mv usb-icc.c usb-ccid.c
authorNIIBE Yutaka <gniibe@fsij.org>
Thu, 19 May 2016 07:58:52 +0000 (16:58 +0900)
committerNIIBE Yutaka <gniibe@fsij.org>
Thu, 19 May 2016 07:58:52 +0000 (16:58 +0900)
ChangeLog
src/Makefile.in
src/usb-ccid.c [new file with mode: 0644]
src/usb-icc.c [deleted file]

index 9d17064..27ae6c3 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2016-05-19  Niibe Yutaka  <gniibe@fsij.org>
 
+       * src/usb-ccid.c: Rename from usb-icc.c.
+       * src/Makefile.in (CSRC): Follow the change.
+
        * chopstx: Update to 0.11.
 
        * src/gnuk.h (LED_START_COMMAND, LED_FINISH_COMMAND): Change the
index 14894b6..96d8f62 100644 (file)
@@ -11,7 +11,7 @@ LDSCRIPT= gnuk.ld
 CSRC = main.c usb_stm32f103.c adc_stm32f103.c \
        usb_desc.c usb_ctrl.c \
        call-rsa.c \
-       usb-icc.c openpgp.c ac.c openpgp-do.c flash.c \
+       usb-ccid.c openpgp.c ac.c openpgp-do.c flash.c \
        bn.c mod.c \
        modp256r1.c jpc_p256r1.c ec_p256r1.c call-ec_p256r1.c \
        modp256k1.c jpc_p256k1.c ec_p256k1.c call-ec_p256k1.c \
diff --git a/src/usb-ccid.c b/src/usb-ccid.c
new file mode 100644 (file)
index 0000000..11c091e
--- /dev/null
@@ -0,0 +1,1569 @@
+/*
+ * usb-ccid.c -- USB CCID protocol handling
+ *
+ * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016
+ *               Free Software Initiative of Japan
+ * Author: NIIBE Yutaka <gniibe@fsij.org>
+ *
+ * This file is a part of Gnuk, a GnuPG USB Token implementation.
+ *
+ * Gnuk is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Gnuk is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <chopstx.h>
+#include <eventflag.h>
+
+#include "config.h"
+
+#ifdef DEBUG
+#include "debug.h"
+struct stdout stdout;
+#endif
+
+#include "gnuk.h"
+#include "usb_lld.h"
+#include "usb_conf.h"
+
+/*
+ * USB buffer size of USB-CCID driver
+ */
+#if MAX_RES_APDU_DATA_SIZE > MAX_CMD_APDU_DATA_SIZE
+#define USB_BUF_SIZE (MAX_RES_APDU_DATA_SIZE+5)
+#else
+#define USB_BUF_SIZE (MAX_CMD_APDU_DATA_SIZE+5)
+#endif
+
+struct apdu apdu;
+
+/*
+ * There are three layers in USB CCID implementation
+ *
+ *   +-------------------+
+ *   | Application Layer |
+ *   +-------------------+
+ *      ^ command APDU |
+ *      |              v response APDU
+ *   +-------------------+
+ *   |    CCID Layer     |
+ *   +-------------------+
+ *    ^ CCID PC_to_RDR  | CCID RDR_to_PC
+ *    | Message         v Message
+ *   +-------------------+
+ *   |    USB Layer      |
+ *   +-------------------+
+ *    ^ USB             | USB
+ *    | Bulk-OUT Packet v Bulk-IN Packet
+ *
+ */
+
+/*
+ * USB layer data structures
+ */
+
+struct ep_in {
+  uint8_t ep_num;
+  uint8_t tx_done;
+  void (*notify) (struct ep_in *epi);
+  const uint8_t *buf;
+  size_t cnt;
+  size_t buf_len;
+  void *priv;
+  void (*next_buf) (struct ep_in *epi, size_t len);
+};
+
+static void epi_init (struct ep_in *epi, int ep_num,
+                     void (*notify) (struct ep_in *epi), void *priv)
+{
+  epi->ep_num = ep_num;
+  epi->tx_done = 0;
+  epi->notify = notify;
+  epi->buf = NULL;
+  epi->cnt = 0;
+  epi->buf_len = 0;
+  epi->priv = priv;
+  epi->next_buf = NULL;
+}
+
+struct ep_out {
+  uint8_t ep_num;
+  uint8_t err;
+  void (*notify) (struct ep_out *epo);
+  uint8_t *buf;
+  size_t cnt;
+  size_t buf_len;
+  void *priv;
+  void (*next_buf) (struct ep_out *epo, size_t len);
+  int  (*end_rx) (struct ep_out *epo, size_t orig_len);
+};
+
+static struct ep_out endpoint_out;
+static struct ep_in endpoint_in;
+
+static void epo_init (struct ep_out *epo, int ep_num,
+                     void (*notify) (struct ep_out *epo), void *priv)
+{
+  epo->ep_num = ep_num;
+  epo->err = 0;
+  epo->notify = notify;
+  epo->buf = NULL;
+  epo->cnt = 0;
+  epo->buf_len = 0;
+  epo->priv = priv;
+  epo->next_buf = NULL;
+  epo->end_rx = NULL;
+}
+
+/*
+ * CCID Layer
+ */
+
+/*
+ * Buffer of USB communication: for both of RX and TX
+ *
+ * The buffer will be filled by multiple RX packets (Bulk-OUT)
+ * or will be used for multiple TX packets (Bulk-IN)
+ */
+static uint8_t icc_buffer[USB_BUF_SIZE];
+
+#define ICC_SET_PARAMS         0x61 /* non-ICCD command  */
+#define ICC_POWER_ON           0x62
+#define ICC_POWER_OFF          0x63
+#define ICC_SLOT_STATUS                0x65 /* non-ICCD command */
+#define ICC_SECURE             0x69 /* non-ICCD command */
+#define ICC_GET_PARAMS         0x6C /* non-ICCD command */
+#define ICC_RESET_PARAMS       0x6D /* non-ICCD command */
+#define ICC_XFR_BLOCK          0x6F
+#define ICC_DATA_BLOCK_RET     0x80
+#define ICC_SLOT_STATUS_RET    0x81 /* non-ICCD result */
+#define ICC_PARAMS_RET         0x82 /* non-ICCD result */
+
+#define ICC_MSG_SEQ_OFFSET     6
+#define ICC_MSG_STATUS_OFFSET  7
+#define ICC_MSG_ERROR_OFFSET   8
+#define ICC_MSG_CHAIN_OFFSET   9
+#define ICC_MSG_DATA_OFFSET    10      /* == ICC_MSG_HEADER_SIZE */
+#define ICC_MAX_MSG_DATA_SIZE  USB_BUF_SIZE
+
+#define ICC_STATUS_RUN         0x00
+#define ICC_STATUS_PRESENT     0x01
+#define ICC_STATUS_NOTPRESENT  0x02
+#define ICC_CMD_STATUS_OK      0x00
+#define ICC_CMD_STATUS_ERROR   0x40
+#define ICC_CMD_STATUS_TIMEEXT 0x80
+
+#define ICC_ERROR_XFR_OVERRUN  0xFC
+
+/*
+ * Since command-byte is at offset 0,
+ * error with offset 0 means "command not supported".
+ */
+#define ICC_OFFSET_CMD_NOT_SUPPORTED 0
+#define ICC_OFFSET_DATA_LEN 1
+#define ICC_OFFSET_PARAM 8
+
+struct icc_header {
+  uint8_t msg_type;
+  uint32_t data_len;
+  uint8_t slot;
+  uint8_t seq;
+  uint8_t rsvd;
+  uint16_t param;
+} __attribute__((packed));
+
+
+/* Data structure handled by CCID layer */
+struct ccid {
+  enum icc_state icc_state;
+  uint8_t state;
+  uint8_t *p;
+  size_t len;
+
+  uint8_t err;
+
+  struct icc_header icc_header;
+
+  uint8_t sw1sw2[2];
+  uint8_t chained_cls_ins_p1_p2[4];
+
+  /* lower layer */
+  struct ep_out *epo;
+  struct ep_in *epi;
+
+  /* from both layers */
+  struct eventflag ccid_comm;
+
+  /* upper layer */
+  struct eventflag openpgp_comm;
+  chopstx_t application;
+  struct apdu *a;
+};
+
+/*
+ * APDU_STATE_WAIT_COMMAND           +---------+
+ *        |           |              |         |
+ *        |           v              v         |
+ *        |      APDU_STATE_COMMAND_CHAINING --+
+ *        |                 |
+ *        v                 v
+ *      APDU_STATE_COMMAND_RECEIVED
+ *                  |
+ *                  v
+ *          ===================
+ *          | Process COMMAND |
+ *          ===================
+ *                  |
+ *                  v
+ *            +-----+----------+                  +---------+
+ *            |                |                  |         |
+ *            v                v                  v         |
+ * APDU_STATE_RESULT <---- APDU_STATE_RESULT_GET_RESPONSE --+
+ *         |
+ *         |
+ *         v
+ * APDU_STATE_WAIT_COMMAND
+ */
+
+#define APDU_STATE_WAIT_COMMAND        0
+#define APDU_STATE_COMMAND_CHAINING    1
+#define APDU_STATE_COMMAND_RECEIVED    2
+#define APDU_STATE_RESULT              3
+#define APDU_STATE_RESULT_GET_RESPONSE 4
+
+static void ccid_reset (struct ccid *c)
+{
+  c->err = 0;
+  c->state = APDU_STATE_WAIT_COMMAND;
+  c->p = c->a->cmd_apdu_data;
+  c->len = MAX_CMD_APDU_DATA_SIZE;
+  c->a->cmd_apdu_data_len = 0;
+  c->a->expected_res_size = 0;
+}
+
+static void ccid_init (struct ccid *c, struct ep_in *epi, struct ep_out *epo,
+                      struct apdu *a)
+{
+  icc_state_p = &c->icc_state;
+
+  c->icc_state = ICC_STATE_NOCARD;
+  c->state = APDU_STATE_WAIT_COMMAND;
+  c->p = a->cmd_apdu_data;
+  c->len = MAX_CMD_APDU_DATA_SIZE;
+  c->err = 0;
+  memset (&c->icc_header, 0, sizeof (struct icc_header));
+  c->sw1sw2[0] = 0x90;
+  c->sw1sw2[1] = 0x00;
+  c->application = 0;
+  c->epi = epi;
+  c->epo = epo;
+  c->a = a;
+}
+
+/*
+ * Application layer
+ */
+
+/*
+ * USB-CCID communication could be considered "half duplex".
+ *
+ * While the device is sending something, there is no possibility for
+ * the device to receive anything.
+ *
+ * While the device is receiving something, there is no possibility
+ * for the device to send anything.
+ *
+ * Thus, the buffer can be shared for RX and TX.
+ *
+ * Exception: When we support ABORT of CCID, it is possible to receive
+ * ABORT Class Specific Request to control pipe while we are
+ * receiving/sending something at OUT/IN endpoint.
+ *
+ */
+
+#define CMD_APDU_HEAD_SIZE 5
+
+static void apdu_init (struct apdu *a)
+{
+  a->seq = 0;                  /* will be set by lower layer */
+  a->cmd_apdu_head = &icc_buffer[0];
+  a->cmd_apdu_data = &icc_buffer[5];
+  a->cmd_apdu_data_len = 0;    /* will be set by lower layer */
+  a->expected_res_size = 0;    /* will be set by lower layer */
+
+  a->sw = 0x9000;                   /* will be set by upper layer */
+  a->res_apdu_data = &icc_buffer[5]; /* will be set by upper layer */
+  a->res_apdu_data_len = 0;         /* will be set by upper layer */
+}
+
+
+static void notify_tx (struct ep_in *epi)
+{
+  struct ccid *c = (struct ccid *)epi->priv;
+
+  /* The sequence of Bulk-IN transactions finished */
+  eventflag_signal (&c->ccid_comm, EV_TX_FINISHED);
+}
+
+static void no_buf (struct ep_in *epi, size_t len)
+{
+  (void)len;
+  epi->buf = NULL;
+  epi->cnt = 0;
+  epi->buf_len = 0;
+}
+
+static void set_sw1sw2 (struct ccid *c, size_t chunk_len)
+{
+  if (c->a->expected_res_size >= c->len)
+    {
+      c->sw1sw2[0] = 0x90;
+      c->sw1sw2[1] = 0x00;
+    }
+  else
+    {
+      c->sw1sw2[0] = 0x61;
+      if (c->len - chunk_len >= 256)
+       c->sw1sw2[1] = 0;
+      else
+       c->sw1sw2[1] = (uint8_t)(c->len - chunk_len);
+    }
+}
+
+static void get_sw1sw2 (struct ep_in *epi, size_t len)
+{
+  struct ccid *c = (struct ccid *)epi->priv;
+
+  (void)len;
+  epi->buf = c->sw1sw2;
+  epi->cnt = 0;
+  epi->buf_len = 2;
+  epi->next_buf = no_buf;
+}
+
+
+/*
+ * Tx done callback
+ */
+static void
+EP1_IN_Callback (void)
+{
+  struct ep_in *epi = &endpoint_in;
+
+  if (epi->buf == NULL)
+    if (epi->tx_done)
+      epi->notify (epi);
+    else
+      {
+       epi->tx_done = 1;
+       usb_lld_tx_enable (epi->ep_num, 0); /* send ZLP */
+      }
+  else
+    {
+      int tx_size = 0;
+      size_t remain = USB_LL_BUF_SIZE;
+      int offset = 0;
+
+      while (epi->buf)
+       if (epi->buf_len < remain)
+         {
+           usb_lld_txcpy (epi->buf, epi->ep_num, offset, epi->buf_len);
+           offset += epi->buf_len;
+           remain -= epi->buf_len;
+           tx_size += epi->buf_len;
+           epi->next_buf (epi, remain); /* Update epi->buf, cnt, buf_len */
+         }
+       else
+         {
+           usb_lld_txcpy (epi->buf, epi->ep_num, offset, remain);
+           epi->buf += remain;
+           epi->cnt += remain;
+           epi->buf_len -= remain;
+           tx_size += remain;
+           break;
+         }
+
+      if (tx_size < USB_LL_BUF_SIZE)
+       epi->tx_done = 1;
+      usb_lld_tx_enable (epi->ep_num, tx_size);
+    }
+}
+
+
+static void notify_icc (struct ep_out *epo)
+{
+  struct ccid *c = (struct ccid *)epo->priv;
+
+  c->err = epo->err;
+  eventflag_signal (&c->ccid_comm, EV_RX_DATA_READY);
+}
+
+static int end_icc_rx (struct ep_out *epo, size_t orig_len)
+{
+  (void)orig_len;
+  if (epo->cnt < sizeof (struct icc_header))
+    /* short packet, just ignore */
+    return 1;
+
+  /* icc message with no abdata */
+  return 0;
+}
+
+static int end_abdata (struct ep_out *epo, size_t orig_len)
+{
+  struct ccid *c = (struct ccid *)epo->priv;
+  size_t len = epo->cnt;
+
+  if (orig_len == USB_LL_BUF_SIZE && len < c->icc_header.data_len)
+    /* more packet comes */
+    return 1;
+
+  if (len != c->icc_header.data_len)
+    epo->err = 1;
+
+  return 0;
+}
+
+static int end_cmd_apdu_head (struct ep_out *epo, size_t orig_len)
+{
+  struct ccid *c = (struct ccid *)epo->priv;
+
+  (void)orig_len;
+
+  if (epo->cnt < 4 || epo->cnt != c->icc_header.data_len)
+    {
+      epo->err = 1;
+      return 0;
+    }
+
+  if ((c->state == APDU_STATE_COMMAND_CHAINING)
+      && (c->chained_cls_ins_p1_p2[0] != (c->a->cmd_apdu_head[0] & ~0x10)
+         || c->chained_cls_ins_p1_p2[1] != c->a->cmd_apdu_head[1]
+         || c->chained_cls_ins_p1_p2[2] != c->a->cmd_apdu_head[2]
+         || c->chained_cls_ins_p1_p2[3] != c->a->cmd_apdu_head[3]))
+    /*
+     * Handling exceptional request.
