sdkeys kv40 aes

Change-Id: If5b53c840ebd1f224f9bb4706a602b415194f47b
MncLen
2026-03-16 18:38:32 +03:00 · 2026-03-15 23:50:34 +01:00 · 2026-03-15 23:50:34 +01:00 · 2026-03-15 23:50:34 +01:00 · 2026-03-15 23:50:34 +01:00 · 2026-03-15 23:50:34 +01:00
17 changed files with 560 additions and 177 deletions
--- a/contrib/smpp-ota-tool.py
+++ b/contrib/smpp-ota-tool.py
@@ -30,6 +30,48 @@ from pathlib import Path

 logger = logging.getLogger(Path(__file__).stem)

+option_parser = argparse.ArgumentParser(description='Tool to send OTA SMS RFM/RAM messages via SMPP',
+                                        formatter_class=argparse.ArgumentDefaultsHelpFormatter)
+option_parser.add_argument("--host", help="Host/IP of the SMPP server", default="localhost")
+option_parser.add_argument("--port", help="TCP port of the SMPP server", default=2775, type=int)
+option_parser.add_argument("--system-id", help="System ID to use to bind to the SMPP server", default="test")
+option_parser.add_argument("--password", help="Password to use to bind to the SMPP server", default="test")
+option_parser.add_argument("--verbose", help="Enable verbose logging", action='store_true', default=False)
+algo_crypt_choices = []
+algo_crypt_classes = OtaAlgoCrypt.__subclasses__()
+for cls in algo_crypt_classes:
+    algo_crypt_choices.append(cls.enum_name)
+option_parser.add_argument("--algo-crypt", choices=algo_crypt_choices, default='triple_des_cbc2',
+                           help="OTA crypt algorithm")
+algo_auth_choices = []
+algo_auth_classes = OtaAlgoAuth.__subclasses__()
+for cls in algo_auth_classes:
+    algo_auth_choices.append(cls.enum_name)
+option_parser.add_argument("--algo-auth", choices=algo_auth_choices, default='triple_des_cbc2',
+                           help="OTA auth algorithm")
+option_parser.add_argument('--kic', required=True, type=is_hexstr, help='OTA key (KIC)')
+option_parser.add_argument('--kic-idx', default=1, type=int, help='OTA key index (KIC)')
+option_parser.add_argument('--kid', required=True, type=is_hexstr, help='OTA key (KID)')
+option_parser.add_argument('--kid-idx', default=1, type=int, help='OTA key index (KID)')
+option_parser.add_argument('--cntr', default=0, type=int, help='replay protection counter')
+option_parser.add_argument('--tar', required=True, type=is_hexstr, help='Toolkit Application Reference')
+option_parser.add_argument("--cntr-req", choices=CNTR_REQ.decmapping.values(), default='no_counter',
+                           help="Counter requirement")
+option_parser.add_argument('--no-ciphering', action='store_true', default=False, help='Disable ciphering')
+option_parser.add_argument("--rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc',
+                           help="message check (rc=redundency check, cc=crypt. checksum, ds=digital signature)")
+option_parser.add_argument('--por-in-submit', action='store_true', default=False,
+                           help='require PoR to be sent via SMS-SUBMIT')
+option_parser.add_argument('--por-no-ciphering', action='store_true', default=False, help='Disable ciphering (PoR)')
+option_parser.add_argument("--por-rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc',
+                           help="PoR check (rc=redundency check, cc=crypt. checksum, ds=digital signature)")
+option_parser.add_argument("--por-req", choices=POR_REQ.decmapping.values(), default='por_required',
+                           help="Proof of Receipt requirements")
+option_parser.add_argument('--src-addr', default='12', type=str, help='SMS source address (MSISDN)')
+option_parser.add_argument('--dest-addr', default='23', type=str, help='SMS destination address (MSISDN)')
+option_parser.add_argument('--timeout', default=10, type=int, help='Maximum response waiting time')
+option_parser.add_argument('-a', '--apdu', action='append', required=True, type=is_hexstr, help='C-APDU to send')
+
 class SmppHandler:
    client = None

@@ -167,47 +209,6 @@ class SmppHandler:
        return h2b(resp), h2b(sw)

 if __name__ == '__main__':
-    option_parser = argparse.ArgumentParser(description='CSV importer for pySim-shell\'s PostgreSQL Card Key Provider',
-                                   formatter_class=argparse.ArgumentDefaultsHelpFormatter)
-    option_parser.add_argument("--host", help="Host/IP of the SMPP server", default="localhost")
-    option_parser.add_argument("--port", help="TCP port of the SMPP server", default=2775, type=int)
-    option_parser.add_argument("--system-id", help="System ID to use to bind to the SMPP server", default="test")
-    option_parser.add_argument("--password", help="Password to use to bind to the SMPP server", default="test")
-    option_parser.add_argument("--verbose", help="Enable verbose logging", action='store_true', default=False)
-    algo_crypt_choices = []
-    algo_crypt_classes = OtaAlgoCrypt.__subclasses__()
-    for cls in algo_crypt_classes:
-        algo_crypt_choices.append(cls.enum_name)
-    option_parser.add_argument("--algo-crypt", choices=algo_crypt_choices, default='triple_des_cbc2',
-                               help="OTA crypt algorithm")
-    algo_auth_choices = []
-    algo_auth_classes = OtaAlgoAuth.__subclasses__()
-    for cls in algo_auth_classes:
-        algo_auth_choices.append(cls.enum_name)
-    option_parser.add_argument("--algo-auth", choices=algo_auth_choices, default='triple_des_cbc2',
-                               help="OTA auth algorithm")
-    option_parser.add_argument('--kic', required=True, type=is_hexstr, help='OTA key (KIC)')
-    option_parser.add_argument('--kic_idx', default=1, type=int, help='OTA key index (KIC)')
-    option_parser.add_argument('--kid', required=True, type=is_hexstr, help='OTA key (KID)')
-    option_parser.add_argument('--kid_idx', default=1, type=int, help='OTA key index (KID)')
-    option_parser.add_argument('--cntr', default=0, type=int, help='replay protection counter')
-    option_parser.add_argument('--tar', required=True, type=is_hexstr, help='Toolkit Application Reference')
-    option_parser.add_argument("--cntr_req", choices=CNTR_REQ.decmapping.values(), default='no_counter',
-                               help="Counter requirement")
-    option_parser.add_argument('--no-ciphering', action='store_true', default=False, help='Disable ciphering')
-    option_parser.add_argument("--rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc',
-                               help="message check (rc=redundency check, cc=crypt. checksum, ds=digital signature)")
-    option_parser.add_argument('--por-in-submit', action='store_true', default=False,
-                               help='require PoR to be sent via SMS-SUBMIT')
-    option_parser.add_argument('--por-no-ciphering', action='store_true', default=False, help='Disable ciphering (PoR)')
-    option_parser.add_argument("--por-rc-cc-ds", choices=RC_CC_DS.decmapping.values(), default='cc',
-                               help="PoR check (rc=redundency check, cc=crypt. checksum, ds=digital signature)")
-    option_parser.add_argument("--por_req", choices=POR_REQ.decmapping.values(), default='por_required',
-                               help="Proof of Receipt requirements")
-    option_parser.add_argument('--src-addr', default='12', type=str, help='SMS source address (MSISDN)')
-    option_parser.add_argument('--dest-addr', default='23', type=str, help='SMS destination address (MSISDN)')
-    option_parser.add_argument('--timeout', default=10, type=int, help='Maximum response waiting time')
-    option_parser.add_argument('-a', '--apdu', action='append', required=True, type=is_hexstr, help='C-APDU to send')
    opts = option_parser.parse_args()

    logging.basicConfig(level=logging.DEBUG if opts.verbose else logging.INFO,
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -48,6 +48,7 @@ pySim consists of several parts:
   sim-rest
   suci-keytool
   saip-tool
+   smpp-ota-tool


 Indices and tables
--- a/docs/smpp-ota-tool.rst
+++ b/docs/smpp-ota-tool.rst
@@ -0,0 +1,179 @@
+smpp-ota-tool
+=============
+
+The `smpp-ota-tool` allows users to send OTA SMS messages containing APDU scripts (RFM, RAM) via an SMPP server. The
+intended audience are developers who want to test/evaluate the OTA SMS interface of a SIM/UICC/eUICC. `smpp-ota-tool`
+is intended to be used as a companion tool for :ref:`pySim-smpp2sim`, however it should be usable on any other SMPP
+server (such as a production SMSC of a live cellular network) as well.
+
+From the technical perspective `smpp-ota-tool` takes the role of an SMPP ESME. It takes care of the encoding, encryption
+and checksumming (signing) of the RFM/RAM OTA SMS and eventually submits it to the SMPP server. The program then waits
+for a response. The response is automatically parsed and printed on stdout. This makes the program also suitable to be
+called from shell scripts.
+
+.. note:: In the following we will we will refer to `SIM` as one of the following: `SIM`, `USIM`, `ISIM`, `UICC`,
+	  `eUICC`, `eSIM`.
+
+Applying OTA keys
+~~~~~~~~~~~~~~~~~
+
+Depending on the `SIM` type you will receive one or more sets of keys which you can use to communicate with the `SIM`
+through a secure channel protocol. When using the OTA SMS method, the SCP80 protocol is used and it therefore crucial
+to use a keyset that is actually suitable for SCP80.
+
+A keyset usually consists of three keys:
+
+#. KIC: the key used for ciphering (encryption/decryption)
+#. KID: the key used to compute a cryptographic checksum (signing)
+#. KIK: the key used to encrypt/decrypt key material (key rotation, adding of new keys)
+
+From the transport security perspective, only KIC and KID are relevant. The KIK (also referenced as "Data Encryption
+Key", DEK) is only used when keys are rotated or new keys are added (see also ETSI TS 102 226, section 8.2.1.5).
+
+When the keyset is programmed into the security domain of the `SIM`, it is tied to a specific cryptographic algorithm
+(3DES, AES128 or AES256) and a so called Key Version Number (KVN). The term "Key Version Number" is misleading, since
+it is actually not a version number. It is a unique identifier of a certain keyset which also identifies for which
+secure channel protocol the keyset may be used. Keysets with a KVN from 1-15 (``0x01``-``0x0F``) are suitable for SCP80.
+This means that it is not only important to know just the KIC/KID/KIK keys. Also the related algorithms and the KVN
+numbers must be known.
+
+.. note:: SCP80 keysets typically start counting from 1 upwards. Typical configurations use a set of 3 keysets with
+	  KVN numbers 1-3.
+
+Addressing an Application
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When communicating with a specific application on a `SIM` via SCP80, it is important to address that application with
+the correct parameters. The following two parameters must be known in advance:
+
+#. TAR: The Toolkit Application Reference (TAR) number is a three byte value that uniquely addresses an application
+   on the `SIM`. The exact values may vary (see also ETSI TS 101 220, Table D.1).
+#. MSL: The Minimum Security Level (MSL) is a bit-field that dictates which of the security measures encoded in the
+   SPI are mandatory (see also ETSI TS 102 225, section 5.1.1).
+
+A practical example
+~~~~~~~~~~~~~~~~~~~
+
+.. note:: This tutorial assumes that pySim-smpp2sim is running on the local machine with its default parameters.
+	  See also :ref:`pySim-smpp2sim`.
+
+Let's assume that an OTA SMS shall be sent to the SIM RFM application of an sysmoISIM-SJA2. What we want to do is to
+select DF.GSM and to get the select response back.
+
+We have received the following key material from the `SIM` vendor:
+
+::
+
+   KIC1: F09C43EE1A0391665CC9F05AF4E0BD10
+   KID1: 01981F4A20999F62AF99988007BAF6CA
+   KIK1: 8F8AEE5CDCC5D361368BC45673D99195
+   KIC2: 01022916E945B656FDE03F806A105FA2
+   KID2: D326CB69F160333CC5BD1495D448EFD6
+   KIK2: 08037E0590DFE049D4975FFB8652F625
+   KIC3: 2B22824D0D27A3A1CEEC512B312082B4
+   KID3: F1697766925A11F4458295590137B672
+   KIK3: C7EE69B2C5A1C8E160DD36A38EB517B3
+
+Those are three keysets. The enumeration is directly equal to the KVN used. All three keysets are 3DES keys, which
+means triple_des_cbc2 is the correct algorithm to use.
+
+.. note:: The key set configuration can be confirmed by retrieving the key configuration using
+	  `get_data key_information` from within an SCP02 session on ADF.ISD.
+
+In this example we intend to address the SIM RFM application on the `SIM`. Which according to the manual has TAR ``B00010``
+and MSL ``0x06``. When we hold ``0x06`` = ``0b00000110`` against the SPI coding chart (see also ETSI TS 102 225,
+section 5.1.1). We can deduct that Ciphering and Cryptographic Checksum are mandatory.
+
+.. note:: The MSL (see also ETSI TS 102 226, section 6.1) is assigned to an application by the `SIM` issuer. It is a
+	  custom decision and may vary with different `SIM` types/profiles. In the case of sysmoISIM-SJS1/SJA2/SJA5 the
+	  counter requirement has been waived to simplify lab/research type use. In productive environments, `SIM`
+	  applications should ideally use an MSL that makes the counter mandatory.
+
+In order to select DF.GSM (``0x7F20``) and to retrieve the select response, two APDUs are needed. The first APDU is the
+select command ``A0A40000027F20`` and the second is the related get-response command ``A0C0000016``. Those APDUs will be
+concatenated and are sent in a single message. The message containing the concatenated APDUs works as a script that
+is received by the SIM RFM application and then executed. This method poses some limitations that have to be taken into
+account when making requests like this (see also ETSI TS 102 226, section 5).
+
+With this information we may now construct a commandline for `smpp-ota-tool.py`. We will pass the KVN as kid_idx and
+kic_idx (see also ETSI TS 102 225, Table 2, fields `KIc` and `KID`). Both index values should refer to the same
+keyset/KVN as keysets should not be mixed. (`smpp-ota-tool` still provides separate parameters anyway to allow testing
+with invalid keyset combinations)
+
+::
+
+   $ PYTHONPATH=./ ./contrib/smpp-ota-tool.py --kic F09C43EE1A0391665CC9F05AF4E0BD10 --kid 01981F4A20999F62AF99988107BAF6CA --kid_idx 1 --kic_idx 1 --algo-crypt triple_des_cbc2 --algo-auth triple_des_cbc2 --tar B00010 --apdu A0A40000027F20 --apdu A0C0000016
+   2026-02-26 17:13:56 INFO Connecting to localhost:2775...
+   2026-02-26 17:13:56 INFO C-APDU sending: a0a40000027f20a0c0000016...
+   2026-02-26 17:13:56 INFO SMS-TPDU sending: 02700000281506191515b00010da1d6cbbd0d11ce4330d844c7408340943e843f67a6d7b0674730881605fd62d...
+   2026-02-26 17:13:56 INFO SMS-TPDU sent, waiting for response...
+   2026-02-26 17:13:56 INFO SMS-TPDU received: 027100002c12b000107ddf58d1780f771638b3975759f4296cf5c31efc87a16a1b61921426baa16da1b5ba1a9951d59a39
+   2026-02-26 17:13:56 INFO SMS-TPDU decoded: (Container(rpl=44, rhl=18, tar=b'\xb0\x00\x10', cntr=b'\x00\x00\x00\x00\x00', pcntr=0, response_status=uEnumIntegerString.new(0, 'por_ok'), cc_rc=b'\x8f\xea\xf5.\xf4\x0e\xc2\x14', secured_data=b'\x02\x90\x00\x00\x00\xff\xff\x7f \x02\x00\x00\x00\x00\x00\t\xb1\x065\x04\x00\x83\x8a\x83\x8a'), Container(number_of_commands=2, last_status_word=u'9000', last_response_data=u'0000ffff7f2002000000000009b106350400838a838a'))
+   2026-02-26 17:13:56 INFO R-APDU received: 0000ffff7f2002000000000009b106350400838a838a 9000
+   0000ffff7f2002000000000009b106350400838a838a 9000
+   2026-02-26 17:13:56 INFO Disconnecting...
+
+The result we see is the select response of DF.GSM and a status word indicating that the last command has been
+processed normally.
+
+As we can see, this mechanism now allows us to perform small administrative tasks remotely. We can read the contents of
+files remotely or make changes to files. Depending on the changes we make, there may be security issues arising from
+replay attacks. With the commandline above, the communication is encrypted and protected by a cryptographic checksum,
+so an adversary can neither read, nor alter the message. However, an adversary could still replay an intercepted
+message and the `SIM` would happily execute the contained APDUs again.
+
+To prevent this, we may include a replay protection counter within the message. In this case, the MSL indicates that a
+replay protection counter is not required. However, to extended the security of our messages, we may chose to use a
+counter anyway. In the following example, we will encode a counter value of 100. We will instruct the `SIM` to make sure
+that the value we send is higher than the counter value that is currently stored in the `SIM`.
+
+To add a replay connection counter we add the commandline arguments `--cntr-req` to set the counter requirement and
+`--cntr` to pass the counter value.
+
+::
+
+   $ PYTHONPATH=./ ./contrib/smpp-ota-tool.py --kic F09C43EE1A0391665CC9F05AF4E0BD10 --kid 01981F4A20999F62AF99988107BAF6CA --kid_idx 1 --kic_idx 1 --algo-crypt triple_des_cbc2 --algo-auth triple_des_cbc2 --tar B00010 --apdu A0A40000027F20 --apdu A0C0000016 --cntr-req counter_must_be_higher --cntr 100
+   2026-02-26 17:16:39 INFO Connecting to localhost:2775...
+   2026-02-26 17:16:39 INFO C-APDU sending: a0a40000027f20a0c0000016...
+   2026-02-26 17:16:39 INFO SMS-TPDU sending: 02700000281516191515b000103a4f599e94f2b5dcfbbda984761b7977df6514c57a580fb4844787c436d2eade...
+   2026-02-26 17:16:39 INFO SMS-TPDU sent, waiting for response...
+   2026-02-26 17:16:39 INFO SMS-TPDU received: 027100002c12b0001049fb0315f6c6401b553867f412cefaf9355b38271178edb342a3bc9cc7e670cdc1f45eea6ffcbb39
+   2026-02-26 17:16:39 INFO SMS-TPDU decoded: (Container(rpl=44, rhl=18, tar=b'\xb0\x00\x10', cntr=b'\x00\x00\x00\x00d', pcntr=0, response_status=uEnumIntegerString.new(0, 'por_ok'), cc_rc=b'\xa9/\xc7\xc9\x00"\xab5', secured_data=b'\x02\x90\x00\x00\x00\xff\xff\x7f \x02\x00\x00\x00\x00\x00\t\xb1\x065\x04\x00\x83\x8a\x83\x8a'), Container(number_of_commands=2, last_status_word=u'9000', last_response_data=u'0000ffff7f2002000000000009b106350400838a838a'))
+   2026-02-26 17:16:39 INFO R-APDU received: 0000ffff7f2002000000000009b106350400838a838a 9000
+   0000ffff7f2002000000000009b106350400838a838a 9000
+   2026-02-26 17:16:39 INFO Disconnecting...
+
+The `SIM` has accepted the message. The message got processed and the `SIM` has set its internal to 100. As an experiment,
+we may try to re-use the counter value:
+
+::
+
+   $ PYTHONPATH=./ ./contrib/smpp-ota-tool.py --kic F09C43EE1A0391665CC9F05AF4E0BD10 --kid 01981F4A20999F62AF99988107BAF6CA --kid_idx 1 --kic_idx 1 --algo-crypt triple_des_cbc2 --algo-auth triple_des_cbc2 --tar B00010 --apdu A0A40000027F20 --apdu A0C0000016 --cntr-req counter_must_be_higher --cntr 100
+   2026-02-26 17:16:43 INFO Connecting to localhost:2775...
+   2026-02-26 17:16:43 INFO C-APDU sending: a0a40000027f20a0c0000016...
+   2026-02-26 17:16:43 INFO SMS-TPDU sending: 02700000281516191515b000103a4f599e94f2b5dcfbbda984761b7977df6514c57a580fb4844787c436d2eade...
+   2026-02-26 17:16:43 INFO SMS-TPDU sent, waiting for response...
+   2026-02-26 17:16:43 INFO SMS-TPDU received: 027100000b0ab0001000000000000006
+   2026-02-26 17:16:43 INFO SMS-TPDU decoded: (Container(rpl=11, rhl=10, tar=b'\xb0\x00\x10', cntr=b'\x00\x00\x00\x00\x00', pcntr=0, response_status=uEnumIntegerString.new(6, 'undefined_security_error'), cc_rc=b'', secured_data=b''), None)
+   Traceback (most recent call last):
+   File "/home/user/work/git_master/pysim/./contrib/smpp-ota-tool.py", line 238, in <module>
+    resp, sw = smpp_handler.transceive_apdu(apdu, opts.src_addr, opts.dest_addr, opts.timeout)
+               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   File "/home/user/work/git_master/pysim/./contrib/smpp-ota-tool.py", line 162, in transceive_apdu
+     raise ValueError("Response does not contain any last_response_data, no R-APDU received!")
+   ValueError: Response does not contain any last_response_data, no R-APDU received!
+   2026-02-26 17:16:43 INFO Disconnecting...
+
+As we can see, the `SIM` has rejected the message with an `undefined_security_error`. The replay-protection-counter
+ensures that a message can only be sent once.
+
+.. note:: The replay-protection-counter is implemented as a 5 byte integer value (see also ETSI TS 102 225, Table 3).
+	  When the counter has reached its maximum, it will not overflow nor can it be reset.
+
+smpp-ota-tool syntax
+~~~~~~~~~~~~~~~~~~~~
+
+.. argparse::
+   :module: contrib.smpp-ota-tool
+   :func: option_parser
+   :prog: contrib/smpp-ota-tool.py
--- a/docs/smpp2sim.rst
+++ b/docs/smpp2sim.rst
@@ -55,3 +55,5 @@ And once your external program is sending SMS to the simulated SMSC, it will log
  SMSPPDownload(DeviceIdentities({'source_dev_id': 'network', 'dest_dev_id': 'uicc'}),Address({'ton_npi': 0, 'call_number': '0123456'}),SMS_TPDU({'tpdu': '400290217ff6227052000000002d02700000281516191212b0000127fa28a5bac69d3c5e9df2c7155dfdde449c826b236215566530787b30e8be5d'}))
  INFO     root: ENVELOPE: d147820283818604001032548b3b400290217ff6227052000000002d02700000281516191212b0000127fa28a5bac69d3c5e9df2c7155dfdde449c826b236215566530787b30e8be5d
  INFO     root: SW 9000: 027100002412b000019a551bb7c28183652de0ace6170d0e563c5e949a3ba56747fe4c1dbbef16642c
+
+.. note:: for sending OTA SMS messages :ref:`smpp-ota-tool` may be used.
--- a/pySim/cdma_ruim.py
+++ b/pySim/cdma_ruim.py
@@ -128,7 +128,7 @@ class EF_AD(TransparentEF):
        cell_test = 0x04

