I just released new version of pcsc-lite 1.6.7.

pcsc-lite-1.6.7: Ludovic Rousseau
22 February 2011

• better Mac OS X support
• Fix Alioth bug [#312960] "SCardDisconnect when other context has transaction"
• add a API tracing feature in the client side (#define DO_TRACE)
• allow the use of tracing and profiling features from different
  application threads
• fix a problem with a multi-slots reader
• fix minor problems detected by the clang tool
• some other minor improvements and bug corrections

The next version of pcsc-lite should use libudev instead of the deprecated libhal.

LWN published a message about "pcsc-lite: arbitrary code execution":

pcsc-lite: arbitrary code execution

The description of the bug is correct (this time). But I am not sure it would be possible to execute arbitrary code. The ATR is still limited to MAX_ATR_SIZE=33 bytes.

The bug was fixed on 3rd November 2010 in revision 5370 more than a month before MWR published a InfoSecurity Security Advisory PCSC-Lite: pcscd ATR Handler Buffer Overflow on 13th December 2010.

Debian 6.0 was released just yesterday. The pcscd package in this version contains the fix.

LWN published a message about "ccid: arbitrary code execution":

ccid: arbitrary code execution

The description of the problem is not exact. The problem is present in file ccid/src/ccid_serial.c and only impacts the GemPC Twin connected to a serial port.

The bug was fixed on 5th November 2010 in revisions 5381 and 5382, more than a month before MWR published a InfoSecurity Security Advisory PCSC-Lite: libccid Buffer Overflow on 13th December 2010.

Debian 6.0 was released just yesterday. The libccid package in this version contains the fix. Debian did not released a Debian Security Advisory because the bug is minor.

In a previous post "PCSC API spy for GNU systems" I described the use of ltrace to trace the PC/SC API calls with the arguments.

ltrace limitations

ltrace can only trace calls made by the program itself. It does not work in two common cases in the smart card world:

library loading at run time

If the libpcsclite.so.1 library is loaded at run time using dlopen() then ltrace can't be used.

For example OpenSC now uses dlopen to load libpcsclite.so.1.

library used by another library

A PKCS#11 library using a smart card will be linked to libpcsclite.so.1. You may have your program traced by ltrace directly linked to the PKCS#11 library (to avoid the previous limitation). In this case ltrace will only be able to trace calls to the PKCS#11 library but not calls from the PKCS#11 library to the libpcsclite.so.1 library.

Usefulness of ltrace?

With these 2 limitations the use of ltrace is very limited. It works well for a test program doing direct winscard calls. But it is useless for a PKCS#11 library.

Internal tracing feature

So the idea is to do the tracing inside the PC/SC library itself.

Profiling

I already had a profiling feature on the client side. This offer the possibility to log every PC/SC calls and the time in each call. It is useful to know where time is spent in the application and to detect some application bugs (like less SCardReleaseContext() calls than SCardEstablishContext() calls).

Profiling is activated by defining DO_PROFILE in PCSC/src/winscard_clnt.c and recompiling + reinstalling libpcsclite.so.1.

I wrote a Perl script to generate a report from the traces.

Example trace file generated by the pcsc/src/testpcscd "sample":

Start a new profile
SCardEstablishContext 169
SCardIsValidContext 1
SCardIsValidContext 0
SCardListReaderGroups 1
SCardFreeMemory 1
SCardListReaders 26
SCardListReaders 26
SCardGetStatusChange 24
SCardConnect 15766
SCardTransmit 2952
SCardControl 1902
SCardGetAttrib 133
SCardFreeMemory 0
SCardGetAttrib 66
SCardFreeMemory 1
SCardGetAttrib 94
SCardGetAttrib 103
SCardGetAttrib 36
SCardSetAttrib 41
SCardStatus 171
SCardFreeMemory 1
SCardFreeMemory 0
SCardReconnect 112890
SCardDisconnect 90827
SCardFreeMemory 1
SCardReleaseContext 170


