pysim-local/docs/sim-rest.rst

sim-rest-server
===============

Sometimes there are use cases where a [remote] application will need
access to a USIM for authentication purposes.  This is, for example, in
case an IMS test client needs to perform USIM based authentication
against an IMS core.

The pysim repository contains two programs: `sim-rest-server.py` and
`sim-rest-client.py` that implement a simple approach to achieve the
above:

`sim-rest-server.py` speaks to a [usually local] USIM via the PC/SC
API and provides a high-level REST API towards [local or remote]
applications that wish to perform UMTS AKA using the USIM.

`sim-rest-client.py` implements a small example client program to
illustrate how the REST API provided by `sim-rest-server.py` can be
used.

REST API Calls
--------------

POST /sim-auth-api/v1/slot/SLOT_NR
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

where SLOT_NR is the integer-encoded slot number (corresponds to PC/SC
reader number).  When using a single sysmoOCTSIM board, this is in the range of 0..7

Example: `/sim-auth-api/v1/slot/0` for the first slot.

Request Body
############

The request body is a JSON document, comprising of
    1. the RAND and AUTN parameters as hex-encoded string
    2. the application against which to authenticate (USIM, ISIM)

Example:
::

        {
            "rand": "bb685a4b2fc4d697b9d6a129dd09a091",
            "autn": "eea7906f8210000004faf4a7df279b56"
        }

HTTP Status Codes
#################

HTTP status codes are used to represent errors within the REST server
and the SIM reader hardware.  They are not used to communicate protocol
level errors reported by the SIM Card.  An unsuccessful authentication
will hence have a `200 OK` HTTP Status code and then encode the SIM
specific error information in the Response Body.

======  =========== ================================
Status  Code        Description
------  ----------- --------------------------------
200     OK          Successful execution
400     Bad Request Request body is malformed
404     Not Found   Specified SIM Slot doesn't exist
410     Gone        No SIM card inserted in slot
======  =========== ================================

Response Body
#############

The response body is a JSON document, either

#. a successful outcome; encoding RES, CK, IK as hex-encoded string
#. a sync failure; encoding AUTS as hex-encoded string
#. errors
   #. authentication error (incorrect MAC)
   #. authentication error (security context not supported)
   #. key freshness failure
   #. unspecified card error

Example (succcess):
::

        {
           "successful_3g_authentication": {
                "res": "b15379540ec93985",
                "ck": "713fde72c28cbd282a4cd4565f3d6381",
                "ik": "2e641727c95781f1020d319a0594f31a",
                "kc": "771a2c995172ac42"
            }
        }

Example (re-sync case):
::

        {
            "synchronisation_failure": {
                "auts": "dc2a591fe072c92d7c46ecfe97e5"
            }
        }

Concrete example using the included sysmoISIM-SJA2
--------------------------------------------------

This was tested using SIMs ending in IMSI numbers 45890...45899

The following command were executed successfully:

Slot 0
::

        $ /usr/local/src/pysim/contrib/sim-rest-client.py -c 1 -n 0 -k 841EAD87BC9D974ECA1C167409357601 -o 3211CACDD64F51C3FD3013ECD9A582A0
        -> {'rand': 'fb195c7873b20affa278887920b9dd57', 'autn': 'd420895a6aa2000089cd016f8d8ae67c'}
        <- {'successful_3g_authentication': {'res': '131004db2ff1ce8e', 'ck': 'd42eb5aa085307903271b2422b698bad', 'ik': '485f81e6fd957fe3cad374adf12fe1ca', 'kc': '64d3f2a32f801214'}}

Slot 1
::

        $ /usr/local/src/pysim/contrib/sim-rest-client.py -c 1 -n 1 -k 5C2CE9633FF9B502B519A4EACD16D9DF -o 9834D619E71A02CD76F00CC7AA34FB32
        -> {'rand': '433dc5553db95588f1d8b93870930b66', 'autn': '126bafdcbe9e00000026a208da61075d'}
        <- {'successful_3g_authentication': {'res': '026d7ac42d379207', 'ck': '83a90ba331f47a95c27a550b174c4a1f', 'ik': '31e1d10329ffaf0ca1684a1bf0b0a14a', 'kc': 'd15ac5b0fff73ecc'}}