Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Wednesday, January 13, 2021

macOS Big Sur and smart card source code

Apple released the source code of the open source components they use in Big Sur (macOS 11.0, released in October 2020). The components are available at macOS X 11.0.1 Source.


SmartcardCCID

The SmartcardCCID component moved from version SmartcardCCID-55018.0.2 in Catalina 10.15.0 to SmartcardCCID-55021.40.1 in Big Sur 11.0.1.

Incomplete diff:

diff -ru SmartcardCCID-55018.0.2/SmartcardCCID.plist SmartcardCCID-55021.40.1/SmartcardCCID.plist
--- SmartcardCCID-55018.0.2/SmartcardCCID.plist	2019-08-21 00:16:22.000000000 +0200
+++ SmartcardCCID-55021.40.1/SmartcardCCID.plist	2020-04-28 20:53:09.000000000 +0200
@@ -6,13 +6,13 @@
 		<key>OpenSourceProject</key>
 		<string>ccid</string>
 		<key>OpenSourceVersion</key>
-		<string>1.4.31</string>
+		<string>1.4.32</string>
 		<key>OpenSourceWebsiteURL</key>
 		<string>https://ccid.apdu.fr</string>
 		<key>OpenSourceURL</key>
-		<string>https://ccid.apdu.fr/files/ccid-1.4.31.tar.bz2</string>
+		<string>https://ccid.apdu.fr/files/ccid-1.4.32.tar.bz2</string>
 		<key>OpenSourceImportDate</key>
-		<string>2019-08-20</string>
+		<string>2020-04-27</string>
 		<key>OpenSourceModifications</key>
 		<array>
 			<string>destDirFix.patch - makefile.in, customized destination directory</string>
diff -ru SmartcardCCID-55018.0.2/ccid/Makefile SmartcardCCID-55021.40.1/ccid/Makefile
--- SmartcardCCID-55018.0.2/ccid/Makefile	2019-08-21 00:16:21.000000000 +0200
+++ SmartcardCCID-55021.40.1/ccid/Makefile	2020-08-06 20:06:44.000000000 +0200
@@ -24,11 +24,12 @@
 	find $(DSTROOT)/ -name 'usb*.h' -exec rm \{\} \;
 	rm -r $(DSTROOT)/usr/include
 	rm -r $(DSTROOT)/usr/lib
-	install_name_tool -id $(CCIDDriversPath)$(CCIDdylib) $(DSTROOT)$(CCIDDriversPath)$(CCIDdylib) 
+	install_name_tool -id $(CCIDDriversPath)$(CCIDdylib) $(DSTROOT)$(CCIDDriversPath)$(CCIDdylib)
+	codesign -s - $(DSTROOT)$(CCIDDriversPath)$(CCIDdylib)
 
 # Automatic Extract & Patch
 AEP_Project    = ccid
-AEP_Version    = 1.4.31
+AEP_Version    = 1.4.32
 AEP_ProjVers   = $(AEP_Project)-$(AEP_Version)
 AEP_Filename   = $(AEP_ProjVers).tar.bz2
 AEP_ExtractDir = $(AEP_ProjVers)
[...]

As we already saw in macOS Big Sur and smart cards status the CCID driver was updated from version 1.4.31 to version 1.4.32. You can find the patches Apple applies to the CCID driver in the ccid/files/ directory. Nothing special to say.

In fact, after checking the different releases of Catalina 10.15.x in https://opensource.apple.com/ I found that the CCID driver was upgraded from 1.4.31 to 1.4.32 in Catalina itself from 10.15.5 to 10.15.6.

So Apple upgraded the CCID driver within the same major version version of macOS.
And they missed the opportunity to upgrade to 1.4.33 in Big Sur. Maybe it is planned for a future minor version upgrade of Big Sur?


libusb

SmartcardCCID includes the libusb component used by the CCID driver.

This libusb library is statically linked to the CCID driver and can't be used by another project.

The version is 1.0.9. This is a very old version of libusb that was released in April 2012. The current libusb version is 1.0.24 released in December 2020.

I guess Apple does not want to upgrade a component that works fine enough from them.


SecurityTokend

This component is the same as in Catalina. It is SecurityTokend-55113.

It is strange to still find a tokend related component. Tokend technology is deprecated since Mac OS X Lion in 2011 (Mac OS X Lion and tokend).

Tokend was disabled by default in Catalina but was still usable (macOS Catalina and smart cards status).

In Big Sur tokend are not usable at all.

This component SecurityTokend does not contain any tokend plugin. There were in the Tokend component, not SecurityTokend. This component generates two file: SecurityTokend.framework and libsecurity_tokend_client.a. I am not sure what they are used for.


Conclusion

Interesting parts of the smart card stack would be the CryptoTokenKit and WinSCard layers. But since Apple moved away from the Free Software project pcsc-lite in macOS Yosemite in 2014 (OS X Yosemite and smart cards status) these components are not open source.