assert: Use printf_sync() to ensure printing of assert / panic

Change-Id: Icc202e60445d9be1cdcd61176db5ed1704d583e7

.gitignore

@@ -18,7 +18,8 @@ tags
 *.bin
 *.p
 host/simtrace2-list
-host/simtrace2-remsim
+host/simtrace2-cardem-pcsc
-host/simtrace2-remsim-usb2udp
+host/contrib/simtrace2.spec
 usb_strings_generated.h
 firmware/usbstring/usbstring
+firmware/apps/*/usb_strings.txt.patched

README.md

@@ -5,9 +5,6 @@ This is the repository for the next-generation SIMtrace devices,
 providing abilities to trace the communication between (U)SIM card and
 phone, remote (U)SIM card forward, (U)SIM man-in-the-middle, and more.
 
-This is under heavy development, and right now it is not surprising if
-things still break on a daily basis.
-
 NOTE: Nothing in this repository applies to the SIMtrace v1.x hardware
 or its associated firmware.  SIMtrace v1.x is based on a different CPU /
 microcontroller architecture and uses a completely different software
@@ -16,12 +13,6 @@ stack and host software.
 Supported Hardware
 ------------------
 
-At this point, the primary development target is still the OWHW + sysmoQMOD
-device, but we expect to add support for a SAM3 based SIMtrace hardware
-board soon.
-
-The goal is to support the following devices:
-
 * Osmocom SIMtrace 1.x with SAM3 controller
 ** this is open hardware and schematics / PCB design is published
 * sysmocom sysmoQMOD (with 4 Modems,  4 SIM slots and 2 SAM3)
@@ -37,3 +28,11 @@ This repository contains several directory
 * firmware - the firmware to run on the actual devices
 * hardware - some information related to the hardware
 * host - Programs to use on the USB host to interface with the hardware
+
+
+The host software includes
+
+* libosmo-simtrace2 - a shared library to talk to devices running the simtrace2 firmware
+* simtrace2-list - list any USB-attached devices running simtrace2 firmware
+* simtrace2-sniff - interface the 'trace' firmware to obtain card protocol traces
+* simtrace2-cardem-pcsc - interface the 'cardem' fimrware to use a SIM in a PC/SC reader

TODO-RELEASE

@@ -0,0 +1,10 @@
+# When cleaning up this file: bump API version in corresponding Makefile.am and rename corresponding debian/lib*.install
+# according to https://osmocom.org/projects/cellular-infrastructure/wiki/Make_a_new_release
+# In short: https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html#Updating-version-info
+# LIBVERSION=c:r:a
+# If the library source code has changed at all since the last update, then increment revision: c:r + 1:a.
+# If any interfaces have been added, removed, or changed since the last update: c + 1:0:0.
+# If any interfaces have been added since the last public release: c:r:a + 1.
+# If any interfaces have been removed or changed since the last public release: c:r:0.
+#library	what			description / commit summary line
+simtrace2	API/ABI change		osmo_st2_transport new member

contrib/jenkins.sh

@@ -28,7 +28,7 @@ export PKG_CONFIG_PATH="$inst/lib/pkgconfig:$PKG_CONFIG_PATH"
 export LD_LIBRARY_PATH="$inst/lib"
 
 BUILDS=""
-BUILDS+="simtrace/dfu simtrace/cardem simtrace/trace " # simtrace/triple_play
+BUILDS+="simtrace/dfu simtrace/trace "
 BUILDS+="qmod/dfu qmod/cardem "
 BUILDS+="owhw/dfu owhw/cardem "
 
@@ -68,6 +68,7 @@ rm -rf $TOPDIR/firmware/bin/simtrace-cardem*
 if [ "x$publish" = "x--publish" ]; then
 	echo
 	echo "=============== UPLOAD BUILD  =============="
+	$TOPDIR/contrib/prepare_upload.sh
 
 	cat > "/build/known_hosts" <<EOF
 [rita.osmocom.org]:48 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDgQ9HntlpWNmh953a2Gc8NysKE4orOatVT1wQkyzhARnfYUerRuwyNr1GqMyBKdSI9amYVBXJIOUFcpV81niA7zQRUs66bpIMkE9/rHxBd81SkorEPOIS84W4vm3SZtuNqa+fADcqe88Hcb0ZdTzjKILuwi19gzrQyME2knHY71EOETe9Yow5RD2hTIpB5ecNxI0LUKDq+Ii8HfBvndPBIr0BWYDugckQ3Bocf+yn/tn2/GZieFEyFpBGF/MnLbAAfUKIdeyFRX7ufaiWWz5yKAfEhtziqdAGZaXNaLG6gkpy3EixOAy6ZXuTAk3b3Y0FUmDjhOHllbPmTOcKMry9

contrib/prepare_upload.sh

@@ -0,0 +1,16 @@
+#!/bin/sh -e
+# Create copies of binaries with -latest, -$GIT_VERSION (OS#4413, OS#3452)
+cd "$(dirname "$0")/.."
+
+GIT_VERSION="$(./git-version-gen .tarball-version)"
+
+echo "Copying binaries with "-latest" and "-$GIT_VERSION" appended..."
+
+cd firmware/bin
+for ext in bin elf; do
+	for file in *."$ext"; do
+		without_ext="${file%.*}"
+		cp -v "$file" "$without_ext-latest.$ext"
+		cp -v "$file" "$without_ext-$GIT_VERSION.$ext"
+	done
+done

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

firmware/Makefile

@@ -28,11 +28,19 @@
 
 #   Makefile for compiling the Getting Started with SAM3S Microcontrollers project
 
-GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarvers)
+GIT_VERSION=$(shell $(TOP)/git-version-gen $(TOP)/.tarball-version)
 #-------------------------------------------------------------------------------
 #        User-modifiable options
 #-------------------------------------------------------------------------------
 
+# verbosity
+V ?= 0
+ifneq ("$(V)","0")
+SILENT :=
+else
+SILENT := @
+endif
+
 # Chip & board used for compilation
 # (can be overriden by adding CHIP=chip and BOARD=board to the command-line)
 CHIP  ?= sam3s4
@@ -100,7 +108,7 @@ C_LIBUSB     = USBDescriptors.c USBRequests.c USBD.c USBDCallbacks.c USBDDriver.
 C_LIBUSB_RT  = dfu.c dfu_runtime.c
 C_LIBUSB_DFU = dfu.c dfu_desc.c dfu_driver.c
 C_LIBCOMMON  = string.c stdio.c fputs.c usb_buf.c ringbuffer.c pseudo_talloc.c host_communication.c \
-	       main_common.c
+	       main_common.c stack_check.c
 
 C_BOARD      = $(notdir $(wildcard libboard/common/source/*.c))
 C_BOARD     += $(notdir $(wildcard libboard/$(BOARD)/source/*.c))
@@ -164,14 +172,14 @@ CFLAGS += -Wno-suggest-attribute=noreturn
 # -mlong-calls  -Wall
 #CFLAGS += -save-temps -fverbose-asm
 #CFLAGS += -Wa,-a,-ad
-CFLAGS += -D__ARM
+CFLAGS += -D__ARM -fno-builtin
 CFLAGS += --param max-inline-insns-single=500 -mcpu=cortex-m3 -mthumb # -mfix-cortex-m3-ldrd
 CFLAGS += -ffunction-sections -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -DTRACE_LEVEL=$(TRACE_LEVEL) -DALLOW_PEER_ERASE=$(ALLOW_PEER_ERASE)
 CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
 CFLAGS += -DBOARD=\"$(BOARD)\" -DBOARD_$(BOARD)
 CFLAGS += -DAPPLICATION=\"$(APP)\" -DAPPLICATION_$(APP)
 ASFLAGS = -mcpu=cortex-m3 -mthumb -Wall -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -D__ASSEMBLY__
-LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--warn-unresolved-symbols -Wl,--print-memory-usage $(LIB)
+LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--print-memory-usage -Wl,--no-undefined $(LIB)
 #LD_OPTIONAL=-Wl,--print-gc-sections -Wl,--stats
 
 # Append BIN directories to output filename
@@ -210,22 +218,18 @@ C_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(C_OBJECTS))
 ASM_OBJECTS_$(1) = $(addprefix $(OBJ)/$(1)_, $(ASM_OBJECTS))
 
 $(1): $$(ASM_OBJECTS_$(1)) $$(C_OBJECTS_$(1))
-	@$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
+	$(SILENT)$(CC) $(LDFLAGS) $(LD_OPTIONAL) -T"libboard/common/resources/$(CHIP)/$$@.ld" -Wl,-Map,$(OUTPUT)-$$@.map -o $(OUTPUT)-$$@.elf $$^ $(LIBS)
-	cp $(OUTPUT)-$$@.elf $(OUTPUT)-$$@-$(GIT_VERSION).elf
+	$(SILENT)$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
-	cp $(OUTPUT)-$$@.elf $(OUTPUT)-$$@-latest.elf
+	$(SILENT)$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
-	@$(NM) $(OUTPUT)-$$@.elf >$(OUTPUT)-$$@.elf.txt
+	$(SILENT)$(SIZE) $$^ $(OUTPUT)-$$@.elf
-	@$(OBJCOPY) -O binary $(OUTPUT)-$$@.elf $(OUTPUT)-$$@.bin
-	cp $(OUTPUT)-$$@.bin $(OUTPUT)-$$@-$(GIT_VERSION).bin
-	cp $(OUTPUT)-$$@.bin $(OUTPUT)-$$@-latest.bin
-	@$(SIZE) $$^ $(OUTPUT)-$$@.elf
 
 $$(C_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.c Makefile $(OBJ) $(BIN)
 	@echo [COMPILING $$<]
-	@$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
+	$(SILENT)$(CC) $(CFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -Wa,-ahlms=$(BIN)/$$*.lst -c -o $$@ $$<
 
 $$(ASM_OBJECTS_$(1)): $(OBJ)/$(1)_%.o: %.S Makefile $(OBJ) $(BIN)
 	@echo [ASSEMBLING $$@]
-	@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
+	$(SILENT)@$(CC) $(ASFLAGS) -DENVIRONMENT_$(1) -DENVIRONMENT=\"$(1)\" -c -o $$@ $$<
 
 debug_$(1): $(1)
 	$(GDB) -x "$(BOARD_LIB)/resources/gcc/$(BOARD)_$(1).gdb" -ex "reset" -readnow -se $(OUTPUT)-$(1).elf

firmware/apps/cardem/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c

firmware/apps/cardem/main.c

@@ -147,7 +147,8 @@ extern int main(void)
 	unsigned int i = 0;
 
 	led_init();
-	led_blink(LED_RED, BLINK_3O_5F);
+	led_blink(LED_RED, BLINK_ALWAYS_ON);
+	led_blink(LED_GREEN, BLINK_ALWAYS_ON);
 
 	/* Enable watchdog for 2000ms, with no window */
 	WDT_Enable(WDT, WDT_MR_WDRSTEN | WDT_MR_WDDBGHLT | WDT_MR_WDIDLEHLT |
@@ -220,7 +221,6 @@ extern int main(void)
 			}
 			last_simtrace_config = simtrace_config;
 		} else {
-			//FIXME: usb_proces() for every interface in this configuration?
 			if (config_func_ptrs[simtrace_config].run) {
 				config_func_ptrs[simtrace_config].run();
 			}

firmware/apps/dfu/main.c

@@ -243,6 +243,17 @@ static void check_exec_dbg_cmd(void)
 	//board_exec_dbg_cmd(ch);
 }
 
+/* print a horizontal line of '=' characters; Doing this in a loop vs. using a 'const'
+ * string saves us ~60 bytes of executable size (matters particularly for DFU loader) */
+static void print_line(void)
+{
+	int i;
+	for (i = 0; i < 78; i++)
+		fputc('=', stdout);
+	fputc('\n', stdout);
+	fputc('\r', stdout);
+}
+
 /*------------------------------------------------------------------------------
  *        Main
  *------------------------------------------------------------------------------*/
@@ -265,16 +276,14 @@ extern int main(void)
 	PIO_Clear(&pinsLeds[LED_NUM_GREEN]);
 #endif
 
-	PIO_InitializeInterrupts(0);
-
 	EEFC_ReadUniqueID(g_unique_id);
 
-	printf("\n\r\n\r"
+	printf("\n\r\n\r");
-		"=============================================================================\n\r"
+	print_line();
-		"DFU bootloader %s for board %s\n\r"
+	printf("DFU bootloader %s for board %s\n\r"
-		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r"
+		"(C) 2010-2017 by Harald Welte, 2018-2019 by Kevin Redon\n\r",
-		"=============================================================================\n\r",
 		manifest_revision, manifest_board);
+	print_line();
 
 #if (TRACE_LEVEL >= TRACE_LEVEL_INFO)
 	TRACE_INFO("Chip ID: 0x%08lx (Ext 0x%08lx)\n\r", CHIPID->CHIPID_CIDR, CHIPID->CHIPID_EXID);

firmware/apps/trace/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c cciddriver.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c

firmware/apps/triple_play/Makefile

@@ -1,3 +1,3 @@
 C_FILES += $(C_LIBUSB_RT)
 
-C_FILES += card_emu.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c tc_etu.c usb.c
+C_FILES += card_emu.c iso7816_4.c iso7816_fidi.c mitm.c mode_cardemu.c mode_ccid.c simtrace_iso7816.c sniffer.c usb.c

firmware/atmel_softpack_libraries/libchip_sam3s/source/USBD_HAL.c

@@ -1672,10 +1672,6 @@ uint8_t USBD_HAL_Halt(uint8_t bEndpoint, uint8_t ctl)
             UDP->UDP_RST_EP |= 1 << bEndpoint;
             UDP->UDP_RST_EP &= ~(1 << bEndpoint);
         }
-
-        /* This fixes a weird bug with regard to ping-pong OUT endpoints */
-        UDP->UDP_RST_EP |= 1 << bEndpoint;
-        UDP->UDP_RST_EP &= ~(1 << bEndpoint);
     }
 
