As described in nexo-FAST v.3.2 section 7.4.2.1

Right now stubs.c is hand-coded, but this approach is suboptimal, because this file has to be modified each time new procedure is added or removed from the lib. Consider generating this file from nm -u output. Custom script may be required.

Low priority

Section 7.4.2.4 procedure Match_Prefix_Range.

Low priority, but specification is maddening.

Add tests and implement Match_Aid in section 7.4.2.5.

Ada is a strongly typed language that is well suited for describing Nexo specification.

Pros:

1. Very-strong type checking
2. Well defined bit fields that are used a lot in EMV and Nexo.
3. Preconditions and postconditions that actually are there in the nexo specification, and it would be nice to have them. They usually state which variables must change their value or must only be read.
4. Maps well from Drakon
   1. it has goto which is needed for blazing fast implementation
   2. high-level looping constructs compared to C
   3. nested function which may be used to implement procedures/functions with multiple entry points

Cons:

1. I have to implement Ada generator from Drakon diagram
2. I have to learn Ada well enough to be able to design this generator properly
3. There aren't many free and open source ASN.1 compilers for Ada.

References:

• Data Modelling with ASN.1 for Space Applications
• asn1scc compiler
• Ada courses

As described in nexo-FAST v.3.2 section 7.4.2.5

As time goes I begin to see issues that aren't easily solvable in C. They can be roughly divided into 2 categories:

1. Technical
   1. Porting to Windows - this is big one, right now it's impossible to create DLL, without trying to jump over your head.
   2. Testing - Right now in order to test nexoid-ed it's needed to defined interface symbols for a test. Basically that means that in a single executable can be only single implementation of APIs (SCAPI, HAPI etc), which defies the point of testing, because normally we want to test different scenarios, like failure in a particular API call, etc. There is still a possibility to connect API to some scripting language and work with that, but for now experiments with libctl failed (#2).
2. Non-technical
   1. Readability
      1. Operator overloading - It can simplify look of executable diagrams, which was the main point of them in the first place. ttd.transactionAmount > 1 is way more readable for non-programmer than amount_compare(ttd.transactionAmount, create_bcd(1)) > 1 or something similar.
      2. Implicit memory handling - It was solved partially using ptmalloc3 and memory pools, but still one have to use special macros acpval and acpptr to allocate a copy of a variable. This can be simplified with custom allocators in C++

It's described in nexo-FAST v.3.2 section 7.3.2.1.3.

In EMV Book 3, section 7.5 it is specified that terminal may ignore formatting errors for some tags like Cardholder Name (5F20). TODO: Check if nexo also supports this.

Section 6.6 procedure Transaction_Dcc_Eligibility

As described in nexo-FAST v.3.2 section 7.4.2.2.6

This is a major refactoring, but may be done quite mechanically. It's not needed now, but it may be useful to have if I'll want to scale-up.

I'm still unsure if I should do it. Here I will gather all pros and cons of such change.

Pros:

1. It will be possible to allocate TTD on a heap (right now it will be always in .bss)
2. Erasing data will be simpler. If DMAPI is used than just ttd = NULL is good enough.

Cons:

1. A time consuming task that has zero immediate value
2. Pointer de-reference instead of a direct jump for each access to TTD value.
3. Trusted layer should guarantee immutability of a pointer for a duration of transaction

Also, the general idea is that nexoid-ed project should be as small as possible. It should be able to run on most restricted embedded systems. Maybe, it would be nice to be able to run using deterministic amount of memory.

Write tests and implement BCD arithmetic. It's needed eg. in procedure Check_Payment_Amounts or Match_Prefix

Test fails

./ut/nexoid
Running suite(s): tag_retrival
 utils
95%: Checks: 23, Failures: 1, Errors: 0
ut/nexoid-ut-x86_64.t:118:F:utils:yymmdd_years_differ:0: Assertion 'yymmdd_cmp(b, a) == -1' failed: yymmdd_cmp(b, a) == 0, -1 == -1
make: *** [Makefile:168: test] Error 1

Function yymmdd_cmp isn't implemented correctly

As defined int nexo-FAST v.3.2 note 68-20

Refactoring is needed

Service authorisation is out of scope of nexo-FAST, but I think it's a sensible idea to move it to "Data Entry Interaction" and it should set bool securityPermission variable.

Moreover function scap_Authorise_Service is deprecated for very long time.

Section 7.4.2.4 procedure Match_Application_Profile_Entry

Also, figure out how to support both versions at the same time. I think I will have to have two branches FASTv3.2 and FASTv3.3.

Starting point should be the output of grep 'NEXO:' NexoFast.sql. The problem is that they have already release next version of the specification.

Described in nexo-FAST v.3.2 note 58-30

As defined by nexo-FAST v.3.2 note 76-10

As defined in nexo-FAST v.3.2 section 6.4.2.2. This may require removal of additional *_SSN_* messages that were added in different places.

Nexo-FAST v.3.2 section 6.4.2, non nexo procedure Tc_Remove_Card

Section 7.3 procedure Technology_Selection_Initial_Processing

As described in multiple sections, one of them is nexo-FAST v.3.2 section 6.6.7.2

It's described in nexo-FAST v.3.2 section 6.7 in particular note 99-10.

As defined in nexo-FAST v.3.2 section 7.4.2.6.

Consider redesign of cardholder messages format, so it can be possible to signal that some data should be displayed on one line, like:

PAYMENT: Transaction_Amount Currency

It's not yet decided if this feature is useful.

Right now, analyze applicability of libctl as a proper solution for testing, eg. by writing 1 or 2 tests.

It's described in nexo-FAST v.3.2 section 7.3.2.1.2.

Move some dangling global variables (like g_callTms) and data that isn't strictly speaking related to the current transaction (ttd) to a separate structure called tld (Terminal Lifecycle Data).

This task may involve implementing some changes that are against specification. All such inconsistencies should be documented and reported.

Defined in nexo-FAST v.3.2 section 6.4.2.5

Consider the ability to compile project using strict CompCert compiler from https://compcert.org/

How the project can benefit from it?