accounts:smartcard wallet without the dependency on libpcsclite (#19273)

* accounts, core, internal, node: Add support for smartcard wallets

* accounts, internal: Changes in response to review

* vendor: pull in missing go-echd library

* accounts/scwallet, console: user friendly card opening

* accounts/scwallet: ordered wallets, tighter events, derivation logs

* accounts, console: frendly card errors, support pin unblock

* accounts/scwallet: fix crypto API change

* accounts/scwallet: rebase and update

* Fix some linter issues

* Remove the direct dependency on libpcsclite

Instead, use a go library that communicates with pcscd over a socket.

Also update the changes introduced by @gravityblast since this PR's
inception

* Temporary fix to the ADBU status call

* fix wallet status update

This is a temporary fix, better checks need to
be performed once the whole process has been
validated.

* Fix key derivation

* Add some documentation

* Update a comment to reflect the workings of the updated system

* Vendor keycard-go/derivationpath

* Formatting fixes

* Add instructions on how to install the card

* Achieve full transaction signature+sending

* PK derivation has to be supported by the card

* Fix linter issues

* Upgrade to keycard app v2.1.1

* Set gballet as codeowner of the smartcard wallet dir

* fix unnecessary condition linter warning

* refuse to overwrite the master key of a previously initialized card

* refresh the account list when initializing the card

* Update the card preparation instructions based on review feedback

* 'sanitize' JSON input
Co-Authored-By: gballet <gballet@gmail.com>

* Apply suggestions from code review
Co-Authored-By: gballet <gballet@gmail.com>

* fix a serialization error

* more review feedback

* More review feedback

* Can now specify the number of empty accounts to derive

* Fix rebase error: include norm package

* Update bip-39 ref and remove ebfe/scard from vendor

* Add missing dependency

.github/CODEOWNERS

@@ -2,6 +2,7 @@
 # Each line is a file pattern followed by one or more owners.
 
 accounts/usbwallet              @karalabe
+accounts/scwallet               @gballet
 accounts/abi                    @gballet
 consensus                       @karalabe
 core/                           @karalabe @holiman

accounts/hd.go

@@ -17,6 +17,7 @@
 package accounts
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"math"
@@ -133,3 +134,19 @@ func (path DerivationPath) String() string {
 	}
 	return result
 }
+
+// MarshalJSON turns a derivation path into its json-serialized string
+func (path DerivationPath) MarshalJSON() ([]byte, error) {
+	return json.Marshal(path.String())
+}
+
+// UnmarshalJSON a json-serialized string back into a derivation path
+func (path *DerivationPath) UnmarshalJSON(b []byte) error {
+	var dp string
+	var err error
+	if err = json.Unmarshal(b, &dp); err != nil {
+		return err
+	}
+	*path, err = ParseDerivationPath(dp)
+	return err
+}

accounts/scwallet/README.md

+# Using the smartcard wallet
+
+## Requirements
+
+  * A USB smartcard reader
+  * A keycard that supports the status app
+  * PCSCD version 4.3 running on your system **Only version 4.3 is currently supported**
+
+## Preparing the smartcard
+
+  **WARNING: FOILLOWING THESE INSTRUCTIONS WILL DESTROY THE MASTER KEY ON YOUR CARD. ONLY PROCEED IF NO FUNDS ARE ASSOCIATED WITH THESE ACCOUNTS**
+
+  You can use status' [keycard-cli](https://github.com/status-im/keycard-cli) and you should get version 2.1.1 of their [smartcard application](https://github.com/status-im/status-keycard/releases/download/2.1.1/keycard_v2.1.1.cap)
+
+  You also need to make sure that the PCSC daemon is running on your system.
+
+  Then, you can install the application to the card by typing:
+
+  ```
+  keycard install -a keycard_v2.1.cap
+  ```
+
+  Then you can initialize the application by typing:
+
+  ```
+  keycard init
+  ```
+
+  Then the card needs to be paired:
+
+  ```
+  keycard pair
+  ```
+
+  Finally, you need to have the card generate a new master key:
+
+  ```
+  keycard shell <<END
+  keycard-select
+  keycard-set-pairing PAIRING_KEY PAIRING_INDEX
+  keycard-open-secure-channel
+  keycard-verify-pin CARD_PIN
+  keycard-generate-key
+  END
+  ```
+
+## Usage
+
+  1. Start `geth` with the `console` command
+  2. Check the card's URL by checking `personal.listWallets`:
+
+```
+  listWallets: [{
+      status: "Online, can derive public keys",
+      url: "pcsc://a4d73015"
+  }]
+```
+
+  3. Open the wallet, you will be prompted for your pairing password, then PIN:
+
+```
+personal.openWallet("pcsc://a4d73015")
+```
+
+  4. Check that creation was successful by typing e.g. `personal`. Then use it like a regular wallet.
+
+## Known issues
+
+  * Starting geth with a valid card seems to make firefox crash.
\ No newline at end of file

accounts/scwallet/apdu.go

+// Copyright 2018 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package scwallet
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+)
+
+// commandAPDU represents an application data unit sent to a smartcard.
+type commandAPDU struct {
+	Cla, Ins, P1, P2 uint8  // Class, Instruction, Parameter 1, Parameter 2
+	Data             []byte // Command data
+	Le               uint8  // Command data length
+}
+
+// serialize serializes a command APDU.
+func (ca commandAPDU) serialize() ([]byte, error) {
+	buf := new(bytes.Buffer)
+
+	if err := binary.Write(buf, binary.BigEndian, ca.Cla); err != nil {
+		return nil, err
+	}
+	if err := binary.Write(buf, binary.BigEndian, ca.Ins); err != nil {
+		return nil, err
+	}
+	if err := binary.Write(buf, binary.BigEndian, ca.P1); err != nil {
+		return nil, err
+	}
+	if err := binary.Write(buf, binary.BigEndian, ca.P2); err != nil {
+		return nil, err
+	}
+	if len(ca.Data) > 0 {
+		if err := binary.Write(buf, binary.BigEndian, uint8(len(ca.Data))); err != nil {
+			return nil, err
+		}
+		if err := binary.Write(buf, binary.BigEndian, ca.Data); err != nil {
+			return nil, err
+		}
+	}
+	if err := binary.Write(buf, binary.BigEndian, ca.Le); err != nil {
+		return nil, err
+	}
+	return buf.Bytes(), nil
+}
+
+// responseAPDU represents an application data unit received from a smart card.
+type responseAPDU struct {
+	Data     []byte // response data
+	Sw1, Sw2 uint8  // status words 1 and 2
+}
+
+// deserialize deserializes a response APDU.
+func (ra *responseAPDU) deserialize(data []byte) error {
+	if len(data) < 2 {
+		return fmt.Errorf("can not deserialize data: payload too short (%d < 2)", len(data))
+	}
+
+	ra.Data = make([]byte, len(data)-2)
+
+	buf := bytes.NewReader(data)
+	if err := binary.Read(buf, binary.BigEndian, &ra.Data); err != nil {
+		return err
+	}
+	if err := binary.Read(buf, binary.BigEndian, &ra.Sw1); err != nil {
+		return err
+	}
+	if err := binary.Read(buf, binary.BigEndian, &ra.Sw2); err != nil {
+		return err
+	}
+	return nil
+}

