Wednesday, July 23, 2014

OS X Yosemite BETA and smart cards status

As I did with the previous major versions of Mac OS X Mavericks, Mountain Lion (and Lion) I will list changes in Yosemite BETA regarding the smart card world.


For now only a "public" beta version is available. According to the beta program FAQ:
Is the pre-release software I am installing confidential?
Yes, the pre-release software is Apple confidential information. For example, don’t install the pre-release Apple software on any systems you don't directly control or that you share with others, don’t blog, post screen shots, tweet or publicly post information about the pre-release Apple software, and don't discuss the pre-release Apple software with or demonstrate it to others who are not in the OS X Beta Program. For clarity, if Apple has publicly disclosed technical information about the pre-release software then it is no longer considered confidential.

So I can't tell you much. I will only refer to public documentation from Apple.

New frameworks

From What's New in OS X: OS X Yosemite v10.10

New Frameworks

The following frameworks are new in OS X v10.10:
  • Crypto Token Kit (CryptoTokenKit.framework). The Crypto Token Kit framework provides native support for smart cards, including:
    • Enumerating connected smart card readers and monitoring them for card insertion and removal
    • Transmitting commands and responses to and from smart cards in the reader
    • Supporting new smart card reader hardware

API Differences

From OS X v10.9 to OS X v10.10 API Differences

CryptoTokenKit (Added)

CryptoTokenKit.h (Added)
TKError.h (Added)
Added TKErrorAuthenticationFailed
Added TKErrorCode
Added TKErrorCodeCanceledByUser
Added TKErrorCodeCommunicationError
Added TKErrorCodeCorruptedData
Added TKErrorCodeNotImplemented
Added TKErrorDomain
Added TKErrorObjectNotFound
Added TKErrorTokenNotFound
TKSmartCard.h (Added)
Added TKSmartCard
Added TKSmartCard.allowedProtocols
Added -[TKSmartCard beginSessionWithReply:]
Added TKSmartCard.cla
Added TKSmartCard.context
Added TKSmartCard.currentProtocol
Added -[TKSmartCard endSession]
Added -[TKSmartCard sendIns:p1:p2:data:le:reply:]
Added TKSmartCard.sensitive
Added TKSmartCard.slot
Added -[TKSmartCard transmitRequest:reply:]
Added TKSmartCard.useExtendedLength
Added TKSmartCard.valid
Added TKSmartCardSlot
Added TKSmartCardSlot.ATR
Added -[TKSmartCardSlot makeSmartCard]
Added TKSmartCardSlot.maxInputLength
Added TKSmartCardSlot.maxOutputLength
Added TKSmartCardSlot.name
Added TKSmartCardSlot.state
Added TKSmartCardSlotManager
Added +[TKSmartCardSlotManager defaultManager]
Added -[TKSmartCardSlotManager getSlotWithName:reply:]
Added TKSmartCardSlotManager.slotNames
Added TKSmartCard(APDULevelTransmit)
Added TKSmartCardNoSlot
Added TKSmartCardSlotEmpty
Added TKSmartCardSlotMuteCard
Added TKSmartCardSlotProbing
Added TKSmartCardSlotState
Added TKSmartCardSlotStateEmpty
Added TKSmartCardSlotStateMissing
Added TKSmartCardSlotStateMuteCard
Added TKSmartCardSlotStateProbing
Added TKSmartCardSlotStateValidCard
Added TKSmartCardSlotValidCard
TKSmartCardATR.h (Added)
Added TKSmartCardATR
Added TKSmartCardATR.bytes
Added TKSmartCardATR.historicalBytes
Added -[TKSmartCardATR initWithBytes:]
Added -[TKSmartCardATR initWithSource:]
Added -[TKSmartCardATR interfaceGroupAtIndex:]
Added -[TKSmartCardATR interfaceGroupForProtocol:]
Added TKSmartCardATR.protocols
Added TKSmartCardATRInterfaceGroup
Added TKSmartCardATRInterfaceGroup.TA
Added TKSmartCardATRInterfaceGroup.TB
Added TKSmartCardATRInterfaceGroup.TC
Added TKSmartCardATRInterfaceGroup.protocol
Added TKSmartCardProtocol
Added TKSmartCardProtocolAny
Added TKSmartCardProtocolNone
Added TKSmartCardProtocolT0
Added TKSmartCardProtocolT1
Added TKSmartCardProtocolT15

PCSC

No changes

Crypto Token

So it looks like Apple changed the way to use a smart card (or Crypto Token). I would not be surprised if the CDSA and tokend infrastructures are now removed. CDSA is deprecated since Lion (3 major releases and 3 years ago), see Mac OS X Lion and tokend.

The removal of CDSA and tokend may be effective in Yosemite (or not).

PC/SC

The PC/SC API is still present and had not been modified.

Conclusion

Apple will surprise the smart card world with its new OS Yosemite.

I would say more but I can't because of the NDA. I will post a complete smart card status when Yosemite is released this autumn.