Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Friday, August 26, 2011

Mac OS X Lion and tokend

This article is not very technical. This is part of my view of the tokend situation.

It follows the two previous articles about Lion: Mac OS X Lion and smart cards status and Mac OS X Lion and OpenSSL.

Tokend

A tokend is a piece of software used to bridge a cryptographic device (like a smart card) and the CDSA (Common Data Security Architecture) architecture. CDSA and tokend are now deprecated by Apple: [Fed-Talk] [Announcement] OS X Lion - Smart Card Services (emphasis is mine):
" The foundational components for Smart Card Services in OS X have been based on an architecture (CDSA) that has been deprecated in the released version of OS X Lion.

This indicates CDSA's use and support has stopped and will be removed completely in a future release of OS X.

Any solution for OS X still leveraging the deprecated CDSA can continue to function for now, but the CDSA infrastructure would no longer receive enhancements or bug fixes.

CDSA will no longer ship in future releases of OS X. "
This email is written by Shawn Geddis, Security Consulting Engineer. Shawn works at Apple.

Tokend from Apple

So in Mac OS X 10.7 Lion no tokend are provided any more. The directory /System/Library/Security/tokend/ is now empty in a Lion fresh installation.

Tokend from other sources

In the same email Shawn gives some options to replace the tokend no more provided by Apple:

  • Open Source Options (from "Apple")

    The source code of the tokend provided by Apple (in Tiger, Leopard and Snow Leopard) were already available as Free Software from the Smart Card Services project. It is now the official source to get them.
  • Open Source Options (from the rest of the world)

    The OpenSC project provides a tokend to be used with OpenSC. The tokend in included in the installer for Mac OS X.
  • Commercial Options

    Commercial tokend from third parties should still be available and usable on Lion.

Since installing a tokend from source code is not a trivial task "Apple" provides an installer. It is not really Apple that provides the installer but the Smart Card services project. So bugs should be reported to the project bug tracker.

Note that these tokend are (still) signed by Apple:
$ codesign --display --verbose=4 /System/Library/Security/tokend/CACNG.tokend
Executable=/System/Library/Security/tokend/CACNG.tokend/Contents/MacOS/CACNG
Identifier=com.apple.tokend.cacng
Format=bundle with Mach-O universal (i386 ppc7400 x86_64)
CodeDirectory v=20100 size=1351 flags=0x0(none) hashes=61+3 location=embedded
Hash type=sha1 size=20
CDHash=b41a98c192eb5196353926288ff208b5d2415a3e
Signature size=4064
Authority=Software Signing
Authority=Apple Code Signing Certification Authority
Authority=Apple Root CA
Info.plist entries=9
Sealed Resources rules=10 files=6
Internal requirements count=1 size=148

Smart Card Services project

This project has been started by Shawn Geddis in January 2009. The members of the project are listed in this page.

I was invited to join the team to work on the pcsc-lite and CCID parts. These parts are still provided by Apple in Lion.

I am not an Apple employee so know no Apple secret plans. For example I do not know why Lion provides the CCID driver version 1.3.11 and not a more recent version (the latest is 1.4.4). See Mac OS X Lion and smart cards status for more information.

You can see from the project bug tracker that a lot of bugs are open and some are quiet old now (like this one requesting help about a tokend for Mac OS X 10.4 Tiger on a G4 processor). It is hard to get people working for free on a project. So if Apple does not invest some manpower into fixing bugs and answering bug reports the bugs will not be fixed.

After tokend

I guess Apple is working on something to replace tokend when CDSA will be removed. But I have no idea what it will be.

Conclusion

My interpretation is that Apple is doing with tokend what they also do with Java and Flash: they let other people/companies provide and maintain the software.

[update] Add a "Open Source Options (from the rest of the world)"

Tuesday, August 23, 2011

Mac OS X Lion and OpenSSL

In Mac OS X 10.7 Lion Apple deprecates the use of OpenSSL. You can see deprecation messages when compiling.