+     *
+     * Host stops sending command APDU using command chaining,
+     * and start another command APDU.
+     *
+     * Discard old one, and start handling new one.
+     */
+    {
+      c->state = APDU_STATE_WAIT_COMMAND;
+      c->p = c->a->cmd_apdu_data;
+      c->len = MAX_CMD_APDU_DATA_SIZE;
+    }
+
+  if (epo->cnt == 4)
+    /* No Lc and Le */
+    c->a->expected_res_size = 0;
+  else if (epo->cnt == 5)
+    {
+      /* No Lc but Le */
+      c->a->expected_res_size = c->a->cmd_apdu_head[4];
+      if (c->a->expected_res_size == 0)
+       c->a->expected_res_size = 256;
+      c->a->cmd_apdu_head[4] = 0;
+    }
+
+  c->a->cmd_apdu_data_len = 0;
+  return 0;
+}
+
+
+static int end_nomore_data (struct ep_out *epo, size_t orig_len)
+{
+  (void)epo;
+  if (orig_len == USB_LL_BUF_SIZE)
+    return 1;
+  else
+    return 0;
+}
+
+
+static int end_cmd_apdu_data (struct ep_out *epo, size_t orig_len)
+{
+  struct ccid *c = (struct ccid *)epo->priv;
+  size_t len = epo->cnt;
+
+  if (orig_len == USB_LL_BUF_SIZE
+      && CMD_APDU_HEAD_SIZE + len < c->icc_header.data_len)
+    /* more packet comes */
+    return 1;
+
+  if (CMD_APDU_HEAD_SIZE + len != c->icc_header.data_len)
+    goto error;
+
+  if (len == c->a->cmd_apdu_head[4])
+    /* No Le field*/
+    c->a->expected_res_size = 0;
+  else if (len == (size_t)c->a->cmd_apdu_head[4] + 1)
+    {
+      /* it has Le field*/
+      c->a->expected_res_size = epo->buf[-1];
+      if (c->a->expected_res_size == 0)
+       c->a->expected_res_size = 256;
+      len--;
+    }
+  else
+    {
+    error:
+      epo->err = 1;
+      return 0;
+    }
+
+  c->a->cmd_apdu_data_len += len;
+  return 0;
+}
+
+
+static void nomore_data (struct ep_out *epo, size_t len)
+{
+  (void)len;
+  epo->err = 1;
+  epo->end_rx = end_nomore_data;
+  epo->buf = NULL;
+  epo->buf_len = 0;
+  epo->cnt = 0;
+  epo->next_buf = nomore_data;
+}
+
+#define INS_GET_RESPONSE 0xc0
+
+static void icc_cmd_apdu_data (struct ep_out *epo, size_t len)
+{
+  struct ccid *c = (struct ccid *)epo->priv;
+
+  (void)len;
+  if (c->state == APDU_STATE_RESULT_GET_RESPONSE
+      && c->a->cmd_apdu_head[1] != INS_GET_RESPONSE)
+    {
+      /*
+       * Handling exceptional request.
+       *
+       * Host didn't finish receiving the whole response APDU by GET RESPONSE,
+       * but initiates another command.
+       */
+
+      c->state = APDU_STATE_WAIT_COMMAND;
+      c->p = c->a->cmd_apdu_data;
+      c->len = MAX_CMD_APDU_DATA_SIZE;
+    }
+  else if (c->state == APDU_STATE_COMMAND_CHAINING)
+    {
+      if (c->chained_cls_ins_p1_p2[0] != (c->a->cmd_apdu_head[0] & ~0x10)
+         || c->chained_cls_ins_p1_p2[1] != c->a->cmd_apdu_head[1]
+         || c->chained_cls_ins_p1_p2[2] != c->a->cmd_apdu_head[2]
+         || c->chained_cls_ins_p1_p2[3] != c->a->cmd_apdu_head[3])
+       /*
+        * Handling exceptional request.
+        *
+        * Host stops sending command APDU using command chaining,
+        * and start another command APDU.
+        *
+        * Discard old one, and start handling new one.
+        */
+       {
+         c->state = APDU_STATE_WAIT_COMMAND;
+         c->p = c->a->cmd_apdu_data;
+         c->len = MAX_CMD_APDU_DATA_SIZE;
+         c->a->cmd_apdu_data_len = 0;
+       }
+    }
+
+  epo->end_rx = end_cmd_apdu_data;
+  epo->buf = c->p;
+  epo->buf_len = c->len;
+  epo->cnt = 0;
+  epo->next_buf = nomore_data;
+}
+
+static void icc_abdata (struct ep_out *epo, size_t len)
+{
+  struct ccid *c = (struct ccid *)epo->priv;
+
+  (void)len;
+  c->a->seq = c->icc_header.seq;
+  if (c->icc_header.msg_type == ICC_XFR_BLOCK)
+    {
+      c->a->seq = c->icc_header.seq;
+      epo->end_rx = end_cmd_apdu_head;
+      epo->buf = c->a->cmd_apdu_head;
+      epo->buf_len = 5;
+      epo->cnt = 0;
+      epo->next_buf = icc_cmd_apdu_data;
+    }
+  else
+    {
+      epo->end_rx = end_abdata;
+      epo->buf = c->p;
+      epo->buf_len = c->len;
+      epo->cnt = 0;
+      epo->next_buf = nomore_data;
+    }
+}
+
+
+static void
+icc_prepare_receive (struct ccid *c)
+{
+  c->epo->err = 0;
+  c->epo->buf = (uint8_t *)&c->icc_header;
+  c->epo->buf_len = sizeof (struct icc_header);
+  c->epo->cnt = 0;
+  c->epo->next_buf = icc_abdata;
+  c->epo->end_rx = end_icc_rx;
+  usb_lld_rx_enable (c->epo->ep_num);
+  DEBUG_INFO ("Rx ready\r\n");
+}
+
+/*
+ * Rx ready callback
+ */
+
+static void
+EP1_OUT_Callback (void)
+{
+  struct ep_out *epo = &endpoint_out;
+  size_t len = usb_lld_rx_data_len (epo->ep_num);
+  int offset = 0;
+  int cont;
+  size_t orig_len = len;
+
+  while (epo->err == 0)
+    if (len == 0)
+      break;
+    else if (len <= epo->buf_len)
+      {
+       usb_lld_rxcpy (epo->buf, epo->ep_num, offset, len);
+       epo->buf += len;
+       epo->cnt += len;
+       epo->buf_len -= len;
+       break;
+      }
+    else /* len > buf_len */
+      {
+       usb_lld_rxcpy (epo->buf, epo->ep_num, offset, epo->buf_len);
+       len -= epo->buf_len;
+       offset += epo->buf_len;
+       epo->next_buf (epo, len); /* Update epo->buf, cnt, buf_len */
+      }
+
+  /*
+   * ORIG_LEN to distingush ZLP and the end of transaction
+   *  (ORIG_LEN != USB_LL_BUF_SIZE)
+   */
+  cont = epo->end_rx (epo, orig_len);
+
+  if (cont)
+    usb_lld_rx_enable (epo->ep_num);
+  else
+    epo->notify (epo);
+}
+
+
+extern void EP6_IN_Callback (void);
+
+void
+usb_cb_rx_ready (uint8_t ep_num)
+{
+  if (ep_num == ENDP1)
+    EP1_OUT_Callback ();
+#ifdef DEBUG
+  else if (ep_num == ENDP5)
+    {
+      chopstx_mutex_lock (&stdout.m_dev);
+      usb_lld_rx_enable (ep_num);
+      chopstx_mutex_unlock (&stdout.m_dev);
+    }
+#endif
+}
+
+void
+usb_cb_tx_done (uint8_t ep_num)
+{
+  if (ep_num == ENDP1)
+    EP1_IN_Callback ();
+  else if (ep_num == ENDP2)
+    {
+      /* INTERRUPT Transfer done */
+    }
+#ifdef DEBUG
+  else if (ep_num == ENDP3)
+    {
+      chopstx_mutex_lock (&stdout.m_dev);
+      chopstx_cond_signal (&stdout.cond_dev);
+      chopstx_mutex_unlock (&stdout.m_dev);
+    }
+#endif
+#ifdef PINPAD_SUPPORT
+  else if (ep_num == ENDP6)
+    EP6_IN_Callback ();
+#endif
+}
+
+/*
+ * ATR (Answer To Reset) string
+ *
+ * TS = 0x3b: Direct conversion
+ * T0 = 0xda: TA1, TC1 and TD1 follow, 10 historical bytes
+ * TA1 = 0x11: FI=1, DI=1
+ * TC1 = 0xff
+ * TD1 = 0x81: TD2 follows, T=1
+ * TD2 = 0xb1: TA3, TB3 and TD3 follow, T=1
+ * TA3 = 0xFE: IFSC = 254 bytes
+ * TB3 = 0x55: BWI = 5, CWI = 5   (BWT timeout 3.2 sec)
+ * TD3 = 0x1f: TA4 follows, T=15
+ * TA4 = 0x03: 5V or 3.3V
+ * Historical bytes: to be explained...
