The "TCA Loader" is a freeware utility program published by the
Trusted Connectivity Alliance for testing SCP80, SCP81, SCP02 and SCP03
in UICCs. It can generate text log files of the APDUs it exchanges;
let's add this file format to pySim-trace
Change-Id: Ie76d36bb18c6bd8968d2a5b74ec1b8c5ccaaa409
Now that CardKeyProvider is capable of storing key materials
transport-key-encrypted, we can use this functionality to look up the
SCP02 / SCP03 key material for a given security domain.
This patch implements this for the ISD-R and ECASD using a look-up by
EID inside the CSV.
Change-Id: I2a21f031ab8af88019af1b8390612678b9b35880
It's generally a bad idea to keep [card specific] key material lying
around unencrypted in CSV files. The industry standard solution in the
GSMA is a so-called "transport key", which encrypts the key material.
Let's introduce support for this in the CardKeyProvider (and
specifically, the CardKeyProviderCSV) and allow the user to specify
transport key material as command line options to pySim-shell.
Different transport keys can be used for different key materials, so
allow specification of keys on a CSV-column base.
The higher-level goal is to allow the CSV file not only to store
the ADM keys (like now), but also global platform key material for
establishing SCP towards various security domains in a given card.
Change-Id: I13146a799448d03c681dc868aaa31eb78b7821ff
So far the main use case was to read a ProfileElement-SD from
a DER file. But when we want to construct one from scratch,
we need to have the constructor put some meaningful [default]
values into the class members.
Change-Id: I69e104f1d78165c12291317326dbab05977a1574
This way it's possible to programmatically inspect and modify the
high-level decoded key material inside a securityDomain profile element.
Change-Id: I18b1444303de80eaddd840a7e0061ea0098a8ba1
It's rather useful to have derived classes implementing specific
functions related to that SAIP profile type. Let's introruce that
concept and a first example for securityDomain, where methods allow
checking/adding/removing support for SCPs.
Change-Id: I0929cc704b2aabddbc2ddee79ab8b674b1ed4691
When de-MAC-ing at the recipient side, we must increment the cipher(!)
block number even if no ciphering is done at all.
We did this correctly for MAC (sender) case, but not on the de-MAC
(receiver) case.
Change-Id: I97993f9e8357b36401d435aaa15558d1c7e411eb
In the eSIM RSP univers there are some rather ugly layering violatoins
where ASN.1 cannot be parsed but we have to mess with raw TLVs and the
details of DER encoding. Let's add two funtions that make it more
convenient to work with this: They return the raw tag as integer, or
even the entire encoded TLV rather than the value part only.
Change-Id: I1e68a4003b833e86e9282c77325afa86ce144b98
GlobalPlatform has a [non-public] "UICC Configuration" spec, which
defines some specific aspects of implementing GlobalPlatform in the
context of an UICC. Let's add some python definitions about it.
Change-Id: If4cb110a9bc5f873b0e097c006bef59264ee48fa
We used to re-encode those parts of a decoded ASN.1 struct that is
cryptographically signed in the GSMA SGP.22 specification. However, if
the received data follows a later spec and contains new/unknown records,
then our poor-man's attempt at re-encoding will render a different
binary, which in turn means the signature check will fail.
Let's instead do a manual step-by-step raw decode of the DER TLV
structure to extract the actual binary information of parts of ASN.1
objects.
Change-Id: I4e31fd4b23ec3be15b9d07c2c30a3e31e22bdda1
Closes: OS#6473
... and populate the RuntimeState.identity['EID'] wit it, so other
[future] parts of the system can use it.
Let's also print the EID (if available) from the 'cardinfo' shell
command.
Change-Id: Idc2ea1d9263f39b3dff403e1535a5e6c4e88b26f
The get_eid command is actually sending the command apdu twice, as
it contains both an older implementation (result unused) and the newer
one.
Change-Id: Ie82bb09f4fc30bc879029b83147dad5614792b48
Let's have the card tell us what the length is by indicating '00'
instead of stating 'FF'. This is better aligned with general practice
and won't break assumptions in other parts of the code like SCP
transport.
Change-Id: Ied63c6e1970e3dfc675da5e5f94579fbb06fea51
A mix-up betewen underscore and dash resulted in:
Change-Id: I49d12b7c7ae2a343940e87d5069c0ae44a9bc50c
AttributeError: 'Namespace' object has no attribute 'application_aid'
Something like "this._.total_len-1" only works during decode. Let's
use GreedyBytes instead, working for encode and decode.
Change-Id: Idf8326298cab7ebc68b09c7e829bfc2061222f51
File "/crypt/space/home/laforge/projects/git/pysim/pySim/sysmocom_sja2.py", line 180, in __init__
self._construct = Struct(Const(b'\x82'), 'time_unit'/self.TimeUnit, 'value'/Int8ub,
^^^^^
NameError: name 'Const' is not defined
Change-Id: If34a48e349680ef84e68a4a1a19dde536ecda0e6
pySim/euicc.py:436:31: E0606: Possibly using variable 'p_id' before assignment (possibly-used-before-assignment)
pySim/euicc.py:455:31: E0606: Possibly using variable 'p_id' before assignment (possibly-used-before-assignment)
pySim/euicc.py:473:31: E0606: Possibly using variable 'p_id' before assignment (possibly-used-before-assignment)
Let's raise an exception in the erroneous case.