     /* Return Halt status */

firmware/atmel_softpack_libraries/libchip_sam3s/source/pio_it.c

@@ -211,6 +211,16 @@ extern void PIO_InitializeInterrupts( uint32_t dwPriority )
     NVIC_EnableIRQ( PIOC_IRQn ) ;
 }
 
+static InterruptSource *find_intsource4pin(const Pin *pPin)
+{
+    unsigned int i ;
+    for (i = 0; i < _dwNumSources; i++) {
+        if (_aIntSources[i].pPin == pPin)
+	    return &_aIntSources[i];
+    }
+    return NULL;
+}
+
 /**
  * Configures a PIO or a group of PIO to generate an interrupt on status
  * change. The provided interrupt handler will be called with the triggering
@@ -228,15 +238,17 @@ extern void PIO_ConfigureIt( const Pin *pPin, void (*handler)( const Pin* ) )
 
     assert( pPin ) ;
     pio = pPin->pio ;
-    assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
 
-    /* Define new source */
+    pSource = find_intsource4pin(pPin);
-    TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
+    if (!pSource) {
-
+        /* Define new source */
-    pSource = &(_aIntSources[_dwNumSources]) ;
+        TRACE_DEBUG( "PIO_ConfigureIt: Defining new source #%" PRIu32 ".\n\r",  _dwNumSources ) ;
-    pSource->pPin = pPin ;
+        assert( _dwNumSources < MAX_INTERRUPT_SOURCES ) ;
+        pSource = &(_aIntSources[_dwNumSources]) ;
+        pSource->pPin = pPin ;
+        _dwNumSources++ ;
+    }
     pSource->handler = handler ;
-    _dwNumSources++ ;
 
     /* PIO3 with additional interrupt support
      * Configure additional interrupt mode registers */

firmware/atmel_softpack_libraries/usb/device/core/USBD.c

@@ -300,7 +300,7 @@ void USBD_SetConfiguration(uint8_t cfgnum)
     else {
         deviceState = USBD_STATE_ADDRESS;
         /* Reset all endpoints */
-        USBD_HAL_ResetEPs(0xFFFFFFFF, USBD_STATUS_RESET, 0);
+        USBD_HAL_ResetEPs(0xFFFFFFFE, USBD_STATUS_RESET, 0);
     }
 }
 

firmware/atmel_softpack_libraries/usb/device/dfu/dfu.h

@@ -39,8 +39,8 @@ struct dfu_desc {
 #define DFU_FUNC_DESC  {						\
 	.bLength		= USB_DT_DFU_SIZE,			\
 	.bDescriptorType	= USB_DT_DFU,				\
-	.bmAttributes		= USB_DFU_CAN_UPLOAD | USB_DFU_CAN_DOWNLOAD, \
+	.bmAttributes		= USB_DFU_CAN_UPLOAD | USB_DFU_CAN_DOWNLOAD | USB_DFU_WILL_DETACH, \
-	.wDetachTimeOut		= 0xff00,				\
+	.wDetachTimeOut		= 0x00,				\
 	.wTransferSize		= BOARD_DFU_PAGE_SIZE,			\
 	.bcdDFUVersion		= 0x0100,				\
 }

firmware/atmel_softpack_libraries/usb/device/dfu/dfu_runtime.c

@@ -165,6 +165,8 @@ void USBDFU_Runtime_RequestHandler(const USBGenericRequest *request)
 			 * will then trigger DFURT_SwitchToDFU() below */
 			TRACE_DEBUG("\r\n====dfu_detach\n\r");
 			g_dfu->state = DFU_STATE_appDETACH;
+			USBD_Write(0, 0, 0, 0, 0);
+			DFURT_SwitchToDFU();
 			ret = DFU_RET_ZLP;
 			goto out;
 			break;
@@ -209,13 +211,14 @@ out:
 
 void DFURT_SwitchToDFU(void)
 {
+	__disable_irq();
+
 	/* store the magic value that the DFU loader can detect and
 	 * activate itself, rather than boot into the application */
 	g_dfu->magic = USB_DFU_MAGIC;
-
+	__DMB();
 	/* Disconnect the USB by removing the pull-up */
 	USBD_Disconnect();
-	__disable_irq();
 
 	/* reset the processor, we will start execution with the
 	 * ResetVector of the bootloader */

firmware/libboard/common/include/sim_switch.h

@@ -14,5 +14,13 @@
  */
 #pragma once
 
+/** switch card lines to use physical or emulated card
+ *  @param[in] nr card interface number (i.e. slot)
+ *  @param[in] physical which physical interface to switch to (e.g. 0: physical, 1: virtual)
+ *  @return 0 on success, negative else
+ */
 int sim_switch_use_physical(unsigned int nr, int physical);
+/** initialise card switching capabilities
+ *  @return number of switchable card interfaces
+ */
 int sim_switch_init(void);

firmware/libboard/common/source/board_lowlevel.c

@@ -218,3 +218,8 @@ void mdelay(unsigned int msecs)
 	do {
 	} while ((jiffies - jiffies_start) < msecs);
 }
+
+void abort() {
+	NVIC_SystemReset();
+	while(1) {};
+}

firmware/libboard/qmod/source/sim_switch.c

@@ -0,0 +1,90 @@
+/* Code to switch between local (physical) and remote (emulated) SIM
+ *
+ * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "trace.h"
+#include "led.h"
+#include "sim_switch.h"
+
+#ifdef PIN_SIM_SWITCH1
+static const Pin pin_conn_usim1 = {PIO_PA20, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+#ifdef PIN_SIM_SWITCH2
+static const Pin pin_conn_usim2 = {PIO_PA28, PIOA, ID_PIOA, PIO_OUTPUT_0, PIO_DEFAULT};
+#endif
+
+static int initialized = 0;
+
+int sim_switch_use_physical(unsigned int nr, int physical)
+{
+	const Pin *pin;
+	enum led led;
+
+	if (!initialized) {
+		TRACE_ERROR("Somebody forgot to call sim_switch_init()\r\n");
+		sim_switch_init();
+	}
+
+	TRACE_INFO("Modem %d: %s SIM\n\r", nr,
+		   physical ? "physical" : "virtual");
+
+	switch (nr) {
+#ifdef PIN_SIM_SWITCH1
+	case 0:
+		pin = &pin_conn_usim1;
+		led = LED_USIM1;
+		break;
+#endif
+#ifdef PIN_SIM_SWITCH2
+	case 1:
+		pin = &pin_conn_usim2;
+		led = LED_USIM2;
+		break;
+#endif
+	default:
+		TRACE_ERROR("Invalid SIM%u\n\r", nr);
+		return -1;
+	}
+
+	if (physical) {
+		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
+		PIO_Clear(pin);
+		led_blink(led, BLINK_ALWAYS_ON);
+	} else {
+		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
+		PIO_Set(pin);
+		led_blink(led, BLINK_ALWAYS_OFF);
+	}
+
+	return 0;
+}
+
+int sim_switch_init(void)
+{
+	int num_switch = 0;
+#ifdef PIN_SIM_SWITCH1
+	PIO_Configure(&pin_conn_usim1, 1);
+	num_switch++;
+#endif
+#ifdef PIN_SIM_SWITCH2
+	PIO_Configure(&pin_conn_usim2, 1);
+	num_switch++;
+#endif
+	initialized = 1;
+	return num_switch;
+}

firmware/libboard/simtrace/include/board.h

@@ -78,11 +78,11 @@
 /* Phone USIM slot 1 RST pin (active low; RST_PHONE in schematic) */
 #define PIN_USIM1_nRST         {PIO_PA24, PIOA, ID_PIOA, PIO_INPUT, PIO_IT_EDGE | PIO_DEGLITCH }
 /* Phone I/O data signal input/output (I/O_PHONE in schematic) */
-#define PIN_PHONE_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+#define PIN_USIM1_IO           {PIO_PA22A_TXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Phone CLK clock input (CLK_PHONE in schematic) */
-#define PIN_PHONE_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
+#define PIN_USIM1_CLK          {PIO_PA23A_SCK1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used for phone USIM slot 1 communication */
-#define PINS_USIM1              PIN_PHONE_IO, PIN_PHONE_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
+#define PINS_USIM1              PIN_USIM1_IO, PIN_USIM1_CLK, PIN_PHONE_CLK_INPUT, PIN_USIM1_VCC, PIN_PHONE_IO_INPUT, PIN_USIM1_nRST
 /* Phone I/O data signal input/output (unused USART RX input; connected to I/O_PHONE in schematic) */
 #define PIN_PHONE_IO_INPUT     {PIO_PA21A_RXD1, PIOA, ID_PIOA, PIO_PERIPH_A, PIO_DEFAULT}
 /* Pin used as clock input (to measure the ETU duration; connected to CLK_PHONE in schematic) */

firmware/libboard/simtrace/source/sim_switch.c

@@ -0,0 +1,54 @@
+/* Code to switch between local (physical) and remote (emulated) SIM
+ *
+ * (C) 2015-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA
+ */
+#include "board.h"
+#include "trace.h"
+#include "led.h"
+#include "sim_switch.h"
+
+int sim_switch_use_physical(unsigned int nr, int physical)
+{
+	const Pin pin_sc = PIN_SC_SW_DEFAULT; // pin to control bus switch for VCC/RST/CLK signals
+	const Pin pin_io = PIN_IO_SW_DEFAULT; // pin to control bus switch for I/O signal
+
+	if (nr > 0) {
+		TRACE_ERROR("SIM interface for Modem %d can't be switched\r\n", nr);
+		return -1;
+	}
+
+	TRACE_INFO("Modem %u: %s SIM\n\r", nr, physical ? "physical" : "virtual");
+
+	if (physical) {
+		TRACE_INFO("%u: Use local/physical SIM\r\n", nr);
+		PIO_Set(&pin_sc);
+		PIO_Set(&pin_io);
+	} else {
+		TRACE_INFO("%u: Use remote/emulated SIM\r\n", nr);
+		PIO_Clear(&pin_sc);
+		PIO_Clear(&pin_io);
+	}
+
+	return 0;
+}
+
+int sim_switch_init(void)
+{
+	// the bus switch is already initialised
+	return 1; // SIMtrace hardware has only one switchable interface
+}

firmware/libcommon/include/assert.h

@@ -89,7 +89,7 @@
 		/// \param condition  Condition to verify.
 		#define ASSERT(condition)  { \
 			if (!(condition)) { \
-				printf("-F- ASSERT: %s %s:%d\n\r", #condition, __BASE_FILE__, __LINE__); \
+				printf_sync("-F- ASSERT: %s %s:%d\n\r", #condition, __BASE_FILE__, __LINE__); \
 				while (1); \
 			} \
 		}

firmware/libcommon/include/card_emu.h

@@ -31,7 +31,6 @@ enum card_io {
 
 /** initialise card slot
  *  @param[in] slot_num slot number (arbitrary number)
- *  @param[in] tc_chan timer counter channel (to measure the ETU)
  *  @param[in] uart_chan UART peripheral channel
  *  @param[in] in_ep USB IN end point number
  *  @param[in] irq_ep USB INTerrupt end point number
@@ -40,7 +39,7 @@ enum card_io {
  *  @param[in] clocked initial CLK signat state (true = active)
  *  @return main card handle reference
  */
-struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked);
+struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked);
 
 /* process a single byte received from the reader */
 void card_emu_process_rx_byte(struct card_handle *ch, uint8_t byte);
@@ -58,10 +57,17 @@ struct llist_head *card_emu_get_uart_tx_queue(struct card_handle *ch);
 void card_emu_have_new_uart_tx(struct card_handle *ch);
 void card_emu_report_status(struct card_handle *ch, bool report_on_irq);
 
-#define ENABLE_TX	0x01
+void card_emu_wtime_half_expired(void *ch);
-#define ENABLE_RX	0x02
+void card_emu_wtime_expired(void *ch);
+
+
+#define ENABLE_TX		0x01
+#define ENABLE_RX		0x02
+#define ENABLE_TX_TIMER_ONLY	0x03
 
 int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi);
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt);
+void card_emu_uart_reset_wt(uint8_t uart_chan);
 int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte);
 void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx);
 void card_emu_uart_wait_tx_idle(uint8_t uart_chan);

firmware/libcommon/include/iso7816_fidi.h

@@ -21,10 +21,10 @@
 #include <stdint.h>
 
 /* Table 7 of ISO 7816-3:2006 */
-extern const uint16_t fi_table[];
+extern const uint16_t iso7816_3_fi_table[16];
 
 /* Table 8 from ISO 7816-3:2006 */
-extern const uint8_t di_table[];
+extern const uint8_t iso7816_3_di_table[16];
 
-/* compute the F/D ratio based on Fi and Di values */
+/* compute the F/D ratio based on F_index and D_index values */
-int compute_fidi_ratio(uint8_t fi, uint8_t di);
+int iso7816_3_compute_fd_ratio(uint8_t f_index, uint8_t d_index);

firmware/libcommon/include/simtrace_prot.h

@@ -230,11 +230,17 @@ struct cardemu_usb_msg_status {
 	uint32_t flags;
 	/* phone-applied target voltage in mV */
 	uint16_t voltage_mv;
-	/* Fi/Di related information */
+	/* F/D related information. Not actual Fn/Dn values but indexes into tables! */
-	uint8_t fi;
+	union {
-	uint8_t di;
+		uint8_t F_index;	/* <! Index to ISO7816-3 Table 7 (F and f_max values) */
-	uint8_t wi;
+		uint8_t fi;		/* <! old, wrong name for API compatibility */
-	uint32_t waiting_time;
+	};
+	union {
+		uint8_t D_index;	/* <! Index to ISO7816-3 Table 8 (D value) */
+		uint8_t di;		/* <! old, wrong name for API compatibility */
+	};
+	uint8_t wi;		/* <! Waiting Integer as defined in ISO7816-3 Section 10.2 */
+	uint32_t waiting_time;	/* <! Waiting Time in etu as defined in ISO7816-3 Section 8.1 */
 } __attribute__ ((packed));
 
