Re: [Globalplatform-developers] scp03 with encryption

[Klas L. <kl...@yu...>]

Hello!

thanks for the patch. I have started to fix the SCP03 mutual authentication
> a couple days ago, not sure where I have left off. Can you please describe
> the problem with the existing code? I tried to summarize what I have found,
> is this correct?
>
Sorry, should've provided more details with the patch,


>
>    - I see that the CMAC CLA byte is always set to 0x84, which was
>    incorrect.
>
> Yes, (as I read the spec) CLA on mac is supposed to always be 0x84
disregarding whatever it actually is.


>    - The EVP_EncryptUpdate is now not encrypting the message in one step.
>
> Yeah, the previous code did EncryptUpdate in chunks of 8 which means every
second call just buffers the data, I replaced that with one call to avoid
having to care about sizes at all.
Additionally it only used 1-8 bytes of padding where AES needs 1-16 bytes.


>    - The padding size inthe wrap_command function is already included in
>    the encryptionLength and the wrappedLength calculation can be simplified.
>
> Yeah, here I added checks of status from the AES functions to bail out on
failure and restructured the length calculations, additionally the
encrypted part from calculate_enc_cbc_SCP03() was never moved into
wrappedApduCommand.

Have you checked if the R-MAC computation is correct? The unwrap function
> is missing, so actually no response decryption should work. I have not
> invested time to look into this, but the patch does not contain any fixes
> for that?
>
Yeah, R-MAC seems to validate correctly for me, I noted the missing unwrap,
no fix for that.

I'm poking a bit at getting put_sc_key working with scp03 right now.

Thanks!

/klas