This method allows the caller to remove all NAAs of a certain type,
for example to remove all CSIM instances from a given profile.
Change-Id: I64438bf0be58bad7a561c3744b7e9b1338a7857c
This tool can be used to test the SM-DP+. It implements the full dance
of all HTTPs API operations to get to the downloadProfile, and will
decrypt the BPP to the UPP, which is then subsequently stored as file on
disk.
Needless to say, this will only work if you have an eUICC certificate +
private key that is compatible with the CI of your SM-DP+.
Change-Id: Idf8881e82f9835f5221c58b78ced9937cf5fb520
Let's use the infrastructure of pySim.esim.http_json_api to define
the ES9+ API Functions. This can in turn be used by clients or even
osmo-smdpp can be ported over to using this infratructure rather than
open-coding a lot of the encoding/decoding of API request/response
parameters.
Change-Id: I194ef1d186391f36245c099cc70a4813185ecf9c
So far the main use case was to read a ProfileElement-SD from
a DER file. But when we want to construct one from scratch,
we need to have the constructor put some meaningful [default]
values into the class members.
Change-Id: I69e104f1d78165c12291317326dbab05977a1574
This way it's possible to programmatically inspect and modify the
high-level decoded key material inside a securityDomain profile element.
Change-Id: I18b1444303de80eaddd840a7e0061ea0098a8ba1
It's rather useful to have derived classes implementing specific
functions related to that SAIP profile type. Let's introruce that
concept and a first example for securityDomain, where methods allow
checking/adding/removing support for SCPs.
Change-Id: I0929cc704b2aabddbc2ddee79ab8b674b1ed4691
When de-MAC-ing at the recipient side, we must increment the cipher(!)
block number even if no ciphering is done at all.
We did this correctly for MAC (sender) case, but not on the de-MAC
(receiver) case.
Change-Id: I97993f9e8357b36401d435aaa15558d1c7e411eb
In the eSIM RSP univers there are some rather ugly layering violatoins
where ASN.1 cannot be parsed but we have to mess with raw TLVs and the
details of DER encoding. Let's add two funtions that make it more
convenient to work with this: They return the raw tag as integer, or
even the entire encoded TLV rather than the value part only.
Change-Id: I1e68a4003b833e86e9282c77325afa86ce144b98
We used to re-encode those parts of a decoded ASN.1 struct that is
cryptographically signed in the GSMA SGP.22 specification. However, if
the received data follows a later spec and contains new/unknown records,
then our poor-man's attempt at re-encoding will render a different
binary, which in turn means the signature check will fail.
Let's instead do a manual step-by-step raw decode of the DER TLV
structure to extract the actual binary information of parts of ASN.1
objects.
Change-Id: I4e31fd4b23ec3be15b9d07c2c30a3e31e22bdda1
Closes: OS#6473
While all official/standardized ES2+ API functions use POST, there
are some vendor-specific extensions using different HTTP methods. Be
flexible enough to allow derived classes to easily specify other methods.
Change-Id: I4b1a0dc7e6662485397c7708933bf16e5ed56e10
Usually, the specifications say that the integer type is actually
transmitted as a JSON string type. However, it seems some
implementations do return a native JSON integer type. Let's be
tolerant in that regard.
Change-Id: I5b47f8bba01225d53eff2ca086e53a2133abed7f
To make things exciting, they decided that the ICCID in the profile
header is encoded different from the ICCID contained in EF.ICCID...
Change-Id: I5eacdcdc6bd0ada431eb047bfae930d79d6e3af8
When personalizing e.g. the ICCID, the input_value is the raw
incrementing counter. From that, we calculate the Luhn check digit,
and that "output" value is what we'll put in to the EF.ICCID specific
encoder.
However, we also store that output value in the instance in order
to generate the output CSV file containig the card-specific
personalization data.
Change-Id: Idfcd26c8ca9d73a9c2955f7c97e711dd59a27c4e
Those keys are normally per-card unique, and hence the personalization
must be able to modify them in the profile.
