Android APDU driver

Smart Card APDU-BIBO: "bytes in, bytes out" for Android AKA "MOPP-1"

Smart card access library (MIT license) for native Android Java applications. Provide a level of indirection ("API") for enumerating "readers" (USB-OTG, internal NFC, built-in SE, emulated soft-token, possibly BT and others) and "tokens" (smart cards that speak APDU-s) in a unified way via plugins through single interface, with UX focus on the error-prone and asynchronous contactless experience.

Result: preferably an interface not unlike IsoDep.transceive() with adequate asynchronous handling (but possibly consider mimicking "PCSC/Winscard/SCard*" and/or javax.smartcardio interfaces as well)

Readers to test (TODO: exact USB ID-s):

• internal NFC (Nexus 5, 5X, Samsung XYZ)
• Omnikey/HID 1021 - https://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x076B0x1021
• Gemalto CT710 - https://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x08E60x34C2
• SCR3500 OTG - https://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x04E60x5815
• SCR3500 FOLD - https://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x04E60x5811
• GemPC / CT30 - https://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x08E60x3437
• http://www.pluss-id.com/ (both iterations, Realtek + HID)

The goal is to be able to support any of the mentioned readers (preferably any CCID compatible reader) with the same open source codebase the same way as IsoDep interface works with any phone with a (compatible) NFC chip, avoiding a possible "driver app NASCAR problem". Existing vendor drivers come in the form of limited libraries with no source code, where API experience varies based on vendor, devices and interfaces. Some devices (BT, 3.5mm jack etc) are proprietary and unrealistic to support with 3rd party open source driver, but application developer should not be punished for it. Thus the support for plugging in proprietary libraries with a thin adaption layer.

MISC (apps etc)

• https://play.google.com/store/apps/details?id=sasc.android.smartcard
• https://github.com/jmarroyo/ApduSenderContact (uses ACS)
• www.scdroid.com (no source, CCID ?)

NFC

• https://github.com/fidesmo/nordpol
• https://sourceforge.net/p/scuba/code/HEAD/tree/trunk/scuba_sc_android/
• https://github.com/jmarroyo/ApduSenderContactLess
• https://github.com/frankmorgner/vsmartcard/tree/master/remote-reader

USB-OTG-CCID

• http://downloads.acs.com.hk/drivers/en/ACS-EVK-Android-112-A.zip (http://android.acs.com.hk)
  • http://www.acs.com.hk/download-driver-unified/5102/ACS-EVK-Android-113-A.zip (http://www.acs.com.hk/en/driver/3/acr122u-usb-nfc-reader/)
  • Is a Java library with multiple classes in 53KB minified/obfuscated JAR
    • "... is a collection of methods and functions ..."
  • Dated June 2014 (1.1.3 31/03/2016)
  • Only claims support for ACS devices
  • No licensing information
• http://support.identiv.com/download.php?ref=kb&file=ANDSDK (v1.1)
  • http://support.identiv.com/download.php?ref=kb&file=ANDSDK_10 (v1.0)
  • Exposes a SCard* API (in Java) in 91KB un-minified JAR
  • Dated March 2013
  • Only claims support for Identive devices
  • No licensing information (but explicitly forbids usage with open source for demo code)
  • Looks more like a systematically structured library than ACS
• https://www.hidglobal.com/drivers/16553
  • Exposes a JSR268 API in 42K un-minified JAR
  • Dated February 2016
  • Only claims support for HID/Omnikey readers
  • Supports also Bluetooth (OK2061)
  • Unclear (complicated) licensing, additional branded app
  • Depends on a "management app" with a service that brokers the USB/BT access via Service

IPC

(AKA "MOPP-2")

• Native app implements all necessary functionality for token access
• For websites (plan A):
  • https://developer.chrome.com/multidevice/android/intents
• For local apps:
  • https://developer.android.com/guide/components/services.html
  • https://developer.android.com/guide/components/intents-common.html
• For websites (plan B)
  • website backend <-> 3rd party cloud app <-> native app
  • https://developers.google.com/cloud-messaging/
  • SAML? More likely not...
• For websites (plan C)
  • website <-> "localhost service" with HTTP or WebSocket
  • See https://eevertti.vrk.fi/documents/2634109/2858578/SCS-signatures_v1.0.1.pdf

TODO

• take any/all (devices!) existing USB code for unified API experimentation
• take https://developer.android.com/guide/topics/connectivity/nfc/index.html for contactless
• then with https://developer.android.com/guide/topics/connectivity/usb/host.html
  • re-implement https://github.com/LudovicRousseau/CCID
  • libusb/transfers/device handling from ccid_usb.c based on UsbManager
  • CCID command messages from commands.c, spec section 6
    • http://www.usb.org/developers/docs/devclass_docs/DWG_Smart-Card_CCID_Rev110.pdf
  • first only APDU mode (https://pcsclite.alioth.debian.org/select_readers/?dwFeatures=13 and 14)
  • then T=1 handling and character mode
  • then pinpad commands
• test application that runs EstEID.java tests on inserted card (applies CommandAPDU support)

PC/SC level relay

• https://github.com/frankmorgner/vsmartcard/tree/master/pcsc-relay
• https://github.com/frankmorgner/vsmartcard/tree/master/remote-reader