global_platform/scp: fix dek_encrypt/dek_decrypt for SCP02

The methods dek_encrypt/dek_decrypt use the wrong algorithm and the wrong key material. The algorithm should be 3DES rather then single DES and the key must be the DEK session key instead of the static DEK key from which the DEK session key is derived. Related: SYS#7902 Change-Id: I3d0cc7378680b346fa39152c8b7074446d2c869d
2026-03-16 18:38:32 +03:00 · 2026-03-02 18:13:12 +01:00
parent d8f3c78135
commit f10af30aed
1 changed files with 4 additions and 2 deletions
--- a/pySim/global_platform/scp.py
+++ b/pySim/global_platform/scp.py
@@ -266,11 +266,13 @@ class SCP02(SCP):
        super().__init__(*args, **kwargs)

    def dek_encrypt(self, plaintext:bytes) -> bytes:
-        cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB)
+        # See also GPC section B.1.1.2, E.4.7, and E.4.1
+        cipher = DES3.new(self.sk.data_enc, DES.MODE_ECB)
        return cipher.encrypt(plaintext)

    def dek_decrypt(self, ciphertext:bytes) -> bytes:
-        cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB)
+        # See also GPC section B.1.1.2, E.4.7, and E.4.1
+        cipher = DES3.new(self.sk.data_enc, DES.MODE_ECB)
        return cipher.decrypt(ciphertext)

    def _compute_cryptograms(self, card_challenge: bytes, host_challenge: bytes):