cardem: choose a more reasonable default ATR

PCSCd does not like invalid ATRs

Change-Id: I1eebfdc06be55931c2e80e2b515ac3a559737c38

contrib/jenkins.sh

@@ -28,7 +28,7 @@ export PKG_CONFIG_PATH="$inst/lib/pkgconfig:$PKG_CONFIG_PATH"
 export LD_LIBRARY_PATH="$inst/lib"
 
 BUILDS=""
-BUILDS+="simtrace/dfu simtrace/cardem simtrace/trace " # simtrace/triple_play
+BUILDS+="simtrace/dfu simtrace/trace simtrace/cardem "
 BUILDS+="qmod/dfu qmod/cardem "
 BUILDS+="owhw/dfu owhw/cardem "
 
@@ -63,8 +63,6 @@ make dist
 #	make -C "$base/doc/manuals" publish
 #fi
 
-rm -rf $TOPDIR/firmware/bin/simtrace-cardem*
-
 if [ "x$publish" = "x--publish" ]; then
 	echo
 	echo "=============== UPLOAD BUILD  =============="

firmware/Makefile

@@ -33,6 +33,14 @@ GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarvers)
 #        User-modifiable options
 #-------------------------------------------------------------------------------
 
+# verbosity
+V ?= 0
+ifneq ("$(V)","0")
+SILENT :=
+else
+SILENT := @
+endif
+
 # Chip & board used for compilation
 # (can be overriden by adding CHIP=chip and BOARD=board to the command-line)
 CHIP  ?= sam3s4
@@ -100,7 +108,7 @@ C_LIBUSB     = USBDescriptors.c USBRequests.c USBD.c USBDCallbacks.c USBDDriver.
 C_LIBUSB_RT  = dfu.c dfu_runtime.c
 C_LIBUSB_DFU = dfu.c dfu_desc.c dfu_driver.c
 C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c \
-	       main_common.c
+	       main_common.c tc_etu.c
 
 C_BOARD      = $(notdir $(wildcard libboard/common/source/*.c))
 C_BOARD     += $(notdir $(wildcard libboard/$(BOARD)/source/*.c))
@@ -164,14 +172,14 @@ CFLAGS += -Wno-suggest-attribute=noreturn
 # -mlong-calls  -Wall
 #CFLAGS += -save-temps -fverbose-asm
 #CFLAGS += -Wa,-a,-ad
-CFLAGS += -D__ARM
+CFLAGS += -D__ARM -fno-builtin
 CFLAGS += --param max-inline-insns-single=500 -mcpu=cortex-m3 -mthumb # -mfix-cortex-m3-ldrd
 CFLAGS += -ffunction-sections -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -DTRACE_LEVEL=$(TRACE_LEVEL) -DALLOW_PEER_ERASE=$(ALLOW_PEER_ERASE)
 CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
 CFLAGS += -DBOARD=\"$(BOARD)\" -DBOARD_$(BOARD)
 CFLAGS += -DAPPLICATION=\"$(APP)\" -DAPPLICATION_$(APP)
 ASFLAGS = -mcpu=cortex-m3 -mthumb -Wall -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -D__ASSEMBLY__
-LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--warn-unresolved-symbols -Wl,--print-memory-usage $(LIB)
+LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--print-memory-usage -Wl,--no-undefined $(LIB)
 #LD_OPTIONAL=-Wl,--print-gc-sections -Wl,--stats
 
 # Append BIN directories to output filename
@@ -210,22 +218,22 @@ C_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(C_OBJECTS))
 ASM_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(ASM_OBJECTS))
 
 $(1): $$(ASM_OBJECTS_$(1)) $$(C_OBJECTS_$(1))
-	@$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
+	$(SILENT)$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
 	cp $(OUTPUT)-$$@.elf $(OUTPUT)-$$@-$(GIT_VERSION).elf
 	cp $(OUTPUT)-$$@.elf $(OUTPUT)-$$@-latest.elf
-	@$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
-	@$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
+	$(SILENT)$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
+	$(SILENT)$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
 	cp $(OUTPUT)-$$@.bin $(OUTPUT)-$$@-$(GIT_VERSION).bin
 	cp $(OUTPUT)-$$@.bin $(OUTPUT)-$$@-latest.bin
-	@$(SIZE) $$^ $(OUTPUT)-$$@.elf
+	$(SILENT)$(SIZE) $$^ $(OUTPUT)-$$@.elf
 
 $$(C_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.c Makefile $(OBJ) $(BIN)
 	@echo [COMPILING $$<]
-	@$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
+	$(SILENT)$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
 
 $$(ASM_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.S Makefile $(OBJ) $(BIN)
 	@echo [ASSEMBLING $$@]
-	@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
+	$(SILENT)@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
 
 debug_$(1): $(1)
 	$(GDB) -x "$(BOARD_LIB)/resources/gcc/$(BOARD)_$(1).gdb" -ex "reset" -readnow -se $(OUTPUT)-$(1).elf

firmware/apps/cardem/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c iso7816_fidi.c iso7816_3.c iso7816_4.c mode_cardemu.c simtrace_iso7816.c usb.c

firmware/apps/cardem/main.c

@@ -147,7 +147,8 @@ extern int main(void)
 	unsigned int i = 0;
 
 	led_init();
-	led_blink(LED_RED, BLINK_3O_5F);
+	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_GREEN, BLINK_ALWAYS_ON);
 
 	/* Enable watchdog for 2000ms, with no window */
 	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
@@ -164,7 +165,7 @@ extern int main(void)
 	while (USBD_GetState() < USBD_STATE_CONFIGURED) {
 		WDT_Restart(WDT);
 		check_exec_dbg_cmd();
-#if 0
+#if 1
 		if (i >= MAX_USB_ITER * 3) {
 			TRACE_ERROR("Resetting board (USB could "
 				    "not be configured)\n\r");
@@ -220,7 +221,6 @@ extern int main(void)
 			}
 			last_simtrace_config = simtrace_config;
 		} else {
-			//FIXME: usb_proces() for every interface in this configuration?
 			if (config_func_ptrs[simtrace_config].run) {
 				config_func_ptrs[simtrace_config].run();
 			}

firmware/apps/trace/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += iso7816_4.c iso7816_fidi.c simtrace_iso7816.c sniffer.c usb.c

firmware/atmel_softpack_libraries/libchip_sam3s/source/USBD_HAL.c

@@ -1672,10 +1672,6 @@ uint8_t USBD_HAL_Halt(uint8_t bEndpoint, uint8_t ctl)
             UDP->UDP_RST_EP |= 1 << bEndpoint;
             UDP->UDP_RST_EP &= ~(1 << bEndpoint);
         }
-
-        /* This fixes a weird bug with regard to ping-pong OUT endpoints */
-        UDP->UDP_RST_EP |= 1 << bEndpoint;
-        UDP->UDP_RST_EP &= ~(1 << bEndpoint);
     }
 
     /* Return Halt status */

firmware/atmel_softpack_libraries/libchip_sam3s/source/pio_it.c

@@ -211,6 +211,16 @@ extern void PIO_InitializeInterrupts( uint32_t dwPriority )
     NVIC_EnableIRQ( PIOC_IRQn ) ;
 }
 
+static InterruptSource *find_intsource4pin(const Pin *pPin)
+{
+    unsigned int i ;
+    for (i = 0; i < _dwNumSources; i++) {
+        if (_aIntSources[i].pPin == pPin)
+	    return &_aIntSources[i];
+    }
+    return NULL;
+}
+
 /**
  * Configures a PIO or a group of PIO to generate an interrupt on status
  * change. The provided interrupt handler will be called with the triggering
@@ -228,15 +238,17 @@ extern void PIO_ConfigureIt( const Pin *pPin, void (*handler)( const Pin* ) )
 
     assert( pPin ) ;
     pio = pPin->pio ;
-    assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
 
-    /* Define new source */
-    TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
-
-    pSource = &(_aIntSources[_dwNumSources]) ;
-    pSource->pPin = pPin ;
+    pSource = find_intsource4pin(pPin);
+    if (!pSource) {
+        /* Define new source */
+        TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
+        assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
+        pSource = &(_aIntSources[_dwNumSources]) ;
+        pSource->pPin = pPin ;
+        _dwNumSources++ ;
+    }
     pSource->handler = handler ;
-    _dwNumSources++ ;
 
     /* PIO3 with additional interrupt support
      * Configure additional interrupt mode registers */

firmware/atmel_softpack_libraries/usb/device/core/USBD.c

@@ -300,7 +300,7 @@ void USBD_SetConfiguration(uint8_t cfgnum)
     else {
         deviceState = USBD_STATE_ADDRESS;
         /* Reset all endpoints */
-        USBD_HAL_ResetEPs(0xFFFFFFFF, USBD_STATUS_RESET, 0);
+        USBD_HAL_ResetEPs(0xFFFFFFFE, USBD_STATUS_RESET, 0);
     }
 }
 

firmware/libboard/common/include/sim_switch.h

@@ -14,5 +14,13 @@
  */
 #pragma once
 
+/** switch card lines to use physical or emulated card
+ *  @param[in] nr card interface number (i.e. slot)
+ *  @param[in] physical which physical interface to switch to (e.g. 0: physical, 1: virtual)
+ *  @return 0 on success, negative else
+ */
 int sim_switch_use_physical(unsigned int nr, int physical);
+/** initialise card switching capabilities
+ *  @return number of switchable card interfaces
+ */
 int sim_switch_init(void);

firmware/libboard/common/source/board_lowlevel.c

@@ -218,3 +218,8 @@ void mdelay(unsigned int msecs)
 	do {
 	} while ((jiffies - jiffies_start) < msecs);
 }
+
+void abort() {
+	NVIC_SystemReset();
+	while(1) {};
+}

firmware/libboard/qmod/include/board.h

@@ -111,4 +111,7 @@
 #define CARDEMU_SECOND_UART
 #define DETECT_VCC_BY_ADC
 
+/** sysmoQMOD only supports card emulation */
+#ifdef APPLICATION_cardem
 #define HAVE_CARDEM
+#endif