+ * XOR check
+ *
+ * Minimum: 0x3b, 0x8a, 0x80, 0x01, + historical bytes, xor check
+ *
+ */
+static const uint8_t ATR[] = {
+  0x3b, 0xda, 0x11, 0xff, 0x81, 0xb1, 0xfe, 0x55, 0x1f, 0x03,
+  0x00,
+       0x31, 0x84, /* full DF name, GET DATA, MF */
+        0x73,
+              0x80, /* DF full name */
+             0x01, /* 1-byte */
+             0x80, /* Command chaining, No extended Lc and extended Le */
+       0x00,
+        0x90, 0x00,
+ (0xda^0x11^0xff^0x81^0xb1^0xfe^0x55^0x1f^0x03
+  ^0x00^0x31^0x84^0x73^0x80^0x01^0x80^0x00^0x90^0x00)
+};
+
+/*
+ * Send back error
+ */
+static void icc_error (struct ccid *c, int offset)
+{
+  uint8_t icc_reply[ICC_MSG_HEADER_SIZE];
+
+  icc_reply[0] = ICC_SLOT_STATUS_RET; /* Any value should be OK */
+  icc_reply[1] = 0x00;
+  icc_reply[2] = 0x00;
+  icc_reply[3] = 0x00;
+  icc_reply[4] = 0x00;
+  icc_reply[5] = 0x00; /* Slot */
+  icc_reply[ICC_MSG_SEQ_OFFSET] = c->icc_header.seq;
+  if (c->icc_state == ICC_STATE_NOCARD)
+    icc_reply[ICC_MSG_STATUS_OFFSET] = 2; /* 2: No ICC present */
+  else if (c->icc_state == ICC_STATE_START)
+    icc_reply[ICC_MSG_STATUS_OFFSET] = 1; /* 1: ICC present but not activated */
+  else
+    icc_reply[ICC_MSG_STATUS_OFFSET] = 0; /* An ICC is present and active */
+  icc_reply[ICC_MSG_STATUS_OFFSET] |= ICC_CMD_STATUS_ERROR; /* Failed */
+  icc_reply[ICC_MSG_ERROR_OFFSET] = offset;
+  icc_reply[ICC_MSG_CHAIN_OFFSET] = 0x00;
+
+  /* This is a single packet Bulk-IN transaction */
+  c->epi->buf = NULL;
+  c->epi->tx_done = 1;
+  usb_lld_write (c->epi->ep_num, icc_reply, ICC_MSG_HEADER_SIZE);
+}
+
+extern void *openpgp_card_thread (void *arg);
+
+extern uint8_t __process3_stack_base__, __process3_stack_size__;
+const uint32_t __stackaddr_gpg = (uint32_t)&__process3_stack_base__;
+const size_t __stacksize_gpg = (size_t)&__process3_stack_size__;
+#define PRIO_GPG 1
+
+
+/* Send back ATR (Answer To Reset) */
+static enum icc_state
+icc_power_on (struct ccid *c)
+{
+  size_t size_atr = sizeof (ATR);
+  uint8_t p[ICC_MSG_HEADER_SIZE];
+
+  if (c->application == 0)
+    c->application = chopstx_create (PRIO_GPG, __stackaddr_gpg,
+                                    __stacksize_gpg, openpgp_card_thread,
+                                    (void *)&c->ccid_comm);
+
+  p[0] = ICC_DATA_BLOCK_RET;
+  p[1] = size_atr;
+  p[2] = 0x00;
+  p[3] = 0x00;
+  p[4] = 0x00;
+  p[5] = 0x00; /* Slot */
+  p[ICC_MSG_SEQ_OFFSET] = c->icc_header.seq;
+  p[ICC_MSG_STATUS_OFFSET] = 0x00;
+  p[ICC_MSG_ERROR_OFFSET] = 0x00;
+  p[ICC_MSG_CHAIN_OFFSET] = 0x00;
+
+  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE);
+  usb_lld_txcpy (ATR, c->epi->ep_num, ICC_MSG_HEADER_SIZE, size_atr);
+
+  /* This is a single packet Bulk-IN transaction */
+  c->epi->buf = NULL;
+  c->epi->tx_done = 1;
+  usb_lld_tx_enable (c->epi->ep_num, ICC_MSG_HEADER_SIZE + size_atr);
+  DEBUG_INFO ("ON\r\n");
+
+  return ICC_STATE_WAIT;
+}
+
+static void
+icc_send_status (struct ccid *c)
+{
+  uint8_t icc_reply[ICC_MSG_HEADER_SIZE];
+
+  icc_reply[0] = ICC_SLOT_STATUS_RET;
+  icc_reply[1] = 0x00;
+  icc_reply[2] = 0x00;
+  icc_reply[3] = 0x00;
+  icc_reply[4] = 0x00;
+  icc_reply[5] = 0x00; /* Slot */
+  icc_reply[ICC_MSG_SEQ_OFFSET] = c->icc_header.seq;
+  if (c->icc_state == ICC_STATE_NOCARD)
+    icc_reply[ICC_MSG_STATUS_OFFSET] = 2; /* 2: No ICC present */
+  else if (c->icc_state == ICC_STATE_START)
+    icc_reply[ICC_MSG_STATUS_OFFSET] = 1; /* 1: ICC present but not activated */
+  else
+    icc_reply[ICC_MSG_STATUS_OFFSET] = 0; /* An ICC is present and active */
+  icc_reply[ICC_MSG_ERROR_OFFSET] = 0x00;
+  icc_reply[ICC_MSG_CHAIN_OFFSET] = 0x00;
+
+  /* This is a single packet Bulk-IN transaction */
+  c->epi->buf = NULL;
+  c->epi->tx_done = 1;
+  usb_lld_write (c->epi->ep_num, icc_reply, ICC_MSG_HEADER_SIZE);
+
+#ifdef DEBUG_MORE
+  DEBUG_INFO ("St\r\n");
+#endif
+}
+
+static enum icc_state
+icc_power_off (struct ccid *c)
+{
+  if (c->application)
+    {
+      eventflag_signal (&c->openpgp_comm, EV_EXIT);
+      chopstx_join (c->application, NULL);
+      c->application = 0;
+    }
+
+  c->icc_state = ICC_STATE_START; /* This status change should be here */
+  icc_send_status (c);
+  DEBUG_INFO ("OFF\r\n");
+  return ICC_STATE_START;
+}
+
+static void
+icc_send_data_block_internal (struct ccid *c, uint8_t status, uint8_t error)
+{
+  int tx_size = USB_LL_BUF_SIZE;
+  uint8_t p[ICC_MSG_HEADER_SIZE];
+  size_t len;
+
+  if (status == 0)
+    len = c->a->res_apdu_data_len + 2;
+  else
+    len = 0;
+
+  p[0] = ICC_DATA_BLOCK_RET;
+  p[1] = len & 0xFF;
+  p[2] = (len >> 8)& 0xFF;
+  p[3] = (len >> 16)& 0xFF;
+  p[4] = (len >> 24)& 0xFF;
+  p[5] = 0x00; /* Slot */
+  p[ICC_MSG_SEQ_OFFSET] = c->a->seq;
+  p[ICC_MSG_STATUS_OFFSET] = status;
+  p[ICC_MSG_ERROR_OFFSET] = error;
+  p[ICC_MSG_CHAIN_OFFSET] = 0;
+
+  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE);
+  if (len == 0)
+    {
+      usb_lld_tx_enable (c->epi->ep_num, ICC_MSG_HEADER_SIZE);
+      return;
+    }
+
+  if (ICC_MSG_HEADER_SIZE + len <= USB_LL_BUF_SIZE)
+    {
+      usb_lld_txcpy (c->a->res_apdu_data, c->epi->ep_num,
+                    ICC_MSG_HEADER_SIZE, c->a->res_apdu_data_len);
+      usb_lld_txcpy (c->sw1sw2, c->epi->ep_num,
+                    ICC_MSG_HEADER_SIZE + c->a->res_apdu_data_len, 2);
+      c->epi->buf = NULL;
+      if (ICC_MSG_HEADER_SIZE + len < USB_LL_BUF_SIZE)
+       c->epi->tx_done = 1;
+      tx_size = ICC_MSG_HEADER_SIZE + len;
+    }
+  else if (ICC_MSG_HEADER_SIZE + len - 1 == USB_LL_BUF_SIZE)
+    {
+      usb_lld_txcpy (c->a->res_apdu_data, c->epi->ep_num,
+                    ICC_MSG_HEADER_SIZE, c->a->res_apdu_data_len);
+      usb_lld_txcpy (c->sw1sw2, c->epi->ep_num,
+                    ICC_MSG_HEADER_SIZE + c->a->res_apdu_data_len, 1);
+      c->epi->buf = &c->sw1sw2[1];
+      c->epi->cnt = 1;
+      c->epi->buf_len = 1;
+      c->epi->next_buf = no_buf;
+    }
+  else if (ICC_MSG_HEADER_SIZE + len - 2 == USB_LL_BUF_SIZE)
+    {
+      usb_lld_txcpy (c->a->res_apdu_data, c->epi->ep_num,
+                    ICC_MSG_HEADER_SIZE, c->a->res_apdu_data_len);
+      c->epi->buf = &c->sw1sw2[0];
+      c->epi->cnt = 0;
+      c->epi->buf_len = 2;
+      c->epi->next_buf = no_buf;
+    }
+  else
+    {
+      usb_lld_txcpy (c->a->res_apdu_data, c->epi->ep_num, ICC_MSG_HEADER_SIZE,
+                    USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE);
+      c->epi->buf = c->a->res_apdu_data + USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE;
+      c->epi->cnt = USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE;
+      c->epi->buf_len = c->a->res_apdu_data_len
+       - (USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE);
+      c->epi->next_buf = get_sw1sw2;
+    }
+
+  usb_lld_tx_enable (c->epi->ep_num, tx_size);
+#ifdef DEBUG_MORE
+  DEBUG_INFO ("DATA\r\n");
+#endif
+}
+
+static void
+icc_send_data_block (struct ccid *c)
+{
+  icc_send_data_block_internal (c, 0, 0);
+}
+
+static void
+icc_send_data_block_time_extension (struct ccid *c)
+{
+  icc_send_data_block_internal (c, ICC_CMD_STATUS_TIMEEXT, 1);
+}
+
+static void
+icc_send_data_block_0x9000 (struct ccid *c)
+{
+  uint8_t p[ICC_MSG_HEADER_SIZE+2];
+  size_t len = 2;
+
+  p[0] = ICC_DATA_BLOCK_RET;
+  p[1] = len & 0xFF;
+  p[2] = (len >> 8)& 0xFF;
+  p[3] = (len >> 16)& 0xFF;
+  p[4] = (len >> 24)& 0xFF;
+  p[5] = 0x00; /* Slot */
+  p[ICC_MSG_SEQ_OFFSET] = c->a->seq;
+  p[ICC_MSG_STATUS_OFFSET] = 0;
+  p[ICC_MSG_ERROR_OFFSET] = 0;
+  p[ICC_MSG_CHAIN_OFFSET] = 0;
+  p[ICC_MSG_CHAIN_OFFSET+1] = 0x90;
+  p[ICC_MSG_CHAIN_OFFSET+2] = 0x00;
+
+  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE + len);
+  c->epi->buf = NULL;
+  c->epi->tx_done = 1;
+
+  usb_lld_tx_enable (c->epi->ep_num, ICC_MSG_HEADER_SIZE + len);
+#ifdef DEBUG_MORE
+  DEBUG_INFO ("DATA\r\n");
+#endif
+}
+
+/*
+ * Reply to the host for "GET RESPONSE".
+ */
+static void
+icc_send_data_block_gr (struct ccid *c, size_t chunk_len)
+{
+  int tx_size = USB_LL_BUF_SIZE;
+  uint8_t p[ICC_MSG_HEADER_SIZE];
+  size_t len = chunk_len + 2;
+
+  p[0] = ICC_DATA_BLOCK_RET;
+  p[1] = len & 0xFF;
+  p[2] = (len >> 8)& 0xFF;
+  p[3] = (len >> 16)& 0xFF;
+  p[4] = (len >> 24)& 0xFF;
+  p[5] = 0x00; /* Slot */
+  p[ICC_MSG_SEQ_OFFSET] = c->a->seq;
+  p[ICC_MSG_STATUS_OFFSET] = 0;
+  p[ICC_MSG_ERROR_OFFSET] = 0;
+  p[ICC_MSG_CHAIN_OFFSET] = 0;
+
+  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE);
+
+  set_sw1sw2 (c, chunk_len);
+
+  if (chunk_len <= USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE)
+    {
+      int size_for_sw;
+
+      if (chunk_len <= USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE - 2)
+       size_for_sw = 2;
+      else if (chunk_len == USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE - 1)
+       size_for_sw = 1;
+      else
+       size_for_sw = 0;
+
+      usb_lld_txcpy (c->p, c->epi->ep_num, ICC_MSG_HEADER_SIZE, chunk_len);
+      if (size_for_sw)
+       usb_lld_txcpy (c->sw1sw2, c->epi->ep_num,
+                      ICC_MSG_HEADER_SIZE + chunk_len, size_for_sw);
+      tx_size = ICC_MSG_HEADER_SIZE + chunk_len + size_for_sw;
+      if (size_for_sw == 2)
+       {
+         c->epi->buf = NULL;
+         if (tx_size < USB_LL_BUF_SIZE)
+           c->epi->tx_done = 1;
+         /* Don't set epi->tx_done = 1, when it requires ZLP */
+       }
+      else
+       {
+         c->epi->buf = c->sw1sw2 + size_for_sw;
+         c->epi->cnt = size_for_sw;
+         c->epi->buf_len = 2 - size_for_sw;
+         c->epi->next_buf = no_buf;
+       }
+    }
+  else
+    {
+      usb_lld_txcpy (c->p, c->epi->ep_num, ICC_MSG_HEADER_SIZE,
+                    USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE);
+      c->epi->buf = c->p + USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE;
+      c->epi->cnt = 0;
+      c->epi->buf_len = chunk_len - (USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE);
+      c->epi->next_buf = get_sw1sw2;
+    }
+
+  c->p += chunk_len;
+  c->len -= chunk_len;
+  usb_lld_tx_enable (c->epi->ep_num, tx_size);
+#ifdef DEBUG_MORE
+  DEBUG_INFO ("DATA\r\n");
+#endif
+}
+
+
+static void
+icc_send_params (struct ccid *c)
+{
+  uint8_t p[ICC_MSG_HEADER_SIZE];
+  const uint8_t params[] =  {
+    0x11,   /* bmFindexDindex */
+    0x11, /* bmTCCKST1 */
+    0xFE, /* bGuardTimeT1 */
+    0x55, /* bmWaitingIntegersT1 */
+    0x03, /* bClockStop */
+    0xFE, /* bIFSC */
+    0    /* bNadValue */
+  };
+
+  p[0] = ICC_PARAMS_RET;
+  p[1] = 0x07; /* Length = 0x00000007 */
+  p[2] = 0;
+  p[3] = 0;
+  p[4] = 0;
+  p[5] = 0x00; /* Slot */
+  p[ICC_MSG_SEQ_OFFSET] = c->icc_header.seq;
+  p[ICC_MSG_STATUS_OFFSET] = 0;
+  p[ICC_MSG_ERROR_OFFSET] = 0;
+  p[ICC_MSG_CHAIN_OFFSET] = 0x01;  /* ProtocolNum: T=1 */
+
+  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE);
+  usb_lld_txcpy (params, c->epi->ep_num, ICC_MSG_HEADER_SIZE, sizeof params);
+
+  /* This is a single packet Bulk-IN transaction */
+  c->epi->buf = NULL;
+  c->epi->tx_done = 1;
+  usb_lld_tx_enable (c->epi->ep_num, ICC_MSG_HEADER_SIZE + sizeof params);
+#ifdef DEBUG_MORE
+  DEBUG_INFO ("PARAMS\r\n");
+#endif
+}
+
+
+static enum icc_state
+icc_handle_data (struct ccid *c)
+{
+  enum icc_state next_state = c->icc_state;
+
+  if (c->err != 0)
+    {
+      ccid_reset (c);
+      icc_error (c, ICC_OFFSET_DATA_LEN);
+      return next_state;
+    }
+
+  switch (c->icc_state)
+    {
+    case ICC_STATE_NOCARD:
+      if (c->icc_header.msg_type == ICC_SLOT_STATUS)
+       icc_send_status (c);
+      else
+       {
+         DEBUG_INFO ("ERR00\r\n");
+         icc_error (c, ICC_OFFSET_CMD_NOT_SUPPORTED);
+       }
+      break;
+    case ICC_STATE_START:
+      if (c->icc_header.msg_type == ICC_POWER_ON)
+       {
+         ccid_reset (c);
+         next_state = icc_power_on (c);
+       }
+      else if (c->icc_header.msg_type == ICC_POWER_OFF)
+       {
+         ccid_reset (c);
+         next_state = icc_power_off (c);
+       }
+      else if (c->icc_header.msg_type == ICC_SLOT_STATUS)
+       icc_send_status (c);
+      else
+       {
+         DEBUG_INFO ("ERR01\r\n");
+         icc_error (c, ICC_OFFSET_CMD_NOT_SUPPORTED);
+       }
+      break;
+    case ICC_STATE_WAIT:
+      if (c->icc_header.msg_type == ICC_POWER_ON)
+       {
+         /* Not in the spec., but pcscd/libccid */
+         ccid_reset (c);
+         next_state = icc_power_on (c);
+       }
+      else if (c->icc_header.msg_type == ICC_POWER_OFF)
+       {
+         ccid_reset (c);
+         next_state = icc_power_off (c);
+       }
+      else if (c->icc_header.msg_type == ICC_SLOT_STATUS)
+       icc_send_status (c);
+      else if (c->icc_header.msg_type == ICC_XFR_BLOCK)
+       {
+         if (c->icc_header.param == 0)
+           {
+             if ((c->a->cmd_apdu_head[0] & 0x10) == 0)
