When we merged I8b56d7804a2b4c392f43f8540e0b6e70001a8970 for T=1
support, the ENVELOPE C-APDU was not adjusted to reflect the correct
case. ENVELOPE expects a response and hence needs a Le byte present.
This avoids below related message when performing e.g. OTA via SMS
Warning: received unexpected response data, incorrect APDU-case (3, should be 4, missing Le field?)!
Change-Id: Ice12675e02aa5438cf9f069f8fcc296c64aabc5a
Related: OS#6367
ETSI TS 102 221, section 7.3 specifies that UICCs (and eUICCs) may support two
different transport protocols: T=0 or T=1 or both. The spec also says that the
terminal must support both protocols.
This patch adds the necessary functionality to support the T=1 protocol
alongside the T=0 protocol. However, this also means that we have to sharpen
the lines between APDUs and TPDUs.
As this patch also touches the low level interface to readers it was also
manually tested with a classic serial reader. Calypso and AT command readers
were not tested.
Change-Id: I8b56d7804a2b4c392f43f8540e0b6e70001a8970
Related: OS#6367
The SimCardCommands has a cla_byte @property method, which automatically
returns the lchan patched CLA byte. We use cla_byte property to build
the UICC command APDUs inside SimCardCommands and then we hand the APDU
over to the send_apdu* methods. The cla_byte @property method as well
as the send_apdu* methods perform the lchan patching. This means the CLA
byte gets patched twice, which is technically not an issue, but can be
confusing when trying to understand the code.
To fix this, let's remove the @property methods and turn cla_byte into
a normal property again. This is also more accurate since the cla_byte
property originally was introduced to switch between UICC and classic
SIM APDU commands, which have almost identcal APDUs.
Related: OS#6531
Change-Id: I420f8a5f7ff8d9e5ef94d6519fb3716d6c7caf64
We're creating a 'pyosmocom' pypi module which contains a number of core
Osmocom libraries / interfaces that are not specific to SIM card stuff
contained here.
The main modules moved in this initial step are pySim.tlv, pySim.utils
and pySim.construct. utils is split, not all of the contents is
unrelated to SIM Cards. The other two are moved completely.
Change-Id: I4b63e45bcb0c9ba2424dacf85e0222aee735f411
The send_apdu* methods now support lchan patching, so there is no longer
a need for computing the class byte manually (which is prone get forgotten)
before calling a send_apdu*. It is now enough to supply an APDU that has
a class byte with the default channel selected. This also means we do not
need cla4lchan anymore, so let's restruture the code and get rid of it
completely.
Related: OS#6531
Change-Id: Ia795f3c16a8875484fce3b44e61497d5aa52b447
The ara_m commands use APDUs with a fix class byte (0x80). This means
that all ARA-M related features only work in the basic logical channel.
To fix this, let's compute the class byte for the current logical channel
dynamically inside the send_apdu methods of SimCardCommands. This will
fix the problem globally.
Related: OS#6531
Change-Id: Ie3e48678f178a488bfaea6cc2b9a3e18145a8d10
In the read and write command implementations, we used to catch
lower-layer exceptions (usually SwMatchError) and "translate" that into
a value error, only to add more information to the exception. This
meant that higher-layer code could no longer detect this was actually
a SwMatchError exception type.
Let's instead use the add_note() method to amend the existing exception,
rather than raising a new one of different type.
Change-Id: Ic94d0fe60a8a5e15aade56ec418192ecf31ac5e7
Let's have the card tell us what the length is by indicating '00'
instead of stating 'FF'. This is better aligned with general practice
and won't break assumptions in other parts of the code like SCP
transport.
Change-Id: Ied63c6e1970e3dfc675da5e5f94579fbb06fea51
pySim/commands.py:608:39: E0606: Possibly using variable 'p2' before assignment (possibly-used-before-assignment)
Let's raise an exception in the erroneous case.
Change-Id: I23adf2e89aa8a13246cc20ef022c84f0113eb2cd
pySim/commands.py:223:18: E0606: Possibly using variable 'skip' before assignment (possibly-used-before-assignment)
Let's raise an exception in the erroneous case.
Change-Id: Id1a892c3446e472699e77f076c2414277e92c98d
If we're using a Secure Channel Protocol, this will add overhead
in terms of the C-MAC appended to the C-APDU. This means in turn that
the useable length of the data field shrinks by a certain number of
bytes.
Let's make sure the SCP instances expose an 'overhead' property
of how much overhead they add - and that other commands use this to
determine the maximum command data field length.
