Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Tuesday, September 27, 2016

macOS Sierra and smart cards status

macOS Sierra (macOS 10.12) is now available since 20th September, 2016.




API Differences between 10.11 and 10.12

The differences are listed in the developer page macOS Sierra 10.12. The page only document big changes. Regarding smart cards we only have:

Support for Smart Card Driver Extensions

You can now create NSExtension-based smart card drivers, allowing the contents of certain types of smart cards to be presented as part of the system keychain. This mechanism is intended to replace the deprecated Common Data Security Architecture, although for macOS 10.12, both architectures are supported.

The driver extensions are limited to read-only mode, so that it is not possible to alter the contents of a smart card using the standard keychain interface. For more information, see CryptoTokenKit Framework Reference.

See also a previous blog article "macOS Sierra: Smart Card Driver Extensions". I guess I will write again about this new technology in future blog articles.

Updates on CryptoTokenKit framework, PCSC framework and CCID driver are not listed in this high level page.

PC/SC

Since Yosemite (10.10) the PC/SC layer is no more a fork of pcsc-lite. So comparing versions with pcsc-lite is useless.

$ cat /System/Library/Frameworks/PCSC.framework/Versions/A/Resources/version.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
 <key>BuildAliasOf</key>
 <string>CryptoTokenKit</string>
 <key>BuildVersion</key>
 <string>65</string>
 <key>CFBundleShortVersionString</key>
 <string>8.0</string>
 <key>CFBundleVersion</key>
 <string>1</string>
 <key>ProjectName</key>
 <string>SmartCardServices</string>
 <key>SourceVersion</key>
 <string>196001003000000</string>
</dict>
</plist>
The BuildVersion changed from 13 on El Capitan to 65 on Sierra, and SourceVersion changed from 79001001000000 to 196001003000000. I have no idea what the SourceVersion "number" is.

It looks like Apple made 65-13 = 52 builds of the PC/SC framework since Yosemite 10.11.0.

PC/SC Bugs fixed


These bugs were found in El Capitan and are now fixed in Sierra:
  1. SCardGetAttrib() returns SCARD_E_NOT_TRANSACTED when it should not
  2. Connecting a CT700 Gemalto smart card reader renders PC/SC useless
  3. SCardConnect() returns SCARD_E_PROTO_MISMATCH instead of SCARD_E_SHARING_VIOLATION
  4. SCardGetAttrib() returns SCARD_E_NOT_TRANSACTED instead of SCARD_E_INSUFFICIENT_BUFFER
Some bugs reported on El Capitan are still present in Sierra. I updated the page "OS X El Capitan and smart cards: known bugs".

CCID driver

Driver version 1.4.24.
El Capitan had: 1.4.14 in 10.11.0 and 1.4.21 in 10.11.6

$ grep -A 1 CFBundleShortVersionString /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist
 <key>CFBundleShortVersionString</key>
 <string>1.4.24</string>
 You can have a look at the CCID README file to know what changes between version 1.4.21 and version 1.4.24.

Note that the CCID driver version 1.4.24 provided in macOS Sierra is the latest available version (as I write this blog). version 1.4.24 has been released in May 2016 (4 months ago only).

It is important to note that Apple regularly upgrades the CCID driver. I guess Apple will continue to upgrade the CCID driver in minor versions of Sierra, as they did with minor versions of El Capitan.

Conclusion

  • Some PC/SC framework bugs fixed.
  • Updated version of the CCID driver.
  • Support for Smart Card Driver Extensions (replacing tokend)