Example result:

(6) SCardFreeMemory: 4 µs
(5) SCardGetAttrib: 432 µs
(2) SCardIsValidContext: 1 µs
(2) SCardListReaders: 52 µs
(1) SCardDisconnect: 90827 µs
(1) SCardTransmit: 2952 µs
(1) SCardGetStatusChange: 24 µs
(1) SCardStatus: 171 µs
(1) SCardReconnect: 112890 µs
(1) SCardConnect: 15766 µs
(1) SCardEstablishContext: 169 µs
(1) SCardControl: 1902 µs
(1) SCardSetAttrib: 41 µs
(1) SCardListReaderGroups: 1 µs
(1) SCardReleaseContext: 170 µs
total: 225402 µs

Percentages:
50.08%: SCardReconnect
40.30%: SCardDisconnect
6.99%: SCardConnect
1.31%: SCardTransmit
0.84%: SCardControl
0.19%: SCardGetAttrib
0.08%: SCardStatus
0.08%: SCardReleaseContext
0.07%: SCardEstablishContext
0.02%: SCardListReaders
0.02%: SCardSetAttrib
0.01%: SCardGetStatusChange
0.00%: SCardFreeMemory
0.00%: SCardIsValidContext
0.00%: SCardListReaderGroups


In the first list WinSCard calls are sorted by number of occurrence with the total time of execution.
In the second list the WinSCard calls are sorted by percentage of total time used.

Tracing

The profiling feature is fine but does not give the parameters used in the calls.
So I added a tracing feature.

Tracing is activated by defining DO_TRACE in PCSC/src/winscard_clnt.c and recompiling + reinstalling libpcsclite.so.1.

Example trace file generated by the pcsc/src/testpcscd "sample":


< [7FFF70121CA0] SCardEstablishContext 2, 0x0, 0x0
> [7FFF70121CA0] SCardEstablishContext 16997142
< [7FFF70121CA0] SCardIsValidContext 16997142
> [7FFF70121CA0] SCardIsValidContext
< [7FFF70121CA0] SCardIsValidContext 16997143
> [7FFF70121CA0] SCardIsValidContext
< [7FFF70121CA0] SCardListReaders 16997142
> [7FFF70121CA0] SCardListReaders 26
< [7FFF70121CA0] SCardListReaders 16997142
> [7FFF70121CA0] SCardListReaders 26
< [7FFF70121CA0] SCardGetStatusChange 16997142 -1 1
< [7FFF70121CA0] SCardGetStatusChange [0] Gemalto GemPC Twin 00 00 10 0
> [7FFF70121CA0] SCardGetStatusChange [0] Gemalto GemPC Twin 00 00 10 22
< [7FFF70121CA0] SCardConnect 16997142 Gemalto GemPC Twin 00 00 2 3
> [7FFF70121CA0] SCardConnect 1
< [7FFF70121CA0] SCardDisconnect 71159 2
> [7FFF70121CA0] SCardDisconnect
< [7FFF70121CA0] SCardReleaseContext 16997142
> [7FFF70121CA0] SCardReleaseContext

< lines are IN arguments
> lines are OUT arguments

The value within [] is the thread identification.

You should look at the source code to know what are the other data.

Not all the function are covered by the tracing feature. For example SCardTransmit has not tracing facility. But it is easy to get the arguments on the pcscd side using --debug --foreground --apdu.

Conclusion

ltrace is a nice tool but not usable for tracing libraries using PC/SC.

pcsc-lite profiling is nice but does not give the parameters used.

pcsc-lite tracing is an answer to the problem.

Of course profiling and tracing in libpcsclite are DISABLED by default and should be disabled in a deployed system. They are help tools for a developer.

As I did for 2009 here is the statistics from the MUSCLE mailing list for 2010.


