Attention is currently required from: dexter.

Patch set 3:Code-Review +1

View Change

1 comment:

• File pySim/global_platform/scp.py:

  • Patch Set #2, Line 230: kvn_ranges = [[0x00, 0x00], [0x01, 0x01], [0x20, 0x2f], [0x70, 0x70]]

    I have tried to find some more information about those ranges, but I couldn't find any information a […]

    the spec reference you indicated just talks about KVN / KID within the same SD. The check I implemented originally is about deriving the SCP version from the KVN. The spec quote says nothing about those.

    * TS 102 225 Annex A.1 states KVN 0x01..0x0F shall be used for SCP80
    * GPC_GUI_003 states
      * For the Issuer Security Domain, this is initially Key Version Number 'FF' which has been deliberately chosen to be outside of the allowable range ('01' to '7F') for a Key Version Number.
      * It is logical that the initial keys in the Issuer Security Domain be replaced by an initial issuer Key Version Number in the range '01' to '6F'.
      * Key Version Numbers '70' to '72' and '74' to '7F' are reserved for future use.
      * On an implementation supporting Supplementary Security Domains, the RSA public key with a Key Version Number '73' and a Key Identifier of '01' has the following functionality in a Supplementary Security
    Domain with the DAP Verification privilege [...]
    * GPC_GUI_010 V1.0.1 Section 6 states
      * Key Version number range ('20' to '2F') is reserved for SCP02
      * Key Version 'FF' is reserved for use by an Issuer Security Domain supporting SCP02, and cannot be used for SCP80. This initial key set shall be replaced by a key set with a Key Version Number in the ('20' to '2F') range.
      * Key Version number range ('01' to '0F') is reserved for SCP80
      * Key Version number '70' with Key Identifier '01' is reserved for the Token Key, which is either a RSA public key or a DES key
      * Key Version number '71' with Key Identifier '01' is reserved for the Receipt Key, which is a DES key
      * Key Version Number '11' is reserved for DAP as specified in ETSI TS 102 226 [2]
      * Key Version Number '73' with Key Identifier '01' is reserved for the DAP verification key as specified in sections 3.3.3 and 4 of [4], which is either an RSA public key or DES key
      * Key Version Number '74' is reserved for the CASD Keys (cf. section 9.2)
      * Key Version Number '75' with Key Identifier '01' is reserved for the key used to decipher the Ciphered Load File Data Block described in section 4.8 of [5].
      
    Sadly I don't have the UICC Configuration 2.0 document, and GP charges 1495 USD for a copy, so I'm currently unable to "officially" confirm that the '30 .. 3F' range is reserved for SCP03.

    Given I did all the above research now durign this patch review, please add a commit that copy+pastes the above KVN ranges somewhere into the pySim source code for further reference.

To view, visit change 39225. To unsubscribe, or for help writing mail filters, visit settings.