145 (void)CmdPowerOn(reader_index, &n, tmp, VOLTAGE_AUTO);
146 (void)CmdPowerOff(reader_index);
150 } /* ccid_open_hack_pre */
153 /*****************************************************************************
155 * dump_gemalto_firmware_features
157 ****************************************************************************/
158 static void dump_gemalto_firmware_features(struct GEMALTO_FIRMWARE_FEATURES *gff)
160 DEBUG_INFO2("Dumping Gemalto firmware features (%zd bytes):",
161 sizeof(struct GEMALTO_FIRMWARE_FEATURES));
163 #define YESNO(x) (x) ? "yes" : "no"
165 DEBUG_INFO2(" bLogicalLCDLineNumber: %d", gff->bLogicalLCDLineNumber);
166 DEBUG_INFO2(" bLogicalLCDRowNumber: %d", gff->bLogicalLCDRowNumber);
167 DEBUG_INFO2(" bLcdInfo: 0x%02X", gff->bLcdInfo);
168 DEBUG_INFO2(" bEntryValidationCondition: 0x%02X",
169 gff->bEntryValidationCondition);
171 DEBUG_INFO1(" Reader supports PC/SCv2 features:");
172 DEBUG_INFO2(" VerifyPinStart: %s", YESNO(gff->VerifyPinStart));
173 DEBUG_INFO2(" VerifyPinFinish: %s", YESNO(gff->VerifyPinFinish));
174 DEBUG_INFO2(" ModifyPinStart: %s", YESNO(gff->ModifyPinStart));
175 DEBUG_INFO2(" ModifyPinFinish: %s", YESNO(gff->ModifyPinFinish));
176 DEBUG_INFO2(" GetKeyPressed: %s", YESNO(gff->GetKeyPressed));
177 DEBUG_INFO2(" VerifyPinDirect: %s", YESNO(gff->VerifyPinDirect));
178 DEBUG_INFO2(" ModifyPinDirect: %s", YESNO(gff->ModifyPinDirect));
179 DEBUG_INFO2(" Abort: %s", YESNO(gff->Abort));
180 DEBUG_INFO2(" GetKey: %s", YESNO(gff->GetKey));
181 DEBUG_INFO2(" WriteDisplay: %s", YESNO(gff->WriteDisplay));
182 DEBUG_INFO2(" SetSpeMessage: %s", YESNO(gff->SetSpeMessage));
183 DEBUG_INFO2(" bTimeOut2: %s", YESNO(gff->bTimeOut2));
184 DEBUG_INFO2(" bPPDUSupportOverXferBlock: %s",
185 YESNO(gff->bPPDUSupportOverXferBlock));
186 DEBUG_INFO2(" bPPDUSupportOverEscape: %s",
187 YESNO(gff->bPPDUSupportOverEscape));
189 DEBUG_INFO2(" bListSupportedLanguages: %s",
190 YESNO(gff->bListSupportedLanguages));
191 DEBUG_INFO2(" bNumberMessageFix: %s", YESNO(gff->bNumberMessageFix));
193 DEBUG_INFO2(" VersionNumber: 0x%02X", gff->VersionNumber);
194 DEBUG_INFO2(" MinimumPINSize: %d", gff->MinimumPINSize);
195 DEBUG_INFO2(" MaximumPINSize: %d", gff->MaximumPINSize);
196 DEBUG_INFO2(" Firewall: %s", YESNO(gff->Firewall));
197 if (gff->Firewall && gff->FirewalledCommand_SW1
198 && gff->FirewalledCommand_SW2)
200 DEBUG_INFO2(" FirewalledCommand_SW1: 0x%02X",
201 gff->FirewalledCommand_SW1);
202 DEBUG_INFO2(" FirewalledCommand_SW2: 0x%02X",
203 gff->FirewalledCommand_SW2);
206 } /* dump_gemalto_firmware_features */
209 /*****************************************************************************
211 * set_gemalto_firmware_features
213 ****************************************************************************/
214 static void set_gemalto_firmware_features(unsigned int reader_index)
216 _ccid_descriptor *ccid_descriptor = get_ccid_descriptor(reader_index);
217 struct GEMALTO_FIRMWARE_FEATURES *gf_features;
219 gf_features = malloc(sizeof(struct GEMALTO_FIRMWARE_FEATURES));
222 unsigned char cmd[] = { 0x6A }; /* GET_FIRMWARE_FEATURES command id */
223 unsigned int len_features = sizeof *gf_features;
226 ret = CmdEscapeCheck(reader_index, cmd, sizeof cmd,
227 (unsigned char*)gf_features, &len_features, 0, TRUE);
228 if ((IFD_SUCCESS == ret) &&
229 (len_features == sizeof *gf_features))
231 /* Command is supported if it succeeds at CCID level */
232 /* and returned size matches our expectation */
233 ccid_descriptor->gemalto_firmware_features = gf_features;
235 dump_gemalto_firmware_features(gf_features);