Again I am the mail poster number one :-)

Statistics from 1.1.2010 to 29.12.2010
for muscle@lists.musclecard.com

People who have written most messages:

	Author	Msg	Percent
1	ludovic.rousseau@gmail.com	213	29.67 %
2	squalyl@gmail.com	47	6.55 %
3	martin@paljak.pri.ee	42	5.85 %
4	drasko.draskovic@gmail.com	26	3.62 %
5	deengert@anl.gov	25	3.48 %
6	aj@dungeon.inka.de	18	2.51 %
7	acptsys@gmail.com	17	2.37 %
8	mstjohns@comcast.net	14	1.95 %
9	fundu_1999@yahoo.com	13	1.81 %
10	vtanna1@gmail.com	12	1.67 %
11	brocean@gmail.com	11	1.53 %
12	nsayer@kfu.com	10	1.39 %
13	tkoeppen.nospam@googlemail.com	8	1.11 %
14	nicholas.cole@gmail.com	8	1.11 %
15	kalev@smartlink.ee	8	1.11 %
16	roger.brown@snapper.co.nz	8	1.11 %
17	dr.claudia.neumann@gmx.de	7	0.97 %
18	Ivar.Nilsson@kapsch.net	7	0.97 %
19	jmpoure@gooze.eu	7	0.97 %
20	max.vozeler@lsexperts.de	6	0.84 %
21	linuxprocess@free.fr	6	0.84 %
22	valerie.fenwick@oracle.com	6	0.84 %
23	marcelmancini@hotmail.com	6	0.84 %
24	han.hartgers@gmail.com	5	0.70 %
25	kreinholz@gmail.com	5	0.70 %
26	baran.murat@gmail.com	5	0.70 %
27	pakorodri@gmail.com	5	0.70 %
28	lcstyle@hotmail.com	4	0.56 %
29	hugomc.silva@gmail.com	4	0.56 %
30	caruso.ray@gmail.com	4	0.56 %
	other	161	22.42 %

Best authors, by total size of their messages (w/o quoting):

	Author	KBytes
1	ludovic.rousseau@gmail.com	177.1
2	squalyl@gmail.com	155.8
3	deengert@anl.gov	79.8
4	vtanna1@gmail.com	57.2
5	marcelmancini@hotmail.com	51.9
6	sasha.garcya@gmail.com	47.2
7	kreinholz@gmail.com	42.6
8	lcstyle@hotmail.com	42.5
9	dr.claudia.neumann@gmx.de	40.5
10	han.hartgers@gmail.com	40.1
11	pakorodri@gmail.com	36.2
12	forest@alittletooquiet.net	34.2
13	drasko.draskovic@gmail.com	31.5
14	praveenya.g@gmail.com	30.7
15	martin@paljak.pri.ee	28.2
16	Paul.Klissner@sun.com	24.8
17	mstjohns@comcast.net	24.7
18	caruso.ray@gmail.com	24.6
19	amustelier@tecatel.com	21.4
20	Michael.Bender@sun.com	20.0
21	tkoeppen.nospam@googlemail.com	19.5
22	aj@dungeon.inka.de	18.6
23	mbrown@dsci.com	18.5
24	amiad.salton@gmail.com	17.9
25	Ivar.Nilsson@kapsch.net	17.6
26	fundu_1999@yahoo.com	16.9
27	roger.brown@snapper.co.nz	16.5
28	global@codekab.com	16.1
29	acptsys@gmail.com	15.8
30	Geert.VanMuylem@be.zetes.com	15.1

Best authors, by average size of their message (w/o quoting):

