replace c_pcsclite with go-libpcsclite

[ghaithsabba]

This a question not an issue, my question is I recently came across the library go-libpcsclite which is implemented completely in go, I tried to test it (not intensive) but it worked for me (signing and verifying).
So I ran a complete test using (go test -v ./... --wipe-yubikey) and it was 80% successful, if took the time to fix the other issues would you merge the change into the main repository.

--- PASS: TestYubiKeySignECDSA (4.44s)
=== RUN   TestYubiKeyECDSASharedKey
=== RUN   TestYubiKeyECDSASharedKey/good
=== RUN   TestYubiKeyECDSASharedKey/bad
=== RUN   TestYubiKeyECDSASharedKey/bad/size
--- PASS: TestYubiKeyECDSASharedKey (0.18s)
    --- PASS: TestYubiKeyECDSASharedKey/good (0.06s)
    --- PASS: TestYubiKeyECDSASharedKey/bad (0.01s)
        --- PASS: TestYubiKeyECDSASharedKey/bad/size (0.01s)
=== RUN   TestPINPrompt
=== RUN   TestPINPrompt/Never
=== RUN   TestPINPrompt/Once
=== RUN   TestPINPrompt/Always
--- PASS: TestPINPrompt (1.15s)
    --- PASS: TestPINPrompt/Never (0.38s)
    --- PASS: TestPINPrompt/Once (0.38s)
    --- PASS: TestPINPrompt/Always (0.39s)
=== RUN   TestSlots
=== RUN   TestSlots/Authentication
=== RUN   TestSlots/CardAuthentication
=== RUN   TestSlots/KeyManagement
=== RUN   TestSlots/Signature
--- PASS: TestSlots (2.74s)
    --- PASS: TestSlots/Authentication (0.47s)
    --- PASS: TestSlots/CardAuthentication (0.46s)
    --- PASS: TestSlots/KeyManagement (0.46s)
    --- PASS: TestSlots/Signature (0.47s)
=== RUN   TestYubiKeySignRSA
=== RUN   TestYubiKeySignRSA/rsa1024
=== RUN   TestYubiKeySignRSA/rsa2048
--- PASS: TestYubiKeySignRSA (2.31s)
    --- PASS: TestYubiKeySignRSA/rsa1024 (0.71s)
    --- PASS: TestYubiKeySignRSA/rsa2048 (1.59s)
=== RUN   TestYubiKeyDecryptRSA
=== RUN   TestYubiKeyDecryptRSA/rsa1024
=== RUN   TestYubiKeyDecryptRSA/rsa2048
--- PASS: TestYubiKeyDecryptRSA (7.79s)
    --- PASS: TestYubiKeyDecryptRSA/rsa1024 (0.71s)
    --- PASS: TestYubiKeyDecryptRSA/rsa2048 (7.08s)
=== RUN   TestYubiKeyAttestation
--- PASS: TestYubiKeyAttestation (0.24s)
=== RUN   TestYubiKeyStoreCertificate
--- PASS: TestYubiKeyStoreCertificate (0.18s)
=== RUN   TestYubiKeyGenerateKey
=== RUN   TestYubiKeyGenerateKey/ec_256
=== RUN   TestYubiKeyGenerateKey/ec_384
=== RUN   TestYubiKeyGenerateKey/rsa_1024
=== RUN   TestYubiKeyGenerateKey/rsa_2048
--- PASS: TestYubiKeyGenerateKey (9.69s)
    --- PASS: TestYubiKeyGenerateKey/ec_256 (0.10s)
    --- PASS: TestYubiKeyGenerateKey/ec_384 (0.14s)
    --- PASS: TestYubiKeyGenerateKey/rsa_1024 (0.65s)
    --- PASS: TestYubiKeyGenerateKey/rsa_2048 (8.79s)
=== RUN   TestYubiKeyPrivateKey
--- PASS: TestYubiKeyPrivateKey (0.31s)
=== RUN   TestYubiKeyPrivateKeyPINError
--- PASS: TestYubiKeyPrivateKeyPINError (0.24s)
=== RUN   TestRetiredKeyManagementSlot
=== RUN   TestRetiredKeyManagementSlot/Non-existent_slot,_before_range
=== RUN   TestRetiredKeyManagementSlot/Non-existent_slot,_after_range
=== RUN   TestRetiredKeyManagementSlot/First_retired_slot_key
=== RUN   TestRetiredKeyManagementSlot/Last_retired_slot_key
--- PASS: TestRetiredKeyManagementSlot (0.00s)
    --- PASS: TestRetiredKeyManagementSlot/Non-existent_slot,_before_range (0.00s)
    --- PASS: TestRetiredKeyManagementSlot/Non-existent_slot,_after_range (0.00s)
    --- PASS: TestRetiredKeyManagementSlot/First_retired_slot_key (0.00s)
    --- PASS: TestRetiredKeyManagementSlot/Last_retired_slot_key (0.00s)
=== RUN   TestContextClose
--- PASS: TestContextClose (0.00s)
=== RUN   TestContextListReaders
--- PASS: TestContextListReaders (0.00s)
=== RUN   TestHandle
--- PASS: TestHandle (0.00s)
=== RUN   TestTransaction
    pcsc_test.go:72: disconnecting from handle: EOF
    pcsc_test.go:30: closing context: write unix @->/run/pcscd/pcscd.comm: write: broken pipe
--- FAIL: TestTransaction (2.00s)
=== RUN   TestErrors
--- PASS: TestErrors (0.00s)
=== RUN   TestGetVersion
    pcsc_test.go:72: disconnecting from handle: EOF
    pcsc_test.go:30: closing context: write unix @->/run/pcscd/pcscd.comm: write: broken pipe
--- FAIL: TestGetVersion (2.00s)
=== RUN   TestCards
--- PASS: TestCards (0.00s)
=== RUN   TestNewYubiKey
--- PASS: TestNewYubiKey (0.00s)
=== RUN   TestMultipleConnections
    piv_test.go:136: expected scErr, got connecting to smart card: invalid return code: 8010000b (sharing violation)
--- FAIL: TestMultipleConnections (0.00s)
=== RUN   TestYubiKeySerial
--- PASS: TestYubiKeySerial (0.00s)
=== RUN   TestYubiKeyLoginNeeded
--- PASS: TestYubiKeyLoginNeeded (0.06s)
=== RUN   TestYubiKeyPINRetries
    piv_test.go:177: getting retries: expected error code from empty pin
--- FAIL: TestYubiKeyPINRetries (0.00s)
=== RUN   TestYubiKeyReset
--- PASS: TestYubiKeyReset (0.97s)
=== RUN   TestYubiKeyLogin
--- PASS: TestYubiKeyLogin (0.01s)
=== RUN   TestYubiKeyAuthenticate
--- PASS: TestYubiKeyAuthenticate (0.00s)
=== RUN   TestYubiKeySetManagementKey
--- PASS: TestYubiKeySetManagementKey (0.02s)
=== RUN   TestYubiKeyUnblockPIN
--- PASS: TestYubiKeyUnblockPIN (0.04s)
=== RUN   TestYubiKeyChangePIN
--- PASS: TestYubiKeyChangePIN (0.03s)
=== RUN   TestYubiKeyChangePUK
--- PASS: TestYubiKeyChangePUK (0.03s)
=== RUN   TestChangeManagementKey
--- PASS: TestChangeManagementKey (0.01s)
=== RUN   TestMetadata
--- PASS: TestMetadata (0.92s)
=== RUN   TestMetadataUnmarshal
--- PASS: TestMetadataUnmarshal (0.00s)
=== RUN   TestMetadataMarshal
--- PASS: TestMetadataMarshal (0.00s)
=== RUN   TestMetadataUpdate
--- PASS: TestMetadataUpdate (0.00s)
=== RUN   TestMetadataAdditoinalFields
--- PASS: TestMetadataAdditoinalFields (0.00s)
FAIL
FAIL	github.com/go-piv/piv-go/piv	35.396s
FAIL

