laforge has submitted this change. ( https://gerrit.osmocom.org/c/pysim/+/37931?usp=email ) ( 2 is the latest approved patch-set. No files were changed between the latest approved patch-set and the submitted one. )Change subject: scp: fix key length in dek_encrypt and dek_decrypt ...................................................................... scp: fix key length in dek_encrypt and dek_decrypt When creating the DES cipher object with DES.new, we use the property card_keys.dek. This property may hold a 16 byte key, but DES uses an 8 byte key (56 bit + 8 bit integrity). Pycryptodome does not automatically ignore excess key bytes. Instead it throws an exception. This means we need to make sure to supply only the first 8 bytes of card_keys.dek See also: https://pycryptodome.readthedocs.io/en/latest/src/cipher/des.html Related: OS#6531 Change-Id: I92e0dc6a6196b532bd8b53fca7b9e78070d6903f --- M pySim/global_platform/scp.py 1 file changed, 2 insertions(+), 2 deletions(-) Approvals: fixeria: Looks good to me, but someone else must approve laforge: Looks good to me, approved Jenkins Builder: Verified diff --git a/pySim/global_platform/scp.py b/pySim/global_platform/scp.py index f68bcf9..17463ff 100644 --- a/pySim/global_platform/scp.py +++ b/pySim/global_platform/scp.py @@ -230,11 +230,11 @@ super().__init__(*args, **kwargs) def dek_encrypt(self, plaintext:bytes) -> bytes: - cipher = DES.new(self.card_keys.dek, DES.MODE_ECB) + cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB) return cipher.encrypt(plaintext) def dek_decrypt(self, ciphertext:bytes) -> bytes: - cipher = DES.new(self.card_keys.dek, DES.MODE_ECB) + cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB) return cipher.decrypt(ciphertext) def _compute_cryptograms(self, card_challenge: bytes, host_challenge: bytes): -- To view, visit https://gerrit.osmocom.org/c/pysim/+/37931?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: merged Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I92e0dc6a6196b532bd8b53fca7b9e78070d6903f Gerrit-Change-Number: 37931 Gerrit-PatchSet: 3 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org>