cardem: choose a more reasonable default ATR

PCSCd does not like invalid ATRs

Change-Id: I1eebfdc06be55931c2e80e2b515ac3a559737c38

.gitignore

@@ -21,3 +21,4 @@ host/simtrace2-list
 host/simtrace2-remsim
 host/simtrace2-remsim-usb2udp
 usb_strings_generated.h
+firmware/usbstring/usbstring

contrib/flash.py

@@ -0,0 +1,162 @@
+#!/usr/bin/env python
+# encoding: utf-8
+# python: 3.8.1
+
+# library to enumerate USB devices
+import usb.core
+from usb.util import *
+# more elegant structure
+from typing import NamedTuple
+# regular expressions utilities
+import re
+# open utilities to handle files
+import os, sys
+# to download the firmwares
+import urllib.request
+# to flash using DFU-util
+import subprocess
+
+# SIMtrace 2 device information
+class Device(NamedTuple):
+	usb_vendor_id: int
+	usb_product_id: int
+	name: str
+	url: dict # 1: sniff/trace firmware, 2: card emulation firmware
+
+# SIMtrace 2 devices definitions
+DEVICE_SIMTRACE = Device(usb_vendor_id=0x1d50, usb_product_id=0x60e3, name="SIMtrace 2", url={"trace": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/simtrace-trace-dfu-latest.bin", "cardem": "https://osmocom.org/attachments/download/3868/simtrace-cardem-dfu.bin"})
+DEVICE_QMOD = Device(usb_vendor_id=0x1d50, usb_product_id=0x4004, name="sysmoQMOD (Quad Modem)", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/qmod-cardem-dfu-latest.bin"})
+DEVICE_OWHW = Device(usb_vendor_id=0x1d50, usb_product_id=0x4001, name="OWHW", url={"cardem": "https://ftp.osmocom.org/binaries/simtrace2/firmware/latest/owhw-cardem-dfu-latest.bin"})
+DEVICES = [DEVICE_SIMTRACE, DEVICE_QMOD]
+
+# which firmware does the SIMtrace USN interface subclass correspond
+FIRMWARE_SUBCLASS = {1: "trace", 2: "cardem"}
+
+def print_help():
+	print("this script will flash SIMtrace 2 - based devices")
+	print("when no argument is provided, it will try to flash the application firmware of all SIMtrace 2 devices connected to USB with the latest version")
+	print("to flash a specific firmware, provide the name as argument")
+	print("the possible firmwares are: trace, cardem")
+	print("to list all devices connected to USB, provide the argument \"list\"")
+
+# the firmware to flash
+to_flash = None
+
+# parse command line argument
+if len(sys.argv) == 2:
+  to_flash = sys.argv[1]
+if to_flash not in ["list", "trace", "cardem"] and len(sys.argv) > 1:
+	print_help()
+	exit(0)
+
+# get all USB devices
+devices = []
+devices_nb = 0
+updated_nb = 0
+usb_devices = usb.core.find(find_all=True)
+for usb_device in usb_devices:
+	# find SIMtrace devices
+	definitions = list(filter(lambda x: x.usb_vendor_id == usb_device.idVendor and x.usb_product_id == usb_device.idProduct, DEVICES))
+	if 1 != len(definitions):
+		continue
+	devices_nb += 1
+	definition = definitions[0]
+	serial = usb_device.serial_number or "unknown"
+	usb_path = str(usb_device.bus) + "-" + ".".join(map(str, usb_device.port_numbers))
+	print("found " + definition.name + " device (chip ID " + serial + ") at USB path " + usb_path)
+	# determine if we are running DFU (in most cases the bootloader, but could also be the application)
+	dfu_interface = None
+	for configuration in usb_device:
+		# get DFU interface descriptor
+		dfu_interface = dfu_interface or find_descriptor(configuration, bInterfaceClass=254, bInterfaceSubClass=1)
+	if (None == dfu_interface):
+		print("no DFU USB interface found")
+		continue
+	dfu_mode = (2 == dfu_interface.bInterfaceProtocol) # InterfaceProtocol 1 is runtime mode, 2 is DFU mode
+	# determine firmware type (when not in DFU mode)
+	firmware = None
+	simtrace_interface = None
+	for configuration in usb_device:
+		simtrace_interface = simtrace_interface or find_descriptor(configuration, bInterfaceClass=255)
+	if simtrace_interface and simtrace_interface.bInterfaceSubClass in FIRMWARE_SUBCLASS:
+		firmware = firmware or FIRMWARE_SUBCLASS[simtrace_interface.bInterfaceSubClass]
+	if dfu_mode:
+		firmware = 'dfu'
+	if firmware:
+		print("installed firmware: " + firmware)
+	else:
+		print("unknown installed firmware")
+		continue
+	# determine version of the application/bootloader firmware
+	version = None
+	version_interface = None
+	for configuration in usb_device:
+		# get custom interface with string
+		version_interface = version_interface or find_descriptor(configuration, bInterfaceClass=255, bInterfaceSubClass=255)
+	if version_interface and version_interface.iInterface and version_interface.iInterface > 0 and get_string(usb_device, version_interface.iInterface):
+		version = get_string(usb_device, version_interface.iInterface)
+	if not version:
+		# the USB serial is set (in the application) since version 0.5.1.34-e026 from 2019-08-06
+		# https://git.osmocom.org/simtrace2/commit/?id=e0265462d8c05ebfa133db2039c2fbe3ebbd286e
+		# the USB serial is set (in the bootloader) since version 0.5.1.45-ac7e from 2019-11-18
+		# https://git.osmocom.org/simtrace2/commit/?id=5db9402a5f346e30288db228157f71c29aefce5a
+		# the firmware version is set (in the application) since version 0.5.1.37-ede8 from 2019-08-13
+		# https://git.osmocom.org/simtrace2/commit/?id=ede87e067dadd07119f24e96261b66ac92b3af6f
+		# the firmware version is set (in the bootloader) since version 0.5.1.45-ac7e from 2019-11-18
+		# https://git.osmocom.org/simtrace2/commit/?id=5db9402a5f346e30288db228157f71c29aefce5a
+		if dfu_mode:
+			if serial:
+				version = "< 0.5.1.45-ac7e"
+			else:
+				versoin = "< 0.5.1.45-ac7e"
+		else:
+			if serial:
+				version = "< 0.5.1.37-ede8"
+			else:
+				versoin = "< 0.5.1.34-e026"
+	print("device firmware version: " + version)
+	# flash latest firmware
+	if to_flash == "list": # we just want to list the devices, not flash them
+		continue
+	# check the firmware exists
+	if firmware == "dfu" and to_flash is None:
+		print("device is currently in DFU mode. you need to specify which firmware to flash")
+		continue
+	to_flash = to_flash or firmware
+	if to_flash not in definition.url.keys():
+		print("no firmware image available for " + firmware + " firmware")
+		continue
+	# download firmware
+	try:
+		dl_path, header = urllib.request.urlretrieve(definition.url[to_flash])
+	except:
+		print("could not download firmware " + definition.url[to_flash])
+		continue
+	dl_file = open(dl_path, "rb")
+	dl_data = dl_file.read()
+	dl_file.close()
+	# compare versions
+	dl_version = re.search(b'firmware \d+\.\d+\.\d+\.\d+-[0-9a-fA-F]{4}', dl_data)
+	if dl_version is None:
+		print("could not get version from downloaded firmware image")
+		os.remove(dl_path)
+		continue
+	dl_version = dl_version.group(0).decode("utf-8").split(" ")[1]
+	print("latest firmware version: " + dl_version)
+	versions = list(map(lambda x: int(x), version.split(" ")[-1].split("-")[0].split(".")))
+	dl_versions = list(map(lambda x: int(x), dl_version.split("-")[0].split(".")))
+	dl_newer = (versions[0] < dl_versions[0] or (versions[0] == dl_versions[0] and versions[1] < dl_versions[1]) or (versions[0] == dl_versions[0] and versions[1] == dl_versions[1] and versions[2] < dl_versions[2]) or (versions[0] == dl_versions[0] and versions[1] == dl_versions[1] and versions[2] == dl_versions[2] and versions[3] < dl_versions[3]))
+	if not dl_newer:
+		print("no need to flash latest version")
+		os.remove(dl_path)
+		continue
+	print("flashing latest version")
+	dfu_result = subprocess.run(["dfu-util", "--device", hex(definition.usb_vendor_id) + ":" + hex(definition.usb_product_id), "--path", usb_path, "--cfg", "1", "--alt", "1", "--reset", "--download", dl_path])
+	os.remove(dl_path)
+	if 0 != dfu_result.returncode:
+		printf("flashing firmware using dfu-util failed. ensure dfu-util is installed and you have the permissions to access this USB device")
+		continue
+	updated_nb += 1
+
+print(str(devices_nb)+ " SIMtrace 2 device(s) found")
+print(str(updated_nb)+ " SIMtrace 2 device(s) updated")

contrib/jenkins.sh

@@ -21,11 +21,14 @@ mkdir "$deps" || true
 
 osmo-build-dep.sh libosmocore "" '--disable-doxygen --enable-gnutls'
 
+# verify only after building the dependency (to ensure we have most recent source of dependency)
+verify_value_string_arrays_are_terminated.py $(find . -name "*.[hc]")
+
 export PKG_CONFIG_PATH="$inst/lib/pkgconfig:$PKG_CONFIG_PATH"
 export LD_LIBRARY_PATH="$inst/lib"
 
 BUILDS=""
-BUILDS+="simtrace/dfu simtrace/cardem simtrace/trace " # simtrace/triple_play
+BUILDS+="simtrace/dfu simtrace/trace simtrace/cardem "
 BUILDS+="qmod/dfu qmod/cardem "
 BUILDS+="owhw/dfu owhw/cardem "
 

firmware/Makefile

@@ -33,16 +33,26 @@ GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarvers)
 #        User-modifiable options
 #-------------------------------------------------------------------------------
 
+# verbosity
+V ?= 0
+ifneq ("$(V)","0")
+SILENT :=
+else
+SILENT := @
+endif
+
 # Chip & board used for compilation
 # (can be overriden by adding CHIP=chip and BOARD=board to the command-line)
 CHIP  ?= sam3s4
 BOARD ?= qmod
+APP ?= dfu
 
 # Defines which are the available memory targets for the SAM3S-EK board.
+ifeq ($(APP), dfu)
 MEMORIES ?= flash dfu
-
-# Output file basename
-APP ?= dfu
+else
+MEMORIES ?= dfu
+endif
 
 # Output directories and filename
 OUTPUT = $(BOARD)-$(APP)
@@ -97,10 +107,11 @@ C_LIBCHIP  = $(notdir $(wildcard $(AT91LIB)/libchip_sam3s/source/*.c) $(wildcard
 C_LIBUSB     = USBDescriptors.c USBRequests.c USBD.c USBDCallbacks.c USBDDriver.c USBDDriverCallbacks.c
 C_LIBUSB_RT  = dfu.c dfu_runtime.c
 C_LIBUSB_DFU = dfu.c dfu_desc.c dfu_driver.c
-C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c
+C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c \
+	       main_common.c tc_etu.c
 
 C_BOARD      = $(notdir $(wildcard libboard/common/source/*.c))
-C_BOARD	    += $(notdir $(wildcard libboard/$(BOARD)/source/*.c))
+C_BOARD     += $(notdir $(wildcard libboard/$(BOARD)/source/*.c))
 
 C_APPLEVEL = $(notdir $(wildcard apps/$(APP)/*.c))
 
@@ -161,14 +172,14 @@ CFLAGS += -Wno-suggest-attribute=noreturn
 # -mlong-calls  -Wall
 #CFLAGS += -save-temps -fverbose-asm
 #CFLAGS += -Wa,-a,-ad
-CFLAGS += -D__ARM
+CFLAGS += -D__ARM -fno-builtin
 CFLAGS += --param max-inline-insns-single=500 -mcpu=cortex-m3 -mthumb # -mfix-cortex-m3-ldrd
 CFLAGS += -ffunction-sections -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -DTRACE_LEVEL=$(TRACE_LEVEL) -DALLOW_PEER_ERASE=$(ALLOW_PEER_ERASE)
 CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
 CFLAGS += -DBOARD=\"$(BOARD)\" -DBOARD_$(BOARD)
 CFLAGS += -DAPPLICATION=\"$(APP)\" -DAPPLICATION_$(APP)
 ASFLAGS = -mcpu=cortex-m3 -mthumb -Wall -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -D__ASSEMBLY__
-LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--warn-unresolved-symbols $(LIB)
+LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--print-memory-usage -Wl,--no-undefined $(LIB)
 #LD_OPTIONAL=-Wl,--print-gc-sections -Wl,--stats
 
 # Append BIN directories to output filename
@@ -195,7 +206,11 @@ $(BIN) $(OBJ):
 usbstring/usbstring: usbstring/usbstring.c
 	gcc $^ -o $@
 
-apps/$(APP)/usb_strings_generated.h: apps/$(APP)/usb_strings.txt usbstring/usbstring
+.PHONY: apps/$(APP)/usb_strings.txt.patched
+apps/$(APP)/usb_strings.txt.patched: apps/$(APP)/usb_strings.txt
+	sed "s/PRODUCT_STRING/$(shell cat libboard/$(BOARD)/product_string.txt)/" $< > $@
+
+apps/$(APP)/usb_strings_generated.h: apps/$(APP)/usb_strings.txt.patched usbstring/usbstring
 	cat $< | usbstring/usbstring > $@
 
 define RULES
@@ -203,22 +218,22 @@ C_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(C_OBJECTS))
 ASM_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(ASM_OBJECTS))
 
 $(1): $$(ASM_OBJECTS_$(1)) $$(C_OBJECTS_$(1))
-	@$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
+	$(SILENT)$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
 	cp $(OUTPUT)-$$@.elf $(OUTPUT)-$$@-$(GIT_VERSION).elf
 	cp $(OUTPUT)-$$@.elf $(OUTPUT)-$$@-latest.elf
-	@$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
-	@$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
+	$(SILENT)$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
+	$(SILENT)$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
 	cp $(OUTPUT)-$$@.bin $(OUTPUT)-$$@-$(GIT_VERSION).bin
 	cp $(OUTPUT)-$$@.bin $(OUTPUT)-$$@-latest.bin
-	@$(SIZE) $$^ $(OUTPUT)-$$@.elf
+	$(SILENT)$(SIZE) $$^ $(OUTPUT)-$$@.elf
 
 $$(C_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.c Makefile $(OBJ) $(BIN)
 	@echo [COMPILING $$<]
-	@$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
+	$(SILENT)$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
 
 $$(ASM_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.S Makefile $(OBJ) $(BIN)
 	@echo [ASSEMBLING $$@]
-	@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
+	$(SILENT)@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
 
 debug_$(1): $(1)
 	$(GDB) -x "$(BOARD_LIB)/resources/gcc/$(BOARD)_$(1).gdb" -ex "reset" -readnow -se $(OUTPUT)-$(1).elf
@@ -231,10 +246,11 @@ program:
 
 SERIAL ?= /dev/ttyUSB0
 log:
-	stty -F $(SERIAL) 115200
+	stty -F $(SERIAL) 921600
 	lsof $(SERIAL) && echo "log is already opened" || ( sed -u "s/\r//" $(SERIAL) | ts )
 
 clean:
+	-rm -f apps/$(APP)/usb_strings.txt.patched
 	-rm -fR $(OBJ)/*.o $(BIN)/*.bin $(BIN)/*.elf $(BIN)/*.elf.txt $(BIN)/*.map $(BIN)/*.lst `find . -name \*.p`
 
 install:

firmware/apps/cardem/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c iso7816_fidi.c iso7816_3.c iso7816_4.c mode_cardemu.c simtrace_iso7816.c usb.c

firmware/apps/cardem/main.c

@@ -1,7 +1,7 @@
 /* SIMtrace 2 firmware card emulation application
  *
  * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
- * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -24,10 +24,9 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
+#include "main_common.h"
 #include <osmocom/core/timer.h>
 
-unsigned int g_unique_id[4];
-
 /*------------------------------------------------------------------------------
  *         Internal variables
  *------------------------------------------------------------------------------*/
@@ -40,7 +39,7 @@ typedef struct {
 	void (*exit) (void);
 	/* main loop content for given configuration */
 	void (*run) (void);
-	/* Interrupt handler for USART1 */
+	/* Interrupt handler for USART0 */
 	void (*usart0_irq) (void);
 	/* Interrupt handler for USART1 */
 	void (*usart1_irq) (void);
@@ -54,6 +53,8 @@ static const conf_func config_func_ptrs[] = {
 		.init = Sniffer_init,
 		.exit = Sniffer_exit,
 		.run = Sniffer_run,
+		.usart0_irq = Sniffer_usart0_irq,
+		.usart1_irq = Sniffer_usart1_irq,
 	},
 #endif
 #ifdef HAVE_CCID
@@ -146,7 +147,8 @@ extern int main(void)
 	unsigned int i = 0;
 
 	led_init();
-	led_blink(LED_RED, BLINK_3O_5F);
+	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_GREEN, BLINK_ALWAYS_ON);
 
 	/* Enable watchdog for 2000ms, with no window */
 	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
@@ -154,33 +156,7 @@ extern int main(void)
 
 	PIO_InitializeInterrupts(0);
 
-	EEFC_ReadUniqueID(g_unique_id);
-
-		printf("\n\r\n\r"
-		"=============================================================================\n\r"
-		"SIMtrace2 firmware " GIT_VERSION " (C) 2010-2016 by Harald Welte\n\r"
-		"=============================================================================\n\r");
-
-#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
-	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
-	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
-		   g_unique_id[0], g_unique_id[1],
-		   g_unique_id[2], g_unique_id[3]);
-	uint8_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
-	static const char* reset_causes[] = {
-		"general reset (first power-up reset)",
-		"backup reset (return from backup mode)",
-		"watchdog reset (watchdog fault occurred)",
-		"software reset (processor reset required by the software)",
-		"user reset (NRST pin detected low)",
-	};
-	if (reset_cause < ARRAY_SIZE(reset_causes)) {
-		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
-	} else {
-		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
-	}
-#endif
-
+	print_banner();
 	board_main_top();
 
 	TRACE_INFO("USB init...\n\r");
@@ -189,7 +165,7 @@ extern int main(void)
 	while (USBD_GetState() < USBD_STATE_CONFIGURED) {
 		WDT_Restart(WDT);
 		check_exec_dbg_cmd();
-#if 0
+#if 1
 		if (i >= MAX_USB_ITER * 3) {
 			TRACE_ERROR("Resetting board (USB could "
 				    "not be configured)\n\r");
@@ -201,8 +177,7 @@ extern int main(void)
 	}
 
 	TRACE_INFO("calling configure of all configurations...\n\r");
-	for (i = 1; i < sizeof(config_func_ptrs) / sizeof(config_func_ptrs[0]);
-	     ++i) {
+	for (i = 1; i < ARRAY_SIZE(config_func_ptrs); i++) {
 		if (config_func_ptrs[i].configure)
 			config_func_ptrs[i].configure();
 	}

firmware/apps/cardem/usb_strings.txt

@@ -1,8 +1,8 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 SIMtrace Sniffer
 SIMtrace CCID
-SIMtrace Phone
+SIMtrace Card Emulation
 SIMtrace MITM
 CardEmulator Modem 1
 CardEmulator Modem 2

firmware/apps/dfu/main.c

@@ -1,7 +1,7 @@
 /* SIMtrace 2 firmware USB DFU bootloader
  *
  * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
- * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -26,8 +26,15 @@
 
 #include <osmocom/core/timer.h>
 
+/* USB alternate interface index used to identify which partition to flash */
+/** USB alternate interface index indicating RAM partition */
 #define ALTIF_RAM 0
+/** USB alternate interface index indicating flash partition */
+#if defined(ENVIRONMENT_flash)
 #define ALTIF_FLASH 1
+#elif defined(ENVIRONMENT_dfu)
+#define ALTIF_FLASH 2
+#endif
 
 unsigned int g_unique_id[4];
 /* remember if the watchdog has been configured in the main loop so we can kick it in the ISR */
@@ -44,10 +51,18 @@ static const Pin pinsLeds[] = { PINS_LEDS } ;
  *----------------------------------------------------------------------------*/
 
 #define RAM_ADDR(offset) (IRAM_ADDR + BOARD_DFU_RAM_SIZE + offset)
+#if defined(ENVIRONMENT_flash)
 #define FLASH_ADDR(offset) (IFLASH_ADDR + BOARD_DFU_BOOT_SIZE + offset)
+#elif defined(ENVIRONMENT_dfu)
+#define FLASH_ADDR(offset) (IFLASH_ADDR + offset)
+#endif
 
-#define IFLASH_END	((uint8_t *)IFLASH_ADDR + IFLASH_SIZE)
-#define IRAM_END	((uint8_t *)IRAM_ADDR + IRAM_SIZE)
+#define IRAM_END ((uint8_t *)IRAM_ADDR + IRAM_SIZE)
+#if defined(ENVIRONMENT_flash)
+#define IFLASH_END ((uint8_t *)IFLASH_ADDR + IFLASH_SIZE)
+#elif defined(ENVIRONMENT_dfu)
+#define IFLASH_END ((uint8_t *)IFLASH_ADDR + BOARD_DFU_BOOT_SIZE)
+#endif
 
 /* incoming call-back: Host has transferred 'len' bytes (stored at
  * 'data'), which we shall write to 'offset' into the partition
@@ -66,7 +81,11 @@ int USBDFU_handle_dnload(uint8_t altif, unsigned int offset,
 		WDT_Restart(WDT);
 	}
 
-	printf("dnload(altif=%u, offset=%u, len=%u)\n\r", altif, offset, len);
+#if TRACE_LEVEL >= TRACE_LEVEL_INFO
+	TRACE_INFO("dnload(altif=%u, offset=%u, len=%u)\n\r", altif, offset, len);
+#else
+	printf("DL off=%u\n\r", offset);
+#endif
 
 #ifdef PINS_LEDS
 	PIO_Clear(&pinsLeds[LED_NUM_RED]);
@@ -86,7 +105,11 @@ int USBDFU_handle_dnload(uint8_t altif, unsigned int offset,
 		break;
 	case ALTIF_FLASH:
 		addr = FLASH_ADDR(offset);
+#if defined(ENVIRONMENT_flash)
 		if (addr < IFLASH_ADDR || addr + len >= IFLASH_ADDR + IFLASH_SIZE) {
+#elif defined(ENVIRONMENT_dfu)
+		if (addr < IFLASH_ADDR || addr + len >= IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
+#endif
 			g_dfu->state = DFU_STATE_dfuERROR;
 			g_dfu->status = DFU_STATUS_errADDRESS;
 			rc = DFU_RET_STALL;
@@ -248,27 +271,41 @@ extern int main(void)
 
 	printf("\n\r\n\r"
 		"=============================================================================\n\r"
-		"DFU bootloader %s for board %s (C) 2010-2017 by Harald Welte\n\r"
+		"DFU bootloader %s for board %s\n\r"
+		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
 		"=============================================================================\n\r",
 		manifest_revision, manifest_board);
 
-	TRACE_INFO("Chip ID: 0x%08x (Ext 0x%08x)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
+#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
+	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
 	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
 		   g_unique_id[0], g_unique_id[1],
 		   g_unique_id[2], g_unique_id[3]);
-	TRACE_INFO("Reset Cause: 0x%lx\n\r", reset_cause);
+	static const char* reset_causes[] = {
+		"general reset (first power-up reset)",
+		"backup reset (return from backup mode)",
+		"watchdog reset (watchdog fault occurred)",
+		"software reset (processor reset required by the software)",
+		"user reset (NRST pin detected low)",
+	};
+	if (reset_cause < ARRAY_SIZE(reset_causes)) {
+		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
+	} else {
+		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
+	}
+#endif
 
 #if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
 	/* Find out why we are in the DFU bootloader, and not the main application */
 	TRACE_INFO("DFU bootloader start reason: ");
 	switch (USBDFU_OverrideEnterDFU()) {
 	case 0:
-		/* 0 normally means that there is no override, but we are in the bootloader,
-		 * thus the first check in board_cstartup_gnu did return something else than 0.
-		 * this can only be g_dfu->magic which is erased when the segment are
-		 * relocated, which happens in board_cstartup_gnu just after USBDFU_OverrideEnterDFU.
-		 * no static variable can be used to store this case since this will also be overwritten
-		 */
+		if (SCB->VTOR < IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
+			TRACE_INFO_WP("unknown\n\r");
+		} else {
+			TRACE_INFO_WP("DFU is the main application\n\r");
+		}
+		break;
 	case 1:
 		TRACE_INFO_WP("DFU switch requested by main application\n\r");
 		break;
@@ -295,17 +332,16 @@ extern int main(void)
 
