The new architecture avoids sim/ruim/uicc specific methods in
pySim.profile and instead moves the profile-specific code into the
profile; it also solves everything within the class hierarchy, no need
for global methods.
Change-Id: I3b6c44d2f5cce2513c3ec8a3ce939a242f3e4901
This was suggested by vyanitskiy during gerrit patch review in
https://gerrit.osmocom.org/c/pysim/+/38049 in order to make the
upcoming eUICC CardProfiles simpler.
Change-Id: Ia7c049b31cb1c5c5bb682406d9dd7a73bcd43185
The M2M eUICC are completely different from the consumer/IoT eUICC.
Obtaining the EID works via GET DATA in the ECASD. Let's add support
for that.
Change-Id: I6cca6f75d268229244c90b3f1f88e26c89a2b4e0
Any program using argparse_add_reader_args() will get a new
long-opt '--apdu-trace' which enables a raw APDU trace to the console.
Change-Id: I4bc3d2e023ba360f07f024d7b661a93322f87530
The code had two problems:
* the RESET was only performed in the successful case, but not if
some exceptio was raised
* the RESET was a low-level reset bypassing the RuntimeState,
so the lchan.selected_file was stale afterwards
Fixes: Change-Id Idc2ea1d9263f39b3dff403e1535a5e6c4e88b26f
Change-Id: Ib23d3d5b58b456a25157a622c1010c81cd8b2213
So far the core proactive handling code would always generate a positive
response, with no way for the ProactiveHandler call-back to influence
that or to include additional IEs/TLVs.
Let's change that.
Change-Id: Ic772b3383533f845689ac97ad03fcf67cf59c208
When we define positional arguments for the argument parser, we usually
use upper case letters only. However, there are some code locations that
use lower case letters. Let's translate those to capital letters to
have a consistent appeariance.
Related: OS#6531
Change-Id: Iec1ff8262bc6e9cf87c3cbf7b32fa5f753b7e574
The command cardinfo also displays the AIDs of the card applications.
However, on classic GSM sim cards there are no applications. In this
case cardinfo will still display the string 'AIDs:', but it will of
course not list any AIDs under this string.
Related: OS#6531
Change-Id: Ifb111ce43fdebe85d30857dfc61ab570380b68d1
The tutorial describes how SUCI calculation in the UE is configured,
let's now add a section about SUCI calculation by the USIM.
Related: OS#6531
Change-Id: I45d47f9278b30d99ebde6891de0ba8cc74b1a0a0
When pySim-shell is used in a scripted environment, we may easily get trapped in
the pySim-shell prompt. This may happen in particular in case the script file
is not executed due to problem with the reader initialization. In such a case
pySim-shell will not exit automatically and the shellscript that was calling
pySim-shell will stall indefinetly.
To make the use of pySim-shell more reliable in scripted environments, let's
add a --noprompt option that ensures the interactive mode is never entered.
Let's also exit with an appropriate return code in case of initialization
errors, so that the calling script can know that something went wrong.
Related: OS#6531
Change-Id: I07ecb27b37e2573629981a0d032cc95cd156be7e
The SimCardCommands has a cla_byte @property method, which automatically
returns the lchan patched CLA byte. We use cla_byte property to build
the UICC command APDUs inside SimCardCommands and then we hand the APDU
over to the send_apdu* methods. The cla_byte @property method as well
as the send_apdu* methods perform the lchan patching. This means the CLA
byte gets patched twice, which is technically not an issue, but can be
confusing when trying to understand the code.
To fix this, let's remove the @property methods and turn cla_byte into
a normal property again. This is also more accurate since the cla_byte
property originally was introduced to switch between UICC and classic
SIM APDU commands, which have almost identcal APDUs.
Related: OS#6531
Change-Id: I420f8a5f7ff8d9e5ef94d6519fb3716d6c7caf64
When constructing a ProfileElmentGFM from scratch, initialize the
decoded['fileManagementCMD'], as it is a mandatory member during
ASN.1 encode.
Change-Id: Iaae99348d36b7f0c739daf039d6ea2305b7ca9db
The choice member is called df-5gprose but the header is called
'df-5g-prose-header' (note the '-' between '5g' and 'prose'). WTF.
Change-Id: I86004ac2e18a187c26c5e470344908512d21fb9e
Sometimes the struct member is called like df-telecom, but in other
cases it's called df-df-saip with a double 'df' in front. That makes
no sense, but we have to deal with it from our constructors...
Change-Id: If5e670441f03a47fa34e97a326909b24927c12f7
We're creating a 'pyosmocom' pypi module which contains a number of core
Osmocom libraries / interfaces that are not specific to SIM card stuff
contained here.
The main modules moved in this initial step are pySim.tlv, pySim.utils
and pySim.construct. utils is split, not all of the contents is
unrelated to SIM Cards. The other two are moved completely.
Change-Id: I4b63e45bcb0c9ba2424dacf85e0222aee735f411
This is the only way we can make sure pylint has all required
information about imports from packages we depend upon.
Change-Id: I29582aa3d7f9ace9ce832d5b907420aaf14881fb
When probing for cards, the probing might fail in case the terminal
is empty. This results into lengthy error log output that is not
of interest.
Related: OS#6532
Change-Id: I1d44f9458a05992d79b0152d3affcfeb783cccff
When the test detects a card, but does not find the .data faile for
it, then it fails. This can be a problem in case we want to intentionally
exclude a specific card model.