Change-Id: Ifdf4651e503bae6ea3e91c89c2121b416a12fb1a
pySim/commands.py:608:39: E0606: Possibly using variable 'p2' before assignment (possibly-used-before-assignment)
Let's raise an exception in the erroneous case.
Change-Id: I23adf2e89aa8a13246cc20ef022c84f0113eb2cd
pySim/commands.py:223:18: E0606: Possibly using variable 'skip' before assignment (possibly-used-before-assignment)
Let's raise an exception in the erroneous case.
Change-Id: Id1a892c3446e472699e77f076c2414277e92c98d
When a SCP is active, the DEK is used to encrypt any key material
that's installed using PUT KEY. The code prior to this patch fails
to handle this case as it calls the encrypt_key() method on the wrong
object.
Change-Id: I6e10fb9c7881ba74ad2986c36bba95b336470838
our utils.b2h() returns values in lower-case hex string notation,
so let's make sure the CardADF and CardApplication AID values are also
stored in lower case notation, othewise the matching baesd on AIDs
returned from the card will not work, specifically as we use uppercase
AIDs in pySim.euicc for CardApplicationECASD and CardApplicationISDR.
Rather than change those two instances, let's solve it in a generic way.
We already do the same for the CardFile.fid member.
Change-Id: Ie42392412d9eb817fbc563d9165faab198ffa7a9
While all official/standardized ES2+ API functions use POST, there
are some vendor-specific extensions using different HTTP methods. Be
flexible enough to allow derived classes to easily specify other methods.
Change-Id: I4b1a0dc7e6662485397c7708933bf16e5ed56e10
Usually, the specifications say that the integer type is actually
transmitted as a JSON string type. However, it seems some
implementations do return a native JSON integer type. Let's be
tolerant in that regard.
Change-Id: I5b47f8bba01225d53eff2ca086e53a2133abed7f
There was a support request hinting that other applications
concurrently accessed the SIM and were messing up the card state while
pySim-shell was running.
Let's avoid such situations by opening the card/reader in EXCLUSIVE mode
by default. If somebody really has a special use case, they can now add
the --pcsc-shared flag to restore the legacy behavior (SHARED mode).
Change-Id: I90d887714b559a4604708d3c6dd23b5e05f40576
To make things exciting, they decided that the ICCID in the profile
header is encoded different from the ICCID contained in EF.ICCID...
Change-Id: I5eacdcdc6bd0ada431eb047bfae930d79d6e3af8
When personalizing e.g. the ICCID, the input_value is the raw
incrementing counter. From that, we calculate the Luhn check digit,
and that "output" value is what we'll put in to the EF.ICCID specific
encoder.
However, we also store that output value in the instance in order
to generate the output CSV file containig the card-specific
personalization data.
Change-Id: Idfcd26c8ca9d73a9c2955f7c97e711dd59a27c4e
Those keys are normally per-card unique, and hence the personalization
must be able to modify them in the profile.
Change-Id: Ibe4806366f1cce8edb09d52613b1dd56250fa5ae
pySim/esim/saip/validation.py:95:42: C0117: Consider changing "not not ('usim' in m_svcs or 'isim' in m_svcs)" to "'usim' in m_svcs or 'isim' in m_svcs" (unnecessary-negation)
pySim/esim/saip/validation.py:129:0: C0305: Trailing newlines (trailing-newlines)
Change-Id: Idcc9871d6a7068e8aedbd8cd81f4156918af5e50
pySim/esim/saip/__init__.py:28:0: R0402: Use 'from pySim.esim.saip import templates' instead (consider-using-from-import)
pySim/esim/saip/__init__.py:166:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/esim/saip/__init__.py:206:4: W0612: Unused variable 'tagdict' (unused-variable)
pySim/esim/saip/__init__.py:273:23: C1802: Do not use `len(SEQUENCE)` without comparison to determine if a sequence is empty (use-implicit-booleaness-not-len)
Change-Id: I12ef46c847d197fb0c01e624818aeac14eb99e31
Introduce code that makes use of the information from
pySim.esim.saip.templates to build a complete representation of a file
by merging the template with the ProfileElement decribing the file.
This happens within the class pySim.esim.saip.File, whose instances are
created from ProfileElement + Template.
Change-Id: Ib1674920e488ade9597cb039e4e2047dcbc7864e
If we're using a Secure Channel Protocol, this will add overhead
in terms of the C-MAC appended to the C-APDU. This means in turn that
the useable length of the data field shrinks by a certain number of
bytes.
Let's make sure the SCP instances expose an 'overhead' property
of how much overhead they add - and that other commands use this to
determine the maximum command data field length.
Change-Id: I0a081a23efe20c77557600e62b52ba90a401058d
TS 102 221 specifies a TERMINAL CAPABILITY command using which the
terminal (Software + hardware talking to the card) can expose their
capabilities. This is also used in the eUICC universe to let the eUICC
know which features are supported.
Change-Id: Iaeb8b4c34524edbb93217bf401e466399626e9b0
This type of USIM was introduced in Release 16.4. It is basically
a copy of ADF.USIM without the EF.IMSI file and a dedicated AID.
Change-Id: Ifcde27873a398273a89889bb38537f79859383e9