 	TRACE_INFO("USB init...\n\r");
 	/* Signal USB reset by disabling the pull-up on USB D+ for at least 10 ms */
+	USBD_Disconnect();
 #ifdef PIN_USB_PULLUP
 	const Pin usb_dp_pullup = PIN_USB_PULLUP;
 	PIO_Configure(&usb_dp_pullup, 1);
 	PIO_Set(&usb_dp_pullup);
 #endif
-	USBD_HAL_Suspend();
-	mdelay(20);
+	mdelay(50);
 #ifdef PIN_USB_PULLUP
 	PIO_Clear(&usb_dp_pullup);
 #endif
-	USBD_HAL_Activate();
 
 	USBDFU_Initialize(&dfu_descriptors);
 
@@ -314,8 +350,8 @@ extern int main(void)
 		check_exec_dbg_cmd();
 #if 1
 		if (i >= MAX_USB_ITER * 3) {
-			TRACE_ERROR("Resetting board (USB could "
-				    "not be configured)\n\r");
+			TRACE_ERROR("Resetting board (USB could not be configured)\n\r");
+			g_dfu->magic = USB_DFU_MAGIC; // start the bootloader after reboot
 			USBD_Disconnect();
 			NVIC_SystemReset();
 		}

firmware/apps/dfu/usb_strings.txt

@@ -1,5 +1,6 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 DFU (Device Firmware Upgrade)
 RAM
 Flash (Application Partition)
+Flash (Bootloader Partition)

firmware/apps/freq_ctr/usb_strings.txt

@@ -1,8 +1,8 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 SIMtrace Sniffer
 SIMtrace CCID
-SIMtrace Phone
+SIMtrace Card Emulation
 SIMtrace MITM
 CardEmulator Modem 1
 CardEmulator Modem 2

firmware/apps/gpio_test/usb_strings.txt

@@ -1,8 +1,8 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 SIMtrace Sniffer
 SIMtrace CCID
-SIMtrace Phone
+SIMtrace Card Emulation
 SIMtrace MITM
 CardEmulator Modem 1
 CardEmulator Modem 2

firmware/apps/trace/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += iso7816_4.c iso7816_fidi.c simtrace_iso7816.c sniffer.c usb.c

firmware/apps/trace/main.c

@@ -24,10 +24,9 @@
 #include "board.h"
 #include "simtrace.h"
 #include "utils.h"
+#include "main_common.h"
 #include "osmocom/core/timer.h"
 
-unsigned int g_unique_id[4];
-
 /*------------------------------------------------------------------------------
  *         Internal variables
  *------------------------------------------------------------------------------*/
@@ -158,20 +157,7 @@ extern int main(void)
 
 	PIO_InitializeInterrupts(0);
 
-	EEFC_ReadUniqueID(g_unique_id);
-
-		printf("\n\r\n\r"
-		"=============================================================================\n\r"
-		"SIMtrace2 firmware " GIT_VERSION " (C) 2010-2016 by Harald Welte\n\r"
-		"=============================================================================\n\r");
-
-	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
-	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
-		   g_unique_id[0], g_unique_id[1],
-		   g_unique_id[2], g_unique_id[3]);
-	TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
-	TRACE_INFO("USB configuration used: %d\n\r", simtrace_config);
-
+	print_banner();
 	board_main_top();
 
 	TRACE_INFO("USB init...\n\r");

firmware/apps/trace/usb_strings.txt

@@ -1,8 +1,8 @@
 sysmocom - s.f.m.c. GmbH
-SIMtrace 2 compatible device
+PRODUCT_STRING
 SIMtrace Sniffer
 SIMtrace CCID
-SIMtrace Phone
+SIMtrace Card Emulation
 SIMtrace MITM
 CardEmulator Modem 1
 CardEmulator Modem 2

firmware/apps/triple_play/main.c

@@ -26,8 +26,6 @@
 #include "req_ctx.h"
 #include <osmocom/core/timer.h>
 
-unsigned int g_unique_id[4];
-
 /*------------------------------------------------------------------------------
  *         Internal variables
  *------------------------------------------------------------------------------*/
@@ -149,17 +147,7 @@ extern int main(void)
 
 	PIO_InitializeInterrupts(0);
 
-	EEFC_ReadUniqueID(g_unique_id);
-
-		printf("\r\n\r\n"
-		"=============================================================================\r\n"
-		"SIMtrace2 firmware " GIT_REVISION " (C) 2010-2017 by Harald Welte\r\n"
-		"=============================================================================\r\n");
-
-	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\r\n",
-		   g_unique_id[0], g_unique_id[1],
-		   g_unique_id[2], g_unique_id[3]);
-
+	print_banner();
 	board_main_top();
 
 	TRACE_INFO("USB init...\r\n");

firmware/atmel_softpack_libraries/libchip_sam3s/source/USBD_HAL.c

@@ -45,11 +45,6 @@
  *      Headers
  *---------------------------------------------------------------------------*/
 
-#ifdef TRACE_LEVEL
-#undef TRACE_LEVEL
-#endif
-#define TRACE_LEVEL TRACE_LEVEL_WARNING
-
 #include "chip.h"
 #include "USBD_HAL.h"
 #include <usb/device/dfu/dfu.h>
@@ -1082,6 +1077,14 @@ static inline uint8_t UDP_Read(uint8_t  bEndpoint,
  *      Exported functions
  *---------------------------------------------------------------------------*/
 
+
+uint16_t USBD_GetEndpointSize(uint8_t bEndpoint)
+{
+    Endpoint *pEndpoint = &(endpoints[bEndpoint]);
+
+    return pEndpoint->size;
+}
+
 /**
  * USBD (UDP) interrupt handler
  * Manages device resume, suspend, end of bus reset.
@@ -1138,7 +1141,7 @@ void USBD_IrqHandler(void)
     /* Resume (Wakeup) */
     if ((status & (UDP_ISR_WAKEUP | UDP_ISR_RXRSM)) != 0) {
 
-        TRACE_INFO_WP("Res ");
+        TRACE_DEBUG_WP("Res ");
         /* Clear and disable resume interrupts */
         UDP->UDP_ICR = UDP_ICR_WAKEUP | UDP_ICR_RXRSM | UDP_ICR_RXSUSP;
         UDP->UDP_IDR = UDP_IDR_WAKEUP | UDP_IDR_RXRSM;
@@ -1150,7 +1153,7 @@ void USBD_IrqHandler(void)
        This interrupt is always treated last (hence the '==') */
     if (status == UDP_ISR_RXSUSP) {
 
-        TRACE_INFO_WP("Susp ");
+        TRACE_DEBUG_WP("Susp ");
         /* Enable wakeup */
         UDP->UDP_IER = UDP_IER_WAKEUP | UDP_IER_RXRSM;
         /* Acknowledge interrupt */
@@ -1161,19 +1164,26 @@ void USBD_IrqHandler(void)
     /* End of bus reset */
     else if ((status & UDP_ISR_ENDBUSRES) != 0) {
 
-        TRACE_INFO_WP("EoBRes ");
+        TRACE_DEBUG_WP("EoBRes ");
 
 #if defined(BOARD_USB_DFU)
 #if defined(APPLICATION_dfu)
 	/* if we are currently in the DFU bootloader, and we are beyond
 	 * the MANIFEST stage, we shall switch to the normal
 	 * application */
-	if (g_dfu->past_manifest)
+	if (g_dfu->past_manifest) {
+#if defined(ENVIRONMENT_flash)
 		USBDFU_SwitchToApp();
+#elif defined(ENVIRONMENT_dfu)
+		USBDFU_SwitchToDFU();
+#endif
+	}
+
 #else
 	/* if we are currently in the main application, and we are in
-	 * appDETACH state, switch into the DFU bootloader */
-	if (g_dfu->state == DFU_STATE_appDETACH)
+	 * appDETACH state or past downloading, switch into the DFU bootloader.
+	 */
+	if (g_dfu->state == DFU_STATE_appDETACH || g_dfu->state == DFU_STATE_dfuMANIFEST)
 		DFURT_SwitchToDFU();
 #endif /* APPLICATION_dfu */
 #endif /* BOARD_USB_DFU */
@@ -1202,7 +1212,7 @@ void USBD_IrqHandler(void)
 
                 if (status != 0) {
 
-                    TRACE_INFO_WP("\n\r  - ");
+                    TRACE_DEBUG_WP("\n\r  - ");
                 }
             }
             eptnum++;
@@ -1211,7 +1221,7 @@ void USBD_IrqHandler(void)
 
     /* Toggle LED back to its previous state */
     TRACE_DEBUG_WP("!");
-    TRACE_INFO_WP("\n\r");
+    TRACE_DEBUG_WP("\n\r");
     if (USBD_GetState() >= USBD_STATE_POWERED) {
 
         //LED_Clear(USBD_LEDUSB);
@@ -1361,7 +1371,7 @@ uint8_t USBD_HAL_ConfigureEP(const USBEndpointDescriptor *pDescriptor)
         UDP->UDP_IER = (1 << bEndpoint);
     }
 
-    TRACE_INFO_WP("CfgEp%d ", bEndpoint);
+    TRACE_DEBUG_WP("CfgEp%d ", bEndpoint);
     return bEndpoint;
 }
 
@@ -1529,7 +1539,7 @@ void USBD_HAL_RemoteWakeUp(void)
     UDP_EnableUsbClock();
     UDP_EnableTransceiver();
 
-    TRACE_INFO_WP("RWUp ");
+    TRACE_DEBUG_WP("RWUp ");
 
     // Activates a remote wakeup (edge on ESR), then clear ESR
     UDP->UDP_GLB_STAT |= UDP_GLB_STAT_ESR;
@@ -1692,7 +1702,10 @@ void USBD_HAL_Suspend(void)
     /* The device enters the Suspended state */
     UDP_DisableTransceiver();
     UDP_DisableUsbClock();
-    UDP_DisablePeripheralClock();
+    /* Don't disable peripheral clock; this somehow breaks completion of any IN transfers
+     * that have already been written to the peripheral, and which we expect to complete
+     * after resume */
+    //UDP_DisablePeripheralClock();
 }
 
 /**

firmware/atmel_softpack_libraries/libchip_sam3s/source/efc.c

@@ -163,7 +163,7 @@ extern void EFC_TranslateAddress( Efc** ppEfc, uint32_t dwAddress, uint16_t* pwP
     wPage = (dwAddress - IFLASH_ADDR) / IFLASH_PAGE_SIZE;
     wOffset = (dwAddress - IFLASH_ADDR) % IFLASH_PAGE_SIZE;
 
-    TRACE_DEBUG( "Translated 0x%08X to page=%d and offset=%d\n\r", dwAddress, wPage, wOffset ) ;
+    TRACE_DEBUG( "Translated 0x%08lX to page=%d and offset=%d\n\r", dwAddress, wPage, wOffset ) ;
     /* Store values */
     if ( pEfc )
     {

firmware/atmel_softpack_libraries/libchip_sam3s/source/flashd.c

@@ -134,7 +134,7 @@ static void ComputeLockRange( uint32_t dwStart, uint32_t dwEnd, uint32_t *pdwAct
     // Store actual page numbers
     EFC_ComputeAddress( pStartEfc, wActualStartPage, 0, pdwActualStart ) ;
     EFC_ComputeAddress( pEndEfc, wActualEndPage, 0, pdwActualEnd ) ;
-    TRACE_DEBUG( "Actual lock range is 0x%06X - 0x%06X\n\r", *pdwActualStart, *pdwActualEnd ) ;
+    TRACE_DEBUG( "Actual lock range is 0x%06lX - 0x%06lX\n\r", *pdwActualStart, *pdwActualEnd ) ;
 }
 
 

firmware/atmel_softpack_libraries/libchip_sam3s/source/pio_it.c

@@ -211,6 +211,16 @@ extern void PIO_InitializeInterrupts( uint32_t dwPriority )
     NVIC_EnableIRQ( PIOC_IRQn ) ;
 }
 
+static InterruptSource *find_intsource4pin(const Pin *pPin)
+{
+    unsigned int i ;
+    for (i = 0; i < _dwNumSources; i++) {
+        if (_aIntSources[i].pPin == pPin)
+	    return &_aIntSources[i];
+    }
+    return NULL;
+}
+
 /**
  * Configures a PIO or a group of PIO to generate an interrupt on status
  * change. The provided interrupt handler will be called with the triggering
@@ -228,15 +238,17 @@ extern void PIO_ConfigureIt( const Pin *pPin, void (*handler)( const Pin* ) )
 
     assert( pPin ) ;
     pio = pPin->pio ;
-    assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
 
-    /* Define new source */
-    TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
-
-    pSource = &(_aIntSources[_dwNumSources]) ;
-    pSource->pPin = pPin ;
+    pSource = find_intsource4pin(pPin);
+    if (!pSource) {
+        /* Define new source */
+        TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
+        assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
+        pSource = &(_aIntSources[_dwNumSources]) ;
+        pSource->pPin = pPin ;
+        _dwNumSources++ ;
+    }
     pSource->handler = handler ;
-    _dwNumSources++ ;
 
     /* PIO3 with additional interrupt support
      * Configure additional interrupt mode registers */

firmware/atmel_softpack_libraries/libchip_sam3s/source/unique_id.c

@@ -8,6 +8,11 @@ void EEFC_ReadUniqueID(unsigned int *pdwUniqueID)
 {
 	unsigned int status;
 
+	/* disable interrupts, as interrupt vectors are stored in flash,
+	 * and after STUI was issued, we can no longer access flassh until
+	 * SPUI complets */
+	__disable_irq();
+
 	/* Errata / Workaround: Set bit 16 of EEFC Flash Mode Register
 	 * to 1 */
 	EFC->EEFC_FMR |= (1 << 16);
@@ -40,4 +45,6 @@ void EEFC_ReadUniqueID(unsigned int *pdwUniqueID)
 	do {
 		status = EFC->EEFC_FSR;
 	} while ((status & EEFC_FSR_FRDY) != EEFC_FSR_FRDY);
+
+	__enable_irq();
 }

firmware/atmel_softpack_libraries/usb/device/core/USBD.c

@@ -300,7 +300,7 @@ void USBD_SetConfiguration(uint8_t cfgnum)
     else {
         deviceState = USBD_STATE_ADDRESS;
         /* Reset all endpoints */
-        USBD_HAL_ResetEPs(0xFFFFFFFF, USBD_STATUS_RESET, 0);
+        USBD_HAL_ResetEPs(0xFFFFFFFE, USBD_STATUS_RESET, 0);
     }
 }
 

firmware/atmel_softpack_libraries/usb/device/core/USBDDriver.c

@@ -251,7 +251,7 @@ static void GetDescriptor(
     switch (type) {
 
         case USBGenericDescriptor_DEVICE:
-            TRACE_INFO_WP("Dev ");
+            TRACE_DEBUG_WP("Dev ");
 
             /* Adjust length and send descriptor */
 
@@ -263,7 +263,7 @@ static void GetDescriptor(
             break;
 
         case USBGenericDescriptor_CONFIGURATION:
-            TRACE_INFO_WP("Cfg ");
+            TRACE_DEBUG_WP("Cfg ");
 
             /* Adjust length and send descriptor */
 
@@ -280,7 +280,7 @@ static void GetDescriptor(
             break;
 
         case USBGenericDescriptor_DEVICEQUALIFIER:
-            TRACE_INFO_WP("Qua ");
+            TRACE_DEBUG_WP("Qua ");
 
             /* Check if descriptor exists */
 
@@ -301,7 +301,7 @@ static void GetDescriptor(
             break;
 
         case USBGenericDescriptor_OTHERSPEEDCONFIGURATION:
-            TRACE_INFO_WP("OSC ");
+            TRACE_DEBUG_WP("OSC ");
 
             /* Check if descriptor exists */
 
@@ -327,7 +327,7 @@ static void GetDescriptor(
             break;
 
         case USBGenericDescriptor_STRING:
-            TRACE_INFO_WP("Str%d ", indexRDesc);
+            TRACE_DEBUG_WP("Str%d ", indexRDesc);
 
             /* Check if descriptor exists */
 
@@ -504,13 +504,13 @@ void USBDDriver_RequestHandler(
     uint32_t length;
     uint32_t address;
 
-    TRACE_INFO_WP("Std ");
+    TRACE_DEBUG_WP("Std ");
 
     /* Check request code */
     switch (USBGenericRequest_GetRequest(pRequest)) {
 
         case USBGenericRequest_GETDESCRIPTOR:
-            TRACE_INFO_WP("gDesc ");
+            TRACE_DEBUG_WP("gDesc ");
 
             /* Send the requested descriptor */
             type = USBGetDescriptorRequest_GetDescriptorType(pRequest);
@@ -520,7 +520,7 @@ void USBDDriver_RequestHandler(
             break;
 
         case USBGenericRequest_SETADDRESS:
-            TRACE_INFO_WP("sAddr ");
+            TRACE_DEBUG_WP("sAddr ");
 
             /* Sends a zero-length packet and then set the device address */
             address = USBSetAddressRequest_GetAddress(pRequest);
@@ -528,7 +528,7 @@ void USBDDriver_RequestHandler(
             break;
 
         case USBGenericRequest_SETCONFIGURATION:
-            TRACE_INFO_WP("sCfg ");
+            TRACE_DEBUG_WP("sCfg ");
 
             /* Set the requested configuration */
             cfgnum = USBSetConfigurationRequest_GetConfiguration(pRequest);
@@ -536,27 +536,27 @@ void USBDDriver_RequestHandler(
             break;
 
         case USBGenericRequest_GETCONFIGURATION:
-            TRACE_INFO_WP("gCfg ");
+            TRACE_DEBUG_WP("gCfg ");
 
             /* Send the current configuration number */
             GetConfiguration(pDriver);
             break;
 
         case USBGenericRequest_GETSTATUS:
-            TRACE_INFO_WP("gSta ");
+            TRACE_DEBUG_WP("gSta ");
 
             /* Check who is the recipient */
             switch (USBGenericRequest_GetRecipient(pRequest)) {
 
                 case USBGenericRequest_DEVICE:
-                    TRACE_INFO_WP("Dev ");
+                    TRACE_DEBUG_WP("Dev ");
 
                     /* Send the device status */
                     GetDeviceStatus(pDriver);
                     break;
 
                 case USBGenericRequest_ENDPOINT:
-                    TRACE_INFO_WP("Ept ");
+                    TRACE_DEBUG_WP("Ept ");
 
                     /* Send the endpoint status */
                     eptnum = USBGenericRequest_GetEndpointNumber(pRequest);
@@ -572,13 +572,13 @@ void USBDDriver_RequestHandler(
             break;
 
         case USBGenericRequest_CLEARFEATURE:
-            TRACE_INFO_WP("cFeat ");
+            TRACE_DEBUG_WP("cFeat ");
 
             /* Check which is the requested feature */
             switch (USBFeatureRequest_GetFeatureSelector(pRequest)) {
 
                 case USBFeatureRequest_ENDPOINTHALT:
-                    TRACE_INFO_WP("Hlt ");
+                    TRACE_DEBUG_WP("Hlt ");
 
                     /* Unhalt endpoint and send a zero-length packet */
                     USBD_Unhalt(USBGenericRequest_GetEndpointNumber(pRequest));
@@ -586,7 +586,7 @@ void USBDDriver_RequestHandler(
                     break;
 
                 case USBFeatureRequest_DEVICEREMOTEWAKEUP:
-                    TRACE_INFO_WP("RmWU ");
+                    TRACE_DEBUG_WP("RmWU ");
 
                     /* Disable remote wake-up and send a zero-length packet */
                     pDriver->isRemoteWakeUpEnabled = 0;
@@ -602,13 +602,13 @@ void USBDDriver_RequestHandler(
             break;
 
     case USBGenericRequest_SETFEATURE:
-        TRACE_INFO_WP("sFeat ");
+        TRACE_DEBUG_WP("sFeat ");
 
         /* Check which is the selected feature */
         switch (USBFeatureRequest_GetFeatureSelector(pRequest)) {
 
             case USBFeatureRequest_DEVICEREMOTEWAKEUP:
-                TRACE_INFO_WP("RmWU ");
+                TRACE_DEBUG_WP("RmWU ");
 
                 /* Enable remote wake-up and send a ZLP */
                 pDriver->isRemoteWakeUpEnabled = 1;
@@ -616,25 +616,25 @@ void USBDDriver_RequestHandler(
                 break;
 
             case USBFeatureRequest_ENDPOINTHALT:
-                TRACE_INFO_WP("Halt ");
+                TRACE_DEBUG_WP("Halt ");
                 /* Halt endpoint */
                 USBD_Halt(USBGenericRequest_GetEndpointNumber(pRequest));
                 USBD_Write(0, 0, 0, 0, 0);
                 break;
             case USBFeatureRequest_OTG_B_HNP_ENABLE:
-                    TRACE_INFO_WP("OTG_B_HNP_ENABLE ");
+                    TRACE_DEBUG_WP("OTG_B_HNP_ENABLE ");
                     pDriver->otg_features_supported |=
                         1<<USBFeatureRequest_OTG_B_HNP_ENABLE;
                     USBD_Write(0, 0, 0, 0, 0);
                 break;
             case USBFeatureRequest_OTG_A_HNP_SUPPORT:
-                    TRACE_INFO_WP("OTG_A_HNP_SUPPORT ");
+                    TRACE_DEBUG_WP("OTG_A_HNP_SUPPORT ");
                     pDriver->otg_features_supported |=
                         1<<USBFeatureRequest_OTG_A_HNP_SUPPORT;
                     USBD_Write(0, 0, 0, 0, 0);
                 break;
             case USBFeatureRequest_OTG_A_ALT_HNP_SUPPORT:
-                    TRACE_INFO_WP("OTG_A_ALT_HNP_SUPPORT ");
+                    TRACE_DEBUG_WP("OTG_A_ALT_HNP_SUPPORT ");
                     pDriver->otg_features_supported |=
                         1<<USBFeatureRequest_OTG_A_ALT_HNP_SUPPORT;
                     USBD_Write(0, 0, 0, 0, 0);
@@ -649,7 +649,7 @@ void USBDDriver_RequestHandler(
         break;
 
     case USBGenericRequest_SETINTERFACE:
-        TRACE_INFO_WP("sInterface ");
+        TRACE_DEBUG_WP("sInterface ");
 
         infnum = USBInterfaceRequest_GetInterface(pRequest);
         setting = USBInterfaceRequest_GetAlternateSetting(pRequest);
@@ -657,7 +657,7 @@ void USBDDriver_RequestHandler(
         break;
 
     case USBGenericRequest_GETINTERFACE:
-        TRACE_INFO_WP("gInterface ");
+        TRACE_DEBUG_WP("gInterface ");
 
         infnum = USBInterfaceRequest_GetInterface(pRequest);
         GetInterface(pDriver, infnum);

firmware/atmel_softpack_libraries/usb/device/dfu/dfu.h

@@ -124,6 +124,9 @@ void USBDFU_Initialize(const USBDDriverDescriptors *pDescriptors);
 /* USBD tells us to switch from DFU mode to application mode */
 void USBDFU_SwitchToApp(void);
 
+/* USBD tells us to switch from to DFU mode */
+void USBDFU_SwitchToDFU(void);
+
 /* Return values to be used by USBDFU_handle_{dn,up}load */
 #define DFU_RET_NOTHING	0
 #define DFU_RET_ZLP	1

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_desc.c

@@ -19,9 +19,10 @@ enum {
 	STR_MANUF	= 1,
 	STR_PROD,
 	STR_CONFIG,
+	// strings for the first alternate interface (e.g. DFU)
 	_STR_FIRST_ALT,
 	// serial string
-	STR_SERIAL	= (_STR_FIRST_ALT+BOARD_DFU_NUM_IF),
+	STR_SERIAL	= (_STR_FIRST_ALT + BOARD_DFU_NUM_IF),
 	// version string (on additional interface)
 	VERSION_CONF_STR,
 	VERSION_STR,
@@ -29,6 +30,25 @@ enum {
 	STRING_DESC_CNT,
 };
 
+/* string used to replace one of both DFU flash partition atlsettings */
+static const unsigned char usb_string_notavailable[] = {
+	USBStringDescriptor_LENGTH(13),
+	USBGenericDescriptor_STRING,
+	USBStringDescriptor_UNICODE('n'),
+	USBStringDescriptor_UNICODE('o'),
+	USBStringDescriptor_UNICODE('t'),
+	USBStringDescriptor_UNICODE(' '),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('v'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('i'),
+	USBStringDescriptor_UNICODE('l'),
+	USBStringDescriptor_UNICODE('a'),
+	USBStringDescriptor_UNICODE('b'),
+	USBStringDescriptor_UNICODE('l'),
+	USBStringDescriptor_UNICODE('e'),
+};
+
 /* USB string for the serial (using 128-bit device ID) */
 static unsigned char usb_string_serial[] = {
 	USBStringDescriptor_LENGTH(32),
@@ -121,7 +141,7 @@ static const USBDeviceDescriptor fsDevice = {
 		.bNumEndpoints =	0,					\
 		.bInterfaceClass =	0xfe,					\
 		.bInterfaceSubClass =	1,					\
-		.iInterface =		(_STR_FIRST_ALT+ALT),			\
+		.iInterface =		(_STR_FIRST_ALT + ALT),			\
 		.bInterfaceProtocol =	2,					\
 	}
 
