xref: /illumos-gate/usr/src/man/man4d/ccid.4d (revision b02947bf393d39f68e6c7fa8ccb98688f7f9c407)
1.\"
2.\" This file and its contents are supplied under the terms of the
3.\" Common Development and Distribution License ("CDDL"), version 1.0.
4.\" You may only use this file in accordance with the terms of version
5.\" 1.0 of the CDDL.
6.\"
7.\" A full copy of the text of the CDDL should have accompanied this
8.\" source.  A copy of the CDDL is also available via the Internet at
9.\" http://www.illumos.org/license/CDDL.
10.\"
11.\"
12.\" Copyright 2019 Joyent, Inc.
13.\"
14.Dd December 20, 2019
15.Dt CCID 4D
16.Os
17.Sh NAME
18.Nm ccid
19.Nd chip card interface device USB client class driver
20.Sh SYNOPSIS
21.In sys/usb/clients/ccid/uccid.h
22.Sh INTERFACE LEVEL
23.Sy Volatile
24.Pp
25The interfaces provided by this driver are private at this time and
26subject to change.
27It should not be relied upon.
28.Sh DESCRIPTION
29The
30.Nm
31driver is a USB CCID (chip card interface device) class device driver.
32.Pp
33The driver exposes interfaces that allow consumers to send and receive
34APDUs (application protocol data unit) to a given smart card that is
35plugged into a reader.
36The driver also provides interfaces to obtain status information, the
37ATR (answer to reset), and obtain exclusive access to the device.
38In addition, the system exposes control of CCID devices through
39.Xr cfgadm 8 .
40.Ss Supported Devices
41The CCID specification allows for readers to come in different flavors.
42These different flavors support different communication protocols and
43have different levels of automation for determining the protocol and
44transfers that are required.
45.Pp
46At this time, only the short APDU protocol is supported, which also works with
47readers using the extended APDU protocol.
48TPDU and character level readers are not supported by the driver.
49Readers in this category will still attach; however,
50I/O cannot be performed to them.
51.Pp
52In addition, at this time the driver does not support devices which
53require manually setting the clock and data rates to support an ICC.
54.Ss Device Model
55Each CCID class device provides a number of slots.
56Each slot may have an independent ICC (integrated circuit card or Smart
57Card) inserted into it.
58Each device, or reader, has its own directory under
59.Pa /dev/ccid
60based on its device number.
61Inside of each directory is a character device for each slot.
62A slot exists regardless of whether or not an ICC is inserted into it.
63As long as a CCID device is present in the system, its device nodes will
64be present.
65.Pp
66Slots are enumerated using this pattern:
67.Pa /dev/ccid/ccid%instance/slot%slot .
68.Pp
69For example, all the slots that belong to CCID instance 5 will be
70enumerated under the directory
71.Pa /dev/ccid/ccid5 .
72Slots are numbered starting at zero for each reader and increment from
73there.
74For example, the second physical slot would be numbered as slot one.
75If this were on CCID instance zero, then we would find a character
76device at:
77.Pa /dev/ccid/ccid0/slot1 .
78.Pp
79To enumerate all of the ccid devices present on the system, one could
80read all of the directories under
81.Pa /dev/ccid .
82To enumerate all of the slots on a device, one could read all of the
83device nodes under a particular CCID device, such as:
84.Pa /dev/ccid/ccid0 .
85The number of slots is also obtainable through various ioctls that will
86be discussed later on.
87It's important to note that while slot numbering will always be
88consistent for a given device, the CCID numbering is based on the driver
89instance.
90Therefore, it is possible for a device to change device numbers.
91To deal with this, symlinks based on other properties will be provided
92(for example, the USB serial number).
93.Pp
94All of the CCID devices in the system can also be listed by using the
95.Xr ccidadm 8
96command.
97.Ss I/O Model
98To send and receive responses to commands, a program must open up the
99corresponding slot's device node.