firmware/libboard/qmod/source/sim_switch.c

@@ -0,0 +1,90 @@
+/* Code to switch between local (physical) and remote (emulated) SIM
+ *
+ * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "trace.h"
+#include "led.h"
+#include "sim_switch.h"
+
+#ifdef PIN_SIM_SWITCH1
+static const Pin pin_conn_usim1 = {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+#ifdef PIN_SIM_SWITCH2
+static const Pin pin_conn_usim2 = {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+
+static int initialized = 0;
+
+int sim_switch_use_physical(unsigned int nr, int physical)
+{
+	const Pin *pin;
+	enum led led;
+
+	if (!initialized) {
+		TRACE_ERROR("Somebody forgot to call sim_switch_init()\r\n");
+		sim_switch_init();
+	}
+
+	TRACE_INFO("Modem %d: %s SIM\n\r", nr,
+		   physical ? "physical" : "virtual");
+
+	switch (nr) {
+#ifdef PIN_SIM_SWITCH1
+	case 0:
+		pin = &pin_conn_usim1;
+		led = LED_USIM1;
+		break;
+#endif
+#ifdef PIN_SIM_SWITCH2
+	case 1:
+		pin = &pin_conn_usim2;
+		led = LED_USIM2;
+		break;
+#endif
+	default:
+		TRACE_ERROR("Invalid SIM%u\n\r", nr);
+		return -1;
+	}
+
+	if (physical) {
+		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
+		PIO_Clear(pin);
+		led_blink(led, BLINK_ALWAYS_ON);
+	} else {
+		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
+		PIO_Set(pin);
+		led_blink(led, BLINK_ALWAYS_OFF);
+	}
+
+	return 0;
+}
+
+int sim_switch_init(void)
+{
+	int num_switch = 0;
+#ifdef PIN_SIM_SWITCH1
+	PIO_Configure(&pin_conn_usim1, 1);
+	num_switch++;
+#endif
+#ifdef PIN_SIM_SWITCH2
+	PIO_Configure(&pin_conn_usim2, 1);
+	num_switch++;
+#endif
+	initialized = 1;
+	return num_switch;
+}

firmware/libboard/simtrace/include/board.h

@@ -78,11 +78,11 @@
 /* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
 #define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_EDGE | PIO_DEGLITCH }
 /* Phone I/O data signal input/output (I/O_PHONE in schematic) */
-#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+#define PIN_USIM1_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Phone CLK clock input (CLK_PHONE in schematic) */
 #define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used for phone USIM slot 1 communication */
-#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+#define PINS_USIM1              PIN_USIM1_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
 /* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
 #define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */
@@ -120,6 +120,14 @@
 /* ISO7816-communication related pins */
 #define PINS_ISO7816            PIN_SIM_IO,  PIN_SIM_CLK,  PIN_ISO7816_RSTMC // SIM_PWEN_PIN, PIN_SIM_IO2, PIN_SIM_CLK2
 
+/** card emulation configuration */
+/* Disable power converter 4.5-6V to 3.3V (active high) */
+#define PIN_SIM_PWEN_CARDEMU   {PIO_PA5, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Disable power switch to forward VCC_PHONE to VCC_SIM (active high) */
+#define PIN_VCC_FWD_CARDEMU    {PIO_PA26, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT}
+/* Disable power to SIM */
+#define PINS_PWR_CARDEMU        PIN_SIM_PWEN_CARDEMU, PIN_VCC_FWD_CARDEMU
+
 /** External SPI flash interface   **/
 /* SPI MISO pin definition */
 #define PIN_SPI_MISO  {PIO_PA12A_MISO, PIOA, PIOA, PIO_PERIPH_A, PIO_PULLUP}
@@ -153,10 +161,18 @@
 
 /** Supported modes */
 /* SIMtrace board supports sniffer mode */
+#ifdef APPLICATION_trace
 #define HAVE_SNIFFER
+#endif
 /* SIMtrace board supports CCID mode */
+#ifdef APPLICATION_ccid
 //#define HAVE_CCID
+#endif
 /* SIMtrace board supports card emulation mode */
-//#define HAVE_CARDEM
+#ifdef APPLICATION_cardem
+#define HAVE_CARDEM
+#endif
 /* SIMtrace board supports man-in-the-middle mode */
+#ifdef APPLICATION_mitm
 //#define HAVE_MITM
+#endif

firmware/libboard/simtrace/source/sim_switch.c

@@ -0,0 +1,63 @@
+/* Code to switch between local (physical) and remote (emulated) SIM
+ *
+ * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "trace.h"
+#include "led.h"
+#include "sim_switch.h"
+
+#ifdef PIN_SIM_SWITCH1
+static const Pin pin_conn_usim1 = {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+#ifdef PIN_SIM_SWITCH2
+static const Pin pin_conn_usim2 = {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+
+static int initialized = 0;
+
+int sim_switch_use_physical(unsigned int nr, int physical)
+{
+	const Pin pin_sc = PIN_SC_SW_DEFAULT; // pin to control bus switch for VCC/RST/CLK signals
+	const Pin pin_io = PIN_IO_SW_DEFAULT; // pin to control bus switch for I/O signal
+
+	if (nr > 0) {
+		TRACE_ERROR("SIM interface for Modem %d can't be switched\r\n", nr);
+		return -1;
+	}
+
+	TRACE_INFO("Modem %u: %s SIM\n\r", nr, physical ? "physical" : "virtual");
+
+	if (physical) {
+		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
+		PIO_Set(&pin_sc);
+		PIO_Set(&pin_io);
+	} else {
+		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
+		PIO_Clear(&pin_sc);
+		PIO_Clear(&pin_io);
+	}
+
+	return 0;
+}
+
+int sim_switch_init(void)
+{
+	// the bus switch is already initialised
+	return 1; // SIMtrace hardware has only one switchable interface
+}

firmware/libcommon/include/card_emu.h

@@ -58,10 +58,43 @@ struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch);
 void card_emu_have_new_uart_tx(struct card_handle *ch);
 void card_emu_report_status(struct card_handle *ch, bool report_on_irq);
 
+/*! call when the waiting time has half-expired
+ *  param[in] ch card for which the waiting time half expired
+ */
+void card_emu_wt_halfed(void *ch);
+/*! call when the waiting time has expired
+ *  param[in] ch card for which the waiting time expired
+ */
+void card_emu_wt_expired(void *ch);
+
 #define ENABLE_TX	0x01
 #define ENABLE_RX	0x02
 
+// the following functions are callbacks implement in mode_cardemu.c
+
 int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi);
+
+/*! update F and D on USART peripheral
+ *  @param[in] usart USART peripheral to configure
+ *  @param[in] f clock rate conversion integer F value
+ *  @param[in] d baud rate adjustment factor D value
+ *  @note this should happen after reset and protocol select (through PPS or implicit)
+ */
+void card_emu_uart_update_fd(uint8_t uart_chan, uint16_t f, uint8_t d);
+/*! update WT on USART peripheral
+ *  @param[in] usart USART peripheral to configure
+ *  @param[in] wt inactivity Waiting Time before card_emu_wt_expired is called (0 to disable)
+ */
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt);
+/*! reset waiting timeout count down on USART peripheral
+ *  @param[in] usart USART peripheral to configure
+ */
+void card_emu_uart_reset_wt(uint8_t uart_chan);
+/*! set I/O line high
+ *  @param[in] usart USART peripheral to configure
+ *  @param[in] set if I/O line should be set high (true), or cleared low (false)
+ */
+void card_emu_uart_io_set(uint8_t uart_chan, bool set);
 int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte);
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx);
 void card_emu_uart_wait_tx_idle(uint8_t uart_chan);

firmware/libcommon/include/iso7816_3.h

@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2019 sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+*/
+/* this library provides utilities to handle the ISO-7816 part 3 communication aspects (e.g. related to F and D) */
+#pragma once
+
+#include <stdint.h>
+#include <stdbool.h>
+
+/** default clock rate conversion integer Fd
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.1
+ */
+#define ISO7816_3_DEFAULT_FD 372
+/** default baud rate adjustment factor Dd
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.1
+ */
+#define ISO7816_3_DEFAULT_DD 1
+/** default clock rate conversion integer Fi
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.3
+ *  @note non-default value is optionally specified in TA1
+ */
+#define ISO7816_3_DEFAULT_FI 372
+/** default baud rate adjustment factor Di
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.3
+ *  @note non-default value is optionally specified in TA1
+ */
+#define ISO7816_3_DEFAULT_DI 1
+/** default maximum clock frequency, in Hz
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.3
+ *  @note non-default value is optionally specified in TA1
+ */
+#define ISO7816_3_DEFAULT_FMAX 5000000UL
+/** default Waiting Integer (WI) value for T=0
+ *  @implements ISO/IEC 7816-3:2006(E) section 10.2
+ *  @note non-default value is optionally specified in TC2
+ */
+#define ISO7816_3_DEFAULT_WI 10
+/** default Waiting Time (WT) value, in ETU
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.1
+ *  @note depends on Fi, Di, and WI if protocol T=0 is selected
+ */
+#define ISO7816_3_DEFAULT_WT 9600
+
+/** Table encoding the clock rate conversion integer Fi
+ *  @note Fi is indicated in TA1, but the same table is used for F and Fn during PPS
+ *  @implements ISO/IEC 7816-3:2006(E) table 7
+ */
+extern const uint16_t iso7816_3_fi_table[];
+
+/** Table encoding the maximum clock frequency f_max in Hz
+ *  @implements ISO/IEC 7816-3:2006(E) table 7
+ *  @note f_max is indicated in TA1, but the same table is used for F and Fn during PPS
+ */
+extern const uint32_t iso7816_3_fmax_table[];
+
+/** Table encoding the baud rate adjust integer Di
+ *  @implements ISO/IEC 7816-3:2006(E) table 8
+ *  @note Di is indicated in TA1, but the same table is used for D and Dn during PPS
+ */
+extern const uint8_t iso7816_3_di_table[];
+
+/* verify if the clock rate conversion integer F value is valid
+ * @param[in] f F value to be validated
+ * @return if F value is valid
+ * @note only values in ISO/IEC 7816-3:2006(E) table 7 are valid
+ */
+bool iso7816_3_valid_f(uint16_t f);
+/* verify if the baud rate adjustment factor D value is valid
+ * @param[in] d D value to be validated
+ * @return if D value is valid
+ * @note only values in ISO/IEC 7816-3:2006(E) table 8 are valid
+ */
+bool iso7816_3_valid_d(uint8_t d);
+/** calculate Waiting Time (WT)
+ *  @param[in] wi Waiting Integer
+ *  @param[in] fi clock rate conversion integer Fi value
+ *  @param[in] di baud rate adjustment factor Di value
+ *  @param[in] f clock rate conversion integer F value
+ *  @param[in] d baud rate adjustment factor D value
+ *  @return Waiting Time WT, in ETU, or < 0 on error (see code for return codes)
+ *  @note this should happen after reset and T=0 protocol select (through PPS or implicit)
+ *  @implements ISO/IEC 7816-3:2006(E) section 8.1 and 10.2
+ */
+int32_t iso7816_3_calculate_wt(uint8_t wi, uint16_t fi, uint8_t di, uint16_t f, uint8_t d);

firmware/libcommon/include/simtrace_prot.h

@@ -230,11 +230,10 @@ struct cardemu_usb_msg_status {
 	uint32_t flags;
 	/* phone-applied target voltage in mV */
 	uint16_t voltage_mv;
-	/* Fi/Di related information */
-	uint8_t fi;
-	uint8_t di;
-	uint8_t wi;
-	uint32_t waiting_time;
+	uint8_t f; /*!< index of F and f_max values as encoded in ISO/IEC 7816-3:2006(E) Table 7 */
+	uint8_t d; /*!< index of D value as encoded in ISO/IEC 7816-3:2006(E) Table 8 */
+	uint8_t wi; /*!< Waiting Integer as defined in ISO/IEC 7816-3:2006(E) Section 10.2 */
+	uint32_t wt; /*!< Waiting Time in ETU as defined in ISO/IEC 7816-3:2006(E) Section 8.1 */
 } __attribute__ ((packed));
 