Related: OS#6532
Change-Id: Iba196ada0076385de7bffcb157a85fda0a6c1852
The test currently expects all reader slots to be populated. This means
the cards may plugged into a random order, but there may not be any empty
slots in the system at all. This requirement is easy to meet when each
card has its own single-slot USB PCSC-reader, but as soon as multislot
readers are used there may be some empty slots.
Related: OS#6532
Change-Id: I7ba1d1350b6998d65e90408184accdb212556a7c
The section Technical References has direct download links for the relevant specs.
Then later in th Key Provisioning section another download link follows and another
one is redundant. Let's put all download links into the Technical References section
and then only use the spec numbers in the following. This way we have all download
links in one location.
Related: OS#6531
Change-Id: Ibcbc6bb5d836d32c381922a35afa3b73b5f90621
We currently have the shell script that performs the test in the
tests directory and the related data in pysim-testdata directory.
This is confusing, let's have evrything in a dedicated sub directory
Change-Id: Ic995a7f600d164fc0be3c2eb8255dbe043429bea
Related: OS#6531
We currently have the test data for pySim-trace in pysim-testdata.
This means we mix the test data with the data from our original
pySim integration tests. This is very confusing. Let's put the
test data and the testcase for pySim-trace into a dedicated
sub directory.
Change-Id: I565b4268a05c1a1334b5e7d3fbcd9ef2ef0f0c4c
Related: OS#6531
We currently mix the unit-tests with the shell script based integration
tests. Let's put them into a dedicated sub directory.
Related: OS#6531
Change-Id: I0978c5353d0d479a050bbb6e7ae5a63db5e08d24
The first hnet_pubkey value with the identifier 27 seems to be incorrect.
It differs from the value suggested in 3GPP TS 31.121, section 4.9.4 and
also does not work with the on card SUCI calculation.
The tutorial also contains a reference to 3GPP TS 33.501, Annex C.4. This
spec specifies an ECIES Profile A and an ECIES Profile B. The tutorial
recommends to use a key from profile B, but it actually uses a key from
profile A.
Related: OS#6531
Change-Id: I6fddf8a6efc28ad0d40b1715973429904e00d2b2
When creating the DES cipher object with DES.new, we use the property
card_keys.dek. This property may hold a 16 byte key, but DES uses
an 8 byte key (56 bit + 8 bit integrity). Pycryptodome does not
automatically ignore excess key bytes. Instead it throws an
exception. This means we need to make sure to supply only the first
8 bytes of card_keys.dek
See also: https://pycryptodome.readthedocs.io/en/latest/src/cipher/des.html
Related: OS#6531
Change-Id: I92e0dc6a6196b532bd8b53fca7b9e78070d6903f
The send_apdu* methods now support lchan patching, so there is no longer
a need for computing the class byte manually (which is prone get forgotten)
before calling a send_apdu*. It is now enough to supply an APDU that has
a class byte with the default channel selected. This also means we do not
need cla4lchan anymore, so let's restruture the code and get rid of it
completely.
Related: OS#6531
Change-Id: Ia795f3c16a8875484fce3b44e61497d5aa52b447
The ara_m commands use APDUs with a fix class byte (0x80). This means
that all ARA-M related features only work in the basic logical channel.
To fix this, let's compute the class byte for the current logical channel
dynamically inside the send_apdu methods of SimCardCommands. This will
fix the problem globally.
Related: OS#6531
Change-Id: Ie3e48678f178a488bfaea6cc2b9a3e18145a8d10
The argument parser object for establish_scp03 (est_scp03_parser) is
copied from est_scp02_parser. This object still has the .description
property set, which is the description for establish_scp02. To get
the description string that is defined in do_establish_scp03, we must
remove the old description string first.
Related: OS#6531
Change-Id: Ibb26bddf88b2e644a7f0c6b2a06bde228aa8afc7
The basic logical channel 0 is always present. It cannot be created or
closed. Let's restrict the value range of chan_nr, so that only valid
lchan numbers can be passed.
Related: OS#6531
Change-Id: I4eebd9f15fadd18e1caeb033fda36c59446fcab8
When we define command arguments using the ArgumentParser, we sometimes
define the positional arguments first. However, since positional arguments
usually follow after the optional (--xyz) arguments, we should define the
positional arguments last.
Related: OS#6531
Change-Id: I2412eb6e7dc32ae95a575f31d4489ce210d85ea0
When working with BER-TLF files, we can only delete one tag at a time.
There is no way to delete all tags at once. This may make working with
BER-TLV files difficult, in particular when scripting is used and the
script needs to start with an empty file. Also export has problems,
since it does not reset the file before setting the new values there
may be unexpected results in case there still tags in the file that
are not set during import. To fill the gap, let's add a commandd that
deletes all tags in a BER-TLV EF at once.
Related: OS#6531
Change-Id: I5d6bcfe865df7cb8fa6dd0052cab3b364d929f94
The CardKeyProvider support for the commands enable_chv, disable_chv,
verify_chv, change_chv and unblock_chv is broken. The reason for this
is the annotation "type=is_decimal" in the argument parser. This annotation
prevents the usage of string placeholders ("PIN1", "PUK1", etc).
Let's fix this by finding a better solution. We can also replace any
missing PIN/PUK code by checking if it is supplied or not. If not,
we query the CardKeyProvider. This also makes the usage of the *_chv
commands more uniform with the verify_adm command.
Related: OS#6531
Change-Id: I565b56ac608e801c67ca53d337bdec9efa3f3817
