diff --git a/osmo-smdpp.py b/osmo-smdpp.py index 3dc6131a..9ed1e39f 100755 --- a/osmo-smdpp.py +++ b/osmo-smdpp.py @@ -292,8 +292,7 @@ class SmDppHttpServer: r_ok = authenticateServerResp[1] euiccSigned1 = r_ok['euiccSigned1'] - # TODO: use original data, don't re-encode? - euiccSigned1_bin = rsp.asn1.encode('EuiccSigned1', euiccSigned1) + euiccSigned1_bin = rsp.extract_euiccSigned1(authenticateServerResp_bin) euiccSignature1_bin = r_ok['euiccSignature1'] euiccCertificate_dec = r_ok['euiccCertificate'] # TODO: use original data, don't re-encode? @@ -422,8 +421,7 @@ class SmDppHttpServer: # Verify the euiccSignature2 computed over euiccSigned2 and smdpSignature2 using the PK.EUICC.SIG attached to the ongoing RSP session euiccSigned2 = r_ok['euiccSigned2'] - # TODO: use original data, don't re-encode? - euiccSigned2_bin = rsp.asn1.encode('EUICCSigned2', euiccSigned2) + euiccSigned2_bin = rsp.extract_euiccSigned2(prepDownloadResp_bin) if not self._ecdsa_verify(ss.euicc_cert, r_ok['euiccSignature2'], euiccSigned2_bin + ss.smdpSignature2_do): raise ApiError('8.1', '6.1', 'eUICC signature is invalid') diff --git a/pySim/esim/rsp.py b/pySim/esim/rsp.py index ec317fc0..a0320318 100644 --- a/pySim/esim/rsp.py +++ b/pySim/esim/rsp.py @@ -24,6 +24,7 @@ from cryptography.hazmat.primitives.asymmetric import ec from cryptography.hazmat.primitives.serialization import Encoding from cryptography import x509 +from pySim.utils import bertlv_parse_one, bertlv_encode_tag, bertlv_encode_len, b2h from pySim.esim import compile_asn1_subdir asn1 = compile_asn1_subdir('rsp') @@ -96,3 +97,41 @@ class RspSessionState: class RspSessionStore(shelve.DbfilenameShelf): """A derived class as wrapper around the database-backed non-volatile storage 'shelve', in case we might need to extend it in the future. We use it to store RspSessionState objects indexed by transactionId.""" + +def extract_euiccSigned1(authenticateServerResponse: bytes) -> bytes: + """Extract the raw, DER-encoded binary euiccSigned1 field from the given AuthenticateServerResponse. This + is needed due to the very peculiar SGP.22 notion of signing sections of DER-encoded ASN.1 objects.""" + tdict, l, v, remainder = bertlv_parse_one(authenticateServerResponse) + rawtag = bertlv_encode_tag(tdict) + if len(remainder): + raise ValueError('Excess data at end of TLV') + if b2h(rawtag) != 'bf38': + raise ValueError('Unexpected outer tag: %s' % b2h(rawtag)) + tdict, l, v1, remainder = bertlv_parse_one(v) + rawtag = bertlv_encode_tag(tdict) + if b2h(rawtag) != 'a0': + raise ValueError('Unexpected tag where CHOICE was expected') + tdict, l, v2, remainder = bertlv_parse_one(v1) + rawtag = bertlv_encode_tag(tdict) + if b2h(rawtag) != '30': + raise ValueError('Unexpected tag where SEQUENCE was expected') + return rawtag + bertlv_encode_len(l) + v2 + +def extract_euiccSigned2(prepareDownloadResponse: bytes) -> bytes: + """Extract the raw, DER-encoded binary euiccSigned2 field from the given prepareDownloadrResponse. This is + needed due to the very peculiar SGP.22 notion of signing sections of DER-encoded ASN.1 objects.""" + tdict, l, v, remainder = bertlv_parse_one(prepareDownloadResponse) + rawtag = bertlv_encode_tag(tdict) + if len(remainder): + raise ValueError('Excess data at end of TLV') + if b2h(rawtag) != 'bf21': + raise ValueError('Unexpected outer tag: %s' % b2h(rawtag)) + tdict, l, v1, remainder = bertlv_parse_one(v) + rawtag = bertlv_encode_tag(tdict) + if b2h(rawtag) != 'a0': + raise ValueError('Unexpected tag where CHOICE was expected') + tdict, l, v2, remainder = bertlv_parse_one(v1) + rawtag = bertlv_encode_tag(tdict) + if b2h(rawtag) != '30': + raise ValueError('Unexpected tag where SEQUENCE was expected') + return rawtag + bertlv_encode_len(l) + v2