100In many of the commands that use an ICC, there is a logical notion of
101state associated with the ICC that is mutated by performing commands on
102it.
103For example, a command might be issued that uses a PIN to unlock a slot
104or that selects a particular PIV applet for use.
105Because of this, all I/O to a given device must be performed inside the
106context of a transaction.
107When a program begins a transaction, it is guaranteed that no one else
108may send commands to the ICC.
109When a program is finished, it must explicitly end the transaction,
110which may have the side effect of resetting the ICC.
111If a program with an open transaction crashes or closes the file
112descriptor without taking other actions, then the transaction will be
113automatically closed and the ICC will be reset.
114Without a transaction open, it will still be possible to issue ioctls
115that obtain the status of the slot and the reader.
116.Pp
117While in an active transaction, a program may send commands to a card.
118Sending a command and reading a response are done through the
119traditional
120.Xr read 2
121and
122.Xr write 2
123family of system calls.
124To submit a command, the program would issue a
125.Xr write 2
126family system call that contained the payload to send to the ICC.
127Once submitted, the call would return and the program would be able to
128issue a
129.Xr read 2
130system call to obtain the results.
131Once a command has been submitted, it is illegal to submit another one.
132The next command cannot be submitted until the response has been fully
133consumed.
134Similarly, if a command has not been submitted, one cannot issue a
135.Xr read 2
136system call to obtain results.
137Only a single thread may be blocked waiting to submit a command or
138read a response.
139.Pp
140To facilitate non-blocking operation, the underlying file descriptor may
141be opened with
142.Dv O_NONBLOCK .
143.Pp
144While a transaction is active,
145.Xr poll 2
146may be used to receive status information about the slot.
147The following events are used by
148.Nm :
149.Bl -tag -width POLLRDNORM
150.It Dv POLLOUT
151The device is ready to receive a command using
152.Xr write 2 .
153.It Dv POLLIN, POLLRDNORM
154The device has completed a command the results may be retrieved with
155.Xr read 2 .
156.It Dv POLLHUP
157The card has been removed from the slot.
158.It Dv POLLERR
159An hardware error has occurred, or the CCID reader has been disconnected.
160.El
161.Pp
162One important note is that readers with multiple slots often still only
163allow I/O a single command to be outstanding across all of the slots in
164the system.
165Because transactions are on a per-slot basis, it is still possible for a
166command submission to block even though one has a transaction open.
167.Pp
168While a transaction is open, various events can occur that cause a fatal
169error on the transaction.
170These include:
171.Bl -bullet -offset indent
172.It
173USB CCID reader removed
174.It
175ICC removed
176.It
177A fatal error while communicating to the device
178.It
179An administrator issued an ioctl to power off or reset the ICC
180.El
181.Pp
182Once such a fatal error has occurred, all new I/O will fail though it
183will still be possible to read any successfully completed commands.
184To clear the error state the program will need to end the transaction
185and begin a new one or close the file descriptor if the device has been
186removed.
187.Ss Opening Devices, Exclusive Access, and Performing I/O
188To perform I/O to a particular card, one must first open the slot of
189interest.
190Opening the slot requires that the process be in the global zone and
191that it have the privilege
192.Sy PRIV_SYS_DEVICES .
193The device node can be opened through the
194.Xr open 2
195or
196.Xr openat 2
197system calls.
198For programs that just want to query the slot status using the
199.Dv UCCID_CMD_STATUS
200command, opening the device node read-only is sufficient.
201All other uses require that the device be opened both for reading and
202writing
203.Po Dv O_RDWR Pc .
204.Pp
205Once the device has been opened, the program may issue ioctls to get
206status information.
207.Pp
208To perform general I/O to the card, a program must be in the context of
209a transaction as discussed in the
210.Sx I/O Model
211section.
212To open a transaction, a program must issue the
213.Dv UCCID_CMD_TXN_BEGIN
214command through the
215.Xr ioctl 2
216system call.
