From 219a5f369c82c5ba266e1e828bd0116fca6f714b Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@osmocom.org>
Date: Wed, 31 May 2023 18:07:48 +0200
Subject: [PATCH] OTA: Fix padding of AES CMAC

When using AES CMAC for authentication of OTA messages, we must not pad
the user data before calling the CMAC function. This is unlike the DES
MAC, where padding to the DES block size is mandatory.

This bug was discovered when trying to talk OTA with AES to a
sysmoISIM-SJA5.  This patch makes the OTA AES interoperate with the
card.  Also, with this patch the cryptographic results of pySim/ota.py
are identical to those of the java code
org.opentelecoms.gsm0348.impl.crypto.CipheringManager

Change-Id: I4b40b5857f95ccb21c35795abe7a1995e368bac3
---
 pySim/ota.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pySim/ota.py b/pySim/ota.py
index 80c823eb..83303a6c 100644
--- a/pySim/ota.py
+++ b/pySim/ota.py
@@ -1,6 +1,6 @@
 """Code related to SIM/UICC OTA according to TS 102 225 + TS 31.115."""
 
-# (C) 2021-2022 by Harald Welte <laforge@osmocom.org>
+# (C) 2021-2023 by Harald Welte <laforge@osmocom.org>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -305,7 +305,7 @@ class OtaAlgoCryptAES(OtaAlgoCrypt):
 class OtaAlgoAuthAES(OtaAlgoAuth):
     name = 'AES'
     enum_name = 'aes_cmac'
-    blocksize = 16 # TODO: is this needed?
+    blocksize = 1 # AES CMAC doesn't need any padding by us
     def _sign(self, data:bytes) -> bytes:
         cmac = CMAC.new(self.otak.kid, ciphermod=AES, mac_len=8)
         cmac.update(data)