accounts/scwallet/hub.go

+// Copyright 2018 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+// This package implements support for smartcard-based hardware wallets such as
+// the one written by Status: https://github.com/status-im/hardware-wallet
+//
+// This implementation of smartcard wallets have a different interaction process
+// to other types of hardware wallet. The process works like this:
+//
+// 1. (First use with a given client) Establish a pairing between hardware
+//    wallet and client. This requires a secret value called a 'pairing password'.
+//    You can pair with an unpaired wallet with `personal.openWallet(URI, pairing password)`.
+// 2. (First use only) Initialize the wallet, which generates a keypair, stores
+//    it on the wallet, and returns it so the user can back it up. You can
+//    initialize a wallet with `personal.initializeWallet(URI)`.
+// 3. Connect to the wallet using the pairing information established in step 1.
+//    You can connect to a paired wallet with `personal.openWallet(URI, PIN)`.
+// 4. Interact with the wallet as normal.
+
+package scwallet
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"sort"
+	"sync"
+	"time"
+
+	"github.com/ethereum/go-ethereum/accounts"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/event"
+	"github.com/ethereum/go-ethereum/log"
+	pcsc "github.com/gballet/go-libpcsclite"
+)
+
+// Scheme is the URI prefix for smartcard wallets.
+const Scheme = "pcsc"
+
+// refreshCycle is the maximum time between wallet refreshes (if USB hotplug
+// notifications don't work).
+const refreshCycle = time.Second
+
+// refreshThrottling is the minimum time between wallet refreshes to avoid thrashing.
+const refreshThrottling = 500 * time.Millisecond
+
+// smartcardPairing contains information about a smart card we have paired with
+// or might pair with the hub.
+type smartcardPairing struct {
+	PublicKey    []byte                                     `json:"publicKey"`
+	PairingIndex uint8                                      `json:"pairingIndex"`
+	PairingKey   []byte                                     `json:"pairingKey"`
+	Accounts     map[common.Address]accounts.DerivationPath `json:"accounts"`
+}
+
+// Hub is a accounts.Backend that can find and handle generic PC/SC hardware wallets.
+type Hub struct {
+	scheme string // Protocol scheme prefixing account and wallet URLs.
+
+	context  *pcsc.Client
+	datadir  string
+	pairings map[string]smartcardPairing
+
+	refreshed   time.Time               // Time instance when the list of wallets was last refreshed
+	wallets     map[string]*Wallet      // Mapping from reader names to wallet instances
+	updateFeed  event.Feed              // Event feed to notify wallet additions/removals
+	updateScope event.SubscriptionScope // Subscription scope tracking current live listeners
+	updating    bool                    // Whether the event notification loop is running
+
+	quit chan chan error
+
+	stateLock sync.RWMutex // Protects the internals of the hub from racey access
+}
+
+func (hub *Hub) readPairings() error {
+	hub.pairings = make(map[string]smartcardPairing)
+	pairingFile, err := os.Open(filepath.Join(hub.datadir, "smartcards.json"))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return nil
+		}
+		return err
+	}
+
+	pairingData, err := ioutil.ReadAll(pairingFile)
+	if err != nil {
+		return err
+	}
+	var pairings []smartcardPairing
+	if err := json.Unmarshal(pairingData, &pairings); err != nil {
+		return err
+	}
+
+	for _, pairing := range pairings {
+		hub.pairings[string(pairing.PublicKey)] = pairing
+	}
+	return nil
+}
+
+func (hub *Hub) writePairings() error {
+	pairingFile, err := os.OpenFile(filepath.Join(hub.datadir, "smartcards.json"), os.O_RDWR|os.O_CREATE, 0755)
+	if err != nil {
+		return err
+	}
+	defer pairingFile.Close()
+
+	pairings := make([]smartcardPairing, 0, len(hub.pairings))
+	for _, pairing := range hub.pairings {
+		pairings = append(pairings, pairing)
+	}
+
+	pairingData, err := json.Marshal(pairings)
+	if err != nil {
+		return err
+	}
+
+	if _, err := pairingFile.Write(pairingData); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (hub *Hub) pairing(wallet *Wallet) *smartcardPairing {
+	if pairing, ok := hub.pairings[string(wallet.PublicKey)]; ok {
+		return &pairing
+	}
+	return nil
+}
+
+func (hub *Hub) setPairing(wallet *Wallet, pairing *smartcardPairing) error {
+	if pairing == nil {
+		delete(hub.pairings, string(wallet.PublicKey))
+	} else {
+		hub.pairings[string(wallet.PublicKey)] = *pairing
+	}
+	return hub.writePairings()
+}
+
+// NewHub creates a new hardware wallet manager for smartcards.
+func NewHub(scheme string, datadir string) (*Hub, error) {
+	context, err := pcsc.EstablishContext(pcsc.ScopeSystem)
+	if err != nil {
+		return nil, err
+	}
+	hub := &Hub{
+		scheme:  scheme,
+		context: context,
+		datadir: datadir,
+		wallets: make(map[string]*Wallet),
+		quit:    make(chan chan error),
+	}
+	if err := hub.readPairings(); err != nil {
+		return nil, err
+	}
+	hub.refreshWallets()
+	return hub, nil
+}
+
+// Wallets implements accounts.Backend, returning all the currently tracked smart
+// cards that appear to be hardware wallets.
+func (hub *Hub) Wallets() []accounts.Wallet {
+	// Make sure the list of wallets is up to date
+	hub.refreshWallets()
+
+	hub.stateLock.RLock()
+	defer hub.stateLock.RUnlock()
+
+	cpy := make([]accounts.Wallet, 0, len(hub.wallets))
+	for _, wallet := range hub.wallets {
+		cpy = append(cpy, wallet)
+	}
+	sort.Sort(accounts.WalletsByURL(cpy))
+	return cpy
+}
+
+// refreshWallets scans the devices attached to the machine and updates the
+// list of wallets based on the found devices.
+func (hub *Hub) refreshWallets() {
+	// Don't scan the USB like crazy it the user fetches wallets in a loop
+	hub.stateLock.RLock()
+	elapsed := time.Since(hub.refreshed)
+	hub.stateLock.RUnlock()
+
+	if elapsed < refreshThrottling {
+		return
+	}
+	// Retrieve all the smart card reader to check for cards
+	readers, err := hub.context.ListReaders()
+	if err != nil {
+		// This is a perverted hack, the scard library returns an error if no card
+		// readers are present instead of simply returning an empty list. We don't
+		// want to fill the user's log with errors, so filter those out.
+		if err.Error() != "scard: Cannot find a smart card reader." {
+			log.Error("Failed to enumerate smart card readers", "err", err)
+			return
+		}
+	}
+	// Transform the current list of wallets into the new one
+	hub.stateLock.Lock()
+
+	events := []accounts.WalletEvent{}
+	seen := make(map[string]struct{})
+
+	for _, reader := range readers {
+		// Mark the reader as present
+		seen[reader] = struct{}{}
+
+		// If we alreay know about this card, skip to the next reader, otherwise clean up
+		if wallet, ok := hub.wallets[reader]; ok {
+			if err := wallet.ping(); err == nil {
+				continue
+			}
+			wallet.Close()
+			events = append(events, accounts.WalletEvent{Wallet: wallet, Kind: accounts.WalletDropped})
+			delete(hub.wallets, reader)
+		}
+		// New card detected, try to connect to it
+		card, err := hub.context.Connect(reader, pcsc.ShareShared, pcsc.ProtocolAny)
+		if err != nil {
+			log.Debug("Failed to open smart card", "reader", reader, "err", err)
+			continue
+		}
+		wallet := NewWallet(hub, card)
+		if err = wallet.connect(); err != nil {
+			log.Debug("Failed to connect to smart card", "reader", reader, "err", err)
+			card.Disconnect(pcsc.LeaveCard)
+			continue
+		}
+		// Card connected, start tracking in amongs the wallets
+		hub.wallets[reader] = wallet
+		events = append(events, accounts.WalletEvent{Wallet: wallet, Kind: accounts.WalletArrived})
+	}
+	// Remove any wallets no longer present
+	for reader, wallet := range hub.wallets {
+		if _, ok := seen[reader]; !ok {
+			wallet.Close()
+			events = append(events, accounts.WalletEvent{Wallet: wallet, Kind: accounts.WalletDropped})
+			delete(hub.wallets, reader)
+		}
+	}
+	hub.refreshed = time.Now()
+	hub.stateLock.Unlock()
+
+	for _, event := range events {
+		hub.updateFeed.Send(event)
+	}
+}
+
+// Subscribe implements accounts.Backend, creating an async subscription to
+// receive notifications on the addition or removal of smart card wallets.
+func (hub *Hub) Subscribe(sink chan<- accounts.WalletEvent) event.Subscription {
+	// We need the mutex to reliably start/stop the update loop
+	hub.stateLock.Lock()
+	defer hub.stateLock.Unlock()
+
+	// Subscribe the caller and track the subscriber count
+	sub := hub.updateScope.Track(hub.updateFeed.Subscribe(sink))
+
+	// Subscribers require an active notification loop, start it
+	if !hub.updating {
+		hub.updating = true
+		go hub.updater()
+	}
+	return sub
+}
+
+// updater is responsible for maintaining an up-to-date list of wallets managed
+// by the smart card hub, and for firing wallet addition/removal events.
+func (hub *Hub) updater() {
+	for {
+		// TODO: Wait for a USB hotplug event (not supported yet) or a refresh timeout
+		// <-hub.changes
+		time.Sleep(refreshCycle)
+
+		// Run the wallet refresher
+		hub.refreshWallets()
+
+		// If all our subscribers left, stop the updater
+		hub.stateLock.Lock()
+		if hub.updateScope.Count() == 0 {
+			hub.updating = false
+			hub.stateLock.Unlock()
+			return
+		}
+		hub.stateLock.Unlock()
+	}
+}