OpenSSL is deprecated in Lion

For example with the following deprecated.c source code:
#include <openssl/crypto.h>

int main(void)
{
    OPENSSL_init();
    return 0;
}

We get a compilation warning:
$ gcc deprecated.c -lcrypto
deprecated.c: In function ‘main’:
deprecated.c:5: warning: ‘OPENSSL_init’ is deprecated (declared at /usr/include/openssl/crypto.h:600)


Line 600 of /usr/include/openssl/crypto.h is:
void OPENSSL_init(void) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;

and is replaced by Common Cypto


Common Crypto is Apple "own" implementation of low level crypto algorithms. See the CC_crypto(3cc) man page. The manage is also available online at http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/CC_crypto.3cc.html and says:

CC_crypto(3cc)                      LOCAL                  CC_crypto(3cc)

NAME
     Common Crypto -- libSystem digest library

DESCRIPTION
     The libSystem Common Crypto library implements a wide range of
cryptographic algorithms used in various Internet standards. The services
provided by this library are used by the CDSA implementations of SSL,
TLS and S/MIME.

OVERVIEW
     libSystem contains the Common Crypto collection of algorithms.
Digest and encryption algorithms contained in this library are optimized for
speed.  The algorithms have been collected from various sources and chosen
for their performance characteristics.  Since libSystem is linked into all
executables it is preferable for applications to use these functions rather
than implementing their own versions.

NOTES
     To use the digest functions with existing code which uses the
corresponding openssl functions, #define the symbol
COMMON_DIGEST_FOR_OPENSSL in your client code (BEFORE including
<CommonCrypto/CommonDigest.h> ).

     You can *NOT* mix and match functions operating on a given data type
from the two implementations; i.e., if you do a CC_MD5_Init()
on a CC_MD5_CTX object, do not assume that you can do an openssl-style
MD5_Update() on that same context.

     The interfaces to the encryption and HMAC algorithms have a calling
interface that is different from that provided by OpenSSL.

SEE ALSO
     CC_MD5(3cc), CC_SHA(3cc), CCHmac(3cc), CCCryptor(3cc)

BSD                           April 5, 2007                             BSD

Notes

The man page is quiet old (April 2007) and references CDSA. CDSA has also been deprecated in Lion but we will talk about that later.

Common Crypto should also be available in Leopard (the man page exists for 10.5). So you can update you project to use Common Crypto for Lion and the same source code could be used on Snow Leopard (and maybe even Leopard)

Conclusion

OpenSSL should be removed in a later Mac OS X version.

For projects using OpenSSL on Mac OS X you have two options:
  • move from OpenSSL to Common Crypto
  • provide your own version of OpenSSL in the installer (or use a static link)


Thursday, August 18, 2011

Mac OS X Lion and smart cards status

The new major version of Mac OS X is now available: code name Lion, version 10.7.

Mac OS X Lion

pcsc-lite

The version returned by pcscd has not changed. It is still 1.4.0.

$ /usr/sbin/pcscd -v
PCSC Framework version 1.4.0.
Copyright (C) 1999-2002 by David Corcoran <corcoran@linuxnet.com>.
Copyright (C) 2001-2005 by Ludovic Rousseau <ludovic.rousseau@free.fr>.
Copyright (C) 2003-2004 by Damien Sauveron <sauveron@labri.fr>.
Portions Copyright (C) 2000-2007 by Apple Inc.
Report bugs to <sclinux@linuxnet.com>.

But the version from the header file indicates Apple now provides a version from the http://smartcardservices.macosforge.org/ project.

$ grep '$Id' /System/Library/Frameworks/PCSC.framework/Headers/pcsclite.h
* $Id: pcsclite.h 123 2010-03-27 10:50:42Z ludovic.rousseau@gmail.com $

The version from the SmartCard Services macosforge project has mainly be contributed by myself.

The subversion revision 123 is not the latest one. It is dated 03/27/2010 03:50:42 (17 months ago). But no bugs has been fixed since this version (on macosforge). The current SVN version (on macosforge) is 139.

Bugs fixed

I extracted the major changes from the subversion history. The release number points to the change in the repository (if you need more details).

  • [r28] /trunk/SmartCardServices/src/PCSC/atrhandler.c: resynch with pcsc-lite. Closes bug rdar://problem/6920676 Smart cards defining support of T=0 and T=15 (but not T=1) in their ATR can't be used since pcscd tells the driver to use T=1 and the card does not support that protocol.
  • [r76] /trunk/SmartCardServices/src/PCSC/wintypes.h: remove the deprecated warning on LPTSTR and LPCTSTR since they are the documented types for Windows WinSCard API This will remove compilation warnings on cross OS applications
  • [r93] /trunk/SmartCardServices/src/PCSC/readerfactory.c: RFAddReader(): remove an extra call to EHSpawnEventHandler() Fixes rdar://5697379 "pcscd does not correctly support multi-slot smart card readers"
  • [r94]
    /trunk/SmartCardServices/src/PCSC/readerfactory.c: RFAwakeAllReaders(): restart all the slots of a reader, not just the first one, when the computer comes back from hibernation
  • [r98] /trunk/SmartCardServices/src/PCSC/atrhandler.c:
    TRDecodeAtr(): check for TA2 (specific mode) even if TD2 is not present
    "3F 80 10 01" was not parsed correctly for example and T=0 was used
    instead of T=1 (specific mode)
    Same patch as revision 4615 in upstream pcsc-lite
    http://svn.debian.org/viewsvn/pcsclite?view=rev&revision=4615