217.Pp
218When a program is done, it must issue the
219.Dv UCCID_CMD_TXN_END
220command to release the transaction.
221As part of issuing the command, the program must determine a disposition
222of what it would like done with the card when it has completed.
223These options include leaving the ICC alone and resetting the ICC.
224For many use cases, such as those where a pin is entered or the ICC's
225state is mutated, a reset is the recommended option.
226If the program crashes or closes the file descriptor without issuing a
227transaction end, then the ICC will be reset.
228.Pp
229Please see the ioctl listing in the
230.Sx IOCTLS
231section for more information on the command structure.
232.Pp
233If a multi-threaded application opens a slot once and shares it among multiple
234threads performing I/O to that slot, there can still only be one transaction
235active or waiting on the slot shared by all threads.
236Acquiring another transaction on the same slot minor while another thread is
237already blocked waiting for one will return
238.Dv EINPROGRESS .
239If another transaction is already active,
240.Dv EINVAL
241will be returned.
242Consequently, all threads in a multi-threaded application share the transaction
243state and may issue writes, and read the results.
244The same applies to any other method of sharing an open file descriptor of a slot
245minor, be it by sharing the fd over a socket, a child process inheriting it from
246its parent during
247.Xr fork 2 ,
248even across calls to
249.Xr exec 2 .
250.Ss Device Status and ATR
251Once a slot has been opened, any caller may issue commands to get the
252status of the slot.
253This can also be used to obtain the ATR (answer to reset) of an ICC that
254is present on the slot, if it is known.
255.Pp
256While exclusive access is not required to issue these commands, there is
257no guarantee that they will not have changed between the time that the
258program issued the command and it obtains a transaction.
259.Pp
260To obtain information about the reader, slot, and the ATR, one should
261issue the
262.Dv UCCID_CMD_STATUS
263command.
264Please see the ioctl listing in the
265.Sx IOCTLS
266section for more information.
267.Sh IOCTLS
268This section lists the different commands that may be issued to a CCID
269device through the
270.Xr ioctl 2
271system call.
272.Ss Ic UCCID_CMD_STATUS
273This command is used to obtain the status of the slot.
274It may be used regardless of whether or not the caller has exclusive access.
275.Pp
276The
277.Ic UCCID_CMD_STATUS
278command uses the structure
279.Vt uccid_cmd_status_t ,
280the fields of which have the following meanings:
281.Bl -tag -width Fa
282.It Fa uint32_t ucs_version
283Indicates the current version of the structure.
284This should be set to
285.Dv UCCID_CURRENT_VERSION .
286.It Fa uint32_t ucs_status
287This value is ignored when issuing the command.
288On return, it will be filled in with various flags that describe the
289current status of the slot and the contents returned in the
290.Vt uccid_cmd_status_t .
291The following flags are defined:
292.Bl -tag -width Dv
293.It Dv UCCID_STATUS_F_CARD_PRESENT
294A card has been inserted into the slot of the CCID class device.
295.It Dv UCCID_STATUS_F_CARD_ACTIVE
296The inserted card has been successfully activated.
297This will only be set if the
298.Dv UCCID_STATUS_F_CARD_PRESENT
299flag is also set.
300.It Dv UCCID_STATUS_F_PRODUCT_VALID
301The contents of
302.Fa ucs_product
303are valid.
304.It Dv UCCID_STATUS_F_SERIAL_VALID
305The contents of
306.Fa ucs_serial
307are valid.
308.It Dv UCCID_STATUS_F_PARAMS_VALID
309The parameters returned in
310.Fa ucs_params
311are valid.
312.El
313.It Fa int32_t ucs_instance
314The instance number of the CCID device.
315.It Fa uint32_t ucs_slot
316The slot number currently in use.
317.It Fa uint8_t ucs_atr[UCCID_ATR_MAX]
318The ATR (answer to reset) of the card.
319.It Fa uint8_t ucs_atrlen
320The actual length of the ATR data.
