Hello, On Aug 17, 2010, at 7:20 PM, Andre Zepezauer wrote: > On Tue, 2010-08-17 at 10:08 +0300, Martin Paljak wrote: >> For example, try to explain why the ISO GET CHALLENGE code from year 2001 >> reads the random from the card in 8 byte chunks? > > Because it's the most generic solution, that will work on every card. More likely that the code has been there since 2001 [1] and nobody has ever needed it or questioned it.
What this basically means is that a lot of code is really old [2] and has seen zero improvement for years. Which is not bad per se, as "don't touch things that work" but what also means that a lot of code is slowly dying. Static code is dead code. Code that nobody knows why it exists or does something in a peculiar way that is hard to explain and without comments is bad, bad code. Especially if the original authors have left for new challenges long ago. I believe most cards can give a challenge for a full APDU size or at least 64-apdu_header_size bytes and save a few host<->card roundtrips. But a short peek in the OpenSC source reveals that the function is not really used at all, at least not for the original purpose (getting a challenge from the card for authentication purposes) but for random data generation. I would assume that the challenge used for mutual authentication would need to be asked in a single chunk instead of multiple small chunks. Nevertheless, I don't believe that the implementation of iso7816_get_challenge is correct, but don't rush to fix it either, because it seems to work for what it has been used for this far. Same applies to iso7816 select_file. Apparently the incomplete or incorrect implementation has not been the itch that needs scratching. Patches that fix (I'm sure there are many fixable issues in code) and/or improve OpenSC are most welcome. [1] http://www.opensc-project.org/opensc/changeset/89 [2] http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/iso7816.c?annotate=blame&rev=4627#L397 -- Martin Paljak @martinpaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