 /* CEMU_USB_MSGT_DO_PTS */

firmware/libcommon/include/tc_etu.h

@@ -7,5 +7,3 @@ void tc_etu_init(uint8_t chan_nr, void *handle);
 void tc_etu_enable(uint8_t chan_nr);
 void tc_etu_disable(uint8_t chan_nr);
 
-extern void tc_etu_wtime_half_expired(void *handle);
-extern void tc_etu_wtime_expired(void *handle);

firmware/libcommon/include/usb_buf.h

@@ -42,15 +42,5 @@ int usb_drain_queue(uint8_t ep);
 void usb_buf_init(void);
 struct usb_buffered_ep *usb_get_buf_ep(uint8_t ep);
 
-struct usb_if {
-	uint8_t if_num;		/* interface number */
-	uint8_t ep_out;		/* OUT endpoint (0 if none) */
-	uint8_t ep_in;		/* IN endpint (0 if none) */
-	uint8_t ep_int;		/* INT endpoint (0 if none) */
-	void *data;		/* opaque data, passed through */
-	struct {
-		/* call-back to be called for inclming messages on OUT EP */
-		void (*rx_out)(struct msgb *msg, const struct usb_if *usb_if);
-	} ops;
-};
-void usb_process(const struct usb_if *usb_if);
+int usb_refill_to_host(uint8_t ep);
+int usb_refill_from_host(uint8_t ep);

firmware/libcommon/source/card_emu.c

@@ -1,7 +1,7 @@
 /* ISO7816-3 state machine for the card side
  *
  * (C) 2010-2019 by Harald Welte <laforge@gnumonks.org>
- * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,6 +26,7 @@
 
 #include "utils.h"
 #include "trace.h"
+#include "iso7816_3.h"
 #include "iso7816_fidi.h"
 #include "tc_etu.h"
 #include "card_emu.h"
@@ -154,18 +155,53 @@ struct card_handle {
 	bool in_reset;	/*< if card is in reset (true = RST low/asserted, false = RST high/ released) */
 	bool clocked;	/*< if clock is active ( true = active, false = inactive) */
 
-	/* timing parameters, from PTS */
-	uint8_t fi;
-	uint8_t di;
-	uint8_t wi;
-
 	uint8_t tc_chan;	/* TC channel number */
 	uint8_t uart_chan;	/* UART channel */
 
 	uint8_t in_ep;		/* USB IN EP */
 	uint8_t irq_ep;		/* USB IN EP */
 
-	uint32_t waiting_time;	/* in clocks */
+	/*! clock rate conversion integer F
+	 *  @implements ISO/IEC 7816-3:2006(E) section 7.1
+	 *  @note this represents the current value used
+	 */
+	uint16_t f;
+	/*! baud rate adjustment factor D
+	 *  @implements ISO/IEC 7816-3:2006(E) section 7.1
+	 *  @note this represents the current value used
+	 */
+	uint8_t d;
+	/*! clock frequency in Hz
+	 *  @implements ISO/IEC 7816-3:2006(E) section 7.1
+	 *  @note the USART peripheral in slave mode does not provide the current value. we could measure it but this is not really useful. instead we remember the maximum possible value corresponding to the selected F value
+	 */
+	uint32_t f_cur;
+	/*! clock rate conversion integer Fi
+	 *  @implements ISO/IEC 7816-3:2006(E) Table 7
+	 *  @note this represents the maximum value supported by the card, and can be indicated in TA1
+	 *  @note this value can be set in TA1
+	 */
+	uint16_t fi;
+	/*! baud rate adjustment factor Di
+	 *  @implements ISO/IEC 7816-3:2006(E) Table 8
+	 *  @note this represents the maximum value supported by the card, and can be indicated in TA1
+	 */
+	uint8_t di;
+	/*! clock frequency, in Hz
+	 *  @implements ISO/IEC 7816-3:2006(E) Table 7
+	 *  @note this represents the maximum value supported by the card, and can be indicated in TA1
+	 */
+	uint32_t f_max;
+	/*! Waiting Integer
+	 *  @implements ISO/IEC 7816-3:2006(E) Section 10.2
+	 *  @note this value can be set in TA2
+	 */
+	uint8_t wi;
+	/*! Waiting Time, in ETU
+	 *  @implements ISO/IEC 7816-3:2006(E) Section 8.1
+	 *  @note this depends on Fi, Di, and WI if T=0 is used
+	 */
+	uint32_t wt;
 
 	/* ATR state machine */
 	struct {
@@ -206,7 +242,9 @@ static void card_handle_reset(struct card_handle *ch)
 {
 	struct msgb *msg;
 
+#ifndef BOARD_simtrace
 	tc_etu_disable(ch->tc_chan);
+#endif
 
 	/* release any buffers we may still own */
 	if (ch->uart_tx_msg) {
@@ -390,13 +428,44 @@ static void card_set_state(struct card_handle *ch,
 	case ISO_S_WAIT_POWER:
 	case ISO_S_WAIT_CLK:
 	case ISO_S_WAIT_RST:
-		/* disable Rx and Tx of UART */
-		card_emu_uart_enable(ch->uart_chan, 0);
+		card_emu_uart_enable(ch->uart_chan, 0); // disable Rx and Tx of UART
+#ifdef BOARD_simtrace
+		card_emu_uart_update_wt(ch->uart_chan, 0); // disable timeout
+		if (ISO_S_WAIT_POWER == new_state) {
+			card_emu_uart_io_set(ch->uart_chan, false); // pull I/O line low
+		} else {
+			card_emu_uart_io_set(ch->uart_chan, true); // pull I/O line high
+		}
+#endif
 		break;
 	case ISO_S_WAIT_ATR:
+
+		// reset the ETU-related values
+		ch->f = ISO7816_3_DEFAULT_FD;
+		ch->d = ISO7816_3_DEFAULT_DD;
+
+#ifdef BOARD_simtrace
+		card_emu_uart_update_fd(ch->uart_chan, ch->f, ch->d); // set baud rate
+
+		// reset values optionally specified in the ATR
+		ch->fi = ISO7816_3_DEFAULT_FI;
+		ch->di = ISO7816_3_DEFAULT_DI;
+		ch->wi = ISO7816_3_DEFAULT_WI;
+		int32_t wt = iso7816_3_calculate_wt(ch->wi, ch->fi, ch->di, ch->f, ch->d); // get default waiting time
+		if (wt <= 0) {
+			TRACE_FATAL("%u: invalid WT %ld\r\n", ch->num, wt);
+		}
+		ch->wt = wt;
+		card_emu_uart_enable(ch->uart_chan, ENABLE_TX); // enable TX to be able to use the timeout
+		/* the ATR should only be sent 400 to 40k clock cycles after the RESET.
+		 * we use the UART timeout mechanism to wait this time.
+		 * since the initial ETU is Fd=372/Dd=1 clock cycles long, we have to wait 2-107 ETU.
+		 */
+		card_emu_uart_update_wt(ch->uart_chan, 2);
+#else
 		/* Reset to initial Fi / Di ratio */
-		ch->fi = 1;
-		ch->di = 1;
+		ch->f = 1;
+		ch->d = 1;
 		emu_update_fidi(ch);
 		/* the ATR should only be sent 400 to 40k clock cycles after the RESET.
 		 * we use the tc_etu mechanism to wait this time.
@@ -405,16 +474,20 @@ static void card_set_state(struct card_handle *ch,
 		tc_etu_set_wtime(ch->tc_chan, 2);
 		/* enable the TC/ETU counter once reset has been released */
 		tc_etu_enable(ch->tc_chan);
+#endif
+
 		break;
 	case ISO_S_IN_ATR:
+#ifndef BOARD_simtrace
 		/* initialize to default WI, this will be overwritten if we
 		 * send TC2, and it will be programmed into hardware after
 		 * ATR is finished */
 		ch->wi = ISO7816_3_DEFAULT_WI;
 		/* update waiting time to initial waiting time */
-		ch->waiting_time = ISO7816_3_INIT_WTIME;
+		ch->wt = ISO7816_3_INIT_WTIME;
 		/* set initial waiting time */
-		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
+		tc_etu_set_wtime(ch->tc_chan, ch->wt);
+#endif
 		/* Set ATR sub-state to initial state */
 		ch->atr.idx = 0;
 		/* enable USART transmission to reader */
@@ -489,9 +562,15 @@ static int tx_byte_atr(struct card_handle *ch)
 				}
 			}
 		}
+#ifdef BOARD_simtrace
+		/* FIXME update waiting time in case of card is specific mode */
+		/* reset PTS to initial state */
+		set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
+#else
 		/* update waiting time (see ISO 7816-3 10.2) */
-		ch->waiting_time = ch->wi * 960 * ch->fi;
-		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
+		ch->wt = ch->wi * 960 * ch->fi;
+		tc_etu_set_wtime(ch->tc_chan, ch->wt);
+#endif
 		/* go to next state */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
 		return 0;
@@ -557,9 +636,12 @@ from_pts3:
 	return PTS_S_WAIT_REQ_PCK | is_resp;
 }
 