321A length of 0 indicates that there is no ATR data.
322.It Fa int8_t ucs_product[256]
323The product string of the CCID device.
324.It Fa int8_t ucs_serial[256]
325The serial number of the CCID device.
326.It Fa ccid_class_descr_t ucs_class
327The CCID class descriptor of the CCID device.
328.It Fa uccid_prot_t ucs_prot
329The protocol in use by the ICC.
330This can be either
331.Dv UCCID_PROT_T0
332for the TPDU T=0 protocol or
333.Dv UCCID_PROT_T1
334for the TPDU T=1 protocol.
335.It Fa ccid_params_t ucs_params
336The CCID parameters available on the card.
337.El
338.Ss Ic UCCID_CMD_TXN_BEGIN
339This command is used to begin a transaction.
340The command will block until exclusive access is available to the
341caller.
342If the caller does not wish to block, it should set the
343.Dv UCCID_TXN_DONT_BLOCK
344flag.
345.Pp
346The command uses the structure
347.Vt uccid_cmd_txn_begin_t
348with the following members:
349.Bl -tag -width Fa
350.It Fa uint32_t ucs_version
351Indicates the current version of the structure.
352This should be set to
353.Dv UCCID_CURRENT_VERSION .
354.It Fa uint32_t uct_flags
355Flags that impact the behavior of the command.
356The following flags are defined:
357.Bl -tag -width Dv
358.It Dv UCCID_TXN_DONT_BLOCK
359The command should not block for exclusive access.
360If exclusive access is not available, then the command will fail
361immediately.
362.El
363.Pp
364If an unknown flag is specified, an error will be returned.
365.El
366.Ss Ic UCCID_CMD_TXN_END
367The
368.Dv UCCID_CMD_TXN_END
369command is used to end a transaction and relinquish exclusive access
370to the ICC.
371.Pp
372The command uses the structure
373.Vt uccid_cmd_txn_end_t
374with the following members:
375.Bl -tag -width Fa
376.It Fa uint32_t uct_version
377Indicates the current version of the structure.
378This should be set to
379.Dv UCCID_CURRENT_VERSION .
380.It Fa uint32_t uct_flags
381.Bl -tag -width Dv
382.It Dv UCCID_TXN_END_RESET
383The ICC should be reset at the end of the transaction.
384.It Dv UCCID_TXN_END_RELEASE
385The ICC should be released without being reset at the end of the
386transaction.
387.El
388.Pp
389Exactly one of these two flags must be specified.
390It is an error if neither flag or both flags are specified at the same
391time.
392If the device is closed without ending a transaction first, then the ICC
393will be reset.
394.El
395.Ss Ic UCCID_CMD_ICC_MODIFY
396This command can be used to change the state of an ICC, if present.
397.Pp
398The command uses the structure
399.Vt uccid_cmd_icc_modify_t
400with the following members:
401.Bl -tag -width Fa
402.It Fa uint32_t uci_version
403Indicates the current version of the structure.
404This should be set to
405.Dv UCCID_CURRENT_VERSION .
406.It Fa uint32_t uci_action
407The action to be taken on the ICC.
408The following actions are defined:
409.Bl -tag -width Dv
410.It Dv UCCID_ICC_POWER_ON
411Power on the ICC.
412.It Dv UCCID_ICC_POWER_OFF
413Power off the ICC.
414.It Dv UCCID_ICC_WARM_RESET
415Perform a warm reset of the ICC.
416.El
417.El
418.Ss Ic FIONREAD
419This command returns the size in bytes of a command response available
420for reading with
421.Xr read 2 .
422The size is returned in an
423.Vt int
424pointed to by the argument.
425.Sh SYSTEM CALLS
426This section lists the different system calls that may be issued to a
427CCID device.
428.Ss Xr open 2
429.Nm
430slot device nodes can be opened using
431.Xr open 2 .
