mar-v-in
commented
1 year ago Makes sense. To keep the first implementation easy, there are a few shortcuts here and there, including the lack of support for fragmentation.
Open StarGate01 opened 1 year ago
mar-v-in
commented
1 year ago Makes sense. To keep the first implementation easy, there are a few shortcuts here and there, including the lack of support for fragmentation.
The CTAP2 transport specification for NFC allows two different encodings for long (fragmented) requests and responses: https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#nfc-fragmentation .
Extended APDUs are simpler to implement, however not all hardware (smartphones) supports these very large (~1KB) commands, some chipsets (e.g NXP PN532) are limited to 255 bytes. See also https://github.com/DangerousThings/flexsecure-applets/blob/master/docs/4-android.md#maximum-nfc-transceive-length , https://github.com/NXPNFCLinux/linux_libnfc-nci/issues/116 .
I suggest checking the chipset capabilities using
IsoDep.getMaxTransceiveLength(https://developer.android.com/reference/android/nfc/tech/IsoDep#getMaxTransceiveLength()) before attemting so send extended APDUs, and fall back to chained APDUs otherwise.