osmo-smdpp has built-in SSL/TLS support for quite some time now. The manual does not
yet mention this feature yet.
Change-Id: I2db5ae32914386a34eab1ed7d2aff8cae82bfa9b
According to [1], the literal block must be indented (and, like all
paragraphs, separated from the surrounding ones by blank lines).
[1] https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html#literal-blocks
While at it, fix tabs-vs-spaces: use 2 spaces like in other places.
Change-Id: If548bf66339433c1f3f9e2a557821e808c6afa26
Recent versions of the ARA-M applet from Bertrand Martel can lock
the write access to ARA-M rules. Let's add a command for that and
some documentation.
Related: SYS#7245
Change-Id: I71581a0c9f146f9a0921093d9b53b053b4a8946c
The PE-Application object is used to provision JAVA-card applications
into an eUICC during profile installation. Let's extend the SAIP-tool
so that we are able to add, remove and inspect applications.
Change-Id: I41db96f2f0ccc29c1725a92215ce6b17d87b76ce
The pySim-smpp2sim.py program exposes two interfaces:
* SMPP server-side port, so external programs can rx/tx SMS
* APDU interface towards the SIM card
It therefore emulates the SMSC, Core Network, RAND and UE parts
that would normally be encountered in an OTA setup.
Change-Id: Ie5bae9d823bca6f6c658bd455303f63bace2258c
Installing JAVA-card applets from a CAP file is a multi step process, which is
difficult when done manually. Fortunately it is easy to automate the process,
so let's add a dedicated command for that.
Change-Id: I6cbd37f0fad5579b20e83c27349bd5acc129e6d0
Related: OS#6679
In this patch we add the commands "install_for_load" and "load".
Depends: pyosmocom.git I86df064fa41db85923eeb0d83cc399504fdd4488
Change-Id: I924aaeecbb3a72bdb65eefbff6135e4e9570579e
Related: OS#6679
Back in January 2024 in change 7ba09f9392
we migrate dthe commands from 'class ADF_ISDR' to CardApplicationISDR
without updating the sphinx-argparse references in the documentation.
Let's fix that, making the syntax reference for those commands re-appear
in the documentation.
Change-Id: I1d7e2d1a5dfbdcc11b1fdb3e89845787f7cddbfc
This adds a small utility program that can be used for generating
keys used for SUCI in 5G SA networks, as well as for dumping them
in a format that's compatible with what is needed on the USIM.
Change-Id: I9e92bbba7f700e160ea9c58da5f23fa4c31d40c6
Those programs have been around since 2021 but we never had any
documentation here. Let's fix that.
Change-Id: I7c471cac9500db063a0c8f5c5eb7b6861b3234ed
With osmo-remsim and Android APDU proxy we have two powerful solutions to
allow remote acces to UICC/eUICC cards. Let's add a section where we give
a brief overview about those solutions, so that pySim-shell users get
awre of them.
Related: OS#6367
Change-Id: I73de4de2e5d4a01d6d91989ee684cbdb680de8ef
Sphinx is complaining about a duplicate label "osmo-smdpp". Apparantly
because we use this label twices as section headline. The subsection
"osmo-smdpp" in "Running osmo-smdpp" talks about the commandline and the
supplementary files that osmo-smdpp needs to run. Let's split the two
topics into two different sections.
Change-Id: I8bc4979160a00d36a03b9cd10679562a08c2c55c
sphinx-build doesn't use the PYTHONPATH from the venv, unless it runs
as python3 -m sphinx.cmd.build. We need it to use the imports from
PYTHONPATH, so we can update the pyosmocom version in requirements.txt
in a patch, and this new version will be used in the jenkins job that
runs during gerrit review. Otherwise the previously installed version
(from the docker image) will be used.
Related: https://github.com/sphinx-doc/sphinx/issues/8910
Change-Id: I487e1af6a3493df5b806cc2d3d2b70bc5233b89f
The documentation for the classic pySim-prog application is a bit
sparse. Let's rework it so that it includes the most important
information that is required to operate pySim-prog. Let's also add
a section about how the batch mode and CSV files are used.
Related: SYS#4120
Change-Id: I1d1a65154cea7fa77428b412fcf8c7b4cba629b1
The tutorial describes how SUCI calculation in the UE is configured,
let's now add a section about SUCI calculation by the USIM.