 /* CEMU_USB_MSGT_DO_PTS */

firmware/libcommon/include/usb_buf.h

@@ -42,15 +42,5 @@ int usb_drain_queue(uint8_t ep);
 void usb_buf_init(void);
 struct usb_buffered_ep *usb_get_buf_ep(uint8_t ep);
 
-struct usb_if {
+int usb_refill_to_host(uint8_t ep);
-	uint8_t if_num;		/* interface number */
+int usb_refill_from_host(uint8_t ep);
-	uint8_t ep_out;		/* OUT endpoint (0 if none) */
-	uint8_t ep_in;		/* IN endpint (0 if none) */
-	uint8_t ep_int;		/* INT endpoint (0 if none) */
-	void *data;		/* opaque data, passed through */
-	struct {
-		/* call-back to be called for inclming messages on OUT EP */
-		void (*rx_out)(struct msgb *msg, const struct usb_if *usb_if);
-	} ops;
-};
-void usb_process(const struct usb_if *usb_if);

firmware/libcommon/source/card_emu.c

@@ -1,6 +1,6 @@
 /* ISO7816-3 state machine for the card side
  *
- * (C) 2010-2019 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010-2021 by Harald Welte <laforge@gnumonks.org>
  * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
@@ -27,7 +27,6 @@
 #include "utils.h"
 #include "trace.h"
 #include "iso7816_fidi.h"
-#include "tc_etu.h"
 #include "card_emu.h"
 #include "simtrace_prot.h"
 #include "usb_buf.h"
@@ -154,19 +153,34 @@ struct card_handle {
 	bool in_reset;	/*< if card is in reset (true = RST low/asserted, false = RST high/ released) */
 	bool clocked;	/*< if clock is active ( true = active, false = inactive) */
 
-	/* timing parameters, from PTS */
+	/* All below variables with _index suffix are indexes from 0..15 into Tables 7 + 8
-	uint8_t fi;
+	 * of ISO7816-3. */
-	uint8_t di;
+
+	/*! Index to clock rate conversion integer Fi (ISO7816-3 Table 7).
+	 *  \note this represents the maximum value supported by the card, and can be indicated in TA1 */
+	uint8_t Fi_index;
+	/*! Current value of index to clock rate conversion integer F (ISO 7816-3 Section 7.1). */
+	uint8_t F_index;
+
+	/*! Index to baud rate adjustment factor Di (ISO7816-3 Table 8).
+	 *  \note this represents the maximum value supported by the card, and can be indicated in TA1 */
+	uint8_t Di_index;
+	/*! Current value of index to baud rate adjustment factor D (ISO 7816-3 Section 7.1). */
+	uint8_t D_index;
+
+	/*! Waiting Integer (ISO7816-3 Section 10.2).
+	 *  \note this value can be set in TA2 */
 	uint8_t wi;
 
-	uint8_t tc_chan;	/* TC channel number */
+	/*! Waiting Time, in ETU (ISO7816-3 Section 8.1).
+	 *  \note this depends on Fi, Di, and WI if T=0 is used */
+	uint32_t waiting_time;	/* in etu */
+
 	uint8_t uart_chan;	/* UART channel */
 
 	uint8_t in_ep;		/* USB IN EP */
 	uint8_t irq_ep;		/* USB IN EP */
 
-	uint32_t waiting_time;	/* in clocks */
-
 	/* ATR state machine */
 	struct {
 		uint8_t idx;
@@ -206,7 +220,7 @@ static void card_handle_reset(struct card_handle *ch)
 {
 	struct msgb *msg;
 
-	tc_etu_disable(ch->tc_chan);
+	card_emu_uart_update_wt(ch->uart_chan, 0);
 
 	/* release any buffers we may still own */
 	if (ch->uart_tx_msg) {
@@ -361,16 +375,14 @@ static void emu_update_fidi(struct card_handle *ch)
 {
 	int rc;
 
-	rc = compute_fidi_ratio(ch->fi, ch->di);
+	rc = iso7816_3_compute_fd_ratio(ch->F_index, ch->D_index);
 	if (rc > 0 && rc < 0x400) {
-		TRACE_INFO("%u: computed Fi(%u) Di(%u) ratio: %d\r\n",
+		TRACE_INFO("%u: computed F(%u)/D(%u) ratio: %d\r\n", ch->num,
-			    ch->num, ch->fi, ch->di, rc);
+			   ch->F_index, ch->D_index, rc);
 		/* make sure UART uses new F/D ratio */
 		card_emu_uart_update_fidi(ch->uart_chan, rc);
-		/* notify ETU timer about this */
-		tc_etu_set_etu(ch->tc_chan, rc);
 	} else
-		TRACE_INFO("%u: computed FiDi ration %d unsupported\r\n",
+		TRACE_INFO("%u: computed F/D ratio %d unsupported\r\n",
 			   ch->num, rc);
 }
 
@@ -392,19 +404,23 @@ static void card_set_state(struct card_handle *ch,
 	case ISO_S_WAIT_RST:
 		/* disable Rx and Tx of UART */
 		card_emu_uart_enable(ch->uart_chan, 0);
+		/* disable timeout */
+		card_emu_uart_update_wt(ch->uart_chan, 0);
 		break;
 	case ISO_S_WAIT_ATR:
 		/* Reset to initial Fi / Di ratio */
-		ch->fi = 1;
+		ch->Fi_index = ch->F_index = 1;
-		ch->di = 1;
+		ch->Di_index = ch->D_index = 1;
+		ch->wi = ISO7816_3_DEFAULT_WI;
+		ch->waiting_time = ISO7816_3_INIT_WTIME;
 		emu_update_fidi(ch);
+		/* enable TX to be able to use the timeout */
+		card_emu_uart_enable(ch->uart_chan, ENABLE_TX_TIMER_ONLY);
 		/* the ATR should only be sent 400 to 40k clock cycles after the RESET.
-		 * we use the tc_etu mechanism to wait this time.
+		 * we use the UART timeout mechanism to wait this time.
 		 * since the initial ETU is Fd=372/Dd=1 clock cycles long, we have to wait 2-107 ETU.
 		 */
-		tc_etu_set_wtime(ch->tc_chan, 2);
+		card_emu_uart_update_wt(ch->uart_chan, 2);
-		/* enable the TC/ETU counter once reset has been released */
-		tc_etu_enable(ch->tc_chan);
 		break;
 	case ISO_S_IN_ATR:
 		/* initialize to default WI, this will be overwritten if we
@@ -414,7 +430,7 @@ static void card_set_state(struct card_handle *ch,
 		/* update waiting time to initial waiting time */
 		ch->waiting_time = ISO7816_3_INIT_WTIME;
 		/* set initial waiting time */
-		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		/* Set ATR sub-state to initial state */
 		ch->atr.idx = 0;
 		/* enable USART transmission to reader */
@@ -489,9 +505,11 @@ static int tx_byte_atr(struct card_handle *ch)
 				}
 			}
 		}
-		/* update waiting time (see ISO 7816-3 10.2) */
+		/* update waiting time (see ISO 7816-3 10.2). We can drop the Fi
-		ch->waiting_time = ch->wi * 960 * ch->fi;
+		 * multiplier as we store the waiting time in units of 'etu', and
-		tc_etu_set_wtime(ch->tc_chan, ch->waiting_time);
+		 * don't really care what the number of clock cycles or the absolute
+		 * wall clock time is */
+		ch->waiting_time = ch->wi * 960;
 		/* go to next state */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
 		return 0;
@@ -626,10 +644,11 @@ static int tx_byte_pts(struct card_handle *ch)
 	case PTS_S_WAIT_RESP_PTS1:
 		byte = ch->pts.resp[_PTS1];
 		/* This must be TA1 */
-		ch->fi = byte >> 4;
+		ch->F_index = byte >> 4;
-		ch->di = byte & 0xf;
+		ch->D_index = byte & 0xf;
-		TRACE_DEBUG("%u: found Fi=%u Di=%u\r\n", ch->num,
+		TRACE_DEBUG("%u: found F=%u D=%u\r\n", ch->num,
-			    ch->fi, ch->di);
+			    iso7816_3_fi_table[ch->F_index], iso7816_3_di_table[ch->D_index]);
+		/* FIXME: if F or D are 0, become unresponsive to signal error condition */
 		break;
 	case PTS_S_WAIT_RESP_PTS2:
 		byte = ch->pts.resp[_PTS2];
@@ -654,10 +673,11 @@ static int tx_byte_pts(struct card_handle *ch)
 	switch (ch->pts.state) {
 	case PTS_S_WAIT_RESP_PCK:
 		card_emu_uart_wait_tx_idle(ch->uart_chan);
-		/* update baud rate generator with Fi/Di */
+		/* update baud rate generator with F/D */
 		emu_update_fidi(ch);
 		/* Wait for the next TPDU */
 		card_set_state(ch, ISO_S_WAIT_TPDU);
+		set_pts_state(ch, PTS_S_WAIT_REQ_PTSS);
 		break;
 	default:
 		/* calculate the next state and set it */
@@ -733,14 +753,28 @@ static void set_tpdu_state(struct card_handle *ch, enum tpdu_state new_ts)
 
 	switch (new_ts) {
 	case TPDU_S_WAIT_CLA:
-	case TPDU_S_WAIT_RX:
+		/* switch back to receiving mode */
 		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
+		/* disable waiting time since we don't expect any data */
+		card_emu_uart_update_wt(ch->uart_chan, 0);
+		break;
+	case TPDU_S_WAIT_INS:
+		/* start waiting for the rest of the header/body */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
+		break;
+	case TPDU_S_WAIT_RX:
+		/* switch to receive mode to receive the body */
+		card_emu_uart_enable(ch->uart_chan, ENABLE_RX);
+		/* start waiting for the body */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
 	case TPDU_S_WAIT_PB:
 		/* we just completed the TPDU header from reader to card
 		 * and now need to disable the receiver, enable the
 		 * transmitter and transmit the procedure byte */
 		card_emu_uart_enable(ch->uart_chan, ENABLE_TX);
+		/* prepare to extend the waiting time once half of it is reached */
+		card_emu_uart_update_wt(ch->uart_chan, ch->waiting_time);
 		break;
 	default:
 		break;
@@ -1025,8 +1059,8 @@ void card_emu_report_status(struct card_handle *ch, bool report_on_irq)
 	if (ch->in_reset)
 		sts->flags |= CEMU_STATUS_F_RESET_ACTIVE;
 	/* FIXME: voltage + card insert */
-	sts->fi = ch->fi;
+	sts->F_index = ch->F_index;
-	sts->di = ch->di;
+	sts->D_index = ch->D_index;
 	sts->wi = ch->wi;
 	sts->waiting_time = ch->waiting_time;
 
@@ -1083,9 +1117,7 @@ void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 	case CARD_IO_RST:
 		if (active == 0 && ch->in_reset) {
 			TRACE_INFO("%u: RST released\r\n", ch->num);
-			if (ch->vcc_active && ch->clocked) {
+			if (ch->vcc_active && ch->clocked && ch->state == ISO_S_WAIT_RST) {
-				/* enable the TC/ETU counter once reset has been released */
-				tc_etu_enable(ch->tc_chan);
 				/* prepare to send the ATR */
 				card_set_state(ch, ISO_S_WAIT_ATR);
 			}
@@ -1094,6 +1126,7 @@ void card_emu_io_statechg(struct card_handle *ch, enum card_io io, int active)
 			TRACE_INFO("%u: RST asserted\r\n", ch->num);
 			card_handle_reset(ch);
 			chg_mask |= CEMU_STATUS_F_RESET_ACTIVE;
+			card_set_state(ch, ISO_S_WAIT_RST);
 		}
 		ch->in_reset = active;
 		break;
@@ -1143,7 +1176,7 @@ int card_emu_set_atr(struct card_handle *ch, const uint8_t *atr, uint8_t len)
 }
 
 /* hardware driver informs us that one (more) ETU has expired */
-void tc_etu_wtime_half_expired(void *handle)
+void card_emu_wtime_half_expired(void *handle)
 {
 	struct card_handle *ch = handle;
 	/* transmit NULL procedure byte well before waiting time expires */
@@ -1153,7 +1186,10 @@ void tc_etu_wtime_half_expired(void *handle)
 		case TPDU_S_WAIT_PB:
 		case TPDU_S_WAIT_TX:
 			putchar('N');
+			/* we are waiting for data from the user. Send a procedure byte to ask the
+			 * reader to wait more time */
 			card_emu_uart_tx(ch->uart_chan, ISO7816_3_PB_NULL);
+			card_emu_uart_reset_wt(ch->uart_chan);
 			break;
 		default:
 			break;
@@ -1165,7 +1201,7 @@ void tc_etu_wtime_half_expired(void *handle)
 }
 
 /* hardware driver informs us that one (more) ETU has expired */
-void tc_etu_wtime_expired(void *handle)
+void card_emu_wtime_expired(void *handle)
 {
 	struct card_handle *ch = handle;
 	switch (ch->state) {
@@ -1179,8 +1215,23 @@ void tc_etu_wtime_expired(void *handle)
 	}
 }
 
-/* shortest ATR possible (uses default speed and no options) */
+/* reasonable ATR offering all protocols and voltages
-static const uint8_t default_atr[] = { 0x3B, 0x00 };
+ * smartphones might not care, but other readers do
+ *
+ * TS =		0x3B	Direct Convention
+ * T0 =		0x80	Y(1): b1000, K: 0 (historical bytes)
+ * TD(1) =	0x80	Y(i+1) = b1000, Protocol T=0
+ * ----
+ * TD(2) =	0x81	Y(i+1) = b1000, Protocol T=1
+ * ----
+ * TD(3) =	0x1F	Y(i+1) = b0001, Protocol T=15
+ * ----
+ * TA(4) =	0xC7	Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+ * ----
+ * Historical bytes
+ * TCK =	0x59 	correct checksum
+ */
+static const uint8_t default_atr[] = { 0x3B, 0x80, 0x80, 0x81 , 0x1F, 0xC7, 0x59 };
 
 static struct card_handle card_handles[NUM_SLOTS];
 
