catarrh/pysim-local
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

osmo-smdpp: Make error message more descriptive

Browse Source 
Before this patch we had three different error causes that would cause a
"Verification failed" error message.  Let's state explicitly which part
of verification did actually fail.

Change-Id: I5030758fe365bb802ae367b494aace5a66bc7a91
This commit is contained in:
Harald Welte
2024-05-30 19:32:07 +02:00
parent 56912caac7
commit 64a5901c4c
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
osmo-smdpp.py
View File

@@ -325,14 +325,14 @@ class SmDppHttpServer:
try: try:
cs.verify_cert_chain(euicc_cert) cs.verify_cert_chain(euicc_cert)
except VerifyError: except VerifyError:
raise ApiError('8.1.3', '6.1', 'Verification failed') raise ApiError('8.1.3', '6.1', 'Verification failed (certificate chain)')
# raise ApiError('8.1.3', '6.3', 'Expired') # raise ApiError('8.1.3', '6.3', 'Expired')
# Verify euiccSignature1 over euiccSigned1 using pubkey from euiccCertificate. # Verify euiccSignature1 over euiccSigned1 using pubkey from euiccCertificate.
# Otherwise, the SM-DP+ SHALL return a status code "eUICC - Verification failed" # Otherwise, the SM-DP+ SHALL return a status code "eUICC - Verification failed"
if not self._ecdsa_verify(euicc_cert, euiccSignature1_bin, euiccSigned1_bin): if not self._ecdsa_verify(euicc_cert, euiccSignature1_bin, euiccSigned1_bin):
raise ApiError('8.1', '6.1', 'Verification failed') raise ApiError('8.1', '6.1', 'Verification failed (euiccSignature1 over euiccSigned1)')
# TODO: verify EID of eUICC cert is within permitted range of EUM cert # TODO: verify EID of eUICC cert is within permitted range of EUM cert
@@ -343,7 +343,7 @@ class SmDppHttpServer:
# serverChallenge returned by the eUICC. Otherwise, the SM-DP+ SHALL return a status code "eUICC - # serverChallenge returned by the eUICC. Otherwise, the SM-DP+ SHALL return a status code "eUICC -
# Verification failed". # Verification failed".
if euiccSigned1['serverChallenge'] != ss.serverChallenge: if euiccSigned1['serverChallenge'] != ss.serverChallenge:
raise ApiError('8.1', '6.1', 'Verification failed') raise ApiError('8.1', '6.1', 'Verification failed (serverChallenge)')
# If ctxParams1 contains a ctxParamsForCommonAuthentication data object, the SM-DP+ Shall [...] # If ctxParams1 contains a ctxParamsForCommonAuthentication data object, the SM-DP+ Shall [...]
# TODO: We really do a very simplistic job here, this needs to be properly implemented later, # TODO: We really do a very simplistic job here, this needs to be properly implemented later,