diff options
author | Harald Welte <laforge@osmocom.org> | 2023-05-31 18:07:48 +0200 |
---|---|---|
committer | laforge <laforge@osmocom.org> | 2023-06-03 12:45:35 +0000 |
commit | 219a5f369c82c5ba266e1e828bd0116fca6f714b (patch) | |
tree | 27857a9bf88275adf2145c92157360b658783ab4 | |
parent | 03650582e0cda9564e48bebd86049349d928d0be (diff) |
OTA: Fix padding of AES CMAC
When using AES CMAC for authentication of OTA messages, we must not pad
the user data before calling the CMAC function. This is unlike the DES
MAC, where padding to the DES block size is mandatory.
This bug was discovered when trying to talk OTA with AES to a
sysmoISIM-SJA5. This patch makes the OTA AES interoperate with the
card. Also, with this patch the cryptographic results of pySim/ota.py
are identical to those of the java code
org.opentelecoms.gsm0348.impl.crypto.CipheringManager
Change-Id: I4b40b5857f95ccb21c35795abe7a1995e368bac3
-rw-r--r-- | pySim/ota.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pySim/ota.py b/pySim/ota.py index 80c823e..83303a6 100644 --- a/pySim/ota.py +++ b/pySim/ota.py @@ -1,6 +1,6 @@ """Code related to SIM/UICC OTA according to TS 102 225 + TS 31.115.""" -# (C) 2021-2022 by Harald Welte <laforge@osmocom.org> +# (C) 2021-2023 by Harald Welte <laforge@osmocom.org> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -305,7 +305,7 @@ class OtaAlgoCryptAES(OtaAlgoCrypt): class OtaAlgoAuthAES(OtaAlgoAuth): name = 'AES' enum_name = 'aes_cmac' - blocksize = 16 # TODO: is this needed? + blocksize = 1 # AES CMAC doesn't need any padding by us def _sign(self, data:bytes) -> bytes: cmac = CMAC.new(self.otak.kid, ciphermod=AES, mac_len=8) cmac.update(data) |