-
-static int
-process_byte_pts(struct card_handle *ch, uint8_t byte)
+/*! process incoming PTS byte
+ *  @param[in] ch card handle on which the byte has been received
+ *  @param[in] byte received PTS byte
+ *  @return new iso7816_3_card_state or -1 at the end of PTS request
+ */
+static int process_byte_pts(struct card_handle *ch, uint8_t byte)
 {
 	switch (ch->pts.state) {
 	case PTS_S_WAIT_REQ_PTSS:
@@ -625,11 +707,17 @@ static int tx_byte_pts(struct card_handle *ch)
 		break;
 	case PTS_S_WAIT_RESP_PTS1:
 		byte = ch->pts.resp[_PTS1];
-		/* This must be TA1 */
-		ch->fi = byte >> 4;
-		ch->di = byte & 0xf;
-		TRACE_DEBUG("%u: found Fi=%u Di=%u\r\n", ch->num,
-			    ch->fi, ch->di);
+		// TODO the value should have been validated when receiving the request
+		ch->f = iso7816_3_fi_table[byte >> 4]; // save selected Fn
+		if (0 == ch->f) {
+			TRACE_ERROR("%u: invalid F index in PPS response: %u\r\n", ch->num, byte >> 4);
+			// TODO become unresponsive to signal error condition
+		}
+		ch->d = iso7816_3_di_table[byte & 0xf]; // save selected Dn
+		if (0 == ch->d) {
+			TRACE_ERROR("%u: invalid D index in PPS response: %u\r\n", ch->num, byte & 0xf);
+			// TODO become unresponsive to signal error condition
+		}
 		break;
 	case PTS_S_WAIT_RESP_PTS2:
 		byte = ch->pts.resp[_PTS2];
@@ -654,10 +742,23 @@ static int tx_byte_pts(struct card_handle *ch)
 	switch (ch->pts.state) {
 	case PTS_S_WAIT_RESP_PCK:
 		card_emu_uart_wait_tx_idle(ch->uart_chan);
+#ifdef BOARD_simtrace
+		card_emu_uart_update_fd(ch->uart_chan, ch->f, ch->d); // set selected baud rate
+		int32_t wt = iso7816_3_calculate_wt(ch->wi, ch->fi, ch->di, ch->f, ch->d); // get new waiting time
+		if (wt <= 0) {
+			TRACE_ERROR("%u: invalid WT calculated: %ld\r\n", ch->num, wt);
+			// TODO become unresponsive to signal error condition
+		} else {
+			ch->wt = wt;
+		}
+		// FIXME disable WT
+#else
 		/* update baud rate generator with Fi/Di */
 		emu_update_fidi(ch);
+#endif
 		/* Wait for the next TPDU */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
+		set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
 		break;
 	default:
 		/* calculate the next state and set it */
@@ -725,6 +826,10 @@ static void set_tpdu_state(struct card_handle *ch, enum tpdu_state new_ts)
 {
 	if (ch->tpdu.state == new_ts)
 		return;
+	if (ISO_S_IN_TPDU != ch->state && ISO_S_WAIT_TPDU != ch->state) {
+		TRACE_ERROR("%u: setting TPDU state in %s state\r\n", ch->num,
+			get_value_string(iso7816_3_card_state_names, ch->state));
+	}
 
 	TRACE_DEBUG("%u: 7816 TPDU state %s -> %s\r\n", ch->num,
 		get_value_string(tpdu_state_names, ch->tpdu.state),
@@ -732,15 +837,20 @@ static void set_tpdu_state(struct card_handle *ch, enum tpdu_state new_ts)
 	ch->tpdu.state = new_ts;
 
 	switch (new_ts) {
-	case TPDU_S_WAIT_CLA:
-	case TPDU_S_WAIT_RX:
-		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
+	case TPDU_S_WAIT_CLA: // we will be waiting for the next incoming TDPU
+		card_emu_uart_enable(ch->uart_chan, ENABLE_RX); // switch back to receiving mode
+		card_emu_uart_update_wt(ch->uart_chan, 0); // disable waiting time since we don't expect any data
+		break;
+	case TPDU_S_WAIT_INS: // the reader started sending the TPDU header
+		card_emu_uart_update_wt(ch->uart_chan, ch->wt); // start waiting for the rest of the header/body
+		break;
+	case TPDU_S_WAIT_RX: // the reader should send us the TPDU body data
+		card_emu_uart_enable(ch->uart_chan, ENABLE_RX); // switch to receive mode to receive the body
+		card_emu_uart_update_wt(ch->uart_chan, ch->wt); // start waiting for the rest body
 		break;
 	case TPDU_S_WAIT_PB:
-		/* we just completed the TPDU header from reader to card
-		 * and now need to disable the receiver, enable the
-		 * transmitter and transmit the procedure byte */
-		card_emu_uart_enable(ch->uart_chan, ENABLE_TX);
+		card_emu_uart_enable(ch->uart_chan, ENABLE_TX); // header is completely received, now we need to transmit the procedure byte
+		card_emu_uart_update_wt(ch->uart_chan, ch->wt); // prepare to extend the waiting time once half of it is reached
 		break;
 	default:
 		break;
@@ -1024,11 +1134,11 @@ void card_emu_report_status(struct card_handle *ch, bool report_on_irq)
 		sts->flags |= CEMU_STATUS_F_CLK_ACTIVE;
 	if (ch->in_reset)
 		sts->flags |= CEMU_STATUS_F_RESET_ACTIVE;
-	/* FIXME: voltage + card insert */
-	sts->fi = ch->fi;
-	sts->di = ch->di;
+	/* FIXME set voltage and card insert values */
+	sts->f = ch->f;
+	sts->d = ch->d;
 	sts->wi = ch->wi;
-	sts->waiting_time = ch->waiting_time;
+	sts->wt = ch->wt;
 
 	usb_buf_upd_len_and_submit(msg);
 }
@@ -1083,9 +1193,7 @@ void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 	case CARD_IO_RST:
 		if (active == 0 && ch->in_reset) {
 			TRACE_INFO("%u: RST released\r\n", ch->num);
-			if (ch->vcc_active && ch->clocked) {
-				/* enable the TC/ETU counter once reset has been released */
-				tc_etu_enable(ch->tc_chan);
+			if (ch->vcc_active && ch->clocked && ISO_S_WAIT_RST == ch->state) {
 				/* prepare to send the ATR */
 				card_set_state(ch, ISO_S_WAIT_ATR);
 			}
@@ -1094,9 +1202,14 @@ void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 			TRACE_INFO("%u: RST asserted\r\n", ch->num);
 			card_handle_reset(ch);
 			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
+#ifdef BOARD_simtrace
+			card_set_state(ch, ISO_S_WAIT_RST);
+#endif
 		}
 		ch->in_reset = active;
 		break;
+	default:
+		break;
 	}
 
 	switch (ch->state) {
@@ -1125,17 +1238,20 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len)
 	if (len > sizeof(ch->atr.atr))
 		return -1;
 
+/* ignore new ATR for now since we PPS has not been tested
 	memcpy(ch->atr.atr, atr, len);
 	ch->atr.len = len;
 	ch->atr.idx = 0;
+*/
 
 #if TRACE_LEVEL >= TRACE_LEVEL_INFO 
 	uint8_t i;
 	TRACE_INFO("%u: ATR set: ", ch->num);
-	for (i = 0; i < ch->atr.len; i++) {
+	for (i = 0; i < len; i++) {
 		TRACE_INFO_WP("%02x ", atr[i]);
 	}
 	TRACE_INFO_WP("\n\r");
+	TRACE_INFO("%u: ATR set currently ignored\n\r", ch->num);
 #endif
 	/* FIXME: race condition with transmitting ATR to reader? */
 
@@ -1143,7 +1259,7 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len)
 }
 
 /* hardware driver informs us that one (more) ETU has expired */
-void tc_etu_wtime_half_expired(void *handle)
+void card_emu_wt_halfed(void *handle)
 {
 	struct card_handle *ch = handle;
 	/* transmit NULL procedure byte well before waiting time expires */
@@ -1153,7 +1269,8 @@ void tc_etu_wtime_half_expired(void *handle)
 		case TPDU_S_WAIT_PB:
 		case TPDU_S_WAIT_TX:
 			putchar('N');
-			card_emu_uart_tx(ch->uart_chan, ISO7816_3_PB_NULL);
+			card_emu_uart_tx(ch->uart_chan, ISO7816_3_PB_NULL); // we are waiting for data from the user. send a procedure byte to ask the reader to wait more time
+			card_emu_uart_reset_wt(ch->uart_chan); // reset WT
 			break;
 		default:
 			break;
@@ -1165,7 +1282,7 @@ void tc_etu_wtime_half_expired(void *handle)
 }
 
 /* hardware driver informs us that one (more) ETU has expired */
-void tc_etu_wtime_expired(void *handle)
+void card_emu_wt_expired(void *handle)
 {
 	struct card_handle *ch = handle;
 	switch (ch->state) {
@@ -1174,13 +1291,30 @@ void tc_etu_wtime_expired(void *handle)
 		card_set_state(ch, ISO_S_IN_ATR);
 		break;
 	default:
+		// TODO become unresponsive
 		TRACE_ERROR("%u: wtime_exp\r\n", ch->num);
 		break;
 	}
 }
 
-/* shortest ATR possible (uses default speed and no options) */
-static const uint8_t default_atr[] = { 0x3B, 0x00 };
+/* reasonable ATR offering all protocols and voltages
+ * smartphones might not care, but other readers do
+
+TS = 0x3B	Direct Convention
+T0 = 0x80	Y(1): b1000, K: 0 (historical bytes)
+TD(1) = 0x80	Y(i+1) = b1000, Protocol T=0
+----
+TD(2) = 0x81	Y(i+1) = b1000, Protocol T=1
+----
+TD(3) = 0x1F	Y(i+1) = b0001, Protocol T=15
+----
+TA(4) = 0xC7	Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+----
+Historical bytes
+TCK = 0x59 	correct checksum
+
+ * */
+static const uint8_t default_atr[] = { 0x3B, 0x80, 0x80, 0x81 , 0x1F, 0xC7, 0x59};
 
 static struct card_handle card_handles[NUM_SLOTS];
 
@@ -1209,6 +1343,7 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 
 	INIT_LLIST_HEAD(&ch->uart_tx_queue);
 
+	/* initialize the card_handle with reasonable defaults */
 	ch->num = slot_num;
 	ch->irq_ep = irq_ep;
 	ch->in_ep = in_ep;
@@ -1217,21 +1352,26 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 	ch->in_reset = in_reset;
 	ch->clocked = clocked;
 
