pysim

catarrh/pysim

Fork 0

mirror of https://gitea.osmocom.org/sim-card/pysim.git synced 2026-03-17 02:48:34 +03:00

Commit Graph

Author	SHA1	Message	Date
Philipp Maier	4550574e03	card_key_provider: separate and refactor CSV column encryption The CardKeyProviderCsv class implements a column decryption scheme where columns are protected using a transport key. The CSV files are enrcypted using contrib/csv-encrypt-columns.py. The current implementation has two main problems: - The decryption code in CardKeyProviderCsv is not specific to CSV files. It could be re-used in other formats, for example to decrypt columns (fields) red from a database. So let's split the decryption code in a separate class. - The encryption code in csv-encrypt-columns.py accesses methods and properties in CardKeyProviderCsv. Also having the coresponding encryption code somewhere out of tree may be confusing. Let's improve the design and put encryption and decryption functions in a single class. Let's also make sure the encryption/decryption is covered by unittests. Related: SYS#7725 Change-Id: I180457d4938f526d227c81020e4e03c6b3a57dab	2025-11-21 17:49:09 +01:00
Harald Welte	a3962b2076	Migrate over to using pyosmocom We're creating a 'pyosmocom' pypi module which contains a number of core Osmocom libraries / interfaces that are not specific to SIM card stuff contained here. The main modules moved in this initial step are pySim.tlv, pySim.utils and pySim.construct. utils is split, not all of the contents is unrelated to SIM Cards. The other two are moved completely. Change-Id: I4b63e45bcb0c9ba2424dacf85e0222aee735f411	2024-09-03 21:57:47 +02:00
Harald Welte	1aaf978d9f	CardKeyProvider: Implement support for column-based transport key encryption It's generally a bad idea to keep [card specific] key material lying around unencrypted in CSV files. The industry standard solution in the GSMA is a so-called "transport key", which encrypts the key material. Let's introduce support for this in the CardKeyProvider (and specifically, the CardKeyProviderCSV) and allow the user to specify transport key material as command line options to pySim-shell. Different transport keys can be used for different key materials, so allow specification of keys on a CSV-column base. The higher-level goal is to allow the CSV file not only to store the ADM keys (like now), but also global platform key material for establishing SCP towards various security domains in a given card. Change-Id: I13146a799448d03c681dc868aaa31eb78b7821ff	2024-06-04 23:18:37 +02:00

Author

SHA1

Message

Date

Philipp Maier

4550574e03

card_key_provider: separate and refactor CSV column encryption

The CardKeyProviderCsv class implements a column decryption scheme
where columns are protected using a transport key. The CSV files
are enrcypted using contrib/csv-encrypt-columns.py.

The current implementation has two main problems:

- The decryption code in CardKeyProviderCsv is not specific to CSV files.
  It could be re-used in other formats, for example to decrypt columns
  (fields) red from a database. So let's split the decryption code in a
  separate class.

- The encryption code in csv-encrypt-columns.py accesses methods and
  properties in CardKeyProviderCsv. Also having the coresponding
  encryption code somewhere out of tree may be confusing. Let's improve
  the design and put encryption and decryption functions in a single
  class. Let's also make sure the encryption/decryption is covered by
  unittests.

Related: SYS#7725
Change-Id: I180457d4938f526d227c81020e4e03c6b3a57dab

2025-11-21 17:49:09 +01:00

Harald Welte

a3962b2076

Migrate over to using pyosmocom

We're creating a 'pyosmocom' pypi module which contains a number of core
Osmocom libraries / interfaces that are not specific to SIM card stuff
contained here.

The main modules moved in this initial step are pySim.tlv, pySim.utils
and pySim.construct. utils is split, not all of the contents is
unrelated to SIM Cards.  The other two are moved completely.

Change-Id: I4b63e45bcb0c9ba2424dacf85e0222aee735f411

2024-09-03 21:57:47 +02:00

Harald Welte

1aaf978d9f

CardKeyProvider: Implement support for column-based transport key encryption

It's generally a bad idea to keep [card specific] key material lying
around unencrypted in CSV files.  The industry standard solution in the
GSMA is a so-called "transport key", which encrypts the key material.

Let's introduce support for this in the CardKeyProvider (and
specifically, the CardKeyProviderCSV) and allow the user to specify
transport key material as command line options to pySim-shell.

Different transport keys can be used for different key materials, so
allow specification of keys on a CSV-column base.

The higher-level goal is to allow the CSV file not only to store
the ADM keys (like now), but also global platform key material for
establishing SCP towards various security domains in a given card.

Change-Id: I13146a799448d03c681dc868aaa31eb78b7821ff

2024-06-04 23:18:37 +02:00

3 Commits