accounts/scwallet/securechannel.go

+// Copyright 2018 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package scwallet
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/sha512"
+	"fmt"
+
+	"github.com/ethereum/go-ethereum/crypto"
+	pcsc "github.com/gballet/go-libpcsclite"
+	"github.com/wsddn/go-ecdh"
+	"golang.org/x/crypto/pbkdf2"
+	"golang.org/x/text/unicode/norm"
+)
+
+const (
+	maxPayloadSize  = 223
+	pairP1FirstStep = 0
+	pairP1LastStep  = 1
+
+	scSecretLength = 32
+	scBlockSize    = 16
+
+	insOpenSecureChannel    = 0x10
+	insMutuallyAuthenticate = 0x11
+	insPair                 = 0x12
+	insUnpair               = 0x13
+
+	pairingSalt = "Keycard Pairing Password Salt"
+)
+
+// SecureChannelSession enables secure communication with a hardware wallet.
+type SecureChannelSession struct {
+	card          *pcsc.Card // A handle to the smartcard for communication
+	secret        []byte     // A shared secret generated from our ECDSA keys
+	publicKey     []byte     // Our own ephemeral public key
+	PairingKey    []byte     // A permanent shared secret for a pairing, if present
+	sessionEncKey []byte     // The current session encryption key
+	sessionMacKey []byte     // The current session MAC key
+	iv            []byte     // The current IV
+	PairingIndex  uint8      // The pairing index
+}
+
+// NewSecureChannelSession creates a new secure channel for the given card and public key.
+func NewSecureChannelSession(card *pcsc.Card, keyData []byte) (*SecureChannelSession, error) {
+	// Generate an ECDSA keypair for ourselves
+	gen := ecdh.NewEllipticECDH(crypto.S256())
+	private, public, err := gen.GenerateKey(rand.Reader)
+	if err != nil {
+		return nil, err
+	}
+
+	cardPublic, ok := gen.Unmarshal(keyData)
+	if !ok {
+		return nil, fmt.Errorf("Could not unmarshal public key from card")
+	}
+
+	secret, err := gen.GenerateSharedSecret(private, cardPublic)
+	if err != nil {
+		return nil, err
+	}
+
+	return &SecureChannelSession{
+		card:      card,
+		secret:    secret,
+		publicKey: gen.Marshal(public),
+	}, nil
+}
+
+// Pair establishes a new pairing with the smartcard.
+func (s *SecureChannelSession) Pair(pairingPassword []byte) error {
+	secretHash := pbkdf2.Key(norm.NFKD.Bytes(pairingPassword), norm.NFKD.Bytes([]byte(pairingSalt)), 50000, 32, sha256.New)
+
+	challenge := make([]byte, 32)
+	if _, err := rand.Read(challenge); err != nil {
+		return err
+	}
+
+	response, err := s.pair(pairP1FirstStep, challenge)
+	if err != nil {
+		return err
+	}
+
+	md := sha256.New()
+	md.Write(secretHash[:])
+	md.Write(challenge)
+
+	expectedCryptogram := md.Sum(nil)
+	cardCryptogram := response.Data[:32]
+	cardChallenge := response.Data[32:64]
+
+	if !bytes.Equal(expectedCryptogram, cardCryptogram) {
+		return fmt.Errorf("Invalid card cryptogram %v != %v", expectedCryptogram, cardCryptogram)
+	}
+
+	md.Reset()
+	md.Write(secretHash[:])
+	md.Write(cardChallenge)
+	response, err = s.pair(pairP1LastStep, md.Sum(nil))
+	if err != nil {
+		return err
+	}
+
+	md.Reset()
+	md.Write(secretHash[:])
+	md.Write(response.Data[1:])
+	s.PairingKey = md.Sum(nil)
+	s.PairingIndex = response.Data[0]
+
+	return nil
+}
+
+// Unpair disestablishes an existing pairing.
+func (s *SecureChannelSession) Unpair() error {
+	if s.PairingKey == nil {
+		return fmt.Errorf("Cannot unpair: not paired")
+	}
+
+	_, err := s.transmitEncrypted(claSCWallet, insUnpair, s.PairingIndex, 0, []byte{})
+	if err != nil {
+		return err
+	}
+	s.PairingKey = nil
+	// Close channel
+	s.iv = nil
+	return nil
+}
+
+// Open initializes the secure channel.
+func (s *SecureChannelSession) Open() error {
+	if s.iv != nil {
+		return fmt.Errorf("Session already opened")
+	}
+
+	response, err := s.open()
+	if err != nil {
+		return err
+	}
+
+	// Generate the encryption/mac key by hashing our shared secret,
+	// pairing key, and the first bytes returned from the Open APDU.
+	md := sha512.New()
+	md.Write(s.secret)
+	md.Write(s.PairingKey)
+	md.Write(response.Data[:scSecretLength])
+	keyData := md.Sum(nil)
+	s.sessionEncKey = keyData[:scSecretLength]
+	s.sessionMacKey = keyData[scSecretLength : scSecretLength*2]
+
+	// The IV is the last bytes returned from the Open APDU.
+	s.iv = response.Data[scSecretLength:]
+
+	return s.mutuallyAuthenticate()
+}
+
+// mutuallyAuthenticate is an internal method to authenticate both ends of the
+// connection.
+func (s *SecureChannelSession) mutuallyAuthenticate() error {
+	data := make([]byte, scSecretLength)
+	if _, err := rand.Read(data); err != nil {
+		return err
+	}
+
+	response, err := s.transmitEncrypted(claSCWallet, insMutuallyAuthenticate, 0, 0, data)
+	if err != nil {
+		return err
+	}
+	if response.Sw1 != 0x90 || response.Sw2 != 0x00 {
+		return fmt.Errorf("Got unexpected response from MUTUALLY_AUTHENTICATE: 0x%x%x", response.Sw1, response.Sw2)
+	}
+
+	if len(response.Data) != scSecretLength {
+		return fmt.Errorf("Response from MUTUALLY_AUTHENTICATE was %d bytes, expected %d", len(response.Data), scSecretLength)
+	}
+
+	return nil
+}
+
+// open is an internal method that sends an open APDU.
+func (s *SecureChannelSession) open() (*responseAPDU, error) {
+	return transmit(s.card, &commandAPDU{
+		Cla:  claSCWallet,
+		Ins:  insOpenSecureChannel,
+		P1:   s.PairingIndex,
+		P2:   0,
+		Data: s.publicKey,
+		Le:   0,
+	})
+}
+
+// pair is an internal method that sends a pair APDU.
+func (s *SecureChannelSession) pair(p1 uint8, data []byte) (*responseAPDU, error) {
+	return transmit(s.card, &commandAPDU{
+		Cla:  claSCWallet,
+		Ins:  insPair,
+		P1:   p1,
+		P2:   0,
+		Data: data,
+		Le:   0,
+	})
+}
+
+// transmitEncrypted sends an encrypted message, and decrypts and returns the response.
+func (s *SecureChannelSession) transmitEncrypted(cla, ins, p1, p2 byte, data []byte) (*responseAPDU, error) {
+	if s.iv == nil {
+		return nil, fmt.Errorf("Channel not open")
+	}
+
+	data, err := s.encryptAPDU(data)
+	if err != nil {
+		return nil, err
+	}
+	meta := [16]byte{cla, ins, p1, p2, byte(len(data) + scBlockSize)}
+	if err = s.updateIV(meta[:], data); err != nil {
+		return nil, err
+	}
+
+	fulldata := make([]byte, len(s.iv)+len(data))
+	copy(fulldata, s.iv)
+	copy(fulldata[len(s.iv):], data)
+
+	response, err := transmit(s.card, &commandAPDU{
+		Cla:  cla,
+		Ins:  ins,
+		P1:   p1,
+		P2:   p2,
+		Data: fulldata,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	rmeta := [16]byte{byte(len(response.Data))}
+	rmac := response.Data[:len(s.iv)]
+	rdata := response.Data[len(s.iv):]
+	plainData, err := s.decryptAPDU(rdata)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = s.updateIV(rmeta[:], rdata); err != nil {
+		return nil, err
+	}
+	if !bytes.Equal(s.iv, rmac) {
+		return nil, fmt.Errorf("Invalid MAC in response")
+	}
+
+	rapdu := &responseAPDU{}
+	rapdu.deserialize(plainData)
+
+	if rapdu.Sw1 != sw1Ok {
+		return nil, fmt.Errorf("Unexpected response status Cla=0x%x, Ins=0x%x, Sw=0x%x%x", cla, ins, rapdu.Sw1, rapdu.Sw2)
+	}
+
+	return rapdu, nil
+}
+
+// encryptAPDU is an internal method that serializes and encrypts an APDU.
+func (s *SecureChannelSession) encryptAPDU(data []byte) ([]byte, error) {
+	if len(data) > maxPayloadSize {
+		return nil, fmt.Errorf("Payload of %d bytes exceeds maximum of %d", len(data), maxPayloadSize)
+	}
+	data = pad(data, 0x80)
+
+	ret := make([]byte, len(data))
+
+	a, err := aes.NewCipher(s.sessionEncKey)
+	if err != nil {
+		return nil, err
+	}
+	crypter := cipher.NewCBCEncrypter(a, s.iv)
+	crypter.CryptBlocks(ret, data)
+	return ret, nil
+}
+
+// pad applies message padding to a 16 byte boundary.
+func pad(data []byte, terminator byte) []byte {
+	padded := make([]byte, (len(data)/16+1)*16)
+	copy(padded, data)
+	padded[len(data)] = terminator
+	return padded
+}
+
+// decryptAPDU is an internal method that decrypts and deserializes an APDU.
+func (s *SecureChannelSession) decryptAPDU(data []byte) ([]byte, error) {
+	a, err := aes.NewCipher(s.sessionEncKey)
+	if err != nil {
+		return nil, err
+	}
+
+	ret := make([]byte, len(data))
+
+	crypter := cipher.NewCBCDecrypter(a, s.iv)
+	crypter.CryptBlocks(ret, data)
+	return unpad(ret, 0x80)
+}
+
+// unpad strips padding from a message.
+func unpad(data []byte, terminator byte) ([]byte, error) {
+	for i := 1; i <= 16; i++ {
+		switch data[len(data)-i] {
+		case 0:
+			continue
+		case terminator:
+			return data[:len(data)-i], nil
+		default:
+			return nil, fmt.Errorf("Expected end of padding, got %d", data[len(data)-i])
+		}
+	}
+	return nil, fmt.Errorf("Expected end of padding, got 0")
+}
+
+// updateIV is an internal method that updates the initialization vector after
+// each message exchanged.
+func (s *SecureChannelSession) updateIV(meta, data []byte) error {
+	data = pad(data, 0)
+	a, err := aes.NewCipher(s.sessionMacKey)
+	if err != nil {
+		return err
+	}
+	crypter := cipher.NewCBCEncrypter(a, make([]byte, 16))
+	crypter.CryptBlocks(meta, meta)
+	crypter.CryptBlocks(data, data)
+	// The first 16 bytes of the last block is the MAC
+	s.iv = data[len(data)-32 : len(data)-16]
+	return nil
+}