-	ch->fi = 0;
-	ch->di = 1;
+	ch->fi = ISO7816_3_DEFAULT_FI;
+	ch->di = ISO7816_3_DEFAULT_DI;
 	ch->wi = ISO7816_3_DEFAULT_WI;
+	ch->wt = ISO7816_3_DEFAULT_WT;;
 
 	ch->tc_chan = tc_chan;
 	ch->uart_chan = uart_chan;
-	ch->waiting_time = ISO7816_3_INIT_WTIME;
 
 	ch->atr.idx = 0;
 	ch->atr.len = sizeof(default_atr);
 	memcpy(ch->atr.atr, default_atr, ch->atr.len);
 
-	card_handle_reset(ch);
+	ch->pts.state = PTS_S_WAIT_REQ_PTSS;
+	ch->tpdu.state = TPDU_S_WAIT_CLA;
 
+	card_handle_reset(ch);
+#ifndef BOARD_simtrace
+	/* simtrace uses uart timer instead */
 	tc_etu_init(ch->tc_chan, ch);
+#endif
 
 	return ch;
 }

firmware/libcommon/source/host_communication.c

@@ -57,7 +57,7 @@ static void usb_write_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 }
 
 /* check if the spcified IN endpoint is idle and submit the next buffer from queue */
-static int usb_refill_to_host(uint8_t ep)
+int usb_refill_to_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
@@ -130,7 +130,7 @@ static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 }
 
 /* refill the read queue for data received from host PC on OUT EP, if needed */
-static int usb_refill_from_host(uint8_t ep)
+int usb_refill_from_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
@@ -198,45 +198,3 @@ int usb_drain_queue(uint8_t ep)
 
 	return ret;
 }
-
-
-
-/* iterate over the queue of incoming USB commands and dispatch/execute
- * them */
-static void process_any_usb_commands(const struct usb_if *usb_if)
-{
-	struct llist_head *queue = usb_get_queue(usb_if->ep_out);
-	struct llist_head *lh;
-	struct msgb *msg;
-	int i;
-
-	/* limit the number of iterations to 10, to ensure we don't get
-	 * stuck here without returning to main loop processing */
-	for (i = 0; i < 10; i++) {
-		/* de-queue the list head in an irq-safe way */
-		lh = llist_head_dequeue_irqsafe(queue);
-		if (!lh)
-			break;
-		msg = llist_entry(lh, struct msgb, list);
-		usb_if->ops.rx_out(msg, usb_if);
-	}
-}
-
-/* perform any action related to USB processing (IRQ/INT/OUT EP refill, handling OUT) */
-void usb_process(const struct usb_if *usb_if)
-{
-	/* first try to send any pending messages on IRQ */
-	if (usb_if->ep_int)
-		usb_refill_to_host(usb_if->ep_int);
-
-	/* then try to send any pending messages on IN */
-	if (usb_if->ep_in)
-		usb_refill_to_host(usb_if->ep_in);
-
-	/* ensure we can handle incoming USB messages from the
-	 * host */
-	if (usb_if->ep_out) {
-		usb_refill_from_host(usb_if->ep_out);
-		process_any_usb_commands(usb_if);
-	}
-}

firmware/libcommon/source/iso7816_3.c

@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2019 sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+*/
+#include <stdint.h>
+#include <stddef.h>
+
+#include "utils.h"
+#include "iso7816_3.h"
+
+const uint16_t iso7816_3_fi_table[16] = {
+	372, 372, 558, 744, 1116, 1488, 1860, 0,
+	0, 512, 768, 1024, 1536, 2048, 0, 0
+};
+
+const uint32_t iso7816_3_fmax_table[16] = {
+	4000000, 5000000, 6000000, 8000000, 12000000, 16000000, 20000000, 0,
+	0, 5000000, 7500000, 10000000, 15000000, 20000000, 0, 0
+};
+
+const uint8_t iso7816_3_di_table[16] = {
+	0, 1, 2, 4, 8, 16, 32, 64,
+	12, 20, 0, 0, 0, 0, 0, 0,
+};
+
+/* all values are based on the Elementary Time Unit (ETU), defined in ISO/IEC 7816-3 section 7.1
+ * this is the time required to transmit a bit, and is calculated as follows: 1 ETU = (F / D) x (1 / f) where:
+ * - F is the clock rate conversion integer
+ * - D is the baud rate adjustment factor
+ * - f is the clock frequency
+ * the possible F, f(max), and D values are defined in ISO/IEC 7816-3 table 7 and 8
+ * - the initial value for F (after reset) is Fd = 372
+ * - the initial value for D (after reset) is Dd = 1
+ * - the initial maximum frequency f(max) is 5 MHz
+ * the card must measure the ETU based on the clock signal provided by the reader
+ * one ETU (e.g. 1 bit) takes F/D clock cycles, which the card must count
+ *
+ * the card can indicate an alternative set of supported values Fi (with corresponding f(max)) and Di for higher baud rate in TA1 in the ATR (see ISO/IEC 7816-3 section 8.3)
+ * these values are selected according to ISO/IEC 7816-3 section 6.3.1:
+ * - card in specific mode: they are enforced if TA2 is present (the reader can deactivate the card if it does not support these values)
+ * - card in negotiable mode:
+ * -- they can be selected by the reader using the Protocol and Parameters Selection (PPS) procedure
+ * -- the first offered protocol and default values are used when no PPS is started
+ *
+ * PPS is done with Fd and Dd (see ISO/IEC 7816-3 section 9)
+ * the reader can propose any F and D values between from Fd to Fi, and from Dd to Di (Fi and Di are indicated in TA1)
+ * the in PPS agreed values F and D are called Fn and Dn and are applied after a successful exchange, corresponding to PPS1_Response bit 5
+ *
+ * the F and D values must be provided to the SAM3S USART peripheral (after reset and PPS)
+ */
+
+bool iso7816_3_valid_f(uint16_t f)
+{
+	if (0 == f) {
+		return false;
+	}
+	uint8_t i = 0;
+	for (i = 0; i < ARRAY_SIZE(iso7816_3_fi_table) && iso7816_3_fi_table[i] != f; i++);
+	return (i < ARRAY_SIZE(iso7816_3_fi_table) && iso7816_3_fi_table[i] == f);
+}
+
+bool iso7816_3_valid_d(uint8_t d)
+{
+	if (0 == d) {
+		return false;
+	}
+	uint8_t i = 0;
+	for (i = 0; i < ARRAY_SIZE(iso7816_3_di_table) && iso7816_3_di_table[i] != d; i++);
+	return (i < ARRAY_SIZE(iso7816_3_di_table) && iso7816_3_di_table[i] == d);
+}
+
+/*
+ * the ETU is not only used to define the baud rate, but also the Waiting Time (WT) (see ISO/IEC 7816-3 section 8.1)
+ * when exceeding WT without card response, the reader flags the card as unresponsive, and resets it
+ * this can be used by the card to indicate errors or unsupported operations
+ * if the card requires more time to respond, it shall send a procedure byte to restart WT
+ * WT is calculated as follows (for T=0, see ISO/IEC 7816-3 section 10.2): WT = WI x 960 x (Fi / f(max)) where
+ * - WI is encoded in TC2 in the ATR (10 if absent)
+ * - WI does not depend on D/Di (used for the ETU)
+ * - after reset WT is 9600 ETU
+ * - WI (e.g. the new WT) is applied when T=0 is used (after 6.3.1), even if Fi is not Fn (this WT extension is important to know for the reader so to have the right timeout)
+ */
+
+int32_t iso7816_3_calculate_wt(uint8_t wi, uint16_t fi, uint8_t di, uint16_t f, uint8_t d)
+{
+	// sanity checks
+	if (0 == wi) {
+		return -1;
+	}
+	if (!iso7816_3_valid_f(fi)) {
+		return -2;
+	}
+	if (!iso7816_3_valid_d(di)) {
+		return -3;
+	}
+	if (!iso7816_3_valid_f(f)) {
+		return -4;
+	}
+	if (!iso7816_3_valid_d(d)) {
+		return -5;
+	}
+	if (f > fi) {
+		return -6;
+	}
+	if (d > di) {
+		return -7;
+	}
+
+	return wi * 960UL * (fi/f) * (di/d); // calculate timeout value in ETU
+}

firmware/libcommon/source/mode_cardemu.c

@@ -1,7 +1,7 @@
 /* card emulation mode
  *
  * (C) 2015-2017 by Harald Welte <laforge@gnumonks.org>
- * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -22,6 +22,7 @@
 #include "simtrace.h"
 #include "ringbuffer.h"
 #include "card_emu.h"
+#include "iso7816_3.h"
 #include "iso7816_fidi.h"
 #include "utils.h"
 #include <osmocom/core/linuxlist.h>
@@ -34,8 +35,6 @@
 
 #define TRACE_ENTRY()	TRACE_DEBUG("%s entering\r\n", __func__)
 
