search

tomasz-lisowski / swicc-pcsc

A PC/SC IFD handler to attach swICC-based cards through a software PC/SC reader.
BSD 3-Clause "New" or "Revised" License
30 stars 8 forks source link

Difference to ifd_vpcd from vsmartcard? #1

Closed laf0rge closed 4 months ago

laf0rge commented 1 year ago

I'm wondering if you considered using ifd_vpcd from https://github.com/frankmorgner/vsmartcard/tree/master/virtualsmartcard/src/ifd-vpcd of @frankmorgner?

It basically is a small pcsc ifd_handler which exposes the APDUs over a (client or server) TCP Socket. Any external program implementing the (very simple!) protocol can then implement a smart card (like your swsim for example).

This way the ICC code wouldn't have to be linked into the ifd_handler binary, and you can debug the parts individually rather nicely. Even looking at the APDU trace in wireshark becomes feasible.

Just an idea, of course everyone can do it their way :)

tomasz-lisowski commented 1 year ago

I was aware of the vsmartcard project and the IFD implementation they have done. The main issue is that I wanted to allow for the reader itself to be aware of the transmission state, at least to the extent of knowing if it's getting procedure bytes, a status word, or an R-APDU. This way if anything happens on the card, and it sends a NACK for example, the IFD handler can send a status and in general handle all these edge cases for better reliability (especially for problems at the transport layer). The protocol itself (and internals of swICC FSM) also works in such a way that the reader knows how much data will be received ahead of time, which helps to detect unexpected terminal behavior. I felt more comfortable shipping with my own IFD handler with all these improvements and written in a more rigorous style. That is not to say I won't implement the vsmartcard protocol at some point :).

The swICC library is linked with the IFD handler because the network module is shared between them. The ICC components are nicely separated from the network and the only state is stored in a single struct defined in swicc/swicc.h. Not ideal for testing indeed, but the network module will remain independent and will remain in swICC for ease of use.

As for the Wireshark traces, you are right, that would not be easy to do if SIMtrace was not used (where the gsm-tap option is available), i.e., with an all-software usage.

Thanks for pointing these things out, I didn't yet have a chance to clarify all the design choices. Let me know what you think of this reasoning.

frankmorgner commented 4 months ago

FYI: In the vsmartcard we don't have an explicit command to query for the card status, but instead we are using the command for requesting the card's ATR to check if the card is still present. This approach works as expected.