accounts/sort.go

+// Copyright 2018 The go-ethereum Authors
+// This file is part of the go-ethereum library.
+//
+// The go-ethereum library is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// The go-ethereum library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
+
+package accounts
+
+// AccountsByURL implements sort.Interface for []Account based on the URL field.
+type AccountsByURL []Account
+
+func (a AccountsByURL) Len() int           { return len(a) }
+func (a AccountsByURL) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
+func (a AccountsByURL) Less(i, j int) bool { return a[i].URL.Cmp(a[j].URL) < 0 }
+
+// WalletsByURL implements sort.Interface for []Wallet based on the URL field.
+type WalletsByURL []Wallet
+
+func (w WalletsByURL) Len() int           { return len(w) }
+func (w WalletsByURL) Swap(i, j int)      { w[i], w[j] = w[j], w[i] }
+func (w WalletsByURL) Less(i, j int) bool { return w[i].URL().Cmp(w[j].URL()) < 0 }

console/bridge.go

@@ -23,6 +23,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/ethereum/go-ethereum/accounts/scwallet"
 	"github.com/ethereum/go-ethereum/accounts/usbwallet"
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/ethereum/go-ethereum/rpc"
@@ -104,19 +105,73 @@ func (b *bridge) OpenWallet(call otto.FunctionCall) (response otto.Value) {
 	if err == nil {
 		return val
 	}
-	// Wallet open failed, report error unless it's a PIN entry
-	if strings.HasSuffix(err.Error(), usbwallet.ErrTrezorPINNeeded.Error()) {
+
+	// Wallet open failed, report error unless it's a PIN or PUK entry
+	switch {
+	case strings.HasSuffix(err.Error(), usbwallet.ErrTrezorPINNeeded.Error()):
 		val, err = b.readPinAndReopenWallet(call)
 		if err == nil {
 			return val
 		}
-	}
-	// Check if the user needs to input a passphrase
-	if !strings.HasSuffix(err.Error(), usbwallet.ErrTrezorPassphraseNeeded.Error()) {
-		throwJSException(err.Error())
-	}
-	val, err = b.readPassphraseAndReopenWallet(call)
-	if err != nil {
+		val, err = b.readPassphraseAndReopenWallet(call)
+		if err != nil {
+			throwJSException(err.Error())
+		}
+
+	case strings.HasSuffix(err.Error(), scwallet.ErrPairingPasswordNeeded.Error()):
+		// PUK input requested, fetch from the user and call open again
+		if input, err := b.prompter.PromptPassword("Please enter the pairing password: "); err != nil {
+			throwJSException(err.Error())
+		} else {
+			passwd, _ = otto.ToValue(input)
+		}
+		if val, err = call.Otto.Call("jeth.openWallet", nil, wallet, passwd); err != nil {
+			if !strings.HasSuffix(err.Error(), scwallet.ErrPINNeeded.Error()) {
+				throwJSException(err.Error())
+			} else {
+				// PIN input requested, fetch from the user and call open again
+				if input, err := b.prompter.PromptPassword("Please enter current PIN: "); err != nil {
+					throwJSException(err.Error())
+				} else {
+					passwd, _ = otto.ToValue(input)
+				}
+				if val, err = call.Otto.Call("jeth.openWallet", nil, wallet, passwd); err != nil {
+					throwJSException(err.Error())
+				}
+			}
+		}
+
+	case strings.HasSuffix(err.Error(), scwallet.ErrPINUnblockNeeded.Error()):
+		// PIN unblock requested, fetch PUK and new PIN from the user
+		var pukpin string
+		if input, err := b.prompter.PromptPassword("Please enter current PUK: "); err != nil {
+			throwJSException(err.Error())
+		} else {
+			pukpin = input
+		}
+		if input, err := b.prompter.PromptPassword("Please enter new PIN: "); err != nil {
+			throwJSException(err.Error())
+		} else {
+			pukpin += input
+		}
+		passwd, _ = otto.ToValue(pukpin)
+		if val, err = call.Otto.Call("jeth.openWallet", nil, wallet, passwd); err != nil {
+			throwJSException(err.Error())
+		}
+
+	case strings.HasSuffix(err.Error(), scwallet.ErrPINNeeded.Error()):
+		// PIN input requested, fetch from the user and call open again
+		if input, err := b.prompter.PromptPassword("Please enter current PIN: "); err != nil {
+			throwJSException(err.Error())
+		} else {
+			passwd, _ = otto.ToValue(input)
+		}
+		if val, err = call.Otto.Call("jeth.openWallet", nil, wallet, passwd); err != nil {
+			throwJSException(err.Error())
+		}
+
+	default:
+		// Unknown error occurred, drop to the user
 		throwJSException(err.Error())
 	}
 	return val

internal/ethapi/api.go

@@ -28,6 +28,7 @@ import (
 	"github.com/davecgh/go-spew/spew"
 	"github.com/ethereum/go-ethereum/accounts"
 	"github.com/ethereum/go-ethereum/accounts/keystore"
+	"github.com/ethereum/go-ethereum/accounts/scwallet"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/common/hexutil"
 	"github.com/ethereum/go-ethereum/common/math"
@@ -44,6 +45,7 @@ import (
 	"github.com/ethereum/go-ethereum/rlp"
 	"github.com/ethereum/go-ethereum/rpc"
 	"github.com/syndtr/goleveldb/leveldb"
+	"github.com/tyler-smith/go-bip39"
 )
 
 const (
@@ -471,6 +473,48 @@ func (s *PrivateAccountAPI) SignAndSendTransaction(ctx context.Context, args Sen
 	return s.SendTransaction(ctx, args, passwd)
 }
 
+// InitializeWallet initializes a new wallet at the provided URL, by generating and returning a new private key.
+func (s *PrivateAccountAPI) InitializeWallet(ctx context.Context, url string) (string, error) {
+	wallet, err := s.am.Wallet(url)
+	if err != nil {
+		return "", err
+	}
+
+	entropy, err := bip39.NewEntropy(256)
+	if err != nil {
+		return "", err
+	}
+
+	mnemonic, err := bip39.NewMnemonic(entropy)
+	if err != nil {
+		return "", err
+	}
+
+	seed := bip39.NewSeed(mnemonic, "")
+
+	switch wallet := wallet.(type) {
+	case *scwallet.Wallet:
+		return mnemonic, wallet.Initialize(seed)
+	default:
+		return "", fmt.Errorf("Specified wallet does not support initialization")
+	}
+}
+
+// Unpair deletes a pairing between wallet and geth.
+func (s *PrivateAccountAPI) Unpair(ctx context.Context, url string, pin string) error {
+	wallet, err := s.am.Wallet(url)
+	if err != nil {
+		return err
+	}
+
+	switch wallet := wallet.(type) {
+	case *scwallet.Wallet:
+		return wallet.Unpair([]byte(pin))
+	default:
+		return fmt.Errorf("Specified wallet does not support pairing")
+	}
+}
+
 // PublicBlockChainAPI provides an API to access the Ethereum blockchain.
 // It offers only methods that operate on public data that is freely available to anyone.
 type PublicBlockChainAPI struct {

internal/web3ext/web3ext.go

@@ -613,6 +613,16 @@ web3._extend({
 			params: 2,
 			inputFormatter: [web3._extend.formatters.inputTransactionFormatter, null]
 		}),
+		new web3._extend.Method({
+			name: 'unpair',
+			call: 'personal_unpair',
+			params: 2
+		}),
+		new web3._extend.Method({
+			name: 'initializeWallet',
+			call: 'personal_initializeWallet',
+			params: 1
+		})
 	],
 	properties: [
 		new web3._extend.Property({