-static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb_if);
-
 #ifdef PINS_CARDSIM
 static const Pin pins_cardsim[] = PINS_CARDSIM;
 #endif
@@ -56,12 +55,19 @@ struct cardem_inst {
 	struct card_handle *ch;
 	struct llist_head usb_out_queue;
 	struct ringbuf rb;
+	uint32_t wt; /*!< receiver waiting time to trigger timeout (0 to deactivate it) */
+	uint32_t wt_remaining; /*!< remaining waiting time */
+	bool wt_halfed; /*!< if at least half of the waiting time passed */
 	struct Usart_info usart_info;
 	int usb_pending_old;
-	struct usb_if usb_if;
+	uint8_t ep_out;
+	uint8_t ep_in;
+	uint8_t ep_int;
+	const Pin pin_io;
 	const Pin pin_insert;
 #ifdef DETECT_VCC_BY_ADC
 	uint32_t vcc_uv;
+	uint32_t vcc_uv_last;
 #endif
 	bool vcc_active;
 	bool vcc_active_last;
@@ -77,16 +83,10 @@ struct cardem_inst cardem_inst[] = {
 			.id = ID_USART1,
 			.state = USART_RCV
 		},
-		.usb_if = {
-			.if_num = 0,
-			.ep_out = SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT,
-			.ep_in = SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
-			.ep_int = SIMTRACE_CARDEM_USB_EP_USIM1_INT,
-			.data = &cardem_inst[0],
-			.ops = {
-				.rx_out = dispatch_received_usb_msg,
-			},
-		},
+		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT,
+		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
+		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM1_INT,
+		.pin_io = PIN_USIM1_IO,
 #ifdef PIN_SET_USIM1_PRES
 		.pin_insert = PIN_SET_USIM1_PRES,
 #endif
@@ -99,16 +99,10 @@ struct cardem_inst cardem_inst[] = {
 			.id = ID_USART0,
 			.state = USART_RCV
 		},
-		.usb_if = {
-			.if_num = 1,
-			.ep_out = SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT,
-			.ep_in = SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
-			.ep_int = SIMTRACE_CARDEM_USB_EP_USIM2_INT,
-			.data = &cardem_inst[1],
-			.ops = {
-				.rx_out = dispatch_received_usb_msg,
-			},
-		}
+		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT,
+		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
+		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM2_INT,
+		.pin_io = PIN_USIM2_IO,
 #ifdef PIN_SET_USIM2_PRES
 		.pin_insert = PIN_SET_USIM2_PRES,
 #endif
@@ -159,7 +153,11 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 		 * receiver enabled during transmit */
 		USART_SetReceiverEnabled(usart, 1);
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
+#ifdef BOARD_simtrace
+		USART_EnableIt(usart, US_IER_TXRDY | US_IER_TIMEOUT);
+#else
 		USART_EnableIt(usart, US_IER_TXRDY);
+#endif
 		USART_SetTransmitterEnabled(usart, 1);
 		break;
 	case ENABLE_RX:
@@ -169,7 +167,11 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 		USART_SetTransmitterEnabled(usart, 1);
 		wait_tx_idle(usart);
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
+#ifdef BOARD_simtrace
+		USART_EnableIt(usart, US_IER_RXRDY | US_IER_TIMEOUT);
+#else
 		USART_EnableIt(usart, US_IER_RXRDY);
+#endif
 		USART_SetReceiverEnabled(usart, 1);
 		break;
 	case 0:
@@ -211,37 +213,69 @@ int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 /* FIXME: integrate this with actual irq handler */
 static void usart_irq_rx(uint8_t inst_num)
 {
+	if (inst_num >= ARRAY_SIZE(cardem_inst)) {
+		TRACE_ERROR("%u: UART channel out of bounds\r\n", inst_num);
+		return;
+	}
 	Usart *usart = get_usart_by_chan(inst_num);
 	struct cardem_inst *ci = &cardem_inst[inst_num];
 	uint32_t csr;
 	uint8_t byte = 0;
+	uint32_t errflags = (US_CSR_OVRE | US_CSR_FRAME | US_CSR_PARE | US_CSR_NACK | (1 << 10));
+#ifndef BOARD_simtrace
+	errflags |= US_CSR_TIMEOUT;
+#endif
 
-	csr = usart->US_CSR & usart->US_IMR;
+	csr = usart->US_CSR & usart->US_IMR; // save state/flags before they get changed
 
-	if (csr & US_CSR_RXRDY) {
-		byte = (usart->US_RHR) & 0xFF;
-		if (rbuf_write(&ci->rb, byte) < 0)
-			TRACE_ERROR("rbuf overrun\r\n");
+	if (csr & US_CSR_RXRDY) { // bytes has been received
+		byte = (usart->US_RHR) & 0xFF; // ready out byte
+		if (rbuf_write(&ci->rb, byte) < 0) // store byte in buffer
+			TRACE_ERROR("rbuf overrun\r\n"); // error if could not store in buffer
 	}
 
-	if (csr & US_CSR_TXRDY) {
-		if (card_emu_tx_byte(ci->ch) == 0)
-			USART_DisableIt(usart, US_IER_TXRDY);
+	if (csr & US_CSR_TXRDY) { // ready to transmit the next byte
+		if (card_emu_tx_byte(ci->ch) == 0) // transmit next byte, and check if a byte is being transmitted
+			USART_DisableIt(usart, US_IER_TXRDY); // stop the TX ready signal if not byte has been transmitted
 	}
 
-	if (csr & (US_CSR_OVRE|US_CSR_FRAME|US_CSR_PARE|
-		   US_CSR_TIMEOUT|US_CSR_NACK|(1<<10))) {
-		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
-		TRACE_ERROR("%u e 0x%x st: 0x%lx\n", ci->num, byte, csr);
+	if (csr & errflags) { // error flag set
+		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK; // reset UART state to clear flag
+		TRACE_ERROR("%u USART error on 0x%x status: 0x%lx\n", ci->num, byte, csr); // warn user about error
 	}
+#ifdef BOARD_simtrace
+	// handle timeout
+	if (csr & US_CSR_TIMEOUT) { // RX has been inactive for some time
+		if (ci->wt_remaining <= (usart->US_RTOR & 0xffff)) { // waiting time has passed
+			ci->wt_remaining = 0; // timeout reached (will stop the timer)
+		} else {
+			ci->wt_remaining -= (usart->US_RTOR & 0xffff); // be sure to subtract the actual timeout since the new might not have been set and reloaded yet
+		}
+		if (0 == ci->wt_remaining) {
+			card_emu_wt_expired(ci->ch); // let the state know WT has expired
+		} else if (ci->wt_remaining <= ci->wt / 2 && !ci->wt_halfed) {
+			ci->wt_halfed = true;
+			card_emu_wt_halfed(ci->ch); // let the state know WT has half expired
+		}
+		if (ci->wt_remaining > 0xffff) { // value exceeds the USART TO range
+			usart->US_RTOR = 0xffff; // use the MAX
+		} else {
+			usart->US_RTOR = ci->wt_remaining;
+		}
+		usart->US_CR |= US_CR_STTTO; // clear timeout flag (and stop timeout until next character is received)
+		usart->US_CR |= US_CR_RETTO; // restart the counter (it wt is 0, the timeout is not started)
+	}
+#endif
 }
 
+/*! ISR called for USART0 */
 void mode_cardemu_usart0_irq(void)
 {
 	/* USART0 == Instance 1 == USIM 2 */
 	usart_irq_rx(1);
 }
 
+/*! ISR called for USART1 */
 void mode_cardemu_usart1_irq(void)
 {
 	/* USART1 == Instance 0 == USIM 1 */
@@ -260,6 +294,91 @@ int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi)
 	return 0;
 }
 
+// call-back from card_emu.c to change UART baud rate
+void card_emu_uart_update_fd(uint8_t uart_chan, uint16_t f, uint8_t d)
+{
+	Usart *usart = get_usart_by_chan(uart_chan); // get the USART based on the card handle
+	if (NULL == usart) {
+		TRACE_ERROR("%u: USART not found by chan\r\n", uart_chan);
+		return;
+	}
+	if (!iso7816_3_valid_f(f)) {
+		TRACE_ERROR("%u: invalid F: %u\r\n", uart_chan, f);
+		return;
+	}
+	if (!iso7816_3_valid_d(d)) {
+		TRACE_ERROR("%u: invalid D: %u\r\n", uart_chan, d);
+		return;
+	}
+
+	uint16_t ratio = f / d;
+	if (ratio > 0 && ratio < 2048) {
+		/* make sure USART uses new F/D ratio */
+		usart->US_CR |= US_CR_RXDIS | US_CR_RSTRX; // disable USART before changing baud rate
+		usart->US_FIDI = (ratio & 0x7ff); // change baud rate (ratio)
+		usart->US_CR |= US_CR_RXEN | US_CR_STTTO; // re-enable USART (and stop timeout)
+		TRACE_INFO("%u: USART F/D set to %u/%u\r\n", uart_chan, f, d);
+	} else {
+		TRACE_ERROR("%u: USART could not set F/D to %u/%u\r\n", uart_chan, f, d);
+		// TODO become unresponsive
+	}
+}
+
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt)
+{
+	if (uart_chan >= ARRAY_SIZE(cardem_inst)) {
+		TRACE_ERROR("%u: UART channel out of bounds\r\n", uart_chan);
+		return;
+	}
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	Usart *usart = get_usart_by_chan(uart_chan); // get the USART based on the card handle
+	if (NULL == usart) {
+		TRACE_ERROR("%u: USART not found by chan\r\n", uart_chan);
+		return;
+	}
+
+	ci->wt = wt; // save value
+	card_emu_uart_reset_wt(uart_chan); // reset and start timer
+	TRACE_INFO("%u: USART WT set to %lu ETU\r\n", uart_chan, wt);
+}
+
+void card_emu_uart_reset_wt(uint8_t uart_chan)
+{
+	if (uart_chan >= ARRAY_SIZE(cardem_inst)) {
+		TRACE_ERROR("%u: UART channel out of bounds\r\n", uart_chan);
+		return;
+	}
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	Usart *usart = get_usart_by_chan(uart_chan); // get the USART based on the card handle
+	if (NULL == usart) {
+		TRACE_ERROR("%u: USART not found by chan\r\n", uart_chan);
+		return;
+	}
+
+	ci->wt_remaining = ci->wt; // reload WT value
+	ci->wt_halfed = false; // reset half expired
+	if (ci->wt_remaining > 0xffff) { // value exceeds the USART TO range
+		usart->US_RTOR = 0xffff; // use the MAX
+	} else {
+		usart->US_RTOR = ci->wt_remaining;
+	}
+	usart->US_CR |= US_CR_RETTO; // restart the counter (if wt is 0, the timeout is not started)
+}
+
+void card_emu_uart_io_set(uint8_t uart_chan, bool set)
+{
+	if (uart_chan >= ARRAY_SIZE(cardem_inst)) {
+		TRACE_ERROR("%u: UART channel out of bounds\r\n", uart_chan);
+		return;
+	}
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	if (set) {
+		PIO_Set(&ci->pin_io);
+	} else {
+		PIO_Clear(&ci->pin_io);
+	}
+}
+
 /* call-back from card_emu.c to force a USART interrupt */
 void card_emu_uart_interrupt(uint8_t uart_chan)
 {
@@ -332,10 +451,14 @@ static int card_vcc_adc_init(void)
 
 static void process_vcc_adc(struct cardem_inst *ci)
 {
-	if (ci->vcc_uv >= VCC_UV_THRESH_3V)
+	if (ci->vcc_uv >= VCC_UV_THRESH_3V &&
+	    ci->vcc_uv_last < VCC_UV_THRESH_3V) {
 		ci->vcc_active = true;
-	else
+	} else if (ci->vcc_uv < VCC_UV_THRESH_3V &&
+		 ci->vcc_uv_last >= VCC_UV_THRESH_3V) {
 		ci->vcc_active = false;
+	}
+	ci->vcc_uv_last = ci->vcc_uv;
 }
 
 void ADC_IrqHandler(void)
@@ -423,25 +546,52 @@ void mode_cardemu_init(void)
 
