Menu
▾
▴
Re: [Globalplatform-developers] scp03 with encryption
|
From: Karsten O. <wid...@t-...> - 2019-08-21 15:29:42
|
Hi,
thanks for the patch. I have started to fix the SCP03 mutual
authentication a couple days ago, not sure where I have left off. Can
you please describe the problem with the existing code? I tried to
summarize what I have found, is this correct?
* I see that the CMAC CLA byte is always set to 0x84, which was incorrect.
* The EVP_EncryptUpdate is now not encrypting the message in one step.
* The padding size inthe wrap_command function is already included in
the encryptionLength and the wrappedLength calculation can be
simplified.
Have you checked if the R-MAC computation is correct? The unwrap
function is missing, so actually no response decryption should work. I
have not invested time to look into this, but the patch does not contain
any fixes for that?
Thanks,
Karsten
Am 21.08.2019 um 14:08 schrieb Klas Lindfors via Globalplatform-developers:
> Hello!
>
> I've been trying to use gpshell with a scp03 device and ran into some
> issues with how the encryption support is implemented. I'm attaching a
> patch that for me works for scp03 with 0x60 mode (c-dec, r-enc, c-mac,
> r-mac).
>
> Thanks!
>
> /klas
>
>
> _______________________________________________
> Globalplatform-developers mailing list
> Glo...@li...
> https://lists.sourceforge.net/lists/listinfo/globalplatform-developers
|