node/config.go

@@ -29,6 +29,7 @@ import (
 	"github.com/ethereum/go-ethereum/accounts"
 	"github.com/ethereum/go-ethereum/accounts/external"
 	"github.com/ethereum/go-ethereum/accounts/keystore"
+	"github.com/ethereum/go-ethereum/accounts/scwallet"
 	"github.com/ethereum/go-ethereum/accounts/usbwallet"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/crypto"
@@ -504,6 +505,12 @@ func makeAccountManager(conf *Config) (*accounts.Manager, string, error) {
 				backends = append(backends, trezorhub)
 			}
 		}
+		// Start a smart card hub
+		if schub, err := scwallet.NewHub(scwallet.Scheme, keydir); err != nil {
+			log.Warn(fmt.Sprintf("Failed to start smart card hub, disabling: %v", err))
+		} else {
+			backends = append(backends, schub)
+		}
 	}
 
 	return accounts.NewManager(&accounts.Config{InsecureUnlockAllowed: conf.InsecureUnlockAllowed}, backends...), ephemeral, nil

vendor/github.com/gballet/go-libpcsclite/LICENSE

+BSD 3-Clause License
+
+Copyright (c) 2019, Guillaume Ballet
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

vendor/github.com/gballet/go-libpcsclite/README.md

+# go-libpcsclite
+
+A golang implementation of the [libpcpsclite](http://github.com/LudovicRousseau/PCSC) client. It connects to the `pcscd` daemon over sockets.
+
+## Purpose
+
+The goal is for major open source projects to distribute a single binary that doesn't depend on `libpcsclite`. It provides an extra function `CheckPCSCDaemon` that will tell the user if `pcscd` is running.
+
+## Building
+
+TODO
+
+## Example
+
+TODO
+
+## TODO
+
+  - [ ] Finish this README
+  - [ ] Lock context
+  - [ ] implement missing functions
+
+## License
+
+BSD 3-Clause License
+
+Copyright (c) 2019, Guillaume Ballet
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of the copyright holder nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file

vendor/github.com/gballet/go-libpcsclite/doc.go

+// BSD 3-Clause License
+//
+// Copyright (c) 2019, Guillaume Ballet
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+//
+// * Neither the name of the copyright holder nor the names of its
+//   contributors may be used to endorse or promote products derived from
+//   this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package pcsc
+
+const (
+	SCardSuccess                   = 0x00000000 /* No error was encountered. */
+
+	AutoAllocate  = -1     /* see SCardFreeMemory() */
+	ScopeUser     = 0x0000 /* Scope in user space */
+	ScopeTerminal = 0x0001 /* Scope in terminal */
+	ScopeSystem   = 0x0002 /* Scope in system */
+	ScopeGlobal   = 0x0003 /* Scope is global */
+
+	ProtocolUndefined = 0x0000                    /* protocol not set */
+	ProtocolUnSet     = ProtocolUndefined         /* backward compat */
+	ProtocolT0        = 0x0001                    /* T=0 active protocol. */
+	ProtocolT1        = 0x0002                    /* T=1 active protocol. */
+	ProtocolRaw       = 0x0004                    /* Raw active protocol. */
+	ProtocolT15       = 0x0008                    /* T=15 protocol. */
+	ProtocolAny       = (ProtocolT0 | ProtocolT1) /* IFD determines prot. */
+
+	ShareExclusive = 0x0001 /* Exclusive mode only */
+	ShareShared    = 0x0002 /* Shared mode only */
+	ShareDirect    = 0x0003 /* Raw mode only */
+
+	LeaveCard   = 0x0000 /* Do nothing on close */
+	ResetCard   = 0x0001 /* Reset on close */
+	UnpowerCard = 0x0002 /* Power down on close */
+	EjectCard   = 0x0003 /* Eject on close */
+
+	SCardUnknown    = 0x0001 /* Unknown state */
+	SCardAbsent     = 0x0002 /* Card is absent */
+	SCardPresent    = 0x0004 /* Card is present */
+	SCardSwallowed  = 0x0008 /* Card not powered */
+	SCardPowever    = 0x0010 /* Card is powered */
+	SCardNegotiable = 0x0020 /* Ready for PTS */
+	SCardSpecific   = 0x0040 /* PTS has been set */
+
+	PCSCDSockName = "/run/pcscd/pcscd.comm"
+)
+
+// List of commands to send to the daemon
+const (
+	_                                   = iota
+	SCardEstablishContext               /* used by SCardEstablishContext() */
+	SCardReleaseContext                 /* used by SCardReleaseContext() */
+	SCardListReaders                    /* used by SCardListReaders() */
+	SCardConnect                        /* used by SCardConnect() */
+	SCardReConnect                      /* used by SCardReconnect() */
+	SCardDisConnect                     /* used by SCardDisconnect() */
+	SCardBeginTransaction               /* used by SCardBeginTransaction() */
+	SCardEndTransaction                 /* used by SCardEndTransaction() */
+	SCardTransmit                       /* used by SCardTransmit() */
+	SCardControl                        /* used by SCardControl() */
+	SCardStatus                         /* used by SCardStatus() */
+	SCardGetStatusChange                /* not used */
+	SCardCancel                         /* used by SCardCancel() */
+	SCardCancelTransaction              /* not used */
+	SCardGetAttrib                      /* used by SCardGetAttrib() */
+	SCardSetAttrib                      /* used by SCardSetAttrib() */
+	CommandVersion                      /* get the client/server protocol version */
+	CommandGetReaderState               /* get the readers state */
+	CommandWaitReaderStateChange        /* wait for a reader state change */
+	CommandStopWaitingReaderStateChange /* stop waiting for a reader state change */
+)
+
+// Protocol information
+const (
+	ProtocolVersionMajor = 4 /* IPC major */
+	ProtocolVersionMinor = 3 /* IPC minor */
+)

vendor/github.com/gballet/go-libpcsclite/go.mod

+module github.com/gballet/go-libpcsclite

vendor/github.com/gballet/go-libpcsclite/msg.go

+// BSD 3-Clause License
+//
+// Copyright (c) 2019, Guillaume Ballet
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// * Redistributions of source code must retain the above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+//
+// * Neither the name of the copyright holder nor the names of its
+//   contributors may be used to endorse or promote products derived from
+//   this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+package pcsc
+
+import (
+	"encoding/binary"
+	"net"
+)
+
+/**
+ * @brief Wrapper for the MessageSend() function.
+ *
+ * Called by clients to send messages to the server.
+ * The parameters \p command and \p data are set in the \c sharedSegmentMsg
+ * struct in order to be sent.
+ *
+ * @param[in] command Command to be sent.
+ * @param[in] dwClientID Client socket handle.
+ * @param[in] size Size of the message (\p data).
+ * @param[in] data_void Data to be sent.
+ *
+ * @return Same error codes as MessageSend().
+ */
+func messageSendWithHeader(command uint32, conn net.Conn, data []byte) error {
+	/* Translate header into bytes */
+	msgData := make([]byte, 8+len(data))
+	binary.LittleEndian.PutUint32(msgData[4:], command)
+	binary.LittleEndian.PutUint32(msgData, uint32(len(data)))
+
+	/* Copy payload */
+	copy(msgData[8:], data)
+
+	_, err := conn.Write(msgData)
+	return err
+}
+
+// ClientSetupSession prepares a communication channel for the client to talk to the server.
+// This is called by the application to create a socket for local IPC with the
+// server. The socket is associated to the file \c PCSCLITE_CSOCK_NAME.
+/*
+ * @param[out] pdwClientID Client Connection ID.
+ *
+ * @retval 0 Success.
+ * @retval -1 Can not create the socket.
+ * @retval -1 The socket can not open a connection.
+ * @retval -1 Can not set the socket to non-blocking.
+ */
+func clientSetupSession() (net.Conn, error) {
+	return net.Dial("unix", PCSCDSockName)
+}