	Author	bytes
1	alessandro.vincelli@wedjaa.net	14998
2	sasha.garcya@gmail.com	12094
3	forest@alittletooquiet.net	11684
4	alexej.muehlberg@nxp.com	11247
5	lcstyle@hotmail.com	10875
6	Michael.Bender@sun.com	10246
7	mbrown@dsci.com	9452
8	marcelmancini@hotmail.com	8860
9	kreinholz@gmail.com	8729
10	Paul.Klissner@sun.com	8479
11	han.hartgers@gmail.com	8211
12	praveenya.g@gmail.com	7857
13	Geert.VanMuylem@be.zetes.com	7745
14	pakorodri@gmail.com	7407
15	B.Thomas@astronautics.com	7105
16	bcymet@cbnco.com	7011
17	franz.trierweiler.ingenieur@gmail.com	6379
18	caruso.ray@gmail.com	6309
19	bogusemail98230@yahoo.com	6299
20	dr.claudia.neumann@gmx.de	5918
21	anujakarthikeyan@gmail.com	5918
22	jlucg_ml@mac.com	5892
23	amustelier@tecatel.com	5475
24	nzl@me.com	4974
25	vtanna1@gmail.com	4882
26	sschwab@hidglobal.com	4724
27	amiad.salton@gmail.com	4588
28	global@codekab.com	4122
29	nastasi@alternativeoutput.it	3829
30	natarajsn@gmail.com	3720

Table showing the most successful subjects:

	Subject	Msg	Percent
1	[Muscle] Re: Open readers and iso7816 question	31	4.32 %
2	[Muscle] new BETA versions of pcsc-lite and libccid	22	3.06 %
3	[Muscle] T=0 Case 2 response length	19	2.65 %
4	[Muscle] 64bit portability and header tidy up	17	2.37 %
5	[Muscle] [PATCH] more idiomatic sysconfdir usage	15	2.09 %
6	[Muscle] Questions about musclecard	13	1.81 %
7	[Muscle] PCSC on ARM	12	1.67 %
8	[Muscle] Problem communication with pcscd.	12	1.67 %
9	[Muscle] Accessing Smart Card Unique ID (newbee)	11	1.53 %
10	[Muscle] German Health Insurance Card (Krankenversichertenkarte	11	1.53 %
11	[Muscle] Problem with gemalto USB Shell Token V2 on OS X	10	1.39 %
12	[Muscle] Loaded latest pcsc-lite 1.5.5, getting seg fault and	9	1.25 %
13	[Muscle] Re: Muscle Digest, Vol 76, Issue 9	9	1.25 %
14	[Muscle] Status of the Muscle applet	9	1.25 %
15	[Muscle] pcsc-lite 1.5.5 problem	8	1.11 %
16	[Muscle] powerup problem and timed out problem with mac osx	8	1.11 %
17	[Muscle] SCARD_E_SHARING_VIOLATION information	8	1.11 %
18	[Muscle] Re: "Card absent or mute" on MacOS 10.6.3	8	1.11 %
19	[Muscle] pcsc freeze my computer	8	1.11 %
20	[Muscle] Problem with "precise biometrics 250 MC reader"	8	1.11 %
21	[Muscle] SmartCard/PCSC-lite developer information	8	1.11 %
22	[Muscle] Open Port 200000 Failed	7	0.97 %
23	[Muscle] [PATCH] Quirk for BCM5880/5881 GetSlotStatus	7	0.97 %
24	[Muscle] GDM with smartcard	7	0.97 %
25	[Muscle] ACR122U102	7	0.97 %
26	[opensc-devel] pcscd access rights limitation and scard group	7	0.97 %
27	[Muscle] pcsc-lite, ccid: Precise MC 200 problems with T=1	7	0.97 %
28	[Muscle] Problem with pcsc-lite 1.6.5	7	0.97 %
29	[Muscle] Bug with bit4id smart card reader and the Italian	7	0.97 %
30	[Muscle] Re: pcscd: Error: "Client failed to authenticate" on	6	0.84 %
	other	400	55.71 %

Most used email clients:

