Tuesday, March 18, 2014

Differences between Apple pcsc-lite and the "official" pcsc-lite

In "Evolution of Apple pcsc-lite (from Jaguar to Mavericks)" I described the evolution of Apple version of pcsc-lite. During the same time the "official" pcsc-lite also evolved.

Terminology

  • Apple pcsc-lite
    The version of pcsc-lite provided by Apple in Mac OS X since Jaguar in 2002. It is provided as a framework and is available at /System/Library/Frameworks/PCSC.framework/.
  • "official" pcsc-lite
    The version of pcsc-lite available at http://pcsclite.alioth.debian.org/pcsclite.html for the source code and as a binary package for your preferred GNU/Linux distribution.

Features present only in Apple pcsc-lite

  • Integration with securityd
    pcscd is started by securityd when needed. From securityd(1) man page: securityd -- Security context daemon for Authorization and cryptographic operations
  • hotplug using IOKit
    a file hotplug_macosx.c is present in the "official" pcsc-lite but has not evolved since Apple forked the code in 2002. Apple made major changes to the hotplug system.
  • Suspend/resume of the computer
    in the "official" pcsc-lite no special code is used and suspend/resume works. Apple has an explicit suspend and resume of the smart card readers.
  • Rosetta support
    This may be removed in a future version since PowerPC is no more supported by Mac OS X.

Features present only in "official" pcsc-lite

Features present in both projects

Support of 32 and 64-bits applications at the same time

Both projects support the use of a 32-bits application using a 64-bits pcscd. But since the protocol between the client and server has diverged in the two projects they use different (but similar) solutions.

For Mac OS X Apple added this support for the migration from 32 to 64-bits Intel CPU.
For GNU/Linux I added this support to be able to use the same 64-bits pcscd daemon from a 64-bits client application and also from a 32-bits client application in a chroot. Now that Debian multiarch is deploying it is even easier to mix 32 and 64-bits Intel applications on the same system.

Bugs (still) present in Apple pcsc-lite


I discovered (a lot of?) bugs in the smart card components provided by Apple. Some have been fixed and some are still present:
  • Do not support USB devices with more than 1 CCID interface (bug #10469006)
  • Do not support extended APDU longer than 1958 bytes (bug #9983001 and #7334726)
  • Do not support more than 16 PCSC contexts per application (bug #10038432)
  • reader.h header file is not provided in the PCSC Framework (bug #7101554)
  • pcscd does not support TAG_IFD_THREAD_SAFE (bug #6584566)
  • pcscd crashes when the smart card reader is removed when in communication (bug #6114944)
  • PC/SC never returns the warm ATR of a dual-ATR card (bug #5964019)

Apple has a strange way to manage bugs.
  • If a bug report is a duplicate of an already known bug then the duplicate bug report is closed.
  • Even if a bug is not a duplicate the bug is sometimes closed with:
    Thank you for filing this bug report.

    We are closing this bug since our engineers are aware of the issue and will continue to track it.

So I have many bugs that are closed in the bug report tool https://bugreport.apple.com/ but that in fact still not fixed.

Bugs present in "official" pcsc-lite

None known

How to merge the two projects

The question now is what to do with these two projects that share a lot of history and common code?

Include Apple code inside the "official" pcsc-lite

This is technically possible. The source code is available and Mac OS X specific parts should not have an impact on pcsc-lite for the other systems (GNU/Linux).

It is also legally possible. The Apple license "Apple Public Source License Version 1.2" should be compatible with the BSD-like license used by the "official" pcsc-lite. But the APSL 1.2 license is not a Free Software license for the Free Software Foundation. See "The Problems with older versions of the Apple Public Source License (APSL)".

The most important issue is that Apple would not use this code and would continue to "maintain" its own version of pcsc-lite at the SmartCard Services project. So bugs fixed in this merge would not be included in the next version of Mac OS X.

Patch Apple pcsc-lite

The most effective way is to modify the SmartCard Services project to fix bugs and add features. This code may be included in the next version of Mac OS X. I fixed bugs in this code during the year 2009 and the fixes have been released in Snow Leopard and Lion versions of Mac OS X.

Conclusion

Apple version of pcsc-lite has evolved only to support new features introduced by Mac OS X (Rosetta and then 32 and 64-bits Intel codes).
Some very blocking bugs have been fixed in the early years of Apple pcsc-lite. It looks like Apple is now happy with the state of its pcsc-lite and will not invest engineering time in it.

If you are blocked by a bug or a missing feature in Apple pcsc-lite you will have to fix it yourself or recruit someone to fix it for you. You can contact me at ludovic.rousseau@free.fr.