vendor/github.com/status-im/keycard-go/derivationpath/decoder.go

+package derivationpath
+
+import (
+	"fmt"
+	"io"
+	"strconv"
+	"strings"
+)
+
+type StartingPoint int
+
+const (
+	tokenMaster    = 0x6D // char m
+	tokenSeparator = 0x2F // char /
+	tokenHardened  = 0x27 // char '
+	tokenDot       = 0x2E // char .
+
+	hardenedStart = 0x80000000 // 2^31
+)
+
+const (
+	StartingPointMaster StartingPoint = iota + 1
+	StartingPointCurrent
+	StartingPointParent
+)
+
+type parseFunc = func() error
+
+type decoder struct {
+	r                    *strings.Reader
+	f                    parseFunc
+	pos                  int
+	path                 []uint32
+	start                StartingPoint
+	currentToken         string
+	currentTokenHardened bool
+}
+
+func newDecoder(path string) *decoder {
+	d := &decoder{
+		r: strings.NewReader(path),
+	}
+
+	d.reset()
+
+	return d
+}
+
+func (d *decoder) reset() {
+	d.r.Seek(0, io.SeekStart)
+	d.pos = 0
+	d.start = StartingPointCurrent
+	d.f = d.parseStart
+	d.path = make([]uint32, 0)
+	d.resetCurrentToken()
+}
+
+func (d *decoder) resetCurrentToken() {
+	d.currentToken = ""
+	d.currentTokenHardened = false
+}
+
+func (d *decoder) parse() (StartingPoint, []uint32, error) {
+	for {
+		err := d.f()
+		if err != nil {
+			if err == io.EOF {
+				err = nil
+			} else {
+				err = fmt.Errorf("at position %d, %s", d.pos, err.Error())
+			}
+
+			return d.start, d.path, err
+		}
+	}
+
+	return d.start, d.path, nil
+}
+
+func (d *decoder) readByte() (byte, error) {
+	b, err := d.r.ReadByte()
+	if err != nil {
+		return b, err
+	}
+
+	d.pos++
+
+	return b, nil
+}
+
+func (d *decoder) unreadByte() error {
+	err := d.r.UnreadByte()
+	if err != nil {
+		return err
+	}
+
+	d.pos--
+
+	return nil
+}
+
+func (d *decoder) parseStart() error {
+	b, err := d.readByte()
+	if err != nil {
+		return err
+	}
+
+	if b == tokenMaster {
+		d.start = StartingPointMaster
+		d.f = d.parseSeparator
+		return nil
+	}
+
+	if b == tokenDot {
+		b2, err := d.readByte()
+		if err != nil {
+			return err
+		}
+
+		if b2 == tokenDot {
+			d.f = d.parseSeparator
+			d.start = StartingPointParent
+			return nil
+		}
+
+		d.f = d.parseSeparator
+		d.start = StartingPointCurrent
+		return d.unreadByte()
+	}
+
+	d.f = d.parseSegment
+
+	return d.unreadByte()
+}
+
+func (d *decoder) saveSegment() error {
+	if len(d.currentToken) > 0 {
+		i, err := strconv.ParseUint(d.currentToken, 10, 32)
+		if err != nil {
+			return err
+		}
+
+		if i >= hardenedStart {
+			d.pos -= len(d.currentToken) - 1
+			return fmt.Errorf("index must be lower than 2^31, got %d", i)
+		}
+
+		if d.currentTokenHardened {
+			i += hardenedStart
+		}
+
+		d.path = append(d.path, uint32(i))
+	}
+
+	d.f = d.parseSegment
+	d.resetCurrentToken()
+
+	return nil
+}
+
+func (d *decoder) parseSeparator() error {
+	b, err := d.readByte()
+	if err != nil {
+		return err
+	}
+
+	if b == tokenSeparator {
+		return d.saveSegment()
+	}
+
+	return fmt.Errorf("expected %s, got %s", string(tokenSeparator), string(b))
+}
+
+func (d *decoder) parseSegment() error {
+	b, err := d.readByte()
+	if err == io.EOF {
+		if len(d.currentToken) == 0 {
+			return fmt.Errorf("expected number, got EOF")
+		}
+
+		if newErr := d.saveSegment(); newErr != nil {
+			return newErr
+		}
+
+		return err
+	}
+
+	if err != nil {
+		return err
+	}
+
+	if len(d.currentToken) > 0 && b == tokenSeparator {
+		return d.saveSegment()
+	}
+
+	if len(d.currentToken) > 0 && b == tokenHardened {
+		d.currentTokenHardened = true
+		d.f = d.parseSeparator
+		return nil
+	}
+
+	if b < 0x30 || b > 0x39 {
+		return fmt.Errorf("expected number, got %s", string(b))
+	}
+
+	d.currentToken = fmt.Sprintf("%s%s", d.currentToken, string(b))
+
+	return nil
+}
+
+func Decode(str string) (StartingPoint, []uint32, error) {
+	d := newDecoder(str)
+	return d.parse()
+}

vendor/github.com/status-im/keycard-go/derivationpath/encoder.go

+package derivationpath
+
+import (
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"strings"
+)
+
+func Encode(rawPath []uint32) string {
+	segments := []string{string(tokenMaster)}
+
+	for _, i := range rawPath {
+		suffix := ""
+
+		if i >= hardenedStart {
+			i = i - hardenedStart
+			suffix = string(tokenHardened)
+		}
+
+		segments = append(segments, fmt.Sprintf("%d%s", i, suffix))
+	}
+
+	return strings.Join(segments, string(tokenSeparator))
+}
+
+func EncodeFromBytes(data []byte) (string, error) {
+	buf := bytes.NewBuffer(data)
+	rawPath := make([]uint32, buf.Len()/4)
+	err := binary.Read(buf, binary.BigEndian, &rawPath)
+	if err != nil {
+		return "", err
+	}
+
+	return Encode(rawPath), nil
+}

vendor/github.com/tyler-smith/go-bip39/Gopkg.lock

+# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
+
+
+[[projects]]
+  branch = "master"
+  name = "golang.org/x/crypto"
+  packages = ["pbkdf2"]
+  revision = "a49355c7e3f8fe157a85be2f77e6e269a0f89602"
+
+[solve-meta]
+  analyzer-name = "dep"
+  analyzer-version = 1
+  inputs-digest = "d7f1a7207c39125afcb9ca2365832cb83458edfc17f2f7e8d28fd56f19436856"
+  solver-name = "gps-cdcl"
+  solver-version = 1

vendor/github.com/tyler-smith/go-bip39/Gopkg.toml

+
+# Gopkg.toml example
+#
+# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
+# for detailed Gopkg.toml documentation.
+#
+# required = ["github.com/user/thing/cmd/thing"]
+# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
+#
+# [[constraint]]
+#   name = "github.com/user/project"
+#   version = "1.0.0"
+#
+# [[constraint]]
+#   name = "github.com/user/project2"
+#   branch = "dev"
+#   source = "github.com/myfork/project2"
+#
+# [[override]]
+#  name = "github.com/x/y"
+#  version = "2.4.0"
+
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/crypto"

vendor/github.com/tyler-smith/go-bip39/LICENSE

+The MIT License (MIT)
+
+Copyright (c) 2014-2018 Tyler Smith and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vendor/github.com/tyler-smith/go-bip39/Makefile

+.DEFAULT_GOAL := help
+
+tests: ## Run tests with coverage
+	go test -v -cover ./...
+
+profile_tests: ## Run tests and output coverage profiling
+	go test -v -coverprofile=coverage.out .
+	go tool cover -html=coverage.out
+
+help:
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'

vendor/github.com/tyler-smith/go-bip39/README.md

+# go-bip39
+[![Build Status](https://travis-ci.org/tyler-smith/go-bip39.svg?branch=master)](https://travis-ci.org/tyler-smith/go-bip39)
+[![license](https://img.shields.io/github/license/tyler-smith/go-bip39.svg?maxAge=2592000)](https://github.com/tyler-smith/go-bip39/blob/master/LICENSE)
+[![Documentation](https://godoc.org/github.com/tyler-smith/go-bip39?status.svg)](http://godoc.org/github.com/tyler-smith/go-bip39)
+[![Go Report Card](https://goreportcard.com/badge/github.com/tyler-smith/go-bip39)](https://goreportcard.com/report/github.com/tyler-smith/go-bip39)
+[![GitHub issues](https://img.shields.io/github/issues/tyler-smith/go-bip39.svg)](https://github.com/tyler-smith/go-bip39/issues)
+
+
+A golang implementation of the BIP0039 spec for mnemonic seeds
+
+## Example
+
+```go
+package main
+
+import (
+  "github.com/tyler-smith/go-bip39"
+  "github.com/tyler-smith/go-bip32"
+  "fmt"
+)
+
+func main(){
+  // Generate a mnemonic for memorization or user-friendly seeds
+  entropy, _ := bip39.NewEntropy(256)
+  mnemonic, _ := bip39.NewMnemonic(entropy)
+
+  // Generate a Bip32 HD wallet for the mnemonic and a user supplied password
+  seed := bip39.NewSeed(mnemonic, "Secret Passphrase")
+
+  masterKey, _ := bip32.NewMasterKey(seed)
+  publicKey := masterKey.PublicKey()
+
+  // Display mnemonic and keys
+  fmt.Println("Mnemonic: ", mnemonic)
+  fmt.Println("Master private key: ", masterKey)
+  fmt.Println("Master public key: ", publicKey)
+}
+```
+
+## Credits
+
+Wordlists are from the [bip39 spec](https://github.com/bitcoin/bips/tree/master/bip-0039).
+
+Test vectors are from the standard Python BIP0039 implementation from the
+Trezor team: [https://github.com/trezor/python-mnemonic](https://github.com/trezor/python-mnemonic)

vendor/github.com/wsddn/go-ecdh/LICENSE

+Copyright (c) 2014, tang0th
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of tang0th nor the names of its contributors may be
+      used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

vendor/github.com/wsddn/go-ecdh/Readme.md

+# ECDH
+
+[![Build Status](https://travis-ci.org/wsddn/go-ecdh.svg?branch=master)](https://travis-ci.org/wsddn/go-ecdh)
+
+This is a go implementation of elliptical curve diffie-hellman key exchange method.
+It supports the NIST curves (and any curves using the `elliptic.Curve` go interface)
+as well as djb's curve25519. 
+
+The library handles generating of keys, generating a shared secret, and the
+(un)marshalling of the elliptical curve keys into slices of bytes.
+
+## Warning and Disclaimer
+I am not a cryptographer, this was written as part of a personal project to learn about cryptographic systems and protocols. No claims as to the security of this library are made, I would not advise using it for anything that requires any level of security. Pull requests or issues about security flaws are however still welcome.
+
+## Compatibility
+Works with go 1.2 onwards.
+
+## TODO
+ * Improve documentation