Change-Id: Ibe4806366f1cce8edb09d52613b1dd56250fa5ae
pySim/esim/saip/validation.py:95:42: C0117: Consider changing "not not ('usim' in m_svcs or 'isim' in m_svcs)" to "'usim' in m_svcs or 'isim' in m_svcs" (unnecessary-negation)
pySim/esim/saip/validation.py:129:0: C0305: Trailing newlines (trailing-newlines)
Change-Id: Idcc9871d6a7068e8aedbd8cd81f4156918af5e50
pySim/esim/saip/__init__.py:28:0: R0402: Use 'from pySim.esim.saip import templates' instead (consider-using-from-import)
pySim/esim/saip/__init__.py:166:8: R1705: Unnecessary "else" after "return", remove the "else" and de-indent the code inside it (no-else-return)
pySim/esim/saip/__init__.py:206:4: W0612: Unused variable 'tagdict' (unused-variable)
pySim/esim/saip/__init__.py:273:23: C1802: Do not use `len(SEQUENCE)` without comparison to determine if a sequence is empty (use-implicit-booleaness-not-len)
Change-Id: I12ef46c847d197fb0c01e624818aeac14eb99e31
Introduce code that makes use of the information from
pySim.esim.saip.templates to build a complete representation of a file
by merging the template with the ProfileElement decribing the file.
This happens within the class pySim.esim.saip.File, whose instances are
created from ProfileElement + Template.
Change-Id: Ib1674920e488ade9597cb039e4e2047dcbc7864e
pySim/esim/saip/oid.py:30:11: C0123: Use isinstance() rather than type() for a typecheck. (unidiomatic-typecheck)
pySim/esim/saip/oid.py:46:11: C0123: Use isinstance() rather than type() for a typecheck. (unidiomatic-typecheck)
Change-Id: I65c9cd1bb2b6a1747a7fbb25052adc75605bc870
pySim/esim/saip/templates.py:106:0: R1707: Disallow trailing comma tuple (trailing-comma-tuple)
pySim/esim/saip/templates.py:56:37: C0121: Comparison 'self.fid != None' should be 'self.fid is not None' (singleton-comparison)
pySim/esim/saip/templates.py:57:28: C0121: Comparison 'self.arr != None' should be 'self.arr is not None' (singleton-comparison)
pySim/esim/saip/templates.py:58:37: C0121: Comparison 'self.sfi != None' should be 'self.sfi is not None' (singleton-comparison)
pySim/esim/saip/templates.py:96:11: C0123: Use isinstance() rather than type() for a typecheck. (unidiomatic-typecheck)
pySim/esim/saip/templates.py:591:0: W1404: Implicit string concatenation found in list (implicit-str-concat)
Change-Id: I181578ba630c8bdb558297e990411b59593652a0
pySim/esim/saip/personalization.py:104:0: W0311: Bad indentation. Found 17 spaces, expected 16 (bad-indentation)
pySim/esim/saip/personalization.py:105:0: W0311: Bad indentation. Found 17 spaces, expected 16 (bad-indentation)
pySim/esim/saip/personalization.py:151:0: C0305: Trailing newlines (trailing-newlines)
pySim/esim/saip/personalization.py:36:4: C0204: Metaclass class method __new__ should have 'mcs' as first argument (bad-mcs-classmethod-argument)
pySim/esim/saip/personalization.py:56:4: W0237: Parameter 'pe_seq' has been renamed to 'pes' in overriding 'Iccid.apply' method (arguments-renamed)
pySim/esim/saip/personalization.py:19:0: W0611: Unused Optional imported from typing (unused-import)
Change-Id: I70b3e266bbafabbfcec3d48027d50b45c2c17809
pySim/esim/x509_cert.py:70:4: W0107: Unnecessary pass statement (unnecessary-pass)
pySim/esim/x509_cert.py:91:20: C0123: Use isinstance() rather than type() for a typecheck. (unidiomatic-typecheck)
pySim/esim/x509_cert.py:105:28: W3101: Missing timeout argument for method 'requests.get' can cause your program to hang indefinitely (missing-timeout)
pySim/esim/x509_cert.py:163:0: C0413: Import "from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature" should be placed at the top of the module (wrong-import-position)
pySim/esim/x509_cert.py:20:0: C0411: standard import "from typing import Optional, List" should be placed before "import requests" (wrong-import-order)
pySim/esim/x509_cert.py:163:0: C0411: third party import "from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature" should be placed before "from pySim.utils import b2h" (wrong-import-order)
pySim/esim/x509_cert.py:163:0: C0412: Imports from package cryptography are not grouped (ungrouped-imports)