    def __init__(self, fid='6f43', sfid=None, name='EF.AD',
-                 desc='Service Provider Name', size=(3, None), **kwargs):
+                 desc='Administrative Data', size=(3, None), **kwargs):
        super().__init__(fid, sfid=sfid, name=name, desc=desc, size=size, **kwargs)
        self._construct = Struct(
            # Byte 1: Display Condition
--- a/pySim/esim/saip/init.py
+++ b/pySim/esim/saip/init.py
@@ -151,6 +151,8 @@ class File:
        self.df_name = None
        self.fill_pattern = None
        self.fill_pattern_repeat = False
+        self.pstdo = None # pinStatusTemplateDO, mandatory for DF/ADF
+        self.lcsi = None # optional life cycle status indicator
        # apply some defaults from profile
        if self.template:
            self.from_template(self.template)
@@ -278,6 +280,8 @@ class File:
        elif self.file_type in ['MF', 'DF', 'ADF']:
            fdb_dec['file_type'] = 'df'
            fdb_dec['structure'] = 'no_info_given'
+            # pinStatusTemplateDO is mandatory for DF/ADF
+            fileDescriptor['pinStatusTemplateDO'] = self.pstdo
        # build file descriptor based on above input data
        fd_dict = {}
        if len(fdb_dec):
@@ -304,6 +308,8 @@ class File:
            # desired fill or repeat pattern in the "proprietaryEFInfo" element for the EF in Profiles
            # downloaded to a V2.2 or earlier eUICC.
            fileDescriptor['proprietaryEFInfo'] = pefi
+        if self.lcsi:
+            fileDescriptor['lcsi'] = self.lcsi
        logger.debug("%s: to_fileDescriptor(%s)" % (self, fileDescriptor))
        return fileDescriptor

@@ -323,6 +329,8 @@ class File:
        if efFileSize:
            self._file_size = self._decode_file_size(efFileSize)

+        self.pstdo = fileDescriptor.get('pinStatusTemplateDO', None)
+        self.lcsi = fileDescriptor.get('lcsi', None)
        pefi = fileDescriptor.get('proprietaryEFInfo', {})
        securityAttributesReferenced = fileDescriptor.get('securityAttributesReferenced', None)
        if securityAttributesReferenced:
--- a/pySim/esim/saip/batch.py
+++ b/pySim/esim/saip/batch.py
@@ -57,15 +57,18 @@ class BatchPersonalization:
    """

    class ParamAndSrc:
-        'tie a ConfigurableParameter to a source of actual values'
+        """tie a ConfigurableParameter to a source of actual values"""
        def __init__(self, param: ConfigurableParameter, src: param_source.ParamSource):
-            self.param = param
+            if isinstance(param, type):
+                self.param_cls = param
+            else:
+                self.param_cls = param.__class__
            self.src = src

    def __init__(self,
                 n: int,
                 src_pes: ProfileElementSequence,
-                 params: list[ParamAndSrc]=None,
+                 params: list[ParamAndSrc]=[],
                 csv_rows: Generator=None,
                ):
        """
@@ -74,10 +77,10 @@ class BatchPersonalization:
                 copied.
        params: list of ParamAndSrc instances, defining a ConfigurableParameter and corresponding ParamSource to fill in
                profile values.
-        csv_rows: A list or generator producing all CSV rows one at a time, starting with a row containing the column
-                  headers. This is compatible with the python csv.reader. Each row gets passed to
-                  ParamSource.get_next(), such that ParamSource implementations can access the row items.
-                  See param_source.CsvSource.
+        csv_rows: A generator (e.g. iter(list_of_rows)) producing all CSV rows one at a time, starting with a row
+                  containing the column headers. This is compatible with the python csv.reader. Each row gets passed to
+                  ParamSource.get_next(), such that ParamSource implementations can access the row items. See
+                  param_source.CsvSource.
        """
        self.n = n
        self.params = params or []
@@ -85,7 +88,7 @@ class BatchPersonalization:
        self.csv_rows = csv_rows

    def add_param_and_src(self, param:ConfigurableParameter, src:param_source.ParamSource):
-        self.params.append(BatchPersonalization.ParamAndSrc(param=param, src=src))
+        self.params.append(BatchPersonalization.ParamAndSrc(param, src))

    def generate_profiles(self):
        # get first row of CSV: column names
@@ -112,10 +115,10 @@ class BatchPersonalization:
                try:
                    input_value = p.src.get_next(csv_row=csv_row)
                    assert input_value is not None
-                    value = p.param.__class__.validate_val(input_value)
-                    p.param.__class__.apply_val(pes, value)
+                    value = p.param_cls.validate_val(input_value)
+                    p.param_cls.apply_val(pes, value)
                except Exception as e:
-                    raise ValueError(f'{p.param.name} fed by {p.src.name}: {e}') from e
+                    raise ValueError(f'{p.param_cls.get_name()} fed by {p.src.name}: {e}') from e

            yield pes

@@ -129,7 +132,7 @@ class UppAudit(dict):

    @classmethod
    def from_der(cls, der: bytes, params: List, der_size=False, additional_sd_keys=False):
-        '''return a dict of parameter name and set of selected parameter values found in a DER encoded profile. Note:
+        """return a dict of parameter name and set of selected parameter values found in a DER encoded profile. Note:
        some ConfigurableParameter implementations return more than one key-value pair, for example, Imsi returns
        both 'IMSI' and 'IMSI-ACC' parameters.