Change-Id: I0a081a23efe20c77557600e62b52ba90a401058d
pySim/commands.py:443:0: C0325: Unnecessary parens after 'if' keyword (superfluous-parens)
pySim/commands.py:446:0: C0325: Unnecessary parens after 'elif' keyword (superfluous-parens)
pySim/commands.py:669:0: C0325: Unnecessary parens after 'elif' keyword (superfluous-parens)
pySim/commands.py:27:0: W0622: Redefining built-in 'BlockingIOError' (redefined-builtin)
pySim/commands.py:27:0: W0401: Wildcard import construct (wildcard-import)
pySim/commands.py:30:0: W0404: Reimport 'Hexstr' (imported line 29) (reimported)
pySim/commands.py:42:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/commands.py:48:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/commands.py:98:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/commands.py:114:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/commands.py:131:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/commands.py:223:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/commands.py:234:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/commands.py:252:11: C0123: Use isinstance() rather than type() for a typecheck. (unidiomatic-typecheck)
pySim/commands.py:271:11: C0123: Use isinstance() rather than type() for a typecheck. (unidiomatic-typecheck)
pySim/commands.py:274:18: W0612: Unused variable 'sw' (unused-variable)
pySim/commands.py:326:16: W0707: Consider explicitly re-raising using 'raise ValueError('%s, failed to read (offset %d)' % (str_sanitize(str(e)), offset)) from e' (raise-missing-from)
pySim/commands.py:386:16: W0707: Consider explicitly re-raising using 'raise ValueError('%s, failed to write chunk (chunk_offset %d, chunk_len %d)' % (str_sanitize(str(e)), chunk_offset, chunk_len)) from e' (raise-missing-from)
pySim/commands.py:443:12: R1720: Unnecessary "elif" after "raise", remove the leading "el" from "elif" (no-else-raise)
pySim/commands.py:521:14: R1714: Consider merging these comparisons with 'in' by using 'sw in ('62f1', '62f2')'. Use a set instead if elements are hashable. (consider-using-in)
pySim/commands.py:532:11: R1701: Consider merging these isinstance calls to isinstance(data, (bytearray, bytes)) (consider-merging-isinstance)
pySim/commands.py:666:8: R1720: Unnecessary "elif" after "raise", remove the leading "el" from "elif" (no-else-raise)
pySim/commands.py:762:12: R1705: Unnecessary "elif" after "return", remove the leading "el" from "elif" (no-else-return)
pySim/commands.py:776:12: R1705: Unnecessary "elif" after "return", remove the leading "el" from "elif" (no-else-return)
Change-Id: Idfcd6f799d5de9ecacd2c3d1e0d1f7d932f2b8db
This implementation of GlobalPlatform SCP02 currently only supports
C-MAC and C-ENC, but no R-MAC or R-ENC yet.
The patch also introduces the notion of having a SCP instance associated
with a SimCardCommands instance. It also adds the establish_scp0w and
release_scp shell commands to all GlobalPlatform Security Domains.
Change-Id: I56020382b9dfe8ba0f7c1c9f71eb1a9746bc5a27
Let's not have higher level code directly call the transports send_apdu*
methods. We do this as a precursor to introducing secure channel
support, where the secure channel driver would add MAC and/or encrypt
APDUs before they are sent to the transport.
Change-Id: I1b870140959aa8241cda2246e74576390123cb2d
If we are reading a file to check if we can skip the write to conserve
writes, don't treat exceptions as fatal. The file may well have the
access mode in a way that permits us to UPDATE but not to READ. Simply
fall-back to unconditional UPDATE in this case.
Change-Id: I7bffdaa7596e63c8f0ab04a3cb3ebe12f137d3a8
This new approach will "fork" separate SimCardCommands instances
for each RuntimeLchan. Higher-layer code should now always use the
RuntimeLchan.scc rather than the RuntimeState.card._scc in order to
make sure commands use the correct logical channel.
Change-Id: I13e2e871f2afc2460d9fd1cd566de42267c7d389
Related: OS#6230
Historically we always only had one instance of SimCardCommands, but
with this patch we can now have multiple instances, one for each lchan.
The SimCardCommands class is aware of the logical channel it runs on
and will patch the CLA byte accordingly.
Change-Id: Ibe5650dedc0f7681acf82018a86f83377ba81d30
Related: OS#6230
In some cases, the specs do not specify an absolute record length.
Instead there may be only a minimum record length specified. The card
vendor may then chose to use larger record length at will. This usually
is no problem since the data is usually written from the left and the
remaining bytes are padded at the end (right side) of the data. However
in some rare cases (EF.MSISDN, see also 3GPP TS 51.011, section 10.5.5)
the data must be written right-aligned towards the physical record
length. This means that the data is padded from the left in this case.
