SGP.22 is quite clear in that handleNotification shall return an empty
HTTP response body. Let's make sure we comply to that and don't report
a JSON response.
Change-Id: I1cad539accbc3e7222bfd4780955b3b1ff694c5b
The eSIM specs allow for both brainpool and nist; in reality the
deployments use the NIST P256 curve.
osmo-smdpp currently only supports a single certificate; let's use the
NIST one by default.
Change-Id: Idc7809f320505279c8a75e9b667be0a2af802f6b
Before this patch we had three different error causes that would cause a
"Verification failed" error message. Let's state explicitly which part
of verification did actually fail.
Change-Id: I5030758fe365bb802ae367b494aace5a66bc7a91
We used to re-encode those parts of a decoded ASN.1 struct that is
cryptographically signed in the GSMA SGP.22 specification. However, if
the received data follows a later spec and contains new/unknown records,
then our poor-man's attempt at re-encoding will render a different
binary, which in turn means the signature check will fail.
Let's instead do a manual step-by-step raw decode of the DER TLV
structure to extract the actual binary information of parts of ASN.1
objects.
Change-Id: I4e31fd4b23ec3be15b9d07c2c30a3e31e22bdda1
Closes: OS#6473
osmo-smdpp.py:374:72: E0601: Using variable 'iccid_str' before assignment (used-before-assignment)
Let's raise an exception in the erroneous case.
Change-Id: I01b308226e12f91699b1b5c6bb06f853be47e185
The hex string of the generated transactionId contains lowercase hex
digits. However SGP.22 explicitly spcifies to use uppercase hex digits
when using JSON fromatted messages. See section 6.5.2.6 for example.
Related: SYS#6720
Change-Id: I8439aa9d70f6fe798fa88b623bac13debdc19ca1
Read the ICCID from the header of the UPP when building the
ProfileMetdata. This allows the download of profiles with arbitrary ICCID.
Change-Id: I1b9e17f757f9935436828e6dc1ab75ff17d1d1a4
Let's simply use the matchingId for filesystem lookup of the UPP file.
This way we can have any number of profiles by simply creating the
respeective files.
Change-Id: I0bc3a14b9fdfcc6322917dd0c69d8295de486950
We can only choose a CI certificate which is supported both by the eUICC
as well as which has signed our own SM-DP+ certificates.
Change-Id: I0b9130f06d501ca7d484063d56d606cfdd2544f4
This commit introduces
* the osmo-smdpp.py program implementing the main procedures and the
HTTP/REST based ES9+
* python modules for ES8+ and non-volatile RSP Session State storage
* the ASN.1 source files required to parse/encode RSP
* 3GPP test certificates from SGP.26
* an unsigned profile package (UPP) of a SAIP v2.3 TS48 test profile
As I couldn't get the 'Klein' tls support to work, the SM-DP+ code
currently does not support HTTPS/TLS but plan HTTP, so you either have
to modify your LPA to use HTTP instead of HTTPS, or put a TLS proxy in
front.
I have successfully installed an eSIM profile on a test eUICC that
contains certificate/key data within the test CI defined in GSMA SGP.26
Change-Id: I6232847432dc6920cd2bd08c84d7099c29ca1c11