 	TRACE_ENTRY();
 
+#ifdef PINS_PWR_CARDEMU
+	// enable power on required peripherals, else disable
+	Pin pins_pwr_cardemu[] = { PINS_PWR_CARDEMU };
+	PIO_Configure(pins_pwr_cardemu, PIO_LISTSIZE(pins_pwr_cardemu));
+#endif /* PINS_PWR_CARDEMU */
 #ifdef PINS_CARDSIM
 	PIO_Configure(pins_cardsim, PIO_LISTSIZE(pins_cardsim));
 #endif
+	// ADC channel 6 and 7 are used to measure VCC (else they are grounded)
+	ADC->ADC_CHER |= ADC_CHER_CH6 | ADC_CHER_CH7; // enable the ADC channels to put them in high impedance (else they leak current)
 #ifdef DETECT_VCC_BY_ADC
-	card_vcc_adc_init();
+	card_vcc_adc_init(); // configure the ADC to measure VCC
 #endif /* DETECT_VCC_BY_ADC */
+	// TODO pull SIMtrace board SIM lines low, else they can leak current back to VCC
 
 	INIT_LLIST_HEAD(&cardem_inst[0].usb_out_queue);
 	rbuf_reset(&cardem_inst[0].rb);
 	PIO_Configure(pins_usim1, PIO_LISTSIZE(pins_usim1));
+
+	/* configure USART as ISO-7816 slave (e.g. card) */
 	ISO7816_Init(&cardem_inst[0].usart_info, CLK_SLAVE);
+#ifdef BOARD_simtrace
+	/* simtrace board uses uart timeouts */
+
+	/*  don't use receive timeout timer for now */
+	cardem_inst[0].usart_info.base->US_RTOR = 0;
+	/* enable interrupts to indicate when data has been received or timeout occurred */
+	USART_EnableIt(cardem_inst[0].usart_info.base, US_IER_RXRDY | US_IER_TIMEOUT);
+#else
+	/* enable interrupts to indicate when data has been received */
+	USART_EnableIt(cardem_inst[0].usart_info.base, US_IER_RXRDY );
+#endif
+	/*  enable interrupt requests for the USART peripheral */
 	NVIC_EnableIRQ(USART1_IRQn);
+
 	PIO_ConfigureIt(&pin_usim1_rst, usim1_rst_irqhandler);
 	PIO_EnableIt(&pin_usim1_rst);
-	usim1_rst_irqhandler(&pin_usim1_rst); /* obtain current RST state */
+
+	/* obtain current RST state */
+	usim1_rst_irqhandler(&pin_usim1_rst);
 #ifndef DETECT_VCC_BY_ADC
 	PIO_ConfigureIt(&pin_usim1_vcc, usim1_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim1_vcc);
-	usim1_vcc_irqhandler(&pin_usim1_vcc); /* obtain current VCC state */
+
+	/* obtain current VCC state */
+	usim1_vcc_irqhandler(&pin_usim1_vcc);
 #else
 	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
@@ -450,12 +600,17 @@ void mode_cardemu_init(void)
 					  SIMTRACE_CARDEM_USB_EP_USIM1_INT, cardem_inst[0].vcc_active,
 					  cardem_inst[0].rst_active, cardem_inst[0].vcc_active);
 	sim_switch_use_physical(0, 1);
+#ifndef DETECT_VCC_BY_ADC
+	usim1_vcc_irqhandler(NULL); // check VCC/CLK state
+#endif
+	usim1_rst_irqhandler(NULL); // force RST state
 
 #ifdef CARDEMU_SECOND_UART
 	INIT_LLIST_HEAD(&cardem_inst[1].usb_out_queue);
 	rbuf_reset(&cardem_inst[1].rb);
 	PIO_Configure(pins_usim2, PIO_LISTSIZE(pins_usim2));
 	ISO7816_Init(&cardem_inst[1].usart_info, CLK_SLAVE);
+	// TODO enable timeout
 	NVIC_EnableIRQ(USART0_IRQn);
 	PIO_ConfigureIt(&pin_usim2_rst, usim2_rst_irqhandler);
 	PIO_EnableIt(&pin_usim2_rst);
@@ -472,6 +627,7 @@ void mode_cardemu_init(void)
 					  SIMTRACE_CARDEM_USB_EP_USIM2_INT, cardem_inst[1].vcc_active,
 					  cardem_inst[1].rst_active, cardem_inst[1].vcc_active);
 	sim_switch_use_physical(1, 1);
+	// TODO check rst and vcc
 #endif /* CARDEMU_SECOND_UART */
 }
 
@@ -635,9 +791,8 @@ static void dispatch_usb_command_modem(struct msgb *msg, struct cardem_inst *ci)
 }
 
 /* handle a single USB command as received from the USB host */
-static void dispatch_usb_command(struct msgb *msg, const struct usb_if *usb_if)
+static void dispatch_usb_command(struct msgb *msg, struct cardem_inst *ci)
 {
-	struct cardem_inst *ci = usb_if->data;
 	struct simtrace_msg_hdr *sh = (struct simtrace_msg_hdr *) msg->l1h;
 
 	if (msgb_length(msg) < sizeof(*sh)) {
@@ -666,8 +821,7 @@ static void dispatch_usb_command(struct msgb *msg, const struct usb_if *usb_if)
 	}
 }
 
-/* handle a single USB transfer as received from the USB host */
-static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb_if)
+static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
 {
 	struct msgb *segm;
 	struct simtrace_msg_hdr *mh;
@@ -678,7 +832,7 @@ static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb
 	mh = (struct simtrace_msg_hdr *) msg->data;
 	if (mh->msg_len == msgb_length(msg)) {
 		/* fast path: only one message in buffer */
-		dispatch_usb_command(msg, usb_if);
+		dispatch_usb_command(msg, ci);
 		return;
 	}
 
@@ -687,23 +841,23 @@ static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb
 	while (1) {
 		mh = (struct simtrace_msg_hdr *) msg->data;
 
-		segm = usb_buf_alloc(usb_if->ep_out);
+		segm = usb_buf_alloc(ci->ep_out);
 		if (!segm) {
 			TRACE_ERROR("%u: ENOMEM during msg segmentation\r\n",
-				    usb_if->if_num);
+				    ci->num);
 			break;
 		}
 
 		if (mh->msg_len > msgb_length(msg)) {
 			TRACE_ERROR("%u: Unexpected large message (%u bytes)\r\n",
-					usb_if->if_num, mh->msg_len);
+					ci->num, mh->msg_len);
 			usb_buf_free(segm);
 			break;
 		} else {
 			uint8_t *cur = msgb_put(segm, mh->msg_len);
 			segm->l1h = segm->head;
 			memcpy(cur, mh, mh->msg_len);
-			dispatch_usb_command(segm, usb_if);
+			dispatch_usb_command(segm, ci);
 		}
 		/* pull this message */
 		msgb_pull(msg, mh->msg_len);
@@ -715,14 +869,35 @@ static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb
 	usb_buf_free(msg);
 }
 
+/* iterate over the queue of incoming USB commands and dispatch/execute
+ * them */
+static void process_any_usb_commands(struct llist_head *main_q,
+				     struct cardem_inst *ci)
+{
+	struct llist_head *lh;
+	struct msgb *msg;
+	int i;
+
+	/* limit the number of iterations to 10, to ensure we don't get
+	 * stuck here without returning to main loop processing */
+	for (i = 0; i < 10; i++) {
+		/* de-queue the list head in an irq-safe way */
+		lh = llist_head_dequeue_irqsafe(main_q);
+		if (!lh)
+			break;
+		msg = llist_entry(lh, struct msgb, list);
+		dispatch_received_msg(msg, ci);
+	}
+}
+
 /* main loop function, called repeatedly */
 void mode_cardemu_run(void)
 {
+	struct llist_head *queue;
 	unsigned int i;
 
 	for (i = 0; i < ARRAY_SIZE(cardem_inst); i++) {
 		struct cardem_inst *ci = &cardem_inst[i];
-		struct usb_if *usb_if = &ci->usb_if;
 
 		/* drain the ring buffer from UART into card_emu */
 		while (1) {
@@ -739,6 +914,16 @@ void mode_cardemu_run(void)
 
 		process_io_statechg(ci);
 
-		usb_process(&ci->usb_if);
+		/* first try to send any pending messages on IRQ */
+		usb_refill_to_host(ci->ep_int);
+
+		/* then try to send any pending messages on IN */
+		usb_refill_to_host(ci->ep_in);
+
+		/* ensure we can handle incoming USB messages from the
+		 * host */
+		usb_refill_from_host(ci->ep_out);
+		queue = usb_get_queue(ci->ep_out);
+		process_any_usb_commands(queue, ci);
 	}
 }

firmware/libcommon/source/sniffer.c

@@ -974,42 +974,20 @@ static void usb_send_change(uint32_t flags)
 	usb_msg_upd_len_and_submit(usb_msg);
 }
 
-/* handle incoming message from USB OUT EP */
-static void dispatch_usb_out(struct msgb *msg, const struct usb_if *usb_if)
-{
-	struct simtrace_msg_hdr *sh = (Struct simtrace_msg_hdr *) msg->l1h;
-
-	if (msg_length(msg) < sizeof(*sh)) {
-		usb_buf_free(msg);
-		return;
-	}
-	msg->l2h = msg->l1h + sizeof(*sh);
-
-	switch (sh->msg_class) {
-	case SIMTRACE_MSGC_GENERIC:
-		break;
-	default:
-		break;
-	}
-
-	usb_buf_free(msg);
-}
-
-static const struct usb_if sniffer_usb_if = {
-	.if_num = 0,
-	.ep_in = SIMTRACE_USB_EP_CARD_DATAIN,
-	.ep_int = SIMTRACE_USB_EP_CARD_INT,
-	.ep_out = SIMTRACE_USB_EP_CARD_DATAOUT,
-	.ops = {
-		.rx_out = dispatch_usb_out,
-	}
-};
-
 /* Main (idle/busy) loop of this USB configuration */
 void Sniffer_run(void)
 {
 	/* Handle USB queue */
-	usb_process(&sniffer_usb_if);
+	/* first try to send any pending messages on INT */
+	usb_refill_to_host(SIMTRACE_USB_EP_CARD_INT);
+	/* then try to send any pending messages on IN */
+	usb_refill_to_host(SIMTRACE_USB_EP_CARD_DATAIN);
+	/* ensure we can handle incoming USB messages from the host */
+	/* currently we don't need any incoming data
+	usb_refill_from_host(SIMTRACE_USB_EP_CARD_DATAOUT);
+	struct llist_head *queue = usb_get_queue(SIMTRACE_USB_EP_CARD_DATAOUT);
+	process_any_usb_commands(queue);
+	*/
 
