From bb9fddd1814ce59f8ee17c41390ec26926669534 Mon Sep 17 00:00:00 2001
From: Andrea Franz <andrea@gravityblast.com>
Date: Mon, 8 Oct 2018 11:43:53 +0200
Subject: [PATCH] skip security checkes on smartcard scp02 algorithm using des

---
 globalplatform/crypto/crypto.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/globalplatform/crypto/crypto.go b/globalplatform/crypto/crypto.go
index e2e7337..2c91377 100644
--- a/globalplatform/crypto/crypto.go
+++ b/globalplatform/crypto/crypto.go
@@ -3,6 +3,8 @@ package crypto
 import (
 	"bytes"
 	"crypto/cipher"
+
+	/* #nosec */
 	"crypto/des"
 )
 
@@ -23,6 +25,7 @@ func DeriveKey(cardKey []byte, seq []byte, purpose []byte) ([]byte, error) {
 	copy(derivation, purpose[:2])
 	copy(derivation[2:], seq[:2])
 
+	/* #nosec */
 	block, err := des.NewTripleDESCipher(key24)
 	if err != nil {
 		return nil, err
@@ -54,11 +57,13 @@ func VerifyCryptogram(encKey, hostChallenge, cardChallenge, cardCryptogram []byt
 func MacFull3DES(key, data, iv []byte) ([]byte, error) {
 	data = AppendDESPadding(data)
 
+	/* #nosec */
 	desBlock, err := des.NewCipher(resizeKey8(key))
 	if err != nil {
 		return nil, err
 	}
 
+	/* #nosec */
 	des3Block, err := des.NewTripleDESCipher(resizeKey24(key))
 	if err != nil {
 		return nil, err
@@ -85,6 +90,7 @@ func MacFull3DES(key, data, iv []byte) ([]byte, error) {
 // EncryptICV encrypts an ICV with the specified macKey.
 // The ICV is usually the mac of the previous command sent in the current session.
 func EncryptICV(macKey, icv []byte) ([]byte, error) {
+	/* #nosec */
 	block, err := des.NewCipher(resizeKey8(macKey))
 	if err != nil {
 		return nil, err
@@ -101,6 +107,7 @@ func EncryptICV(macKey, icv []byte) ([]byte, error) {
 func Mac3DES(key, data, iv []byte) ([]byte, error) {
 	key24 := resizeKey24(key)
 
+	/* #nosec */
 	block, err := des.NewTripleDESCipher(key24)
 	if err != nil {
 		return nil, err