@@ -180,6 +200,11 @@ void set_usb_serial_str(void)
 	for (i = 0; i < ARRAY_SIZE(usb_strings) && i < ARRAY_SIZE(usb_strings_extended); i++) {
 		usb_strings_extended[i] = usb_strings[i];
 	}
+#if defined(ENVIRONMENT_dfu)
+	usb_strings_extended[_STR_FIRST_ALT + 1] = usb_string_notavailable;
+#elif defined(ENVIRONMENT_flash)
+	usb_strings_extended[_STR_FIRST_ALT + 2] = usb_string_notavailable;
+#endif
 	usb_strings_extended[STR_SERIAL] = usb_string_serial;
 	usb_strings_extended[VERSION_CONF_STR] = usb_string_version_conf;
 	usb_strings_extended[VERSION_STR] = usb_string_version;

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_driver.c

@@ -33,8 +33,7 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
 
-/* FIXME: this was used for a special ELF section which then got called
- * by DFU code and Application code, across flash partitions */
+/** specific memory location shared across bootloader and application */
 #define __dfudata __attribute__ ((section (".dfudata")))
 #define __dfufunc
 
@@ -42,11 +41,14 @@
 static USBDDriver usbdDriver;
 static unsigned char if_altsettings[1];
 
+/** structure containing the DFU state and magic value to know if DFU or application should be started */
 __dfudata struct dfudata _g_dfu = {
-  	.state = DFU_STATE_appIDLE,
+	.state = DFU_STATE_dfuIDLE,
 	.past_manifest = 0,
 	.total_bytes = 0,
 };
+
+/** variable to structure containing DFU state */
 struct dfudata *g_dfu = &_g_dfu;
 
 WEAK void dfu_drv_updstatus(void)
@@ -83,7 +85,7 @@ static void __dfufunc handle_getstate(void)
 {
 	uint8_t u8 = g_dfu->state;
 
-	TRACE_DEBUG("handle_getstate(%u)\n\r", g_dfu->state);
+	TRACE_DEBUG("handle_getstate(%ld)\n\r", g_dfu->state);
 
 	USBD_Write(0, (char *)&u8, sizeof(u8), NULL, 0);
 }
@@ -461,7 +463,20 @@ void USBDFU_SwitchToApp(void)
 	/* make sure the MAGIC is not set to enter DFU again */
 	g_dfu->magic = 0;
 
-	printf("switching to app\r\n");
+	/* disconnect from USB to ensure re-enumeration */
+	USBD_Disconnect();
+
+	/* disable any interrupts during transition */
+	__disable_irq();
+
+	/* Tell the hybrid to execute FTL JUMP! */
+	NVIC_SystemReset();
+}
+
+void USBDFU_SwitchToDFU(void)
+{
+	/* make sure the MAGIC is not set to enter DFU again */
+	g_dfu->magic = USB_DFU_MAGIC;
 
 	/* disconnect from USB to ensure re-enumeration */
 	USBD_Disconnect();

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_runtime.c

@@ -36,7 +36,12 @@
 #include <usb/common/dfu/usb_dfu.h>
 #include <usb/device/dfu/dfu.h>
 
-struct dfudata *g_dfu = (struct dfudata *) IRAM_ADDR;
+/** specific memory location shared across bootloader and application */
+#define __dfudata __attribute__ ((section (".dfudata")))
+/** structure containing the magic value to know if DFU or application should be started */
+__dfudata struct dfudata _g_dfu;
+/** variable to structure containing the magic value to know if DFU or application should be started */
+struct dfudata *g_dfu = &_g_dfu;
 
 /* FIXME: this was used for a special ELF section which then got called
  * by DFU code and Application code, across flash partitions */
@@ -63,7 +68,7 @@ static void __dfufunc handle_getstate(void)
 {
 	uint8_t u8 = g_dfu->state;
 
-	TRACE_DEBUG("handle_getstate(%u)\n\r", g_dfu->state);
+	TRACE_DEBUG("handle_getstate(%lu)\n\r", g_dfu->state);
 
 	USBD_Write(0, (char *)&u8, sizeof(u8), NULL, 0);
 }
@@ -208,7 +213,7 @@ void DFURT_SwitchToDFU(void)
 	 * activate itself, rather than boot into the application */
 	g_dfu->magic = USB_DFU_MAGIC;
 
-	/* Disconnect the USB by remoting the pull-up */
+	/* Disconnect the USB by removing the pull-up */
 	USBD_Disconnect();
 	__disable_irq();
 

firmware/atmel_softpack_libraries/usb/include/USBD.h

@@ -214,6 +214,8 @@ typedef void (*MblTransferCallback)(void *pArg,
  *         Exported functions
  *------------------------------------------------------------------------------*/
 
+extern uint16_t USBD_GetEndpointSize(uint8_t bEndpoint);
+
 //extern void USBD_IrqHandler(void);
 
 extern void USBD_Init(void);

firmware/libboard/common/include/board_common.h

@@ -112,10 +112,13 @@
 #define BOARD_USB_UDP
 
 #define BOARD_USB_DFU
+
+
 #define BOARD_DFU_BOOT_SIZE	(16 * 1024)
 #define BOARD_DFU_RAM_SIZE	(2 * 1024)
 #define BOARD_DFU_PAGE_SIZE	512
-#define BOARD_DFU_NUM_IF	2
+/** number of DFU interfaces (used to flash specific partitions) */
+#define BOARD_DFU_NUM_IF	3
 
 extern void board_exec_dbg_cmd(int ch);
 extern void board_main_top(void);

firmware/libboard/common/include/sim_switch.h

@@ -14,5 +14,13 @@
  */
 #pragma once
 
+/** switch card lines to use physical or emulated card
+ *  @param[in] nr card interface number (i.e. slot)
+ *  @param[in] physical which physical interface to switch to (e.g. 0: physical, 1: virtual)
+ *  @return 0 on success, negative else
+ */
 int sim_switch_use_physical(unsigned int nr, int physical);
+/** initialise card switching capabilities
+ *  @return number of switchable card interfaces
+ */
 int sim_switch_init(void);

firmware/libboard/common/resources/sam3s4/dfu.ld

@@ -39,9 +39,9 @@ SEARCH_DIR(.)
 MEMORY
 {
 	/* reserve the first 16k (= 0x4000) for the DFU bootloader */
-	rom (rx)  : ORIGIN = 0x00404000, LENGTH = 0x0003c000 /* flash, 256K */
-	/* reserve the first 32 (= 0x20) bytes for the _g_dfu struct */
-	ram (rwx) : ORIGIN = 0x20000020, LENGTH = 0x0000bfe0 /* sram, 48K */
+	rom (rx)  : ORIGIN = 0x00400000 + 16K, LENGTH = 256K - 16K /* flash, 256K */
+	/* note: dfudata will be at the start */
+	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 48K /* SRAM, 48K */
 }
 
 /* Section Definitions */ 
@@ -111,6 +111,8 @@ SECTIONS
     {
         . = ALIGN(4);
         _srelocate = .;
+        /* we must make sure the .dfudata is linked to start of RAM */
+        *(.dfudata .dfudata.*);
         *(.ramfunc .ramfunc.*);
         *(.data .data.*);
         . = ALIGN(4);

firmware/libboard/common/resources/sam3s4/flash.ld

@@ -38,8 +38,8 @@ SEARCH_DIR(.)
 /* Memory Spaces Definitions */
 MEMORY
 {
-	rom (rx)  : ORIGIN = 0x00400000, LENGTH = 0x00040000 /* flash, 256K */
-	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 0x0000c000 /* sram, 48K */
+	rom (rx)  : ORIGIN = 0x00400000, LENGTH = 16K /* flash, 256K, but only the first 16K should be used for the bootloader */
+	ram (rwx) : ORIGIN = 0x20000000, LENGTH = 48K /* SRAM, 48K */
 }
 
 /* Section Definitions */ 

firmware/libboard/common/source/board_cstartup_gnu.c

@@ -126,7 +126,7 @@ IntFunc exception_table[] = {
 	IrqHandlerNotUsed   /* 35 not used */
 };
 
-#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu)
+#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu) && defined(ENVIRONMENT_flash)
 #include "usb/device/dfu/dfu.h"
 static void BootIntoApp(void)
 {
@@ -159,8 +159,9 @@ void ResetException( void )
 	LowLevelInit() ;
 
 
-#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu)
-	if (!USBDFU_OverrideEnterDFU()) {
+#if defined(BOARD_USB_DFU) && defined(APPLICATION_dfu) && defined(ENVIRONMENT_flash)
+	// boot application if there is not DFU override
+	if (!USBDFU_OverrideEnterDFU() && SCB->VTOR < IFLASH_ADDR + BOARD_DFU_BOOT_SIZE) {
 		UART_Exit();
 		__disable_irq();
 		BootIntoApp();

firmware/libboard/common/source/board_lowlevel.c

@@ -218,3 +218,8 @@ void mdelay(unsigned int msecs)
 	do {
 	} while ((jiffies - jiffies_start) < msecs);
 }
+
+void abort() {
+	NVIC_SystemReset();
+	while(1) {};
+}

firmware/libboard/octsimtest/product_string.txt

@@ -0,0 +1 @@
+sysmoOCTSIM-Tester

firmware/libboard/owhw/product_string.txt

@@ -0,0 +1 @@
+OWHW

firmware/libboard/qmod/include/board.h

@@ -111,4 +111,7 @@
 #define CARDEMU_SECOND_UART
 #define DETECT_VCC_BY_ADC
 
+/** sysmoQMOD only supports card emulation */
+#ifdef APPLICATION_cardem
 #define HAVE_CARDEM
+#endif

firmware/libboard/qmod/product_string.txt

@@ -0,0 +1 @@
+sysmoQMOD (Quad Modem)

firmware/libboard/qmod/source/board_qmod.c

@@ -194,7 +194,7 @@ void board_exec_dbg_cmd(int ch)
 	   this is done to prevent accidental ERASE on noisy serial input since only one character can trigger the ERASE.
 	 */
 	static bool allow_erase = false;
-#endif
+#endif /* ALLOW_PEER_ERASE */
 
 	switch (ch) {
 	case '?':
@@ -205,13 +205,17 @@ void board_exec_dbg_cmd(int ch)
 		printf("\tg\tswitch off LED 2\n\r");
 		printf("\tG\tswitch off LED 2\n\r");
 		if (qmod_sam3_is_12()) {
+#if (ALLOW_PEER_ERASE > 0)
 			printf("\tE\tprogram EEPROM\n\r");
 			printf("\te\tErase EEPROM\n\r");
+#endif /* ALLOW_PEER_ERASE */
 			printf("\tO\tEnable PRTPWR_OVERRIDE\n\r");
 			printf("\to\tDisable PRTPWR_OVERRIDE\n\r");
+#if (ALLOW_PEER_ERASE > 0)
 			printf("\tH\tRelease HUB RESET (high)\n\r");
 			printf("\th\tAssert HUB RESET (low)\n\r");
 			printf("\tw\tWrite single byte in EEPROM\n\r");
+#endif /* ALLOW_PEER_ERASE */
 			printf("\tr\tRead single byte from EEPROM\n\r");
 		}
 		printf("\tX\tRelease peer SAM3 from reset\n\r");
@@ -220,10 +224,13 @@ void board_exec_dbg_cmd(int ch)
 		printf("\tY\tRelease peer SAM3 ERASE signal\n\r");
 		printf("\ta\tAllow asserting peer SAM3 ERASE signal\n\r");
 		printf("\ty\tAssert peer SAM3 ERASE signal\n\r");
-#endif
+#endif /* ALLOW_PEER_ERASE */
 		printf("\tU\tProceed to USB Initialization\n\r");
 		printf("\t1\tGenerate 1ms reset pulse on WWAN1\n\r");
 		printf("\t2\tGenerate 1ms reset pulse on WWAN2\n\r");
+		printf("\t!\tSwitch Channel A from physical -> remote\n\r");
+		printf("\t@\tSwitch Channel B from physical -> remote\n\r");
+		printf("\tt\t(pseudo)talloc report\n\r");
 		break;
 	case 'R':
 		printf("Asking NVIC to reset us\n\r");
@@ -271,7 +278,7 @@ void board_exec_dbg_cmd(int ch)
 			printf("Please first allow setting SIMTRACExx_ERASE\n\r");
 		}
 		break;
-#endif
+#endif /* ALLOW_PEER_ERASE */
 	case '1':
 		printf("Resetting Modem 1 (of this SAM3)\n\r");
 		wwan_perst_do_reset_pulse(0, 300);
@@ -286,6 +293,9 @@ void board_exec_dbg_cmd(int ch)
 	case '@':
 		sim_switch_use_physical(0, 0);
 		break;
+	case 't':
+		talloc_report(NULL, stdout);
+		break;
 	default:
 		if (!qmod_sam3_is_12())
 			printf("Unknown command '%c'\n\r", ch);
@@ -299,7 +309,7 @@ void board_exec_dbg_cmd(int ch)
 	if ('a' != ch) {
 		allow_erase = false;
 	}
-#endif
+#endif /* ALLOW_PEER_ERASE */
 }
 
 void board_main_top(void)
@@ -332,11 +342,13 @@ void board_main_top(void)
 		TRACE_INFO("Detected Quad-Modem ST12\n\r");
 	} else {
 		TRACE_INFO("Detected Quad-Modem ST34\n\r");
+#ifndef APPLICATION_dfu
 		/* make sure we use the second set of USB Strings
 		 * calling the interfaces "Modem 3" and "Modem 4" rather
 		 * than 1+2 */
 		usb_strings[7] = usb_strings[9];
 		usb_strings[8] = usb_strings[10];
+#endif
 	}
 
 	/* Obtain the circuit board version (currently just prints voltage */

firmware/libboard/qmod/source/sim_switch.c

@@ -0,0 +1,90 @@
+/* Code to switch between local (physical) and remote (emulated) SIM
+ *
+ * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "trace.h"
+#include "led.h"
+#include "sim_switch.h"
+
+#ifdef PIN_SIM_SWITCH1
+static const Pin pin_conn_usim1 = {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+#ifdef PIN_SIM_SWITCH2
+static const Pin pin_conn_usim2 = {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+
+static int initialized = 0;
+
+int sim_switch_use_physical(unsigned int nr, int physical)
+{
+	const Pin *pin;
+	enum led led;
+
+	if (!initialized) {
+		TRACE_ERROR("Somebody forgot to call sim_switch_init()\r\n");
+		sim_switch_init();
+	}
+
+	TRACE_INFO("Modem %d: %s SIM\n\r", nr,
+		   physical ? "physical" : "virtual");
+
+	switch (nr) {
+#ifdef PIN_SIM_SWITCH1
+	case 0:
+		pin = &pin_conn_usim1;
+		led = LED_USIM1;
+		break;
+#endif
+#ifdef PIN_SIM_SWITCH2
+	case 1:
+		pin = &pin_conn_usim2;
+		led = LED_USIM2;
+		break;
+#endif
+	default:
+		TRACE_ERROR("Invalid SIM%u\n\r", nr);
+		return -1;
+	}
+
+	if (physical) {
+		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
+		PIO_Clear(pin);
+		led_blink(led, BLINK_ALWAYS_ON);
+	} else {
+		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
+		PIO_Set(pin);
+		led_blink(led, BLINK_ALWAYS_OFF);
+	}
+
+	return 0;
+}
+
+int sim_switch_init(void)
+{
+	int num_switch = 0;
+#ifdef PIN_SIM_SWITCH1
+	PIO_Configure(&pin_conn_usim1, 1);
+	num_switch++;
+#endif
+#ifdef PIN_SIM_SWITCH2
+	PIO_Configure(&pin_conn_usim2, 1);
+	num_switch++;
+#endif
+	initialized = 1;
+	return num_switch;
+}

firmware/libboard/simtrace/include/board.h

@@ -74,15 +74,15 @@
 
 /** Phone connection **/
 /* Phone USIM slot 1 VCC pin (VCC_PHONE in schematic) */
-#define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_DEFAULT}
+#define PIN_USIM1_VCC          {PIO_PA25, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_EDGE | PIO_DEGLITCH }
 /* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
-#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_RISE_EDGE | PIO_DEGLITCH }
+#define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_EDGE | PIO_DEGLITCH }
 /* Phone I/O data signal input/output (I/O_PHONE in schematic) */
-#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+#define PIN_USIM1_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Phone CLK clock input (CLK_PHONE in schematic) */
 #define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used for phone USIM slot 1 communication */
-#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+#define PINS_USIM1              PIN_USIM1_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
 /* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
 #define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
@@ -120,6 +120,14 @@
 /* ISO7816-communication related pins */
 #define PINS_ISO7816            PIN_SIM_IO,  PIN_SIM_CLK,  PIN_ISO7816_RSTMC // SIM_PWEN_PIN, PIN_SIM_IO2, PIN_SIM_CLK2
 
+/** card emulation configuration */
+/* Disable power converter 4.5-6V to 3.3V (active high) */
+#define PIN_SIM_PWEN_CARDEMU   {PIO_PA5, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Disable power switch to forward VCC_PHONE to VCC_SIM (active high) */
+#define PIN_VCC_FWD_CARDEMU    {PIO_PA26, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Disable power to SIM */
+#define PINS_PWR_CARDEMU        PIN_SIM_PWEN_CARDEMU, PIN_VCC_FWD_CARDEMU
+
 /** External SPI flash interface   **/
 /* SPI MISO pin definition */
 #define PIN_SPI_MISO  {PIO_PA12A_MISO, PIOA, PIOA, PIO_PERIPH_A, PIO_PULLUP}
@@ -153,10 +161,18 @@
 
 /** Supported modes */
 /* SIMtrace board supports sniffer mode */
+#ifdef APPLICATION_trace
 #define HAVE_SNIFFER
+#endif
 /* SIMtrace board supports CCID mode */
+#ifdef APPLICATION_ccid
 //#define HAVE_CCID
+#endif
 /* SIMtrace board supports card emulation mode */
-//#define HAVE_CARDEM
+#ifdef APPLICATION_cardem
+#define HAVE_CARDEM
+#endif
 /* SIMtrace board supports man-in-the-middle mode */
+#ifdef APPLICATION_mitm
 //#define HAVE_MITM
+#endif

firmware/libboard/simtrace/product_string.txt

@@ -0,0 +1 @@
+SIMtrace 2

firmware/libboard/simtrace/source/sim_switch.c

@@ -0,0 +1,63 @@
+/* Code to switch between local (physical) and remote (emulated) SIM
+ *
+ * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "trace.h"
+#include "led.h"
+#include "sim_switch.h"
+
+#ifdef PIN_SIM_SWITCH1
+static const Pin pin_conn_usim1 = {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+#ifdef PIN_SIM_SWITCH2
+static const Pin pin_conn_usim2 = {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+
+static int initialized = 0;
+
+int sim_switch_use_physical(unsigned int nr, int physical)
+{
+	const Pin pin_sc = PIN_SC_SW_DEFAULT; // pin to control bus switch for VCC/RST/CLK signals
+	const Pin pin_io = PIN_IO_SW_DEFAULT; // pin to control bus switch for I/O signal
+
+	if (nr > 0) {
+		TRACE_ERROR("SIM interface for Modem %d can't be switched\r\n", nr);
+		return -1;
+	}
+
+	TRACE_INFO("Modem %u: %s SIM\n\r", nr, physical ? "physical" : "virtual");
+
+	if (physical) {
+		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
+		PIO_Set(&pin_sc);
+		PIO_Set(&pin_io);
+	} else {
+		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
+		PIO_Clear(&pin_sc);
+		PIO_Clear(&pin_io);
+	}
+
+	return 0;
+}
+
+int sim_switch_init(void)
+{
+	// the bus switch is already initialised
+	return 1; // SIMtrace hardware has only one switchable interface
+}

firmware/libcommon/include/card_emu.h

@@ -56,13 +56,50 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len);
 
 struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch);
 void card_emu_have_new_uart_tx(struct card_handle *ch);
-void card_emu_report_status(struct card_handle *ch);
+void card_emu_report_status(struct card_handle *ch, bool report_on_irq);
+
+/*! call when the waiting time has half-expired
+ *  param[in] ch card for which the waiting time half expired
+ */
+void card_emu_wt_halfed(void *ch);
+/*! call when the waiting time has expired
+ *  param[in] ch card for which the waiting time expired
+ */
+void card_emu_wt_expired(void *ch);
 
 #define ENABLE_TX	0x01
 #define ENABLE_RX	0x02
 
+// the following functions are callbacks implement in mode_cardemu.c
+
 int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi);
+
+/*! update F and D on USART peripheral
+ *  @param[in] usart USART peripheral to configure
+ *  @param[in] f clock rate conversion integer F value
+ *  @param[in] d baud rate adjustment factor D value
+ *  @note this should happen after reset and protocol select (through PPS or implicit)
+ */
+void card_emu_uart_update_fd(uint8_t uart_chan, uint16_t f, uint8_t d);
+/*! update WT on USART peripheral
+ *  @param[in] usart USART peripheral to configure
+ *  @param[in] wt inactivity Waiting Time before card_emu_wt_expired is called (0 to disable)
+ */
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt);
+/*! reset waiting timeout count down on USART peripheral
+ *  @param[in] usart USART peripheral to configure
+ */
+void card_emu_uart_reset_wt(uint8_t uart_chan);
+/*! set I/O line high
+ *  @param[in] usart USART peripheral to configure
+ *  @param[in] set if I/O line should be set high (true), or cleared low (false)
+ */
+void card_emu_uart_io_set(uint8_t uart_chan, bool set);
 int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte);
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx);
 void card_emu_uart_wait_tx_idle(uint8_t uart_chan);
 void card_emu_uart_interrupt(uint8_t uart_chan);
+
+struct cardemu_usb_msg_config;
+int card_emu_set_config(struct card_handle *ch, const struct cardemu_usb_msg_config *scfg,
+			unsigned int scfg_len);

firmware/libcommon/include/iso7816_3.h

@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2019 sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+*/
+/* this library provides utilities to handle the ISO-7816 part 3 communication aspects (e.g. related to F and D) */
+#pragma once
+
+#include <stdint.h>
+#include <stdbool.h>
+
+/** default clock rate conversion integer Fd
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.1
+ */
+#define ISO7816_3_DEFAULT_FD 372
+/** default baud rate adjustment factor Dd
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.1
+ */
+#define ISO7816_3_DEFAULT_DD 1
+/** default clock rate conversion integer Fi
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.3
+ *  @note non-default value is optionally specified in TA1
+ */
+#define ISO7816_3_DEFAULT_FI 372
+/** default baud rate adjustment factor Di
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.3
+ *  @note non-default value is optionally specified in TA1
+ */
+#define ISO7816_3_DEFAULT_DI 1
+/** default maximum clock frequency, in Hz
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.3
+ *  @note non-default value is optionally specified in TA1
+ */
+#define ISO7816_3_DEFAULT_FMAX 5000000UL
+/** default Waiting Integer (WI) value for T=0
+ *  @implements ISO/IEC 7816-3:2006(E) section 10.2
+ *  @note non-default value is optionally specified in TC2
+ */
+#define ISO7816_3_DEFAULT_WI 10
+/** default Waiting Time (WT) value, in ETU
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.1
+ *  @note depends on Fi, Di, and WI if protocol T=0 is selected
+ */
+#define ISO7816_3_DEFAULT_WT 9600
+
+/** Table encoding the clock rate conversion integer Fi
+ *  @note Fi is indicated in TA1, but the same table is used for F and Fn during PPS
+ *  @implements ISO/IEC 7816-3:2006(E) table 7
+ */
+extern const uint16_t iso7816_3_fi_table[];
+
+/** Table encoding the maximum clock frequency f_max in Hz
+ *  @implements ISO/IEC 7816-3:2006(E) table 7
+ *  @note f_max is indicated in TA1, but the same table is used for F and Fn during PPS
+ */
+extern const uint32_t iso7816_3_fmax_table[];
+
+/** Table encoding the baud rate adjust integer Di
+ *  @implements ISO/IEC 7816-3:2006(E) table 8
+ *  @note Di is indicated in TA1, but the same table is used for D and Dn during PPS
+ */
+extern const uint8_t iso7816_3_di_table[];
+
+/* verify if the clock rate conversion integer F value is valid
+ * @param[in] f F value to be validated
+ * @return if F value is valid
+ * @note only values in ISO/IEC 7816-3:2006(E) table 7 are valid
+ */
+bool iso7816_3_valid_f(uint16_t f);
+/* verify if the baud rate adjustment factor D value is valid
+ * @param[in] d D value to be validated
+ * @return if D value is valid
+ * @note only values in ISO/IEC 7816-3:2006(E) table 8 are valid
+ */
+bool iso7816_3_valid_d(uint8_t d);
+/** calculate Waiting Time (WT)
+ *  @param[in] wi Waiting Integer
+ *  @param[in] fi clock rate conversion integer Fi value
+ *  @param[in] di baud rate adjustment factor Di value
+ *  @param[in] f clock rate conversion integer F value
+ *  @param[in] d baud rate adjustment factor D value
+ *  @return Waiting Time WT, in ETU, or < 0 on error (see code for return codes)
+ *  @note this should happen after reset and T=0 protocol select (through PPS or implicit)
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.1 and 10.2
+ */
+int32_t iso7816_3_calculate_wt(uint8_t wi, uint16_t fi, uint8_t di, uint16_t f, uint8_t d);

firmware/libcommon/include/main_common.h

@@ -0,0 +1,3 @@
+#pragma once
+
+void print_banner(void);

firmware/libcommon/include/ringbuffer.h

@@ -21,7 +21,7 @@
 #include <stdbool.h>
 #include <sys/types.h>
 
-#define RING_BUFLEN 512
+#define RING_BUFLEN 1024
 
 typedef struct ringbuf {
 	uint8_t buf[RING_BUFLEN];

firmware/libcommon/include/simtrace_prot.h

@@ -62,6 +62,8 @@ enum simtrace_msg_type_cardem {
 	SIMTRACE_MSGT_DO_CEMU_RX_DATA,
 	/* Indicate PTS request from phone */
 	SIMTRACE_MSGT_DO_CEMU_PTS,
+	/* Set configurable parameters */
+	SIMTRACE_MSGT_BD_CEMU_CONFIG,
 };
 