@@ -1196,7 +1247,7 @@ int card_emu_set_config(struct card_handle *ch, const struct cardemu_usb_msg_con
 	return 0;
 }
 
-struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked)
+struct card_handle *card_emu_init(uint8_t slot_num, uint8_t uart_chan, uint8_t in_ep, uint8_t irq_ep, bool vcc_active, bool in_reset, bool clocked)
 {
 	struct card_handle *ch;
 
@@ -1217,11 +1268,10 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 	ch->in_reset = in_reset;
 	ch->clocked = clocked;
 
-	ch->fi = 0;
+	ch->Fi_index = ch->F_index = 1;
-	ch->di = 1;
+	ch->Di_index = ch->D_index = 1;
 	ch->wi = ISO7816_3_DEFAULT_WI;
 
-	ch->tc_chan = tc_chan;
 	ch->uart_chan = uart_chan;
 	ch->waiting_time = ISO7816_3_INIT_WTIME;
 
@@ -1229,9 +1279,10 @@ struct card_handle *card_emu_init(uint8_t slot_num, uint8_t tc_chan, uint8_t uar
 	ch->atr.len = sizeof(default_atr);
 	memcpy(ch->atr.atr, default_atr, ch->atr.len);
 
-	card_handle_reset(ch);
+	ch->pts.state = PTS_S_WAIT_REQ_PTSS;
+	ch->tpdu.state = TPDU_S_WAIT_CLA;
 
-	tc_etu_init(ch->tc_chan, ch);
+	card_handle_reset(ch);
 
 	return ch;
 }

firmware/libcommon/source/host_communication.c

@@ -57,7 +57,7 @@ static void usb_write_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 }
 
 /* check if the spcified IN endpoint is idle and submit the next buffer from queue */
-static int usb_refill_to_host(uint8_t ep)
+int usb_refill_to_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
@@ -130,7 +130,7 @@ static void usb_read_cb(uint8_t *arg, uint8_t status, uint32_t transferred,
 }
 
 /* refill the read queue for data received from host PC on OUT EP, if needed */
-static int usb_refill_from_host(uint8_t ep)
+int usb_refill_from_host(uint8_t ep)
 {
 	struct usb_buffered_ep *bep = usb_get_buf_ep(ep);
 	struct msgb *msg;
@@ -198,45 +198,3 @@ int usb_drain_queue(uint8_t ep)
 
 	return ret;
 }
-
-
-
-/* iterate over the queue of incoming USB commands and dispatch/execute
- * them */
-static void process_any_usb_commands(const struct usb_if *usb_if)
-{
-	struct llist_head *queue = usb_get_queue(usb_if->ep_out);
-	struct llist_head *lh;
-	struct msgb *msg;
-	int i;
-
-	/* limit the number of iterations to 10, to ensure we don't get
-	 * stuck here without returning to main loop processing */
-	for (i = 0; i < 10; i++) {
-		/* de-queue the list head in an irq-safe way */
-		lh = llist_head_dequeue_irqsafe(queue);
-		if (!lh)
-			break;
-		msg = llist_entry(lh, struct msgb, list);
-		usb_if->ops.rx_out(msg, usb_if);
-	}
-}
-
-/* perform any action related to USB processing (IRQ/INT/OUT EP refill, handling OUT) */
-void usb_process(const struct usb_if *usb_if)
-{
-	/* first try to send any pending messages on IRQ */
-	if (usb_if->ep_int)
-		usb_refill_to_host(usb_if->ep_int);
-
-	/* then try to send any pending messages on IN */
-	if (usb_if->ep_in)
-		usb_refill_to_host(usb_if->ep_in);
-
-	/* ensure we can handle incoming USB messages from the
-	 * host */
-	if (usb_if->ep_out) {
-		usb_refill_from_host(usb_if->ep_out);
-		process_any_usb_commands(usb_if);
-	}
-}

firmware/libcommon/source/iso7816_fidi.c

@@ -23,38 +23,38 @@
 #include "iso7816_fidi.h"
 
 /* Table 7 of ISO 7816-3:2006 */
-const uint16_t fi_table[] = {
+const uint16_t iso7816_3_fi_table[] = {
 	372, 372, 558, 744, 1116, 1488, 1860, 0,
 	0, 512, 768, 1024, 1536, 2048, 0, 0
 };
 
 /* Table 8 from ISO 7816-3:2006 */
-const uint8_t di_table[] = {
+const uint8_t iso7816_3_di_table[] = {
 	0, 1, 2, 4, 8, 16, 32, 64,
 	12, 20, 2, 4, 8, 16, 32, 64,
 };
 
 /* compute the F/D ratio based on Fi and Di values */
-int compute_fidi_ratio(uint8_t fi, uint8_t di)
+int iso7816_3_compute_fd_ratio(uint8_t f_index, uint8_t d_index)
 {
 	uint16_t f, d;
 	int ret;
 
-	if (fi >= ARRAY_SIZE(fi_table) ||
+	if (f_index >= ARRAY_SIZE(iso7816_3_fi_table) ||
-	    di >= ARRAY_SIZE(di_table))
+	    d_index >= ARRAY_SIZE(iso7816_3_di_table))
 		return -EINVAL;
 
-	f = fi_table[fi];
+	f = iso7816_3_fi_table[f_index];
 	if (f == 0)
 		return -EINVAL;
 
-	d = di_table[di];
+	d = iso7816_3_di_table[d_index];
 	if (d == 0)
 		return -EINVAL;
 
 	/* See table 7 of ISO 7816-3: From 1000 on we divide by 1/d,
 	 * which equals a multiplication by d */
-	if (di < 8)
+	if (d_index < 8)
 		ret = f / d;
 	else
 		ret = f * d;

firmware/libcommon/source/mode_cardemu.c

@@ -1,7 +1,7 @@
 /* card emulation mode
  *
  * (C) 2015-2017 by Harald Welte <laforge@gnumonks.org>
- * (C) 2018 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019 by sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -34,8 +34,6 @@
 
 #define TRACE_ENTRY()	TRACE_DEBUG("%s entering\r\n", __func__)
 
-static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb_if);
-
 #ifdef PINS_CARDSIM
 static const Pin pins_cardsim[] = PINS_CARDSIM;
 #endif
@@ -57,11 +55,22 @@ struct cardem_inst {
 	struct llist_head usb_out_queue;
 	struct ringbuf rb;
 	struct Usart_info usart_info;
+	struct {
+		/*! receiver waiting time to trigger timeout (0 to deactivate it) */
+		uint32_t total;
+		/*! remaining waiting time (we may need multiple timer runs to reach total */
+		uint32_t remaining;
+		/*! did we already notify about half the time having expired? */
+		bool half_time_notified;
+	} wt;
 	int usb_pending_old;
-	struct usb_if usb_if;
+	uint8_t ep_out;
+	uint8_t ep_in;
+	uint8_t ep_int;
 	const Pin pin_insert;
 #ifdef DETECT_VCC_BY_ADC
 	uint32_t vcc_uv;
+	uint32_t vcc_uv_last;
 #endif
 	bool vcc_active;
 	bool vcc_active_last;
@@ -77,16 +86,9 @@ struct cardem_inst cardem_inst[] = {
 			.id = ID_USART1,
 			.state = USART_RCV
 		},
-		.usb_if = {
+		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT,
-			.if_num = 0,
+		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
-			.ep_out = SIMTRACE_CARDEM_USB_EP_USIM1_DATAOUT,
+		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM1_INT,
-			.ep_in = SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
-			.ep_int = SIMTRACE_CARDEM_USB_EP_USIM1_INT,
-			.data = &cardem_inst[0],
-			.ops = {
-				.rx_out = dispatch_received_usb_msg,
-			},
-		},
 #ifdef PIN_SET_USIM1_PRES
 		.pin_insert = PIN_SET_USIM1_PRES,
 #endif
@@ -99,16 +101,9 @@ struct cardem_inst cardem_inst[] = {
 			.id = ID_USART0,
 			.state = USART_RCV
 		},
-		.usb_if = {
+		.ep_out = SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT,
-			.if_num = 1,
+		.ep_in = SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
-			.ep_out = SIMTRACE_CARDEM_USB_EP_USIM2_DATAOUT,
+		.ep_int = SIMTRACE_CARDEM_USB_EP_USIM2_INT,
-			.ep_in = SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
-			.ep_int = SIMTRACE_CARDEM_USB_EP_USIM2_INT,
-			.data = &cardem_inst[1],
-			.ops = {
-				.rx_out = dispatch_received_usb_msg,
-			},
-		}
 #ifdef PIN_SET_USIM2_PRES
 		.pin_insert = PIN_SET_USIM2_PRES,
 #endif
@@ -154,12 +149,23 @@ void card_emu_uart_enable(uint8_t uart_chan, uint8_t rxtx)
 	Usart *usart = get_usart_by_chan(uart_chan);
 	switch (rxtx) {
 	case ENABLE_TX:
-		USART_DisableIt(usart, ~US_IER_TXRDY);
+		USART_DisableIt(usart, ~(US_IER_TXRDY | US_IER_TIMEOUT));
 		/* as irritating as it is, we actually want to keep the
 		 * receiver enabled during transmit */
 		USART_SetReceiverEnabled(usart, 1);
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
-		USART_EnableIt(usart, US_IER_TXRDY);
+		USART_EnableIt(usart, US_IER_TXRDY | US_IER_TIMEOUT);
+		USART_SetTransmitterEnabled(usart, 1);
+		break;
+	case ENABLE_TX_TIMER_ONLY:
+		/* enable the transmitter without generating TXRDY interrupts
+		 * just so that the timer can run */
+		USART_DisableIt(usart, ~US_IER_TIMEOUT);
+		/* as irritating as it is, we actually want to keep the
+		 * receiver enabled during transmit */
+		USART_SetReceiverEnabled(usart, 1);
+		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
+		USART_EnableIt(usart, US_IER_TIMEOUT);
 		USART_SetTransmitterEnabled(usart, 1);
 		break;
 	case ENABLE_RX:
@@ -207,41 +213,111 @@ int card_emu_uart_tx(uint8_t uart_chan, uint8_t byte)
 	return 1;
 }
 
+static uint16_t compute_next_timeout(struct cardem_inst *ci)
+{
+	uint32_t want_to_expire;
 
-/* FIXME: integrate this with actual irq handler */
+	if (ci->wt.total == 0)
+		return 0;
+
+	if (!ci->wt.half_time_notified) {
+		/* we need to make sure to expire after half the total waiting time */
+		OSMO_ASSERT(ci->wt.remaining > (ci->wt.total / 2));
+		want_to_expire = ci->wt.remaining - (ci->wt.total / 2);
+	} else
+		want_to_expire = ci->wt.remaining;
+	/* if value exceeds the USART TO range, use the maximum possible value for one round */
+	return OSMO_MIN(want_to_expire, 0xffff);
+}
+
+/*! common handler if interrupt was received.
+ *  \param[in] inst_num Instance number, range 0..1 (some boards only '0' permitted) */
 static void usart_irq_rx(uint8_t inst_num)
 {
+	OSMO_ASSERT(inst_num < ARRAY_SIZE(cardem_inst));
 	Usart *usart = get_usart_by_chan(inst_num);
 	struct cardem_inst *ci = &cardem_inst[inst_num];
 	uint32_t csr;
 	uint8_t byte = 0;
 
+	/* get one atomic snapshot of state/flags before they get changed */
 	csr = usart->US_CSR & usart->US_IMR;
 
+	/* check if one byte has been completely received and is now in the holding register */
 	if (csr & US_CSR_RXRDY) {
+		/* read the bye from the holding register */
 		byte = (usart->US_RHR) & 0xFF;
+		/* append it to the buffer */
 		if (rbuf_write(&ci->rb, byte) < 0)
 			TRACE_ERROR("rbuf overrun\r\n");
 	}
 
+	/* check if the transmitter is ready for the next byte */
 	if (csr & US_CSR_TXRDY) {
-		if (card_emu_tx_byte(ci->ch) == 0)
+		/* transmit next byte and check if more bytes are to be transmitted */
+		if (card_emu_tx_byte(ci->ch) == 0) {
+			/* stop the TX ready interrupt of no more bytes to transmit */
 			USART_DisableIt(usart, US_IER_TXRDY);
+		}
 	}
 
-	if (csr & (US_CSR_OVRE|US_CSR_FRAME|US_CSR_PARE|
+	/* check if any error flags are set */
-		   US_CSR_TIMEOUT|US_CSR_NACK|(1<<10))) {
+	if (csr & (US_CSR_OVRE|US_CSR_FRAME|US_CSR_PARE|US_CSR_NACK|(1<<10))) {
+		/* clear any error flags */
 		usart->US_CR = US_CR_RSTSTA | US_CR_RSTIT | US_CR_RSTNACK;
-		TRACE_ERROR("%u e 0x%x st: 0x%lx\n", ci->num, byte, csr);
+		TRACE_ERROR("%u USART error on 0x%x status: 0x%lx\n", ci->num, byte, csr);
+	}
+
+	/* check if the timeout has expired. We "abuse" the receive timer for tracking
+	 * how many etu have expired since we last sent a byte.  See section
+	 * 33.7.3.11 "Receiver Time-out" of the SAM3S8 Data Sheet */
+	if (csr & US_CSR_TIMEOUT) {
+		/* clear timeout flag (and stop timeout until next character is received) */
+		usart->US_CR |= US_CR_STTTO;
+
+		/* RX has been inactive for some time */
+		if (ci->wt.remaining <= (usart->US_RTOR & 0xffff)) {
+			/* waiting time is over; will stop the timer */
+			ci->wt.remaining = 0;
+		} else {
+			/* subtract the actual timeout since the new might not have been set and
+			 * reloaded yet */
+			ci->wt.remaining -= (usart->US_RTOR & 0xffff);
+		}
+		if (ci->wt.remaining == 0) {
+			/* let the FSM know that WT has expired */
+			card_emu_wtime_expired(ci->ch);
+			/* don't automatically re-start in this case */
+		} else {
+			bool half_time_just_reached = false;
+
+			if (ci->wt.remaining <= ci->wt.total / 2 && !ci->wt.half_time_notified) {
+				ci->wt.half_time_notified = true;
+				/* don't immediately call card_emu_wtime_half_expired(), as that
+				 * in turn may calls card_emu_uart_update_wt() which will change
+				 * the timeout but would be overridden 4 lines below */
+				half_time_just_reached = true;
+			}
+
+			/* update the counter no matter if we reached half time or not */
+			usart->US_RTOR = compute_next_timeout(ci);
+			/* restart the counter (if wt is 0, the timeout is not started) */
+			usart->US_CR |= US_CR_RETTO;
+
+			if (half_time_just_reached)
+				card_emu_wtime_half_expired(ci->ch);
+		}
 	}
 }
 
