laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/36779?usp=email )
Change subject: pySim.global_platform: Fix key encryption with DEK ......................................................................
pySim.global_platform: Fix key encryption with DEK
When a SCP is active, the DEK is used to encrypt any key material that's installed using PUT KEY. The code prior to this patch fails to handle this case as it calls the encrypt_key() method on the wrong object.
Change-Id: I6e10fb9c7881ba74ad2986c36bba95b336470838 --- M pySim/global_platform/__init__.py 1 file changed, 15 insertions(+), 1 deletion(-)
Approvals: laforge: Looks good to me, approved Jenkins Builder: Verified
diff --git a/pySim/global_platform/__init__.py b/pySim/global_platform/__init__.py index 9960560..5086721 100644 --- a/pySim/global_platform/__init__.py +++ b/pySim/global_platform/__init__.py @@ -550,7 +550,7 @@ kcv = b2h(kcv_bin) if self._cmd.lchan.scc.scp: # encrypte key data with DEK of current SCP - kcb = b2h(self._cmd.lchan.scc.scp.card_keys.encrypt_key(h2b(opts.key_data[i]))) + kcb = b2h(self._cmd.lchan.scc.scp.encrypt_key(h2b(opts.key_data[i]))) else: # (for example) during personalization, DEK might not be required) kcb = opts.key_data[i]