The bugs were either Mac OS X specific or already fixed in pcsc-lite "upstream".

CCID driver

The CCID driver also has been updated. Snow Leopard provided the version 1.3.8 of my CCID driver. Lion now provides version 1.3.11. See the upstream README file for changes.
Version 1.3.11 was released on 28 July 2009 (2 years ago) and is not the latest version available (1.4.4 as of today).

Issues and limitations

i386 driver


The driver is (still) a i386 binary only. Even if Lion does not support 32-bits CPU any more the CCID driver is not available as a 64-bits binary.

$ file /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/MacOS/libccid.dylib.1.3.11 
/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/MacOS/libccid.dylib.1.3.11: Mach-O dynamically linked shared library i386

The side effect is that pcscd is started by default in 64-bits mode and will then need to restart in 32-bits mode when a CCID reader is connected.

/SourceCache/SmartCardServices/SmartCardServices-55000/src/PCSC/readerfactory.c:1545:ReaderCheckArchitecture() Send respawn signal to pcscd (pid=803)
/SourceCache/SmartCardServices/SmartCardServices-55000/src/PCSC/pcscdaemon.c:678:signal_respawn() Got signal to respawn in 32 bit mode
/SourceCache/SmartCardServices/SmartCardServices-55000/src/PCSC/pcscdaemon.c:294:SVCServiceRunLoop() Preparing to exit...

Maybe Apple will "fix" this in a next 10.7.x update and before the Lion+1 version.

Gemalto Prox DU reader

The Gemalto Prox DU reader is a dual-CCID reader (the reader is composite with two CCID interfaces). Its support has been aded in the CCID driver version 1.3.11. So it is supported by default in Mac OS X Lion.

Apple version of pcsc-lite does not support such composite devices. So the CCID driver contains a trick to simulate a dual-slot reader instead. This is enabled using the ./configure --enable-composite-as-multislot option. Unfortunately Apple has not built the driver with this option (and I can't blame Apple for not using an obscure option). So only the first CCID interface is available.

In Snow Leopard the Gemalto Prox DU reader was not supported so a new driver had to be installed. If configured correctly both CCID interfaces are available.
In Lion the reader is supported by default but only the first CCID interface is available. Installing another driver compiled with the correct option will not solve the problem since the reader is already supported by the default CCID driver. pcscd will use the first driver it find supporting a given smart card reader.
A solution is to remove the Gemalto Prox DU from the list of supported readers from the CCID driver provided by default and install a new driver just for the Gemalto Prox DU driver. But I don't like modifying files provided by others (Apple in this case).

Conclusion

The good news is that Apple has updated the PC/SC layer provided in Mac OS X Lion (versus the one provided in Snow Leopard). The SmartCard Services project was a good idea since Apple reused the code from this project. Apple has then out-sourced the maintenance of pcsc-lite.

Sunday, August 14, 2011

EMV-CAP in MISC Magazine n°56

I just read an article about EMV-CAP protocol in the latest number of MISC Magazine (n°56 July-August 2011).

Misc 56 cover


The article is "Banque en ligne : à la découverte d'EMV-CAP" from Jean-Pierre Szikora and Philippe Teuwen. The 13 pages long article (and the complete magazine) is in French. Sorry if you can't read French.

Some page samples:
Article first page
Article 4th page
Article 5th page


The article is also linked to a web site from the authors with more information:

  • an Python application to get a lot of information from a EMV-CAP card
  • a trace generated by the above application using a real card
  • a JavaCard applet to simulate an EMV-CAP applet

If you have a bank card and want to play with it you should have a look at their application.

You should be able to buy this MISC Magazine n°56 in France and other countries until the end of this month. Or buy it online from the editor web site.

You can also (re-)read a previous blog article titles "PSSI: SIM card phone book listing (part 2)" also about an EMV card dump application.

Happy hacking!


Flattr this