+/*! ISR called for USART0 */
 void mode_cardemu_usart0_irq(void)
 {
 	/* USART0 == Instance 1 == USIM 2 */
 	usart_irq_rx(1);
 }
 
+/*! ISR called for USART1 */
 void mode_cardemu_usart1_irq(void)
 {
 	/* USART1 == Instance 0 == USIM 1 */
@@ -260,6 +336,41 @@ int card_emu_uart_update_fidi(uint8_t uart_chan, unsigned int fidi)
 	return 0;
 }
 
+/*! Update WT on USART peripheral.  Will automatically re-start timer with new value.
+ *  \param[in] usart USART peripheral to configure
+ *  \param[in] wt inactivity Waiting Time before card_emu_wtime_expired is called (0 to disable) */
+void card_emu_uart_update_wt(uint8_t uart_chan, uint32_t wt)
+{
+	OSMO_ASSERT(uart_chan < ARRAY_SIZE(cardem_inst));
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	Usart *usart = get_usart_by_chan(uart_chan);
+
+	if (ci->wt.total != wt) {
+		TRACE_DEBUG("%u: USART WT changed from %lu to %lu ETU\r\n", uart_chan,
+			    ci->wt.total, wt);
+	}
+
+	ci->wt.total = wt;
+	/* reset and start the timer */
+	card_emu_uart_reset_wt(uart_chan);
+}
+
+/*! Reset and re-start waiting timeout count down on USART peripheral.
+ *  \param[in] usart USART peripheral to configure */
+void card_emu_uart_reset_wt(uint8_t uart_chan)
+{
+	OSMO_ASSERT(uart_chan < ARRAY_SIZE(cardem_inst));
+	struct cardem_inst *ci = &cardem_inst[uart_chan];
+	Usart *usart = get_usart_by_chan(uart_chan);
+
+	/* FIXME: guard against race with interrupt handler */
+	ci->wt.remaining = ci->wt.total;
+	ci->wt.half_time_notified = false;
+	usart->US_RTOR = compute_next_timeout(ci);
+	/* restart the counter (if wt is 0, the timeout is not started) */
+	usart->US_CR |= US_CR_RETTO;
+}
+
 /* call-back from card_emu.c to force a USART interrupt */
 void card_emu_uart_interrupt(uint8_t uart_chan)
 {
@@ -332,10 +443,14 @@ static int card_vcc_adc_init(void)
 
 static void process_vcc_adc(struct cardem_inst *ci)
 {
-	if (ci->vcc_uv >= VCC_UV_THRESH_3V)
+	if (ci->vcc_uv >= VCC_UV_THRESH_3V &&
+	    ci->vcc_uv_last < VCC_UV_THRESH_3V) {
 		ci->vcc_active = true;
-	else
+	} else if (ci->vcc_uv < VCC_UV_THRESH_3V &&
+		 ci->vcc_uv_last >= VCC_UV_THRESH_3V) {
 		ci->vcc_active = false;
+	}
+	ci->vcc_uv_last = ci->vcc_uv;
 }
 
 void ADC_IrqHandler(void)
@@ -433,20 +548,26 @@ void mode_cardemu_init(void)
 	INIT_LLIST_HEAD(&cardem_inst[0].usb_out_queue);
 	rbuf_reset(&cardem_inst[0].rb);
 	PIO_Configure(pins_usim1, PIO_LISTSIZE(pins_usim1));
+
+	/* configure USART as ISO-7816 slave (e.g. card) */
 	ISO7816_Init(&cardem_inst[0].usart_info, CLK_SLAVE);
 	NVIC_EnableIRQ(USART1_IRQn);
 	PIO_ConfigureIt(&pin_usim1_rst, usim1_rst_irqhandler);
 	PIO_EnableIt(&pin_usim1_rst);
-	usim1_rst_irqhandler(&pin_usim1_rst); /* obtain current RST state */
+
+	/* obtain current RST state */
+	usim1_rst_irqhandler(&pin_usim1_rst);
 #ifndef DETECT_VCC_BY_ADC
 	PIO_ConfigureIt(&pin_usim1_vcc, usim1_vcc_irqhandler);
 	PIO_EnableIt(&pin_usim1_vcc);
-	usim1_vcc_irqhandler(&pin_usim1_vcc); /* obtain current VCC state */
+
+	/* obtain current VCC state */
+	usim1_vcc_irqhandler(&pin_usim1_vcc);
 #else
 	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
 
-	cardem_inst[0].ch = card_emu_init(0, 2, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
+	cardem_inst[0].ch = card_emu_init(0, 0, SIMTRACE_CARDEM_USB_EP_USIM1_DATAIN,
 					  SIMTRACE_CARDEM_USB_EP_USIM1_INT, cardem_inst[0].vcc_active,
 					  cardem_inst[0].rst_active, cardem_inst[0].vcc_active);
 	sim_switch_use_physical(0, 1);
@@ -456,6 +577,7 @@ void mode_cardemu_init(void)
 	rbuf_reset(&cardem_inst[1].rb);
 	PIO_Configure(pins_usim2, PIO_LISTSIZE(pins_usim2));
 	ISO7816_Init(&cardem_inst[1].usart_info, CLK_SLAVE);
+	/* TODO enable timeout */
 	NVIC_EnableIRQ(USART0_IRQn);
 	PIO_ConfigureIt(&pin_usim2_rst, usim2_rst_irqhandler);
 	PIO_EnableIt(&pin_usim2_rst);
@@ -468,10 +590,11 @@ void mode_cardemu_init(void)
 	do {} while (!adc_triggered); /* wait for first ADC reading */
 #endif /* DETECT_VCC_BY_ADC */
 
-	cardem_inst[1].ch = card_emu_init(1, 0, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
+	cardem_inst[1].ch = card_emu_init(1, 1, SIMTRACE_CARDEM_USB_EP_USIM2_DATAIN,
 					  SIMTRACE_CARDEM_USB_EP_USIM2_INT, cardem_inst[1].vcc_active,
 					  cardem_inst[1].rst_active, cardem_inst[1].vcc_active);
 	sim_switch_use_physical(1, 1);
+	/* TODO check RST and VCC */
 #endif /* CARDEMU_SECOND_UART */
 }
 
@@ -635,9 +758,8 @@ static void dispatch_usb_command_modem(struct msgb *msg, struct cardem_inst *ci)
 }
 
 /* handle a single USB command as received from the USB host */
-static void dispatch_usb_command(struct msgb *msg, const struct usb_if *usb_if)
+static void dispatch_usb_command(struct msgb *msg, struct cardem_inst *ci)
 {
-	struct cardem_inst *ci = usb_if->data;
 	struct simtrace_msg_hdr *sh = (struct simtrace_msg_hdr *) msg->l1h;
 
 	if (msgb_length(msg) < sizeof(*sh)) {
@@ -666,8 +788,7 @@ static void dispatch_usb_command(struct msgb *msg, const struct usb_if *usb_if)
 	}
 }
 
-/* handle a single USB transfer as received from the USB host */
+static void dispatch_received_msg(struct msgb *msg, struct cardem_inst *ci)
-static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb_if)
 {
 	struct msgb *segm;
 	struct simtrace_msg_hdr *mh;
@@ -678,7 +799,7 @@ static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb
 	mh = (struct simtrace_msg_hdr *) msg->data;
 	if (mh->msg_len == msgb_length(msg)) {
 		/* fast path: only one message in buffer */
-		dispatch_usb_command(msg, usb_if);
+		dispatch_usb_command(msg, ci);
 		return;
 	}
 
@@ -687,23 +808,23 @@ static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb
 	while (1) {
 		mh = (struct simtrace_msg_hdr *) msg->data;
 
-		segm = usb_buf_alloc(usb_if->ep_out);
+		segm = usb_buf_alloc(ci->ep_out);
 		if (!segm) {
 			TRACE_ERROR("%u: ENOMEM during msg segmentation\r\n",
-				    usb_if->if_num);
+				    ci->num);
 			break;
 		}
 
 		if (mh->msg_len > msgb_length(msg)) {
 			TRACE_ERROR("%u: Unexpected large message (%u bytes)\r\n",
-					usb_if->if_num, mh->msg_len);
+					ci->num, mh->msg_len);
 			usb_buf_free(segm);
 			break;
 		} else {
 			uint8_t *cur = msgb_put(segm, mh->msg_len);
 			segm->l1h = segm->head;
 			memcpy(cur, mh, mh->msg_len);
-			dispatch_usb_command(segm, usb_if);
+			dispatch_usb_command(segm, ci);
 		}
 		/* pull this message */
 		msgb_pull(msg, mh->msg_len);
@@ -715,14 +836,35 @@ static void dispatch_received_usb_msg(struct msgb *msg, const struct usb_if *usb
 	usb_buf_free(msg);
 }
 
+/* iterate over the queue of incoming USB commands and dispatch/execute
+ * them */
+static void process_any_usb_commands(struct llist_head *main_q,
+				     struct cardem_inst *ci)
+{
+	struct llist_head *lh;
+	struct msgb *msg;
+	int i;
+
+	/* limit the number of iterations to 10, to ensure we don't get
+	 * stuck here without returning to main loop processing */
+	for (i = 0; i < 10; i++) {
+		/* de-queue the list head in an irq-safe way */
+		lh = llist_head_dequeue_irqsafe(main_q);
+		if (!lh)
+			break;
+		msg = llist_entry(lh, struct msgb, list);
+		dispatch_received_msg(msg, ci);
+	}
+}
+
 /* main loop function, called repeatedly */
 void mode_cardemu_run(void)
 {
+	struct llist_head *queue;
 	unsigned int i;
 
 	for (i = 0; i < ARRAY_SIZE(cardem_inst); i++) {
 		struct cardem_inst *ci = &cardem_inst[i];
-		struct usb_if *usb_if = &ci->usb_if;
 
 		/* drain the ring buffer from UART into card_emu */
 		while (1) {
@@ -739,6 +881,16 @@ void mode_cardemu_run(void)
 
 		process_io_statechg(ci);
 
-		usb_process(&ci->usb_if);
+		/* first try to send any pending messages on IRQ */
+		usb_refill_to_host(ci->ep_int);
+
+		/* then try to send any pending messages on IN */
+		usb_refill_to_host(ci->ep_in);
+
+		/* ensure we can handle incoming USB messages from the
+		 * host */
+		usb_refill_from_host(ci->ep_out);
+		queue = usb_get_queue(ci->ep_out);
+		process_any_usb_commands(queue, ci);
 	}
 }

firmware/libcommon/source/simtrace_iso7816.c

@@ -125,7 +125,7 @@ void update_fidi(Usart_info *usart, uint8_t fidi)
 
 	uint8_t fi = fidi >> 4;
 	uint8_t di = fidi & 0xf;
-	int ratio = compute_fidi_ratio(fi, di);
+	int ratio = iso7816_3_compute_fd_ratio(fi, di);
 
 	if (ratio > 0 && ratio < 0x8000) {
 		/* make sure USART uses new F/D ratio */

firmware/libcommon/source/sniffer.c

@@ -658,9 +658,10 @@ static void process_byte_pps(uint8_t byte)
 					fn = 1;
 					dn = 1;
 				}
-				TRACE_INFO("PPS negotiation successful: Fn=%u Dn=%u\n\r", fi_table[fn], di_table[dn]);
+				TRACE_INFO("PPS negotiation successful: Fn=%u Dn=%u\n\r",
+					   iso7816_3_fi_table[fn], iso7816_3_di_table[dn]);
 				update_fidi(&sniff_usart, pps_cur[2]);
-				update_wt(0, di_table[dn]);
+				update_wt(0, iso7816_3_di_table[dn]);
 				usb_send_fidi(pps_cur[2]); /* send Fi/Di change notification to host software over USB */
 			} else { /* checksum is invalid */
 				TRACE_INFO("PPS negotiation failed\n\r");
@@ -974,42 +975,20 @@ static void usb_send_change(uint32_t flags)
 	usb_msg_upd_len_and_submit(usb_msg);
 }
 
-/* handle incoming message from USB OUT EP */
-static void dispatch_usb_out(struct msgb *msg, const struct usb_if *usb_if)
-{
-	struct simtrace_msg_hdr *sh = (Struct simtrace_msg_hdr *) msg->l1h;
-
-	if (msg_length(msg) < sizeof(*sh)) {
-		usb_buf_free(msg);
-		return;
-	}
-	msg->l2h = msg->l1h + sizeof(*sh);
-
-	switch (sh->msg_class) {
-	case SIMTRACE_MSGC_GENERIC:
-		break;
-	default:
-		break;
-	}
-
-	usb_buf_free(msg);
-}
-
-static const struct usb_if sniffer_usb_if = {
-	.if_num = 0,
-	.ep_in = SIMTRACE_USB_EP_CARD_DATAIN,
-	.ep_int = SIMTRACE_USB_EP_CARD_INT,
-	.ep_out = SIMTRACE_USB_EP_CARD_DATAOUT,
-	.ops = {
-		.rx_out = dispatch_usb_out,
-	}
-};
-
 /* Main (idle/busy) loop of this USB configuration */
 void Sniffer_run(void)
 {
 	/* Handle USB queue */
-	usb_process(&sniffer_usb_if);
+	/* first try to send any pending messages on INT */
+	usb_refill_to_host(SIMTRACE_USB_EP_CARD_INT);
+	/* then try to send any pending messages on IN */
+	usb_refill_to_host(SIMTRACE_USB_EP_CARD_DATAIN);
+	/* ensure we can handle incoming USB messages from the host */
+	/* currently we don't need any incoming data
+	usb_refill_from_host(SIMTRACE_USB_EP_CARD_DATAOUT);
+	struct llist_head *queue = usb_get_queue(SIMTRACE_USB_EP_CARD_DATAOUT);
+	process_any_usb_commands(queue);
+	*/
 
