Compare commits

...

2 Commits

Author SHA1 Message Date
Vadim Yanitskiy f6a806494c shadysim.py: fix: do not apply redundant 8 * '00' padding
When the application message payload is encrypted with any variant
of DES, the length of the ciphertext has to be a multiple of 8 bytes
- hence if the plaintext length is not a multiple of 8 bytes, the
plaintext needs to be padded.

If the ciphertext is already aligned, the current logic would append
8 redundant padding octets.  The resulting encrypted message should
be considered malformed per standard specs, but sysmoUSIM-SJS1 cards
are liberal in what they accept in this instance thus the bug went
unnoticed.  The newer sysmoISIM-SJA2 cards do not accept such
malformed messages with invalid padding.

This bug was discovered and reported by the Mother Mychaela, see:
https://lists.osmocom.org/pipermail/openbsc/2021-February/013414.html
2021-02-22 22:35:45 +01:00
Vadim Yanitskiy 8ac76661ce shadysim.py: use string multiplication to add padding 2021-02-22 22:25:43 +01:00
1 changed files with 4 additions and 4 deletions

View File

@ -114,10 +114,10 @@ class AppLoaderCommands(object):
# Padding if Ciphering is used
if ((spi_1 & 0x04) != 0): # check ciphering bit
len_cipher = 6 + len_sig + (len(data) / 2)
pad_cnt = 8 - (len_cipher % 8) # 8 Byte blocksize for DES-CBC (TODO: different padding)
# TODO: there is probably a better way to add "pad_cnt" padding bytes
for i in range(0, pad_cnt):
data = data + '00';
# 8 Byte blocksize for DES-CBC (TODO: different padding)
if len_cipher % 8 > 0:
pad_cnt = 8 - (len_cipher % 8)
data += '00' * pad_cnt
# CHL + SPI first octet
part_head = ('%02x' % (0x0D + len_sig)) + ('%02x' % (spi_1))