[Spice-devel] RFC - Direct smart card support in libcacard/spice-gtk

Jeremy White jwhite at codeweavers.com
Tue Dec 23 12:49:54 PST 2014 

Hi folks,

I've been working a lot with smartcards for Xspice.

As I've done this, I've come to understand that the Spice client doesn't 
actually send the physical smartcard data across; instead it sends 
virtualized smartcard apdus, using PK11 information it gets from libnss.

After some discussion on irc, I decided to explore expanding libcacard 
to support sending the apdus directly to the card, using the PC/SC (aka 
pcsclite) library.

I've attached a proof of concept set of patches - one for the client, 
and the substantial one for qemu/libcacard.

The basic approach is to add a parallel to the vcard_emul_nss.c stack, 
where we add and remove readers and cards in response to pcsclite events.

Note that I don't consider the code submission quality; it has quite a 
few rough edges.  It does work for me in some limited test cases, 
though, and it I think largely illustrates my proposed path.

I am hoping to ask:

   1.  Does this basic approach seem reasonable?

   2.  Anyone know what the origin of the VCARD_DIRECT code path was?  I 
use it here.  git-blame pins it back to the original libcacard commit; 
not sure where it came from before then.  I was trying to find an 
alternate consumer of that code to make sure I was aligned with it.

I believe that, with this change, a system that was not otherwise using 
a smart card could relay that smart card on to a distant Spice server. 
I'm uncertain what would happen in the case where the smart card was in 
use by the local system.  That's something I'll need to probe yet.  I 
imagine that it won't work, but have no real hard evidence for that :-/.

Cheers,

Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: qemu-libcacard-direct-smartcard-proof-of-concept.patch
Type: text/x-patch
Size: 17982 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20141223/6cb95f48/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spice-gtk-direct-smartcard-proof-of-concept.patch
Type: text/x-patch
Size: 7002 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20141223/6cb95f48/attachment-0001.bin>

More information about the Spice-devel mailing list