Attention is currently required from: dexter.
laforge has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/39225?usp=email )
Change subject: global_platform: fix usage of the Key Version Number (kvn) ......................................................................
Patch Set 3: Code-Review+1
(1 comment)
File pySim/global_platform/scp.py:
https://gerrit.osmocom.org/c/pysim/+/39225/comment/9e5d033c_48ccc764?usp=ema... : PS2, Line 230: kvn_ranges = [[0x00, 0x00], [0x01, 0x01], [0x20, 0x2f], [0x70, 0x70]]
I have tried to find some more information about those ranges, but I couldn't find any information a […]
the spec reference you indicated just talks about KVN / KID within the same SD. The check I implemented originally is about deriving the SCP version from the KVN. The spec quote says nothing about those.
* TS 102 225 Annex A.1 states KVN 0x01..0x0F shall be used for SCP80 * GPC_GUI_003 states * For the Issuer Security Domain, this is initially Key Version Number 'FF' which has been deliberately chosen to be outside of the allowable range ('01' to '7F') for a Key Version Number. * It is logical that the initial keys in the Issuer Security Domain be replaced by an initial issuer Key Version Number in the range '01' to '6F'. * Key Version Numbers '70' to '72' and '74' to '7F' are reserved for future use. * On an implementation supporting Supplementary Security Domains, the RSA public key with a Key Version Number '73' and a Key Identifier of '01' has the following functionality in a Supplementary Security Domain with the DAP Verification privilege [...] * GPC_GUI_010 V1.0.1 Section 6 states * Key Version number range ('20' to '2F') is reserved for SCP02 * Key Version 'FF' is reserved for use by an Issuer Security Domain supporting SCP02, and cannot be used for SCP80. This initial key set shall be replaced by a key set with a Key Version Number in the ('20' to '2F') range. * Key Version number range ('01' to '0F') is reserved for SCP80 * Key Version number '70' with Key Identifier '01' is reserved for the Token Key, which is either a RSA public key or a DES key * Key Version number '71' with Key Identifier '01' is reserved for the Receipt Key, which is a DES key * Key Version Number '11' is reserved for DAP as specified in ETSI TS 102 226 [2] * Key Version Number '73' with Key Identifier '01' is reserved for the DAP verification key as specified in sections 3.3.3 and 4 of [4], which is either an RSA public key or DES key * Key Version Number '74' is reserved for the CASD Keys (cf. section 9.2) * Key Version Number '75' with Key Identifier '01' is reserved for the key used to decipher the Ciphered Load File Data Block described in section 4.8 of [5].
Sadly I don't have the UICC Configuration 2.0 document, and GP charges 1495 USD for a copy, so I'm currently unable to "officially" confirm that the '30 .. 3F' range is reserved for SCP03.
Given I did all the above research now durign this patch review, please add a commit that copy+pastes the above KVN ranges somewhere into the pySim source code for further reference.
-
laforge