laforge has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/33116 )

Change subject: OTA: Fix padding of AES CMAC ......................................................................

OTA: Fix padding of AES CMAC

When using AES CMAC for authentication of OTA messages, we must not pad the user data before calling the CMAC function. This is unlike the DES MAC, where padding to the DES block size is mandatory.

This bug was discovered when trying to talk OTA with AES to a sysmoISIM-SJA5. This patch makes the OTA AES interoperate with the card. Also, with this patch the cryptographic results of pySim/ota.py are identical to those of the java code org.opentelecoms.gsm0348.impl.crypto.CipheringManager

Change-Id: I4b40b5857f95ccb21c35795abe7a1995e368bac3 --- M pySim/ota.py 1 file changed, 21 insertions(+), 2 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/16/33116/1

diff --git a/pySim/ota.py b/pySim/ota.py index 80c823e..83303a6 100644 --- a/pySim/ota.py +++ b/pySim/ota.py @@ -1,6 +1,6 @@ """Code related to SIM/UICC OTA according to TS 102 225 + TS 31.115."""

-# (C) 2021-2022 by Harald Welte laforge@osmocom.org +# (C) 2021-2023 by Harald Welte laforge@osmocom.org # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -305,7 +305,7 @@ class OtaAlgoAuthAES(OtaAlgoAuth): name = 'AES' enum_name = 'aes_cmac' - blocksize = 16 # TODO: is this needed? + blocksize = 1 # AES CMAC doesn't need any padding by us def _sign(self, data:bytes) -> bytes: cmac = CMAC.new(self.otak.kid, ciphermod=AES, mac_len=8) cmac.update(data)