Ludovic Rousseau's blog

Wednesday, April 17, 2019

New PyKCS11 1.5.5 available

I just released a new version of PyKCS11, a Python wrapper above the PKCS#11 API.
See "PyKCS11 introduction" or "PyKCS11’s documentation".

Changes:

1.5.5 - April 2019, Ludovic Rousseau

fix source package generation

1.5.4 - April 2019, Ludovic Rousseau

getTokenInfo: replace NUL char by ' ' in utcTime
dumpit:

print hardwareVersion and firmwareVersion
print slot flags
move to next slot if token not present

add support of CKA_WRAP_TEMPLATE/CKA_UNWRAP_TEMPLATE
add samples for ECC key generation and use
move from distutils to setuptools
upload of wheels to pypi on "make dist"

Monday, March 25, 2019

PySCard 1.9.8 released

I just released a new version 1.9.8 of pyscard. PySCard is a python module adding smart cards support (PC/SC) to Python.

The PySCard project is available at:

Changes

1.9.8 (March 2018)

SmartcardException: store the PC/SC return code in hresult
CardMonitoring: stop the looping only if PCSC exited
setup: support build on OpenBSD, and other BSD
Fix Windows 10 SCARD_E_SERVICE_STOPPED from SCardListReaders()
Minor documentation improvements

New version of pcsc-lite: 1.8.25

I just released a new version of pcsc-lite 1.8.25.
pcsc-lite is a Free Software implementation of the PC/SC (or WinSCard) API for Unix systems.

Changes
1.8.25: Ludovic Rousseau
25 March 2019

Fix a socket issue when pcscd is used inside LXC container
pcsc-spy: always provide a total time of execution
Fix resource leak if SCardEstablishContext() fails
Fix realloc(3) error handling (possible memory leak)
Remove usage of function chmod(2) to use fchmod(2) (fix race condition)

Sunday, March 17, 2019

ATR statistics: TA4

Article from the series "ATR statistics"

TA4

The first TA for T=15 encodes the clock stop indicator (X) and the class indicator (Y). The default values are X = "clock stop not supported" and Y = "only class A supported".

bits 8 and 7 indicate whether the card supports clock stop (≠ 00) or not (= 00) and, when supported, which state is preferred on the electrical circuit CLK when the clock is stopped.

00b: Clock stop not supported
01b: State L
10b: State H
11b: No preference

bits 6 to 1 indicate the classes of operating conditions accepted by the card. Each bit represents a class: bit 1 for class A, bit 2 for class B and bit 3 for class C.

00 0001b: A only
00 0010b: B only
00 0100b: C only
00 0011b: A and B
00 0110b: B and C
00 0111b: A, B and C
Any other value: RFU

TA4	#	%
	2009	96.96 %
0x03	27	1.30 %
0x83	15	0.72 %
0xC3	12	0.58 %
0x07	6	0.29 %
0x43	2	0.10 %
0xC7	1	0.05 %

Clock stop	#	%
not supported	33	52.38 %
state L	2	3.17 %
state H	15	23.81 %
no preference	13	20.63 %

The class defines the current voltage the card can use:

class A: 5 V
class B: 3 V
class C: 1.8 V

Some readers can't provide a tension of 5V. For example the Gemalto CT1100 reader does only provide 3 V. The default value for TA₄ is "only class A supported". Some (old) cards require a voltage of 5 V to work and will not work with a CT1100. That can be surprising.

Class	#	%
A & B	56	88.89 %
A & B & C	7	11.11 %

ATR statistics: TD3 - Structural, encodes Y4 and T

Article from the series "ATR statistics"

TD3 - Structural, encodes Y4 and T

The ISO 7816-3 specification is not public. So I can't copy/paste part of the text. I will use Wikipedia instead.

Refer to TD1 - Structural, encodes Y2 and T since the definition of TD₃ is identical to TD₁.

TD3	#	%
	2009	96.96 %
0x1F	61	2.94 %
0x3F	2	0.10 %

TD₃ (as the other TD_i bytes) is structural and indicates:

How to interpret the other ATR bytes
What communication protocol the card wants to use

For 96.96% of the ATRs no TD₃ is present. So no other TA₄, TB₄, TC₄ or TD₄ is present and no new protocol is defined so the protocol(s) defined by TD₁ and TD₂ will be used.

For 2.94% of the ATRs TD₃ = 0x1F. The high nibble is 0001b so TA₄ is present and T=15 protocol is defined. One such ATR is 3B 94 18 81 B1 80 7D 1F 03 19 C8 00 50 DC.

For 0.10% of the ATRs TD₃ = 0x3F. The high nibble is 0001b so TA₄ and TB₄ are present and T=15 protocol is defined. One such ATR is 3B DE 18 FF 81 F1 FE 43 00 3F 07 83 44 45 53 46 69 72 65 38 20 53 41 4D 2D 58 17.

ATR statistics: TC3

Article from the series "ATR statistics".

TC3

The ISO 7816-3 specification is not public. So I can't copy/paste part of the text. I will use Wikipedia instead.

For T = 1: type of error detection code used

Bit 1 of the first TC for T=1 indicates the error detection code to be used:

CRC if bit 1 is set to 1;
LRC (default value) if bit 1 is set to 0.

Bits 8 to 2 of the first TC for T=1 are reserved for future use and shall be set to 0.

TC3	#	%
	2017	97.35 %
0x00	55	2.65 %

In my list of ATR the only redundancy code used if LRC. I found no card using CRC.

LRC is the default algorithm. But 55 cards explicitly set it. I have no explanation for that.

Tuesday, January 29, 2019

My blog source code license

The blog articles license is Attribution-NonCommercial-ShareAlike 3.0 as documented in My blog messages license.

Source code samples

I got a question about the license of the source code samples. The Creative Commons license is not really adapted to source code. To allow the reuse of my source samples in other Free Software project I decided to use the GNU GPLv3 license for source code on my blog.

Need something else?

If you need a different license or want to reuse part of my work please contact me.