pySim/esim/x509_cert.py:22:0: W0611: Unused padding imported from cryptography.hazmat.primitives.asymmetric (unused-import)
pySim/esim/x509_cert.py:24:0: W0611: Unused InvalidSignature imported from cryptography.exceptions (unused-import)
Change-Id: Ic435c9a7cfcc18cacec3a3d872925bd737fb5cd9
pySim/esim/bsp.py:1:0: C0114: Missing module docstring (missing-module-docstring)
pySim/esim/bsp.py:28:0: C0413: Import "import abc" should be placed at the top of the module (wrong-import-position)
pySim/esim/bsp.py:29:0: C0413: Import "from typing import List" should be placed at the top of the module (wrong-import-position)
pySim/esim/bsp.py:30:0: C0413: Import "import logging" should be placed at the top of the module (wrong-import-position)
pySim/esim/bsp.py:33:0: C0413: Import "from cryptography.hazmat.primitives import hashes" should be placed at the top of the module (wrong-import-position)
pySim/esim/bsp.py:34:0: C0413: Import "from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF" should be placed at the top of the module (wrong-import-position)
pySim/esim/bsp.py:36:0: C0413: Import "from Cryptodome.Cipher import AES" should be placed at the top of the module (wrong-import-position)
pySim/esim/bsp.py:37:0: C0413: Import "from Cryptodome.Hash import CMAC" should be placed at the top of the module (wrong-import-position)
pySim/esim/bsp.py:39:0: C0413: Import "from pySim.utils import bertlv_encode_len, bertlv_parse_one, b2h" should be placed at the top of the module (wrong-import-position)
pySim/esim/bsp.py:48:55: W0613: Unused argument 'padding' (unused-argument)
pySim/esim/bsp.py:55:45: W0613: Unused argument 'multiple' (unused-argument)
pySim/esim/bsp.py:84:8: W0107: Unnecessary pass statement (unnecessary-pass)
pySim/esim/bsp.py:89:8: W0107: Unnecessary pass statement (unnecessary-pass)
pySim/esim/bsp.py:94:8: W0107: Unnecessary pass statement (unnecessary-pass)
pySim/esim/bsp.py:169:8: W0107: Unnecessary pass statement (unnecessary-pass)
pySim/esim/bsp.py:292:8: W0612: Unused variable 'tdict' (unused-variable)
pySim/esim/bsp.py:292:15: W0612: Unused variable 'l' (unused-variable)
pySim/esim/bsp.py:292:23: W0612: Unused variable 'remain' (unused-variable)
Change-Id: I64bd634606c375e767676a4b5ba7c2cc042350c2
This adds classes for describing profile templates as well
as derived classes defining the profile templates of the
"Profile Interoperability Technical Specification", specifically
it's "ANNEX A (Normative): File Structure Templates Definition"
We need a machine-readable definition of those templates, so
we can fully interpret an unprotected profile package (UPP),
as the UPP usually only contains the increment/difference to
a given teplate.
Change-Id: I79bc0a480450ca2de4b687ba6f11d0a4ea4f14c8
When replacing a file's contents, we must not just remove any
fillFileContent tuples, but also the fillFileOffset.
Change-Id: I3e4d97ae9de8a78f7bc0165ece5954481568b800
This commit introduces the capability to parse and encode
SimAlliance/TCA "Interoperable Profiles" and apply personalization
operations on them.
Change-Id: I71c252a214a634e1bd6f73472107efe2688ee6d2
This commit introduces
* the osmo-smdpp.py program implementing the main procedures and the
HTTP/REST based ES9+
* python modules for ES8+ and non-volatile RSP Session State storage
* the ASN.1 source files required to parse/encode RSP
* 3GPP test certificates from SGP.26
* an unsigned profile package (UPP) of a SAIP v2.3 TS48 test profile
As I couldn't get the 'Klein' tls support to work, the SM-DP+ code
currently does not support HTTPS/TLS but plan HTTP, so you either have
to modify your LPA to use HTTP instead of HTTPS, or put a TLS proxy in
front.
I have successfully installed an eSIM profile on a test eUICC that
contains certificate/key data within the test CI defined in GSMA SGP.26
Change-Id: I6232847432dc6920cd2bd08c84d7099c29ca1c11
This is the protocol used for the ES8+ interface between SM-DP+ and the
eUICC in the GSMA eSIM system.
Change-Id: Ic461936f2e68e1e6f7faab33d06acf3063e261e7