 /* SIMTRACE_MSGC_MODEM */
@@ -228,11 +230,10 @@ struct cardemu_usb_msg_status {
 	uint32_t flags;
 	/* phone-applied target voltage in mV */
 	uint16_t voltage_mv;
-	/* Fi/Di related information */
-	uint8_t fi;
-	uint8_t di;
-	uint8_t wi;
-	uint32_t waiting_time;
+	uint8_t f; /*!< index of F and f_max values as encoded in ISO/IEC 7816-3:2006(E) Table 7 */
+	uint8_t d; /*!< index of D value as encoded in ISO/IEC 7816-3:2006(E) Table 8 */
+	uint8_t wi; /*!< Waiting Integer as defined in ISO/IEC 7816-3:2006(E) Section 10.2 */
+	uint32_t wt; /*!< Waiting Time in ETU as defined in ISO/IEC 7816-3:2006(E) Section 8.1 */
 } __attribute__ ((packed));
 
 /* CEMU_USB_MSGT_DO_PTS */
@@ -254,6 +255,15 @@ struct cardemu_usb_msg_error {
 	uint8_t msg[0];
 } __attribute__ ((packed));
 
+/* enable/disable the generation of DO_STATUS on IRQ endpoint */
+#define CEMU_FEAT_F_STATUS_IRQ	0x00000001
+
+/* SIMTRACE_MSGT_BD_CEMU_CONFIG */
+struct cardemu_usb_msg_config {
+	/* bit-mask of CEMU_FEAT_F flags */
+	uint32_t features;
+} __attribute__ ((packed));
+
 /***********************************************************************
  * MODEM CONTROL
  ***********************************************************************/

firmware/libcommon/include/simtrace_usb.h

@@ -64,4 +64,4 @@
 #define SIMTRACE_CARDEM_USB_EP_USIM2_INT		3
 
 /*! Maximum number of endpoints */
-#define BOARD_USB_NUMENDPOINTS		6
+#define BOARD_USB_NUMENDPOINTS		7 /* 0 (control) + 2 (interfaces) * 3 (endpoints) */

firmware/libcommon/include/talloc.h

@@ -17,6 +17,7 @@
 #pragma once
 
 #include <stdlib.h>
+#include <stdio.h>
 #include <stdarg.h>
 
 /* minimalistic emulation of core talloc API functions used by msgb.c */
@@ -39,3 +40,4 @@ void *talloc_named_const(const void *context, size_t size, const char *name);
 void talloc_set_name_const(const void *ptr, const char *name);
 char *talloc_strdup(const void *t, const char *p);
 void *talloc_pool(const void *context, size_t size);
+void talloc_report(const void *ptr, FILE *f);

firmware/libcommon/include/tc_etu.h

@@ -7,5 +7,3 @@ void tc_etu_init(uint8_t chan_nr, void *handle);
 void tc_etu_enable(uint8_t chan_nr);
 void tc_etu_disable(uint8_t chan_nr);
 
-extern void tc_etu_wtime_half_expired(void *handle);
-extern void tc_etu_wtime_expired(void *handle);

firmware/libcommon/include/usb_buf.h

@@ -29,6 +29,8 @@ struct usb_buffered_ep {
 	volatile uint32_t in_progress;
 	/* Tx queue (IN) / Rx queue (OUT) */
 	struct llist_head queue;
+	/* current length of queue */
+	unsigned int queue_len;
 };
 
 struct msgb *usb_buf_alloc(uint8_t ep);

firmware/libcommon/source/card_emu.c

@@ -1,7 +1,7 @@
 /* ISO7816-3 state machine for the card side
  *
- * (C) 2010-2017 by Harald Welte <laforge@gnumonks.org>
- * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2010-2019 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,6 +26,7 @@
 
 #include "utils.h"
 #include "trace.h"
+#include "iso7816_3.h"
 #include "iso7816_fidi.h"
 #include "tc_etu.h"
 #include "card_emu.h"
@@ -37,6 +38,9 @@
 
 #define NUM_SLOTS		2
 
+/* bit-mask of supported CEMU_FEAT_F_ flags */
+#define SUPPORTED_FEATURES	(CEMU_FEAT_F_STATUS_IRQ)
+
 #define	ISO7816_3_INIT_WTIME	9600
 #define ISO7816_3_DEFAULT_WI	10
 #define ISO7816_3_ATR_LEN_MAX	(1+32)	/* TS plus 32 chars */
@@ -55,42 +59,15 @@ enum iso7816_3_card_state {
 };
 
 const struct value_string iso7816_3_card_state_names[] = {
-	{
-		.value = ISO_S_WAIT_POWER,
-		.str = "WAIT_POWER",
-	},
-	{
-		.value = ISO_S_WAIT_CLK,
-		.str = "WAIT_CLK",
-	},
-	{
-		.value = ISO_S_WAIT_RST,
-		.str = "WAIT_RST",
-	},
-	{
-		.value = ISO_S_WAIT_ATR,
-		.str = "WAIT_ATR",
-	},
-	{
-		.value = ISO_S_IN_ATR,
-		.str = "IN_ATR",
-	},
-	{
-		.value = ISO_S_IN_PTS,
-		.str = "IN_PTS",
-	},
-	{
-		.value = ISO_S_WAIT_TPDU,
-		.str = "WAIT_TPDU",
-	},
-	{
-		.value = ISO_S_IN_TPDU,
-		.str = "IN_TPDU",
-	},
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ ISO_S_WAIT_POWER,	"WAIT_POWER" },
+	{ ISO_S_WAIT_CLK,	"WAIT_CLK" },
+	{ ISO_S_WAIT_RST,	"WAIT_RST" },
+	{ ISO_S_WAIT_ATR,	"WAIT_ATR" },
+	{ ISO_S_IN_ATR,		"IN_ATR" },
+	{ ISO_S_IN_PTS,		"IN_PTS" },
+	{ ISO_S_WAIT_TPDU,	"WAIT_TPDU" },
+	{ ISO_S_IN_TPDU,	"IN_TPDU" },
+	{ 0, NULL }
 };
 
 
@@ -110,6 +87,22 @@ enum pts_state {
 	PTS_S_WAIT_RESP_PCK = PTS_S_WAIT_REQ_PCK | 0x10,
 };
 
+const struct value_string pts_state_names[] = {
+	{ PTS_S_WAIT_REQ_PTSS,	"WAIT_REQ_PTSS" },
+	{ PTS_S_WAIT_REQ_PTS0,	"WAIT_REQ_PTS0" },
+	{ PTS_S_WAIT_REQ_PTS1,	"WAIT_REQ_PTS1" },
+	{ PTS_S_WAIT_REQ_PTS2,	"WAIT_REQ_PTS2" },
+	{ PTS_S_WAIT_REQ_PTS3,	"WAIT_REQ_PTS3" },
+	{ PTS_S_WAIT_REQ_PCK,	"WAIT_REQ_PCK" },
+	{ PTS_S_WAIT_RESP_PTSS,	"WAIT_RESP_PTSS" },
+	{ PTS_S_WAIT_RESP_PTS0,	"WAIT_RESP_PTS0" },
+	{ PTS_S_WAIT_RESP_PTS1,	"WAIT_RESP_PTS1" },
+	{ PTS_S_WAIT_RESP_PTS2,	"WAIT_RESP_PTS2" },
+	{ PTS_S_WAIT_RESP_PTS3,	"WAIT_RESP_PTS3" },
+	{ PTS_S_WAIT_RESP_PCK,	"WAIT_RESP_PCK" },
+	{ 0, NULL }
+};
+
 /* PTS field byte index */
 #define _PTSS	0
 #define _PTS0	1
@@ -131,42 +124,15 @@ enum tpdu_state {
 };
 
 const struct value_string tpdu_state_names[] = {
-	{
-		.value = TPDU_S_WAIT_CLA,
-		.str = "WAIT_CLA",
-	},
-	{
-		.value = TPDU_S_WAIT_INS,
-		.str = "WAIT_INS",
-	},
-	{
-		.value = TPDU_S_WAIT_P1,
-		.str = "WAIT_P1",
-	},
-	{
-		.value = TPDU_S_WAIT_P2,
-		.str = "WAIT_P2",
-	},
-	{
-		.value = TPDU_S_WAIT_P3,
-		.str = "WAIT_P3",
-	},
-	{
-		.value = TPDU_S_WAIT_PB,
-		.str = "WAIT_PB",
-	},
-	{
-		.value = TPDU_S_WAIT_RX,
-		.str = "WAIT_RX",
-	},
-	{
-		.value = TPDU_S_WAIT_TX,
-		.str = "WAIT_TX",
-	},
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ TPDU_S_WAIT_CLA,	"WAIT_CLA" },
+	{ TPDU_S_WAIT_INS,	"WAIT_INS" },
+	{ TPDU_S_WAIT_P1,	"WAIT_P1" },
+	{ TPDU_S_WAIT_P2,	"WAIT_P2" },
+	{ TPDU_S_WAIT_P3,	"WAIT_P3" },
+	{ TPDU_S_WAIT_PB,	"WAIT_PB" },
+	{ TPDU_S_WAIT_RX, 	"WAIT_RX" },
+	{ TPDU_S_WAIT_TX,	"WAIT_TX" },
+	{ 0, NULL }
 };
 
 /* TPDU field byte index */
@@ -179,6 +145,9 @@ const struct value_string tpdu_state_names[] = {
 struct card_handle {
 	unsigned int num;
 
+	/* bit-mask of enabled optional features (CEMU_FEAT_F_*) */
+	uint32_t features;
+
 	enum iso7816_3_card_state state;
 
 	/* signal levels */
@@ -186,18 +155,53 @@ struct card_handle {
 	bool in_reset;	/*< if card is in reset (true = RST low/asserted, false = RST high/ released) */
 	bool clocked;	/*< if clock is active ( true = active, false = inactive) */
 
-	/* timing parameters, from PTS */
-	uint8_t fi;
-	uint8_t di;
-	uint8_t wi;
-
 	uint8_t tc_chan;	/* TC channel number */
 	uint8_t uart_chan;	/* UART channel */
 
 	uint8_t in_ep;		/* USB IN EP */
 	uint8_t irq_ep;		/* USB IN EP */
 
-	uint32_t waiting_time;	/* in clocks */
+	/*! clock rate conversion integer F
+	 *  @implements ISO/IEC 7816-3:2006(E) section 7.1
+	 *  @note this represents the current value used
+	 */
+	uint16_t f;
+	/*! baud rate adjustment factor D
+	 *  @implements ISO/IEC 7816-3:2006(E) section 7.1
+	 *  @note this represents the current value used
+	 */
+	uint8_t d;
+	/*! clock frequency in Hz
+	 *  @implements ISO/IEC 7816-3:2006(E) section 7.1
+	 *  @note the USART peripheral in slave mode does not provide the current value. we could measure it but this is not really useful. instead we remember the maximum possible value corresponding to the selected F value
+	 */
+	uint32_t f_cur;
+	/*! clock rate conversion integer Fi
+	 *  @implements ISO/IEC 7816-3:2006(E) Table 7
+	 *  @note this represents the maximum value supported by the card, and can be indicated in TA1
+	 *  @note this value can be set in TA1
+	 */
+	uint16_t fi;
+	/*! baud rate adjustment factor Di
+	 *  @implements ISO/IEC 7816-3:2006(E) Table 8
+	 *  @note this represents the maximum value supported by the card, and can be indicated in TA1
+	 */
+	uint8_t di;
+	/*! clock frequency, in Hz
+	 *  @implements ISO/IEC 7816-3:2006(E) Table 7
+	 *  @note this represents the maximum value supported by the card, and can be indicated in TA1
+	 */
+	uint32_t f_max;
+	/*! Waiting Integer
+	 *  @implements ISO/IEC 7816-3:2006(E) Section 10.2
+	 *  @note this value can be set in TA2
+	 */
+	uint8_t wi;
+	/*! Waiting Time, in ETU
+	 *  @implements ISO/IEC 7816-3:2006(E) Section 8.1
+	 *  @note this depends on Fi, Di, and WI if T=0 is used
+	 */
+	uint32_t wt;
 
 	/* ATR state machine */
 	struct {
@@ -233,6 +237,29 @@ struct card_handle {
 	} stats;
 };
 
+/* reset all the 'dynamic' state of the card handle to the initial/default values */
+static void card_handle_reset(struct card_handle *ch)
+{
+	struct msgb *msg;
+
+#ifndef BOARD_simtrace
+	tc_etu_disable(ch->tc_chan);
+#endif
+
+	/* release any buffers we may still own */
+	if (ch->uart_tx_msg) {
+		usb_buf_free(ch->uart_tx_msg);
+		ch->uart_tx_msg = NULL;
+	}
+	if (ch->uart_rx_msg) {
+		usb_buf_free(ch->uart_rx_msg);
+		ch->uart_rx_msg = NULL;
+	}
+	while ((msg = msgb_dequeue(&ch->uart_tx_queue))) {
+		usb_buf_free(msg);
+	}
+}
+
 struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch)
 {
 	return &ch->uart_tx_queue;
@@ -260,18 +287,18 @@ struct msgb *usb_buf_alloc_st(uint8_t ep, uint8_t msg_class, uint8_t msg_type)
 	while (!msg) {
 		msg = usb_buf_alloc(ep); // try to allocate some memory
 		if (!msg) { // allocation failed, we might be out of memory
-			struct llist_head *queue = usb_get_queue(ep);
-			if (!queue) {
+			struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
+			if (!bep) {
 				TRACE_ERROR("ep %u: %s queue does not exist\n\r",
 				            ep, __func__);
 				return NULL;
 			}
-			if (llist_empty(queue)) {
+			if (llist_empty(&bep->queue)) {
 				TRACE_ERROR("ep %u: %s EOMEM (queue already empty)\n\r",
 				            ep, __func__);
 				return NULL;
 			}
-			msg = msgb_dequeue(queue);
+			msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 			if (!msg) {
 				TRACE_ERROR("ep %u: %s no msg in non-empty queue\n\r",
 				            ep, __func__);
@@ -401,38 +428,66 @@ static void card_set_state(struct card_handle *ch,
 	case ISO_S_WAIT_POWER:
 	case ISO_S_WAIT_CLK:
 	case ISO_S_WAIT_RST:
-		/* disable Rx and Tx of UART */
-		card_emu_uart_enable(ch->uart_chan, 0);
-		/* check end activation state (only necessary if the reader to not respect the activation sequence) */
-		if (ch->vcc_active && ch->clocked && !ch->in_reset) {
-			/* enable the TC/ETU counter once reset has been released */
-			tc_etu_enable(ch->tc_chan);
-			/* prepare to send the ATR */
-			card_set_state(ch, ISO_S_WAIT_ATR);
+		card_emu_uart_enable(ch->uart_chan, 0); // disable Rx and Tx of UART
+#ifdef BOARD_simtrace
+		card_emu_uart_update_wt(ch->uart_chan, 0); // disable timeout
+		if (ISO_S_WAIT_POWER == new_state) {
+			card_emu_uart_io_set(ch->uart_chan, false); // pull I/O line low
+		} else {
+			card_emu_uart_io_set(ch->uart_chan, true); // pull I/O line high
 		}
+#endif
 		break;
 	case ISO_S_WAIT_ATR:
+
+		// reset the ETU-related values
+		ch->f = ISO7816_3_DEFAULT_FD;
+		ch->d = ISO7816_3_DEFAULT_DD;
+
+#ifdef BOARD_simtrace
+		card_emu_uart_update_fd(ch->uart_chan, ch->f, ch->d); // set baud rate
+
+		// reset values optionally specified in the ATR
+		ch->fi = ISO7816_3_DEFAULT_FI;
+		ch->di = ISO7816_3_DEFAULT_DI;
+		ch->wi = ISO7816_3_DEFAULT_WI;
+		int32_t wt = iso7816_3_calculate_wt(ch->wi, ch->fi, ch->di, ch->f, ch->d); // get default waiting time
+		if (wt <= 0) {
+			TRACE_FATAL("%u: invalid WT %ld\r\n", ch->num, wt);
+		}
+		ch->wt = wt;
+		card_emu_uart_enable(ch->uart_chan, ENABLE_TX); // enable TX to be able to use the timeout
+		/* the ATR should only be sent 400 to 40k clock cycles after the RESET.
+		 * we use the UART timeout mechanism to wait this time.
+		 * since the initial ETU is Fd=372/Dd=1 clock cycles long, we have to wait 2-107 ETU.
+		 */
+		card_emu_uart_update_wt(ch->uart_chan, 2);
+#else
 		/* Reset to initial Fi / Di ratio */
-		ch->fi = 1;
-		ch->di = 1;
+		ch->f = 1;
+		ch->d = 1;
 		emu_update_fidi(ch);
 		/* the ATR should only be sent 400 to 40k clock cycles after the RESET.
 		 * we use the tc_etu mechanism to wait this time.
 		 * since the initial ETU is Fd=372/Dd=1 clock cycles long, we have to wait 2-107 ETU.
 		 */
 		tc_etu_set_wtime(ch->tc_chan, 2);
-		/* ensure the TC_ETU timer is enabled */
+		/* enable the TC/ETU counter once reset has been released */
 		tc_etu_enable(ch->tc_chan);
+#endif
+
 		break;
 	case ISO_S_IN_ATR:
+#ifndef BOARD_simtrace
 		/* initialize to default WI, this will be overwritten if we
 		 * send TC2, and it will be programmed into hardware after
 		 * ATR is finished */
 		ch->wi = ISO7816_3_DEFAULT_WI;
 		/* update waiting time to initial waiting time */
-		ch->waiting_time = ISO7816_3_INIT_WTIME;
+		ch->wt = ISO7816_3_INIT_WTIME;
 		/* set initial waiting time */
-		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
+		tc_etu_set_wtime(ch->tc_chan, ch->wt);
+#endif
 		/* Set ATR sub-state to initial state */
 		ch->atr.idx = 0;
 		/* enable USART transmission to reader */
@@ -507,11 +562,15 @@ static int tx_byte_atr(struct card_handle *ch)
 				}
 			}
 		}
-		/* update waiting time (see ISO 7816-3 10.2) */
-		ch->waiting_time = ch->wi * 960 * ch->fi;
-		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
+#ifdef BOARD_simtrace
+		/* FIXME update waiting time in case of card is specific mode */
 		/* reset PTS to initial state */
 		set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
+#else
+		/* update waiting time (see ISO 7816-3 10.2) */
+		ch->wt = ch->wi * 960 * ch->fi;
+		tc_etu_set_wtime(ch->tc_chan, ch->wt);
+#endif
 		/* go to next state */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
 		return 0;
@@ -528,8 +587,9 @@ static int tx_byte_atr(struct card_handle *ch)
 /* Update the PTS sub-state */
 static void set_pts_state(struct card_handle *ch, enum pts_state new_ptss)
 {
-	TRACE_DEBUG("%u: 7816 PTS state %u -> %u\r\n",
-		    ch->num, ch->pts.state, new_ptss);
+	TRACE_DEBUG("%u: 7816 PTS state %s -> %s\r\n", ch->num,
+		    get_value_string(pts_state_names, ch->pts.state),
+		    get_value_string(pts_state_names, new_ptss));
 	ch->pts.state = new_ptss;
 }
 
@@ -576,9 +636,12 @@ from_pts3:
 	return PTS_S_WAIT_REQ_PCK | is_resp;
 }
 
-
-static int
-process_byte_pts(struct card_handle *ch, uint8_t byte)
+/*! process incoming PTS byte
+ *  @param[in] ch card handle on which the byte has been received
+ *  @param[in] byte received PTS byte
+ *  @return new iso7816_3_card_state or -1 at the end of PTS request
+ */
+static int process_byte_pts(struct card_handle *ch, uint8_t byte)
 {
 	switch (ch->pts.state) {
 	case PTS_S_WAIT_REQ_PTSS:
@@ -609,8 +672,8 @@ process_byte_pts(struct card_handle *ch, uint8_t byte)
 		memcpy(ch->pts.resp, ch->pts.req, sizeof(ch->pts.resp));
 		break;
 	default:
-		TRACE_ERROR("%u: process_byte_pts() in invalid state %u\r\n",
-			    ch->num, ch->pts.state);
+		TRACE_ERROR("%u: process_byte_pts() in invalid PTS state %s\r\n", ch->num,
+			    get_value_string(pts_state_names, ch->pts.state));
 		break;
 	}
 	/* calculate the next state and set it */
@@ -644,11 +707,17 @@ static int tx_byte_pts(struct card_handle *ch)
 		break;
 	case PTS_S_WAIT_RESP_PTS1:
 		byte = ch->pts.resp[_PTS1];
-		/* This must be TA1 */
-		ch->fi = byte >> 4;
-		ch->di = byte & 0xf;
-		TRACE_DEBUG("%u: found Fi=%u Di=%u\r\n", ch->num,
-			    ch->fi, ch->di);
+		// TODO the value should have been validated when receiving the request
+		ch->f = iso7816_3_fi_table[byte >> 4]; // save selected Fn
+		if (0 == ch->f) {
+			TRACE_ERROR("%u: invalid F index in PPS response: %u\r\n", ch->num, byte >> 4);
+			// TODO become unresponsive to signal error condition
+		}
+		ch->d = iso7816_3_di_table[byte & 0xf]; // save selected Dn
+		if (0 == ch->d) {
+			TRACE_ERROR("%u: invalid D index in PPS response: %u\r\n", ch->num, byte & 0xf);
+			// TODO become unresponsive to signal error condition
+		}
 		break;
 	case PTS_S_WAIT_RESP_PTS2:
 		byte = ch->pts.resp[_PTS2];
@@ -660,8 +729,8 @@ static int tx_byte_pts(struct card_handle *ch)
 		byte = ch->pts.resp[_PCK];
 		break;
 	default:
-		TRACE_ERROR("%u: get_byte_pts() in invalid state %u\r\n",
-			    ch->num, ch->pts.state);
+		TRACE_ERROR("%u: get_byte_pts() in invalid PTS state %s\r\n", ch->num,
+			    get_value_string(pts_state_names, ch->pts.state));
 		return 0;
 	}
 
@@ -673,8 +742,20 @@ static int tx_byte_pts(struct card_handle *ch)
 	switch (ch->pts.state) {
 	case PTS_S_WAIT_RESP_PCK:
 		card_emu_uart_wait_tx_idle(ch->uart_chan);
+#ifdef BOARD_simtrace
+		card_emu_uart_update_fd(ch->uart_chan, ch->f, ch->d); // set selected baud rate
+		int32_t wt = iso7816_3_calculate_wt(ch->wi, ch->fi, ch->di, ch->f, ch->d); // get new waiting time
+		if (wt <= 0) {
+			TRACE_ERROR("%u: invalid WT calculated: %ld\r\n", ch->num, wt);
+			// TODO become unresponsive to signal error condition
+		} else {
+			ch->wt = wt;
+		}
+		// FIXME disable WT
+#else
 		/* update baud rate generator with Fi/Di */
 		emu_update_fidi(ch);
+#endif
 		/* Wait for the next TPDU */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
 		set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
@@ -745,6 +826,10 @@ static void set_tpdu_state(struct card_handle *ch, enum tpdu_state new_ts)
 {
 	if (ch->tpdu.state == new_ts)
 		return;
+	if (ISO_S_IN_TPDU != ch->state && ISO_S_WAIT_TPDU != ch->state) {
+		TRACE_ERROR("%u: setting TPDU state in %s state\r\n", ch->num,
+			get_value_string(iso7816_3_card_state_names, ch->state));
+	}
 
