iso7816_get_response fails if card->max_recv_size == 0

[dengert]

@frankmorgner Another issue with the card sizes

Some cards that still use T=0 and need test if the card matches the driver need to do
read the cards default AID. This will require the use of iso7816_get_response before the card's
max_recv_size can be set.

In previous version iso7816.c had:

         /* request at most max_recv_size bytes */
         if (card->max_recv_size > 0 && *count > card->max_recv_size)
                 rlen = card->max_recv_size;
         else
                 rlen = *count;

Current git master has:

 721         /* request at most max_recv_size bytes */
 722         if (*count > card->max_recv_size)
 723                 rlen = card->max_recv_size;
 724         else
 725                 rlen = *count;

The change was introdiced by:
bb92019

A trace shows:

0x7ffff7fe0740 09:51:54.428 [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:389:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:0, data(9) 0x7ffff7733860
0x7ffff7fe0740 09:51:54.428 [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:254:pcsc_transmit: reader 'SCM Microsystems Inc. SCR 355 [CCID Interface] 00 00'
0x7ffff7fe0740 09:51:54.428 [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:187:sc_apdu_log: 
Outgoing APDU data [   14 bytes] =====================================
00 A4 04 00 09 A0 00 00 03 08 00 00 10 00 ..............
======================================================================
0x7ffff7fe0740 09:51:54.428 [opensc-pkcs11] ../../../src/src/libopensc/reader-pcsc.c:184:pcsc_internal_transmit: called
0x7ffff7fe0740 09:51:54.474 [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:187:sc_apdu_log: 
Incoming APDU data [    2 bytes] =====================================
61 13 a.
======================================================================
0x7ffff7fe0740 09:51:54.474 [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:399:sc_single_transmit: returning with: 0 (Success)
0x7ffff7fe0740 09:51:54.474 [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:443:sc_get_response: called
0x7ffff7fe0740 09:51:54.474 [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:563:sc_transmit_apdu: called
0x7ffff7fe0740 09:51:54.474 [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:352:sc_check_apdu: Invalid Case 2 short APDU:
cse=02 cla=00 ins=c0 p1=00 p2=00 lc=0 le=0 
resp=0x7fffffffd130 resplen=0 data=(nil) datalen=0
0x7ffff7fe0740 09:51:54.474 [opensc-pkcs11] ../../../src/src/libopensc/iso7816.c:735:iso7816_get_response: APDU transmit failed: -1300 (Invalid arguments)
0x7ffff7fe0740 09:51:54.474 [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:480:sc_get_response: SM response data 00000000000000000000000000000000 000000
0x7ffff7fe0740 09:51:54.474 [opensc-pkcs11] ../../../src/src/libopensc/asn1.c:1446:asn1_decode: called, left=19, depth 0
0x7ffff7fe0740 09:51:54.474 [opensc-pkcs11] ../../../src/src/libopensc/apdu.c:484:sc_get_response: GET RESPONSE error: -1300 (Invalid arguments)

@frankmorgner This looks like another issue with the card sizes.

[frankmorgner]

Thanks for finding this problem. Indeed, I didn't think of this special case. It should effect all cards that use generic commands during initialization without setting the correct transceive lengths (i.e. sc_read_binary instead of specifically crafted APDUs + sc_transmit).

[frankmorgner]

Could you check if #534 fixes the problem?

[dengert]

Yes it fixes the problem I had seen with get_response during card matching.

It appears that many of these changes were designed to eliminate the existing
if (card->max_recv_size == 0) which was working, and have now replaced them with multiple functions
sc_get_max_send_size(card) and fixup_transceive_length. During card matching, and card driver init,
short APDUs were working fine and once the sc_connect_card was done, the sizes were set.

Would it be better to go back revert some of these changes and go back to the original test for size == 0?

On 8/25/2015 7:59 PM, Frank Morgner wrote:

Could you check if #534 #534 fixes the problem?

—
Reply to this email directly or view it on GitHub #533 (comment).

Douglas E. Engert [email protected]

[frankmorgner]

@dengert #534 does exactly activate all checks for handling 0 which have been in the code previously. The only difference is that it's implemented correctly(tm) this time ;-) because it also takes extended length and reader limitations into account.

From the software engineering point of view I'd actually like to have something differently:

1. initialize max_recv_size/max_send_size with reasonable defaults in sc_card_new (i.e. 256/255)
2. rewrite all card drivers to explicitly set max_recv_size/max_send_size accordingly to the card limitations (without the special value 0)
3. (optional) drop SC_CARD_CAP_APDU_EXT which is now superseded by max_recv_size/max_send_size

This would make the code more readable overall and it would also solve your problem. However, it would mean to change many card drivers and a lot of testing... I've chosen the easy path over what I think would be the correct way to go.