ConfigureISDPRequest error during profile package installation into an ISD-P on an eUICC

Question

I'm assembling the SGP.22 GetBoundProfilePackage response that starts with the InitialiseSecureChannelRequest for which I'm getting a 90 00 success code. The subsequent ConfigureISDPRequest is returning an errorReason 8 which is an scp03t/BSP security error.

There are several steps for the scp03t (now relabelled as BSP in v3 of SGP.22) process and ConfigureISDPRequest requires encryption and MACing. The error code doesn't provide a way of identifying which step contains the error.

The first step is to generate the ShS shared secret using previously generated (for InitialiseSecureChannelRequest) smdpOtsk private key and euiccOtpk public key. This ECDH procedure is defined in NIST SP 800-56Ar3 section 5.7.1.2:

Compute the point P = hdAQB.
If P = Ø, destroy all intermediate values used in the attempted computation of P, then output an error indicator, and exit this process without further processing.
Else, set z = xP, where xP is the x-coordinate of P, and convert z to Z, using the field- element-to-byte string conversion routine defined in Appendix C.2.

My Golang code, having referred to this post though I note I don't think it needs hashing after - that appears to be a TLS thing:

calcedX, _ := euiccOtpk.Curve.ScalarMult(euiccOtpk.X, euiccOtpk.Y, smdpOtsk.D.Bytes())

What isn't clear to me here is part 3 in the NIST SP 800-56Ar3 steps - convert z to Z, using the field-element-to-byte string conversion routine defined in Appendix C.2.

I've used the following code for the Field-Element-to-Byte String Conversion specified in Appendix C.2 and my question is whether or not this is correct?

    fixedBytes := make([]byte, 32)
    calcedX.FillBytes(fixedBytes)
    return fixedBytes

ConfigureISDPRequest error during profile package installation into an ISD-P on an eUICC

Answers (1)

Related Questions