 	TRACE_DEBUG("%u: 7816 TPDU state %s -> %s\r\n", ch->num,
 		get_value_string(tpdu_state_names, ch->tpdu.state),
@@ -752,15 +837,20 @@ static void set_tpdu_state(struct card_handle *ch, enum tpdu_state new_ts)
 	ch->tpdu.state = new_ts;
 
 	switch (new_ts) {
-	case TPDU_S_WAIT_CLA:
-	case TPDU_S_WAIT_RX:
-		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
+	case TPDU_S_WAIT_CLA: // we will be waiting for the next incoming TDPU
+		card_emu_uart_enable(ch->uart_chan, ENABLE_RX); // switch back to receiving mode
+		card_emu_uart_update_wt(ch->uart_chan, 0); // disable waiting time since we don't expect any data
+		break;
+	case TPDU_S_WAIT_INS: // the reader started sending the TPDU header
+		card_emu_uart_update_wt(ch->uart_chan, ch->wt); // start waiting for the rest of the header/body
+		break;
+	case TPDU_S_WAIT_RX: // the reader should send us the TPDU body data
+		card_emu_uart_enable(ch->uart_chan, ENABLE_RX); // switch to receive mode to receive the body
+		card_emu_uart_update_wt(ch->uart_chan, ch->wt); // start waiting for the rest body
 		break;
 	case TPDU_S_WAIT_PB:
-		/* we just completed the TPDU header from reader to card
-		 * and now need to disable the receiver, enable the
-		 * transmitter and transmit the procedure byte */
-		card_emu_uart_enable(ch->uart_chan, ENABLE_TX);
+		card_emu_uart_enable(ch->uart_chan, ENABLE_TX); // header is completely received, now we need to transmit the procedure byte
+		card_emu_uart_update_wt(ch->uart_chan, ch->wt); // prepare to extend the waiting time once half of it is reached
 		break;
 	default:
 		break;
@@ -867,8 +957,8 @@ process_byte_tpdu(struct card_handle *ch, uint8_t byte)
 		add_tpdu_byte(ch, byte);
 		break;
 	default:
-		TRACE_ERROR("%u: process_byte_tpdu() in invalid state %u\r\n",
-			    ch->num, ch->tpdu.state);
+		TRACE_ERROR("%u: process_byte_tpdu() in invalid TPDU state %s\r\n", ch->num,
+			    get_value_string(tpdu_state_names, ch->tpdu.state));
 	}
 
 	/* ensure we stay in TPDU ISO state */
@@ -955,6 +1045,8 @@ void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte)
 	switch (ch->state) {
 	case ISO_S_WAIT_TPDU:
 		if (byte == 0xff) {
+			/* reset PTS to initial state */
+			set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
 			new_state = process_byte_pts(ch, byte);
 			ch->stats.pps++;
 			goto out_silent;
@@ -967,8 +1059,8 @@ void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte)
 		new_state = process_byte_pts(ch, byte);
 		goto out_silent;
 	default:
-		TRACE_ERROR("%u: Received UART char in invalid 7816 state "
-			    "%u\r\n", ch->num, ch->state);
+		TRACE_ERROR("%u: Received UART char in invalid 7816 state %s\r\n", ch->num,
+			    get_value_string(iso7816_3_card_state_names, ch->state));
 		break;
 	}
 
@@ -1021,13 +1113,16 @@ void card_emu_have_new_uart_tx(struct card_handle *ch)
 	}
 }
 
-void card_emu_report_status(struct card_handle *ch)
+void card_emu_report_status(struct card_handle *ch, bool report_on_irq)
 {
 	struct msgb *msg;
 	struct cardemu_usb_msg_status *sts;
+	uint8_t ep = ch->in_ep;
 
-	msg = usb_buf_alloc_st(ch->in_ep, SIMTRACE_MSGC_CARDEM,
-				SIMTRACE_MSGT_BD_CEMU_STATUS);
+	if (report_on_irq)
+		ep = ch->irq_ep;
+
+	msg = usb_buf_alloc_st(ep, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_BD_CEMU_STATUS);
 	if (!msg)
 		return;
 
@@ -1039,11 +1134,27 @@ void card_emu_report_status(struct card_handle *ch)
 		sts->flags |= CEMU_STATUS_F_CLK_ACTIVE;
 	if (ch->in_reset)
 		sts->flags |= CEMU_STATUS_F_RESET_ACTIVE;
-	/* FIXME: voltage + card insert */
-	sts->fi = ch->fi;
-	sts->di = ch->di;
+	/* FIXME set voltage and card insert values */
+	sts->f = ch->f;
+	sts->d = ch->d;
 	sts->wi = ch->wi;
-	sts->waiting_time = ch->waiting_time;
+	sts->wt = ch->wt;
+
+	usb_buf_upd_len_and_submit(msg);
+}
+
+static void card_emu_report_config(struct card_handle *ch)
+{
+	struct msgb *msg;
+	struct cardemu_usb_msg_config *cfg;
+	uint8_t ep = ch->in_ep;
+
+	msg = usb_buf_alloc_st(ch->in_ep, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_BD_CEMU_CONFIG);
+	if (!msg)
+		return;
+
+	cfg = (struct cardemu_usb_msg_config *) msgb_put(msg, sizeof(*cfg));
+	cfg->features = ch->features;
 
 	usb_buf_upd_len_and_submit(msg);
 }
@@ -1051,15 +1162,19 @@ void card_emu_report_status(struct card_handle *ch)
 /* hardware driver informs us that a card I/O signal has changed */
 void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 {
+	uint32_t chg_mask = 0;
+
 	switch (io) {
 	case CARD_IO_VCC:
 		if (active == 0 && ch->vcc_active == 1) {
 			TRACE_INFO("%u: VCC deactivated\r\n", ch->num);
-			tc_etu_disable(ch->tc_chan);
+			card_handle_reset(ch);
 			card_set_state(ch, ISO_S_WAIT_POWER);
+			chg_mask |= CEMU_STATUS_F_VCC_PRESENT;
 		} else if (active == 1 && ch->vcc_active == 0) {
 			TRACE_INFO("%u: VCC activated\r\n", ch->num);
 			card_set_state(ch, ISO_S_WAIT_CLK);
+			chg_mask |= CEMU_STATUS_F_VCC_PRESENT;
 		}
 		ch->vcc_active = active;
 		break;
@@ -1068,27 +1183,53 @@ void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 			TRACE_INFO("%u: CLK activated\r\n", ch->num);
 			if (ch->state == ISO_S_WAIT_CLK)
 				card_set_state(ch, ISO_S_WAIT_RST);
+			chg_mask |= CEMU_STATUS_F_CLK_ACTIVE;
 		} else if (active == 0 && ch->clocked == 1) {
 			TRACE_INFO("%u: CLK deactivated\r\n", ch->num);
+			chg_mask |= CEMU_STATUS_F_CLK_ACTIVE;
 		}
 		ch->clocked = active;
 		break;
 	case CARD_IO_RST:
 		if (active == 0 && ch->in_reset) {
 			TRACE_INFO("%u: RST released\r\n", ch->num);
-			if (ch->vcc_active && ch->clocked) {
-				/* enable the TC/ETU counter once reset has been released */
-				tc_etu_enable(ch->tc_chan);
+			if (ch->vcc_active && ch->clocked && ISO_S_WAIT_RST == ch->state) {
 				/* prepare to send the ATR */
 				card_set_state(ch, ISO_S_WAIT_ATR);
 			}
+			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
 		} else if (active && !ch->in_reset) {
 			TRACE_INFO("%u: RST asserted\r\n", ch->num);
-			tc_etu_disable(ch->tc_chan);
+			card_handle_reset(ch);
+			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
+#ifdef BOARD_simtrace
+			card_set_state(ch, ISO_S_WAIT_RST);
+#endif
 		}
 		ch->in_reset = active;
 		break;
+	default:
+		break;
 	}
+
+	switch (ch->state) {
+	case ISO_S_WAIT_POWER:
+	case ISO_S_WAIT_CLK:
+	case ISO_S_WAIT_RST:
+		/* check end activation state (even if the reader does
+		 * not respect the activation sequence) */
+		if (ch->vcc_active && ch->clocked && !ch->in_reset) {
+			/* prepare to send the ATR */
+			card_set_state(ch, ISO_S_WAIT_ATR);
+		}
+		break;
+	default:
+		break;
+	}
+
+	/* notify the host about the state change */
+	if ((ch->features & CEMU_FEAT_F_STATUS_IRQ) && chg_mask)
+		card_emu_report_status(ch, true);
 }
 
 /* User sets a new ATR to be returned during next card reset */
@@ -1097,17 +1238,20 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len)
 	if (len > sizeof(ch->atr.atr))
 		return -1;
 
+/* ignore new ATR for now since we PPS has not been tested
 	memcpy(ch->atr.atr, atr, len);
 	ch->atr.len = len;
 	ch->atr.idx = 0;
+*/
 
 #if TRACE_LEVEL >= TRACE_LEVEL_INFO 
 	uint8_t i;
 	TRACE_INFO("%u: ATR set: ", ch->num);
-	for (i = 0; i < ch->atr.len; i++) {
+	for (i = 0; i < len; i++) {
 		TRACE_INFO_WP("%02x ", atr[i]);
 	}
 	TRACE_INFO_WP("\n\r");
+	TRACE_INFO("%u: ATR set currently ignored\n\r", ch->num);
 #endif
 	/* FIXME: race condition with transmitting ATR to reader? */
 
@@ -1115,7 +1259,7 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len)
 }
 
 /* hardware driver informs us that one (more) ETU has expired */
-void tc_etu_wtime_half_expired(void *handle)
+void card_emu_wt_halfed(void *handle)
 {
 	struct card_handle *ch = handle;
 	/* transmit NULL procedure byte well before waiting time expires */
@@ -1125,7 +1269,8 @@ void tc_etu_wtime_half_expired(void *handle)
 		case TPDU_S_WAIT_PB:
 		case TPDU_S_WAIT_TX:
 			putchar('N');
-			card_emu_uart_tx(ch->uart_chan, ISO7816_3_PB_NULL);
+			card_emu_uart_tx(ch->uart_chan, ISO7816_3_PB_NULL); // we are waiting for data from the user. send a procedure byte to ask the reader to wait more time
+			card_emu_uart_reset_wt(ch->uart_chan); // reset WT
 			break;
 		default:
 			break;
@@ -1137,7 +1282,7 @@ void tc_etu_wtime_half_expired(void *handle)
 }
 
 /* hardware driver informs us that one (more) ETU has expired */
-void tc_etu_wtime_expired(void *handle)
+void card_emu_wt_expired(void *handle)
 {
 	struct card_handle *ch = handle;
 	switch (ch->state) {
@@ -1146,16 +1291,45 @@ void tc_etu_wtime_expired(void *handle)
 		card_set_state(ch, ISO_S_IN_ATR);
 		break;
 	default:
+		// TODO become unresponsive
 		TRACE_ERROR("%u: wtime_exp\r\n", ch->num);
 		break;
 	}
 }
 
-/* shortest ATR found in smartcard_list.txt */
-static const uint8_t default_atr[] = { 0x3B, 0x02, 0x14, 0x50 };
+/* reasonable ATR offering all protocols and voltages
+ * smartphones might not care, but other readers do
+
+TS = 0x3B	Direct Convention
+T0 = 0x80	Y(1): b1000, K: 0 (historical bytes)
+TD(1) = 0x80	Y(i+1) = b1000, Protocol T=0
+----
+TD(2) = 0x81	Y(i+1) = b1000, Protocol T=1
+----
+TD(3) = 0x1F	Y(i+1) = b0001, Protocol T=15
+----
+TA(4) = 0xC7	Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+----
+Historical bytes
+TCK = 0x59 	correct checksum
+
+ * */
+static const uint8_t default_atr[] = { 0x3B, 0x80, 0x80, 0x81 , 0x1F, 0xC7, 0x59};
 
 static struct card_handle card_handles[NUM_SLOTS];
 
+int card_emu_set_config(struct card_handle *ch, const struct cardemu_usb_msg_config *scfg,
+			unsigned int scfg_len)
+{
+	if (scfg_len >= sizeof(uint32_t))
+		ch->features = (scfg->features & SUPPORTED_FEATURES);
+
+	/* send back a report of our current configuration */
+	card_emu_report_config(ch);
+
+	return 0;
+}
+
 struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked)
 {
 	struct card_handle *ch;
@@ -1169,6 +1343,7 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 
 	INIT_LLIST_HEAD(&ch->uart_tx_queue);
 
+	/* initialize the card_handle with reasonable defaults */
 	ch->num = slot_num;
 	ch->irq_ep = irq_ep;
 	ch->in_ep = in_ep;
@@ -1177,13 +1352,13 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 	ch->in_reset = in_reset;
 	ch->clocked = clocked;
 
-	ch->fi = 0;
-	ch->di = 1;
+	ch->fi = ISO7816_3_DEFAULT_FI;
+	ch->di = ISO7816_3_DEFAULT_DI;
 	ch->wi = ISO7816_3_DEFAULT_WI;
+	ch->wt = ISO7816_3_DEFAULT_WT;;
 
 	ch->tc_chan = tc_chan;
 	ch->uart_chan = uart_chan;
-	ch->waiting_time = ISO7816_3_INIT_WTIME;
 
 	ch->atr.idx = 0;
 	ch->atr.len = sizeof(default_atr);
@@ -1192,7 +1367,11 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 	ch->pts.state = PTS_S_WAIT_REQ_PTSS;
 	ch->tpdu.state = TPDU_S_WAIT_CLA;
 
+	card_handle_reset(ch);
+#ifndef BOARD_simtrace
+	/* simtrace uses uart timer instead */
 	tc_etu_init(ch->tc_chan, ch);
+#endif
 
 	return ch;
 }

firmware/libcommon/source/cciddriver.c

@@ -428,7 +428,7 @@ static void PCtoRDRXfrBlock( void )
 	uint16_t msglen = 0;
 	uint32_t ret;
 
-	TRACE_DEBUG("PCtoRDRXfrBlock\n");
+	TRACE_DEBUG("PCtoRDRXfrBlock\n\r");
 
 	// Check the block length
 	if ( ccidDriver.sCcidCommand.wLength > (configurationDescriptorsFS->ccid.dwMaxCCIDMessageLength-10) ) {
@@ -921,7 +921,7 @@ void USBDCallbacks_RequestReceived(const USBGenericRequest *request)
 void CCID_SmartCardRequest( void )
 {
 	unsigned char bStatus;
-	TRACE_DEBUG("CCID_req\n");
+	TRACE_DEBUG("CCID_req\n\r");
 
 	do {
 

firmware/libcommon/source/host_communication.c

@@ -27,27 +27,36 @@
  * USBD Integration API
  ***********************************************************************/
 
-/* call-back after (successful?) transfer of a buffer */
+/* call-back after (successful?) transfer of a write buffer on IN EP */
 static void usb_write_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 			 uint32_t remaining)
 {
 	struct msgb *msg = (struct msgb *) arg;
 	struct usb_buffered_ep *bep = msg->dst;
+	uint16_t ep_size = USBD_GetEndpointSize(bep->ep);
 	unsigned long x;
 
 	TRACE_DEBUG("%s (EP=0x%02x)\r\n", __func__, bep->ep);
 
+	if (((msgb_length(msg) % ep_size) == 0) && (transferred == ep_size)) {
+		/* terminate with ZLP; pass in 'msg' again as 'arg' so we get
+		 * called the second time and proceed with usb_buf_free below */
+		USBD_Write(bep->ep, 0, 0, (TransferCallback) &usb_write_cb, msg);
+		return;
+	}
+
 	local_irq_save(x);
 	bep->in_progress--;
 	local_irq_restore(x);
-	TRACE_DEBUG("%u: in_progress=%d\n", bep->ep, bep->in_progress);
+	TRACE_DEBUG("%u: in_progress=%lu\r\n", bep->ep, bep->in_progress);
 
 	if (status != USBD_STATUS_SUCCESS)
-		TRACE_ERROR("%s error, status=%d\n", __func__, status);
+		TRACE_ERROR("%s error, status=%d\r\n", __func__, status);
 
 	usb_buf_free(msg);
 }
 
+/* check if the spcified IN endpoint is idle and submit the next buffer from queue */
 int usb_refill_to_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -75,44 +84,44 @@ int usb_refill_to_host(uint8_t ep)
 
 	bep->in_progress++;
 
-	msg = msgb_dequeue(&bep->queue);
+	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 
 	local_irq_restore(x);
 
-	TRACE_DEBUG("%s (EP=0x%02x), in_progress=%d\r\n", __func__, ep, bep->in_progress);
+	TRACE_DEBUG("%s (EP=0x%02x), in_progress=%lu\r\n", __func__, ep, bep->in_progress);
 
 	msg->dst = bep;
 
 	rc = USBD_Write(ep, msgb_data(msg), msgb_length(msg),
 			(TransferCallback) &usb_write_cb, msg);
 	if (rc != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error %x\n", __func__, rc);
+		TRACE_ERROR("%s error %x\r\n", __func__, rc);
 		/* re-insert to head of queue */
 		llist_add_irqsafe(&msg->list, &bep->queue);
 		local_irq_save(x);
 		bep->in_progress--;
 		local_irq_restore(x);
-		TRACE_DEBUG("%02x: in_progress=%d\n", bep->ep, bep->in_progress);
+		TRACE_DEBUG("%02x: in_progress=%lu\r\n", bep->ep, bep->in_progress);
 		return 0;
 	}
 
 	return 1;
 }
 
-/* call-back after (successful?) transfer of a buffer */
+/* call-back after (successful?) read transfer of a buffer on OUT EP */
 static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 			uint32_t remaining)
 {
 	struct msgb *msg = (struct msgb *) arg;
 	struct usb_buffered_ep *bep = msg->dst;
 
-	TRACE_DEBUG("%s (EP=%u, len=%u, q=%p)\r\n", __func__,
+	TRACE_DEBUG("%s (EP=%u, len=%lu, q=%p)\r\n", __func__,
 			bep->ep, transferred, &bep->queue);
 
 	bep->in_progress = 0;
 
 	if (status != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error, status=%d\n", __func__, status);
+		TRACE_ERROR("%s error, status=%d\r\n", __func__, status);
 		usb_buf_free(msg);
 		return;
 	}
@@ -120,6 +129,7 @@ static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 	llist_add_tail_irqsafe(&msg->list, &bep->queue);
 }
 
+/* refill the read queue for data received from host PC on OUT EP, if needed */
 int usb_refill_from_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -150,7 +160,7 @@ int usb_refill_from_host(uint8_t ep)
 	rc = USBD_Read(ep, msg->head, msgb_tailroom(msg),
 			(TransferCallback) &usb_read_cb, msg);
 	if (rc != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("%s error %d\n", __func__, rc);
+		TRACE_ERROR("%s error %d\r\n", __func__, rc);
 		usb_buf_free(msg);
 		bep->in_progress = 0;
 	}
@@ -158,6 +168,7 @@ int usb_refill_from_host(uint8_t ep)
 	return 1;
 }
 
+/* drain any buffers from the queue of the endpoint and release their memory */
 int usb_drain_queue(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
@@ -177,7 +188,7 @@ int usb_drain_queue(uint8_t ep)
 	}
 
 	/* free all queued msgbs */
-	while ((msg = msgb_dequeue(&bep->queue))) {
+	while ((msg = msgb_dequeue_count(&bep->queue, &bep->queue_len))) {
 		usb_buf_free(msg);
 		ret++;
 	}

firmware/libcommon/source/iso7816_3.c

@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2019 sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+*/
+#include <stdint.h>
+#include <stddef.h>
+
+#include "utils.h"
+#include "iso7816_3.h"
+
+const uint16_t iso7816_3_fi_table[16] = {
+	372, 372, 558, 744, 1116, 1488, 1860, 0,
+	0, 512, 768, 1024, 1536, 2048, 0, 0
+};
+
+const uint32_t iso7816_3_fmax_table[16] = {
+	4000000, 5000000, 6000000, 8000000, 12000000, 16000000, 20000000, 0,
+	0, 5000000, 7500000, 10000000, 15000000, 20000000, 0, 0
+};
+
+const uint8_t iso7816_3_di_table[16] = {
+	0, 1, 2, 4, 8, 16, 32, 64,
+	12, 20, 0, 0, 0, 0, 0, 0,
+};
+
+/* all values are based on the Elementary Time Unit (ETU), defined in ISO/IEC 7816-3 section 7.1
+ * this is the time required to transmit a bit, and is calculated as follows: 1 ETU = (F / D) x (1 / f) where:
+ * - F is the clock rate conversion integer
+ * - D is the baud rate adjustment factor
+ * - f is the clock frequency
+ * the possible F, f(max), and D values are defined in ISO/IEC 7816-3 table 7 and 8
+ * - the initial value for F (after reset) is Fd = 372
+ * - the initial value for D (after reset) is Dd = 1
+ * - the initial maximum frequency f(max) is 5 MHz
+ * the card must measure the ETU based on the clock signal provided by the reader
+ * one ETU (e.g. 1 bit) takes F/D clock cycles, which the card must count
+ *
+ * the card can indicate an alternative set of supported values Fi (with corresponding f(max)) and Di for higher baud rate in TA1 in the ATR (see ISO/IEC 7816-3 section 8.3)
+ * these values are selected according to ISO/IEC 7816-3 section 6.3.1:
+ * - card in specific mode: they are enforced if TA2 is present (the reader can deactivate the card if it does not support these values)
+ * - card in negotiable mode:
+ * -- they can be selected by the reader using the Protocol and Parameters Selection (PPS) procedure
+ * -- the first offered protocol and default values are used when no PPS is started
+ *
+ * PPS is done with Fd and Dd (see ISO/IEC 7816-3 section 9)
+ * the reader can propose any F and D values between from Fd to Fi, and from Dd to Di (Fi and Di are indicated in TA1)
+ * the in PPS agreed values F and D are called Fn and Dn and are applied after a successful exchange, corresponding to PPS1_Response bit 5
+ *
+ * the F and D values must be provided to the SAM3S USART peripheral (after reset and PPS)
+ */
+
+bool iso7816_3_valid_f(uint16_t f)
+{
+	if (0 == f) {
+		return false;
+	}
+	uint8_t i = 0;
+	for (i = 0; i < ARRAY_SIZE(iso7816_3_fi_table) && iso7816_3_fi_table[i] != f; i++);
+	return (i < ARRAY_SIZE(iso7816_3_fi_table) && iso7816_3_fi_table[i] == f);
+}
+
+bool iso7816_3_valid_d(uint8_t d)
+{
+	if (0 == d) {
+		return false;
+	}
+	uint8_t i = 0;
+	for (i = 0; i < ARRAY_SIZE(iso7816_3_di_table) && iso7816_3_di_table[i] != d; i++);
+	return (i < ARRAY_SIZE(iso7816_3_di_table) && iso7816_3_di_table[i] == d);
+}
+
+/*
+ * the ETU is not only used to define the baud rate, but also the Waiting Time (WT) (see ISO/IEC 7816-3 section 8.1)
+ * when exceeding WT without card response, the reader flags the card as unresponsive, and resets it
+ * this can be used by the card to indicate errors or unsupported operations
+ * if the card requires more time to respond, it shall send a procedure byte to restart WT
+ * WT is calculated as follows (for T=0, see ISO/IEC 7816-3 section 10.2): WT = WI x 960 x (Fi / f(max)) where
+ * - WI is encoded in TC2 in the ATR (10 if absent)
+ * - WI does not depend on D/Di (used for the ETU)
+ * - after reset WT is 9600 ETU
+ * - WI (e.g. the new WT) is applied when T=0 is used (after 6.3.1), even if Fi is not Fn (this WT extension is important to know for the reader so to have the right timeout)
+ */
+
+int32_t iso7816_3_calculate_wt(uint8_t wi, uint16_t fi, uint8_t di, uint16_t f, uint8_t d)
+{
+	// sanity checks
+	if (0 == wi) {
+		return -1;
+	}
+	if (!iso7816_3_valid_f(fi)) {
+		return -2;
+	}
+	if (!iso7816_3_valid_d(di)) {
+		return -3;
+	}
+	if (!iso7816_3_valid_f(f)) {
+		return -4;
+	}
+	if (!iso7816_3_valid_d(d)) {
+		return -5;
+	}
+	if (f > fi) {
+		return -6;
+	}
+	if (d > di) {
+		return -7;
+	}
+
+	return wi * 960UL * (fi/f) * (di/d); // calculate timeout value in ETU
+}

