[M] Change in pysim[master]: global_platform: More definitions to support key loading - gerrit-log

14 Jan 2024

laforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/35564?usp=email )
Change subject: global_platform: More definitions to support key loading
......................................................................
global_platform: More definitions to support key loading
With the definitions from this commit, we can build key loading
TLVs, which is used to load ECC keys into eUICCs.
Change-Id: I853c94d37939ef3dd795f893232b0276a5a4af81
---
M pySim/global_platform.py
1 file changed, 103 insertions(+), 9 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/64/35564/1

diff --git a/pySim/global_platform.py b/pySim/global_platform.py
index 7e0493c..bb6506e 100644
--- a/pySim/global_platform.py
+++ b/pySim/global_platform.py
@@ -114,8 +114,81 @@
 class KeyInformation(BER_TLV_IE, tag=0xe0, nested=[KeyInformationData]):
     pass
-# GlobalPlatform v2.3.1 Section H.4
-class ScpInformation(BER_TLV_IE, tag=0xa0):
+# GP v2.3 11.1.9
+KeyUsageQualifier = Struct('byte1'/FlagsEnum(Byte, verification_encryption=0x80,
+                                             computation_decipherment=0x40,
+                                             sm_response=0x20,
+                                             sm_command=0x10,
+                                             confidentiality=0x08,
+                                             crypto_checksum=0x04,
+                                             digital_signature=0x02,
+                                             crypto_authorization=0x01),
+                           'byte2'/COptional(FlagsEnum(Byte, key_agreement=0x80)))
+
+# GP v2.3 11.1.10
+KeyAccess = Enum(Byte, sd_and_any_assoc_app=0x00, sd_only=0x01, any_assoc_app_but_not_sd=0x02,
+                 not_available=0xff)
+
+class KeyLoading:
+    # Global Platform Specification v2.3 Section 11.11.4.2.2.3 DGIs for the CC Private Key
+
+    class KeyUsageQualifier(BER_TLV_IE, tag=0x95):
+        _construct = KeyUsageQualifier
+
+    class KeyAccess(BER_TLV_IE, tag=0x96):
+        _construct = KeyAccess
+
+    class KeyType(BER_TLV_IE, tag=0x80):
+        _construct = KeyType
+
+    class KeyLength(BER_TLV_IE, tag=0x81):
+        _construct = GreedyInteger()
+
+    class KeyIdentifier(BER_TLV_IE, tag=0x82):
+        _construct = Int8ub
+
+    class KeyVersionNumber(BER_TLV_IE, tag=0x83):
+        _construct = Int8ub
+
+    class KeyParameterReferenceValue(BER_TLV_IE, tag=0x85):
+        _construct = Enum(Byte, secp256r1=0x00, secp384r1=0x01, secp521r1=0x02, brainpoolP256r1=0x03,
+                          brainpoolP256t1=0x04, brainpoolP384r1=0x05, brainpoolP384t1=0x06,
+                          brainpoolP512r1=0x07, brainpoolP512t1=0x08)
+
+    class ControlReferenceTemplate(BER_TLV_IE, tag=0xb9,
+                                   nested=[KeyUsageQualifier,
+                                           KeyAccess,
+                                           KeyType,
+                                           KeyLength,
+                                           KeyIdentifier,
+                                           KeyVersionNumber,
+                                           KeyParameterReferenceValue]):
+        pass
+
+    # Table 11-103
+    class EccPublicKey(DGI_TLV_IE, tag=0x0036):
+        _construct = GreedyBytes