[ericchiang]

This is really cool! Some thoughts:

What's the OS level of support for re-implementing the pcscd communication? While this might work with PCSClite, the winscard APIs on MacOS and Windows are provided by the OS. I know MacOS you're expected to use libraries to make syscalls, for example.

Can this be implemented as an internal package for this library? I don't necessarily want to depend on getting fixes into an upstream

We'd probably want to make this opt-in if you provide a !cgo tag or something.

[joonas-fi]

I would be very interested in this, since this is my only dependency in C (and thus cgo), complicating the build process. https://github.com/FiloSottile/yubikey-agent is also getting quite popular, and would also benefit from this. :)

[ghaithsabba]

Sorry for being so late, this library actually is stable, for some reason it work perfectly under Debian based OSes, I test it in under Ubuntu 20.04 (amd64) and Debian 9 and 10 (arm), but unfortunately under Centos OS it does not, I created a bug report but until now there is no response.
I will clean my code and create a merge request with warning, but I don't know if it is senseful to do so, i did not replace the original code of piv-go, it is possible to build it with cgo library or with go-libpcsclite.
I welcome any comments you might like to make

[ericchiang]

Thanks for the reply ghaithsabba@ and no worries. We're all busy :)

As I stated above I don't want to take on a dependency with 2 stars and last activity over a year ago. I'd rather just implement this from scratch internally. I'm happy to take on that work.

Do you know what the pcsclite unix protocol looks like? (Please don't link to go-libpcsclite source) I can see some details here:

https://github.com/LudovicRousseau/PCSC/blob/0680e8366e710f9310d3f108309fdfd24d18741a/src/winscard.c

[ghaithsabba]

Unfortunately no I don't, I am actually planning on making a fork branch from go-libpcsclite and try to fix the bug and keep maintaining the library, so if you don't have enough time to develop it from scratch, I will try to speed up the development on the library.

[ericchiang]

Okay for my own purpose, the protocol is defined here:

• https://github.com/LudovicRousseau/PCSC/blob/master/src/winscard_msg.c
• https://github.com/LudovicRousseau/PCSC/blob/master/src/winscard_msg.h

I'll take a crack at trying to write some code to integrate when I get the chance.

[ericchiang]

I've started an implementation here that appears to work: #85

Will finish up when I get the chance. Likely won't be before this weekend.