To fix this: Let's add a "leftpad" flag to LinFixedEF, which we set to
true in those corner cases. The code that updates the record in
commands.py must then check this flag and padd the data accordingly.
Change-Id: I241d9fd656f9064a3ebb4e8e01a52b6b030f9923
Related: OS#5714
The methods verify_binary and verify_record are only used internally
in class SimCardCommands, they can be both private methods. Also lets
move them above the method that uses them.
Related: OS#5714
Change-Id: I57c9af3d6ff45caa4378c400643b4ae1fa42ecac
We've had a "suspend_uicc" command since commit
ec95053249 in 2021, but didn't yet
have the corresponding "resume" pair.
Note that you cannot really execute this in a reasonable way from
within pySim, as it is required to power-cycle the card
between SUSPEND and RESUME, see TS 102 221 Section 11.1.22.3.2
Change-Id: I3322fde74f680e77954e1d3e18a32ef5662759f2
prior to this patch, the suspend_uicc command would always cause a
python exception as a list of integers was returned by decode_duration rather than a single integer (that can be used with %u format string).
Change-Id: I981e9d46607193176b28cb574564e6da546501ba
Depending on the card type (SIM or USIM/ISUM), self.cla_byte may
be either 0xa0 or 0x00. Sending RUN GSM ALGORITHM with CLA=0x00
fails with SW=6985 (Command not allowed), so let's make sure
that we always use CLA=0xa0 regardless of the card type.
Change-Id: Ia0abba136dbd4cdea8dbbc3c4d6abe12c2863680
This adds pySim-shell support for the RESIZE FILE command in order
to change the size of linear fixed or transparent EF.
Change-Id: I03fbb683e26231c75f345330ac5f914ac88bbe7a
When updating files and records there are sometimes huge portions that
are just 0xff. Mostly this is at the end of a file or record that is not
completely used. Lets add a notation to tell PySim-shell how to fill
those sections.
Change-Id: Iedd7887bf7d706878f4a3beca8dbea456404610b
This adds support for creating/deleting and terminating files,
as well as support for permanent card termination.
Change-Id: I5b1ffb1334afa18d62beb642268066a30deb7ea6
We had a mixture of tab and 4space based indenting, which is a bad
idea. 4space is the standard in python, so convert all our code to
that. The result unfortuantely still shoed even more inconsistencies,
so I've decided to run autopep8 on the entire code base.
Change-Id: I4a4b1b444a2f43fab05fc5d2c8a7dd6ddecb5f07
At the moment the non checking send_apdu() method is used when records
are read. Lets use read_record_checksw so that we get an exception in
case there is a problem to read the specified record.
Change-Id: I9fc411e1b12e8d9fd89b9964209808c0706011bd
The computed length of the file may be negative, when the offset exceeds
the file length. When this is the case, return none
Change-Id: I2c017c620254fae188022851ef3b670730aab503
The transport layer provides a method send_apdu_checksw to send APDUs
and to be sure the SW is the expected one. Given that, there is no need
to verify the SW manually. The exception of send_apdu_checksw will catch
the problem and also display the SW in a human readable form.
Change-Id: I9ce556ac0b7bb21c5c5a27170c32af0152255b79
Related: OS#5275
Similar to the fix in Ie1aeaab29701946233ed73db3331039690d695da
for update_binary(), read_binary() also contained a bug when treating
non-zero offsets.
Change-Id: Ic5c2f0ad1c1ec9c4e9c97e72895382f7b6fa9470
Related: OS#5254
In Icc240d5c8c04198640eb118565ea99f10ba27466 we introduced support for
writing files > 255 bytes by splitting the write into multiple chunks.
However, at the same time, that commit broke support for writing data at
non-zero offsets. Unfortunately, this is used extensively within
pySim-prog e.g. for writing K + OP/OPc data to sysmoISIM-SJA2 and sysmoUSIM-SJS1
cards.
This commit fixes the related problem.
Change-Id: Ie1aeaab29701946233ed73db3331039690d695da
Fixes: Icc240d5c8c04198640eb118565ea99f10ba27466
Closes: OS#5254
The T0 protocol (selected in transport/pcsc.py) does not support extended APDU, so 255 bytes is the maximum number of bytes that can be transmitted at a time. We can divide large data into 255 byte chunks. The read_binary function already has code to read more than 255 bytes, so we can just adapt it to the update_binary function.
Change-Id: Icc240d5c8c04198640eb118565ea99f10ba27466
