-
-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wrap_command() for scp03 is incomplete. #20
Comments
Can you please be more verbose? I see a memcpy instruction in https://sourceforge.net/p/globalplatform/git/ci/master/tree/globalplatform/src/crypto.c#l1635 Can you provide a fix and test it? Original comment by: kaoh |
If the security level == 0x03 (encrypt and mac), the encrypted data and the mac is copied, but the CLA secure messaging bit is not set in the CLA, meaning if CLA == 0x80, then it remains as 0x80. I can't confirm whether the encrypted data and mac is correct or not (yet).
The CLA If the security level == 0x01 (mac only), the mac is not copied. Also, somehow the data is corrupted. Similar to the above, the CLA is left unchanged too. Below is the log,
The CLA I'm currently working on the card side of SCP03 and I've switched from gpshell to GlobalPlatformPro as the testing tool. After I finished implementing the card side, I'll return and try to fix the implementation in gpshell. Original comment by: programatix |
So far I have not found an indication what could be wrong. Actually in there is a condition:
which should set the CLA: Maybe something is not passed correctly between some functions calls in the code. It could also be that gpshell is not prepared for SCP03 and not doing this correctly. Original comment by: kaoh |
Ah, I see the issue with CLA not changed. I have set the According to table 5-1 of GPC_2.3_D_SCP03_v1.1.2_PublicRelease.pdf, bits 6 and 7 determine whether there is R-MAC and R-ENCRYPTION only. There is no mention (in any of the bits) whether there is C-MAC and C-ENCRYPTION or not. So, I'm taking that no matter what is the value of "i", C-MAC and C-ENCRYPTION must be supported. However, gpshell assumed that if "i" == 0x00, then C-MAC and C-ENCRYPTION is not supported. Another thing I want to note (lines 1538 to 1547), shouldn't it check Original comment by: *anonymous |
But isn't the From
Regarding the comparison in line 1538: It might be safer to also include I think R-MAC and R-ENC is still missing in crypto.c Original comment by: kaoh |
From what I understand, This actually determine what the After EXTERNAL AUTHENTICATION, in this case the Original comment by: *anonymous |
There have been several code updates for SCP03. It works now for C-MAC and C-DEC and several examples like installation and status. R-MAC and R-ENC was added, but my test card does not accept it. You can give it a try. Original comment by: kaoh |
Only R-MAC and R-ENC is causing issues. No solution so far. |
Although the function encrypt the data and generate the mac, it doesn't copy them into wrappedApduCommand bytes array.
Reported by: programatix
The text was updated successfully, but these errors were encountered: