The SAIP specification is very weird in a way that it treats the DF and
EF descriptions as some kind of flat structure without describing the
hierarchy. So when creating a DF, sometimes it should be created below
the current DF, and sometimes it should be adjacent next to the current
DF.
Let's introduce
* a 'ppath' property of FileTemplate to indicate if a file is anything
but a direct sibling of the 'base DF' of the PE
* an 'extends' property of ProfileTemplate to indicate that a given
template does not have its own 'base DF', but that its contents merely
extends that of another ProfileTemplate
* a 'parent' property of ProfileTemplate to indicate a parent
ProfileTemplate below whose 'base DF' our files should be placed.
Change-Id: Ieab4835cd21008b289713784c0eb7170af2ccfb9
This method can be used to expand the default value pattern of the
file system template for the file to the specified (record, file) length.
Change-Id: Id3eb16910c0bdfa572294e14ca1cd44ca95ca69f
The default value must contain '...' to indicate a variable-length
default value section, not '..'
Change-Id: I8d78278065c145b86460acf8eb723babe777c4f6
The SAIP specification version implicitly determines which filesystem
templates (or versions thereof) are supported. So if a given eUICC
states it implements SAIP version 2.3.0, then we have to translate
this into which template versions that means. The new SaipSpecVersion
and its derived classes do exactly that.
Change-Id: I3a894c72c22e42bd2067e067be80a67197ad1bf2
The SAIP data format is inherently flat and doesn't intrinsically
have an idea of the tree-like structure of a filesystem. However,
if we want to (for example) convert a physical USIM into an eSIM
profile, we need to find the template for a given file, where the file
is identified by its path.
Let's expose a path property of the FileTemplate object, and populate
that when creating the FileTemplate as part of a ProfileTemplate.
Change-Id: Ie145ba159081daf8fbfa544f6d4248f05b7eea96
We previously only permitted this for transparent files (TR), but
file size can of course also be specified for BER-TLV files.
Change-Id: Ie007cf2ccde0a17d0fb853a96b833f064ae52c59
When loading a ProfileElement from its DER-ecoded format, populate
a dict with a pySim.esim.saip.File object for each file.
Change-Id: Ie2791c10289eb28daed2904467b0c5e5b11c94c2
As SGP.22 states, the handleNotification endpoint uses HTTP status 204,
not 200 (due to its empty body).
Change-Id: I890bdbd3e1c4578d2d5f0367958fdce26e338cac
this way, the eUICC will send us notifications whenever our profiles are
enabled/disabled/deleted.
Change-Id: I2861290864522b691b30b079c7c2e1466904df2d
The ES9+ interface is not only used for downloading eSIM profiles, but
it is also used to report back the installation result as well as
profile management operations like enable/disable/delete.
Change-Id: Iefba7fa0471b34eae30700ed43531a515af0eb93
For example, the ES9+ handleNotification function is defined with an
empty response body, so we cannot unconditionally assume that every HTTP
response will contain a JSON "header" value.
Change-Id: Ia3c5703b746c1eba91f85f8545f849a3f2d56e0b
The ProfileHeader PE contain lists of template-oids and services that
are mandatory in this profile. Let's add methods that can be used to
(re-) compute those lists based on the actual PE contents of the
sequence.
The idea is that during programmatic construction of a profile, those methods
would be called after appending all PEs, just before encoding the
profile as DER.
Change-Id: Ib43db8695c6eb63965756364fda7546d82df0beb
Let's avoid the copy+paste in the subclass constructors and initialize the profile
element header in the base class constructor.
Change-Id: I6e69ae1f0d33d963247fc506db33b3840c10c19a
There are e.g. templates for usim and for opt-usim, and they should not
be confused with each other. Let's reflect that in the naming.
Change-Id: Ic6d04ce3172dc969c6b8c018b8d305eb6fd3f550
Let's make sure the constructor of ProfileElement subclasses set
meaningful defaults to the self.decoded member, so that the to_der()
method can actually encode it. This is required when constructing
a profile from scratch, as opposed to loading an existing one from DER.
Also, add a test to verify that the encoder passes without exception;
doesn't test the generated binary data.
Change-Id: I401bca16e58461333733877ec79102a5ae7fe410
This new action can be used to dump all java applications as either raw
IJC file or converted to CAP format (the usual format generated by
JavaCard toolchains).
Change-Id: I51cffa5ba3ddbea491341d678ec9249d7cf470a5
This method allows the caller to remove all NAAs of a certain type,
for example to remove all CSIM instances from a given profile.
Change-Id: I64438bf0be58bad7a561c3744b7e9b1338a7857c
This tool can be used to test the SM-DP+. It implements the full dance
of all HTTPs API operations to get to the downloadProfile, and will
decrypt the BPP to the UPP, which is then subsequently stored as file on
disk.
Needless to say, this will only work if you have an eUICC certificate +
private key that is compatible with the CI of your SM-DP+.
Change-Id: Idf8881e82f9835f5221c58b78ced9937cf5fb520
Let's use the infrastructure of pySim.esim.http_json_api to define
the ES9+ API Functions. This can in turn be used by clients or even
osmo-smdpp can be ported over to using this infratructure rather than
open-coding a lot of the encoding/decoding of API request/response
parameters.
Change-Id: I194ef1d186391f36245c099cc70a4813185ecf9c
So far the main use case was to read a ProfileElement-SD from
a DER file. But when we want to construct one from scratch,
we need to have the constructor put some meaningful [default]
values into the class members.
Change-Id: I69e104f1d78165c12291317326dbab05977a1574
This way it's possible to programmatically inspect and modify the
high-level decoded key material inside a securityDomain profile element.
Change-Id: I18b1444303de80eaddd840a7e0061ea0098a8ba1
It's rather useful to have derived classes implementing specific
functions related to that SAIP profile type. Let's introruce that
concept and a first example for securityDomain, where methods allow
checking/adding/removing support for SCPs.
Change-Id: I0929cc704b2aabddbc2ddee79ab8b674b1ed4691
When de-MAC-ing at the recipient side, we must increment the cipher(!)
block number even if no ciphering is done at all.
We did this correctly for MAC (sender) case, but not on the de-MAC
(receiver) case.
Change-Id: I97993f9e8357b36401d435aaa15558d1c7e411eb
In the eSIM RSP univers there are some rather ugly layering violatoins
where ASN.1 cannot be parsed but we have to mess with raw TLVs and the
details of DER encoding. Let's add two funtions that make it more
convenient to work with this: They return the raw tag as integer, or
even the entire encoded TLV rather than the value part only.
Change-Id: I1e68a4003b833e86e9282c77325afa86ce144b98