@@ -151,7 +154,7 @@ class UppAudit(dict):
        Scp80Kvn03. So we would not show kvn 0x04..0x0f in an audit. additional_sd_keys=True includes audits of all SD
        key KVN there may be in the UPP. This helps to spot SD keys that may already be present in a UPP template, with
        unexpected / unusual kvn.
-        '''
+        """

        # make an instance of this class
        upp_audit = cls()
@@ -317,7 +320,7 @@ class BatchAudit(list):
        return batch_audit

    def to_csv_rows(self, headers=True, sort_key=None):
-        '''generator that yields all audits' values as rows, useful feed to a csv.writer.'''
+        """generator that yields all audits' values as rows, useful feed to a csv.writer."""
        columns = set()
        for audit in self:
            columns.update(audit.keys())
--- a/pySim/esim/saip/param_source.py
+++ b/pySim/esim/saip/param_source.py
@@ -37,13 +37,10 @@ class ParamSource:
    name = "none"
    numeric_base = None # or 10 or 16

-    @classmethod
-    def from_str(cls, s:str):
-        """Subclasses implement this:
-           if a parameter source defines some string input magic, override this function.
-           For example, a RandomDigitSource derives the number of digits from the string length,
-           so the user can enter '0000' to get a four digit random number."""
-        return cls(s)
+    def __init__(self, input_str:str):
+        """Subclasses should call super().__init__(input_str) before evaluating self.input_str. Each subclass __init__()
+        may in turn manipulate self.input_str to apply expansions or decodings."""
+        self.input_str = input_str

    def get_next(self, csv_row:dict=None):
        """Subclasses implement this: return the next value from the parameter source.
@@ -51,78 +48,81 @@ class ParamSource:
           This default implementation is an empty source."""
        raise ParamSourceExhaustedExn()

+    @classmethod
+    def from_str(cls, input_str:str):
+        """compatibility with earlier version of ParamSource. Just use the constructor."""
+        return cls(input_str)

 class ConstantSource(ParamSource):
    """one value for all"""
    name = "constant"

-    def __init__(self, val:str):
-        self.val = val
-
    def get_next(self, csv_row:dict=None):
-        return self.val
+        return self.input_str

 class InputExpandingParamSource(ParamSource):

+    def __init__(self, input_str:str):
+        super().__init__(input_str)
+        self.input_str = self.expand_input_str(self.input_str)
+
    @classmethod
-    def expand_str(cls, s:str):
+    def expand_input_str(cls, input_str:str):
        # user convenience syntax '0*32' becomes '00000000000000000000000000000000'
-        if "*" not in s:
-            return s
-        tokens = re.split(r"([^ \t]+)[ \t]*\*[ \t]*([0-9]+)", s)
+        if "*" not in input_str:
+            return input_str
+        # re:                "XX            *        123" with optional spaces
+        tokens = re.split(r"([^ \t]+)[ \t]*\*[ \t]*([0-9]+)", input_str)
        if len(tokens) < 3:
-            return s
+            return input_str
        parts = []
        for unchanged, snippet, repeat_str in zip(tokens[0::3], tokens[1::3], tokens[2::3]):
            parts.append(unchanged)
            repeat = int(repeat_str)
            parts.append(snippet * repeat)
-        return "".join(parts)

-    @classmethod
-    def from_str(cls, s:str):
-        return cls(cls.expand_str(s))
+        return "".join(parts)

 class DecimalRangeSource(InputExpandingParamSource):
    """abstract: decimal numbers with a value range"""

    numeric_base = 10

-    def __init__(self, num_digits, first_value, last_value):
-        """
-        See also from_str().
+    def __init__(self, input_str:str=None, num_digits:int=None, first_value:int=None, last_value:int=None):
+        """Constructor to set up values from a (user entered) string: DecimalRangeSource(input_str).
+        Constructor to set up values directly: DecimalRangeSource(num_digits=3, first_value=123, last_value=456)

-        All arguments are integer values, and are converted to int if necessary, so a string of an integer is fine.
-        num_digits: fixed number of digits (possibly with leading zeros) to generate.
-        first_value, last_value: the decimal range in which to provide digits.
+        num_digits produces leading zeros when first_value..last_value are shorter.
        """
-        num_digits = int(num_digits)
-        first_value = int(first_value)
-        last_value = int(last_value)
+        assert ((input_str is not None and (num_digits, first_value, last_value) == (None, None, None))
+                or (input_str is None and None not in (num_digits, first_value, last_value)))
+
+        if input_str is not None:
+            super().__init__(input_str)
+
+            input_str = self.input_str
+
+            if ".." in input_str:
+                first_str, last_str = input_str.split('..')
+                first_str = first_str.strip()
+                last_str = last_str.strip()
+            else:
+                first_str = input_str.strip()
+                last_str = None
+
+            num_digits = len(first_str)
+            first_value = int(first_str)
+            last_value = int(last_str if last_str is not None else "9" * num_digits)
+
        assert num_digits > 0
        assert first_value <= last_value
        self.num_digits = num_digits
-        self.val_first_last = (first_value, last_value)
+        self.first_value = first_value
+        self.last_value = last_value

    def val_to_digit(self, val:int):
        return "%0*d" % (self.num_digits, val)  # pylint: disable=consider-using-f-string

-    @classmethod
-    def from_str(cls, s:str):
-        s = cls.expand_str(s)
-
-        if ".." in s:
-            first_str, last_str = s.split('..')
-            first_str = first_str.strip()
-            last_str = last_str.strip()
-        else:
-            first_str = s.strip()
-            last_str = None
-
-        first_value = int(first_str)
-        last_value = int(last_str) if last_str is not None else "9" * len(first_str)
-        return cls(num_digits=len(first_str), first_value=first_value, last_value=last_value)
-
 class RandomSourceMixin:
    random_impl = secrets.SystemRandom()

@@ -135,7 +135,7 @@ class RandomDigitSource(DecimalRangeSource, RandomSourceMixin):
        # try to generate random digits that are always different from previously produced random bytes
        attempts = 10
        while True:
-            val = self.random_impl.randint(*self.val_first_last)
+            val = self.random_impl.randint(self.first_value, self.last_value)
            if val in RandomDigitSource.used_keys:
                attempts -= 1
                if attempts:
@@ -150,9 +150,11 @@ class RandomHexDigitSource(InputExpandingParamSource, RandomSourceMixin):
    numeric_base = 16
    used_keys = set()

-    def __init__(self, num_digits):
-        """see from_str()"""
-        num_digits = int(num_digits)
+    def __init__(self, input_str:str):
+        super().__init__(input_str)
+        input_str = self.input_str
+
+        num_digits = len(input_str.strip())
        if num_digits < 1:
            raise ValueError("zero number of digits")
        # hex digits always come in two
@@ -174,23 +176,20 @@ class RandomHexDigitSource(InputExpandingParamSource, RandomSourceMixin):

        return b2h(val)

-    @classmethod
-    def from_str(cls, s:str):
-        s = cls.expand_str(s)
-        return cls(num_digits=len(s.strip()))
-
 class IncDigitSource(DecimalRangeSource):
    """incrementing sequence of digits"""
    name = "incrementing decimal digits"

-    def __init__(self, num_digits, first_value, last_value):
-        super().__init__(num_digits, first_value, last_value)
+    def __init__(self, input_str:str=None, num_digits:int=None, first_value:int=None, last_value:int=None):
+        """input_str: the first value to return, a string of an integer number with optional leading zero digits. The
+        leading zero digits are preserved."""
+        super().__init__(input_str, num_digits, first_value, last_value)
        self.next_val = None
        self.reset()

    def reset(self):
        """Restart from the first value of the defined range passed to __init__()."""
-        self.next_val = self.val_first_last[0]
+        self.next_val = self.first_value

    def get_next(self, csv_row:dict=None):
        val = self.next_val
@@ -200,7 +199,7 @@ class IncDigitSource(DecimalRangeSource):
        returnval = self.val_to_digit(val)

        val += 1
-        if val > self.val_first_last[1]:
+        if val > self.last_value:
            self.next_val = None
        else:
            self.next_val = val
@@ -211,13 +210,15 @@ class CsvSource(ParamSource):
    """apply a column from a CSV row, as passed in to ParamSource.get_next(csv_row)"""
    name = "from CSV"

-    def __init__(self, csv_column):
+    def __init__(self, input_str:str):
+        """self.csv_column = input_str:
+        column name indicating the column to use for this parameter.
+        This name is used in get_next(): the caller passes the current CSV row to get_next(), from which
+        CsvSource picks the column with the name matching csv_column.
        """
-        csv_column: column name indicating the column to use for this parameter.
-                    This name is used in get_next(): the caller passes the current CSV row to get_next(), from which
-                    CsvSource picks the column with the name matching csv_column.
-        """
-        self.csv_column = csv_column
+        """Parse input_str into self.num_digits, self.first_value, self.last_value."""
+        super().__init__(input_str)
+        self.csv_column = self.input_str

    def get_next(self, csv_row:dict=None):
        val = None
--- a/pySim/esim/saip/personalization.py
+++ b/pySim/esim/saip/personalization.py
@@ -22,9 +22,11 @@ import re
 import pprint
 from typing import List, Tuple, Generator, Optional

