[S] Change in pysim[master]: global_platform: fix usage of the Key Version Number (kvn) - gerrit-log

3 Jan 2025

dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/39225?usp=email )
Change subject: global_platform: fix usage of the Key Version Number (kvn)
......................................................................
global_platform: fix usage of the Key Version Number (kvn)
The kvn parameter is used to select a keyset when establishin a secure channel.
At the moment this is a mandatory parameter and it must be within a certain
range.
However GPC_SPE_034 explicitly defines a reserved kvn value 0, that always
refers to the first available key. That effectively makes it an optional
parameter and the commandline interface should have the --key-ver parameter
as an optional parameter.
The ranges also have to be extended to allow 0 as kvn value. We also have to
put a range to support the sysmoUSIM-sjs1, which uses kvn value 1, which is
a non standard value.
Related: OS#6679
Change-Id: I42be2438c7f199b238f2ec7a9434cec5393210a7
---
M pySim/global_platform/__init__.py
M pySim/global_platform/scp.py
2 files changed, 8 insertions(+), 4 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/25/39225/1

diff --git a/pySim/global_platform/__init__.py b/pySim/global_platform/__init__.py
index 023e7f9..04d254e 100644
--- a/pySim/global_platform/__init__.py
+++ b/pySim/global_platform/__init__.py
@@ -908,7 +908,7 @@
             self._cmd.poutput("done.")
est_scp02_parser = argparse.ArgumentParser()
-        est_scp02_parser.add_argument('--key-ver', type=auto_uint8, required=True, help='Key Version Number (KVN)')
+        est_scp02_parser.add_argument('--key-ver', type=auto_uint8, default=0, help='Key Version Number (KVN)')
         est_scp02_parser.add_argument('--host-challenge', type=is_hexstr,
                                       help='Hard-code the host challenge; default: random')
         est_scp02_parser.add_argument('--security-level', type=auto_uint8, default=0x01,
@@ -1013,7 +1013,9 @@
 class GpCardKeyset:
     """A single set of GlobalPlatform card keys and the associated KVN."""
     def __init__(self, kvn: int, enc: bytes, mac: bytes, dek: bytes):
-        assert 0 < kvn < 256
+        # The Key Version Number is an 8 bit integer number, where 0 refers to the first available key,
+        # see also: GPC_SPE_034, section E.5.1.3
+        assert 0 <= kvn < 256
         assert len(enc) == len(mac) == len(dek)
         self.kvn = kvn
         self.enc = enc
diff --git a/pySim/global_platform/scp.py b/pySim/global_platform/scp.py
index 3fe7601..1540503 100644
--- a/pySim/global_platform/scp.py
+++ b/pySim/global_platform/scp.py
@@ -224,8 +224,10 @@
constr_iur = Struct('key_div_data'/Bytes(10), 'key_ver'/Int8ub, Const(b'\x02'),
                         'seq_counter'/Int16ub, 'card_challenge'/Bytes(6), 'card_cryptogram'/Bytes(8))
-    # The 0x70 is a non-spec special-case of sysmoISIM-SJA2/SJA5 and possibly more sysmocom products
-    kvn_ranges = [[0x20, 0x2f], [0x70, 0x70]]
+    # Key Version Number 0x00 refers to the first available key, see also: GPC_SPE_034, section E.5.1.3
+    # Key Version Number 0x70 is a non-spec special-case of sysmoISIM-SJA2/SJA5 and possibly more sysmocom products
+    # Key Version Number 0x01 is a non-spec special-case of sysmoUSIM-SJS1
+    kvn_ranges = [[0x00, 0x00], [0x01, 0x01], [0x20, 0x2f], [0x70, 0x70]]
def __init__(self, *args, **kwargs):
         self.overhead = 8
-- 
To view, visit https://gerrit.osmocom.org/c/pysim/+/39225?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: I42be2438c7f199b238f2ec7a9434cec5393210a7
Gerrit-Change-Number: 39225
Gerrit-PatchSet: 1
Gerrit-Owner: dexter pmaier@sysmocom.de



    