vendor/github.com/wsddn/go-ecdh/curve25519.go

+package ecdh
+
+import (
+	"crypto"
+	"io"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+type curve25519ECDH struct {
+	ECDH
+}
+
+// NewCurve25519ECDH creates a new ECDH instance that uses djb's curve25519
+// elliptical curve.
+func NewCurve25519ECDH() ECDH {
+	return &curve25519ECDH{}
+}
+
+func (e *curve25519ECDH) GenerateKey(rand io.Reader) (crypto.PrivateKey, crypto.PublicKey, error) {
+	var pub, priv [32]byte
+	var err error
+
+	_, err = io.ReadFull(rand, priv[:])
+	if err != nil {
+		return nil, nil, err
+	}
+
+	priv[0] &= 248
+	priv[31] &= 127
+	priv[31] |= 64
+
+	curve25519.ScalarBaseMult(&pub, &priv)
+
+	return &priv, &pub, nil
+}
+
+func (e *curve25519ECDH) Marshal(p crypto.PublicKey) []byte {
+	pub := p.(*[32]byte)
+	return pub[:]
+}
+
+func (e *curve25519ECDH) Unmarshal(data []byte) (crypto.PublicKey, bool) {
+	var pub [32]byte
+	if len(data) != 32 {
+		return nil, false
+	}
+
+	copy(pub[:], data)
+	return &pub, true
+}
+
+func (e *curve25519ECDH) GenerateSharedSecret(privKey crypto.PrivateKey, pubKey crypto.PublicKey) ([]byte, error) {
+	var priv, pub, secret *[32]byte
+
+	priv = privKey.(*[32]byte)
+	pub = pubKey.(*[32]byte)
+	secret = new([32]byte)
+
+	curve25519.ScalarMult(secret, priv, pub)
+	return secret[:], nil
+}

vendor/github.com/wsddn/go-ecdh/ecdh.go

+package ecdh
+
+import (
+	"crypto"
+	"io"
+)
+
+// The main interface for ECDH key exchange.
+type ECDH interface {
+	GenerateKey(io.Reader) (crypto.PrivateKey, crypto.PublicKey, error)
+	Marshal(crypto.PublicKey) []byte
+	Unmarshal([]byte) (crypto.PublicKey, bool)
+	GenerateSharedSecret(crypto.PrivateKey, crypto.PublicKey) ([]byte, error)
+}

vendor/github.com/wsddn/go-ecdh/elliptic.go

+package ecdh
+
+import (
+	"crypto"
+	"crypto/elliptic"
+	"io"
+	"math/big"
+)
+
+type ellipticECDH struct {
+	ECDH
+	curve elliptic.Curve
+}
+
+type ellipticPublicKey struct {
+	elliptic.Curve
+	X, Y *big.Int
+}
+
+type ellipticPrivateKey struct {
+	D []byte
+}
+
+// NewEllipticECDH creates a new instance of ECDH with the given elliptic.Curve curve
+// to use as the elliptical curve for elliptical curve diffie-hellman.
+func NewEllipticECDH(curve elliptic.Curve) ECDH {
+	return &ellipticECDH{
+		curve: curve,
+	}
+}
+
+func (e *ellipticECDH) GenerateKey(rand io.Reader) (crypto.PrivateKey, crypto.PublicKey, error) {
+	var d []byte
+	var x, y *big.Int
+	var priv *ellipticPrivateKey
+	var pub *ellipticPublicKey
+	var err error
+
+	d, x, y, err = elliptic.GenerateKey(e.curve, rand)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	priv = &ellipticPrivateKey{
+		D: d,
+	}
+	pub = &ellipticPublicKey{
+		Curve: e.curve,
+		X: x,
+		Y: y,
+	}
+	
+	return priv, pub, nil
+}
+
+func (e *ellipticECDH) Marshal(p crypto.PublicKey) []byte {
+	pub := p.(*ellipticPublicKey)
+	return elliptic.Marshal(e.curve, pub.X, pub.Y)
+}
+
+func (e *ellipticECDH) Unmarshal(data []byte) (crypto.PublicKey, bool) {
+	var key *ellipticPublicKey
+	var x, y *big.Int
+
+	x, y = elliptic.Unmarshal(e.curve, data)
+	if x == nil || y == nil {
+		return key, false
+	}
+	key = &ellipticPublicKey{
+		Curve: e.curve,
+		X:     x,
+		Y:     y,
+	}
+	return key, true
+}
+
+// GenerateSharedSecret takes in a public key and a private key
+// and generates a shared secret.
+//
+// RFC5903 Section 9 states we should only return x.
+func (e *ellipticECDH) GenerateSharedSecret(privKey crypto.PrivateKey, pubKey crypto.PublicKey) ([]byte, error) {
+	priv := privKey.(*ellipticPrivateKey)
+	pub := pubKey.(*ellipticPublicKey)
+
+	x, _ := e.curve.ScalarMult(pub.X, pub.Y, priv.D)
+	return x.Bytes(), nil
+}