+from construct.core import StreamError
 from osmocom.tlv import camel_to_snake
 from osmocom.utils import hexstr
 from pySim.utils import enc_iccid, dec_iccid, enc_imsi, dec_imsi, h2b, b2h, rpad, sanitize_iccid
+from pySim.ts_31_102 import EF_AD
 from pySim.ts_51_011 import EF_SMSP
 from pySim.esim.saip import param_source
 from pySim.esim.saip import ProfileElement, ProfileElementSD, ProfileElementSequence
@@ -328,6 +330,7 @@ class DecimalHexParam(DecimalParam):
    @classmethod
    def validate_val(cls, val):
        val = super().validate_val(val)
+        assert isinstance(val, str)
        val = ''.join('%02x' % ord(x) for x in val)
        if cls.rpad is not None:
            c = cls.rpad_char
@@ -337,7 +340,7 @@ class DecimalHexParam(DecimalParam):

    @classmethod
    def decimal_hex_to_str(cls, val):
-        'useful for get_values_from_pes() implementations of subclasses'
+        """useful for get_values_from_pes() implementations of subclasses"""
        if isinstance(val, bytes):
            val = b2h(val)
        assert isinstance(val, hexstr)
@@ -617,7 +620,7 @@ class SmspTpScAddr(ConfigurableParameter):
            # ensure the parameter_indicators.tp_sc_addr is True
            ef_smsp_dec['parameter_indicators']['tp_sc_addr'] = True
            # re-encode into the File body
-            f_smsp.body = ef_smsp.encode_record_bin(ef_smsp_dec, 1)
+            f_smsp.body = ef_smsp.encode_record_bin(ef_smsp_dec, 1, 52)
            #print("SMSP  (new): %s" % f_smsp.body)
            # re-generate the pe.decoded member from the File instance
            pe.file2pe(f_smsp)
@@ -646,6 +649,71 @@ class SmspTpScAddr(ConfigurableParameter):
            yield { cls.name: cls.tuple_to_str((international, digits)) }


+class MncLen(ConfigurableParameter):
+    """MNC length. Must be either 2 or 3. Sets only the MNC length field in EF-AD (Administrative Data)."""
+    name = 'MNC-LEN'
+    allow_chars = '23'
+    strip_chars = ' \t\r\n'
+    numeric_base = 10
+    max_len = 1
+    min_len = 1
+    example_input = '2'
+    default_source = param_source.ConstantSource
+
+    @classmethod
+    def validate_val(cls, val):
+        val = super().validate_val(val)
+        val = int(val)
+        if val not in (2, 3):
+            raise ValueError(f"MNC-LEN must be either 2 or 3, not {val!r}")
+        return val
+
+    @classmethod
+    def apply_val(cls, pes: ProfileElementSequence, val):
+        """val must be an int: either 2 or 3"""
+        for pe in pes.get_pes_for_type('usim'):
+            if not hasattr(pe, 'files'):
+                continue
+            # decode existing values
+            f_ad = pe.files['ef-ad']
+            if not f_ad.body:
+                continue
+            try:
+                ef_ad = EF_AD()
+                ef_ad_dec = ef_ad.decode_bin(f_ad.body)
+            except StreamError:
+                continue
+            if 'mnc_len' not in ef_ad_dec:
+                continue
+            # change mnc_len
+            ef_ad_dec['mnc_len'] = val
+            # re-encode into the File body
+            f_ad.body = ef_ad.encode_bin(ef_ad_dec)
+            pe.file2pe(f_ad)
+
+    @classmethod
+    def get_values_from_pes(cls, pes: ProfileElementSequence):
+        for naa in ('isim',):# 'isim', 'csim'):
+            for pe in pes.get_pes_for_type(naa):
+                if not hasattr(pe, 'files'):
+                    continue
+                f_ad = pe.files.get('ef-ad', None)
+                if f_ad is None:
+                    continue
+
+                try:
+                    ef_ad = EF_AD()
+                    ef_ad_dec = ef_ad.decode_bin(f_ad.body)
+                except StreamError:
+                    continue
+
+                mnc_len = ef_ad_dec.get('mnc_len', None)
+                if mnc_len is None:
+                    continue
+
+                yield { cls.name: str(mnc_len) }
+
+
 class SdKey(BinaryParam):
    """Configurable Security Domain (SD) Key.  Value is presented as bytes.
       Non-abstract implementations are generated in SdKey.generate_sd_key_classes"""
--- a/pySim/global_platform/scp.py
+++ b/pySim/global_platform/scp.py
@@ -266,11 +266,13 @@ class SCP02(SCP):
        super().__init__(*args, **kwargs)

    def dek_encrypt(self, plaintext:bytes) -> bytes:
-        cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB)
+        # See also GPC section B.1.1.2, E.4.7, and E.4.1
+        cipher = DES3.new(self.sk.data_enc, DES.MODE_ECB)
        return cipher.encrypt(plaintext)

    def dek_decrypt(self, ciphertext:bytes) -> bytes:
-        cipher = DES.new(self.card_keys.dek[:8], DES.MODE_ECB)
+        # See also GPC section B.1.1.2, E.4.7, and E.4.1
+        cipher = DES3.new(self.sk.data_enc, DES.MODE_ECB)
        return cipher.decrypt(ciphertext)

    def _compute_cryptograms(self, card_challenge: bytes, host_challenge: bytes):
--- a/tests/card_sanitizer/card_backup_3b9f96801f878031e073fe211b674a357530350265f8_8949440000001155314.script
+++ b/tests/card_sanitizer/card_backup_3b9f96801f878031e073fe211b674a357530350265f8_8949440000001155314.script
@@ -2200,9 +2200,9 @@ update_record 6 fe0112ffb53e96e5ff99731d51ad7beafd0e23ffffffffffffffffffffffffff
 update_record 7 fe02101da012f436d06824ecdd15050419ff9affffffffffffffffffffffffffffffff
 update_record 8 fe02116929a373388ac904aff57ff57f6b3431ffffffffffffffffffffffffffffffff
 update_record 9 fe0212a99245a5dc814e2f4c1aa908e9946e03ffffffffffffffffffffffffffffffff
-update_record 10 fe0310521312c05a9aea93d70d44405172a580ffffffffffffffffffffffffffffffff
-update_record 11 fe0311a9e45c72d45abde7db74261ee0c11b1bffffffffffffffffffffffffffffffff
-update_record 12 fe0312867ba36b5873d60ea8b2cdcf3c0ddddaffffffffffffffffffffffffffffffff
+update_record 10 fe03601111111111111111111111111111111111111111111111111111111111111111
+update_record 11 fe03612222222222222222222222222222222222222222222222222222222222222222
+update_record 12 fe03623333333333333333333333333333333333333333333333333333333333333333
 #
 ################################################################################
 # MF/DF.SYSTEM/EF.SIM_AUTH_COUNTER                                             #
--- a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg
+++ b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg
@@ -1,9 +0,0 @@
-# Card parameter:
-ICCID="8949440000001155314"
-KIC='51D4FC44BCBA7C4589DFADA3297720AF'
-KID='0449699C472CE71E2FB7B56245EF7684'
-
-# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response
-TAR='B00010'
-APDU='A0A40000027F20A0C0000016'
-EXPECTED_RESPONSE='0000ffff7f2002000000000009b106350400838a838a 9000'
--- a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh
+++ b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh
@@ -20,13 +20,14 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

+PYSIM_SHELL=./pySim-shell.py
+PYSIM_SHELL_LOG=./pySim-shell.log
 PYSIM_SMPP2SIM=./pySim-smpp2sim.py
 PYSIM_SMPP2SIM_LOG=./pySim-smpp2sim.log
 PYSIM_SMPP2SIM_PORT=2775
 PYSIM_SMPP2SIM_TIMEOUT=10
 PYSIM_SMPPOTATOOL=./contrib/smpp-ota-tool.py
 PYSIM_SMPPOTATOOL_LOG=./smpp-ota-tool.log
-PYSIM_SHELL=./pySim-shell.py

 function dump_logs {
    echo ""
@@ -44,12 +45,11 @@ function dump_logs {
 function send_test_request {
    echo ""
    echo "Sending request to SMPP server:"
-    TAR=$1
-    C_APDU=$2
-    R_APDU_EXPECTED=$3
+    C_APDU=$1
+    R_APDU_EXPECTED=$2

    echo "Sending: $C_APDU"
-    COMMANDLINE="$PYSIM_SMPPOTATOOL --verbose --port $PYSIM_SMPP2SIM_PORT --kic $KIC --kid $KID --tar $TAR --apdu $C_APDU"
+    COMMANDLINE="$PYSIM_SMPPOTATOOL --verbose --port $PYSIM_SMPP2SIM_PORT --kic $KIC --kid $KID --kic-idx $KEY_INDEX --kid-idx $KEY_INDEX --algo-crypt $ALGO_CRYPT --algo-auth $ALGO_AUTH --tar $TAR --apdu $C_APDU"
    echo "Commandline: $COMMANDLINE"
    R_APDU=`$COMMANDLINE 2> $PYSIM_SMPPOTATOOL_LOG`
    if [ $? -ne 0 ]; then
@@ -57,7 +57,7 @@ function send_test_request {
 	dump_logs
 	exit 1
    fi
-
+    echo ""
    echo "Got response from SMPP server:"
    echo "Sent: $C_APDU"
    echo "Received: $R_APDU"
@@ -68,16 +68,14 @@ function send_test_request {
 	exit 1
    fi
    echo "Response matches the expected response -- success!"
-    echo ""
 }

 function start_smpp_server {
    PCSC_READER=$1
-
-    # Start the SMPP server
    echo ""
    echo "Starting SMPP server:"

