mirror of https://gerrit.osmocom.org/pysim
OTA: Fix padding of AES CMAC
When using AES CMAC for authentication of OTA messages, we must not pad the user data before calling the CMAC function. This is unlike the DES MAC, where padding to the DES block size is mandatory. This bug was discovered when trying to talk OTA with AES to a sysmoISIM-SJA5. This patch makes the OTA AES interoperate with the card. Also, with this patch the cryptographic results of pySim/ota.py are identical to those of the java code org.opentelecoms.gsm0348.impl.crypto.CipheringManager Change-Id: I4b40b5857f95ccb21c35795abe7a1995e368bac3
This commit is contained in:
parent
03650582e0
commit
219a5f369c
|
@ -1,6 +1,6 @@
|
|||
"""Code related to SIM/UICC OTA according to TS 102 225 + TS 31.115."""
|
||||
|
||||
# (C) 2021-2022 by Harald Welte <laforge@osmocom.org>
|
||||
# (C) 2021-2023 by Harald Welte <laforge@osmocom.org>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
|
@ -305,7 +305,7 @@ class OtaAlgoCryptAES(OtaAlgoCrypt):
|
|||
class OtaAlgoAuthAES(OtaAlgoAuth):
|
||||
name = 'AES'
|
||||
enum_name = 'aes_cmac'
|
||||
blocksize = 16 # TODO: is this needed?
|
||||
blocksize = 1 # AES CMAC doesn't need any padding by us
|
||||
def _sign(self, data:bytes) -> bytes:
|
||||
cmac = CMAC.new(self.otak.kid, ciphermod=AES, mac_len=8)
|
||||
cmac.update(data)
|
||||
|
|
Loading…
Reference in New Issue