432Non-blocking operation can be selected by using the
433.Dv O_NONBLOCK
434flag when opening the device node.
435A device node opened for read-only operations will not allow creating
436transactions or doing I/O, but it will allow the ICC/reader status to
437be queried.
438.Ss Xr close 2
439When no longer needed by a program, a device node can be closed with
440.Xr close 2 .
441If a transaction is still active when a device node is closed, the transaction
442will be ended automatically and the ICC will be reset.
443Any unread data is discarded.
444.Ss Xr ioctl 2
445The
446.Xr ioctl 2
447system call can be used to start or end a transaction, query the reply size for
448.Xr read 2 ,
449query the ICC and CCID reader status, or change the state of an ICC in a reader.
450See section
451.Sx IOCTLS
452for details.
453.Ss Xr write 2
454Within an active transaction the
455.Xr write 2
456system call can be used to transfer an APDU (application protocol data unit) to
457an ICC, one single complete APDU at a time.
458Partial writes or writing more than one APDU at a time are not supported.
459The data returned by the ICC must be consumed by a subsequent
460.Xr read 2
461call before
462.Xr write 2
463can be called again within the same transaction.
464.Pp
465The following errors for
466.Xr write 2
467have specific meaning in
468.Nm :
469.Bl -tag -width Dv
470.It Dv E2BIG
471The number of bytes to write is larger than the maximum APDU length supported by
472.Nm ,
473currently defined as 261 bytes.
474.It Dv EACCES
475The device is opened read-only, or no transaction is active.
476.It Dv EBUSY
477There is unread data from a previous call to
478.Xr write 2 .
479.It Dv ENOTSUP
480The reader and/or ICC is unsupported for I/O.
481.It Dv ENXIO
482The ICC is inactive and can't be used for I/O.
483.It Dv ENODEV
484The CCID reader has been disconnected.
485.El
486.Ss Xr read 2
487Within an active transaction the
488.Xr read 2
489system call is used to read the reply from an ICC following sending an APDU with
490.Xr write 2 .
491The whole reply needs to be read with a single call to
492.Xr read 2 .
493The size of the reply can be queried before reading by issuing the
494.Dv FIONREAD
495ioctl.
496See section
497.Sx IOCTLS
498for details.
499.Pp
500The following errors for
501.Xr read 2
502have specific meaning in
503.Nm :
504.Bl -tag -width Dv
505.It Dv EACCES
506No transaction is active.
507.It Dv EBUSY
508Another thread is already blocked in
509.Xr read 2
510waiting for data.
511.It Dv EOVERFLOW
512The buffer size is too small to fit the reply.
513.It Dv ENODATA
514No
515.Xr write 2
516was issued before and consequently there is no reply to be read.
517.It Dv ENODEV
518The CCID reader has been disconnected.
519.El
520.Ss Xr poll 2
521Within an active transaction the
522.Xr poll 2
523system call is used to wait for status changes on a device node.
524See section
525.Sx I/O model
526for details.
527.Pp
528The following errors for
529.Xr poll 2
530have specific meaning in
531.Nm :
532.Bl -tag -width Dv
533.It Dv EACCES
534No transaction is active.
535.It Dv ENODEV
536The CCID reader has been disconnected.
537.El
538.Sh SEE ALSO
539.Xr close 2 ,
540.Xr ioctl 2 ,
541.Xr open 2 ,
542.Xr poll 2 ,
543.Xr read 2 ,
544.Xr write 2 ,
545.Xr ccidadm 8 ,
546.Xr cfgadm 8
547.Rs
548.%T Universal Serial Bus Device Class: Smart Card CCID
549.%O Revision 1.1
550.%D April 22, 2005
551.Re
552.Rs
553.%Q ISO/IEC
554.%B Identification Cards - Integrated Circuits
555.%N Part 3: Cards with contacts — Electrical interface and transmission protocols
556.%O ISO/IEC 7616-3:2006
557.%D 2006
558.Re
559