+               {
+                 if (c->state == APDU_STATE_COMMAND_CHAINING)
+                   {           /* command chaining finished */
+                     c->p += c->a->cmd_apdu_head[4];
+                     c->a->cmd_apdu_head[4] = 0;
+                     DEBUG_INFO ("CMD chaning finished.\r\n");
+                   }
+
+                 if (c->a->cmd_apdu_head[1] == INS_GET_RESPONSE
+                     && c->state == APDU_STATE_RESULT_GET_RESPONSE)
+                   {
+                     size_t len = c->a->expected_res_size;
+
+                     if (c->len <= c->a->expected_res_size)
+                       len = c->len;
+
+                     icc_send_data_block_gr (c, len);
+                     if (c->len == 0)
+                       c->state = APDU_STATE_RESULT;
+                     c->icc_state = ICC_STATE_WAIT;
+                     DEBUG_INFO ("GET Response.\r\n");
+                   }
+                 else
+                   {             /* Give this message to GPG thread */
+                     c->state = APDU_STATE_COMMAND_RECEIVED;
+
+                     c->a->sw = 0x9000;
+                     c->a->res_apdu_data_len = 0;
+                     c->a->res_apdu_data = &icc_buffer[5];
+
+                     eventflag_signal (&c->openpgp_comm, EV_CMD_AVAILABLE);
+                     next_state = ICC_STATE_EXECUTE;
+                   }
+               }
+             else
+               {
+                 if (c->state == APDU_STATE_WAIT_COMMAND)
+                   {           /* command chaining is started */
+                     c->a->cmd_apdu_head[0] &= ~0x10;
+                     memcpy (c->chained_cls_ins_p1_p2, c->a->cmd_apdu_head, 4);
+                     c->state = APDU_STATE_COMMAND_CHAINING;
+                   }
+
+                 c->p += c->a->cmd_apdu_head[4];
+                 c->len -= c->a->cmd_apdu_head[4];
+                 icc_send_data_block_0x9000 (c);
+                 DEBUG_INFO ("CMD chaning...\r\n");
+               }
+           }
+         else
+           {                /* ICC block chaining is not supported. */
+             DEBUG_INFO ("ERR02\r\n");
+             icc_error (c, ICC_OFFSET_PARAM);
+           }
+       }
+      else if (c->icc_header.msg_type == ICC_SET_PARAMS
+              || c->icc_header.msg_type == ICC_GET_PARAMS
+              || c->icc_header.msg_type == ICC_RESET_PARAMS)
+       icc_send_params (c);
+      else if (c->icc_header.msg_type == ICC_SECURE)
+       {
+         if (c->p != c->a->cmd_apdu_data)
+           {
+             /* SECURE received in the middle of command chaining */
+             ccid_reset (c);
+             icc_error (c, ICC_OFFSET_DATA_LEN);
+             return next_state;
+           }
+
+         if (c->p[10-10] == 0x00) /* PIN verification */
+           {
+             c->a->cmd_apdu_head[0] = c->p[25-10];
+             c->a->cmd_apdu_head[1] = c->p[26-10];
+             c->a->cmd_apdu_head[2] = c->p[27-10];
+             c->a->cmd_apdu_head[3] = c->p[28-10];
+             /**/
+             c->a->cmd_apdu_data[0] = 0; /* bConfirmPIN */
+             c->a->cmd_apdu_data[1] = c->p[17-10]; /* bEntryValidationCondition */
+             c->a->cmd_apdu_data[2] = c->p[18-10]; /* bNumberMessage */
+             c->a->cmd_apdu_data[3] = c->p[19-10]; /* wLangId L */
+             c->a->cmd_apdu_data[4] = c->p[20-10]; /* wLangId H */
+             c->a->cmd_apdu_data[5] = c->p[21-10]; /* bMsgIndex */
+
+             c->a->cmd_apdu_data_len = 6;
+             c->a->expected_res_size = 0;
+
+             c->a->sw = 0x9000;
+             c->a->res_apdu_data_len = 0;
+             c->a->res_apdu_data = &c->p[5];
+
+             eventflag_signal (&c->openpgp_comm, EV_VERIFY_CMD_AVAILABLE);
+             next_state = ICC_STATE_EXECUTE;
+           }
+         else if (c->p[10-10] == 0x01) /* PIN Modification */
+           {
+             uint8_t num_msgs = c->p[21-10];
+
+             if (num_msgs == 0x00)
+               num_msgs = 1;
+             else if (num_msgs == 0xff)
+               num_msgs = 3;
+             c->a->cmd_apdu_head[0] = c->p[27 + num_msgs-10];
+             c->a->cmd_apdu_head[1] = c->p[28 + num_msgs-10];
+             c->a->cmd_apdu_head[2] = c->p[29 + num_msgs-10];
+             c->a->cmd_apdu_head[3] = c->p[30 + num_msgs-10];
+             /**/
+             c->a->cmd_apdu_data[0] = c->p[19-10]; /* bConfirmPIN */
+             c->a->cmd_apdu_data[1] = c->p[20-10]; /* bEntryValidationCondition */
+             c->a->cmd_apdu_data[2] = c->p[21-10]; /* bNumberMessage */
+             c->a->cmd_apdu_data[3] = c->p[22-10]; /* wLangId L */
+             c->a->cmd_apdu_data[4] = c->p[23-10]; /* wLangId H */
+             c->a->cmd_apdu_data[5] = c->p[24-10]; /* bMsgIndex, bMsgIndex1 */
+             if (num_msgs >= 2)
+               c->a->cmd_apdu_data[6] = c->p[25-10]; /* bMsgIndex2 */
+             if (num_msgs == 3)
+               c->a->cmd_apdu_data[7] = c->p[26-10]; /* bMsgIndex3 */
+
+             c->a->cmd_apdu_data_len = 5 + num_msgs;
+             c->a->expected_res_size = 0;
+
+             c->a->sw = 0x9000;
+             c->a->res_apdu_data_len = 0;
+             c->a->res_apdu_data = &icc_buffer[5];
+
+             eventflag_signal (&c->openpgp_comm, EV_MODIFY_CMD_AVAILABLE);
+             next_state = ICC_STATE_EXECUTE;
+           }
+         else
+           icc_error (c, ICC_MSG_DATA_OFFSET);
+       }
+      else
+       {
+         DEBUG_INFO ("ERR03\r\n");
+         DEBUG_BYTE (c->icc_header.msg_type);
+         icc_error (c, ICC_OFFSET_CMD_NOT_SUPPORTED);
+       }
+      break;
+    case ICC_STATE_EXECUTE:
+      if (c->icc_header.msg_type == ICC_POWER_OFF)
+       next_state = icc_power_off (c);
+      else if (c->icc_header.msg_type == ICC_SLOT_STATUS)
+       icc_send_status (c);
+      else
+       {
+         DEBUG_INFO ("ERR04\r\n");
+         DEBUG_BYTE (c->icc_header.msg_type);
+         icc_error (c, ICC_OFFSET_CMD_NOT_SUPPORTED);
+       }
+      break;
+    default:
+      next_state = ICC_STATE_START;
+      DEBUG_INFO ("ERR10\r\n");
+      break;
+    }
+
+  return next_state;
+}
+
+static enum icc_state
+icc_handle_timeout (struct ccid *c)
+{
+  enum icc_state next_state = c->icc_state;
+
+  switch (c->icc_state)
+    {
+    case ICC_STATE_EXECUTE:
+      icc_send_data_block_time_extension (c);
+      break;
+    default:
+      break;
+    }
+
+  led_blink (LED_SHOW_STATUS);
+  return next_state;
+}
+
+static struct ccid ccid;
+enum icc_state *icc_state_p = &ccid.icc_state;
+
+void
+ccid_card_change_signal (int how)
+{
+  struct ccid *c = &ccid;
+
+  if (how == CARD_CHANGE_TOGGLE
+      || (c->icc_state == ICC_STATE_NOCARD && how == CARD_CHANGE_INSERT)
+      || (c->icc_state != ICC_STATE_NOCARD && how == CARD_CHANGE_REMOVE))
+    eventflag_signal (&c->ccid_comm, EV_CARD_CHANGE);
+}
+
+void
+ccid_usb_reset (void)
+{
+  struct ccid *c = &ccid;
+  eventflag_signal (&c->ccid_comm, EV_USB_RESET);
+}
+
+
+#define USB_ICC_TIMEOUT (1950*1000)
+
+#define GPG_THREAD_TERMINATED 0xffff
+
+#define NOTIFY_SLOT_CHANGE 0x50
+
+#define INTR_REQ_USB 20
+
+void *
+ccid_thread (void *arg)
+{
+  chopstx_intr_t interrupt;
+  uint32_t timeout;
+
+  struct ep_in *epi = &endpoint_in;
+  struct ep_out *epo = &endpoint_out;
+  struct ccid *c = &ccid;
+  struct apdu *a = &apdu;
+
+  (void)arg;
+
+  eventflag_init (&ccid.ccid_comm);
+  eventflag_init (&ccid.openpgp_comm);
+
+  usb_lld_init (USB_INITIAL_FEATURE);
+  chopstx_claim_irq (&interrupt, INTR_REQ_USB);
+  usb_interrupt_handler ();    /* For old SYS < 3.0 */
+
+ reset:
+  epi_init (epi, ENDP1, notify_tx, c);
+  epo_init (epo, ENDP1, notify_icc, c);
+  apdu_init (a);
+  ccid_init (c, epi, epo, a);
+
+  icc_prepare_receive (c);
+  while (1)
+    {
+      eventmask_t m;
+      chopstx_poll_cond_t poll_desc;
+
+      eventflag_prepare_poll (&c->ccid_comm, &poll_desc);
+      chopstx_poll (&timeout, 2, &interrupt, &poll_desc);
+      if (interrupt.ready)
+       {
+         usb_interrupt_handler ();
+         continue;
+       }
+
+      timeout = USB_ICC_TIMEOUT;
+      m = eventflag_get (&c->ccid_comm);
+
+      if (m == EV_USB_RESET)
+       {
+         if (c->application)
+           {
+             chopstx_cancel (c->application);
+             chopstx_join (c->application, NULL);
+             c->application = 0;
+           }
+         goto reset;
+       }
+      else if (m == EV_CARD_CHANGE)
+       {
+         uint8_t int_msg[2];
+
+         int_msg[0] = NOTIFY_SLOT_CHANGE;
+         if (c->icc_state == ICC_STATE_NOCARD)
+           { /* Inserted!  */
+             c->icc_state = ICC_STATE_START;
+             int_msg[1] = 0x03;
+           }
+         else
+           { /* Removed!  */
+             if (c->application)
+               {
+                 eventflag_signal (&c->openpgp_comm, EV_EXIT);
+                 chopstx_join (c->application, NULL);
+                 c->application = 0;
+               }
+
+             c->icc_state = ICC_STATE_NOCARD;
+             int_msg[1] = 0x02;
+           }
+
+         usb_lld_write (ENDP2, int_msg, sizeof int_msg);
+         led_blink (LED_TWOSHOTS);
+       }
+      else if (m == EV_RX_DATA_READY)
+       c->icc_state = icc_handle_data (c);
+      else if (m == EV_EXEC_FINISHED)
+       if (c->icc_state == ICC_STATE_EXECUTE)
+         {
+           if (c->a->sw == GPG_THREAD_TERMINATED)
+             {
+               c->sw1sw2[0] = 0x90;
+               c->sw1sw2[1] = 0x00;
+               c->state = APDU_STATE_RESULT;
+               icc_send_data_block (c);
+               c->icc_state = ICC_STATE_EXITED;
+               break;
+             }
+
+           c->a->cmd_apdu_data_len = 0;
+           c->sw1sw2[0] = c->a->sw >> 8;
+           c->sw1sw2[1] = c->a->sw & 0xff;
+
+           if (c->a->res_apdu_data_len <= c->a->expected_res_size)
+             {
+               c->state = APDU_STATE_RESULT;
+               icc_send_data_block (c);
+               c->icc_state = ICC_STATE_WAIT;
+             }
+           else
+             {
+               c->state = APDU_STATE_RESULT_GET_RESPONSE;
+               c->p = c->a->res_apdu_data;
+               c->len = c->a->res_apdu_data_len;
+               icc_send_data_block_gr (c, c->a->expected_res_size);
+               c->icc_state = ICC_STATE_WAIT;
+             }
+         }
+       else
+         {
+           DEBUG_INFO ("ERR07\r\n");
+         }
+      else if (m == EV_TX_FINISHED)
+       {
+         if (c->state == APDU_STATE_RESULT)
+           {
+             c->state = APDU_STATE_WAIT_COMMAND;
+             c->p = c->a->cmd_apdu_data;
+             c->len = MAX_CMD_APDU_DATA_SIZE;
+             c->err = 0;
+             c->a->cmd_apdu_data_len = 0;
+             c->a->expected_res_size = 0;
+           }
+
+         if (c->state == APDU_STATE_WAIT_COMMAND
+             || c->state == APDU_STATE_COMMAND_CHAINING
+             || c->state == APDU_STATE_RESULT_GET_RESPONSE)
+           icc_prepare_receive (c);
+       }
+      else                     /* Timeout */
+       c->icc_state = icc_handle_timeout (c);
+    }
+
+  if (c->application)
+    {
+      chopstx_join (c->application, NULL);
+      c->application = 0;
+    }
+
+  return NULL;
+}
+
+
+#ifdef DEBUG
+static void
+stdout_init (void)
+{
+  chopstx_mutex_init (&stdout.m);
+  chopstx_mutex_init (&stdout.m_dev);
+  chopstx_cond_init (&stdout.cond_dev);
+  stdout.connected = 0;
+}
+
+void
+_write (const char *s, int len)
+{
+  int packet_len;
+
+  if (len == 0)
+    return;
+
+  chopstx_mutex_lock (&stdout.m);
+
+  chopstx_mutex_lock (&stdout.m_dev);
+  if (!stdout.connected)
+    chopstx_cond_wait (&stdout.cond_dev, &stdout.m_dev);
+  chopstx_mutex_unlock (&stdout.m_dev);
+
+  do
+    {
+      packet_len =
+       (len < VIRTUAL_COM_PORT_DATA_SIZE) ? len : VIRTUAL_COM_PORT_DATA_SIZE;
+
+      chopstx_mutex_lock (&stdout.m_dev);
+      usb_lld_write (ENDP3, s, packet_len);
+      chopstx_cond_wait (&stdout.cond_dev, &stdout.m_dev);
+      chopstx_mutex_unlock (&stdout.m_dev);
+
+      s += packet_len;
+      len -= packet_len;
+    }
+  /* Send a Zero-Length-Packet if the last packet is full size.  */
+  while (len != 0 || packet_len == VIRTUAL_COM_PORT_DATA_SIZE);
+
+  chopstx_mutex_unlock (&stdout.m);
+}
+
+#else
+void
+_write (const char *s, int size)
+{
+  (void)s;
+  (void)size;
+}
+#endif
diff --git a/src/usb-icc.c b/src/usb-icc.c
deleted file mode 100644 (file)
index 6588222..0000000
+++ /dev/null
@@ -1,1569 +0,0 @@
-/*
- * usb-icc.c -- USB CCID protocol handling
- *
- * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016
- *               Free Software Initiative of Japan
- * Author: NIIBE Yutaka <gniibe@fsij.org>
- *
- * This file is a part of Gnuk, a GnuPG USB Token implementation.