Related: OS#6531
Change-Id: I45d47f9278b30d99ebde6891de0ba8cc74b1a0a0
The section Technical References has direct download links for the relevant specs.
Then later in th Key Provisioning section another download link follows and another
one is redundant. Let's put all download links into the Technical References section
and then only use the spec numbers in the following. This way we have all download
links in one location.
Related: OS#6531
Change-Id: Ibcbc6bb5d836d32c381922a35afa3b73b5f90621
The first hnet_pubkey value with the identifier 27 seems to be incorrect.
It differs from the value suggested in 3GPP TS 31.121, section 4.9.4 and
also does not work with the on card SUCI calculation.
The tutorial also contains a reference to 3GPP TS 33.501, Annex C.4. This
spec specifies an ECIES Profile A and an ECIES Profile B. The tutorial
recommends to use a key from profile B, but it actually uses a key from
profile A.
Related: OS#6531
Change-Id: I6fddf8a6efc28ad0d40b1715973429904e00d2b2
This command exports the entire filesystem state as one JSON document,
which can be useful for storing it in a noSQL database, or for doing a
structured diff between different such dumps.
It's similar to "export", but then reasonably different to rectify a
separate command.
Change-Id: Ib179f57bc04d394efe11003ba191dca6098192d3
It's generally a bad idea to keep [card specific] key material lying
around unencrypted in CSV files. The industry standard solution in the
GSMA is a so-called "transport key", which encrypts the key material.
Let's introduce support for this in the CardKeyProvider (and
specifically, the CardKeyProviderCSV) and allow the user to specify
transport key material as command line options to pySim-shell.
Different transport keys can be used for different key materials, so
allow specification of keys on a CSV-column base.
The higher-level goal is to allow the CSV file not only to store
the ADM keys (like now), but also global platform key material for
establishing SCP towards various security domains in a given card.
Change-Id: I13146a799448d03c681dc868aaa31eb78b7821ff
TS 102 221 specifies a TERMINAL CAPABILITY command using which the
terminal (Software + hardware talking to the card) can expose their
capabilities. This is also used in the eUICC universe to let the eUICC
know which features are supported.
Change-Id: Iaeb8b4c34524edbb93217bf401e466399626e9b0
This adds an implementation of the GlobalPlatform SCP03 protocol. It has
been tested in S8 mode for C-MAC, C-ENC, R-MAC and R-ENC with AES using
128, 192 and 256 bit key lengh. Test vectors generated while talking to
a sysmoEUICC1-C2T are included as unit tests.
Change-Id: Ibc35af5474923aed2e3bcb29c8d713b4127a160d
Using this command, one can change the life cycle status of on-card
applications, specifically one can LOCK (disable) them and re-enable
them as needed.
Change-Id: Ie14297a119d01cad1284f315a2508aa92cb4633b
This allows us to perform STORE DATA on applications like ARA-M/ARA-D
after establishing SCP02 to the related security domain.
Change-Id: I2ce766b97bba42c64c4d4492b505be66c24f471e
This implementation of GlobalPlatform SCP02 currently only supports
C-MAC and C-ENC, but no R-MAC or R-ENC yet.
The patch also introduces the notion of having a SCP instance associated
with a SimCardCommands instance. It also adds the establish_scp0w and
release_scp shell commands to all GlobalPlatform Security Domains.
Change-Id: I56020382b9dfe8ba0f7c1c9f71eb1a9746bc5a27
The GlobalPlatform GET STATUS command is used to display information
about ISD / Applications / ExecutabLoad Files / Modules on the card.
Change-Id: Ic92f96c1c6a569aebc93a906c62a43b86fe3b811
Let's simply use the matchingId for filesystem lookup of the UPP file.
This way we can have any number of profiles by simply creating the
respeective files.
Change-Id: I0bc3a14b9fdfcc6322917dd0c69d8295de486950
This command is used for installation of GlobalPlatform keys. We only
implement the command without secure messaging at this point, as it is
used during card personalization. Authentication will later be handled
by generic implementations of SCP02 and/or SCP03.
Change-Id: Icffe9e7743266d7262fbf440dd361b21eed7c5cf
In If30c5d31b4e7dd60d3a5cfb1d1cbdcf61741a50e we introduced a store_data
comamnd, but forgot to add it to the pySim-shell manual.
Change-Id: I6039818c2c0c5373b4a4ef1e33e152de7fbbd01a
