1 is the latest approved patch-set.
No files were changed between the latest approved patch-set and the submitted one.


global_platform/scp: mapdu may be undeclared

when we sign and encrypt the APDU in _wrap_cmd_apdu (SCP03) we return an "mapdu"
at the end. However, in the (unlikely?) case where self.do_cencand
self.do_cmac are false, mapdu will be undeclared. In _wrap_cmd_apdu for SCP02
we just re-use the apdu variable and return it at the end, so when no
encryption and no signing is applied, the APDU falls just through without any
modifications. We should have the same mechanism for the SCP03 wrapping as
well.

Related: OS#6367

Change-Id: Ic7089a69dffd7313572c5b3e5953200be5925766
---
M pySim/global_platform/scp.py
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pySim/global_platform/scp.py b/pySim/global_platform/scp.py
index 2cf8b63..0b1f6a9 100644
--- a/pySim/global_platform/scp.py
+++ b/pySim/global_platform/scp.py
@@ -508,11 +508,11 @@
             # channel number shall be set to zero, bit 4 shall be set to 0 and bit 3 shall be set to 1 to indicate
             # GlobalPlatform proprietary secure messaging.
             mcla = (cla & 0xF0) | CLA_SM
-            mapdu = bytes([mcla, ins, p1, p2, mlc]) + cmd_data
-            cmac = self.sk.calc_cmac(mapdu)
-            mapdu += cmac[:self.s_mode]
+            apdu = bytes([mcla, ins, p1, p2, mlc]) + cmd_data
+            cmac = self.sk.calc_cmac(apdu)
+            apdu += cmac[:self.s_mode]
 
-        return mapdu
+        return apdu
 
     def unwrap_rsp_apdu(self, sw: bytes, rsp_apdu: bytes) -> bytes:
         # No R-MAC shall be generated and no protection shall be applied to a response that includes an error