firmware/libcommon/source/main_common.c

@@ -0,0 +1,54 @@
+/* SIMtrace 2 firmware common main helpers
+ *
+ * (C) 2015-2019 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include "board.h"
+#include "utils.h"
+
+void print_banner(void)
+{
+	printf("\n\r\n\r"
+		"=============================================================================\n\r"
+		"SIMtrace2 firmware " GIT_VERSION ", BOARD=" BOARD ", APP=" APPLICATION "\n\r"
+		"(C) 2010-2019 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
+		"=============================================================================\n\r");
+
+#if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
+	/* print chip-unique ID */
+	unsigned int unique_id[4];
+	EEFC_ReadUniqueID(unique_id);
+	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);
+	TRACE_INFO("Serial Nr. %08x-%08x-%08x-%08x\n\r",
+		   unique_id[0], unique_id[1], unique_id[2], unique_id[3]);
+
+	/* print reset cause */
+	uint8_t reset_cause = (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos;
+	static const char* reset_causes[] = {
+		"general reset (first power-up reset)",
+		"backup reset (return from backup mode)",
+		"watchdog reset (watchdog fault occurred)",
+		"software reset (processor reset required by the software)",
+		"user reset (NRST pin detected low)",
+	};
+	if (reset_cause < ARRAY_SIZE(reset_causes)) {
+		TRACE_INFO("Reset Cause: %s\n\r", reset_causes[reset_cause]);
+	} else {
+		TRACE_INFO("Reset Cause: 0x%lx\n\r", (RSTC->RSTC_SR & RSTC_SR_RSTTYP_Msk) >> RSTC_SR_RSTTYP_Pos);
+	}
+#endif
+}

firmware/libcommon/source/mode_cardemu.c

@@ -1,7 +1,7 @@
 /* card emulation mode
  *
  * (C) 2015-2017 by Harald Welte <laforge@gnumonks.org>
- * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -22,6 +22,7 @@
 #include "simtrace.h"
 #include "ringbuffer.h"
 #include "card_emu.h"
+#include "iso7816_3.h"
 #include "iso7816_fidi.h"
 #include "utils.h"
 #include <osmocom/core/linuxlist.h>
@@ -54,14 +55,24 @@ struct cardem_inst {
 	struct card_handle *ch;
 	struct llist_head usb_out_queue;
 	struct ringbuf rb;
+	uint32_t wt; /*!< receiver waiting time to trigger timeout (0 to deactivate it) */
+	uint32_t wt_remaining; /*!< remaining waiting time */
+	bool wt_halfed; /*!< if at least half of the waiting time passed */
 	struct Usart_info usart_info;
 	int usb_pending_old;
 	uint8_t ep_out;
 	uint8_t ep_in;
 	uint8_t ep_int;
+	const Pin pin_io;
 	const Pin pin_insert;
+#ifdef DETECT_VCC_BY_ADC
 	uint32_t vcc_uv;
 	uint32_t vcc_uv_last;
+#endif
+	bool vcc_active;
+	bool vcc_active_last;
+	bool rst_active;
+	bool rst_active_last;
 };
 
 struct cardem_inst cardem_inst[] = {
@@ -75,6 +86,7 @@ struct cardem_inst cardem_inst[] = {
 		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT,
 		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
 		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM1_INT,
+		.pin_io = PIN_USIM1_IO,
 #ifdef PIN_SET_USIM1_PRES
 		.pin_insert = PIN_SET_USIM1_PRES,
 #endif
@@ -90,6 +102,7 @@ struct cardem_inst cardem_inst[] = {
 		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT,
 		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
 		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM2_INT,
+		.pin_io = PIN_USIM2_IO,
 #ifdef PIN_SET_USIM2_PRES
 		.pin_insert = PIN_SET_USIM2_PRES,
 #endif
@@ -140,7 +153,11 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 		 * receiver enabled during transmit */
 		USART_SetReceiverEnabled(usart, 1);
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
+#ifdef BOARD_simtrace
+		USART_EnableIt(usart, US_IER_TXRDY | US_IER_TIMEOUT);
+#else
 		USART_EnableIt(usart, US_IER_TXRDY);
+#endif
 		USART_SetTransmitterEnabled(usart, 1);
 		break;
 	case ENABLE_RX:
@@ -150,7 +167,11 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 		USART_SetTransmitterEnabled(usart, 1);
 		wait_tx_idle(usart);
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
+#ifdef BOARD_simtrace
+		USART_EnableIt(usart, US_IER_RXRDY | US_IER_TIMEOUT);
+#else
 		USART_EnableIt(usart, US_IER_RXRDY);
+#endif
 		USART_SetReceiverEnabled(usart, 1);
 		break;
 	case 0:
@@ -192,37 +213,69 @@ int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 /* FIXME: integrate this with actual irq handler */
 static void usart_irq_rx(uint8_t inst_num)
 {
+	if (inst_num >= ARRAY_SIZE(cardem_inst)) {
+		TRACE_ERROR("%u: UART channel out of bounds\r\n", inst_num);
+		return;
+	}
 	Usart *usart = get_usart_by_chan(inst_num);
 	struct cardem_inst *ci = &cardem_inst[inst_num];
 	uint32_t csr;
 	uint8_t byte = 0;
+	uint32_t errflags = (US_CSR_OVRE | US_CSR_FRAME | US_CSR_PARE | US_CSR_NACK | (1 << 10));
+#ifndef BOARD_simtrace
+	errflags |= US_CSR_TIMEOUT;
+#endif
 
-	csr = usart->US_CSR & usart->US_IMR;
+	csr = usart->US_CSR & usart->US_IMR; // save state/flags before they get changed
 
-	if (csr & US_CSR_RXRDY) {
-		byte = (usart->US_RHR) & 0xFF;
-		if (rbuf_write(&ci->rb, byte) < 0)
-			TRACE_ERROR("rbuf overrun\r\n");
+	if (csr & US_CSR_RXRDY) { // bytes has been received
+		byte = (usart->US_RHR) & 0xFF; // ready out byte
+		if (rbuf_write(&ci->rb, byte) < 0) // store byte in buffer
+			TRACE_ERROR("rbuf overrun\r\n"); // error if could not store in buffer
 	}
 
-	if (csr & US_CSR_TXRDY) {
-		if (card_emu_tx_byte(ci->ch) == 0)
-			USART_DisableIt(usart, US_IER_TXRDY);
+	if (csr & US_CSR_TXRDY) { // ready to transmit the next byte
+		if (card_emu_tx_byte(ci->ch) == 0) // transmit next byte, and check if a byte is being transmitted
+			USART_DisableIt(usart, US_IER_TXRDY); // stop the TX ready signal if not byte has been transmitted
 	}
 
-	if (csr & (US_CSR_OVRE|US_CSR_FRAME|US_CSR_PARE|
-		   US_CSR_TIMEOUT|US_CSR_NACK|(1<<10))) {
-		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
-		TRACE_ERROR("%u e 0x%x st: 0x%lx\n", ci->num, byte, csr);
+	if (csr & errflags) { // error flag set
+		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK; // reset UART state to clear flag
+		TRACE_ERROR("%u USART error on 0x%x status: 0x%lx\n", ci->num, byte, csr); // warn user about error
 	}
+#ifdef BOARD_simtrace
+	// handle timeout
+	if (csr & US_CSR_TIMEOUT) { // RX has been inactive for some time
+		if (ci->wt_remaining <= (usart->US_RTOR & 0xffff)) { // waiting time has passed
+			ci->wt_remaining = 0; // timeout reached (will stop the timer)
+		} else {
+			ci->wt_remaining -= (usart->US_RTOR & 0xffff); // be sure to subtract the actual timeout since the new might not have been set and reloaded yet
+		}
+		if (0 == ci->wt_remaining) {
+			card_emu_wt_expired(ci->ch); // let the state know WT has expired
+		} else if (ci->wt_remaining <= ci->wt / 2 && !ci->wt_halfed) {
+			ci->wt_halfed = true;
+			card_emu_wt_halfed(ci->ch); // let the state know WT has half expired
+		}
+		if (ci->wt_remaining > 0xffff) { // value exceeds the USART TO range
+			usart->US_RTOR = 0xffff; // use the MAX
+		} else {
+			usart->US_RTOR = ci->wt_remaining;
+		}
+		usart->US_CR |= US_CR_STTTO; // clear timeout flag (and stop timeout until next character is received)
+		usart->US_CR |= US_CR_RETTO; // restart the counter (it wt is 0, the timeout is not started)
+	}
+#endif
 }
 
+/*! ISR called for USART0 */
 void mode_cardemu_usart0_irq(void)
 {
 	/* USART0 == Instance 1 == USIM 2 */
 	usart_irq_rx(1);
 }
 
+/*! ISR called for USART1 */
 void mode_cardemu_usart1_irq(void)
 {
 	/* USART1 == Instance 0 == USIM 1 */
@@ -241,6 +294,91 @@ int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi)
 	return 0;
 }
 
+// call-back from card_emu.c to change UART baud rate
+void card_emu_uart_update_fd(uint8_t uart_chan, uint16_t f, uint8_t d)
+{
+	Usart *usart = get_usart_by_chan(uart_chan); // get the USART based on the card handle
+	if (NULL == usart) {
+		TRACE_ERROR("%u: USART not found by chan\r\n", uart_chan);
+		return;
+	}
+	if (!iso7816_3_valid_f(f)) {
+		TRACE_ERROR("%u: invalid F: %u\r\n", uart_chan, f);
+		return;
+	}
+	if (!iso7816_3_valid_d(d)) {
+		TRACE_ERROR("%u: invalid D: %u\r\n", uart_chan, d);
+		return;
+	}
+
+	uint16_t ratio = f / d;
+	if (ratio > 0 && ratio < 2048) {
+		/* make sure USART uses new F/D ratio */
+		usart->US_CR |= US_CR_RXDIS | US_CR_RSTRX; // disable USART before changing baud rate
+		usart->US_FIDI = (ratio & 0x7ff); // change baud rate (ratio)
+		usart->US_CR |= US_CR_RXEN | US_CR_STTTO; // re-enable USART (and stop timeout)
+		TRACE_INFO("%u: USART F/D set to %u/%u\r\n", uart_chan, f, d);
+	} else {
+		TRACE_ERROR("%u: USART could not set F/D to %u/%u\r\n", uart_chan, f, d);
+		// TODO become unresponsive
+	}
+}
+
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt)
+{
+	if (uart_chan >= ARRAY_SIZE(cardem_inst)) {
+		TRACE_ERROR("%u: UART channel out of bounds\r\n", uart_chan);
+		return;
+	}
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	Usart *usart = get_usart_by_chan(uart_chan); // get the USART based on the card handle
+	if (NULL == usart) {
+		TRACE_ERROR("%u: USART not found by chan\r\n", uart_chan);
+		return;
+	}
+
+	ci->wt = wt; // save value
+	card_emu_uart_reset_wt(uart_chan); // reset and start timer
+	TRACE_INFO("%u: USART WT set to %lu ETU\r\n", uart_chan, wt);
+}
+
+void card_emu_uart_reset_wt(uint8_t uart_chan)
+{
+	if (uart_chan >= ARRAY_SIZE(cardem_inst)) {
+		TRACE_ERROR("%u: UART channel out of bounds\r\n", uart_chan);
+		return;
+	}
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	Usart *usart = get_usart_by_chan(uart_chan); // get the USART based on the card handle
+	if (NULL == usart) {
+		TRACE_ERROR("%u: USART not found by chan\r\n", uart_chan);
+		return;
+	}
+
+	ci->wt_remaining = ci->wt; // reload WT value
+	ci->wt_halfed = false; // reset half expired
+	if (ci->wt_remaining > 0xffff) { // value exceeds the USART TO range
+		usart->US_RTOR = 0xffff; // use the MAX
+	} else {
+		usart->US_RTOR = ci->wt_remaining;
+	}
+	usart->US_CR |= US_CR_RETTO; // restart the counter (if wt is 0, the timeout is not started)
+}
+
+void card_emu_uart_io_set(uint8_t uart_chan, bool set)
+{
+	if (uart_chan >= ARRAY_SIZE(cardem_inst)) {
+		TRACE_ERROR("%u: UART channel out of bounds\r\n", uart_chan);
+		return;
+	}
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	if (set) {
+		PIO_Set(&ci->pin_io);
+	} else {
+		PIO_Clear(&ci->pin_io);
+	}
+}
+
 /* call-back from card_emu.c to force a USART interrupt */
 void card_emu_uart_interrupt(uint8_t uart_chan)
 {
@@ -261,7 +399,7 @@ void card_emu_uart_interrupt(uint8_t uart_chan)
 
 #ifdef DETECT_VCC_BY_ADC
 
-static int adc_triggered = 0;
+static volatile int adc_triggered = 0;
 static int adc_sam3s_reva_errata = 0;
 
 static int card_vcc_adc_init(void)
@@ -315,14 +453,10 @@ static void process_vcc_adc(struct cardem_inst *ci)
 {
 	if (ci->vcc_uv >= VCC_UV_THRESH_3V &&
 	    ci->vcc_uv_last < VCC_UV_THRESH_3V) {
-		card_emu_io_statechg(ci->ch, CARD_IO_VCC, 1);
-		/* FIXME do this for real */
-		card_emu_io_statechg(ci->ch, CARD_IO_CLK, 1);
+		ci->vcc_active = true;
 	} else if (ci->vcc_uv < VCC_UV_THRESH_3V &&
 		 ci->vcc_uv_last >= VCC_UV_THRESH_3V) {
-		/* FIXME do this for real */
-		card_emu_io_statechg(ci->ch, CARD_IO_CLK, 0);
-		card_emu_io_statechg(ci->ch, CARD_IO_VCC, 0);
+		ci->vcc_active = false;
 	}
 	ci->vcc_uv_last = ci->vcc_uv;
 }
@@ -347,44 +481,54 @@ void ADC_IrqHandler(void)
 		cardem_inst[0].vcc_uv = adc2uv(val);
 		process_vcc_adc(&cardem_inst[0]);
 		ADC->ADC_CR |= ADC_CR_START;
+		adc_triggered = 1;
 	}
 }
 #endif /* DETECT_VCC_BY_ADC */
 
+
+/* called from main loop; dispatches card I/O state changes to card_emu from main loop */
+static void process_io_statechg(struct cardem_inst *ci)
+{
+	if (ci->vcc_active != ci->vcc_active_last) {
+		card_emu_io_statechg(ci->ch, CARD_IO_VCC, ci->vcc_active);
+		/* FIXME do this for real */
+		card_emu_io_statechg(ci->ch, CARD_IO_CLK, ci->vcc_active);
+		ci->vcc_active_last = ci->vcc_active;
+	}
+
+	if (ci->rst_active != ci->rst_active_last) {
+		card_emu_io_statechg(ci->ch, CARD_IO_RST, ci->rst_active);
+		ci->rst_active_last = ci->rst_active;
+	}
+}
+
 /***********************************************************************
  * Core USB  / main loop integration
  ***********************************************************************/
 
 static void usim1_rst_irqhandler(const Pin *pPin)
 {
-	bool active = PIO_Get(&pin_usim1_rst) ? false : true;
-	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_RST, active);
+	cardem_inst[0].rst_active = PIO_Get(&pin_usim1_rst) ? false : true;
 }
 
 #ifndef DETECT_VCC_BY_ADC
 static void usim1_vcc_irqhandler(const Pin *pPin)
 {
-	bool active = PIO_Get(&pin_usim1_vcc) ? true : false;
-	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_VCC, active);
-	/* FIXME do this for real */
-	card_emu_io_statechg(cardem_inst[0].ch, CARD_IO_CLK, active);
+	cardem_inst[0].vcc_active = PIO_Get(&pin_usim1_vcc) ? true : false;
 }
 #endif /* !DETECT_VCC_BY_ADC */
 
 #ifdef CARDEMU_SECOND_UART
 static void usim2_rst_irqhandler(const Pin *pPin)
 {
-	bool active = PIO_Get(&pin_usim2_rst) ? false : true;
-	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_RST, active);
+	cardem_inst[1].rst_active = PIO_Get(&pin_usim2_rst) ? false : true;
 }
 
 #ifndef DETECT_VCC_BY_ADC
 static void usim2_vcc_irqhandler(const Pin *pPin)
 {
-	bool active = PIO_Get(&pin_usim2_vcc) ? true : false;
-	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_VCC, active);
-	/* FIXME do this for real */
-	card_emu_io_statechg(cardem_inst[1].ch, CARD_IO_CLK, active);
+	cardem_inst[1].vcc_active = PIO_Get(&pin_usim2_vcc) ? true : false;
 }
 #endif /* !DETECT_VCC_BY_ADC */
 #endif /* CARDEMU_SECOND_UART */
@@ -402,41 +546,88 @@ void mode_cardemu_init(void)
 
 	TRACE_ENTRY();
 
+#ifdef PINS_PWR_CARDEMU
+	// enable power on required peripherals, else disable
+	Pin pins_pwr_cardemu[] = { PINS_PWR_CARDEMU };
+	PIO_Configure(pins_pwr_cardemu, PIO_LISTSIZE(pins_pwr_cardemu));
+#endif /* PINS_PWR_CARDEMU */
 #ifdef PINS_CARDSIM
 	PIO_Configure(pins_cardsim, PIO_LISTSIZE(pins_cardsim));
 #endif
+	// ADC channel 6 and 7 are used to measure VCC (else they are grounded)
+	ADC->ADC_CHER |= ADC_CHER_CH6 | ADC_CHER_CH7; // enable the ADC channels to put them in high impedance (else they leak current)
 #ifdef DETECT_VCC_BY_ADC
-	card_vcc_adc_init();
+	card_vcc_adc_init(); // configure the ADC to measure VCC
 #endif /* DETECT_VCC_BY_ADC */
+	// TODO pull SIMtrace board SIM lines low, else they can leak current back to VCC
 
 	INIT_LLIST_HEAD(&cardem_inst[0].usb_out_queue);
 	rbuf_reset(&cardem_inst[0].rb);
 	PIO_Configure(pins_usim1, PIO_LISTSIZE(pins_usim1));
+
+	/* configure USART as ISO-7816 slave (e.g. card) */
 	ISO7816_Init(&cardem_inst[0].usart_info, CLK_SLAVE);
+#ifdef BOARD_simtrace
+	/* simtrace board uses uart timeouts */
+
+	/*  don't use receive timeout timer for now */
+	cardem_inst[0].usart_info.base->US_RTOR = 0;
+	/* enable interrupts to indicate when data has been received or timeout occurred */
+	USART_EnableIt(cardem_inst[0].usart_info.base, US_IER_RXRDY | US_IER_TIMEOUT);
+#else
+	/* enable interrupts to indicate when data has been received */
+	USART_EnableIt(cardem_inst[0].usart_info.base, US_IER_RXRDY );
+#endif
+	/*  enable interrupt requests for the USART peripheral */
 	NVIC_EnableIRQ(USART1_IRQn);
+
 	PIO_ConfigureIt(&pin_usim1_rst, usim1_rst_irqhandler);
 	PIO_EnableIt(&pin_usim1_rst);
+
+	/* obtain current RST state */
+	usim1_rst_irqhandler(&pin_usim1_rst);
 #ifndef DETECT_VCC_BY_ADC
 	PIO_ConfigureIt(&pin_usim1_vcc, usim1_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim1_vcc);
+
+	/* obtain current VCC state */
+	usim1_vcc_irqhandler(&pin_usim1_vcc);
+#else
+	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
-	cardem_inst[0].ch = card_emu_init(0, 2, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM1_INT, PIO_Get(&pin_usim1_vcc) ? true : false, PIO_Get(&pin_usim1_rst) ? false : true, PIO_Get(&pin_usim1_vcc) ? true : false);
+
+	cardem_inst[0].ch = card_emu_init(0, 2, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
+					  SIMTRACE_CARDEM_USB_EP_USIM1_INT, cardem_inst[0].vcc_active,
+					  cardem_inst[0].rst_active, cardem_inst[0].vcc_active);
 	sim_switch_use_physical(0, 1);
+#ifndef DETECT_VCC_BY_ADC
+	usim1_vcc_irqhandler(NULL); // check VCC/CLK state
+#endif
+	usim1_rst_irqhandler(NULL); // force RST state
 
 #ifdef CARDEMU_SECOND_UART
 	INIT_LLIST_HEAD(&cardem_inst[1].usb_out_queue);
 	rbuf_reset(&cardem_inst[1].rb);
 	PIO_Configure(pins_usim2, PIO_LISTSIZE(pins_usim2));
 	ISO7816_Init(&cardem_inst[1].usart_info, CLK_SLAVE);
+	// TODO enable timeout
 	NVIC_EnableIRQ(USART0_IRQn);
 	PIO_ConfigureIt(&pin_usim2_rst, usim2_rst_irqhandler);
 	PIO_EnableIt(&pin_usim2_rst);
+	usim2_rst_irqhandler(&pin_usim2_rst); /* obtain current RST state */
 #ifndef DETECT_VCC_BY_ADC
 	PIO_ConfigureIt(&pin_usim2_vcc, usim2_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim2_vcc);
+	usim2_vcc_irqhandler(&pin_usim2_vcc); /* obtain current VCC state */
+#else
+	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
-	cardem_inst[1].ch = card_emu_init(1, 0, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN, SIMTRACE_CARDEM_USB_EP_USIM2_INT, PIO_Get(&pin_usim2_vcc) ? true : false, PIO_Get(&pin_usim2_rst) ? false : true, PIO_Get(&pin_usim2_vcc) ? true : false);
+
+	cardem_inst[1].ch = card_emu_init(1, 0, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
+					  SIMTRACE_CARDEM_USB_EP_USIM2_INT, cardem_inst[1].vcc_active,
+					  cardem_inst[1].rst_active, cardem_inst[1].vcc_active);
 	sim_switch_use_physical(1, 1);
+	// TODO check rst and vcc
 #endif /* CARDEMU_SECOND_UART */
 }
 
@@ -486,6 +677,7 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 	struct simtrace_msg_hdr *hdr;
 	struct cardemu_usb_msg_set_atr *atr;
 	struct cardemu_usb_msg_cardinsert *cardins;
+	struct cardemu_usb_msg_config *cfg;
 	struct llist_head *queue;
 
 	hdr = (struct simtrace_msg_hdr *) msg->l1h;
@@ -505,6 +697,7 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 		if (!ci->pin_insert.pio) {
 			TRACE_INFO("%u: skipping unsupported card_insert to %s\r\n",
 				   ci->num, cardins->card_insert ? "INSERTED" : "REMOVED");
+			usb_buf_free(msg);
 			break;
 		}
 		TRACE_INFO("%u: set card_insert to %s\r\n", ci->num,
@@ -516,9 +709,13 @@ static void dispatch_usb_command_cardem(struct msgb *msg, struct cardem_inst *ci
 		usb_buf_free(msg);
 		break;
 	case SIMTRACE_MSGT_BD_CEMU_STATUS:
-		card_emu_report_status(ci->ch);
+		card_emu_report_status(ci->ch, false);
 		usb_buf_free(msg);
 		break;
+	case SIMTRACE_MSGT_BD_CEMU_CONFIG:
+		cfg = (struct cardemu_usb_msg_config *) msg->l2h;
+		card_emu_set_config(ci->ch, cfg, msgb_l2len(msg));
+		break;
 	case SIMTRACE_MSGT_BD_CEMU_STATS:
 	default:
 		/* FIXME: Send Error */
@@ -652,9 +849,10 @@ static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
 		}
 
 		if (mh->msg_len > msgb_length(msg)) {
-			TRACE_ERROR("%u: Unexpected large message (%u bytes)\n",
+			TRACE_ERROR("%u: Unexpected large message (%u bytes)\r\n",
 					ci->num, mh->msg_len);
 			usb_buf_free(segm);
+			break;
 		} else {
 			uint8_t *cur = msgb_put(segm, mh->msg_len);
 			segm->l1h = segm->head;
@@ -714,6 +912,8 @@ void mode_cardemu_run(void)
 			//TRACE_ERROR("%uRx%02x\r\n", i, byte);
 		}
 
+		process_io_statechg(ci);
+
 		/* first try to send any pending messages on IRQ */
 		usb_refill_to_host(ci->ep_int);
 

firmware/libcommon/source/pseudo_talloc.c

@@ -15,13 +15,16 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
  */
 #include <stdint.h>
+#include <stdio.h>
 
 #include "talloc.h"
 #include "trace.h"
 #include "utils.h"
 #include <osmocom/core/utils.h>
 
-#define NUM_RCTX_SMALL 10
+/* TODO: this number should dynamically scale. We need at least one per IN/IRQ endpoint,
+ * as well as at least 3 for every OUT endpoint.  Plus some more depending on the application */
+#define NUM_RCTX_SMALL 20
 #define RCTX_SIZE_SMALL 348
 
 static uint8_t msgb_data[NUM_RCTX_SMALL][RCTX_SIZE_SMALL] __attribute__((aligned(sizeof(long))));
@@ -63,6 +66,7 @@ int _talloc_free(void *ptr, const char *location)
 		if (ptr == msgb_data[i]) {
 			if (!msgb_inuse[i]) {
 				TRACE_ERROR("%s: double_free by %s\r\n", __func__, location);
+				OSMO_ASSERT(0);
 			} else {
 				msgb_inuse[i] = 0;
 			}
@@ -73,9 +77,24 @@ int _talloc_free(void *ptr, const char *location)
 
 	local_irq_restore(x);
 	TRACE_ERROR("%s: invalid pointer %p from %s\r\n", __func__, ptr, location);
+	OSMO_ASSERT(0);
 	return -1;
 }
 