vendor/golang.org/x/text/unicode/norm/forminfo.go

+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package norm
+
+import "encoding/binary"
+
+// This file contains Form-specific logic and wrappers for data in tables.go.
+
+// Rune info is stored in a separate trie per composing form. A composing form
+// and its corresponding decomposing form share the same trie.  Each trie maps
+// a rune to a uint16. The values take two forms.  For v >= 0x8000:
+//   bits
+//   15:    1 (inverse of NFD_QC bit of qcInfo)
+//   13..7: qcInfo (see below). isYesD is always true (no decompostion).
+//    6..0: ccc (compressed CCC value).
+// For v < 0x8000, the respective rune has a decomposition and v is an index
+// into a byte array of UTF-8 decomposition sequences and additional info and
+// has the form:
+//    <header> <decomp_byte>* [<tccc> [<lccc>]]
+// The header contains the number of bytes in the decomposition (excluding this
+// length byte). The two most significant bits of this length byte correspond
+// to bit 5 and 4 of qcInfo (see below).  The byte sequence itself starts at v+1.
+// The byte sequence is followed by a trailing and leading CCC if the values
+// for these are not zero.  The value of v determines which ccc are appended
+// to the sequences.  For v < firstCCC, there are none, for v >= firstCCC,
+// the sequence is followed by a trailing ccc, and for v >= firstLeadingCC
+// there is an additional leading ccc. The value of tccc itself is the
+// trailing CCC shifted left 2 bits. The two least-significant bits of tccc
+// are the number of trailing non-starters.
+
+const (
+	qcInfoMask      = 0x3F // to clear all but the relevant bits in a qcInfo
+	headerLenMask   = 0x3F // extract the length value from the header byte
+	headerFlagsMask = 0xC0 // extract the qcInfo bits from the header byte
+)
+
+// Properties provides access to normalization properties of a rune.
+type Properties struct {
+	pos   uint8  // start position in reorderBuffer; used in composition.go
+	size  uint8  // length of UTF-8 encoding of this rune
+	ccc   uint8  // leading canonical combining class (ccc if not decomposition)
+	tccc  uint8  // trailing canonical combining class (ccc if not decomposition)
+	nLead uint8  // number of leading non-starters.
+	flags qcInfo // quick check flags
+	index uint16
+}
+
+// functions dispatchable per form
+type lookupFunc func(b input, i int) Properties
+
+// formInfo holds Form-specific functions and tables.
+type formInfo struct {
+	form                     Form
+	composing, compatibility bool // form type
+	info                     lookupFunc
+	nextMain                 iterFunc
+}
+
+var formTable = []*formInfo{{
+	form:          NFC,
+	composing:     true,
+	compatibility: false,
+	info:          lookupInfoNFC,
+	nextMain:      nextComposed,
+}, {
+	form:          NFD,
+	composing:     false,
+	compatibility: false,
+	info:          lookupInfoNFC,
+	nextMain:      nextDecomposed,
+}, {
+	form:          NFKC,
+	composing:     true,
+	compatibility: true,
+	info:          lookupInfoNFKC,
+	nextMain:      nextComposed,
+}, {
+	form:          NFKD,
+	composing:     false,
+	compatibility: true,
+	info:          lookupInfoNFKC,
+	nextMain:      nextDecomposed,
+}}
+
+// We do not distinguish between boundaries for NFC, NFD, etc. to avoid
+// unexpected behavior for the user.  For example, in NFD, there is a boundary
+// after 'a'.  However, 'a' might combine with modifiers, so from the application's
+// perspective it is not a good boundary. We will therefore always use the
+// boundaries for the combining variants.
+
+// BoundaryBefore returns true if this rune starts a new segment and
+// cannot combine with any rune on the left.
+func (p Properties) BoundaryBefore() bool {
+	if p.ccc == 0 && !p.combinesBackward() {
+		return true
+	}
+	// We assume that the CCC of the first character in a decomposition
+	// is always non-zero if different from info.ccc and that we can return
+	// false at this point. This is verified by maketables.
+	return false
+}
+
+// BoundaryAfter returns true if runes cannot combine with or otherwise
+// interact with this or previous runes.
+func (p Properties) BoundaryAfter() bool {
+	// TODO: loosen these conditions.
+	return p.isInert()
+}
+
+// We pack quick check data in 4 bits:
+//   5:    Combines forward  (0 == false, 1 == true)
+//   4..3: NFC_QC Yes(00), No (10), or Maybe (11)
+//   2:    NFD_QC Yes (0) or No (1). No also means there is a decomposition.
+//   1..0: Number of trailing non-starters.
+//
+// When all 4 bits are zero, the character is inert, meaning it is never
+// influenced by normalization.
+type qcInfo uint8
+
+func (p Properties) isYesC() bool { return p.flags&0x10 == 0 }
+func (p Properties) isYesD() bool { return p.flags&0x4 == 0 }
+
+func (p Properties) combinesForward() bool  { return p.flags&0x20 != 0 }
+func (p Properties) combinesBackward() bool { return p.flags&0x8 != 0 } // == isMaybe
+func (p Properties) hasDecomposition() bool { return p.flags&0x4 != 0 } // == isNoD
+
+func (p Properties) isInert() bool {
+	return p.flags&qcInfoMask == 0 && p.ccc == 0
+}
+
+func (p Properties) multiSegment() bool {
+	return p.index >= firstMulti && p.index < endMulti
+}
+
+func (p Properties) nLeadingNonStarters() uint8 {
+	return p.nLead
+}
+
+func (p Properties) nTrailingNonStarters() uint8 {
+	return uint8(p.flags & 0x03)
+}
+
+// Decomposition returns the decomposition for the underlying rune
+// or nil if there is none.
+func (p Properties) Decomposition() []byte {
+	// TODO: create the decomposition for Hangul?
+	if p.index == 0 {
+		return nil
+	}
+	i := p.index
+	n := decomps[i] & headerLenMask
+	i++
+	return decomps[i : i+uint16(n)]
+}
+
+// Size returns the length of UTF-8 encoding of the rune.
+func (p Properties) Size() int {
+	return int(p.size)
+}
+
+// CCC returns the canonical combining class of the underlying rune.
+func (p Properties) CCC() uint8 {
+	if p.index >= firstCCCZeroExcept {
+		return 0
+	}
+	return ccc[p.ccc]
+}
+
+// LeadCCC returns the CCC of the first rune in the decomposition.
+// If there is no decomposition, LeadCCC equals CCC.
+func (p Properties) LeadCCC() uint8 {
+	return ccc[p.ccc]
+}
+
+// TrailCCC returns the CCC of the last rune in the decomposition.
+// If there is no decomposition, TrailCCC equals CCC.
+func (p Properties) TrailCCC() uint8 {
+	return ccc[p.tccc]
+}
+
+func buildRecompMap() {
+	recompMap = make(map[uint32]rune, len(recompMapPacked)/8)
+	var buf [8]byte
+	for i := 0; i < len(recompMapPacked); i += 8 {
+		copy(buf[:], recompMapPacked[i:i+8])
+		key := binary.BigEndian.Uint32(buf[:4])
+		val := binary.BigEndian.Uint32(buf[4:])
+		recompMap[key] = rune(val)
+	}
+}
+
+// Recomposition
+// We use 32-bit keys instead of 64-bit for the two codepoint keys.
+// This clips off the bits of three entries, but we know this will not
+// result in a collision. In the unlikely event that changes to
+// UnicodeData.txt introduce collisions, the compiler will catch it.
+// Note that the recomposition map for NFC and NFKC are identical.
+
+// combine returns the combined rune or 0 if it doesn't exist.
+//
+// The caller is responsible for calling
+// recompMapOnce.Do(buildRecompMap) sometime before this is called.
+func combine(a, b rune) rune {
+	key := uint32(uint16(a))<<16 + uint32(uint16(b))
+	if recompMap == nil {
+		panic("caller error") // see func comment
+	}
+	return recompMap[key]
+}
+
+func lookupInfoNFC(b input, i int) Properties {
+	v, sz := b.charinfoNFC(i)
+	return compInfo(v, sz)
+}
+
+func lookupInfoNFKC(b input, i int) Properties {
+	v, sz := b.charinfoNFKC(i)
+	return compInfo(v, sz)
+}
+
+// Properties returns properties for the first rune in s.
+func (f Form) Properties(s []byte) Properties {
+	if f == NFC || f == NFD {
+		return compInfo(nfcData.lookup(s))
+	}
+	return compInfo(nfkcData.lookup(s))
+}
+
+// PropertiesString returns properties for the first rune in s.
+func (f Form) PropertiesString(s string) Properties {
+	if f == NFC || f == NFD {
+		return compInfo(nfcData.lookupString(s))
+	}
+	return compInfo(nfkcData.lookupString(s))
+}
+
+// compInfo converts the information contained in v and sz
+// to a Properties.  See the comment at the top of the file
+// for more information on the format.
+func compInfo(v uint16, sz int) Properties {
+	if v == 0 {
+		return Properties{size: uint8(sz)}
+	} else if v >= 0x8000 {
+		p := Properties{
+			size:  uint8(sz),
+			ccc:   uint8(v),
+			tccc:  uint8(v),
+			flags: qcInfo(v >> 8),
+		}
+		if p.ccc > 0 || p.combinesBackward() {
+			p.nLead = uint8(p.flags & 0x3)
+		}
+		return p
+	}
+	// has decomposition
+	h := decomps[v]
+	f := (qcInfo(h&headerFlagsMask) >> 2) | 0x4
+	p := Properties{size: uint8(sz), flags: f, index: v}
+	if v >= firstCCC {
+		v += uint16(h&headerLenMask) + 1
+		c := decomps[v]
+		p.tccc = c >> 2
+		p.flags |= qcInfo(c & 0x3)
+		if v >= firstLeadingCCC {
+			p.nLead = c & 0x3
+			if v >= firstStarterWithNLead {
+				// We were tricked. Remove the decomposition.
+				p.flags &= 0x03
+				p.index = 0
+				return p
+			}
+			p.ccc = decomps[v+1]
+		}
+	}
+	return p
+}

vendor/golang.org/x/text/unicode/norm/input.go

+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package norm
+
+import "unicode/utf8"
+
+type input struct {
+	str   string
+	bytes []byte
+}
+
+func inputBytes(str []byte) input {
+	return input{bytes: str}
+}
+
+func inputString(str string) input {
+	return input{str: str}
+}
+
+func (in *input) setBytes(str []byte) {
+	in.str = ""
+	in.bytes = str
+}
+
+func (in *input) setString(str string) {
+	in.str = str
+	in.bytes = nil
+}
+
+func (in *input) _byte(p int) byte {
+	if in.bytes == nil {
+		return in.str[p]
+	}
+	return in.bytes[p]
+}
+
+func (in *input) skipASCII(p, max int) int {
+	if in.bytes == nil {
+		for ; p < max && in.str[p] < utf8.RuneSelf; p++ {
+		}
+	} else {
+		for ; p < max && in.bytes[p] < utf8.RuneSelf; p++ {
+		}
+	}
+	return p
+}
+
+func (in *input) skipContinuationBytes(p int) int {
+	if in.bytes == nil {
+		for ; p < len(in.str) && !utf8.RuneStart(in.str[p]); p++ {
+		}
+	} else {
+		for ; p < len(in.bytes) && !utf8.RuneStart(in.bytes[p]); p++ {
+		}
+	}
+	return p
+}
+
+func (in *input) appendSlice(buf []byte, b, e int) []byte {
+	if in.bytes != nil {
+		return append(buf, in.bytes[b:e]...)
+	}
+	for i := b; i < e; i++ {
+		buf = append(buf, in.str[i])
+	}
+	return buf
+}
+
+func (in *input) copySlice(buf []byte, b, e int) int {
+	if in.bytes == nil {
+		return copy(buf, in.str[b:e])
+	}
+	return copy(buf, in.bytes[b:e])
+}
+
+func (in *input) charinfoNFC(p int) (uint16, int) {
+	if in.bytes == nil {
+		return nfcData.lookupString(in.str[p:])
+	}
+	return nfcData.lookup(in.bytes[p:])
+}
+
+func (in *input) charinfoNFKC(p int) (uint16, int) {
+	if in.bytes == nil {
+		return nfkcData.lookupString(in.str[p:])
+	}
+	return nfkcData.lookup(in.bytes[p:])
+}
+
+func (in *input) hangul(p int) (r rune) {
+	var size int
+	if in.bytes == nil {
+		if !isHangulString(in.str[p:]) {
+			return 0
+		}
+		r, size = utf8.DecodeRuneInString(in.str[p:])
+	} else {
+		if !isHangul(in.bytes[p:]) {
+			return 0
+		}
+		r, size = utf8.DecodeRune(in.bytes[p:])
+	}
+	if size != hangulUTF8Size {
+		return 0
+	}
+	return r
+}