As defined in BSI TR-03119 to issue SCardTransmit (with Uses
Pseudo-APDU) instead of SCardControl (with FEATURE_VERIFY_PIN_DIRECT).
It allows using a very basic PC/SC reader driver without special support
for PIN verification or modification (such as the default CCID driver on
Windows).
Also gets IFD vendor information via escape commands.
PC/SC's Get Uid command is now only triggered if enable_escape = true;
was set by the user to allow disabling wrapped commands on broken
readers (see https://github.com/OpenSC/OpenSC/issues/810)
default values of reader's max send/receive sizes correspond to only short APDU supported;
these values can be overwritten by reader itself with the proper value of dwMaxAPDUDataSize from TLV properties,
or with the corresponding options in OpenSC configuration.
resolves issue #735
card-asepcos: removed dead code
card-authentic: removed dead code
card-belpic: removed dead code
card-epass2003: removed dead code
card-flex: removed dead code
card-gpk: removed dead code
card-oberthur: removed dead code
card-piv: removed dead code
card-setcos: removed dead code
ctbcs: removed dead code
cwa14890: removed dead code
muscle: removed dead code
pkcs15-atrust-acos: removed dead code
pkcs15-gemsafeV1: removed dead code
pkcs15-skey: removed dead code
reader-ctapi: removed dead code
framework-pkcs15: removed dead code
pkcs11-object: removed dead code
pkcs15-asepcos: removed dead code
pkcs15-cardos: removed dead code
pkcs15-jcop: removed dead code
pkcs15-lib: removed dead code
pkcs15-oberthur: removed dead code
parse: removed dead code
sclex: removed dead code
sm-card-authentic: removed dead code
sm-card-iasecc: removed dead code
sm-cwa14890: removed dead code
sm-global-platform: removed dead code
sc-test: removed dead code
pkcs11-tool: removed dead code
pkcs15-tool: removed dead code
Implements PC/SC interface to PACE-enabled readers defined in PC/SC
pt. 10 AMD 1 and BSI TR-03119.
PACE can be started using `sc_perform_pace`. This function currently
calls the new `perform_pace` from `struct sc_reader_operations`, if the
reader has the needed capabilities. `sc_perform_pace` could also be
extended with a stand-alone implementation of PACE (code could be
imported from here http://vsmartcard.sourceforge.net/npa/README.html).
Note that the reader's PACE capabilities are correctly determined by
calling GetReaderPACECapabilities.
OpenSC's new PACE capabilities can be tested using the `npa-tool` from
the Virtual Smart Card Architecture (see link above).
* shift libpkcs11 from src/pkcs11 to src/common as it is not used to implement the OpenSC PKCS#11 module
* invent a "libscdl" mini library that implements either libltdl based dynamic loading or uses native interfaces
* drop hard requirement for libltl to build OpenSC
* native Windows build does not need libltdl any more
* specify CNGSDK include dir to find cardmod.h. CNGSDK only registers with a handful of compilers
Deals with #323
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5201 c6295689-39f2-0310-b995-f0e70906c6a9
It is used by cardmod to pass in pointers to the PC/SC handles
provided by the caller of cardmod. Other drivers will return
an error if this routine called.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5190 c6295689-39f2-0310-b995-f0e70906c6a9
* One sc_context has only a single reader driver.
* remove dynamic reader driver loading capabilities
* remove opensc-tool -R command
* change the internal API, we don't need to pass around a "driver data" pointer as it can be found directly from the context.
* check in ./configure for only a single enabled reader driver
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4709 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
- Remove slot abstraction from internal API and all reader drivers. CT-API (from where it all comes from) readers with multiple slots (if still found) can be presented as separate readers, OpenCT should remove the slot abstraction, PC/SC never knew about it. None of the tools knew how to use slots.
- Add sc_cancel (translates to SCardCancel)
- Re-implement sc_wait_for_event; support a blocking call.
- Replace the "int reader" API with "* sc_reader_t" style; add "Get reader by name" functionality.
- Remove "action" parameter from sc_disconnect_card() (was not used)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3931 c6295689-39f2-0310-b995-f0e70906c6a9
This is not the best solution, but focus on smallest code change.
Changes:
1. Add detect_readers() to reader opts, this adds new readers to the end
of the readers list until list is full.
2. Add sc_ctx_detect_readers() that calls readers' detect_readers().
3. Fixup pcsc_lock() so that it reconnect to the card and report proper
error so caller may be notified if session was lost.
4. Allow context to be created without readers.
5. Call sc_ctx_detect_readers() from PKCS#11 C_GetSlotList with NULL_PTR.
6. Allow no reader at detect_card, as reader my be removed.
7. Since I broke ABI, I updated the external module version requirement
to match OpenSC version. In the future a separate version should be
maintained for each interface, this should be unrelated to the package
version.
Alon
---
svn merge -r 3480:3505 https://www.opensc-project.org/svn/opensc/branches/alonbl/pnp
M src/tools/opensc-tool.c
M src/pkcs11/pkcs11-global.c
M src/pkcs11/slot.c
M src/libopensc/reader-pcsc.c
M src/libopensc/internal-winscard.h
M src/libopensc/ctx.c
M src/libopensc/reader-ctapi.c
M src/libopensc/libopensc.exports
M src/libopensc/reader-openct.c
M src/libopensc/opensc.h
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3506 c6295689-39f2-0310-b995-f0e70906c6a9
- log APDUs only if DEBUG is defined (sensitive APDUs should
never be logged and we cannot know whether a APDU is sensitive
or not => enable APDU logging only in a non-production debug
build)
- remove OPENSC_DONT_LOG_SENSITIVE configure option as it's
needed anymore
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2868 c6295689-39f2-0310-b995-f0e70906c6a9
use pkg-config for openct, openssl, pcsc.
do not compilke libp11. do not compile sslengines.
remove scdl. use libltdl instead.
use libassuan.m4 macro for m4 detection.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2528 c6295689-39f2-0310-b995-f0e70906c6a9