- *
- * Gnuk is free software: you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Gnuk is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public
- * License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-#include <stdint.h>
-#include <string.h>
-#include <chopstx.h>
-#include <eventflag.h>
-
-#include "config.h"
-
-#ifdef DEBUG
-#include "debug.h"
-struct stdout stdout;
-#endif
-
-#include "gnuk.h"
-#include "usb_lld.h"
-#include "usb_conf.h"
-
-/*
- * USB buffer size of USB-CCID driver
- */
-#if MAX_RES_APDU_DATA_SIZE > MAX_CMD_APDU_DATA_SIZE
-#define USB_BUF_SIZE (MAX_RES_APDU_DATA_SIZE+5)
-#else
-#define USB_BUF_SIZE (MAX_CMD_APDU_DATA_SIZE+5)
-#endif
-
-struct apdu apdu;
-
-/*
- * There are three layers in USB CCID implementation
- *
- *   +-------------------+
- *   | Application Layer |
- *   +-------------------+
- *      ^ command APDU |
- *      |              v response APDU
- *   +-------------------+
- *   |    CCID Layer     |
- *   +-------------------+
- *    ^ CCID PC_to_RDR  | CCID RDR_to_PC
- *    | Message         v Message
- *   +-------------------+
- *   |    USB Layer      |
- *   +-------------------+
- *    ^ USB             | USB
- *    | Bulk-OUT Packet v Bulk-IN Packet
- *
- */
-
-/*
- * USB layer data structures
- */
-
-struct ep_in {
-  uint8_t ep_num;
-  uint8_t tx_done;
-  void (*notify) (struct ep_in *epi);
-  const uint8_t *buf;
-  size_t cnt;
-  size_t buf_len;
-  void *priv;
-  void (*next_buf) (struct ep_in *epi, size_t len);
-};
-
-static void epi_init (struct ep_in *epi, int ep_num,
-                     void (*notify) (struct ep_in *epi), void *priv)
-{
-  epi->ep_num = ep_num;
-  epi->tx_done = 0;
-  epi->notify = notify;
-  epi->buf = NULL;
-  epi->cnt = 0;
-  epi->buf_len = 0;
-  epi->priv = priv;
-  epi->next_buf = NULL;
-}
-
-struct ep_out {
-  uint8_t ep_num;
-  uint8_t err;
-  void (*notify) (struct ep_out *epo);
-  uint8_t *buf;
-  size_t cnt;
-  size_t buf_len;
-  void *priv;
-  void (*next_buf) (struct ep_out *epo, size_t len);
-  int  (*end_rx) (struct ep_out *epo, size_t orig_len);
-};
-
-static struct ep_out endpoint_out;
-static struct ep_in endpoint_in;
-
-static void epo_init (struct ep_out *epo, int ep_num,
-                     void (*notify) (struct ep_out *epo), void *priv)
-{
-  epo->ep_num = ep_num;
-  epo->err = 0;
-  epo->notify = notify;
-  epo->buf = NULL;
-  epo->cnt = 0;
-  epo->buf_len = 0;
-  epo->priv = priv;
-  epo->next_buf = NULL;
-  epo->end_rx = NULL;
-}
-
-/*
- * CCID Layer
- */
-
-/*
- * Buffer of USB communication: for both of RX and TX
- *
- * The buffer will be filled by multiple RX packets (Bulk-OUT)
- * or will be used for multiple TX packets (Bulk-IN)
- */
-static uint8_t icc_buffer[USB_BUF_SIZE];
-
-#define ICC_SET_PARAMS         0x61 /* non-ICCD command  */
-#define ICC_POWER_ON           0x62
-#define ICC_POWER_OFF          0x63
-#define ICC_SLOT_STATUS                0x65 /* non-ICCD command */
-#define ICC_SECURE             0x69 /* non-ICCD command */
-#define ICC_GET_PARAMS         0x6C /* non-ICCD command */
-#define ICC_RESET_PARAMS       0x6D /* non-ICCD command */
-#define ICC_XFR_BLOCK          0x6F
-#define ICC_DATA_BLOCK_RET     0x80
-#define ICC_SLOT_STATUS_RET    0x81 /* non-ICCD result */
-#define ICC_PARAMS_RET         0x82 /* non-ICCD result */
-
-#define ICC_MSG_SEQ_OFFSET     6
-#define ICC_MSG_STATUS_OFFSET  7
-#define ICC_MSG_ERROR_OFFSET   8
-#define ICC_MSG_CHAIN_OFFSET   9
-#define ICC_MSG_DATA_OFFSET    10      /* == ICC_MSG_HEADER_SIZE */
-#define ICC_MAX_MSG_DATA_SIZE  USB_BUF_SIZE
-
-#define ICC_STATUS_RUN         0x00
-#define ICC_STATUS_PRESENT     0x01
-#define ICC_STATUS_NOTPRESENT  0x02
-#define ICC_CMD_STATUS_OK      0x00
-#define ICC_CMD_STATUS_ERROR   0x40
-#define ICC_CMD_STATUS_TIMEEXT 0x80
-
-#define ICC_ERROR_XFR_OVERRUN  0xFC
-
-/*
- * Since command-byte is at offset 0,
- * error with offset 0 means "command not supported".
- */
-#define ICC_OFFSET_CMD_NOT_SUPPORTED 0
-#define ICC_OFFSET_DATA_LEN 1
-#define ICC_OFFSET_PARAM 8
-
-struct icc_header {
-  uint8_t msg_type;
-  uint32_t data_len;
-  uint8_t slot;
-  uint8_t seq;
-  uint8_t rsvd;
-  uint16_t param;
-} __attribute__((packed));
-
-
-/* Data structure handled by CCID layer */
-struct ccid {
-  enum icc_state icc_state;
-  uint8_t state;
-  uint8_t *p;
-  size_t len;
-
-  uint8_t err;
-
-  struct icc_header icc_header;
-
-  uint8_t sw1sw2[2];
-  uint8_t chained_cls_ins_p1_p2[4];
-
-  /* lower layer */
-  struct ep_out *epo;
-  struct ep_in *epi;
-
-  /* from both layers */
-  struct eventflag ccid_comm;
-
-  /* upper layer */
-  struct eventflag openpgp_comm;
-  chopstx_t application;
-  struct apdu *a;
-};
-
-/*
- * APDU_STATE_WAIT_COMMAND           +---------+
- *        |           |              |         |
- *        |           v              v         |
- *        |      APDU_STATE_COMMAND_CHAINING --+
- *        |                 |
- *        v                 v
- *      APDU_STATE_COMMAND_RECEIVED
- *                  |
- *                  v
- *          ===================
- *          | Process COMMAND |
- *          ===================
- *                  |
- *                  v
- *            +-----+----------+                  +---------+
- *            |                |                  |         |
- *            v                v                  v         |
- * APDU_STATE_RESULT <---- APDU_STATE_RESULT_GET_RESPONSE --+
- *         |
- *         |
- *         v
- * APDU_STATE_WAIT_COMMAND
- */
-
-#define APDU_STATE_WAIT_COMMAND        0
-#define APDU_STATE_COMMAND_CHAINING    1
-#define APDU_STATE_COMMAND_RECEIVED    2
-#define APDU_STATE_RESULT              3
-#define APDU_STATE_RESULT_GET_RESPONSE 4
-
-static void ccid_reset (struct ccid *c)
-{
-  c->err = 0;
-  c->state = APDU_STATE_WAIT_COMMAND;
-  c->p = c->a->cmd_apdu_data;
-  c->len = MAX_CMD_APDU_DATA_SIZE;
-  c->a->cmd_apdu_data_len = 0;
-  c->a->expected_res_size = 0;
-}
-
-static void ccid_init (struct ccid *c, struct ep_in *epi, struct ep_out *epo,
-                      struct apdu *a)
-{
-  icc_state_p = &c->icc_state;
-
-  c->icc_state = ICC_STATE_NOCARD;
-  c->state = APDU_STATE_WAIT_COMMAND;
-  c->p = a->cmd_apdu_data;
-  c->len = MAX_CMD_APDU_DATA_SIZE;
-  c->err = 0;
-  memset (&c->icc_header, 0, sizeof (struct icc_header));
-  c->sw1sw2[0] = 0x90;
-  c->sw1sw2[1] = 0x00;
-  c->application = 0;
-  c->epi = epi;
-  c->epo = epo;
-  c->a = a;
-}
-
-/*
- * Application layer
- */
-
-/*
- * USB-CCID communication could be considered "half duplex".
- *
- * While the device is sending something, there is no possibility for
- * the device to receive anything.
- *
- * While the device is receiving something, there is no possibility
- * for the device to send anything.
- *
- * Thus, the buffer can be shared for RX and TX.
- *
- * Exception: When we support ABORT of CCID, it is possible to receive
- * ABORT Class Specific Request to control pipe while we are
- * receiving/sending something at OUT/IN endpoint.
- *
- */
-
-#define CMD_APDU_HEAD_SIZE 5
-
-static void apdu_init (struct apdu *a)
-{
-  a->seq = 0;                  /* will be set by lower layer */
-  a->cmd_apdu_head = &icc_buffer[0];
-  a->cmd_apdu_data = &icc_buffer[5];
-  a->cmd_apdu_data_len = 0;    /* will be set by lower layer */
-  a->expected_res_size = 0;    /* will be set by lower layer */
-
-  a->sw = 0x9000;                   /* will be set by upper layer */
-  a->res_apdu_data = &icc_buffer[5]; /* will be set by upper layer */
-  a->res_apdu_data_len = 0;         /* will be set by upper layer */
-}
-
-
-static void notify_tx (struct ep_in *epi)
-{
-  struct ccid *c = (struct ccid *)epi->priv;
-
-  /* The sequence of Bulk-IN transactions finished */
-  eventflag_signal (&c->ccid_comm, EV_TX_FINISHED);
-}
-
-static void no_buf (struct ep_in *epi, size_t len)
-{
-  (void)len;
-  epi->buf = NULL;
-  epi->cnt = 0;
-  epi->buf_len = 0;
-}
-
-static void set_sw1sw2 (struct ccid *c, size_t chunk_len)
-{
-  if (c->a->expected_res_size >= c->len)
-    {
-      c->sw1sw2[0] = 0x90;
-      c->sw1sw2[1] = 0x00;
-    }
-  else
-    {
-      c->sw1sw2[0] = 0x61;
-      if (c->len - chunk_len >= 256)
-       c->sw1sw2[1] = 0;
-      else
-       c->sw1sw2[1] = (uint8_t)(c->len - chunk_len);
-    }
-}
-
-static void get_sw1sw2 (struct ep_in *epi, size_t len)
-{
-  struct ccid *c = (struct ccid *)epi->priv;
-
-  (void)len;
-  epi->buf = c->sw1sw2;
-  epi->cnt = 0;
-  epi->buf_len = 2;
-  epi->next_buf = no_buf;
-}
-
-
-/*
- * Tx done callback
- */
-static void
-EP1_IN_Callback (void)
-{
-  struct ep_in *epi = &endpoint_in;
-
-  if (epi->buf == NULL)
-    if (epi->tx_done)
-      epi->notify (epi);
-    else
-      {
-       epi->tx_done = 1;
-       usb_lld_tx_enable (epi->ep_num, 0); /* send ZLP */
-      }
-  else
-    {
-      int tx_size = 0;
-      size_t remain = USB_LL_BUF_SIZE;
-      int offset = 0;
-
-      while (epi->buf)
-       if (epi->buf_len < remain)
-         {
-           usb_lld_txcpy (epi->buf, epi->ep_num, offset, epi->buf_len);
-           offset += epi->buf_len;
-           remain -= epi->buf_len;
-           tx_size += epi->buf_len;
-           epi->next_buf (epi, remain); /* Update epi->buf, cnt, buf_len */
-         }
-       else
-         {
-           usb_lld_txcpy (epi->buf, epi->ep_num, offset, remain);
-           epi->buf += remain;
-           epi->cnt += remain;
-           epi->buf_len -= remain;
-           tx_size += remain;
-           break;
-         }
-
-      if (tx_size < USB_LL_BUF_SIZE)
-       epi->tx_done = 1;
-      usb_lld_tx_enable (epi->ep_num, tx_size);
-    }
-}
-
-
-static void notify_icc (struct ep_out *epo)
-{
-  struct ccid *c = (struct ccid *)epo->priv;
-
-  c->err = epo->err;
-  eventflag_signal (&c->ccid_comm, EV_RX_DATA_READY);
-}
-
-static int end_icc_rx (struct ep_out *epo, size_t orig_len)
-{
-  (void)orig_len;
-  if (epo->cnt < sizeof (struct icc_header))
-    /* short packet, just ignore */
-    return 1;
-
-  /* icc message with no abdata */
-  return 0;
-}
-
-static int end_abdata (struct ep_out *epo, size_t orig_len)
-{
-  struct ccid *c = (struct ccid *)epo->priv;
-  size_t len = epo->cnt;
-
-  if (orig_len == USB_LL_BUF_SIZE && len < c->icc_header.data_len)
-    /* more packet comes */
-    return 1;
-
-  if (len != c->icc_header.data_len)
-    epo->err = 1;
-
-  return 0;
-}
-
-static int end_cmd_apdu_head (struct ep_out *epo, size_t orig_len)
-{
-  struct ccid *c = (struct ccid *)epo->priv;
-
-  (void)orig_len;
-
-  if (epo->cnt < 4 || epo->cnt != c->icc_header.data_len)
-    {
-      epo->err = 1;
-      return 0;
-    }
-
-  if ((c->state == APDU_STATE_COMMAND_CHAINING)
-      && (c->chained_cls_ins_p1_p2[0] != (c->a->cmd_apdu_head[0] & ~0x10)
-         || c->chained_cls_ins_p1_p2[1] != c->a->cmd_apdu_head[1]
-         || c->chained_cls_ins_p1_p2[2] != c->a->cmd_apdu_head[2]
-         || c->chained_cls_ins_p1_p2[3] != c->a->cmd_apdu_head[3]))
-    /*
-     * Handling exceptional request.
