JavaCard OS

Overview
CCID Device Chrome Extension is an chrome extension, which provides apis for pages to communicate with CCID Devices.
If you have any question, please post your question here or contact javacardos@gmail.com.

Usage
Your device shall be recognized by chrome first.
● Download Zadig.
● Replace your device driver with driver WinUSB.



Web page communicates with the CCID device

Load extension
> Go to Chrome extension page
◇ Visit chrome extension page by entering chrome://extensions/
or
◇ Use chrome menu: "Customise and control Google Chrome" -> "More tools" -> "Extensions"
> Enable "Developer mode"
> "Load unpacked extension ..."
> The extension is loaded.



Communicate with CCID device
● Open the demo web page


● Get Devices
Enumerates connected USB devices.

● Open Device
Opens a USB device returned by getDevices.

● Close Device
Closes a connection handle. Invoking operations on a handle after it has been closed is a safe operation but causes no action to be taken.

● List Interfaces
Lists all interfaces on a USB device.

● Claim Interface
Claims an interface on a USB device. Before data can be transfered to an interface or associated endpoints the interface must be claimed. Only one connection handle can claim an interface at any given time. If the interface is already claimed, this call will fail.

● Release Interface
Releases a claimed interface.

● Init Transmit
Initialize a transmission, this function sends "PC_to_RDR_IccPowerOff", "PC_to_RDR_IccPowerOn" and "PC_to_RDR_SetParameters" message to the CCID device.

● Send Receive TPDU
Send "PC_to_RDR_XfrBlock" message contains TPDU data to the CCID device;

● End Transmit
Close a transmission, this function sends "PC_to_RDR_IccPowerOff" message to the CCID device.

Reference

This demo extension is modified on u2f-chrome-extension.

TODO
1. Select device from the web page
2. Select interface from the web page
3. Implement T0/T1 protocol

Thank you so much, but I can't use the demo web page. At https://crxjs-dot-u2fdemo.appspot.com/ it's using this extension ID, and at function "handleWebPageRequest" in "webrequest.js" have "switch (request.type)".
This type is sign request, get api version and then register request (it is not in case).

Another question about Zadig. If I change driver from WUDFRd to WinUSB, will an error occur? And how I can restore this driver?
Thank you!

tieuhaoluong wrote:Thank you so much, but I can't use the demo web page. At https://crxjs-dot-u2fdemo.appspot.com/ it's using this extension ID, and at function "handleWebPageRequest" in "webrequest.js" have "switch (request.type)".
This type is sign request, get api version and then register request (it is not in case).

Would you please let us know your implementation method, 1 or 2?

tieuhaoluong wrote:Another question about Zadig. If I change driver from WUDFRd to WinUSB, will an error occur? And how I can restore this driver?
Thank you!

Usually, there will be no problem. If there is, just delete and reinstall the driver.

JavaCardOS wrote:

tieuhaoluong wrote:Thank you so much, but I can't use the demo web page. At https://crxjs-dot-u2fdemo.appspot.com/ it's using this extension ID, and at function "handleWebPageRequest" in "webrequest.js" have "switch (request.type)".
This type is sign request, get api version and then register request (it is not in case).

Would you please let us know your implementation method, 1 or 2?

I'm using method 2, but I use NativeMessage, communication with C# app by stdio via chrome.runtime.connectNative() & chrome.runtime.postMessage()

tieuhaoluong wrote:I'm using method 2, but I use NativeMessage, communication with C# app by stdio via chrome.runtime.connectNative() & chrome.runtime.postMessage()

Ok. How is your code going? Is there any problem?

JavaCardOS wrote:Ok. How is your code going? Is there any problem?

Ok. I work normally. But I think it is not a secure protocol, is there?

About security. I think tay00000 have more expirence can share with us. @tay00000

tieuhaoluong wrote:

JavaCardOS wrote:Ok. How is your code going? Is there any problem?

Ok. I work normally. But I think it is not a secure protocol, is there?

Maybe tay00000 is busy.

I think, the secure level of these two methods is same as u2f implementation. The implementation is based on challenge and public key, it data can't be resend or hacked easily. Don't worry about the security, just like no one is worry about the security of u2f.

Maybe a little explanation on what I am being asked to review and where is the source code ? I am abit lost reading the thread.

Also, note that the Browser/PC to U2F card/device does not use any sort of Secure Channel Protocol of any sort. They are done over plain APDU channels which I have tried to raise attention to the FIDO Alliance but nobody bothers anyway.