	Mailer	Msg	Percent
1	(unknown)	484	67.41 %
2	Mozilla/5.x	45	6.27 %
3	KMail	32	4.46 %
4	Apple Mail (2.1077)	23	3.20 %
5	Apple Mail (2.1078)	14	1.95 %
6	QUALCOMM Windows Eudora	13	1.81 %
7	Thunderbird 2.0.0.23 (Windows/20090812)	12	1.67 %
8	Apple Mail (2.1081)	10	1.39 %
9	YahooMailRC/459 YahooMailWebService/0.8.105.279950	7	0.97 %
10	Thunderbird 2.0.0.24 (Windows/20100228)	6	0.84 %
11	Apple Mail (2.1082)	6	0.84 %
12	Evolution 2.30.3	6	0.84 %
13	Mutt	6	0.84 %
14	Zimbra 5.0 (ZimbraWebClient - FF3.0	5	0.70 %
15	Evolution 2.28.1	5	0.70 %
16	YahooMailRC/397.8 YahooMailWebService/0.8.104.274457	4	0.56 %
17	Microsoft-MacOutlook/14.0.0.100825	4	0.56 %
18	SquirrelMail/1.4.19	3	0.42 %
19	Zarafa 6.30.5-17658	3	0.42 %
20	YahooMailRC/240.3 YahooMailWebService/0.8.100.260964	2	0.28 %
21	Thunderbird 2.0.0.22 (X11/20090605)	2	0.28 %
22	Thunderbird 2.0.0.23 (X11/20090817)	2	0.28 %
23	iPhone Mail (7E18)	2	0.28 %
24	Thunderbird 2.0.0.22 (X11/20090625)	2	0.28 %
25	Apple Mail (2.936)	2	0.28 %
26	Microsoft Office Outlook 11	2	0.28 %
27	Evolution 2.30.2	2	0.28 %
28	Microsoft Office Outlook 12.0	2	0.28 %
29	Zimbra 5.0 (ZimbraWebClient - FF3.0 (Win)/5.0.15_GA_2815.UBUNTU8_64)	1	0.14 %
30	SquirrelMail/1.4.9a	1	0.14 %
	other	10	1.39 %

Table of maximal quoting:

	Author	Percent
1	alon.barlev@gmail.com	79.80 %
2	mrv@c3po.es	74.18 %
3	acptsys@gmail.com	65.14 %
4	brocean@gmail.com	63.17 %
5	martin@aqbanking.de	62.37 %
6	jianjiaosun@gmail.com	61.15 %
7	gregor.dschung@itwm.fraunhofer.de	60.79 %
8	stef.hoeben@zetes.com	58.35 %
9	mailman@hanez.org	57.45 %
10	Paul.Klissner@sun.com	50.84 %
11	kevredon@mail.tsaitgaist.info	50.35 %
12	andreas.schwier@cardcontact.de	48.46 %
13	ludovic.rousseau@gmail.com	47.98 %
14	martin@paljak.pri.ee	47.58 %
15	deengert@anl.gov	47.16 %
16	Michael.Bender@sun.com	43.92 %
17	zealcook@gmail.com	43.44 %
18	anujakarthikeyan@gmail.com	42.93 %
19	mstjohns@comcast.net	41.78 %
20	Todd.Denniston@tsb.cranrdte.navy.mil	40.03 %
21	caruso.ray@gmail.com	39.05 %
22	ilgicioglu@gmail.com	38.58 %
23	squalyl@gmail.com	37.24 %
24	puneet.maillist@gmail.com	36.96 %
25	hugomc.silva@gmail.com	36.87 %
26	jonas.gulle@gmail.com	36.02 %
27	martin@martinpaljak.net	33.90 %
28	info@linsoft.de	32.75 %
29	vdsrst@gmail.com	30.47 %
30	drasko.draskovic@gmail.com	30.30 %
	average	30.79 %

Graph showing number of messages written during hours of day:

msgs	14	8	1	0	4	3	5	12	37	62	48	62	34	54	50	49	62	42	36	23	29	42	27	14
hour	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23