-     *
-     * Host stops sending command APDU using command chaining,
-     * and start another command APDU.
-     *
-     * Discard old one, and start handling new one.
-     */
-    {
-      c->state = APDU_STATE_WAIT_COMMAND;
-      c->p = c->a->cmd_apdu_data;
-      c->len = MAX_CMD_APDU_DATA_SIZE;
-    }
-
-  if (epo->cnt == 4)
-    /* No Lc and Le */
-    c->a->expected_res_size = 0;
-  else if (epo->cnt == 5)
-    {
-      /* No Lc but Le */
-      c->a->expected_res_size = c->a->cmd_apdu_head[4];
-      if (c->a->expected_res_size == 0)
-       c->a->expected_res_size = 256;
-      c->a->cmd_apdu_head[4] = 0;
-    }
-
-  c->a->cmd_apdu_data_len = 0;
-  return 0;
-}
-
-
-static int end_nomore_data (struct ep_out *epo, size_t orig_len)
-{
-  (void)epo;
-  if (orig_len == USB_LL_BUF_SIZE)
-    return 1;
-  else
-    return 0;
-}
-
-
-static int end_cmd_apdu_data (struct ep_out *epo, size_t orig_len)
-{
-  struct ccid *c = (struct ccid *)epo->priv;
-  size_t len = epo->cnt;
-
-  if (orig_len == USB_LL_BUF_SIZE
-      && CMD_APDU_HEAD_SIZE + len < c->icc_header.data_len)
-    /* more packet comes */
-    return 1;
-
-  if (CMD_APDU_HEAD_SIZE + len != c->icc_header.data_len)
-    goto error;
-
-  if (len == c->a->cmd_apdu_head[4])
-    /* No Le field*/
-    c->a->expected_res_size = 0;
-  else if (len == (size_t)c->a->cmd_apdu_head[4] + 1)
-    {
-      /* it has Le field*/
-      c->a->expected_res_size = epo->buf[-1];
-      if (c->a->expected_res_size == 0)
-       c->a->expected_res_size = 256;
-      len--;
-    }
-  else
-    {
-    error:
-      epo->err = 1;
-      return 0;
-    }
-
-  c->a->cmd_apdu_data_len += len;
-  return 0;
-}
-
-
-static void nomore_data (struct ep_out *epo, size_t len)
-{
-  (void)len;
-  epo->err = 1;
-  epo->end_rx = end_nomore_data;
-  epo->buf = NULL;
-  epo->buf_len = 0;
-  epo->cnt = 0;
-  epo->next_buf = nomore_data;
-}
-
-#define INS_GET_RESPONSE 0xc0
-
-static void icc_cmd_apdu_data (struct ep_out *epo, size_t len)
-{
-  struct ccid *c = (struct ccid *)epo->priv;
-
-  (void)len;
-  if (c->state == APDU_STATE_RESULT_GET_RESPONSE
-      && c->a->cmd_apdu_head[1] != INS_GET_RESPONSE)
-    {
-      /*
-       * Handling exceptional request.
-       *
-       * Host didn't finish receiving the whole response APDU by GET RESPONSE,
-       * but initiates another command.
-       */
-
-      c->state = APDU_STATE_WAIT_COMMAND;
-      c->p = c->a->cmd_apdu_data;
-      c->len = MAX_CMD_APDU_DATA_SIZE;
-    }
-  else if (c->state == APDU_STATE_COMMAND_CHAINING)
-    {
-      if (c->chained_cls_ins_p1_p2[0] != (c->a->cmd_apdu_head[0] & ~0x10)
-         || c->chained_cls_ins_p1_p2[1] != c->a->cmd_apdu_head[1]
-         || c->chained_cls_ins_p1_p2[2] != c->a->cmd_apdu_head[2]
-         || c->chained_cls_ins_p1_p2[3] != c->a->cmd_apdu_head[3])
-       /*
-        * Handling exceptional request.
-        *
-        * Host stops sending command APDU using command chaining,
-        * and start another command APDU.
-        *
-        * Discard old one, and start handling new one.
-        */
-       {
-         c->state = APDU_STATE_WAIT_COMMAND;
-         c->p = c->a->cmd_apdu_data;
-         c->len = MAX_CMD_APDU_DATA_SIZE;
-         c->a->cmd_apdu_data_len = 0;
-       }
-    }
-
-  epo->end_rx = end_cmd_apdu_data;
-  epo->buf = c->p;
-  epo->buf_len = c->len;
-  epo->cnt = 0;
-  epo->next_buf = nomore_data;
-}
-
-static void icc_abdata (struct ep_out *epo, size_t len)
-{
-  struct ccid *c = (struct ccid *)epo->priv;
-
-  (void)len;
-  c->a->seq = c->icc_header.seq;
-  if (c->icc_header.msg_type == ICC_XFR_BLOCK)
-    {
-      c->a->seq = c->icc_header.seq;
-      epo->end_rx = end_cmd_apdu_head;
-      epo->buf = c->a->cmd_apdu_head;
-      epo->buf_len = 5;
-      epo->cnt = 0;
-      epo->next_buf = icc_cmd_apdu_data;
-    }
-  else
-    {
-      epo->end_rx = end_abdata;
-      epo->buf = c->p;
-      epo->buf_len = c->len;
-      epo->cnt = 0;
-      epo->next_buf = nomore_data;
-    }
-}
-
-
-static void
-icc_prepare_receive (struct ccid *c)
-{
-  c->epo->err = 0;
-  c->epo->buf = (uint8_t *)&c->icc_header;
-  c->epo->buf_len = sizeof (struct icc_header);
-  c->epo->cnt = 0;
-  c->epo->next_buf = icc_abdata;
-  c->epo->end_rx = end_icc_rx;
-  usb_lld_rx_enable (c->epo->ep_num);
-  DEBUG_INFO ("Rx ready\r\n");
-}
-
-/*
- * Rx ready callback
- */
-
-static void
-EP1_OUT_Callback (void)
-{
-  struct ep_out *epo = &endpoint_out;
-  size_t len = usb_lld_rx_data_len (epo->ep_num);
-  int offset = 0;
-  int cont;
-  size_t orig_len = len;
-
-  while (epo->err == 0)
-    if (len == 0)
-      break;
-    else if (len <= epo->buf_len)
-      {
-       usb_lld_rxcpy (epo->buf, epo->ep_num, offset, len);
-       epo->buf += len;
-       epo->cnt += len;
-       epo->buf_len -= len;
-       break;
-      }
-    else /* len > buf_len */
-      {
-       usb_lld_rxcpy (epo->buf, epo->ep_num, offset, epo->buf_len);
-       len -= epo->buf_len;
-       offset += epo->buf_len;
-       epo->next_buf (epo, len); /* Update epo->buf, cnt, buf_len */
-      }
-
-  /*
-   * ORIG_LEN to distingush ZLP and the end of transaction
-   *  (ORIG_LEN != USB_LL_BUF_SIZE)
-   */
-  cont = epo->end_rx (epo, orig_len);
-
-  if (cont)
-    usb_lld_rx_enable (epo->ep_num);
-  else
-    epo->notify (epo);
-}
-
-
-extern void EP6_IN_Callback (void);
-
-void
-usb_cb_rx_ready (uint8_t ep_num)
-{
-  if (ep_num == ENDP1)
-    EP1_OUT_Callback ();
-#ifdef DEBUG
-  else if (ep_num == ENDP5)
-    {
-      chopstx_mutex_lock (&stdout.m_dev);
-      usb_lld_rx_enable (ep_num);
-      chopstx_mutex_unlock (&stdout.m_dev);
-    }
-#endif
-}
-
-void
-usb_cb_tx_done (uint8_t ep_num)
-{
-  if (ep_num == ENDP1)
-    EP1_IN_Callback ();
-  else if (ep_num == ENDP2)
-    {
-      /* INTERRUPT Transfer done */
-    }
-#ifdef DEBUG
-  else if (ep_num == ENDP3)
-    {
-      chopstx_mutex_lock (&stdout.m_dev);
-      chopstx_cond_signal (&stdout.cond_dev);
-      chopstx_mutex_unlock (&stdout.m_dev);
-    }
-#endif
-#ifdef PINPAD_SUPPORT
-  else if (ep_num == ENDP6)
-    EP6_IN_Callback ();
-#endif
-}
-
-/*
- * ATR (Answer To Reset) string
- *
- * TS = 0x3b: Direct conversion
- * T0 = 0xda: TA1, TC1 and TD1 follow, 10 historical bytes
- * TA1 = 0x11: FI=1, DI=1
- * TC1 = 0xff
- * TD1 = 0x81: TD2 follows, T=1
- * TD2 = 0xb1: TA3, TB3 and TD3 follow, T=1
- * TA3 = 0xFE: IFSC = 254 bytes
- * TB3 = 0x55: BWI = 5, CWI = 5   (BWT timeout 3.2 sec)
- * TD3 = 0x1f: TA4 follows, T=15
- * TA4 = 0x03: 5V or 3.3V
- * Historical bytes: to be explained...
- * XOR check
- *
- * Minimum: 0x3b, 0x8a, 0x80, 0x01, + historical bytes, xor check
- *
- */
-static const uint8_t ATR[] = {
-  0x3b, 0xda, 0x11, 0xff, 0x81, 0xb1, 0xfe, 0x55, 0x1f, 0x03,
-  0x00,
-       0x31, 0x84, /* full DF name, GET DATA, MF */
-        0x73,
-              0x80, /* DF full name */
-             0x01, /* 1-byte */
-             0x80, /* Command chaining, No extended Lc and extended Le */
-       0x00,
-        0x90, 0x00,
- (0xda^0x11^0xff^0x81^0xb1^0xfe^0x55^0x1f^0x03
-  ^0x00^0x31^0x84^0x73^0x80^0x01^0x80^0x00^0x90^0x00)
-};
-
-/*
- * Send back error
- */
-static void icc_error (struct ccid *c, int offset)
-{
-  uint8_t icc_reply[ICC_MSG_HEADER_SIZE];
-
-  icc_reply[0] = ICC_SLOT_STATUS_RET; /* Any value should be OK */
-  icc_reply[1] = 0x00;
-  icc_reply[2] = 0x00;
-  icc_reply[3] = 0x00;
-  icc_reply[4] = 0x00;
-  icc_reply[5] = 0x00; /* Slot */
-  icc_reply[ICC_MSG_SEQ_OFFSET] = c->icc_header.seq;
-  if (c->icc_state == ICC_STATE_NOCARD)
-    icc_reply[ICC_MSG_STATUS_OFFSET] = 2; /* 2: No ICC present */
-  else if (c->icc_state == ICC_STATE_START)
-    icc_reply[ICC_MSG_STATUS_OFFSET] = 1; /* 1: ICC present but not activated */
-  else
-    icc_reply[ICC_MSG_STATUS_OFFSET] = 0; /* An ICC is present and active */
-  icc_reply[ICC_MSG_STATUS_OFFSET] |= ICC_CMD_STATUS_ERROR; /* Failed */
-  icc_reply[ICC_MSG_ERROR_OFFSET] = offset;
-  icc_reply[ICC_MSG_CHAIN_OFFSET] = 0x00;
-
-  /* This is a single packet Bulk-IN transaction */
-  c->epi->buf = NULL;
-  c->epi->tx_done = 1;
-  usb_lld_write (c->epi->ep_num, icc_reply, ICC_MSG_HEADER_SIZE);
-}
-
-extern void *openpgp_card_thread (void *arg);
-
-extern uint8_t __process3_stack_base__, __process3_stack_size__;
-const uint32_t __stackaddr_gpg = (uint32_t)&__process3_stack_base__;
-const size_t __stacksize_gpg = (size_t)&__process3_stack_size__;
-#define PRIO_GPG 1
-
-
-/* Send back ATR (Answer To Reset) */
-static enum icc_state
-icc_power_on (struct ccid *c)
-{
-  size_t size_atr = sizeof (ATR);
-  uint8_t p[ICC_MSG_HEADER_SIZE];
-
-  if (c->application == 0)
-    c->application = chopstx_create (PRIO_GPG, __stackaddr_gpg,
-                                    __stacksize_gpg, openpgp_card_thread,
-                                    (void *)&c->ccid_comm);
-
-  p[0] = ICC_DATA_BLOCK_RET;
-  p[1] = size_atr;
-  p[2] = 0x00;
-  p[3] = 0x00;
-  p[4] = 0x00;
-  p[5] = 0x00; /* Slot */
-  p[ICC_MSG_SEQ_OFFSET] = c->icc_header.seq;
-  p[ICC_MSG_STATUS_OFFSET] = 0x00;
-  p[ICC_MSG_ERROR_OFFSET] = 0x00;
-  p[ICC_MSG_CHAIN_OFFSET] = 0x00;
-
-  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE);
-  usb_lld_txcpy (ATR, c->epi->ep_num, ICC_MSG_HEADER_SIZE, size_atr);
-
-  /* This is a single packet Bulk-IN transaction */
-  c->epi->buf = NULL;
-  c->epi->tx_done = 1;
-  usb_lld_tx_enable (c->epi->ep_num, ICC_MSG_HEADER_SIZE + size_atr);
-  DEBUG_INFO ("ON\r\n");
-
-  return ICC_STATE_WAIT;
-}
-
-static void
-icc_send_status (struct ccid *c)
-{
-  uint8_t icc_reply[ICC_MSG_HEADER_SIZE];
-
-  icc_reply[0] = ICC_SLOT_STATUS_RET;
-  icc_reply[1] = 0x00;
-  icc_reply[2] = 0x00;
-  icc_reply[3] = 0x00;
-  icc_reply[4] = 0x00;
-  icc_reply[5] = 0x00; /* Slot */
-  icc_reply[ICC_MSG_SEQ_OFFSET] = c->icc_header.seq;
-  if (c->icc_state == ICC_STATE_NOCARD)
-    icc_reply[ICC_MSG_STATUS_OFFSET] = 2; /* 2: No ICC present */
-  else if (c->icc_state == ICC_STATE_START)
-    icc_reply[ICC_MSG_STATUS_OFFSET] = 1; /* 1: ICC present but not activated */
-  else
-    icc_reply[ICC_MSG_STATUS_OFFSET] = 0; /* An ICC is present and active */
-  icc_reply[ICC_MSG_ERROR_OFFSET] = 0x00;
-  icc_reply[ICC_MSG_CHAIN_OFFSET] = 0x00;
-
-  /* This is a single packet Bulk-IN transaction */
-  c->epi->buf = NULL;
-  c->epi->tx_done = 1;
-  usb_lld_write (c->epi->ep_num, icc_reply, ICC_MSG_HEADER_SIZE);
-
-#ifdef DEBUG_MORE
-  DEBUG_INFO ("St\r\n");
-#endif
-}
-
-static enum icc_state
-icc_power_off (struct ccid *c)
-{
-  if (c->application)
-    {
-      eventflag_signal (&c->openpgp_comm, EV_EXIT);
-      chopstx_join (c->application, NULL);