+void talloc_report(const void *ptr, FILE *f)
+{
+	unsigned int i;
+
+	fprintf(f, "talloc_report(): ");
+	for (i = 0; i < ARRAY_SIZE(msgb_inuse); i++) {
+		if (msgb_inuse[i])
+			fputc('X', f);
+		else
+			fputc('_', f);
+	}
+	fprintf(f, "\r\n");
+}
+
 void talloc_set_name_const(const void *ptr, const char *name)
 {
 	/* do nothing */

firmware/libcommon/source/simtrace_iso7816.c

@@ -71,7 +71,7 @@ void ISR_PhoneRST(const Pin * pPin)
 	     USBD_Write(SIMTRACE_USB_EP_PHONE_INT, "R", 1,
 			(TransferCallback) & Callback_PhoneRST_ISR,
 			0)) != USBD_STATUS_SUCCESS) {
-		TRACE_ERROR("USB err status: %d (%s)\n", ret, __FUNCTION__);
+		TRACE_ERROR("USB err status: %d (%s)\r\n", ret, __FUNCTION__);
 		return;
 	}
 
@@ -80,7 +80,7 @@ void ISR_PhoneRST(const Pin * pPin)
 }
 
 /*
- *  char_stat is zero if no error occured.
+ *  char_stat is zero if no error occurred.
  *  Otherwise it is filled with the content of the status register.
  */
 void mode_trace_usart1_irq(void)
@@ -109,8 +109,8 @@ void mode_trace_usart1_irq(void)
 			/* Fill char into buffer */
 			rbuf_write(&sim_rcv_buf, c);
 		} else {
-			TRACE_DEBUG("e %x st: %x\n", c, stat);
-		}		/* else: error occured */
+			TRACE_DEBUG("e %x st: %lx\r\n", c, stat);
+		}		/* else: error occurred */
 
 		char_stat = stat;
 	}

firmware/libcommon/source/sniffer.c

@@ -214,8 +214,8 @@ static void update_wt(uint8_t wi, uint8_t d)
 	if (0 != d) {
 		wt_d = d;
 	}
-	wt = wt_wi*960UL*wt_d;
-	TRACE_INFO("WT updated to %lu\n\r", wt);
+	wt = wt_wi * 960UL * wt_d;
+	TRACE_INFO("WT updated to %lu ETU\n\r", wt);
 }
 
 /*! Allocate USB buffer and push + initialize simtrace_msg_hdr
@@ -303,22 +303,10 @@ static void change_state(enum iso7816_3_sniff_state iso_state_new)
 }
 
 const struct value_string data_flags[] = {
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_INCOMPLETE,
-		.str = "incomplete",
-	},
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_MALFORMED,
-		.str = "malformed",
-	},
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_CHECKSUM,
-		.str = "checksum error",
-	},
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ SNIFF_DATA_FLAG_ERROR_INCOMPLETE,	"incomplete" },
+	{ SNIFF_DATA_FLAG_ERROR_MALFORMED,	"malformed" },
+	{ SNIFF_DATA_FLAG_ERROR_CHECKSUM,	"checksum error" },
+	{ 0, NULL }
 };
 
 static void print_flags(const struct value_string* flag_meanings, uint32_t nb_flags, uint32_t flags) {

firmware/libcommon/source/stdio.c

@@ -358,6 +358,7 @@ signed int vsnprintf(char *pStr, size_t length, const char *pFormat, va_list ap)
 				case 'i': num = PutSignedInt(pStr, fill, width, va_arg(ap, signed int)); break;
 				case 'u': num = PutUnsignedInt(pStr, fill, width, va_arg(ap, unsigned int)); break;
 				case 'x': num = PutHexa(pStr, fill, width, 0, va_arg(ap, unsigned int)); break;
+				case 'p': num = PutHexa(pStr, fill, width, 0, va_arg(ap, unsigned long)); break;
 				case 'X': num = PutHexa(pStr, fill, width, 1, va_arg(ap, unsigned int)); break;
 				case 's': num = PutString(pStr, va_arg(ap, char *)); break;
 				case 'c': num = PutChar(pStr, va_arg(ap, unsigned int)); break;

firmware/libcommon/source/tc_etu.c

@@ -23,6 +23,9 @@
 
 #include "chip.h"
 
+void card_emu_wt_halfed(void *handle);
+void card_emu_wt_expired(void *handle);
+
 /* pins for Channel 0 of TC-block 0, we only use TCLK + TIOB */
 #define PIN_TCLK0	{PIO_PA4, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT }
 #define PIN_TIOA0	{PIO_PA0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
@@ -85,7 +88,7 @@ static void tc_etu_irq(struct tc_etu_state *te)
 		te->nr_events++;
 		if (te->nr_events == te->wait_events/2) {
 			/* Indicate that half the waiting tim has expired */
-			tc_etu_wtime_half_expired(te->handle);
+			card_emu_wt_halfed(te->handle);
 		}
 		if (te->nr_events >= te->wait_events) {
 			TcChannel *chan = te->chan;
@@ -96,7 +99,7 @@ static void tc_etu_irq(struct tc_etu_state *te)
 			chan->TC_CCR = TC_CCR_CLKEN;
 
 			/* Indicate that the waiting tim has expired */
-			tc_etu_wtime_expired(te->handle);
+			card_emu_wt_expired(te->handle);
 		}
 	}
 }

firmware/libcommon/source/usb_buf.c

@@ -24,6 +24,7 @@
 #include <errno.h>
 
 #define USB_ALLOC_SIZE	280
+#define USB_MAX_QLEN	3
 
 static struct usb_buffered_ep usb_buffered_ep[BOARD_USB_NUMENDPOINTS];
 
@@ -78,7 +79,18 @@ int usb_buf_submit(struct msgb *msg)
 
 	/* no need for irqsafe operation, as the usb_tx_queue is
 	 * processed only by the main loop context */
-	msgb_enqueue(&ep->queue, msg);
+
+	if (ep->queue_len >= USB_MAX_QLEN) {
+		struct msgb *evict;
+		/* free the first pending buffer in the queue */
+		TRACE_INFO("EP%02x: dropping first queue element (qlen=%u)\r\n",
+			   ep->ep, ep->queue_len);
+		evict = msgb_dequeue_count(&ep->queue, &ep->queue_len);
+		OSMO_ASSERT(evict);
+		usb_buf_free(evict);
+	}
+
+	msgb_enqueue_count(&ep->queue, msg, &ep->queue_len);
 	return 0;
 }
 
@@ -89,5 +101,6 @@ void usb_buf_init(void)
 	for (i = 0; i < ARRAY_SIZE(usb_buffered_ep); i++) {
 		struct usb_buffered_ep *ep = &usb_buffered_ep[i];
 		INIT_LLIST_HEAD(&ep->queue);
+		ep->ep = i;
 	}
 }

firmware/libosmocore/include/osmocom/core/msgb.h

@@ -80,6 +80,49 @@ extern int msgb_resize_area(struct msgb *msg, uint8_t *area,
 extern struct msgb *msgb_copy(const struct msgb *msg, const char *name);
 static int msgb_test_invariant(const struct msgb *msg) __attribute__((pure));
 
+/*! Free all msgbs from a queue built with msgb_enqueue().
+ * \param[in] queue  list head of a msgb queue.
+ */
+static inline void msgb_queue_free(struct llist_head *queue)
+{
+	struct msgb *msg;
+	while ((msg = msgb_dequeue(queue))) msgb_free(msg);
+}
+
+/*! Enqueue message buffer to tail of a queue and increment queue size counter
+ * \param[in] queue linked list header of queue
+ * \param[in] msg message buffer to be added to the queue
+ * \param[in] count pointer to variable holding size of the queue
+ *
+ * The function will append the specified message buffer \a msg to the queue
+ * implemented by \ref llist_head \a queue using function \ref msgb_enqueue_count,
+ * then increment \a count
+ */
+static inline void msgb_enqueue_count(struct llist_head *queue, struct msgb *msg,
+					unsigned int *count)
+{
+	msgb_enqueue(queue, msg);
+	(*count)++;
+}
+
+/*! Dequeue message buffer from head of queue and decrement queue size counter
+ * \param[in] queue linked list header of queue
+ * \param[in] count pointer to variable holding size of the queue
+ * \returns message buffer (if any) or NULL if queue empty
+ *
+ * The function will remove the first message buffer from the queue
+ * implemented by \ref llist_head \a queue using function \ref msgb_enqueue_count,
+ * and decrement \a count, all if queue is not empty.
+ */
+static inline struct msgb *msgb_dequeue_count(struct llist_head *queue,
+						unsigned int *count)
+{
+	struct msgb *msg = msgb_dequeue(queue);
+	if (msg)
+		(*count)--;
+	return msg;
+}
+
 #ifdef MSGB_DEBUG
 #include <osmocom/core/panic.h>
 #define MSGB_ABORT(msg, fmt, args ...) do {		\

firmware/libosmocore/include/osmocom/core/utils.h

@@ -36,7 +36,7 @@ const char *get_value_string_or_null(const struct value_string *vs,
 int get_string_value(const struct value_string *vs, const char *str);
 
 char osmo_bcd2char(uint8_t bcd);
-/* only works for numbers in ascci */
+/* only works for numbers in ASCII */
 uint8_t osmo_char2bcd(char c);
 
 int osmo_hexparse(const char *str, uint8_t *b, int max_len);
@@ -60,7 +60,7 @@ do {								\
 	rem -= ret;						\
 } while (0)
 
-/*! Helper macro to terminate when an assertion failes
+/*! Helper macro to terminate when an assertion fails
  *  \param[in] exp Predicate to verify
  *  This function will generate a backtrace and terminate the program if
  *  the predicate evaluates to false (0).
@@ -75,7 +75,7 @@ do {								\
 /*! duplicate a string using talloc and release its prior content (if any)
  * \param[in] ctx Talloc context to use for allocation
  * \param[out] dst pointer to string, will be updated with ptr to new string
- * \param[in] newstr String that will be copieed to newly allocated string */
+ * \param[in] newstr String that will be copied to newly allocated string */
 static inline void osmo_talloc_replace_string(void *ctx, char **dst, const char *newstr)
 {
 	if (*dst)

firmware/test/card_emu_tests.c

@@ -177,14 +177,14 @@ static void dump_rctx(struct msgb *msg)
 
 static void get_and_verify_rctx(uint8_t ep, const uint8_t *data, unsigned int len)
 {
-	struct llist_head *queue = usb_get_queue(ep);
+	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
 	struct cardemu_usb_msg_tx_data *td;
 	struct cardemu_usb_msg_rx_data *rd;
 	struct simtrace_msg_hdr *mh;
 
-	assert(queue);
-	msg = msgb_dequeue(queue);
+	assert(bep);
+	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 	assert(msg);
 	dump_rctx(msg);
 	assert(msg->l1h);
@@ -214,13 +214,13 @@ static void get_and_verify_rctx(uint8_t ep, const uint8_t *data, unsigned int le
 
 static void get_and_verify_rctx_pps(const uint8_t *data, unsigned int len)
 {
-	struct llist_head *queue = usb_get_queue(PHONE_DATAIN);
+	struct usb_buffered_ep *bep = usb_get_buf_ep(PHONE_DATAIN);
 	struct msgb *msg;
 	struct simtrace_msg_hdr *mh;
 	struct cardemu_usb_msg_pts_info *ptsi;
 
-	assert(queue);
-	msg = msgb_dequeue(queue);
+	assert(bep);
+	msg = msgb_dequeue_count(&bep->queue, &bep->queue_len);
 	assert(msg);
 	dump_rctx(msg);
 	assert(msg->l1h);

host/.gitignore

@@ -20,6 +20,7 @@ depcomp
 install-sh
 missing
 stamp-h1
+m4
 
 #libtool
 ltmain.sh
@@ -30,3 +31,8 @@ libtool
 .version
 
 *.pc
+
+simtrace2-list
+simtrace2-sniff
+simtrace2-remsim
+simtrace2-remsim-usb2udp

host/COPYING

@@ -0,0 +1,339 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

host/configure.ac

@@ -58,6 +58,7 @@ AC_SUBST(SYMBOL_VISIBILITY)
 
 PKG_CHECK_MODULES(LIBOSMOCORE, libosmocore >= 1.0.0)
 PKG_CHECK_MODULES(LIBOSMOSIM, libosmosim >= 1.0.0)
+PKG_CHECK_MODULES(LIBOSMOUSB, libosmousb >= 0.0.0)
 PKG_CHECK_MODULES(LIBUSB, libusb-1.0)
 
 AC_ARG_ENABLE(sanitize,

host/include/Makefile.am

@@ -1,7 +1,8 @@
 nobase_include_HEADERS = \
 		osmocom/simtrace2/apdu_dispatch.h \
-		osmocom/simtrace2/libusb_util.h \
 		osmocom/simtrace2/simtrace2_api.h \
 		osmocom/simtrace2/simtrace_usb.h \
 		osmocom/simtrace2/simtrace_prot.h \
-		osmocom/simtrace2/gsmtap.h
+		osmocom/simtrace2/usb_util.h \
+		osmocom/simtrace2/gsmtap.h \
+		$(NULL)

host/include/osmocom/simtrace2/apdu_dispatch.h

@@ -1,6 +1,6 @@
 /* apdu_dispatch - State machine to determine Rx/Tx phases of APDU
  *
- * (C) 2016 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2016-2019 by Harald Welte <hwelte@hmw-consulting.de>
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -44,6 +44,8 @@ enum osmo_apdu_action {
 	APDU_ACT_RX_MORE_CAPDU_FROM_READER	= 0x0002,
 };
 
+const char *osmo_apdu_dump_context_buf(char *buf, unsigned int buf_len,
+					const struct osmo_apdu_context *ac);
 
 int osmo_apdu_segment_in(struct osmo_apdu_context *ac, const uint8_t *apdu_buf,
 			 unsigned int apdu_len, bool new_apdu);

host/include/osmocom/simtrace2/libusb_util.h

@@ -1,73 +0,0 @@
-/* libisb utilities
- * 
- * (C) 2010-2016 by Harald Welte <hwelte@hmw-consulting.de>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-#pragma once
-
-#include <libusb.h>
-
-#define USB_MAX_PATH_LEN 20
-
-struct dev_id {
-	uint16_t vendor_id;
-	uint16_t product_id;
-};
-
-/* Find any USB devices in the system matching the given Vendor and
- * Product ID */
-libusb_device **find_matching_usb_devs(const struct dev_id *dev_ids);
-
-/* structure describing a single matching interface found */
-struct usb_interface_match {
-	/* libusb device E*/
-	libusb_device *usb_dev;
-	/* Vendor ID of the device running matching interface */
-	uint16_t vendor;
-	/* Product ID of the device running matching interface */
-	uint16_t product;
-	/* USB Bus Address */
-	uint8_t addr;
-	/* physical path */
-	char path[USB_MAX_PATH_LEN];
-	/* configuration of matching interface */
-	uint8_t configuration;
-	/* interface number of matching interface */
-	uint8_t interface;
-	/* altsetting of matching interface */
-	uint8_t altsetting;
-	/* bInterfaceClass of matching interface */
-	uint8_t class;
-	/* bInterfaceSubClass of matching interface */
-	uint8_t sub_class;
-	/* bInterfaceProtocol of matching interface */
-	uint8_t protocol;
-	/* index of string descriptor of matching interface */
-	uint8_t string_idx;
-};
-
-int dev_find_matching_interfaces(libusb_device *dev, int class, int sub_class, int protocol,
-				 struct usb_interface_match *out, unsigned int out_len);
-
-int usb_match_interfaces(libusb_context *ctx, const struct dev_id *dev_ids,
-			 int class, int sub_class, int protocol,
-			 struct usb_interface_match *out, unsigned int out_len);
-
-libusb_device_handle *usb_open_claim_interface(libusb_context *ctx,
-					       const struct usb_interface_match *ifm);
-
-int get_usb_ep_addrs(libusb_device_handle *devh, unsigned int if_num,
-		     uint8_t *out, uint8_t *in, uint8_t *irq);

host/include/osmocom/simtrace2/simtrace2_api.h

@@ -33,6 +33,10 @@ struct osmo_st2_cardem_inst {
 	const struct osim_cla_ins_card_profile *card_prof;
 	/* libosmosim SIM card channel */
 	struct osim_chan_hdl *chan;
+	/* path of the underlying USB device */
+	char *usb_path;
+	/* opaque data TBD by user */
+	void *priv;
 };
 
 int osmo_st2_transp_tx_msg(struct osmo_st2_transport *transp, struct msgb *msg);
@@ -48,6 +52,7 @@ int osmo_st2_cardem_request_pb_and_tx(struct osmo_st2_cardem_inst *ci, uint8_t p
 int osmo_st2_cardem_request_sw_tx(struct osmo_st2_cardem_inst *ci, const uint8_t *sw);
 int osmo_st2_cardem_request_set_atr(struct osmo_st2_cardem_inst *ci, const uint8_t *atr,
 				    unsigned int atr_len);
+int osmo_st2_cardem_request_config(struct osmo_st2_cardem_inst *ci, uint32_t features);
 
 
 int osmo_st2_modem_reset_pulse(struct osmo_st2_slot *slot, uint16_t duration_ms);

host/include/osmocom/simtrace2/usb_util.h

@@ -0,0 +1,5 @@
+#pragma once
+
+#include <osmocom/usb/libusb.h>
+
+extern const struct dev_id osmo_st2_compatible_dev_ids[];

host/lib/Makefile.am

@@ -15,5 +15,6 @@ libosmo_simtrace2_la_LIBADD = $(COMMONLIBS)
 libosmo_simtrace2_la_SOURCES = \
 	apdu_dispatch.c \
 	gsmtap.c \
-	libusb_util.c \
-	simtrace2_api.c
+	simtrace2_api.c \
+	usb_util.c \
+	$(NULL)

host/lib/apdu_dispatch.c

@@ -1,6 +1,6 @@
 /* apdu_dispatch - State machine to determine Rx/Tx phases of APDU
  *
- * (C) 2016 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2016-2019 by Harald Welte <hwelte@hmw-consulting.de>
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -24,6 +24,7 @@
 #include <errno.h>
 
 #include <osmocom/core/utils.h>
+#include <osmocom/core/logging.h>
 #include <osmocom/sim/sim.h>
 #include <osmocom/sim/class_tables.h>
 
@@ -41,7 +42,7 @@ static inline bool is_de_complete(struct osmo_apdu_context *ac)
 	return (ac->le.tot == ac->le.cur);
 }
 
-static const char *dump_apdu_hdr(const struct osim_apdu_cmd_hdr *h)
+static const char *stringify_apdu_hdr(const struct osim_apdu_cmd_hdr *h)
 {
 	static char buf[256];
 	sprintf(buf, "CLA=%02x INS=%02x P1=%02x P2=%02x P3=%02x",
@@ -50,12 +51,19 @@ static const char *dump_apdu_hdr(const struct osim_apdu_cmd_hdr *h)
 	return buf;
 }
 
-static void dump_apdu_ctx(const struct osmo_apdu_context *ac)
+/*! generate string representation of APDU context in specified output buffer.
+ *  \param[in] buf output string buffer provided by caller
+ *  \param[in] buf_len size of buf in bytes
+ *  \param[in] ac APDU context to dump in buffer
+ *  \returns pointer to buf on success */
+const char *osmo_apdu_dump_context_buf(char *buf, unsigned int buf_len,
+				       const struct osmo_apdu_context *ac)
 {
-	printf("%s; case=%d, lc=%d(%d), le=%d(%d)\n",
-		dump_apdu_hdr(&ac->hdr), ac->apdu_case,
-		ac->lc.tot, ac->lc.cur,
-		ac->le.tot, ac->le.cur);
+	snprintf(buf, buf_len, "%s; case=%d, lc=%d(%d), le=%d(%d)\n",
+		 stringify_apdu_hdr(&ac->hdr), ac->apdu_case,
+		 ac->lc.tot, ac->lc.cur,
+		 ac->le.tot, ac->le.cur);
+	return buf;
 }
 
 /*! \brief input function for APDU segmentation
@@ -105,7 +113,7 @@ int osmo_apdu_segment_in(struct osmo_apdu_context *ac, const uint8_t *apdu_buf,
 			break;
 		case 0:
 		default:
-			fprintf(stderr, "Unknown APDU case %d\n", ac->apdu_case);
+			LOGP(DLGLOBAL, LOGL_ERROR, "Unknown APDU case %d\n", ac->apdu_case);
 			return -1;
 		}
 	} else {
@@ -124,8 +132,8 @@ int osmo_apdu_segment_in(struct osmo_apdu_context *ac, const uint8_t *apdu_buf,
 			ac->lc.cur += cpy_len;
 			break;
 		default:
-			fprintf(stderr, "Unknown APDU case %d\n", ac->apdu_case);
-			break;
+			LOGP(DLGLOBAL, LOGL_ERROR, "Unknown APDU case %d\n", ac->apdu_case);
+			return -1;
 		}
 	}
 
@@ -163,11 +171,9 @@ int osmo_apdu_segment_in(struct osmo_apdu_context *ac, const uint8_t *apdu_buf,
 		break;
 	case 0:
 	default:
-		fprintf(stderr, "Unknown APDU case %d\n", ac->apdu_case);
-		break;
+		LOGP(DLGLOBAL, LOGL_ERROR, "Unknown APDU case %d\n", ac->apdu_case);
+		return -1;
 	}
 
-	dump_apdu_ctx(ac);
-
 	return rc;
 }

host/lib/gsmtap.c

@@ -1,3 +1,22 @@
+/* gsmtap - How to encapsulate SIM protocol traces in GSMTAP
+ *
+ * (C) 2016-2019 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
 #include <osmocom/simtrace2/gsmtap.h>
 