 	/* WARNING: the signal data and flags are not synchronized. We have to hope 
 	 * the processing is fast enough to not land in the wrong state while data

firmware/libcommon/source/stack_check.c

@@ -0,0 +1,14 @@
+#include <stdint.h>
+#include <osmocom/core/panic.h>
+
+/* This is what's minimally required to fix builds on Ubuntu 20.04,
+ * where stack smashing protection is enabled by default when using dpkg
+ * - even when cross-compiling: https://osmocom.org/issues/4687
+ */
+
+uintptr_t __stack_chk_guard = 0xdeadbeef;
+
+void __stack_chk_fail(void)
+{
+	osmo_panic("Stack smashing detected!\r\n");
+}

firmware/libosmocore/source/panic.c

@@ -46,7 +46,7 @@ static osmo_panic_handler_t osmo_panic_handler = (void*)0;
 __attribute__ ((format (printf, 1, 0)))
 static void osmo_panic_default(const char *fmt, va_list args)
 {
-	vfprintf(stderr, fmt, args);
+	vfprintf_sync(stderr, fmt, args);
 	osmo_generate_backtrace();
 	assert(0);
 }

host/.gitignore

@@ -34,5 +34,4 @@ libtool
 
 simtrace2-list
 simtrace2-sniff
-simtrace2-remsim
+simtrace2-cardem-pcsc
-simtrace2-remsim-usb2udp

host/Makefile.am

@@ -3,7 +3,7 @@ AUTOMAKE_OPTIONS = foreign dist-bzip2 1.6
 AM_CPPFLAGS = $(all_includes) -I$(top_srcdir)/include
 SUBDIRS = include lib src contrib #tests examples doc
 
-EXTRA_DIST = .version git-version-gen
+EXTRA_DIST = .version
 
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libosmo-simtrace2.pc

host/Makefile.old

@@ -1,28 +0,0 @@
-LDFLAGS+=`pkg-config --libs libusb-1.0 libosmocore` -pthread
-CFLAGS=-Wall -g
-
-APPS=simtrace2-remsim simtrace2-remsim-usb2udp simtrace2-list simtrace2-sniff
-
-all: $(APPS)
-
-simtrace2-remsim: simtrace2-remsim.o apdu_dispatch.o simtrace2-discovery.o simtrace2_api.o libusb_util.o
-	$(CC) -o $@ $^ $(LDFLAGS) `pkg-config --libs libosmosim libpcsclite`
-
-simtrace2-remsim-usb2udp: usb2udp.o simtrace2-discovery.o
-	$(CC) -o $@ $^ $(LDFLAGS)
-
-simtrace2-list: simtrace2_usb.o libusb_util.o
-	$(CC) -o $@ $^ $(LDFLAGS)
-
-simtrace2-sniff: simtrace2-sniff.o simtrace2-discovery.o libusb_util.o
-	$(CC) -o $@ $^ $(LDFLAGS)
-
-%.o: %.c
-	$(CC) $(CFLAGS) `pkg-config --cflags libusb-1.0 libosmocore` -o $@ -c $^
-
-clean:
-	@rm -f *.o $(APPS)
-
-install: $(APPS)
-	mkdir -p $(DESTDIR)/usr/bin
-	cp $(APPS) $(DESTDIR)/usr/bin/

host/configure.ac

@@ -1,5 +1,5 @@
 AC_INIT([simtrace2],
-	m4_esyscmd([./git-version-gen .tarball-version]),
+	m4_esyscmd([../git-version-gen ../.tarball-version]),
 	[simtrace@lists.osmocom.org])
 
 dnl *This* is the root dir, even if an install-sh exists in ../ or ../../
@@ -100,4 +100,5 @@ AC_OUTPUT(
 	src/Makefile
 	lib/Makefile
 	contrib/Makefile
+	contrib/simtrace2.spec
 	Makefile)

host/contrib/simtrace2.spec.in

@@ -0,0 +1,99 @@
+#
+# spec file for package simtrace2
+#
+# Copyright (c) 2018, Martin Hauke <mardnh@gmx.de>
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+Name:           simtrace2
+Version:        @VERSION@
+Release:        0
+Summary:        Osmocom SIMtrace host utility
+License:        GPL-2.0-or-later
+Group:          Productivity/Telephony/Utilities
+URL:            https://osmocom.org/projects/simtrace2/wiki
+Source:         %{name}-%{version}.tar.xz
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(libosmocore)
+BuildRequires:  pkgconfig(libosmosim)
+BuildRequires:  pkgconfig(libpcsclite)
+BuildRequires:  pkgconfig(libusb-1.0)
+BuildRequires:  pkgconfig(libosmousb) >= 0.0.0
+BuildRequires:  pkgconfig(udev)
+
+%description
+Osmocom SIMtrace 2 is a software and hardware system for passively
+tracing SIM-ME communication between the SIM card and the mobile phone,
+and remote SIM operation.
+
+This package contains SIMtrace 2 host utility.
+
+%package -n libosmo-simtrace2-0
+Summary:        Shared Library part of libosmo-simtrace2
+Group:          System/Libraries
+
+%description -n libosmo-simtrace2-0
+This library contains core "driver" functionality to interface with the
+Osmocom SIMtrace2 (and compatible) USB device firmware.  It enables
+applications to implement SIM card / smart card tracing as well as
+SIM / smart card emulation functions.
+
+%package -n libosmo-simtrace2-devel
+Summary:        Development files for the Osmocom SIMtrace2 library
+Group:          Development/Libraries/C and C++
+Requires:       libosmo-simtrace2-0 = %{version}
+
+%description -n libosmo-simtrace2-devel
+Osmocom SIMtrace2 (and compatible) USB device firmware.  It enables
+applications to implement SIM card / smart card tracing as well as
+SIM / smart card emulation functions.
+
+This subpackage contains libraries and header files for developing
+applications that want to make use of libosmo-simtrace2.
+
+%prep
+%setup -q
+
+%build
+cd host
+echo "%{version}" >.tarball-version
+autoreconf -fiv
+%configure --disable-static
+make %{?_smp_mflags}
+
+%install
+%make_install -C host
+install -Dm0644 host/contrib/99-simtrace2.rules %{buildroot}/%{_udevrulesdir}/99-simtrace2.rules
+find %{buildroot} -type f -name "*.la" -delete -print
+
+%post   -n libosmo-simtrace2-0 -p /sbin/ldconfig
+%postun -n libosmo-simtrace2-0 -p /sbin/ldconfig
+
+%files
+%doc README.md
+%{_bindir}/simtrace2-cardem-pcsc
+%{_bindir}/simtrace2-list
+%{_bindir}/simtrace2-sniff
+%{_udevrulesdir}/99-simtrace2.rules
+
+%files -n libosmo-simtrace2-0
+%{_libdir}/libosmo-simtrace2.so.0*
+
+%files -n libosmo-simtrace2-devel
+%dir %{_includedir}/osmocom/
+%dir %{_includedir}/osmocom/simtrace2/
+%{_includedir}/osmocom/simtrace2/*.h
+%{_libdir}/libosmo-simtrace2.so
+%{_libdir}/pkgconfig/libosmo-simtrace2.pc
+
+%changelog

host/git-version-gen

@@ -1,151 +0,0 @@
-#!/bin/sh
-# Print a version string.
-scriptversion=2010-01-28.01
-
-# Copyright (C) 2007-2010 Free Software Foundation, Inc.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-# This script is derived from GIT-VERSION-GEN from GIT: http://git.or.cz/.
-# It may be run two ways:
-# - from a git repository in which the "git describe" command below
-#   produces useful output (thus requiring at least one signed tag)
-# - from a non-git-repo directory containing a .tarball-version file, which
-#   presumes this script is invoked like "./git-version-gen .tarball-version".
-
-# In order to use intra-version strings in your project, you will need two
-# separate generated version string files:
-#
-# .tarball-version - present only in a distribution tarball, and not in
-#   a checked-out repository.  Created with contents that were learned at
-#   the last time autoconf was run, and used by git-version-gen.  Must not
-#   be present in either $(srcdir) or $(builddir) for git-version-gen to
-#   give accurate answers during normal development with a checked out tree,
-#   but must be present in a tarball when there is no version control system.
-#   Therefore, it cannot be used in any dependencies.  GNUmakefile has
-#   hooks to force a reconfigure at distribution time to get the value
-#   correct, without penalizing normal development with extra reconfigures.
-#
-# .version - present in a checked-out repository and in a distribution
-#   tarball.  Usable in dependencies, particularly for files that don't
-#   want to depend on config.h but do want to track version changes.
-#   Delete this file prior to any autoconf run where you want to rebuild
-#   files to pick up a version string change; and leave it stale to
-#   minimize rebuild time after unrelated changes to configure sources.
-#
-# It is probably wise to add these two files to .gitignore, so that you
-# don't accidentally commit either generated file.
-#
-# Use the following line in your configure.ac, so that $(VERSION) will
-# automatically be up-to-date each time configure is run (and note that
-# since configure.ac no longer includes a version string, Makefile rules
-# should not depend on configure.ac for version updates).
-#
-# AC_INIT([GNU project],
-#         m4_esyscmd([build-aux/git-version-gen .tarball-version]),
-#         [bug-project@example])
-#
-# Then use the following lines in your Makefile.am, so that .version
-# will be present for dependencies, and so that .tarball-version will
-# exist in distribution tarballs.
-#
-# BUILT_SOURCES = $(top_srcdir)/.version
-# $(top_srcdir)/.version:
-#	echo $(VERSION) > $@-t && mv $@-t $@
-# dist-hook:
-#	echo $(VERSION) > $(distdir)/.tarball-version
-
-case $# in
-    1) ;;
-    *) echo 1>&2 "Usage: $0 \$srcdir/.tarball-version"; exit 1;;
-esac
-
-tarball_version_file=$1
-nl='
-'
-
-# First see if there is a tarball-only version file.
-# then try "git describe", then default.
-if test -f $tarball_version_file
-then
-    v=`cat $tarball_version_file` || exit 1
-    case $v in
-	*$nl*) v= ;; # reject multi-line output
-	[0-9]*) ;;
-	*) v= ;;
-    esac
-    test -z "$v" \
-	&& echo "$0: WARNING: $tarball_version_file seems to be damaged" 1>&2
-fi
-
-if test -n "$v"
-then
-    : # use $v
-elif
-       v=`git describe --abbrev=4 --match='v*' HEAD 2>/dev/null \
-	  || git describe --abbrev=4 HEAD 2>/dev/null` \
-    && case $v in
-	 [0-9]*) ;;
-	 v[0-9]*) ;;
-	 *) (exit 1) ;;
-       esac
-then
-    # Is this a new git that lists number of commits since the last
-    # tag or the previous older version that did not?
-    #   Newer: v6.10-77-g0f8faeb
-    #   Older: v6.10-g0f8faeb
-    case $v in
-	*-*-*) : git describe is okay three part flavor ;;
-	*-*)
-	    : git describe is older two part flavor
-	    # Recreate the number of commits and rewrite such that the
-	    # result is the same as if we were using the newer version
-	    # of git describe.
-	    vtag=`echo "$v" | sed 's/-.*//'`
-	    numcommits=`git rev-list "$vtag"..HEAD | wc -l`
-	    v=`echo "$v" | sed "s/\(.*\)-\(.*\)/\1-$numcommits-\2/"`;
-	    ;;
-    esac
-
-    # Change the first '-' to a '.', so version-comparing tools work properly.
-    # Remove the "g" in git describe's output string, to save a byte.
-    v=`echo "$v" | sed 's/-/./;s/\(.*\)-g/\1-/'`;
-else
-    v=UNKNOWN
-fi
-
-v=`echo "$v" |sed 's/^v//'`
-
-# Don't declare a version "dirty" merely because a time stamp has changed.
-git status > /dev/null 2>&1
-
-dirty=`sh -c 'git diff-index --name-only HEAD' 2>/dev/null` || dirty=
-case "$dirty" in
-    '') ;;
-    *) # Append the suffix only if there isn't one already.
-	case $v in
-	  *-dirty) ;;
-	  *) v="$v-dirty" ;;
-	esac ;;
-esac
-
-# Omit the trailing newline, so that m4_esyscmd can use the result directly.
-echo "$v" | tr -d '\012'
-
-# Local variables:
-# eval: (add-hook 'write-file-hooks 'time-stamp)
-# time-stamp-start: "scriptversion="
-# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-end: "$"
-# End:

host/src/Makefile.am

@@ -5,11 +5,9 @@ AM_LDFLAGS=$(COVERAGE_LDFLAGS)
 LDADD= $(top_builddir)/lib/libosmo-simtrace2.la \
        $(LIBOSMOCORE_LIBS) $(LIBOSMOSIM_LIBS) $(LIBOSMOUSB_LIBS) $(LIBUSB_LIBS)
 
-bin_PROGRAMS = simtrace2-remsim simtrace2-remsim-usb2udp simtrace2-list simtrace2-sniff
+bin_PROGRAMS = simtrace2-cardem-pcsc simtrace2-list simtrace2-sniff
 
