dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/39225?usp=email ) Change subject: global_platform: fix usage of the Key Version Number (kvn) ...................................................................... global_platform: fix usage of the Key Version Number (kvn) The kvn parameter is used to select a keyset when establishin a secure channel. At the moment this is a mandatory parameter and it must be within a certain range. However GPC_SPE_034 explicitly defines a reserved kvn value 0, that always refers to the first available key. That effectively makes it an optional parameter and the commandline interface should have the --key-ver parameter as an optional parameter. The ranges also have to be extended to allow 0 as kvn value. We also have to put a range to support the sysmoUSIM-sjs1, which uses kvn value 1, which is a non standard value. Related: OS#6679 Change-Id: I42be2438c7f199b238f2ec7a9434cec5393210a7 --- M pySim/global_platform/__init__.py M pySim/global_platform/scp.py 2 files changed, 8 insertions(+), 4 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/25/39225/1 diff --git a/pySim/global_platform/__init__.py b/pySim/global_platform/__init__.py index 023e7f9..04d254e 100644 --- a/pySim/global_platform/__init__.py +++ b/pySim/global_platform/__init__.py @@ -908,7 +908,7 @@ self._cmd.poutput("done.") est_scp02_parser = argparse.ArgumentParser() - est_scp02_parser.add_argument('--key-ver', type=auto_uint8, required=True, help='Key Version Number (KVN)') + est_scp02_parser.add_argument('--key-ver', type=auto_uint8, default=0, help='Key Version Number (KVN)') est_scp02_parser.add_argument('--host-challenge', type=is_hexstr, help='Hard-code the host challenge; default: random') est_scp02_parser.add_argument('--security-level', type=auto_uint8, default=0x01, @@ -1013,7 +1013,9 @@ class GpCardKeyset: """A single set of GlobalPlatform card keys and the associated KVN.""" def __init__(self, kvn: int, enc: bytes, mac: bytes, dek: bytes): - assert 0 < kvn < 256 + # The Key Version Number is an 8 bit integer number, where 0 refers to the first available key, + # see also: GPC_SPE_034, section E.5.1.3 + assert 0 <= kvn < 256 assert len(enc) == len(mac) == len(dek) self.kvn = kvn self.enc = enc diff --git a/pySim/global_platform/scp.py b/pySim/global_platform/scp.py index 3fe7601..1540503 100644 --- a/pySim/global_platform/scp.py +++ b/pySim/global_platform/scp.py @@ -224,8 +224,10 @@ constr_iur = Struct('key_div_data'/Bytes(10), 'key_ver'/Int8ub, Const(b'\x02'), 'seq_counter'/Int16ub, 'card_challenge'/Bytes(6), 'card_cryptogram'/Bytes(8)) - # The 0x70 is a non-spec special-case of sysmoISIM-SJA2/SJA5 and possibly more sysmocom products - kvn_ranges = [[0x20, 0x2f], [0x70, 0x70]] + # Key Version Number 0x00 refers to the first available key, see also: GPC_SPE_034, section E.5.1.3 + # Key Version Number 0x70 is a non-spec special-case of sysmoISIM-SJA2/SJA5 and possibly more sysmocom products + # Key Version Number 0x01 is a non-spec special-case of sysmoUSIM-SJS1 + kvn_ranges = [[0x00, 0x00], [0x01, 0x01], [0x20, 0x2f], [0x70, 0x70]] def __init__(self, *args, **kwargs): self.overhead = 8 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/39225?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I42be2438c7f199b238f2ec7a9434cec5393210a7 Gerrit-Change-Number: 39225 Gerrit-PatchSet: 1 Gerrit-Owner: dexter &lt;pmaier(a)sysmocom.de&gt;