240 /* Command is not supported, let's free allocated memory */
242 DEBUG_INFO3("GET_FIRMWARE_FEATURES failed: " DWORD_D ", len=%d",
246 } /* set_gemalto_firmware_features */
248 /*****************************************************************************
250 * ccid_open_hack_post
252 ****************************************************************************/
253 int ccid_open_hack_post(unsigned int reader_index)
255 _ccid_descriptor *ccid_descriptor = get_ccid_descriptor(reader_index);
256 RESPONSECODE return_value = IFD_SUCCESS;
258 switch (ccid_descriptor->readerID)
262 /* Reader announces TPDU but can do APDU (EMV in fact) */
263 if (DriverOptions & DRIVER_OPTION_GEMPC_TWIN_KEY_APDU)
265 unsigned char cmd[] = { 0x1F, 0x02 };
266 unsigned char res[10];
267 unsigned int length_res = sizeof(res);
269 if (CmdEscape(reader_index, cmd, sizeof(cmd), res, &length_res, 0) == IFD_SUCCESS)
271 ccid_descriptor->dwFeatures &= ~CCID_CLASS_EXCHANGE_MASK;
272 ccid_descriptor->dwFeatures |= CCID_CLASS_SHORT_APDU;
279 /* load the l10n strings in the pinpad memory */
281 #define L10N_HEADER_SIZE 5
282 #define L10N_STRING_MAX_SIZE 16
283 #define L10N_NB_STRING 10
285 unsigned char cmd[L10N_HEADER_SIZE + L10N_NB_STRING * L10N_STRING_MAX_SIZE];
286 unsigned char res[20];
287 unsigned int length_res = sizeof(res);
393 /* Get the complete ordered list */
394 cfa = CFLocaleCopyPreferredLanguages();
396 /* Use the first/preferred language
397 * As the driver is run as root we get the language
398 * selected during install */
399 slang = CFArrayGetValueAtIndex(cfa, 0);
401 /* CFString -> C string */
402 lang = CFStringGetCStringPtr(slang, kCFStringEncodingMacRoman);
404 /* The other Unixes just use the LANG env variable */
405 lang = getenv("LANG");
407 DEBUG_COMM2("Using lang: %s", lang);
412 if (0 == strncmp(lang, "fr", 2))
414 else if (0 == strncmp(lang, "de", 2))
416 else if (0 == strncmp(lang, "es", 2))
418 else if (0 == strncmp(lang, "it", 2))
420 else if (0 == strncmp(lang, "pt", 2))
422 else if (0 == strncmp(lang, "nl", 2))
424 else if (0 == strncmp(lang, "tr", 2))
431 /* Release the allocated array */
435 cmd[offset++] = 0xB2; /* load strings */
436 cmd[offset++] = 0xA0; /* address of the memory */
437 cmd[offset++] = 0x00; /* address of the first byte */
438 cmd[offset++] = 0x4D; /* magic value */
439 cmd[offset++] = 0x4C; /* magic value */
441 /* for each string */
442 for (i=0; i<L10N_NB_STRING; i++)
444 /* copy the string */
445 for (j=0; l10n[i][j]; j++)
446 cmd[offset++] = l10n[i][j];
449 for (; j<L10N_STRING_MAX_SIZE; j++)
454 if (IFD_SUCCESS == CmdEscape(reader_index, cmd, sizeof(cmd), res, &length_res, DEFAULT_COM_READ_TIMEOUT))
456 DEBUG_COMM("l10n string loaded successfully");
460 DEBUG_COMM("Failed to load l10n strings");
461 return_value = IFD_COMMUNICATION_ERROR;
464 if (DriverOptions & DRIVER_OPTION_DISABLE_PIN_RETRIES)
466 /* disable VERIFY from reader */
467 const unsigned char cmd2[] = {0xb5, 0x00};
468 length_res = sizeof(res);
469 if (IFD_SUCCESS == CmdEscape(reader_index, cmd2, sizeof(cmd2), res, &length_res, DEFAULT_COM_READ_TIMEOUT))
471 DEBUG_COMM("Disable SPE retry counter successful");
475 DEBUG_CRITICAL("Failed to disable SPE retry counter");
481 case HPSMARTCARDKEYBOARD:
482 case HP_CCIDSMARTCARDKEYBOARD:
483 case FUJITSUSMARTKEYB:
484 case CHICONYHPSKYLABKEYBOARD:
485 /* the Secure Pin Entry is bogus so disable it
486 * https://web.archive.org/web/20120320001756/http://martinpaljak.net/2011/03/19/insecure-hp-usb-smart-card-keyboard/
488 * The problem is that the PIN code entered using the Secure
489 * Pin Entry function is also sent to the host.