 #include <osmocom/core/gsmtap.h>

host/lib/libusb_util.c

@@ -1,338 +0,0 @@
-/* libusb utilities
- * 
- * (C) 2010-2019 by Harald Welte <hwelte@hmw-consulting.de>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-#include <errno.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-
-#include <libusb.h>
-
-#include <osmocom/simtrace2/libusb_util.h>
-
-static char path_buf[USB_MAX_PATH_LEN];
-
-static char *get_path(libusb_device *dev)
-{
-#if (defined(LIBUSB_API_VERSION) && LIBUSB_API_VERSION >= 0x01000102) || (defined(LIBUSBX_API_VERSION) && LIBUSBX_API_VERSION >= 0x01000102)
-	uint8_t path[8];
-	int r,j;
-	r = libusb_get_port_numbers(dev, path, sizeof(path));
-	if (r > 0) {
-		sprintf(path_buf,"%d-%d",libusb_get_bus_number(dev),path[0]);
-		for (j = 1; j < r; j++){
-			sprintf(path_buf+strlen(path_buf),".%d",path[j]);
-		};
-	}
-	return path_buf;
-#else
-# warning "libusb too old - building without USB path support!"
-	return NULL;
-#endif
-}
-
-static int match_dev_id(const struct libusb_device_descriptor *desc, const struct dev_id *id)
-{
-	if ((desc->idVendor == id->vendor_id) && (desc->idProduct == id->product_id))
-		return 1;
-	return 0;
-}
-
-
-static int match_dev_ids(const struct libusb_device_descriptor *desc, const struct dev_id *ids)
-{
-	const struct dev_id *id;
-
-	for (id = ids; id->vendor_id || id->product_id; id++) {
-		if (match_dev_id(desc, id))
-			return 1;
-	}
-	return 0;
-}
-
-libusb_device **find_matching_usb_devs(const struct dev_id *dev_ids)
-{
-	libusb_device **list;
-	libusb_device **out = calloc(256, sizeof(libusb_device *));
-	libusb_device **cur = out;
-	unsigned int i;
-	int rc;
-
-	if (!out)
-		return NULL;
-
-	rc = libusb_get_device_list(NULL, &list);
-	if (rc <= 0) {
-		perror("No USB devices found");
-		free(out);
-		return NULL;
-	}
-
-	for (i = 0; list[i] != NULL; i++) {
-		struct libusb_device_descriptor dev_desc;
-		libusb_device *dev = list[i];
-
-		rc = libusb_get_device_descriptor(dev, &dev_desc);
-		if (rc < 0) {
-			perror("Couldn't get device descriptor\n");
-			libusb_unref_device(dev);
-			continue;
-		}
-
-		if (match_dev_ids(&dev_desc, dev_ids)) {
-			*cur = dev;
-			cur++;
-			/* FIXME: overflow check */
-		} else
-			libusb_unref_device(dev);
-	}
-	if (cur == out) {
-		libusb_free_device_list(list, 1);
-		free(out);
-		return NULL;
-	}
-
-	libusb_free_device_list(list, 0);
-	return out;
-}
-
-int dev_find_matching_interfaces(libusb_device *dev, int class, int sub_class, int protocol,
-				 struct usb_interface_match *out, unsigned int out_len)
-{
-	struct libusb_device_descriptor dev_desc;
-	int rc, i, out_idx = 0;
-	uint8_t addr;
-	char *path;
-
-	rc = libusb_get_device_descriptor(dev, &dev_desc);
-	if (rc < 0) {
-		perror("Couldn't get device descriptor\n");
-		return -EIO;
-	}
-
-	addr = libusb_get_device_address(dev);
-	path = get_path(dev);
-
-	/* iterate over all configurations */
-	for (i = 0; i < dev_desc.bNumConfigurations; i++) {
-		struct libusb_config_descriptor *conf_desc;
-		int j;
-
-		rc = libusb_get_config_descriptor(dev, i, &conf_desc);
-		if (rc < 0) {
-			fprintf(stderr, "Couldn't get config descriptor %u\n", i);
-			continue;
-		}
-		/* iterate over all interfaces */
-		for (j = 0; j < conf_desc->bNumInterfaces; j++) {
-			const struct libusb_interface *intf = &conf_desc->interface[j];
-			int k;
-			/* iterate over all alternate settings */
-			for (k = 0; k < intf->num_altsetting; k++) {
-				const struct libusb_interface_descriptor *if_desc;
-				if_desc = &intf->altsetting[k];
-				if (class >= 0 && if_desc->bInterfaceClass != class)
-					continue;
-				if (sub_class >= 0 && if_desc->bInterfaceSubClass != sub_class)
-					continue;
-				if (protocol >= 0 && if_desc->bInterfaceProtocol != protocol)
-					continue;
-				/* MATCH! */
-				out[out_idx].usb_dev = dev;
-				out[out_idx].vendor = dev_desc.idVendor;
-				out[out_idx].product = dev_desc.idProduct;
-				out[out_idx].addr = addr;
-				strncpy(out[out_idx].path, path, sizeof(out[out_idx].path)-1);
-				out[out_idx].path[sizeof(out[out_idx].path)-1] = '\0';
-				out[out_idx].configuration = conf_desc->bConfigurationValue;
-				out[out_idx].interface = if_desc->bInterfaceNumber;
-				out[out_idx].altsetting = if_desc->bAlternateSetting;
-				out[out_idx].class = if_desc->bInterfaceClass;
-				out[out_idx].sub_class = if_desc->bInterfaceSubClass;
-				out[out_idx].protocol = if_desc->bInterfaceProtocol;
-				out[out_idx].string_idx = if_desc->iInterface;
-				out_idx++;
-				if (out_idx >= out_len)
-					return out_idx;
-			}
-		}
-	}
-	return out_idx;
-}
-
-int usb_match_interfaces(libusb_context *ctx, const struct dev_id *dev_ids,
-			 int class, int sub_class, int protocol,
-			 struct usb_interface_match *out, unsigned int out_len)
-{
-	struct usb_interface_match *out_cur = out;
-	unsigned int out_len_remain = out_len;
-	libusb_device **list;
-	libusb_device **dev;
-
-	list = find_matching_usb_devs(dev_ids);
-	if (!list)
-		return 0;
-
-	for (dev = list; *dev; dev++) {
-		int rc;
-
-#if 0
-		struct libusb_device_descriptor dev_desc;
-		uint8_t ports[8];
-		uint8_t addr;
-		rc = libusb_get_device_descriptor(*dev, &dev_desc);
-		if (rc < 0) {
-			perror("Cannot get device descriptor");
-			continue;
-		}
-
-		addr = libusb_get_device_address(*dev);
-
-		rc = libusb_get_port_numbers(*dev, ports, sizeof(ports));
-		if (rc < 0) {
-			perror("Cannot get device path");
-			continue;
-		}
-
-		printf("Found USB Device %04x:%04x at address %d\n",
-			dev_desc.idVendor, dev_desc.idProduct, addr);
-#endif
-
-		rc = dev_find_matching_interfaces(*dev, class, sub_class, protocol, out_cur, out_len_remain);
-		if (rc < 0)
-			continue;
-		out_cur += rc;
-		out_len_remain -= rc;
-
-	}
-	return out_len - out_len_remain;
-}
-
-libusb_device_handle *usb_open_claim_interface(libusb_context *ctx,
-					       const struct usb_interface_match *ifm)
-{
-	int rc, config;
-	struct dev_id dev_ids[] = { { ifm->vendor, ifm->product }, { 0, 0 } };
-	libusb_device **list;
-	libusb_device **dev;
-	libusb_device_handle *usb_devh = NULL;
-
-	list = find_matching_usb_devs(dev_ids);
-	if (!list) {
-		perror("No USB device with matching VID/PID");
-		return NULL;
-	}
-
-	for (dev = list; *dev; dev++) {
-		int addr;
-		char *path;
-
-		addr = libusb_get_device_address(*dev);
-		path = get_path(*dev);
-		if ((ifm->addr && addr == ifm->addr) ||
-		    (strlen(ifm->path) && !strcmp(path, ifm->path))) {
-			rc = libusb_open(*dev, &usb_devh);
-			if (rc < 0) {
-				fprintf(stderr, "Cannot open device: %s\n", libusb_error_name(rc));
-				usb_devh = NULL;
-				break;
-			}
-			rc = libusb_get_configuration(usb_devh, &config);
-			if (rc < 0) {
-				fprintf(stderr, "Cannot get current configuration: %s\n", libusb_error_name(rc));
-				libusb_close(usb_devh);
-				usb_devh = NULL;
-				break;
-			}
-			if (config != ifm->configuration) {
-				rc = libusb_set_configuration(usb_devh, ifm->configuration);
-				if (rc < 0) {
-					fprintf(stderr, "Cannot set configuration: %s\n", libusb_error_name(rc));
-					libusb_close(usb_devh);
-					usb_devh = NULL;
-					break;
-				}
-			}
-			rc = libusb_claim_interface(usb_devh, ifm->interface);
-			if (rc < 0) {
-				fprintf(stderr, "Cannot claim interface: %s\n", libusb_error_name(rc));
-				libusb_close(usb_devh);
-				usb_devh = NULL;
-				break;
-			}
-			rc = libusb_set_interface_alt_setting(usb_devh, ifm->interface, ifm->altsetting);
-			if (rc < 0) {
-				fprintf(stderr, "Cannot set interface altsetting: %s\n", libusb_error_name(rc));
-				libusb_release_interface(usb_devh, ifm->interface);
-				libusb_close(usb_devh);
-				usb_devh = NULL;
-				break;
-			}
-		}
-	}
-
-	/* unref / free list */
-	for (dev = list; *dev; dev++)
-		libusb_unref_device(*dev);
-	free(list);
-
-	return usb_devh;
-}
-
-/*! \brief obtain the endpoint addresses for a given USB interface */
-int get_usb_ep_addrs(libusb_device_handle *devh, unsigned int if_num,
-		     uint8_t *out, uint8_t *in, uint8_t *irq)
-{
-	libusb_device *dev = libusb_get_device(devh);
-	struct libusb_config_descriptor *cdesc;
-	const struct libusb_interface_descriptor *idesc;
-	const struct libusb_interface *iface;
-	int rc, l;
-
-	rc = libusb_get_active_config_descriptor(dev, &cdesc);
-	if (rc < 0)
-		return rc;
-
-	iface = &cdesc->interface[if_num];
-	/* FIXME: we assume there's no altsetting */
-	idesc = &iface->altsetting[0];
-
-	for (l = 0; l < idesc->bNumEndpoints; l++) {
-		const struct libusb_endpoint_descriptor *edesc = &idesc->endpoint[l];
-		switch (edesc->bmAttributes & 3) {
-		case LIBUSB_TRANSFER_TYPE_BULK:
-			if (edesc->bEndpointAddress & 0x80) {
-				if (in)
-					*in = edesc->bEndpointAddress;
-			} else {
-				if (out)
-					*out = edesc->bEndpointAddress;
-			}
-			break;
-		case LIBUSB_TRANSFER_TYPE_INTERRUPT:
-			if (irq)
-				*irq = edesc->bEndpointAddress;
-			break;
-		default:
-			break;
-		}
-	}
-	return 0;
-}

host/lib/simtrace2_api.c

@@ -38,11 +38,8 @@
 
 #include <libusb.h>
 
-//#include <osmocom/simtrace2/libusb_util.h>
 #include <osmocom/simtrace2/simtrace_prot.h>
 #include <osmocom/simtrace2/simtrace2_api.h>
-//#include "apdu_dispatch.h"
-//#include "simtrace2-discovery.h"
 
 #include <osmocom/core/utils.h>
 #include <osmocom/core/socket.h>
@@ -60,14 +57,6 @@ static struct msgb *st_msgb_alloc(void)
 	return msgb_alloc_headroom(1024+32, 32, "SIMtrace");
 }
 
-#if 0
-static void apdu_out_cb(uint8_t *buf, unsigned int len, void *user_data)
-{
-	printf("APDU: %s\n", osmo_hexdump(buf, len));
-	gsmtap_send_sim(buf, len);
-}
-#endif
-
 /*! \brief Transmit a given command to the SIMtrace2 device */
 int osmo_st2_transp_tx_msg(struct osmo_st2_transport *transp, struct msgb *msg)
 {
@@ -215,6 +204,21 @@ int osmo_st2_cardem_request_set_atr(struct osmo_st2_cardem_inst *ci, const uint8
 	return osmo_st2_slot_tx_msg(ci->slot, msg, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_DT_CEMU_SET_ATR);
 }
 
+int osmo_st2_cardem_request_config(struct osmo_st2_cardem_inst *ci, uint32_t features)
+{
+	struct msgb *msg = st_msgb_alloc();
+	struct cardemu_usb_msg_config *cfg;
+
+	cfg = (struct cardemu_usb_msg_config *) msgb_put(msg, sizeof(*cfg));
+
+	printf("<= %s(%08x)\n", __func__, features);
+
+	memset(cfg, 0, sizeof(*cfg));
+	cfg->features = features;
+
+	return osmo_st2_slot_tx_msg(ci->slot, msg, SIMTRACE_MSGC_CARDEM, SIMTRACE_MSGT_BD_CEMU_CONFIG);
+}
+
 /***********************************************************************
  * Modem Control protocol
  ***********************************************************************/

host/lib/usb_util.c

@@ -0,0 +1,36 @@
+/* usb_util - USB related utilities for SIMtrace 2 USB devices
+ *
+ * (C) 2016-2019 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <getopt.h>
+
+#include <osmocom/core/utils.h>
+
+#include <osmocom/usb/libusb.h>
+#include <osmocom/simtrace2/simtrace_usb.h>
+
+/*! list of USB idVendor/idProduct tuples of devices using simtrace2 firmware */
+const struct dev_id osmo_st2_compatible_dev_ids[] = {
+	{ USB_VENDOR_OPENMOKO, USB_PRODUCT_OWHW_SAM3 },
+	{ USB_VENDOR_OPENMOKO, USB_PRODUCT_QMOD_SAM3 },
+	{ USB_VENDOR_OPENMOKO, USB_PRODUCT_SIMTRACE2 },
+	{ 0, 0 }
+};

host/src/Makefile.am

@@ -1,9 +1,9 @@
 AM_CPPFLAGS = $(all_includes) -I$(top_srcdir)/include
-AM_CFLAGS=-Wall -g $(LIBOSMOCORE_CFLAGS) $(LIBOSMOSIM_CFLAGS) $(LIBUSB_CFLAGS) $(COVERAGE_FLAGS)
+AM_CFLAGS=-Wall -g $(LIBOSMOCORE_CFLAGS) $(LIBOSMOSIM_CFLAGS) $(LIBOSMOUSB_CFLAGS) $(LIBUSB_CFLAGS) $(COVERAGE_FLAGS)
 AM_LDFLAGS=$(COVERAGE_LDFLAGS)
 
 LDADD= $(top_builddir)/lib/libosmo-simtrace2.la \
-       $(LIBOSMOCORE_LIBS) $(LIBOSMOSIM_LIBS) $(LIBUSB_LIBS)
+       $(LIBOSMOCORE_LIBS) $(LIBOSMOSIM_LIBS) $(LIBOSMOUSB_LIBS) $(LIBUSB_LIBS)
 
 bin_PROGRAMS = simtrace2-remsim simtrace2-remsim-usb2udp simtrace2-list simtrace2-sniff
 

host/src/simtrace2-remsim.c

@@ -38,7 +38,7 @@
 
 #include <libusb.h>
 
-#include <osmocom/simtrace2/libusb_util.h>
+#include <osmocom/usb/libusb.h>
 #include <osmocom/simtrace2/simtrace2_api.h>
 #include <osmocom/simtrace2/simtrace_prot.h>
 #include <osmocom/simtrace2/apdu_dispatch.h>
@@ -50,6 +50,26 @@
 #include <osmocom/sim/class_tables.h>
 #include <osmocom/sim/sim.h>
 
+/*
+reasonable ATR offering all protocols and voltages
+smartphones might not care, but other readers do
+
+TS = 0x3B	Direct Convention
+T0 = 0x80	Y(1): b1000, K: 0 (historical bytes)
+TD(1) = 0x80	Y(i+1) = b1000, Protocol T=0
+----
+TD(2) = 0x81	Y(i+1) = b1000, Protocol T=1
+----
+TD(3) = 0x1F	Y(i+1) = b0001, Protocol T=15
+----
+TA(4) = 0xC7	Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+----
+Historical bytes
+TCK = 0x59 	correct checksum
+*/
+static uint8_t real_atr[] = { 0x3B, 0x80, 0x80, 0x81 , 0x1F, 0xC7, 0x59};
+
+
 static void atr_update_csum(uint8_t *atr, unsigned int atr_len)
 {
 	uint8_t csum = 0;
@@ -71,9 +91,9 @@ static int process_do_status(struct osmo_st2_cardem_inst *ci, uint8_t *buf, int
 	struct cardemu_usb_msg_status *status;
 	status = (struct cardemu_usb_msg_status *) buf;
 
-	printf("=> STATUS: flags=0x%x, fi=%u, di=%u, wi=%u wtime=%u\n",
-		status->flags, status->fi, status->di, status->wi,
-		status->waiting_time);
+	printf("=> STATUS: flags=0x%x, F=%u, D=%u, WI=%u WT=%u\n",
+		status->flags, status->f, status->d, status->wi,
+		status->wt);
 
 	return 0;
 }
@@ -182,6 +202,7 @@ static void print_help(void)
 		"\t-i\t--gsmtap-ip\tA.B.C.D\n"
 		"\t-a\t--skip-atr\n"
 		"\t-k\t--keep-running\n"
+		"\t-n\t--pcsc-reader-num\n"
 		"\t-V\t--usb-vendor\tVENDOR_ID\n"
 		"\t-P\t--usb-product\tPRODUCT_ID\n"
 		"\t-C\t--usb-config\tCONFIG_ID\n"
@@ -200,6 +221,7 @@ static const struct option opts[] = {
 	{ "skip-atr", 0, 0, 'a' },
 	{ "help", 0, 0, 'h' },
 	{ "keep-running", 0, 0, 'k' },
+	{ "pcsc-reader-num", 1, 0, 'n' },
 	{ "usb-vendor", 1, 0, 'V' },
 	{ "usb-product", 1, 0, 'P' },
 	{ "usb-config", 1, 0, 'C' },
@@ -285,6 +307,7 @@ int main(int argc, char **argv)
 	int remote_udp_port = 52342;
 	int if_num = 0, vendor_id = -1, product_id = -1;
 	int config_id = -1, altsetting = 0, addr = -1;
+	int reader_num = 0;
 	char *remote_udp_host = NULL;
 	char *path = NULL;
 	struct osim_reader_hdl *reader;
@@ -295,7 +318,7 @@ int main(int argc, char **argv)
 	while (1) {
 		int option_index = 0;
 
-		c = getopt_long(argc, argv, "r:p:hi:V:P:C:I:S:A:H:ak", opts, &option_index);
+		c = getopt_long(argc, argv, "r:p:hi:V:P:C:I:S:A:H:akn:", opts, &option_index);
 		if (c == -1)
 			break;
 		switch (c) {
@@ -318,6 +341,9 @@ int main(int argc, char **argv)
 		case 'k':
 			keep_running = 1;
 			break;
+		case 'n':
+			reader_num = atoi(optarg);
+			break;
 		case 'V':
 			vendor_id = strtol(optarg, NULL, 16);
 			break;
@@ -373,7 +399,7 @@ int main(int argc, char **argv)
 		goto close_exit;
 	}
 
-	reader = osim_reader_open(OSIM_READER_DRV_PCSC, 0, "", NULL);
+	reader = osim_reader_open(OSIM_READER_DRV_PCSC, reader_num, "", NULL);
 	if (!reader) {
 		perror("unable to open PC/SC reader");
 		goto close_exit;
@@ -404,7 +430,7 @@ int main(int argc, char **argv)
 			ifm->addr = addr;
 			if (path)
 				osmo_strlcpy(ifm->path, path, sizeof(ifm->path));
-			transp->usb_devh = usb_open_claim_interface(NULL, ifm);
+			transp->usb_devh = osmo_libusb_open_claim_interface(NULL, NULL, ifm);
 			if (!transp->usb_devh) {
 				fprintf(stderr, "can't open USB device\n");
 				goto close_exit;
@@ -416,7 +442,7 @@ int main(int argc, char **argv)
 				goto close_exit;
 			}
 
-			rc = get_usb_ep_addrs(transp->usb_devh, if_num, &transp->usb_ep.out,
+			rc = osmo_libusb_get_ep_addrs(transp->usb_devh, if_num, &transp->usb_ep.out,
 					      &transp->usb_ep.in, &transp->usb_ep.irq_in);
 			if (rc < 0) {
 				fprintf(stderr, "can't obtain EP addrs; rc=%d\n", rc);
@@ -431,10 +457,6 @@ int main(int argc, char **argv)
 		osmo_st2_modem_sim_select_remote(ci->slot);
 
 		if (!skip_atr) {
-			/* set the ATR */
-			uint8_t real_atr[] = {  0x3B, 0x9F, 0x96, 0x80, 0x1F, 0xC7, 0x80, 0x31,
-						0xA0, 0x73, 0xBE, 0x21, 0x13, 0x67, 0x43, 0x20,
-						0x07, 0x18, 0x00, 0x00, 0x01, 0xA5 };
 			atr_update_csum(real_atr, sizeof(real_atr));
 			osmo_st2_cardem_request_set_atr(ci, real_atr, sizeof(real_atr));
 		}

host/src/simtrace2-sniff.c

@@ -37,7 +37,7 @@
 
 #include <libusb.h>
 
-#include <osmocom/simtrace2/libusb_util.h>
+#include <osmocom/usb/libusb.h>
 #include <osmocom/simtrace2/simtrace_usb.h>
 #include <osmocom/simtrace2/simtrace_prot.h>
 
@@ -61,49 +61,19 @@ struct st_transport {
 };
 
 const struct value_string change_flags[] = {
-	{
-		.value = SNIFF_CHANGE_FLAG_CARD_INSERT,
-		.str = "card inserted",
-	},
-	{
-		.value = SNIFF_CHANGE_FLAG_CARD_EJECT,
-		.str = "card ejected",
-	},
-	{
-		.value = SNIFF_CHANGE_FLAG_RESET_ASSERT,
-		.str = "reset asserted",
-	},
-	{
-		.value = SNIFF_CHANGE_FLAG_RESET_DEASSERT,
-		.str = "reset de-asserted",
-	},
-	{
-		.value = SNIFF_CHANGE_FLAG_TIMEOUT_WT,
-		.str = "data transfer timeout",
-	},
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ SNIFF_CHANGE_FLAG_CARD_INSERT, "card inserted" },
+	{ SNIFF_CHANGE_FLAG_CARD_EJECT, "card ejected" },
+	{ SNIFF_CHANGE_FLAG_RESET_ASSERT, "reset asserted" },
+	{ SNIFF_CHANGE_FLAG_RESET_DEASSERT, "reset de-asserted" },
+	{ SNIFF_CHANGE_FLAG_TIMEOUT_WT, "data transfer timeout" },
+	{ 0, NULL }
 };
 
 const struct value_string data_flags[] = {
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_INCOMPLETE,
-		.str = "incomplete",
-	},
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_MALFORMED,
-		.str = "malformed",
-	},
-	{
-		.value = SNIFF_DATA_FLAG_ERROR_CHECKSUM,
-		.str = "checksum error",
-	},
-	{
-		.value = 0,
-		.str = NULL,
-	},
+	{ SNIFF_DATA_FLAG_ERROR_INCOMPLETE, "incomplete" },
+	{ SNIFF_DATA_FLAG_ERROR_MALFORMED, "malformed" },
+	{ SNIFF_DATA_FLAG_ERROR_CHECKSUM, "checksum error" },
+	{ 0, NULL }
 };
 
 static void print_flags(const struct value_string* flag_meanings, uint32_t nb_flags, uint32_t flags) {
@@ -372,7 +342,7 @@ int main(int argc, char **argv)
 	while (1) {
 		int option_index = 0;
 
-		char c = getopt_long(argc, argv, "hi:kV:P:C:I:S:A:", opts, &option_index);
+		int c = getopt_long(argc, argv, "hi:kV:P:C:I:S:A:", opts, &option_index);
 		if (c == -1)
 			break;
 		switch (c) {
@@ -414,7 +384,7 @@ int main(int argc, char **argv)
 		goto do_exit;
 	}
 	struct usb_interface_match ifm_scan[16];
-	int num_interfaces = usb_match_interfaces(NULL, compatible_dev_ids,
+	int num_interfaces = osmo_libusb_find_matching_interfaces(NULL, compatible_dev_ids,
 				 USB_CLASS_PROPRIETARY, SIMTRACE_SNIFFER_USB_SUBCLASS, -1, ifm_scan, ARRAY_SIZE(ifm_scan));
 	if (num_interfaces <= 0) {
 		perror("No compatible USB devices found");
@@ -503,7 +473,7 @@ int main(int argc, char **argv)
 	signal(SIGINT, &signal_handler);
 
 	do {
-		_transp.usb_devh = usb_open_claim_interface(NULL, &ifm_selected);
+		_transp.usb_devh = osmo_libusb_open_claim_interface(NULL, NULL, &ifm_selected);
 		if (!_transp.usb_devh) {
 			fprintf(stderr, "can't open USB device\n");
 			goto close_exit;
@@ -515,8 +485,8 @@ int main(int argc, char **argv)
 			goto close_exit;
 		}
 
-		rc = get_usb_ep_addrs(_transp.usb_devh, ifm_selected.interface, &_transp.usb_ep.out,
-				      &_transp.usb_ep.in, &_transp.usb_ep.irq_in);
+		rc = osmo_libusb_get_ep_addrs(_transp.usb_devh, ifm_selected.interface, &_transp.usb_ep.out,
+					      &_transp.usb_ep.in, &_transp.usb_ep.irq_in);
 		if (rc < 0) {
 			fprintf(stderr, "can't obtain EP addrs; rc=%d\n", rc);
 			goto close_exit;

host/src/simtrace2_usb.c

@@ -23,7 +23,7 @@
 
 #include <osmocom/core/utils.h>
 
-#include <osmocom/simtrace2/libusb_util.h>
+#include <osmocom/usb/libusb.h>
 #include <osmocom/simtrace2/simtrace_usb.h>
 
 static const struct dev_id compatible_dev_ids[] = {
@@ -38,9 +38,9 @@ static int find_devices(void)
 	struct usb_interface_match ifm[16];
 	int rc, i, num_interfaces;
 
-	/* scan for USB devices matching SIMtrace USB ID with proprietary class */ 
-	rc = usb_match_interfaces(NULL, compatible_dev_ids,
-				 USB_CLASS_PROPRIETARY, -1, -1, ifm, ARRAY_SIZE(ifm));
+	/* scan for USB devices matching SIMtrace USB ID with proprietary class */
+	rc = osmo_libusb_find_matching_interfaces(NULL, compatible_dev_ids,
+						  USB_CLASS_PROPRIETARY, -1, -1, ifm, ARRAY_SIZE(ifm));
 	printf("USB matches: %d\n", rc);
 	if (rc < 0)
 		return rc;

host/src/usb2udp.c

@@ -35,9 +35,9 @@
 
 #include <libusb.h>
 
+#include <osmocom/usb/libusb.h>
 #include <osmocom/simtrace2/simtrace_usb.h>
 #include <osmocom/simtrace2/simtrace_prot.h>
-#include <osmocom/simtrace2/libusb_util.h>
 
 #include <osmocom/core/utils.h>
 #include <osmocom/core/socket.h>
@@ -259,7 +259,7 @@ int main(int argc, char **argv)
 	g_udp_ofd.cb = ofd_udp_cb;
 	osmo_sock_init_ofd(&g_udp_ofd, AF_INET, SOCK_DGRAM, IPPROTO_UDP, NULL, local_udp_port + if_num, OSMO_SOCK_F_BIND);
 
-	rc = get_usb_ep_addrs(g_devh, if_num, &g_buf_out.ep, &g_buf_in.ep, NULL);
+	rc = osmo_libusb_get_ep_addrs(g_devh, if_num, &g_buf_out.ep, &g_buf_in.ep, NULL);
 	if (rc < 0) {
 		fprintf(stderr, "couldn't find enpdoint addresses; rc=%d\n", rc);
 		goto close_exit;