+    # Start the SMPP server
    COMMANDLINE="$PYSIM_SMPP2SIM -p $PCSC_READER --smpp-bind-port $PYSIM_SMPP2SIM_PORT --apdu-trace"
    echo "Commandline: $COMMANDLINE"
    $COMMANDLINE > $PYSIM_SMPP2SIM_LOG 2>&1 &
@@ -102,55 +100,117 @@ function start_smpp_server {
    echo "SMPP server reachable (port=$PYSIM_SMPP2SIM_PORT)"
 }

-function find_card_by_iccid {
-    # Find reader number of the card
-    ICCID=$1
+function stop_smpp_server {
+    echo ""
+    echo "Stopping SMPP server:"
+    kill $PYSIM_SMPP2SIM_PID
+    echo "SMPP server stopped (PID=$PYSIM_SMPP2SIM_PID)"
+    trap EXIT
+}

+function find_card_by_iccid_or_eid {
+    ICCID=$1
+    EID=$2
    echo ""
    echo "Searching for card:"
    echo "ICCID: \"$ICCID\""
+    if [ -n "$EID" ]; then
+	echo "EID: \"$EID\""
+    fi

+    # Determine number of available PCSC readers
+    PCSC_READER_COUNT=`pcsc_scan -rn | wc -l`
+
+    # In case an EID is set, search for a card with that EID first
+    if [ -n "$EID" ]; then
+	for PCSC_READER in $(seq 0 $(($PCSC_READER_COUNT-1))); do
+	    echo "probing card (eID) in reader $PCSC_READER ..."
+	    RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select ADF.ISD-R" -e "get_eid" 2> /dev/null | tail -3`
+	    echo $RESULT_JSON | grep $EID > /dev/null
+	    if [ $? -eq 0 ]; then
+		echo "Found card (eID) in reader $PCSC_READER"
+		return $PCSC_READER
+	    fi
+	done
+    fi
+
+    # Search for card with the given ICCID
    if [ -z "$ICCID" ]; then
 	echo "invalid ICCID, zero length ICCID is not allowed! -- abort"
 	exit 1
    fi
-
-    PCSC_READER_COUNT=`pcsc_scan -rn | wc -l`
    for PCSC_READER in $(seq 0 $(($PCSC_READER_COUNT-1))); do
-	echo "probing card in reader $PCSC_READER ..."
-	EF_ICCID_DECODED=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e 'select EF.ICCID' -e 'read_binary_decoded --oneline' 2> /dev/null | tail -1`
-	echo $EF_ICCID_DECODED | grep $ICCID > /dev/null
+	echo "probing card (ICCID) in reader $PCSC_READER ..."
+	RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select EF.ICCID" -e "read_binary_decoded" 2> /dev/null | tail -3`
+	echo $RESULT_JSON | grep $ICCID > /dev/null
 	if [ $? -eq 0 ]; then
-	    echo "Found card in reader $PCSC_READER"
+	    echo "Found card (by ICCID) in reader $PCSC_READER"
 	    return $PCSC_READER
 	fi
    done

-    echo "Card with ICCID \"$ICCID\" not found -- abort"
+    echo "Card not found -- abort"
    exit 1
 }

+function enable_profile {
+    PCSC_READER=$1
+    ICCID=$2
+    EID=$3
+    if [ -z "$EID" ]; then
+	# This is no eUICC, nothing to enable
+	return 0
+    fi
+
+    # Check if the profile is already enabled
+    RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select EF.ICCID" -e "read_binary_decoded" 2> /dev/null | tail -3`
+    ICCID_ENABLED=`echo $RESULT_JSON | jq -r '.iccid'`
+    if [ $ICCID != $ICCID_ENABLED ]; then
+	# Disable the currentle enabled profile
+	echo ""
+	echo "Disabeling currently enabled profile:"
+	echo "ICCID: \"$ICCID\""
+	RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select ADF.ISD-R" -e "disable_profile --iccid $ICCID_ENABLED" 2> /dev/null | tail -3`
+	echo $RESULT_JSON | grep "ok" > /dev/null
+	if [ $? -ne 0 ]; then
+	    echo "unable to disable profile with \"$ICCID_ENABLED\""
+	    exit 1
+	fi
+	echo "profile disabled"
+
+	# Enable the profile we intend to test with
+	echo ""
+	echo "Enabeling profile:"
+	echo "ICCID: \"$ICCID\""
+	RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select ADF.ISD-R" -e "enable_profile --iccid $ICCID" 2> /dev/null | tail -3`
+	echo $RESULT_JSON | grep "ok\|profileNotInDisabledState" > /dev/null
+	if [ $? -ne 0 ]; then
+	    echo "unable to enable profile with \"$ICCID\""
+	    exit 1
+	fi
+	echo "profile enabled"
+    fi
+}
+
 export PYTHONPATH=./

 echo "pySim-smpp2sim_test - a test program to test pySim-smpp2sim.py"
 echo "=============================================================="

-# TODO: At the moment we can only have one card and one testcase. This is
-# sufficient for now. We can extend this later as needed.
-
-# Read test parameters from config from file
-TEST_CONFIG_FILE=${0%.*}.cfg
-echo "using config file: $TEST_CONFIG_FILE"
-if ! [ -e "$TEST_CONFIG_FILE" ]; then
-   echo "test configuration file does not exist! -- abort"
-   exit 1
-fi
-. $TEST_CONFIG_FILE
-
-# Execute testcase
-find_card_by_iccid $ICCID
-start_smpp_server $?
-send_test_request $TAR $APDU "$EXPECTED_RESPONSE"
-
-
+TESTCASE_DIR=`dirname $0`
+for TEST_CONFIG_FILE in $TESTCASE_DIR/testcase_*.cfg ; do
+    echo ""
+    echo "running testcase: $TEST_CONFIG_FILE"
+    . $TEST_CONFIG_FILE
+    find_card_by_iccid_or_eid $ICCID $EID
+    PCSC_READER=$?
+    enable_profile $PCSC_READER $ICCID $EID
+    start_smpp_server $PCSC_READER
+    send_test_request $APDU "$EXPECTED_RESPONSE"
+    stop_smpp_server
+    echo ""
+    echo "testcase ok"
+    echo "--------------------------------------------------------------"
+done