493 ccid_descriptor->bPINSupport = 0;
496 case HID_AVIATOR: /* OMNIKEY Generic */
497 case HID_OMNIKEY_3X21: /* OMNIKEY 3121 or 3021 or 1021 */
498 case HID_OMNIKEY_6121: /* OMNIKEY 6121 */
499 case CHERRY_XX44: /* Cherry Smart Terminal xx44 */
500 case FUJITSU_D323: /* Fujitsu Smartcard Reader D323 */
501 /* The chip advertises pinpad but actually doesn't have one */
502 ccid_descriptor->bPINSupport = 0;
503 /* Firmware uses chaining */
504 ccid_descriptor->dwFeatures &= ~CCID_CLASS_EXCHANGE_MASK;
505 ccid_descriptor->dwFeatures |= CCID_CLASS_EXTENDED_APDU;
509 /* SCM SCR331-DI contactless */
511 /* SCM SCR331-DI-NTTCOM contactless */
513 /* SCM SDI010 contactless */
515 /* the contactless reader is in the second slot */
516 if (ccid_descriptor->bCurrentSlotIndex > 0)
518 unsigned char cmd1[] = { 0x00 };
520 * response: 06 10 03 03 00 00 00 01 FE FF FF FE 01 ?? */
521 unsigned char cmd2[] = { 0x02 };
525 unsigned char res[20];
526 unsigned int length_res = sizeof(res);
528 if ((IFD_SUCCESS == CmdEscape(reader_index, cmd1, sizeof(cmd1), res, &length_res, 0))
529 && (IFD_SUCCESS == CmdEscape(reader_index, cmd2, sizeof(cmd2), res, &length_res, 0)))
531 DEBUG_COMM("SCM SCR331-DI contactless detected");
535 DEBUG_COMM("SCM SCR331-DI contactless init failed");
538 /* hack since the contactless reader do not share dwFeatures */
539 ccid_descriptor->dwFeatures &= ~CCID_CLASS_EXCHANGE_MASK;
540 ccid_descriptor->dwFeatures |= CCID_CLASS_SHORT_APDU;
542 ccid_descriptor->dwFeatures |= CCID_CLASS_AUTO_IFSD;
546 case CHERRY_KC1000SC:
547 if ((0x0100 == ccid_descriptor->IFD_bcdDevice)
548 && (ccid_descriptor->dwFeatures & CCID_CLASS_EXCHANGE_MASK) == CCID_CLASS_SHORT_APDU)
550 /* firmware 1.00 is bogus
551 * With a T=1 card and case 2 APDU (data from card to
552 * host) the maximum size returned by the reader is 128
553 * byes. The reader is then using chaining as with
556 ccid_descriptor->dwFeatures &= ~CCID_CLASS_EXCHANGE_MASK;
557 ccid_descriptor->dwFeatures |= CCID_CLASS_EXTENDED_APDU;
561 case ElatecTWN4_CCID_CDC:
562 case ElatecTWN4_CCID:
564 /* restore default timeout (modified in ccid_open_hack_pre()) */
565 ccid_descriptor->readTimeout = DEFAULT_COM_READ_TIMEOUT;
569 /* Gemalto readers may report additional information */
570 if (GET_VENDOR(ccid_descriptor->readerID) == VENDOR_GEMALTO)
571 set_gemalto_firmware_features(reader_index);
574 } /* ccid_open_hack_post */
576 /*****************************************************************************
580 ****************************************************************************/
581 void ccid_error(int log_level, int error, const char *file, int line,
582 const char *function)
591 text = "Command not supported or not allowed";
595 text = "Wrong command length";
599 text = "Invalid slot number";
603 text = "Card short-circuiting. Card powered off";
607 text = "ATR too long (> 33)";
611 text = "No data exchanged";
615 text = "Reader in EMV mode and T=1 message too long";
619 text = "Protocol error in EMV mode";
623 text = "Card error during T=1 exchange";
627 text = "Wrong APDU command length";
635 text = "PIN cancelled";
639 text = "PIN timeout";
643 text = "Busy with autosequence";
647 text = "Deactivated protocol";
651 text = "Procedure byte conflict";
655 text = "Class not supported";
659 text = "Protocol not supported";
663 text = "Invalid ATR checksum byte (TCK)";
667 text = "Invalid ATR first byte";
671 text = "Hardware error";
675 text = "Overrun error";
679 text = "Parity error during exchange";
683 text = "Card absent or mute";
687 text = "Activity aborted by Host";
691 if ((error >= 1) && (error <= 127))
692 (void)snprintf(var_text, sizeof(var_text), "error on byte %d",
695 (void)snprintf(var_text, sizeof(var_text),
696 "Unknown CCID error: 0x%02X", error);
703 os_log_error(OS_LOG_DEFAULT, "%s:%d:%s %s", file, line, function, text);
705 log_msg(log_level, "%s:%d:%s %s", file, line, function, text);