-simtrace2_remsim_SOURCES = simtrace2-remsim.c
+simtrace2_cardem_pcsc_SOURCES = simtrace2-cardem-pcsc.c
-
-simtrace2_remsim_usb2udp_SOURCES = usb2udp.c
 
 simtrace2_list_SOURCES = simtrace2_usb.c
 

host/src/simtrace2-cardem-pcsc.c

@@ -1,7 +1,7 @@
-/* simtrace2-remsim - main program for the host PC to provide a remote SIM
+/* simtrace2-cardem-pcsc - main program for the host PC to provide a remote SIM
  * using the SIMtrace 2 firmware in card emulation mode
  *
- * (C) 2016-2017 by Harald Welte <hwelte@hmw-consulting.de>
+ * (C) 2016-2020 by Harald Welte <hwelte@hmw-consulting.de>
  * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
  *
  * This program is free software; you can redistribute it and/or
@@ -47,9 +47,33 @@
 #include <osmocom/core/utils.h>
 #include <osmocom/core/socket.h>
 #include <osmocom/core/msgb.h>
+#include <osmocom/core/select.h>
 #include <osmocom/sim/class_tables.h>
 #include <osmocom/sim/sim.h>
 
+#define ATR_MAX_LEN 33
+
+#define LOGCI(ci, lvl, fmt, args ...) printf(fmt, ## args)
+
+/* reasonable ATR offering all protocols and voltages
+ * smartphones might not care, but other readers do
+ *
+ * TS =		0x3B	Direct Convention
+ * T0 =		0x80	Y(1): b1000, K: 0 (historical bytes)
+ * TD(1) =	0x80	Y(i+1) = b1000, Protocol T=0
+ * ----
+ * TD(2) =	0x81	Y(i+1) = b1000, Protocol T=1
+ * ----
+ * TD(3) =	0x1F	Y(i+1) = b0001, Protocol T=15
+ * ----
+ * TA(4) =	0xC7	Clock stop: no preference - Class accepted by the card: (3G) A 5V B 3V C 1.8V
+ * ----
+ * Historical bytes
+ * TCK =	0x59 	correct checksum
+ */
+#define DEFAULT_ATR_STR "3B8080811FC759"
+
+
 static void atr_update_csum(uint8_t *atr, unsigned int atr_len)
 {
 	uint8_t csum = 0;
@@ -158,6 +182,9 @@ static int process_usb_msg(struct osmo_st2_cardem_inst *ci, uint8_t *buf, int le
 	case SIMTRACE_MSGT_DO_CEMU_RX_DATA:
 		rc = process_do_rx_da(ci, buf, len);
 		break;
+	case SIMTRACE_MSGT_BD_CEMU_CONFIG:
+		/* firmware confirms configuration change; ignore */
+		break;
 	default:
 		printf("unknown simtrace msg type 0x%02x\n", sh->msg_type);
 		rc = -1;
@@ -167,20 +194,157 @@ static int process_usb_msg(struct osmo_st2_cardem_inst *ci, uint8_t *buf, int le
 	return rc;
 }
 
+/*! \brief Process a STATUS message on IRQ endpoint from the SIMtrace2 */
+static int process_irq_status(struct osmo_st2_cardem_inst *ci, const uint8_t *buf, int len)
+{
+	const struct cardemu_usb_msg_status *status = (struct cardemu_usb_msg_status *) buf;
+
+	LOGCI(ci, LOGL_INFO, "SIMtrace IRQ STATUS: flags=0x%x, fi=%u, di=%u, wi=%u wtime=%u\n",
+		status->flags, status->fi, status->di, status->wi,
+		status->waiting_time);
+
+	return 0;
+}
+
+static int process_usb_msg_irq(struct osmo_st2_cardem_inst *ci, const uint8_t *buf, unsigned int len)
+{
+	struct simtrace_msg_hdr *sh = (struct simtrace_msg_hdr *)buf;
+	int rc;
+
+	LOGCI(ci, LOGL_INFO, "SIMtrace IRQ %s\n", osmo_hexdump(buf, len));
+
+	buf += sizeof(*sh);
+
+	switch (sh->msg_type) {
+	case SIMTRACE_MSGT_BD_CEMU_STATUS:
+		rc = process_irq_status(ci, buf, len);
+		break;
+	default:
+		LOGCI(ci, LOGL_ERROR, "unknown simtrace msg type 0x%02x\n", sh->msg_type);
+		rc = -1;
+		break;
+	}
+
+	return rc;
+}
+
+static void usb_in_xfer_cb(struct libusb_transfer *xfer)
+{
+	struct osmo_st2_cardem_inst *ci = xfer->user_data;
+	int rc;
+
+	switch (xfer->status) {
+	case LIBUSB_TRANSFER_COMPLETED:
+		/* hand the message up the stack */
+		process_usb_msg(ci, xfer->buffer, xfer->actual_length);
+		break;
+	case LIBUSB_TRANSFER_NO_DEVICE:
+		LOGCI(ci, LOGL_FATAL, "USB device disappeared\n");
+		exit(1);
+		break;
+	default:
+		LOGCI(ci, LOGL_FATAL, "USB IN transfer failed, status=%u\n", xfer->status);
+		exit(1);
+		break;
+	}
+
+	/* re-submit the IN transfer */
+	rc = libusb_submit_transfer(xfer);
+	OSMO_ASSERT(rc == 0);
+}
+
+
+static void allocate_and_submit_in(struct osmo_st2_cardem_inst *ci)
+{
+	struct osmo_st2_transport *transp = ci->slot->transp;
+	struct libusb_transfer *xfer;
+	int rc;
+
+	xfer = libusb_alloc_transfer(0);
+	OSMO_ASSERT(xfer);
+	xfer->dev_handle = transp->usb_devh;
+	xfer->flags = 0;
+	xfer->type = LIBUSB_TRANSFER_TYPE_BULK;
+	xfer->endpoint = transp->usb_ep.in;
+	xfer->timeout = 0;
+	xfer->user_data = ci;
+	xfer->length = 16*256;
+
+	xfer->buffer = libusb_dev_mem_alloc(xfer->dev_handle, xfer->length);
+	OSMO_ASSERT(xfer->buffer);
+	xfer->callback = usb_in_xfer_cb;
+
+	/* submit the IN transfer */
+	rc = libusb_submit_transfer(xfer);
+	OSMO_ASSERT(rc == 0);
+}
+
+
+static void usb_irq_xfer_cb(struct libusb_transfer *xfer)
+{
+	struct osmo_st2_cardem_inst *ci = xfer->user_data;
+	int rc;
+
+	switch (xfer->status) {
+	case LIBUSB_TRANSFER_COMPLETED:
+		process_usb_msg_irq(ci, xfer->buffer, xfer->actual_length);
+		break;
+	case LIBUSB_TRANSFER_NO_DEVICE:
+		LOGCI(ci, LOGL_FATAL, "USB device disappeared\n");
+		exit(1);
+		break;
+	default:
+		LOGCI(ci, LOGL_FATAL, "USB IN transfer failed, status=%u\n", xfer->status);
+		exit(1);
+		break;
+	}
+
+	/* re-submit the IN transfer */
+	rc = libusb_submit_transfer(xfer);
+	OSMO_ASSERT(rc == 0);
+}
+
+
+static void allocate_and_submit_irq(struct osmo_st2_cardem_inst *ci)
+{
+	struct osmo_st2_transport *transp = ci->slot->transp;
+	struct libusb_transfer *xfer;
+	int rc;
+
+	xfer = libusb_alloc_transfer(0);
+	OSMO_ASSERT(xfer);
+	xfer->dev_handle = transp->usb_devh;
+	xfer->flags = 0;
+	xfer->type = LIBUSB_TRANSFER_TYPE_INTERRUPT;
+	xfer->endpoint = transp->usb_ep.irq_in;
+	xfer->timeout = 0;
+	xfer->user_data = ci;
+	xfer->length = 64;
+
+	xfer->buffer = libusb_dev_mem_alloc(xfer->dev_handle, xfer->length);
+	OSMO_ASSERT(xfer->buffer);
+	xfer->callback = usb_irq_xfer_cb;
+
+	/* submit the IN transfer */
+	rc = libusb_submit_transfer(xfer);
+	OSMO_ASSERT(rc == 0);
+}
+
+
+
 static void print_welcome(void)
 {
-	printf("simtrace2-remsim - Remote SIM card forwarding\n"
+	printf("simtrace2-cardem-pcsc - Using PC/SC reader as SIM\n"
-	       "(C) 2010-2017, Harald Welte <laforge@gnumonks.org>\n"
+	       "(C) 2010-2020, Harald Welte <laforge@gnumonks.org>\n"
 	       "(C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>\n\n");
 }
 
 static void print_help(void)
 {
-	printf( "\t-r\t--remote-udp-host HOST\n"
+	printf( "\t-h\t--help\n"
-		"\t-p\t--remote-udp-port PORT\n"
-		"\t-h\t--help\n"
 		"\t-i\t--gsmtap-ip\tA.B.C.D\n"
 		"\t-a\t--skip-atr\n"
+		"\t-t\t--set-atr\tATR-STRING in HEX\n"
 		"\t-k\t--keep-running\n"
 		"\t-n\t--pcsc-reader-num\n"
 		"\t-V\t--usb-vendor\tVENDOR_ID\n"
@@ -195,10 +359,9 @@ static void print_help(void)
 }
 
 static const struct option opts[] = {
-	{ "remote-udp-host", 1, 0, 'r' },
-	{ "remote-udp-port", 1, 0, 'p' },
 	{ "gsmtap-ip", 1, 0, 'i' },
 	{ "skip-atr", 0, 0, 'a' },
+	{ "set-atr", 1, 0, 't' },
 	{ "help", 0, 0, 'h' },
 	{ "keep-running", 0, 0, 'k' },
 	{ "pcsc-reader-num", 1, 0, 'n' },
@@ -214,40 +377,9 @@ static const struct option opts[] = {
 
 static void run_mainloop(struct osmo_st2_cardem_inst *ci)
 {
-	struct osmo_st2_transport *transp = ci->slot->transp;
-	unsigned int msg_count, byte_count = 0;
-	uint8_t buf[16*265];
-	int xfer_len;
-	int rc;
-
 	printf("Entering main loop\n");
-
 	while (1) {
-		/* read data from SIMtrace2 device (local or via USB) */
+		osmo_select_main(0);
-		if (transp->udp_fd < 0) {
-			rc = libusb_bulk_transfer(transp->usb_devh, transp->usb_ep.in,
-						  buf, sizeof(buf), &xfer_len, 100);
-			if (rc < 0 && rc != LIBUSB_ERROR_TIMEOUT &&
-				      rc != LIBUSB_ERROR_INTERRUPTED &&
-				      rc != LIBUSB_ERROR_IO) {
-				fprintf(stderr, "BULK IN transfer error; rc=%d\n", rc);
-				return;
-			}
-		} else {
-			rc = read(transp->udp_fd, buf, sizeof(buf));
-			if (rc <= 0) {
-				fprintf(stderr, "shor read from UDP\n");
-				return;
-			}
-			xfer_len = rc;
-		}
-		/* dispatch any incoming data */
-		if (xfer_len > 0) {
-			printf("URB: %s\n", osmo_hexdump(buf, xfer_len));
-			process_usb_msg(ci, buf, xfer_len);
-			msg_count++;
-			byte_count += xfer_len;
-		}
 	}
 }
 
@@ -283,31 +415,32 @@ int main(int argc, char **argv)
 	int rc;
 	int c, ret = 1;
 	int skip_atr = 0;
+	char *atr = DEFAULT_ATR_STR;
+	uint8_t real_atr[ATR_MAX_LEN];
+	int atr_len;
 	int keep_running = 0;
-	int remote_udp_port = 52342;
 	int if_num = 0, vendor_id = -1, product_id = -1;
 	int config_id = -1, altsetting = 0, addr = -1;
 	int reader_num = 0;
-	char *remote_udp_host = NULL;
 	char *path = NULL;
 	struct osim_reader_hdl *reader;
 	struct osim_card_hdl *card;
 
 	print_welcome();
 
+	rc = osmo_libusb_init(NULL);
+	if (rc < 0) {
+		fprintf(stderr, "libusb initialization failed\n");
+		return rc;
+	}
+
 	while (1) {
 		int option_index = 0;
 
-		c = getopt_long(argc, argv, "r:p:hi:V:P:C:I:S:A:H:akn:", opts, &option_index);
+		c = getopt_long(argc, argv, "hi:V:P:C:I:S:A:H:akn:t:", opts, &option_index);
 		if (c == -1)
 			break;
 		switch (c) {
-		case 'r':
-			remote_udp_host = optarg;
-			break;
-		case 'p':
-			remote_udp_port = atoi(optarg);
-			break;
 		case 'h':
 			print_help();
 			exit(0);
@@ -318,6 +451,9 @@ int main(int argc, char **argv)
 		case 'a':
 			skip_atr = 1;
 			break;
+		case 't':
+		        atr = optarg;
+			break;
 		case 'k':
 			keep_running = 1;
 			break;
@@ -348,29 +484,24 @@ int main(int argc, char **argv)
 		}
 	}
 
-	if (!remote_udp_host && (vendor_id < 0 || product_id < 0)) {
+	atr_len = osmo_hexparse(atr,real_atr,ATR_MAX_LEN);
+	if (atr_len < 2) {
+		fprintf(stderr, "Invalid ATR - please omit a leading 0x and only use valid hex "
+			"digits and whitespace. ATRs need to be between 2 and 33 bytes long.\n");
+		goto do_exit;
+	}
+
+	if (vendor_id < 0 || product_id < 0) {
 		fprintf(stderr, "You have to specify the vendor and product ID\n");
 		goto do_exit;
 	}
 
-	transp->udp_fd = -1;
-
 	ci->card_prof = &osim_uicc_sim_cic_profile;
 