Graph showing number of messages written during days of month:

msgs	25	37	22	28	33	30	27	34	25	32	23	8	15	30	43	21	12	7	16	11	23	28	31	10	13	4	22	22	40	37	9
day	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31

Graph showing number of messages written during days of week:

msgs	91	139	126	133	100	71	58
	Mon	Tue	Wed	Thu	Fri	Sat	Sun

Maximal quoting:

Author :	deengert@anl.gov
Subject :	[Muscle] new BETA versions of pcsc-lite and libccid
Date :	Thu, 11 Feb 2010 14:08:52 -0600
Quote ratio:	95.44% / 17763 bytes

Longest message:

Author :	sasha.garcya@gmail.com
Subject :	[Muscle] pcsc freeze my computer
Date :	Thu, 28 Oct 2010 13:49:13 +0200
Size :	41721 bytes

Most successful subject:

Subject :	[Muscle] Re: Open readers and iso7816 question
No. of msgs:	31
Total size :	108549 bytes

Final summary:

Total number of messages:	718
Total number of different authors:	116
Total number of different subjects:	227
Total size of messages (w/o headers):	2271592 bytes
Average size of a message:	3163 bytes

---

Input file last updated: Wed Jan 5 15:02:38 2011

Generated by MailListStat v1.3

Since pcsc-lite 1.6.5 it is possible to start pcscd on demand and run it with less privileges than root.

System configuration

pcscd group

pcscd is run as a user in the pcscd group. So you need to create this group.

$ sudo addgroup --system pcscd

/var/run/pcscd directory

Since pcscd is no more running as root it cannot create the /var/run/pcscd directory itself. The directory must be created as root and the correct permissions must be set:

• group = pcscd group
• access rights = rwx

$ sudo mkdir /var/run/pcscd
$ sudo chgrp pcscd /var/run/pcscd
$ sudo chmod g+w /var/run/pcscd

udev rule

pcscd is no more running as root so need permissions changed on the reader device. For USB readers this is done via a udev rule file.

A previous blog entry described such a udev rule file.
libccid provides a udev rule file. I guess other drivers does not (yet) provide one.

Example:

# If not adding the device, go away
ACTION!="add", GOTO="pcscd_ccid_rules_end"
SUBSYSTEM!="usb", GOTO="pcscd_ccid_rules_end"
ENV{DEVTYPE}!="usb_device", GOTO="pcscd_ccid_rules_end"

ATTRS{idVendor}=="0x08E6", ATTRS{idProduct}=="0x0430", GROUP="pcscd"

# All done
LABEL="pcscd_ccid_rules_end"

This example if for the Gemplus GemPC430 reader. It is an old reader and is not CCID. Just replace the idVendor and idProduct by the value of your own USB reader.

Debian

All these steps are already in place for the pcscd and libccid packages in Debian (in experimental for now). The packages for the other drivers should follow.

Conclusion

The auto-start feature needs some configuration before it can be used.
If you do not want to follow all the steps described in this article you can continue to run pcscd as root as before.

I just released new version of pcsc-lite 1.6.6. This version does not bring new feature bug fixes two bugs.
The version is available here.

Changelog

pcsc-lite-1.6.6: Ludovic Rousseau
12 December 2010

• SCardGetStatusChange(): fix a bug on 64-bits systems
• Fix another bug because of a regression in the internal list manager

I just released a new version of libccid.

