[M] Change in pysim[master]: personalization: fix SdKey.apply_val() implementation

laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/40203?usp=email )

Change subject: personalization: fix SdKey.apply_val() implementation ......................................................................

personalization: fix SdKey.apply_val() implementation

'securityDomain' elements are decoded to ProfileElementSD instances, which keep higher level representations of the key data apart from the decoded[] lists.

So far, apply_val() was dropping binary values in decoded[], which does not work, because ProfileElementSD._pre_encode() overwrites self.decoded[] from the higher level representation.

Implement using - ProfileElementSD.find_key() and SecurityDomainKeyComponent to modify an exsiting entry, or - ProfileElementSD.add_key() to create a new entry.

Before this patch, SdKey parameters seemed to patch PES successfully, but their modifications did not end up in the encoded DER.

(BTW, this does not fix any other errors that may still be present in the various SdKey subclasses, patches coming up.)

Related: SYS#6768 Change-Id: I07dfc378705eba1318e9e8652796cbde106c6a52 Jenkins: skip-card-test --- M pySim/esim/saip/__init__.py M pySim/esim/saip/personalization.py 2 files changed, 41 insertions(+), 28 deletions(-)

Approvals: laforge: Looks good to me, approved Jenkins Builder: Verified

diff --git a/pySim/esim/saip/__init__.py b/pySim/esim/saip/__init__.py index 9fa1d28..ec59c50 100644 --- a/pySim/esim/saip/__init__.py +++ b/pySim/esim/saip/__init__.py @@ -1079,6 +1079,13 @@ 'keyVersionNumber': bytes([self.key_version_number]), 'keyComponents': [k.to_saip_dict() for k in self.key_components]}

+ def get_key_component(self, key_type): + for kc in self.key_components: + if kc.key_type == key_type: + return kc.key_data + return None + + class ProfileElementSD(ProfileElement): """Class representing a securityDomain ProfileElement.""" type = 'securityDomain' diff --git a/pySim/esim/saip/personalization.py b/pySim/esim/saip/personalization.py index 31851f3..c633a9c 100644 --- a/pySim/esim/saip/personalization.py +++ b/pySim/esim/saip/personalization.py @@ -24,9 +24,11 @@ from osmocom.tlv import camel_to_snake from osmocom.utils import hexstr from pySim.utils import enc_iccid, dec_iccid, enc_imsi, dec_imsi, h2b, b2h, rpad, sanitize_iccid -from pySim.esim.saip import ProfileElement, ProfileElementSequence -from pySim.esim.saip import param_source from pySim.ts_51_011 import EF_SMSP +from pySim.esim.saip import param_source +from pySim.esim.saip import ProfileElement, ProfileElementSD, ProfileElementSequence +from pySim.esim.saip import SecurityDomainKey, SecurityDomainKeyComponent +from pySim.global_platform import KeyUsageQualifier, KeyType

def unrpad(s: hexstr, c='f') -> hexstr: return hexstr(s.rstrip(c)) @@ -612,36 +614,40 @@ key_usage_qual = None

@classmethod - def _apply_sd(cls, pe: ProfileElement, value): - assert pe.type == 'securityDomain' - for key in pe.decoded['keyList']: - if key['keyIdentifier'][0] == cls.key_id and key['keyVersionNumber'][0] == cls.kvn: - assert len(key['keyComponents']) == 1 - key['keyComponents'][0]['keyData'] = value - return - # Could not find matching key to patch, create a new one - key = { - 'keyUsageQualifier': bytes([cls.key_usage_qual]), - 'keyIdentifier': bytes([cls.key_id]), - 'keyVersionNumber': bytes([cls.kvn]), - 'keyComponents': [ - { 'keyType': bytes([cls.key_type]), 'keyData': value }, - ] - } - pe.decoded['keyList'].append(key) + def apply_val(cls, pes: ProfileElementSequence, val): + set_components = [ SecurityDomainKeyComponent(cls.key_type, val) ]

- @classmethod - def apply_val(cls, pes: ProfileElementSequence, value): - for pe in pes.get_pes_for_type('securityDomain'): - cls._apply_sd(pe, value) + for pe in pes.pe_list: + if pe.type != 'securityDomain': + continue + assert isinstance(pe, ProfileElementSD) + + key = pe.find_key(key_version_number=cls.kvn, key_id=cls.key_id) + if not key: + # Could not find matching key to patch, create a new one + key = SecurityDomainKey( + key_version_number=cls.kvn, + key_id=cls.key_id, + key_usage_qualifier=KeyUsageQualifier.build(cls.key_usage_qual), + key_components=set_components, + ) + pe.add_key(key) + else: + key.key_components = set_components

@classmethod def get_values_from_pes(cls, pes: ProfileElementSequence): - for pe in pes.get_pes_for_type('securityDomain'): - for key in pe.decoded['keyList']: - if key['keyIdentifier'][0] == cls.key_id and key['keyVersionNumber'][0] == cls.kvn: - if len(key['keyComponents']) >= 1: - yield { cls.name: b2h(key['keyComponents'][0]['keyData']) } + for pe in pes.pe_list: + if pe.type != 'securityDomain': + continue + assert isinstance(pe, ProfileElementSD) + + key = pe.find_key(key_version_number=cls.kvn, key_id=cls.key_id) + if not key: + continue + kc = key.get_key_component(cls.key_type) + if kc: + yield { cls.name: b2h(kc) }

class SdKeyScp80_01(SdKey, kvn=0x01, key_type=0x88, permitted_len=[16,24,32]): # AES key type pass