dexter has uploaded this change for review. (
https://gerrit.osmocom.org/c/pysim/+/37931?usp=email )
Change subject: scp: fix key length in dek_encrypt and dek_decrypt
......................................................................
scp: fix key length in dek_encrypt and dek_decrypt
When creating the DES cipher object with DES.new, we use the property
card_keys.dek. This property may hold a 16 byte key, but DES uses
an 8 byte key. Pycryptodome does not automatically ignore excess key
bytes. Instead it throws an exception. This means we need to make sure
to supply only the first 8 bytes of card_keys.dek
Related: OS#6531
Change-Id: I92e0dc6a6196b532bd8b53fca7b9e78070d6903f
---
M pySim/global_platform/scp.py
1 file changed, 2 insertions(+), 2 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/31/37931/1
diff --git a/pySim/global_platform/scp.py b/pySim/global_platform/scp.py
index f68bcf9..17463ff 100644
--- a/pySim/global_platform/scp.py
+++ b/pySim/global_platform/scp.py
@@ -230,11 +230,11 @@
super().__init__(*args, **kwargs)
def dek_encrypt(self, plaintext:bytes) -> bytes:
- cipher = DES.new(self.card_keys.dek, DES.MODE_ECB)
+ cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB)
return cipher.encrypt(plaintext)
def dek_decrypt(self, ciphertext:bytes) -> bytes:
- cipher = DES.new(self.card_keys.dek, DES.MODE_ECB)
+ cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB)
return cipher.decrypt(ciphertext)
def _compute_cryptograms(self, card_challenge: bytes, host_challenge:
bytes):
--
To view, visit https://gerrit.osmocom.org/c/pysim/+/37931?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: I92e0dc6a6196b532bd8b53fca7b9e78070d6903f
Gerrit-Change-Number: 37931
Gerrit-PatchSet: 1
Gerrit-Owner: dexter <[email protected]>