+
+    # Table 11-105
+    class EccPrivateKey(DGI_TLV_IE, tag=0x8137):
+        _construct = GreedyBytes
+
+    # Global Platform Specification v2.3 Section 11.11.4 / Table 11-91
+    class KeyControlReferenceTemplate(DGI_TLV_IE, tag=0x00b9, nested=[ControlReferenceTemplate]):
+        pass
+
+
+# GlobalPlatform v2.3.1 Section H.4 / Table H-6
+class ScpType(BER_TLV_IE, tag=0x80):
+    _construct = HexAdapter(Byte)
+class ListOfSupportedOptions(BER_TLV_IE, tag=0x81):
+    _construct = GreedyBytes
+class SupportedKeysForScp03(BER_TLV_IE, tag=0x82):
+    _construct = FlagsEnum(Byte, aes128=0x01, aes192=0x02, aes256=0x04)
+class SupportedTlsCipherSuitesForScp81(BER_TLV_IE, tag=0x83):
+    _consuruct = GreedyRange(Int16ub)
+class ScpInformation(BER_TLV_IE, tag=0xa0, nested=[ScpType, ListOfSupportedOptions, SupportedKeysForScp03,
+                                                   SupportedTlsCipherSuitesForScp81]):
     pass
 class PrivilegesAvailableSSD(BER_TLV_IE, tag=0x81):
     pass
@@ -123,15 +196,24 @@
     pass
 class SupportedLFDBHAlgorithms(BER_TLV_IE, tag=0x83):
     pass
+# GlobalPlatform Card Specification v2.3 / Table H-8
 class CiphersForLFDBEncryption(BER_TLV_IE, tag=0x84):
-    pass
+    _construct = Enum(Byte, tripledes16=0x01, aes128=0x02, aes192=0x04, aes256=0x08,
+                      icv_supported_for_lfdb=0x80)
+CipherSuitesForSignatures = Struct('byte1'/FlagsEnum(Byte, rsa1024_pkcsv15_sha1=0x01,
+                                                     rsa_gt1024_pss_sha256=0x02,
+                                                     single_des_plus_final_triple_des_mac_16b=0x04,
+                                                     cmac_aes128=0x08, cmac_aes192=0x10, cmac_aes256=0x20,
+                                                     ecdsa_ecc256_sha256=0x40, ecdsa_ecc384_sha384=0x80),
+                                   'byte2'/COptional(FlagsEnum(Byte, ecdsa_ecc512_sha512=0x01,
+                                                               ecdsa_ecc_521_sha512=0x02)))
 class CiphersForTokens(BER_TLV_IE, tag=0x85):
-    pass
+    _construct = CipherSuitesForSignatures
 class CiphersForReceipts(BER_TLV_IE, tag=0x86):
-    pass
+    _construct = CipherSuitesForSignatures
 class CiphersForDAPs(BER_TLV_IE, tag=0x87):
-    pass
-class KeyParameterReferenceList(BER_TLV_IE, tag=0x88):
+    _construct = CipherSuitesForSignatures
+class KeyParameterReferenceList(BER_TLV_IE, tag=0x88, nested=[KeyLoading.KeyParameterReferenceValue]):
     pass
 class CardCapabilityInformation(BER_TLV_IE, tag=0x67, nested=[ScpInformation, PrivilegesAvailableSSD,
                                                               PrivilegesAvailableApplication,
@@ -253,10 +335,10 @@
     pass
class IssuerIdentificationNumber(BER_TLV_IE, tag=0x42):
-    _construct = BcdAdapter(GreedyBytes)
+    _construct = HexAdapter(GreedyBytes)
class CardImageNumber(BER_TLV_IE, tag=0x45):
-    _construct = BcdAdapter(GreedyBytes)
+    _construct = HexAdapter(GreedyBytes)
class SequenceCounterOfDefaultKvn(BER_TLV_IE, tag=0xc1):
     _construct = GreedyInteger()
-- 
To view, visit https://gerrit.osmocom.org/c/pysim/+/35564?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: I853c94d37939ef3dd795f893232b0276a5a4af81
Gerrit-Change-Number: 35564
Gerrit-PatchSet: 1
Gerrit-Owner: laforge laforge@osmocom.org
Gerrit-MessageType: newchange



    