-	if (!remote_udp_host) {
+	rc = libusb_init(NULL);
-		rc = libusb_init(NULL);
+	if (rc < 0) {
-		if (rc < 0) {
+		fprintf(stderr, "libusb initialization failed\n");
-			fprintf(stderr, "libusb initialization failed\n");
+		goto do_exit;
-			goto do_exit;
-		}
-	} else {
-		transp->udp_fd = osmo_sock_init(AF_INET, SOCK_DGRAM, IPPROTO_UDP,
-						remote_udp_host, remote_udp_port+if_num,
-						OSMO_SOCK_F_CONNECT);
-		if (transp->udp_fd < 0) {
-			fprintf(stderr, "error binding UDP port\n");
-			goto do_exit;
-		}
 	}
 
 	rc = osmo_st2_gsmtap_init(gsmtap_host);
@@ -400,36 +531,43 @@ int main(int argc, char **argv)
 	signal(SIGINT, &signal_handler);
 
 	do {
-		if (transp->udp_fd < 0) {
+		struct usb_interface_match _ifm, *ifm = &_ifm;
-			struct usb_interface_match _ifm, *ifm = &_ifm;
+		ifm->vendor = vendor_id;
-			ifm->vendor = vendor_id;
+		ifm->product = product_id;
-			ifm->product = product_id;
+		ifm->configuration = config_id;
-			ifm->configuration = config_id;
+		ifm->interface = if_num;
-			ifm->interface = if_num;
+		ifm->altsetting = altsetting;
-			ifm->altsetting = altsetting;
+		ifm->addr = addr;
-			ifm->addr = addr;
+		if (path)
-			if (path)
+			osmo_strlcpy(ifm->path, path, sizeof(ifm->path));
-				osmo_strlcpy(ifm->path, path, sizeof(ifm->path));
+		transp->udp_fd = -1;
-			transp->usb_devh = osmo_libusb_open_claim_interface(NULL, NULL, ifm);
+		transp->usb_async = true;
-			if (!transp->usb_devh) {
+		transp->usb_devh = osmo_libusb_open_claim_interface(NULL, NULL, ifm);
-				fprintf(stderr, "can't open USB device\n");
+		if (!transp->usb_devh) {
-				goto close_exit;
+			fprintf(stderr, "can't open USB device\n");
-			}
+			goto close_exit;
-
-			rc = libusb_claim_interface(transp->usb_devh, if_num);
-			if (rc < 0) {
-				fprintf(stderr, "can't claim interface %d; rc=%d\n", if_num, rc);
-				goto close_exit;
-			}
-
-			rc = osmo_libusb_get_ep_addrs(transp->usb_devh, if_num, &transp->usb_ep.out,
-					      &transp->usb_ep.in, &transp->usb_ep.irq_in);
-			if (rc < 0) {
-				fprintf(stderr, "can't obtain EP addrs; rc=%d\n", rc);
-				goto close_exit;
-			}
 		}
 
+		rc = libusb_claim_interface(transp->usb_devh, if_num);
+		if (rc < 0) {
+			fprintf(stderr, "can't claim interface %d; rc=%d\n", if_num, rc);
+			goto close_exit;
+		}
+
+		rc = osmo_libusb_get_ep_addrs(transp->usb_devh, if_num, &transp->usb_ep.out,
+				      &transp->usb_ep.in, &transp->usb_ep.irq_in);
+		if (rc < 0) {
+			fprintf(stderr, "can't obtain EP addrs; rc=%d\n", rc);
+			goto close_exit;
+		}
+
+		allocate_and_submit_irq(ci);
+		for (int i = 0; i < 4; i++)
+			allocate_and_submit_in(ci);
+
+		/* request firmware to generate STATUS on IRQ endpoint */
+		osmo_st2_cardem_request_config(ci, CEMU_FEAT_F_STATUS_IRQ);
+
 		/* simulate card-insert to modem (owhw, not qmod) */
 		osmo_st2_cardem_request_card_insert(ci, true);
 
@@ -438,9 +576,8 @@ int main(int argc, char **argv)
 
 		if (!skip_atr) {
 			/* set the ATR */
-			uint8_t real_atr[] = {  0x3B, 0x00 }; // the simplest ATR
+			atr_update_csum(real_atr, atr_len);
-			atr_update_csum(real_atr, sizeof(real_atr));
+			osmo_st2_cardem_request_set_atr(ci, real_atr, atr_len);
-			osmo_st2_cardem_request_set_atr(ci, real_atr, sizeof(real_atr));
 		}
 
 		/* select remote (forwarded) SIM */
@@ -449,8 +586,7 @@ int main(int argc, char **argv)
 		run_mainloop(ci);
 		ret = 0;
 
-		if (transp->udp_fd < 0)
+		libusb_release_interface(transp->usb_devh, 0);
-			libusb_release_interface(transp->usb_devh, 0);
 close_exit:
 		if (transp->usb_devh)
 			libusb_close(transp->usb_devh);
@@ -458,8 +594,7 @@ close_exit:
 			sleep(1);
 	} while (keep_running);
 
-	if (transp->udp_fd < 0)
+	libusb_exit(NULL);
-		libusb_exit(NULL);
 do_exit:
 	return ret;
 }

host/src/simtrace2-sniff.c

@@ -342,7 +342,7 @@ int main(int argc, char **argv)
 	while (1) {
 		int option_index = 0;
 
-		char c = getopt_long(argc, argv, "hi:kV:P:C:I:S:A:", opts, &option_index);
+		int c = getopt_long(argc, argv, "hi:kV:P:C:I:S:A:", opts, &option_index);
 		if (c == -1)
 			break;
 		switch (c) {

host/src/usb2udp.c

@@ -1,285 +0,0 @@
-/* simtrace - main program for the host PC
- *
- * (C) 2010-2016 by Harald Welte <hwelte@hmw-consulting.de>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- */
-#include <errno.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdint.h>
-#include <time.h>
-#define _GNU_SOURCE
-#include <getopt.h>
-#include <poll.h>
-
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <libusb.h>
-
-#include <osmocom/usb/libusb.h>
-#include <osmocom/simtrace2/simtrace_usb.h>
-#include <osmocom/simtrace2/simtrace_prot.h>
-
-#include <osmocom/core/utils.h>
-#include <osmocom/core/socket.h>
-#include <osmocom/core/select.h>
-
-struct libusb_device_handle *g_devh;
-static struct sockaddr_in g_sa_remote;
-static struct osmo_fd g_udp_ofd;
-
-static void print_welcome(void)
-{
-	printf("usb2udp - UDP/IP forwarding of SIMtrace card emulation\n"
-	       "(C) 2016 by Harald Welte <laforge@gnumonks.org>\n\n");
-}
-
-static void print_help(void)
-{
-	printf( "\t-h\t--help\n"
-		"\t-i\t--interface <0-255>\n"
-		"\n"
-		);
-}
-
-struct ep_buf {
-	uint8_t ep;
-	uint8_t buf[1024];
-	struct libusb_transfer *xfer;
-};
-static struct ep_buf g_buf_in;
-static struct ep_buf g_buf_out;
-
-static void usb_in_xfer_cb(struct libusb_transfer *xfer)
-{
-	int rc;
-
-	printf("xfer_cb(ep=%02x): status=%d, flags=0x%x, type=%u, len=%u, act_len=%u\n",
-		xfer->endpoint, xfer->status, xfer->flags, xfer->type, xfer->length, xfer->actual_length);
-	switch (xfer->status) {
-	case LIBUSB_TRANSFER_COMPLETED:
-		if (xfer->endpoint == g_buf_in.ep) {
-			/* process the data */
-			printf("read %d bytes from SIMTRACE, forwarding to UDP\n", xfer->actual_length);
-			rc = sendto(g_udp_ofd.fd, xfer->buffer, xfer->actual_length, 0, (struct sockaddr *)&g_sa_remote, sizeof(g_sa_remote));
-			if (rc <= 0) {
-				fprintf(stderr, "error writing to UDP\n");
-			}
-			/* and re-submit the URB */
-			libusb_submit_transfer(xfer);
-		} else if (xfer->endpoint == g_buf_out.ep) {
-			/* re-enable reading from the UDP side */
-			g_udp_ofd.when |= BSC_FD_READ;
-		}
-		break;
-	default:
-		fprintf(stderr, "xfer_cb(ERROR '%s')\n", osmo_hexdump_nospc(xfer->buffer, xfer->actual_length));
-		break;
-	}
-}
-
-static void init_ep_buf(struct ep_buf *epb)
-{
-	if (!epb->xfer)
-		epb->xfer = libusb_alloc_transfer(0);
-
-	epb->xfer->flags = 0;
-
-	libusb_fill_bulk_transfer(epb->xfer, g_devh, epb->ep, epb->buf, sizeof(epb->buf), usb_in_xfer_cb, NULL, 0);
-}
-
-/***********************************************************************
- * libosmocore main loop integration of libusb async I/O
- ***********************************************************************/
-
-static int g_libusb_pending = 0;
-
-static int ofd_libusb_cb(struct osmo_fd *ofd, unsigned int what)
-{
-	/* FIXME */
-	g_libusb_pending = 1;
-
-	return 0;
-}
-
-/* call-back when libusb adds a FD */
-static void libusb_fd_added_cb(int fd, short events, void *user_data)
-{
-	struct osmo_fd *ofd = talloc_zero(NULL, struct osmo_fd);
-
-	printf("%s(%u, %x)\n", __func__, fd, events);
-
-	ofd->fd = fd;
-	ofd->cb = &ofd_libusb_cb;
-	if (events & POLLIN)
-		ofd->when |= BSC_FD_READ;
-	if (events & POLLOUT)
-		ofd->when |= BSC_FD_WRITE;
-
-	osmo_fd_register(ofd);
-}
-
-/* call-back when libusb removes a FD */
-static void libusb_fd_removed_cb(int fd, void *user_data)
-{
-
-	printf("%s(%u)\n", __func__, fd);
-#if 0
-	struct osmo_fd *ofd;
-	/* FIXME: This needs new export in libosmocore! */
-	ofd = osmo_fd_get_by_fd(fd);
-
-	if (ofd) {
-		osmo_fd_unregister(ofd);
-		talloc_free(ofd);
-	}
-#endif
-}
-
-/* call-back when the UDP socket is readable */
-static int ofd_udp_cb(struct osmo_fd *ofd, unsigned int what)
-{
-	int rc;
-	socklen_t addrlen = sizeof(g_sa_remote);
-
-	rc = recvfrom(ofd->fd, g_buf_out.buf, sizeof(g_buf_out.buf), 0,
-			(struct sockaddr *)&g_sa_remote, &addrlen);
-	if (rc <= 0) {
-		fprintf(stderr, "error reading from UDP\n");
-		return 0;
-	}
-	printf("read %d bytes from UDP, forwarding to SIMTRACE\n", rc);
-	g_buf_out.xfer->length = rc;
-
-	/* disable further READ interest for the UDP socket */
-	ofd->when &= ~BSC_FD_READ;
-
-	/* submit the URB on the OUT end point */
-	libusb_submit_transfer(g_buf_out.xfer);
-
-	return 0;
-}
-
-static void run_mainloop(void)
-{
-	int rc;
-
-	printf("Entering main loop\n");
-
-	while (1) {
-		osmo_select_main(0);
-		if (g_libusb_pending) {
-			struct timeval tv;
-			memset(&tv, 0, sizeof(tv));
-			rc = libusb_handle_events_timeout_completed(NULL, &tv, NULL);
-			if (rc != 0) {
-				fprintf(stderr, "handle_events_timeout_completed == %d\n", rc);
-				break;
-			}
-		}
-	}
-}
-
-int main(int argc, char **argv)
-{
-	int rc;
-	int c, ret = 1;
-	int local_udp_port = 52342;
-	unsigned int if_num = 0;
-
-	print_welcome();
-
-	while (1) {
-		int option_index = 0;
-		static const struct option opts[] = {
-			{ "udp-port", 1, 0, 'u' },
-			{ "interface", 1, 0, 'I' },
-			{ "help", 0, 0, 'h' },
-			{ NULL, 0, 0, 0 }
-		};
-
-		c = getopt_long(argc, argv, "u:I:h", opts, &option_index);
-		if (c == -1)
-			break;
-		switch (c) {
-		case 'u':
-			local_udp_port = atoi(optarg);
-			break;
-		case 'I':
-			if_num = atoi(optarg);
-			break;
-		case 'h':
-			print_help();
-			exit(0);
-			break;
-		}
-	}
-
-	rc = libusb_init(NULL);
-	if (rc < 0) {
-		fprintf(stderr, "libusb initialization failed\n");
-		goto close_exit;
-	}
-
-	libusb_set_pollfd_notifiers(NULL, &libusb_fd_added_cb, &libusb_fd_removed_cb, NULL);
-
-	g_devh = libusb_open_device_with_vid_pid(NULL, USB_VENDOR_OPENMOKO, USB_PRODUCT_OWHW_SAM3);
-	if (!g_devh) {
-		fprintf(stderr, "can't open USB device\n");
-		goto close_exit;
-	}
-
-	rc = libusb_claim_interface(g_devh, if_num);
-	if (rc < 0) {
-		fprintf(stderr, "can't claim interface %u; rc=%d\n", if_num, rc);
-		goto close_exit;
-	}
-
-	/* open UDP socket, register with select handling and mark it
-	 * readable */
-	g_udp_ofd.cb = ofd_udp_cb;
-	osmo_sock_init_ofd(&g_udp_ofd, AF_INET, SOCK_DGRAM, IPPROTO_UDP, NULL, local_udp_port + if_num, OSMO_SOCK_F_BIND);
-
-	rc = osmo_libusb_get_ep_addrs(g_devh, if_num, &g_buf_out.ep, &g_buf_in.ep, NULL);
-	if (rc < 0) {
-		fprintf(stderr, "couldn't find enpdoint addresses; rc=%d\n", rc);
-		goto close_exit;
-	}
-	/* initialize USB buffers / transfers */
-	init_ep_buf(&g_buf_out);
-	init_ep_buf(&g_buf_in);
-
-	/* submit the first transfer for the IN endpoint */
-	libusb_submit_transfer(g_buf_in.xfer);
-
-	run_mainloop();
-
-	ret = 0;
-
-	libusb_release_interface(g_devh, 0);
-close_exit:
-	if (g_devh)
-		libusb_close(g_devh);
-
-	libusb_exit(NULL);
-	return ret;
-}