-      c->application = 0;
-    }
-
-  c->icc_state = ICC_STATE_START; /* This status change should be here */
-  icc_send_status (c);
-  DEBUG_INFO ("OFF\r\n");
-  return ICC_STATE_START;
-}
-
-static void
-icc_send_data_block_internal (struct ccid *c, uint8_t status, uint8_t error)
-{
-  int tx_size = USB_LL_BUF_SIZE;
-  uint8_t p[ICC_MSG_HEADER_SIZE];
-  size_t len;
-
-  if (status == 0)
-    len = c->a->res_apdu_data_len + 2;
-  else
-    len = 0;
-
-  p[0] = ICC_DATA_BLOCK_RET;
-  p[1] = len & 0xFF;
-  p[2] = (len >> 8)& 0xFF;
-  p[3] = (len >> 16)& 0xFF;
-  p[4] = (len >> 24)& 0xFF;
-  p[5] = 0x00; /* Slot */
-  p[ICC_MSG_SEQ_OFFSET] = c->a->seq;
-  p[ICC_MSG_STATUS_OFFSET] = status;
-  p[ICC_MSG_ERROR_OFFSET] = error;
-  p[ICC_MSG_CHAIN_OFFSET] = 0;
-
-  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE);
-  if (len == 0)
-    {
-      usb_lld_tx_enable (c->epi->ep_num, ICC_MSG_HEADER_SIZE);
-      return;
-    }
-
-  if (ICC_MSG_HEADER_SIZE + len <= USB_LL_BUF_SIZE)
-    {
-      usb_lld_txcpy (c->a->res_apdu_data, c->epi->ep_num,
-                    ICC_MSG_HEADER_SIZE, c->a->res_apdu_data_len);
-      usb_lld_txcpy (c->sw1sw2, c->epi->ep_num,
-                    ICC_MSG_HEADER_SIZE + c->a->res_apdu_data_len, 2);
-      c->epi->buf = NULL;
-      if (ICC_MSG_HEADER_SIZE + len < USB_LL_BUF_SIZE)
-       c->epi->tx_done = 1;
-      tx_size = ICC_MSG_HEADER_SIZE + len;
-    }
-  else if (ICC_MSG_HEADER_SIZE + len - 1 == USB_LL_BUF_SIZE)
-    {
-      usb_lld_txcpy (c->a->res_apdu_data, c->epi->ep_num,
-                    ICC_MSG_HEADER_SIZE, c->a->res_apdu_data_len);
-      usb_lld_txcpy (c->sw1sw2, c->epi->ep_num,
-                    ICC_MSG_HEADER_SIZE + c->a->res_apdu_data_len, 1);
-      c->epi->buf = &c->sw1sw2[1];
-      c->epi->cnt = 1;
-      c->epi->buf_len = 1;
-      c->epi->next_buf = no_buf;
-    }
-  else if (ICC_MSG_HEADER_SIZE + len - 2 == USB_LL_BUF_SIZE)
-    {
-      usb_lld_txcpy (c->a->res_apdu_data, c->epi->ep_num,
-                    ICC_MSG_HEADER_SIZE, c->a->res_apdu_data_len);
-      c->epi->buf = &c->sw1sw2[0];
-      c->epi->cnt = 0;
-      c->epi->buf_len = 2;
-      c->epi->next_buf = no_buf;
-    }
-  else
-    {
-      usb_lld_txcpy (c->a->res_apdu_data, c->epi->ep_num, ICC_MSG_HEADER_SIZE,
-                    USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE);
-      c->epi->buf = c->a->res_apdu_data + USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE;
-      c->epi->cnt = USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE;
-      c->epi->buf_len = c->a->res_apdu_data_len
-       - (USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE);
-      c->epi->next_buf = get_sw1sw2;
-    }
-
-  usb_lld_tx_enable (c->epi->ep_num, tx_size);
-#ifdef DEBUG_MORE
-  DEBUG_INFO ("DATA\r\n");
-#endif
-}
-
-static void
-icc_send_data_block (struct ccid *c)
-{
-  icc_send_data_block_internal (c, 0, 0);
-}
-
-static void
-icc_send_data_block_time_extension (struct ccid *c)
-{
-  icc_send_data_block_internal (c, ICC_CMD_STATUS_TIMEEXT, 1);
-}
-
-static void
-icc_send_data_block_0x9000 (struct ccid *c)
-{
-  uint8_t p[ICC_MSG_HEADER_SIZE+2];
-  size_t len = 2;
-
-  p[0] = ICC_DATA_BLOCK_RET;
-  p[1] = len & 0xFF;
-  p[2] = (len >> 8)& 0xFF;
-  p[3] = (len >> 16)& 0xFF;
-  p[4] = (len >> 24)& 0xFF;
-  p[5] = 0x00; /* Slot */
-  p[ICC_MSG_SEQ_OFFSET] = c->a->seq;
-  p[ICC_MSG_STATUS_OFFSET] = 0;
-  p[ICC_MSG_ERROR_OFFSET] = 0;
-  p[ICC_MSG_CHAIN_OFFSET] = 0;
-  p[ICC_MSG_CHAIN_OFFSET+1] = 0x90;
-  p[ICC_MSG_CHAIN_OFFSET+2] = 0x00;
-
-  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE + len);
-  c->epi->buf = NULL;
-  c->epi->tx_done = 1;
-
-  usb_lld_tx_enable (c->epi->ep_num, ICC_MSG_HEADER_SIZE + len);
-#ifdef DEBUG_MORE
-  DEBUG_INFO ("DATA\r\n");
-#endif
-}
-
-/*
- * Reply to the host for "GET RESPONSE".
- */
-static void
-icc_send_data_block_gr (struct ccid *c, size_t chunk_len)
-{
-  int tx_size = USB_LL_BUF_SIZE;
-  uint8_t p[ICC_MSG_HEADER_SIZE];
-  size_t len = chunk_len + 2;
-
-  p[0] = ICC_DATA_BLOCK_RET;
-  p[1] = len & 0xFF;
-  p[2] = (len >> 8)& 0xFF;
-  p[3] = (len >> 16)& 0xFF;
-  p[4] = (len >> 24)& 0xFF;
-  p[5] = 0x00; /* Slot */
-  p[ICC_MSG_SEQ_OFFSET] = c->a->seq;
-  p[ICC_MSG_STATUS_OFFSET] = 0;
-  p[ICC_MSG_ERROR_OFFSET] = 0;
-  p[ICC_MSG_CHAIN_OFFSET] = 0;
-
-  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE);
-
-  set_sw1sw2 (c, chunk_len);
-
-  if (chunk_len <= USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE)
-    {
-      int size_for_sw;
-
-      if (chunk_len <= USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE - 2)
-       size_for_sw = 2;
-      else if (chunk_len == USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE - 1)
-       size_for_sw = 1;
-      else
-       size_for_sw = 0;
-
-      usb_lld_txcpy (c->p, c->epi->ep_num, ICC_MSG_HEADER_SIZE, chunk_len);
-      if (size_for_sw)
-       usb_lld_txcpy (c->sw1sw2, c->epi->ep_num,
-                      ICC_MSG_HEADER_SIZE + chunk_len, size_for_sw);
-      tx_size = ICC_MSG_HEADER_SIZE + chunk_len + size_for_sw;
-      if (size_for_sw == 2)
-       {
-         c->epi->buf = NULL;
-         if (tx_size < USB_LL_BUF_SIZE)
-           c->epi->tx_done = 1;
-         /* Don't set epi->tx_done = 1, when it requires ZLP */
-       }
-      else
-       {
-         c->epi->buf = c->sw1sw2 + size_for_sw;
-         c->epi->cnt = size_for_sw;
-         c->epi->buf_len = 2 - size_for_sw;
-         c->epi->next_buf = no_buf;
-       }
-    }
-  else
-    {
-      usb_lld_txcpy (c->p, c->epi->ep_num, ICC_MSG_HEADER_SIZE,
-                    USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE);
-      c->epi->buf = c->p + USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE;
-      c->epi->cnt = 0;
-      c->epi->buf_len = chunk_len - (USB_LL_BUF_SIZE - ICC_MSG_HEADER_SIZE);
-      c->epi->next_buf = get_sw1sw2;
-    }
-
-  c->p += chunk_len;
-  c->len -= chunk_len;
-  usb_lld_tx_enable (c->epi->ep_num, tx_size);
-#ifdef DEBUG_MORE
-  DEBUG_INFO ("DATA\r\n");
-#endif
-}
-
-
-static void
-icc_send_params (struct ccid *c)
-{
-  uint8_t p[ICC_MSG_HEADER_SIZE];
-  const uint8_t params[] =  {
-    0x11,   /* bmFindexDindex */
-    0x11, /* bmTCCKST1 */
-    0xFE, /* bGuardTimeT1 */
-    0x55, /* bmWaitingIntegersT1 */
-    0x03, /* bClockStop */
-    0xFE, /* bIFSC */
-    0    /* bNadValue */
-  };
-
-  p[0] = ICC_PARAMS_RET;
-  p[1] = 0x07; /* Length = 0x00000007 */
-  p[2] = 0;
-  p[3] = 0;
-  p[4] = 0;
-  p[5] = 0x00; /* Slot */
-  p[ICC_MSG_SEQ_OFFSET] = c->icc_header.seq;
-  p[ICC_MSG_STATUS_OFFSET] = 0;
-  p[ICC_MSG_ERROR_OFFSET] = 0;
-  p[ICC_MSG_CHAIN_OFFSET] = 0x01;  /* ProtocolNum: T=1 */
-
-  usb_lld_txcpy (p, c->epi->ep_num, 0, ICC_MSG_HEADER_SIZE);
-  usb_lld_txcpy (params, c->epi->ep_num, ICC_MSG_HEADER_SIZE, sizeof params);
-
-  /* This is a single packet Bulk-IN transaction */
-  c->epi->buf = NULL;
-  c->epi->tx_done = 1;
-  usb_lld_tx_enable (c->epi->ep_num, ICC_MSG_HEADER_SIZE + sizeof params);
-#ifdef DEBUG_MORE
-  DEBUG_INFO ("PARAMS\r\n");
-#endif
-}
-
-
-static enum icc_state
-icc_handle_data (struct ccid *c)
-{
-  enum icc_state next_state = c->icc_state;
-
-  if (c->err != 0)
-    {
-      ccid_reset (c);
-      icc_error (c, ICC_OFFSET_DATA_LEN);
-      return next_state;
-    }
-
-  switch (c->icc_state)
-    {
-    case ICC_STATE_NOCARD:
-      if (c->icc_header.msg_type == ICC_SLOT_STATUS)
-       icc_send_status (c);
-      else
-       {
-         DEBUG_INFO ("ERR00\r\n");
-         icc_error (c, ICC_OFFSET_CMD_NOT_SUPPORTED);
-       }
-      break;
-    case ICC_STATE_START:
-      if (c->icc_header.msg_type == ICC_POWER_ON)
-       {
-         ccid_reset (c);
-         next_state = icc_power_on (c);
-       }
-      else if (c->icc_header.msg_type == ICC_POWER_OFF)
-       {
-         ccid_reset (c);
-         next_state = icc_power_off (c);
-       }
-      else if (c->icc_header.msg_type == ICC_SLOT_STATUS)
-       icc_send_status (c);
-      else
-       {
-         DEBUG_INFO ("ERR01\r\n");
-         icc_error (c, ICC_OFFSET_CMD_NOT_SUPPORTED);
-       }
-      break;
-    case ICC_STATE_WAIT:
-      if (c->icc_header.msg_type == ICC_POWER_ON)
-       {
-         /* Not in the spec., but pcscd/libccid */
-         ccid_reset (c);
-         next_state = icc_power_on (c);
-       }
-      else if (c->icc_header.msg_type == ICC_POWER_OFF)
-       {
-         ccid_reset (c);
-         next_state = icc_power_off (c);
-       }
-      else if (c->icc_header.msg_type == ICC_SLOT_STATUS)
-       icc_send_status (c);
-      else if (c->icc_header.msg_type == ICC_XFR_BLOCK)
-       {
-         if (c->icc_header.param == 0)
-           {
-             if ((c->a->cmd_apdu_head[0] & 0x10) == 0)
-               {
-                 if (c->state == APDU_STATE_COMMAND_CHAINING)
-                   {           /* command chaining finished */
-                     c->p += c->a->cmd_apdu_head[4];
-                     c->a->cmd_apdu_head[4] = 0;
-                     DEBUG_INFO ("CMD chaning finished.\r\n");
-                   }
-
-                 if (c->a->cmd_apdu_head[1] == INS_GET_RESPONSE
-                     && c->state == APDU_STATE_RESULT_GET_RESPONSE)
-                   {
-                     size_t len = c->a->expected_res_size;
-
-                     if (c->len <= c->a->expected_res_size)
-                       len = c->len;
-
-                     icc_send_data_block_gr (c, len);
-                     if (c->len == 0)
-                       c->state = APDU_STATE_RESULT;
-                     c->icc_state = ICC_STATE_WAIT;
-                     DEBUG_INFO ("GET Response.\r\n");
-                   }
-                 else
-                   {             /* Give this message to GPG thread */
-                     c->state = APDU_STATE_COMMAND_RECEIVED;
-
-                     c->a->sw = 0x9000;
-                     c->a->res_apdu_data_len = 0;
-                     c->a->res_apdu_data = &icc_buffer[5];
-
-                     eventflag_signal (&c->openpgp_comm, EV_CMD_AVAILABLE);
-                     next_state = ICC_STATE_EXECUTE;
-                   }
-               }
-             else
-               {
-                 if (c->state == APDU_STATE_WAIT_COMMAND)
-                   {           /* command chaining is started */
-                     c->a->cmd_apdu_head[0] &= ~0x10;
-                     memcpy (c->chained_cls_ins_p1_p2, c->a->cmd_apdu_head, 4);
-                     c->state = APDU_STATE_COMMAND_CHAINING;
-                   }
-
