OTA: Fix padding of AES CMAC

When using AES CMAC for authentication of OTA messages, we must not pad
the user data before calling the CMAC function. This is unlike the DES
MAC, where padding to the DES block size is mandatory.

This bug was discovered when trying to talk OTA with AES to a
sysmoISIM-SJA5.  This patch makes the OTA AES interoperate with the
card.  Also, with this patch the cryptographic results of pySim/ota.py
are identical to those of the java code
org.opentelecoms.gsm0348.impl.crypto.CipheringManager

Change-Id: I4b40b5857f95ccb21c35795abe7a1995e368bac3

pySim/ota.py

@@ -1,6 +1,6 @@
 """Code related to SIM/UICC OTA according to TS 102 225 + TS 31.115."""
 
-# (C) 2021-2022 by Harald Welte <laforge@osmocom.org>
+# (C) 2021-2023 by Harald Welte <laforge@osmocom.org>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -305,7 +305,7 @@ class OtaAlgoCryptAES(OtaAlgoCrypt):
 class OtaAlgoAuthAES(OtaAlgoAuth):
     name = 'AES'
     enum_name = 'aes_cmac'
-    blocksize = 16 # TODO: is this needed?
+    blocksize = 1 # AES CMAC doesn't need any padding by us
     def _sign(self, data:bytes) -> bytes:
         cmac = CMAC.new(self.otak.kid, ciphermod=AES, mac_len=8)
         cmac.update(data)