Changelog

1.4.1 - 3 December 2010, Ludovic Rousseau

• Add support of Gemalto Smart Guardian (SG CCID), ReinerSCT cyberJack RFID basis, Akasa AK-CR-03, BZH uKeyCI800-K18, Free Software Initiative of Japan Gnuk token readers
• Remove O2 Micro Oz776 and Blutronics Bludrive II CCID since they are no more supported since version 1.4.0
• SecurePINVerify & SecurePINModify: Accept big and little endian byte orders for multibytes fields. The application should not use HOST_TO_CCID_16() and HOST_TO_CCID_32() any more and just use the normal byte order of the architecture.
• Need pcsc-lite 1.6.5 for TAG_IFD_POLLING_THREAD_WITH_TIMEOUT
• Add --enable-embedded (default is no) to build libccid for an embedded system. This will activate the NO_LOG option to disable logging and limit RAM and disk consumption.
• Remove --enable-udev option since it is not used anymore with libhal. The udev rules file is now used to change the access rights of the device and not send a hotplug signal to pcscd. See /posts/2010/09/pcscd-auto-start/
• some minor bugs removed

I just released new version of pcsc-lite. Some of the improvements or changes have already been described in previous blog articles.

Changelog

pcsc-lite-1.6.5: Ludovic Rousseau
3 December 2010

• Power on the card _only_ if an application requests a connection. You can disable the feature using DISABLE_ON_DEMAND_POWER_ON in src/pcscd.h.in If DISABLE_AUTO_POWER_ON is defined then do not automatically power on the card. The card will be powered on on the first SCardConnect() See /posts/2010/10/card-auto-power-on-and-off/
  
• SCardReconnect(): return SCARD_E_NO_SMARTCARD when card is removed and SCARD_W_UNRESPONSIVE_CARD when card is unresponsive instead of SCARD_E_PROTO_MISMATCH
• Install pcscd as sgid pcscd instead of suid root See /posts/2010/09/pcscd-auto-start/
• SCardSetTimeout() is no more provided. This function is not provided by Microsoft and is deprecated since 2004 in pcsc-lite.
• SCardCancelTransaction() is no more provided. This function is not provided by Microsoft and is deprecated since 2005 in pcsc-lite.
• Parsing the CCID Info.plist (159 readers supported) was, on a i386 machine, done in 264306 s and is now done 5547 s => gain x47 or 4600% See /posts/2010/08/ram-and-cpu-improvements-in-pcsc-lite/
• It is now possible to configure the local socket name to use using the environment variable PCSCLITE_CSOCK_NAME See /posts/2010/11/pcsc-client-and-server-on-two-different/
• Wait until all connected readers have a chance to power up a possibly inserted card before accepting clients.
• restrict pcscd features when not run by root (so using suid): APDU logging or setting parameters are disabled for example
• fix compilation problem on kfreebsd-* systems
• PCSC/reader.h: HOST_TO_CCID_16() and HOST_TO_CCID_32() are now identity functions Since libccid 1.4.1 (revision 5252) the byte order is no more important
• If you want to use IFDHCreateChannel() instead of IFDHCreateChannelByName() then do not use any DEVICENAME line in the configuration file. IFDHCreateChannel() will then be called with the CHANNELID parameter.
• the CHANNELID parameter can also be a decimal number.
• Remove the support of IFDHandler v1 API. I don't know any driver using this API. See /posts/2010/10/ifdhandler-version-1-support-removed/
• avoids a buffer overflow with badly formed ATR
• some other minor improvements and bug corrections

I just released a new version of PyKCS11, a Python wrapper above the PKCS#11 API.

Changelog

1.2.3 - December 2010, Ludovic Rousseau

• Add new classes CK_SLOT_INFO, CK_INFO, CK_SESSION_INFO, CK_MECHANISM_INFO and CK_TOKEN_INFO instead of the low level ones to have a __repr__() method. It is now possible to just print an object of these classes and have a human readable version.
• Add a new class CK_OBJECT_HANDLE() to replace the low level one and have a __repr__() method for objects returned by findObjects()
• Move initToken() from class Session to class PyKCS11Lib and add a slot parameter.
• Add generateKeyPair() and destoryObject() support in high level interface

What next?

This new release should restart the publication of articles on this wrapper. I have not published anything since June.

This new version 1.2.3 is more easy and fun to use in an interactive Python interpreter. You can just display objects using print. More to come...