shadysim.py: fix: do not apply redundant 8 * '00' padding
When the application message payload is encrypted with any variant of DES, the length of the ciphertext has to be a multiple of 8 bytes - hence if the plaintext length is not a multiple of 8 bytes, the plaintext needs to be padded. If the ciphertext is already aligned, the current logic would append 8 redundant padding octets. The resulting encrypted message should be considered malformed per standard specs, but sysmoUSIM-SJS1 cards are liberal in what they accept in this instance thus the bug went unnoticed. The newer sysmoISIM-SJA2 cards do not accept such malformed messages with invalid padding. This bug was discovered and reported by the Mother Mychaela, see: https://lists.osmocom.org/pipermail/openbsc/2021-February/013414.html
This commit is contained in:
parent
8ac76661ce
commit
f6a806494c
|
@ -114,8 +114,10 @@ class AppLoaderCommands(object):
|
||||||
# Padding if Ciphering is used
|
# Padding if Ciphering is used
|
||||||
if ((spi_1 & 0x04) != 0): # check ciphering bit
|
if ((spi_1 & 0x04) != 0): # check ciphering bit
|
||||||
len_cipher = 6 + len_sig + (len(data) / 2)
|
len_cipher = 6 + len_sig + (len(data) / 2)
|
||||||
pad_cnt = 8 - (len_cipher % 8) # 8 Byte blocksize for DES-CBC (TODO: different padding)
|
# 8 Byte blocksize for DES-CBC (TODO: different padding)
|
||||||
data += '00' * pad_cnt
|
if len_cipher % 8 > 0:
|
||||||
|
pad_cnt = 8 - (len_cipher % 8)
|
||||||
|
data += '00' * pad_cnt
|
||||||
|
|
||||||
# CHL + SPI first octet
|
# CHL + SPI first octet
|
||||||
part_head = ('%02x' % (0x0D + len_sig)) + ('%02x' % (spi_1))
|
part_head = ('%02x' % (0x0D + len_sig)) + ('%02x' % (spi_1))
|
||||||
|
|
Loading…
Reference in New Issue