The upstream construct.{Bytes,GreedyBytes} only support bytes/bytearray
input data for the encoder, while the [newly-created]
osmocom.construct.{Bytes,GreedyBytes} support alternatively hex-string input.
This is important in the context of encoding construct-based types from
JSON, where our osmocom.utils.JsonEncoder will automatically convert any
bytes to hex-string, while re-encoding those hex-strings will fail prior
to this patch.
Change-Id: I1c8df6350c68aa408ec96ff6cd1e405ceb1a4fbb
Closes: OS#6774
The kvn parameter is used to select a keyset when establishin a secure channel.
At the moment this is a mandatory parameter and it must be within a certain
range.
However GPC_SPE_034 explicitly defines a reserved kvn value 0, that always
refers to the first available key. That effectively makes it an optional
parameter and the commandline interface should have the --key-ver parameter
as an optional parameter.
The ranges also have to be extended to allow 0 as kvn value. We also have to
put a range to support the sysmoUSIM-SJS1, which uses kvn value 1, which is
a non standard value.
Related: OS#6679
Change-Id: I42be2438c7f199b238f2ec7a9434cec5393210a7
ETSI TS 102 221, section 7.3 specifies that UICCs (and eUICCs) may support two
different transport protocols: T=0 or T=1 or both. The spec also says that the
terminal must support both protocols.
This patch adds the necessary functionality to support the T=1 protocol
alongside the T=0 protocol. However, this also means that we have to sharpen
the lines between APDUs and TPDUs.
As this patch also touches the low level interface to readers it was also
manually tested with a classic serial reader. Calypso and AT command readers
were not tested.
Change-Id: I8b56d7804a2b4c392f43f8540e0b6e70001a8970
Related: OS#6367
The _wrap_cmd_apdu methods for SCP02 and SCP03 are a bit hard to read. Let's
refactor them so that it is easier to understand what happens. In particular
that one can not have encryption (cenc) without signing (cmac)
Related: OS#6367
Change-Id: I4c5650337779a4bd1f98673650c6c3cb526d518b
when we sign and encrypt the APDU in _wrap_cmd_apdu (SCP03) we return an "mapdu"
at the end. However, in the (unlikely?) case where self.do_cencand
self.do_cmac are false, mapdu will be undeclared. In _wrap_cmd_apdu for SCP02
we just re-use the apdu variable and return it at the end, so when no
encryption and no signing is applied, the APDU falls just through without any
modifications. We should have the same mechanism for the SCP03 wrapping as
well.
Related: OS#6367
Change-Id: Ic7089a69dffd7313572c5b3e5953200be5925766
We're creating a 'pyosmocom' pypi module which contains a number of core
Osmocom libraries / interfaces that are not specific to SIM card stuff
contained here.
The main modules moved in this initial step are pySim.tlv, pySim.utils
and pySim.construct. utils is split, not all of the contents is
unrelated to SIM Cards. The other two are moved completely.
Change-Id: I4b63e45bcb0c9ba2424dacf85e0222aee735f411
When creating the DES cipher object with DES.new, we use the property
card_keys.dek. This property may hold a 16 byte key, but DES uses
an 8 byte key (56 bit + 8 bit integrity). Pycryptodome does not
automatically ignore excess key bytes. Instead it throws an
exception. This means we need to make sure to supply only the first
8 bytes of card_keys.dek
See also: https://pycryptodome.readthedocs.io/en/latest/src/cipher/des.html
Related: OS#6531
Change-Id: I92e0dc6a6196b532bd8b53fca7b9e78070d6903f
If we're using a Secure Channel Protocol, this will add overhead
in terms of the C-MAC appended to the C-APDU. This means in turn that
the useable length of the data field shrinks by a certain number of
bytes.
Let's make sure the SCP instances expose an 'overhead' property
of how much overhead they add - and that other commands use this to
determine the maximum command data field length.
Change-Id: I0a081a23efe20c77557600e62b52ba90a401058d
pySim/global_platform/scp.py:27:0: W0404: Reimport 'Optional' (imported line 20) (reimported)
pySim/global_platform/scp.py:157:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/global_platform/scp.py:165:8: W0107: Unnecessary pass statement (unnecessary-pass)
pySim/global_platform/scp.py:182:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/global_platform/scp.py:189:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/global_platform/scp.py:266:4: W0221: Variadics removed in overriding 'SCP02._wrap_cmd_apdu' method (arguments-differ)
pySim/global_platform/scp.py:298:4: W0237: Parameter 'rsp_apdu' has been renamed to 'apdu' in overriding 'SCP02.unwrap_rsp_apdu' method (arguments-renamed)
pySim/global_platform/scp.py:314:7: C0121: Comparison 'l == None' should be 'l is None' (singleton-comparison)
pySim/global_platform/scp.py:436:11: C0121: Comparison 'host_challenge == None' should be 'host_challenge is None' (singleton-comparison)
pySim/global_platform/scp.py:506:4: W0237: Parameter 'rsp_apdu' has been renamed to 'apdu' in overriding 'SCP03.unwrap_rsp_apdu' method (arguments-renamed)
pySim/global_platform/scp.py:27:0: C0411: standard import "from typing import Optional" should be placed before "from Cryptodome.Cipher import DES3, DES" (wrong-import-order)
Change-Id: Idd2b779a6628c88d9a48c94b8581525209824426
This adds an implementation of the GlobalPlatform SCP03 protocol. It has
been tested in S8 mode for C-MAC, C-ENC, R-MAC and R-ENC with AES using
128, 192 and 256 bit key lengh. Test vectors generated while talking to
a sysmoEUICC1-C2T are included as unit tests.
Change-Id: Ibc35af5474923aed2e3bcb29c8d713b4127a160d