+echo "done."
--- a/tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg
+++ b/tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg
@@ -0,0 +1,17 @@
+# Preparation:
+# This testcase executes against a sysmoISIM-SJA5 card. For the testcase, the
+# key configuration on the card may be used as it is.
+
+# Card parameter:
+ICCID="8949440000001155314" # <-- change to the ICCID of your card!
+EID=""
+KIC='51D4FC44BCBA7C4589DFADA3297720AF' # <-- change to the KIC1 of your card!
+KID='0449699C472CE71E2FB7B56245EF7684' # <-- change to the KID1 of your card!
+KEY_INDEX=1
+ALGO_CRYPT=triple_des_cbc2
+ALGO_AUTH=triple_des_cbc2
+TAR='B00010'
+
+# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response
+APDU='A0A40000027F20A0C0000016'
+EXPECTED_RESPONSE='0000ffff7f2002000000000009b106350400838a838a 9000'
--- a/tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg
+++ b/tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg
@@ -0,0 +1,19 @@
+# Preparation:
+# This testcase executes against a sysmoEUICC1-C2T, which is equipped with the
+# TS48V1-B-UNIQUE test profile from https://test.rsp.sysmocom.de/ (Activation
+# code: 1$smdpp.test.rsp.sysmocom.de$TS48V1-B-UNIQUE). This testprofile must be
+# present on the eUICC before this testcase can be executed.
+
+# Card parameter:
+ICCID="8949449999999990031"
+EID="89049044900000000000000000102355" # <-- change to the EID of your card!
+KIC='66778899aabbccdd1122334455eeff10'
+KID='112233445566778899aabbccddeeff10'
+KEY_INDEX=2
+ALGO_CRYPT=aes_cbc
+ALGO_AUTH=aes_cmac
+TAR='b00120'
+
+# Testcase: Send OTA-SMS that selects DF.ICCID and returns the select response
+APDU='00a40004022fe200C000001d'
+EXPECTED_RESPONSE='621b8202412183022fe2a503d001408a01058b032f06038002000a8800 9000'
--- a/tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg
+++ b/tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg
@@ -0,0 +1,28 @@
+# Preparation:
+# This testcase executes against a sysmoISIM-SJA5 card. Since this card model is
+# shipped with a classic DES key configuration, it is necessary to provision
+# AES128 test keys before this testcase may be executed. The the following
+# pySim-shell command sequence may be used:
+#
+# verify_adm 34173960 # <-- change to the ADM key of your card!
+# select /DF.SYSTEM/EF.0348_KEY
+# update_record 10 fe03601111111111111111111111111111111111111111111111111111111111111111
+# update_record 11 fe03612222222222222222222222222222222222222222222222222222222222222222
+# update_record 12 fe03623333333333333333333333333333333333333333333333333333333333333333
+#
+# This overwrites one of the already existing 3DES SCP02 key (KVN 47) and replaces it
+# with an AES256 SCP80 key (KVN 3).
+
+# Card parameter:
+ICCID="8949440000001155314" # <-- change to the ICCID of your card!
+EID=""
+KIC='1111111111111111111111111111111111111111111111111111111111111111'
+KID='2222222222222222222222222222222222222222222222222222222222222222'
+KEY_INDEX=3
+ALGO_CRYPT=aes_cbc
+ALGO_AUTH=aes_cmac
+TAR='B00010'
+
+# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response
+APDU='A0A40000027F20A0C0000016'
+EXPECTED_RESPONSE='0000ffff7f2002000000000009b106350400838a838a 9000'
--- a/tests/unittests/test_configurable_parameters.py
+++ b/tests/unittests/test_configurable_parameters.py
@@ -310,11 +310,14 @@ class ConfigurableParameterTest(unittest.TestCase):
            p13n.SdKeyScp80Kvn03DesDek,
           #p13n.SdKeyScp80Kvn03DesEnc,
           #p13n.SdKeyScp80Kvn03DesMac,
-            p13n.SdKeyScp81Kvn40Dek   ,
+           #p13n.SdKeyScp81Kvn40AesDek,
+            p13n.SdKeyScp81Kvn40DesDek,
           #p13n.SdKeyScp81Kvn40Tlspsk,
-           #p13n.SdKeyScp81Kvn41Dek   ,
+           #p13n.SdKeyScp81Kvn41AesDek,
+           #p13n.SdKeyScp81Kvn41DesDek,
            p13n.SdKeyScp81Kvn41Tlspsk,
-           #p13n.SdKeyScp81Kvn42Dek   ,
+           #p13n.SdKeyScp81Kvn42AesDek,
+           #p13n.SdKeyScp81Kvn42DesDek,
           #p13n.SdKeyScp81Kvn42Tlspsk,
            ):
Author	SHA1	Message	Date
Neels Hofmeyr	1d28cc512a	sdkeys kv40 aes Change-Id: If5b53c840ebd1f224f9bb4706a602b415194f47b	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	53bf1f3501	MncLen Change-Id: I6c600faeab00ffb072acbe94c9a8b2d1397c07d3	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	8572181e41	smsp Change-Id: I5916529d0f1c6de7f1baa6380d9384ed89d23444	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	7cadab94f8	esim/http_json_api.py: support text/plain response Content-Type Allow returning text/plain Content-Types as 'data' output argument. So far, all the esim/http_json_api functions require a JSON response. However, a specific vendor has a list function where the request is JSON but the response is text/plain CSV data. Allow and return in a dict. Change-Id: Iba6e4cef1048b376050a435a900c0f395655a790	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	ecfcf6057a	Revert "esim/http_json_api: extend JSON API with server functionality" This reverts commit `e00c0becca`.	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	7398327e1c	Revert "esim/http_json_api: add missing apidoc" This reverts commit `0a1c5a27d7`.	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	b9edcb0fb7	Revert "http_json_api: Only require Content-Type if response body is non-empty" This reverts commit `e0a9e73267`.	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	292bf38942	Revert "esim/http_json_api: add alternative API interface" This reverts commit `f9d7c82b4d`.	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	745a60b63b	Revert "esim/http_json_api: add alternative API interface (follow up)" This reverts commit `8b2a49aa8e`.	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	f62ae7bd17	saip: add numeric_base indicator to ConfigurableParameter By default, numeric_base = None, to indicate that there are no explicit limitations on the number space. For parameters that are definitely decimal, set numeric_base = 10. For definitely hexadecimal, set numeric_base = 16. Do the same for ConfigurableParameter as well as ParamSource, so callers can match them up: if a parameter is numeric_base = 10, then omit sources that are numeric_base = 16, and vice versa. Change-Id: Ib0977bbdd9a85167be7eb46dd331fedd529dae01	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	f9a53434ac	saip SmspTpScAddr.get_values_from_pes: allow empty values Change-Id: Ibbdd08f96160579238b50699091826883f2e9f5a	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	a01eeec5c7	SdKey KVN4X ID02: set key_usage_qual=0x48 Related: SYS#7865 Change-Id: Idc5d33a4a003801f60c95fff6931706a9aeb6692	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	abde8db5e1	saip: SdKey.__doc__: update SdKey listing Change-Id: Ib5011b0c7d76b082231744cf09077628dc4e69b7	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	76eddbe4b8	esim.saip.personalization: fix TLSPSK keys Add AES variant of TLSPSK DEK (SCP81 KVN40 key_id=0x02). Change-Id: I713a008fd26bbfcf437e0f29717b753f058ce76a	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	19601a8d81	add comment about not updating existing key_usage_qualifier Change-Id: Ie23ae5fde17be6b37746784bf1601b4d0874397a	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	1c45cff351	test_configurable_parameters.py: add tests for new parameters For: SmspTpScAddr MilenageRotation MilenageXoringConstants TuakNrOfKeccak Change-Id: Iecbea14fe31a9ee08d871dcde7f295d26d7bd001	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	e1beab83af	saip: SmspTpScAddr: fix get_values_from_pes Change-Id: I2010305340499c907bb7618c04c61e194db34814	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	be069ab63a	ConfigurableParameter: safer val length check Change-Id: Ibe91722ed1477b00d20ef5e4e7abd9068ff2f3e4	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	67e695cedd	UppAudit: better indicate exception cause Change-Id: I4d986b89a473a5b12ed56b4710263b034876a33e	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	37eea09c11	remove transitional name mapping This reverts commit I974cb6c393a2ed2248a6240c2722d157e9235c33 Now, finally, all SdKey classes have a unified logical naming scheme. Change-Id: Ic185af4a903c2211a5361d023af9e7c6fc57ae78	2026-03-15 23:50:34 +01:00
Neels Hofmeyr	9e42ba6ba0	transitional name mapping To help existing applications transition to a common naming scheme for the SdKey classes, offer this intermediate result, where the SdKey classes' .name are still unchanged as before generating them. Change-Id: I974cb6c393a2ed2248a6240c2722d157e9235c33	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	965ee38c05	generate sdkey classes from a list Change-Id: Ic92ddea6e1fad8167ea75baf78ffc3eb419838c4	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	ee03065663	saip SmspTpScAddr: safeguard against decoding error Reading the TS48 V6.0 eSIM_GTP_SAIP2.1A_NoBERTLV profile results in an exception [1] in SmspTpScAddr. I have a caller that needs to skip erratic values instead of raising. The underlying issue, I presume, is that either the data needs validation before decode_record_bin(), or decode_record_bin() needs well-defined error handling. So far I know only of this IndexError, so, as a workaround, catch that. [1] File "/pysim/pySim/esim/saip/personalization.py", line 617, in get_values_from_pes ef_smsp_dec = ef_smsp.decode_record_bin(f_smsp.body, 1) File "/pysim/pySim/filesystem.py", line 1047, in decode_record_bin return parse_construct(self._construct, raw_bin_data) File "/application/venv/lib/python3.13/site-packages/osmocom/construct.py", line 550, in parse_construct parsed = c.parse(raw_bin_data, total_len=length, context) File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 404, in parse return self.parse_stream(io.BytesIO(data), contextkw) ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 416, in parse_stream return self._parsereport(stream, context, "(parsing)") ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 428, in _parsereport obj = self._parse(stream, context, path) File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 2236, in _parse subobj = sc._parsereport(stream, context, path) File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 428, in _parsereport obj = self._parse(stream, context, path) File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 2770, in _parse return self.subcon._parsereport(stream, context, path) ~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^ File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 428, in _parsereport obj = self._parse(stream, context, path) File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 2236, in _parse subobj = sc._parsereport(stream, context, path) File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 428, in _parsereport obj = self._parse(stream, context, path) File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 2770, in _parse return self.subcon._parsereport(stream, context, path) ~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^ File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 428, in _parsereport obj = self._parse(stream, context, path) File "/application/venv/lib/python3.13/site-packages/construct/core.py", line 820, in _parse return self._decode(obj, context, path) ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^ File "/application/venv/lib/python3.13/site-packages/osmocom/construct.py", line 268, in _decode if r[-1] == 'f': ~^^^^ File "/application/venv/lib/python3.13/site-packages/osmocom/utils.py", line 50, in __getitem__ return hexstr(super().