laforge has uploaded this change for review.

View Change

global_platform: Add KCV computation for TLS-PSK keys

This adds support for computing the KCV (key check value) for TLS-PSK
keys such as those used in SCP81.

The spec reference is "Remote Application Management over HTTP
Card Specification v2.2 - Amendment B Version 1.1.3"

Change-Id: I8c56ba1341fd4615f8a9ed0c13f25790639f9098
---
M pySim/global_platform/__init__.py
1 file changed, 9 insertions(+), 0 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/65/41765/1

diff --git a/pySim/global_platform/__init__.py b/pySim/global_platform/__init__.py
index 8a99677..a1f4824 100644
--- a/pySim/global_platform/__init__.py
+++ b/pySim/global_platform/__init__.py
@@ -18,6 +18,7 @@
 """
 
 import io
+import hashlib
 from copy import deepcopy
 from typing import Optional, List, Dict, Tuple
 from construct import Optional as COptional
@@ -1051,10 +1052,18 @@
     cipher = AES.new(key, AES.MODE_ECB)
     return cipher.encrypt(plaintext)
 
+def compute_kcv_sha1(key:bytes) -> bytes:
+    # GPC 2.2 B RAM over HTTP Section 3.8: A key check value shall be computed as the three most
+    # significant bytes of the SHA-1 digest of the PSK TLS Key
+    m = hashlib.sha1()
+    m.update(key)
+    return m.digest()[:3]
+
 # dict is keyed by the string name of the KeyType enum above in this file
 KCV_CALCULATOR = {
         'aes': compute_kcv_aes,
         'des': compute_kcv_des,
+        'tls_psk': compute_kcv_sha1,
     }
 
 def compute_kcv(key_type: str, key: bytes) -> Optional[bytes]:

To view, visit change 41765. To unsubscribe, or for help writing mail filters, visit settings.