From eb04bb108207d6dabe5d35826a3a71d4f51d897c Mon Sep 17 00:00:00 2001
From: Philipp Maier <pmaier@sysmocom.de>
Date: Fri, 6 Feb 2026 11:48:32 +0100
Subject: [PATCH] contrib/smpp-ota-tool: warn about mixed up KIC/KIC indexes

Cards usually have multiple sets of KIC, KID (and KIK). The keys
are selected through an index. However, mixing keys from different
sets is concidered as a security violation and cards should reject
such configurations.

Let's print a warning to make users aware that something is off.

Change-Id: Ieb4e14145baba1c2cb4a237b612b04694940f402
Related: OS#6868
---
 contrib/smpp-ota-tool.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/contrib/smpp-ota-tool.py b/contrib/smpp-ota-tool.py
index c2e95627..09035333 100755
--- a/contrib/smpp-ota-tool.py
+++ b/contrib/smpp-ota-tool.py
@@ -214,6 +214,10 @@ if __name__ == '__main__':
                         format='%(asctime)s %(levelname)s %(message)s',
                         datefmt='%Y-%m-%d %H:%M:%S')
 
+    if opts.kic_idx != opts.kid_idx:
+        logger.warning("KIC index (%s) and KID index (%s) are different (security violation, card should reject message)",
+                       opts.kic_idx, opts.kid_idx)
+
     ota_keyset = OtaKeyset(algo_crypt=opts.algo_crypt,
                            kic_idx=opts.kic_idx,
                            kic=h2b(opts.kic),