-                 c->p += c->a->cmd_apdu_head[4];
-                 c->len -= c->a->cmd_apdu_head[4];
-                 icc_send_data_block_0x9000 (c);
-                 DEBUG_INFO ("CMD chaning...\r\n");
-               }
-           }
-         else
-           {                /* ICC block chaining is not supported. */
-             DEBUG_INFO ("ERR02\r\n");
-             icc_error (c, ICC_OFFSET_PARAM);
-           }
-       }
-      else if (c->icc_header.msg_type == ICC_SET_PARAMS
-              || c->icc_header.msg_type == ICC_GET_PARAMS
-              || c->icc_header.msg_type == ICC_RESET_PARAMS)
-       icc_send_params (c);
-      else if (c->icc_header.msg_type == ICC_SECURE)
-       {
-         if (c->p != c->a->cmd_apdu_data)
-           {
-             /* SECURE received in the middle of command chaining */
-             ccid_reset (c);
-             icc_error (c, ICC_OFFSET_DATA_LEN);
-             return next_state;
-           }
-
-         if (c->p[10-10] == 0x00) /* PIN verification */
-           {
-             c->a->cmd_apdu_head[0] = c->p[25-10];
-             c->a->cmd_apdu_head[1] = c->p[26-10];
-             c->a->cmd_apdu_head[2] = c->p[27-10];
-             c->a->cmd_apdu_head[3] = c->p[28-10];
-             /**/
-             c->a->cmd_apdu_data[0] = 0; /* bConfirmPIN */
-             c->a->cmd_apdu_data[1] = c->p[17-10]; /* bEntryValidationCondition */
-             c->a->cmd_apdu_data[2] = c->p[18-10]; /* bNumberMessage */
-             c->a->cmd_apdu_data[3] = c->p[19-10]; /* wLangId L */
-             c->a->cmd_apdu_data[4] = c->p[20-10]; /* wLangId H */
-             c->a->cmd_apdu_data[5] = c->p[21-10]; /* bMsgIndex */
-
-             c->a->cmd_apdu_data_len = 6;
-             c->a->expected_res_size = 0;
-
-             c->a->sw = 0x9000;
-             c->a->res_apdu_data_len = 0;
-             c->a->res_apdu_data = &c->p[5];
-
-             eventflag_signal (&c->openpgp_comm, EV_VERIFY_CMD_AVAILABLE);
-             next_state = ICC_STATE_EXECUTE;
-           }
-         else if (c->p[10-10] == 0x01) /* PIN Modification */
-           {
-             uint8_t num_msgs = c->p[21-10];
-
-             if (num_msgs == 0x00)
-               num_msgs = 1;
-             else if (num_msgs == 0xff)
-               num_msgs = 3;
-             c->a->cmd_apdu_head[0] = c->p[27 + num_msgs-10];
-             c->a->cmd_apdu_head[1] = c->p[28 + num_msgs-10];
-             c->a->cmd_apdu_head[2] = c->p[29 + num_msgs-10];
-             c->a->cmd_apdu_head[3] = c->p[30 + num_msgs-10];
-             /**/
-             c->a->cmd_apdu_data[0] = c->p[19-10]; /* bConfirmPIN */
-             c->a->cmd_apdu_data[1] = c->p[20-10]; /* bEntryValidationCondition */
-             c->a->cmd_apdu_data[2] = c->p[21-10]; /* bNumberMessage */
-             c->a->cmd_apdu_data[3] = c->p[22-10]; /* wLangId L */
-             c->a->cmd_apdu_data[4] = c->p[23-10]; /* wLangId H */
-             c->a->cmd_apdu_data[5] = c->p[24-10]; /* bMsgIndex, bMsgIndex1 */
-             if (num_msgs >= 2)
-               c->a->cmd_apdu_data[6] = c->p[25-10]; /* bMsgIndex2 */
-             if (num_msgs == 3)
-               c->a->cmd_apdu_data[7] = c->p[26-10]; /* bMsgIndex3 */
-
-             c->a->cmd_apdu_data_len = 5 + num_msgs;
-             c->a->expected_res_size = 0;
-
-             c->a->sw = 0x9000;
-             c->a->res_apdu_data_len = 0;
-             c->a->res_apdu_data = &icc_buffer[5];
-
-             eventflag_signal (&c->openpgp_comm, EV_MODIFY_CMD_AVAILABLE);
-             next_state = ICC_STATE_EXECUTE;
-           }
-         else
-           icc_error (c, ICC_MSG_DATA_OFFSET);
-       }
-      else
-       {
-         DEBUG_INFO ("ERR03\r\n");
-         DEBUG_BYTE (c->icc_header.msg_type);
-         icc_error (c, ICC_OFFSET_CMD_NOT_SUPPORTED);
-       }
-      break;
-    case ICC_STATE_EXECUTE:
-      if (c->icc_header.msg_type == ICC_POWER_OFF)
-       next_state = icc_power_off (c);
-      else if (c->icc_header.msg_type == ICC_SLOT_STATUS)
-       icc_send_status (c);
-      else
-       {
-         DEBUG_INFO ("ERR04\r\n");
-         DEBUG_BYTE (c->icc_header.msg_type);
-         icc_error (c, ICC_OFFSET_CMD_NOT_SUPPORTED);
-       }
-      break;
-    default:
-      next_state = ICC_STATE_START;
-      DEBUG_INFO ("ERR10\r\n");
-      break;
-    }
-
-  return next_state;
-}
-
-static enum icc_state
-icc_handle_timeout (struct ccid *c)
-{
-  enum icc_state next_state = c->icc_state;
-
-  switch (c->icc_state)
-    {
-    case ICC_STATE_EXECUTE:
-      icc_send_data_block_time_extension (c);
-      break;
-    default:
-      break;
-    }
-
-  led_blink (LED_SHOW_STATUS);
-  return next_state;
-}
-
-static struct ccid ccid;
-enum icc_state *icc_state_p = &ccid.icc_state;
-
-void
-ccid_card_change_signal (int how)
-{
-  struct ccid *c = &ccid;
-
-  if (how == CARD_CHANGE_TOGGLE
-      || (c->icc_state == ICC_STATE_NOCARD && how == CARD_CHANGE_INSERT)
-      || (c->icc_state != ICC_STATE_NOCARD && how == CARD_CHANGE_REMOVE))
-    eventflag_signal (&c->ccid_comm, EV_CARD_CHANGE);
-}
-
-void
-ccid_usb_reset (void)
-{
-  struct ccid *c = &ccid;
-  eventflag_signal (&c->ccid_comm, EV_USB_RESET);
-}
-
-
-#define USB_ICC_TIMEOUT (1950*1000)
-
-#define GPG_THREAD_TERMINATED 0xffff
-
-#define NOTIFY_SLOT_CHANGE 0x50
-
-#define INTR_REQ_USB 20
-
-void *
-ccid_thread (void *arg)
-{
-  chopstx_intr_t interrupt;
-  uint32_t timeout;
-
-  struct ep_in *epi = &endpoint_in;
-  struct ep_out *epo = &endpoint_out;
-  struct ccid *c = &ccid;
-  struct apdu *a = &apdu;
-
-  (void)arg;
-
-  eventflag_init (&ccid.ccid_comm);
-  eventflag_init (&ccid.openpgp_comm);
-
-  usb_lld_init (USB_INITIAL_FEATURE);
-  chopstx_claim_irq (&interrupt, INTR_REQ_USB);
-  usb_interrupt_handler ();    /* For old SYS < 3.0 */
-
- reset:
-  epi_init (epi, ENDP1, notify_tx, c);
-  epo_init (epo, ENDP1, notify_icc, c);
-  apdu_init (a);
-  ccid_init (c, epi, epo, a);
-
-  icc_prepare_receive (c);
-  while (1)
-    {
-      eventmask_t m;
-      chopstx_poll_cond_t poll_desc;
-
-      eventflag_prepare_poll (&c->ccid_comm, &poll_desc);
-      chopstx_poll (&timeout, 2, &interrupt, &poll_desc);
-      if (interrupt.ready)
-       {
-         usb_interrupt_handler ();
-         continue;
-       }
-
-      timeout = USB_ICC_TIMEOUT;
-      m = eventflag_get (&c->ccid_comm);
-
-      if (m == EV_USB_RESET)
-       {
-         if (c->application)
-           {
-             chopstx_cancel (c->application);
-             chopstx_join (c->application, NULL);
-             c->application = 0;
-           }
-         goto reset;
-       }
-      else if (m == EV_CARD_CHANGE)
-       {
-         uint8_t int_msg[2];
-
-         int_msg[0] = NOTIFY_SLOT_CHANGE;
-         if (c->icc_state == ICC_STATE_NOCARD)
-           { /* Inserted!  */
-             c->icc_state = ICC_STATE_START;
-             int_msg[1] = 0x03;
-           }
-         else
-           { /* Removed!  */
-             if (c->application)
-               {
-                 eventflag_signal (&c->openpgp_comm, EV_EXIT);
-                 chopstx_join (c->application, NULL);
-                 c->application = 0;
-               }
-
-             c->icc_state = ICC_STATE_NOCARD;
-             int_msg[1] = 0x02;
-           }
-
-         usb_lld_write (ENDP2, int_msg, sizeof int_msg);
-         led_blink (LED_TWOSHOTS);
-       }
-      else if (m == EV_RX_DATA_READY)
-       c->icc_state = icc_handle_data (c);
-      else if (m == EV_EXEC_FINISHED)
-       if (c->icc_state == ICC_STATE_EXECUTE)
-         {
-           if (c->a->sw == GPG_THREAD_TERMINATED)
-             {
-               c->sw1sw2[0] = 0x90;
-               c->sw1sw2[1] = 0x00;
-               c->state = APDU_STATE_RESULT;
-               icc_send_data_block (c);
-               c->icc_state = ICC_STATE_EXITED;
-               break;
-             }
-
-           c->a->cmd_apdu_data_len = 0;
-           c->sw1sw2[0] = c->a->sw >> 8;
-           c->sw1sw2[1] = c->a->sw & 0xff;
-
-           if (c->a->res_apdu_data_len <= c->a->expected_res_size)
-             {
-               c->state = APDU_STATE_RESULT;
-               icc_send_data_block (c);
-               c->icc_state = ICC_STATE_WAIT;
-             }
-           else
-             {
-               c->state = APDU_STATE_RESULT_GET_RESPONSE;
-               c->p = c->a->res_apdu_data;
-               c->len = c->a->res_apdu_data_len;
-               icc_send_data_block_gr (c, c->a->expected_res_size);
-               c->icc_state = ICC_STATE_WAIT;
-             }
-         }
-       else
-         {
-           DEBUG_INFO ("ERR07\r\n");
-         }
-      else if (m == EV_TX_FINISHED)
-       {
-         if (c->state == APDU_STATE_RESULT)
-           {
-             c->state = APDU_STATE_WAIT_COMMAND;
-             c->p = c->a->cmd_apdu_data;
-             c->len = MAX_CMD_APDU_DATA_SIZE;
-             c->err = 0;
-             c->a->cmd_apdu_data_len = 0;
-             c->a->expected_res_size = 0;
-           }
-
-         if (c->state == APDU_STATE_WAIT_COMMAND
-             || c->state == APDU_STATE_COMMAND_CHAINING
-             || c->state == APDU_STATE_RESULT_GET_RESPONSE)
-           icc_prepare_receive (c);
-       }
-      else                     /* Timeout */
-       c->icc_state = icc_handle_timeout (c);
-    }
-
-  if (c->application)
-    {
-      chopstx_join (c->application, NULL);
-      c->application = 0;
-    }
-
-  return NULL;
-}
-
-
-#ifdef DEBUG
-static void
-stdout_init (void)
-{
-  chopstx_mutex_init (&stdout.m);
-  chopstx_mutex_init (&stdout.m_dev);
-  chopstx_cond_init (&stdout.cond_dev);
-  stdout.connected = 0;
-}
-
-void
-_write (const char *s, int len)
-{
-  int packet_len;
-
-  if (len == 0)
-    return;
-
-  chopstx_mutex_lock (&stdout.m);
-
-  chopstx_mutex_lock (&stdout.m_dev);
-  if (!stdout.connected)
-    chopstx_cond_wait (&stdout.cond_dev, &stdout.m_dev);
-  chopstx_mutex_unlock (&stdout.m_dev);
-
-  do
-    {
-      packet_len =
-       (len < VIRTUAL_COM_PORT_DATA_SIZE) ? len : VIRTUAL_COM_PORT_DATA_SIZE;
-
-      chopstx_mutex_lock (&stdout.m_dev);
-      usb_lld_write (ENDP3, s, packet_len);
-      chopstx_cond_wait (&stdout.cond_dev, &stdout.m_dev);
-      chopstx_mutex_unlock (&stdout.m_dev);
-
-      s += packet_len;
-      len -= packet_len;
-    }
-  /* Send a Zero-Length-Packet if the last packet is full size.  */
-  while (len != 0 || packet_len == VIRTUAL_COM_PORT_DATA_SIZE);
-
-  chopstx_mutex_unlock (&stdout.m);
-}
-
-#else
-void
-_write (const char *s, int size)
-{
-  (void)s;
-  (void)size;
-}
-#endif