__getitem__(val)) ~~~~~~~~~~~~~~~~~~~^^^^^ IndexError: string index out of range Change-Id: Ic436e206776b81f24de126e8ee0ae8bf5f3e8d7a	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	8bf53239a1	saip/param_source: try to not repeat random values Change-Id: I4fa743ef5677580f94b9df16a5051d1d178edeb0	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	f11ac56db1	use secrets.SystemRandom as secure random nr source secrets.SystemRandom is defined as the most secure random source available on the given operating system. Change-Id: I8049cd1292674b3ced82b0926569128535af6efe	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	93014f67ff	use random.SystemRandom as random nr source (/dev/urandom) /dev/urandom is somewhat better than python's PRNG Change-Id: I6de38c14ac6dd55bc84d53974192509c18d02bfa	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	c9786fa72e	add test_param_src.py Change-Id: I03087b84030fddae98b965e0075d44e04ec6ba5c	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	05cf68a4a4	param_source: allow plugging a random implementation (for testing) Change-Id: Idce2b18af70c17844d6f09f7704efc869456ac39	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	5544a0f7c9	personalization: add int as input type for BinaryParameter Change-Id: I31d8142cb0847a8b291f8dc614d57cb4734f0190	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	76d4ff8842	personalization.ConfigurableParameter: fix BytesIO() input Change-Id: I0ad160eef9015e76eef10baee7c6b606fe249123	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	1d5f18a747	add test_configurable_parameters.py Change-Id: Ia55f0d11f8197ca15a948a83a34b3488acf1a0b4	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	2ba685fdea	ConfigurableParameter: do not magically overwrite the 'name' attribute Change-Id: I6f631444c6addeb7ccc5f6c55b9be3dc83409169	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	9f18a0ff56	personalization audit: optionally audit all (unknown) SD keys By a flag, allow to audit also all Security Domain KVN that we have not created ConfigurableParameter subclasses for. For example, SCP80 has reserved kvn 0x01..0x0f, but we offer only Scp80Kvn01, Scp80Kvn02, Scp80Kvn03. So we would not show kvn 0x03..0x0f in an audit. This patch includes audits of all SD key kvn there may be in the UPP. This will help to spot SD keys that may already be present in a UPP template, with unexpected / unusual kvn. Change-Id: Icaf6f7b589f117868633c0968a99f2f0252cf612	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	48022c94a0	personalization: implement UppAudit and BatchAudit Change-Id: Iaab336ca91b483ecdddd5c6c8e08dc475dc6bd0a	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	07faf3aaa7	comment in uicc.py on Security Domain Keys: add SCP81 Change-Id: Ib0205880f58e78c07688b4637abd5f67ea0570d1	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	bd358a2621	personalization: fix SdKey.apply_val() implementation 'securityDomain' elements are decoded to ProfileElementSD instances, which keep higher level representations of the key data apart from the decoded[] lists. So far, apply_val() was dropping binary values in decoded[], which does not work, because ProfileElementSD._pre_encode() overwrites self.decoded[] from the higher level representation. Implement using - ProfileElementSD.find_key() and SecurityDomainKeyComponent to modify an exsiting entry, or - ProfileElementSD.add_key() to create a new entry. Before this patch, SdKey parameters seemed to patch PES successfully, but their modifications did not end up in the encoded DER. (BTW, this does not fix any other errors that may still be present in the various SdKey subclasses, patches coming up.) Related: SYS#6768 Change-Id: I07dfc378705eba1318e9e8652796cbde106c6a52	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	2347b47e79	personalization: add get_typical_input_len() to ConfigurableParameter The aim is to tell a user interface how wide an input text field should be chosen to be convenient -- ideally showing the entire value in all cases, but not too huge for fields that have no sane size limit. Change-Id: I2568a032167a10517d4d75d8076a747be6e21890	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	8fd3487f86	personalization: make AlgorithmID a new EnumParam The AlgorithmID has a few preset values, and hardly anyone knows which is which. So instead of entering '1', '2' or '3', make it work with prededined values 'Milenage', 'TUAK' and 'usim-test'. Implement the enum value part abstractly in new EnumParam. Make AlgorithmID a subclass of EnumParam and define the values as from pySim/esim/asn1/saip/PE_Definitions-3.3.1.asn Related: SYS#6768 Change-Id: I71c2ec1b753c66cb577436944634f32792353240	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	1f50f29546	personalization: indicate default ParamSource per ConfigurableParameter Add default_source class members pointing to ParamSource classes to all ConfigurableParameter subclasses. This is useful to automatically set up a default ParamSource for a given ConfigurableParameter subclass, during user interaction to produce a batch personalization. For example, if the user selects a Pin1 parameter, a calling program can implicitly set this to a RandomDigitSource, which will magically make it work the way that most users need. BTW, default_source and default_value can be combined to configure a matching ParamSource instance: my_source = MyParam.default_source.from_str( MyParam.default_value ) Change-Id: Ie58d13bce3fa1aa2547cf3cee918c2f5b30a8b32	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	f77a602139	personalization: allow reading back multiple values from PES Change-Id: Iecb68af7c216c6b9dc3add469564416b6f37f7b2	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	1e0b3b35d4	personalization: implement reading back values from a PES Implement get_values_from_pes(), the reverse direction of apply_val(): read back and return values from a ProfileElementSequence. Implement for all ConfigurableParameter subclasses. Future: SdKey.get_values_from_pes() is reading pe.decoded[], which works fine, but I07dfc378705eba1318e9e8652796cbde106c6a52 will change this implementation to use the higher level ProfileElementSD members. Implementation detail: Implement get_values_from_pes() as classmethod that returns a generator. Subclasses should yield all occurences of their parameter in a given PES. For example, the ICCID can appear in multiple places. Iccid.get_values_from_pes() yields all of the individual values. A set() of the results quickly tells whether the PES is consistent. Rationales for reading back values: This allows auditing an eSIM profile, particularly for producing an output.csv from a batch personalization (that generated lots of random key material which now needs to be fed to an HLR...). Reading back from a binary result is more reliable than storing the values that were fed into a personalization. By auditing final DER results with this code, I discovered: - "oh, there already was some key material in my UPP template." - "all IMSIs ended up the same, forgot to set up the parameter." - the SdKey.apply() implementations currently don't work, see I07dfc378705eba1318e9e8652796cbde106c6a52 for a fix. Change-Id: I234fc4317f0bdc1a486f0cee4fa432c1dce9b463	2026-03-15 23:50:33 +01:00
Neels Hofmeyr	ee0853a149	personalization: add param_source.py, add batch.py Implement pySim.esim.saip.batch.BatchPersonalization, generating N eSIM profiles from a preset configuration. Batch parameters can be fed by a constant, incrementing, random or from CSV rows: add pySim.esim.saip.param_source.* classes to feed such input to each of the BatchPersonalization's ConfigurableParameter instances. Related: SYS#6768 Change-Id: I01ae40a06605eb205bfb409189fcd2b3a128855a	2026-03-15 23:50:33 +01:00
Vadim Yanitskiy	a5a5865c7c	cdma_ruim: fix copy-pasted desc for EF.AD Change-Id: I2338f35c21978dd6b8916c0abd57b94f5e087655	2026-03-10 17:43:10 +00:00
Harald Welte	3752aeb94e	pySim.esim.saip.File: Support pinStatusTemplateDO + lcsi The tuples defining a DF or ADF in an eSIM template must contain a pinStatusTemplateDO. When parsing tuples into a File() instance, we must save it, and re-create it at the time we re-encode that file. Same applies to the lcsi (life cycle state indicator), which may optionally exist for any file. Change-Id: I073aa4374f2cd664d07fa0224bf0d4c809cdf4aa Closes: OS#6955	2026-03-10 16:34:48 +00:00
Philipp Maier	914abe3309	docs/smpp-ota-tool: Add documentation/tutorial We already have documentation that explains how to run pySim-smpp2sim. With smpp-ota-tool we now have a counterpart for pySim-smpp2sim, so let's add documentation for this tool as well. Related: SYS#7881 Change-Id: If0d18a263f5a6dc035b90f5c5c6a942d46bbba49	2026-03-10 09:23:03 +00:00
Philipp Maier	84754b6ebb	contrib/smpp-ota-tool: define commandline arguments in global scope The commandline arguments are currently defined under __main__ in a private scope. From there they are not reachable to the sphinx argparse module. We have to define the arguments globally at the top. (like in the other applications) Related: SYS#7881 Change-Id: I2d9782e3f5b1cac78c22d206fdcac4118c7d5e7c	2026-03-10 09:23:03 +00:00
Philipp Maier	c47005d408	contrib/smpp-ota-tool: use '-' instead of '_' in command line args Some commandline arguments have an underscore in their name. Let's replace those with dashes. Change-Id: Icbe9d753d59263997e9ca34d46ed0daca36ca16c Related: SYS#6868	2026-03-10 09:23:03 +00:00
Philipp Maier	2dfaac6e4f	contrib/smpp-ota-tool: fix description string (copy+paste error) Change-Id: I559844bfa1ac372370ef9d148f2f8a6bf4ab4ef5 Related: SYS#6868	2026-03-10 09:23:03 +00:00
Philipp Maier	a615ba5138	tests/pySim-smpp2sim_test: add testcases for AES128 and AES256 Extend the existing test script so that it can handle multiple testcases. Also add support for switching eUICC profiles. Finally, add a testcases to test OTA-SMS (RFM) with AES128 and AES256 encryption. Change-Id: I1f10504f3a29a8c74a17991632d932819fecfa5a Related: OS#6868	2026-03-10 09:23:03 +00:00
Philipp Maier	8ee10ab1a5	tests/pySim-smpp2sim_test/card_sanitizer: update card backup with new test keyset In our test setup we run the card_sanitizer.py script regualary to ensure that we have consistent start conditions when running our tests. In case a testcase crashes for some reason and leaves messed up files on a test card. The card_sanitizer.py script will ensure that any problem like that is cleaned up over night. For the testcases we are about to add in the patch following this one, we need to provision a new test keyset to one of our test cards. This has been already done manually. However since the card_sanitizer still has the old keys in its backup we will have to update that as well. Change-Id: I5aa8a413b19b3e43a79d03e904daab50b4b1e767 Related: OS#6868	2026-03-10 09:23:03 +00:00
Philipp Maier	f10af30aed	global_platform/scp: fix dek_encrypt/dek_decrypt for SCP02 The methods dek_encrypt/dek_decrypt use the wrong algorithm and the wrong key material. The algorithm should be 3DES rather then single DES and the key must be the DEK session key instead of the static DEK key from which the DEK session key is derived. Related: SYS#7902 Change-Id: I3d0cc7378680b346fa39152c8b7074446d2c869d	2026-03-06 15:51:19 +01:00