 	/* WARNING: the signal data and flags are not synchronized. We have to hope 
 	 * the processing is fast enough to not land in the wrong state while data

firmware/libcommon/source/tc_etu.c

@@ -23,6 +23,9 @@
 
 #include "chip.h"
 
+void card_emu_wt_halfed(void *handle);
+void card_emu_wt_expired(void *handle);
+
 /* pins for Channel 0 of TC-block 0, we only use TCLK + TIOB */
 #define PIN_TCLK0	{PIO_PA4, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT }
 #define PIN_TIOA0	{PIO_PA0, PIOA, ID_PIOA, PIO_PERIPH_B, PIO_DEFAULT}
@@ -85,7 +88,7 @@ static void tc_etu_irq(struct tc_etu_state *te)
 		te->nr_events++;
 		if (te->nr_events == te->wait_events/2) {
 			/* Indicate that half the waiting tim has expired */
-			tc_etu_wtime_half_expired(te->handle);
+			card_emu_wt_halfed(te->handle);
 		}
 		if (te->nr_events >= te->wait_events) {
 			TcChannel *chan = te->chan;
@@ -96,7 +99,7 @@ static void tc_etu_irq(struct tc_etu_state *te)
 			chan->TC_CCR = TC_CCR_CLKEN;
 
 			/* Indicate that the waiting tim has expired */
-			tc_etu_wtime_expired(te->handle);
+			card_emu_wt_expired(te->handle);
 		}
 	}
 }

firmware/libosmocore/include/osmocom/core/utils.h

@@ -36,7 +36,7 @@ const char *get_value_string_or_null(const struct value_string *vs,
 int get_string_value(const struct value_string *vs, const char *str);
 
 char osmo_bcd2char(uint8_t bcd);
-/* only works for numbers in ascci */
+/* only works for numbers in ASCII */
 uint8_t osmo_char2bcd(char c);
 
 int osmo_hexparse(const char *str, uint8_t *b, int max_len);
@@ -60,7 +60,7 @@ do {								\
 	rem -= ret;						\
 } while (0)
 
-/*! Helper macro to terminate when an assertion failes
+/*! Helper macro to terminate when an assertion fails
  *  \param[in] exp Predicate to verify
  *  This function will generate a backtrace and terminate the program if
  *  the predicate evaluates to false (0).
@@ -75,7 +75,7 @@ do {								\
 /*! duplicate a string using talloc and release its prior content (if any)
  * \param[in] ctx Talloc context to use for allocation
  * \param[out] dst pointer to string, will be updated with ptr to new string
- * \param[in] newstr String that will be copieed to newly allocated string */
+ * \param[in] newstr String that will be copied to newly allocated string */
 static inline void osmo_talloc_replace_string(void *ctx, char **dst, const char *newstr)
 {
 	if (*dst)

host/include/osmocom/simtrace2/simtrace2_api.h

@@ -12,8 +12,6 @@ struct osmo_st2_transport {
 		uint8_t out;
 		uint8_t irq_in;
 	} usb_ep;
-	/* use non-blocking / asynchronous libusb I/O */
-	bool usb_async;
 
 	/* UDP */
 	int udp_fd;
@@ -41,6 +39,8 @@ struct osmo_st2_cardem_inst {
 	void *priv;
 };
 
+int osmo_st2_transp_tx_msg(struct osmo_st2_transport *transp, struct msgb *msg);
+
 int osmo_st2_slot_tx_msg(struct osmo_st2_slot *slot, struct msgb *msg,
                          uint8_t msg_class, uint8_t msg_type);
 

host/lib/simtrace2_api.c

@@ -57,60 +57,23 @@ static struct msgb *st_msgb_alloc(void)
 	return msgb_alloc_headroom(1024+32, 32, "SIMtrace");
 }
 
-
-static void usb_out_xfer_cb(struct libusb_transfer *xfer)
+/*! \brief Transmit a given command to the SIMtrace2 device */
+int osmo_st2_transp_tx_msg(struct osmo_st2_transport *transp, struct msgb *msg)
 {
-	struct msgb *msg = xfer->user_data;
+	int rc;
 
-	switch (xfer->status) {
-	case LIBUSB_TRANSFER_COMPLETED:
-		break;
-	case LIBUSB_TRANSFER_NO_DEVICE:
-		fprintf(stderr, "USB device disappeared\n");
-		exit(1);
-		break;
-	default:
-		fprintf(stderr, "USB OUT transfer failed, status=%u\n", xfer->status);
-		exit(1);
-		break;
+	printf("<- %s\n", msgb_hexdump(msg));
+
+	if (transp->udp_fd < 0) {
+		int xfer_len;
+
+		rc = libusb_bulk_transfer(transp->usb_devh, transp->usb_ep.out,
+					  msgb_data(msg), msgb_length(msg),
+					  &xfer_len, 100000);
+	} else {
+		rc = write(transp->udp_fd, msgb_data(msg), msgb_length(msg));
 	}
 
-	msgb_free(msg);
-	libusb_free_transfer(xfer);
-}
-
-
-static int st2_transp_tx_msg_usb_async(struct osmo_st2_transport *transp, struct msgb *msg)
-{
-	struct libusb_transfer *xfer;
-	int rc;
-
-	xfer = libusb_alloc_transfer(0);
-	OSMO_ASSERT(xfer);
-	xfer->dev_handle = transp->usb_devh;
-	xfer->flags = 0;
-	xfer->type = LIBUSB_TRANSFER_TYPE_BULK;
-	xfer->endpoint = transp->usb_ep.out;
-	xfer->timeout = 100000;
-	xfer->user_data = msg;
-	xfer->length = msgb_length(msg);
-	xfer->buffer = msgb_data(msg);
-	xfer->callback = usb_out_xfer_cb;
-
-	rc = libusb_submit_transfer(xfer);
-	OSMO_ASSERT(rc == 0);
-
-	return rc;
-}
-
-/*! \brief Transmit a given command to the SIMtrace2 device */
-static int st2_transp_tx_msg_usb_sync(struct osmo_st2_transport *transp, struct msgb *msg)
-{
-	int rc;
-	int xfer_len;
-	rc = libusb_bulk_transfer(transp->usb_devh, transp->usb_ep.out,
-				  msgb_data(msg), msgb_length(msg),
-				  &xfer_len, 100000);
 	msgb_free(msg);
 	return rc;
 }
@@ -135,24 +98,9 @@ static struct simtrace_msg_hdr *st_push_hdr(struct msgb *msg, uint8_t msg_class,
 int osmo_st2_slot_tx_msg(struct osmo_st2_slot *slot, struct msgb *msg,
 			 uint8_t msg_class, uint8_t msg_type)
 {
-	struct osmo_st2_transport *transp = slot->transp;
-	int rc;
-
-	OSMO_ASSERT(transp);
-
 	st_push_hdr(msg, msg_class, msg_type, slot->slot_nr);
-	printf("SIMtrace <- %s\n", msgb_hexdump(msg));
 
-	if (transp->udp_fd < 0) {
-		if (transp->usb_async)
-			rc = st2_transp_tx_msg_usb_async(transp, msg);
-		else
-			rc = st2_transp_tx_msg_usb_sync(transp, msg);
-	} else {
-		rc = write(transp->udp_fd, msgb_data(msg), msgb_length(msg));
-		msgb_free(msg);
-	}
-	return rc;
+	return osmo_st2_transp_tx_msg(slot->transp, msg);
 }
 
 /***********************************************************************

host/src/simtrace2-remsim.c

@@ -50,6 +50,26 @@
 #include <osmocom/sim/class_tables.h>
 #include <osmocom/sim/sim.h>
 
+/*
+reasonable ATR offering all protocols and voltages
+smartphones might not care, but other readers do
+
+TS = 0x3B	Direct Convention
+T0 = 0x80	Y(1): b1000, K: 0 (historical bytes)
+TD(1) = 0x80	Y(i+1) = b1000, Protocol T=0
+----
+TD(2) = 0x81	Y(i+1) = b1000, Protocol T=1
+----
+TD(3) = 0x1F	Y(i+1) = b0001, Protocol T=15
+----
+TA(4) = 0xC7	Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+----
+Historical bytes
+TCK = 0x59 	correct checksum
+*/
+static uint8_t real_atr[] = { 0x3B, 0x80, 0x80, 0x81 , 0x1F, 0xC7, 0x59};
+
+
 static void atr_update_csum(uint8_t *atr, unsigned int atr_len)
 {
 	uint8_t csum = 0;
@@ -71,9 +91,9 @@ static int process_do_status(struct osmo_st2_cardem_inst *ci, uint8_t *buf, int
 	struct cardemu_usb_msg_status *status;
 	status = (struct cardemu_usb_msg_status *) buf;
 
-	printf("=> STATUS: flags=0x%x, fi=%u, di=%u, wi=%u wtime=%u\n",
-		status->flags, status->fi, status->di, status->wi,
-		status->waiting_time);
+	printf("=> STATUS: flags=0x%x, F=%u, D=%u, WI=%u WT=%u\n",
+		status->flags, status->f, status->d, status->wi,
+		status->wt);
 
 	return 0;
 }
@@ -437,8 +457,6 @@ int main(int argc, char **argv)
 		osmo_st2_modem_sim_select_remote(ci->slot);
 
 		if (!skip_atr) {
-			/* set the ATR */
-			uint8_t real_atr[] = {  0x3B, 0x00 }; // the simplest ATR
 			atr_update_csum(real_atr, sizeof(real_atr));
 			osmo_st2_cardem_request_set_atr(ci, real_atr, sizeof(real_atr));
 		}

host/src/simtrace2-sniff.c

@@ -342,7 +342,7 @@ int main(int argc, char **argv)
 	while (1) {
 		int option_index = 0;
 
-		char c = getopt_long(argc, argv, "hi:kV:P:C:I:S:A:", opts, &option_index);
+		int c = getopt_long(argc, argv, "hi:kV:P:C:I:S:A:", opts, &option_index);
 		if (c == -1)
 			break;
 		switch (c) {