public/pysim
1
0
Fork 1
mirror of https://gitea.osmocom.org/sim-card/pysim.git synced 2026-03-24 22:38:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

docs: Bring osmo-smdpp documentation up to date with code

Browse Source 
Change-Id: Ibaab1fadd5d35ecdb356bed1820074b1b0a1752e
Closes: OS#6418
This commit is contained in:
Harald Welte
2024-09-16 09:56:16 +02:00
committed by laforge
parent 8e42a12048
commit ad3d73e734
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
docs/osmo-smdpp.rst
View File

@@ -19,15 +19,20 @@ support for profile personalization yet.
osmo-smdpp currently osmo-smdpp currently
* uses test certificates copied from GSMA SGP.26 into `./smdpp-data/certs`, assuming that your osmo-smdppp * [by default] uses test certificates copied from GSMA SGP.26 into `./smdpp-data/certs`, assuming that your
would be running at the host name `testsmdpplus1.example.com` osmo-smdppp would be running at the host name `testsmdpplus1.example.com`. You can of course replace those
certificates with your own, whether SGP.26 derived or part of a *private root CA* setup with mathcing eUICCs.
* doesn't understand profile state. Any profile can always be downloaded any number of times, irrespective * doesn't understand profile state. Any profile can always be downloaded any number of times, irrespective
of the EID or whether it was donwloaded before of the EID or whether it was donwloaded before. This is actually very useful for R&D and testing, as it
* doesn't perform any personalization, so the IMSI/ICCID etc. are always identical doesn't require you to generate new profiles all the time. This logic of course is unsuitable for
production usage.
* doesn't perform any personalization, so the IMSI/ICCID etc. are always identical (the ones that are stored in
the respective UPP `.der` files)
* **is absolutely insecure**, as it * **is absolutely insecure**, as it
* does not perform any certificate verification * does not perform all of the mandatory certificate verification (it checks the certificate chain, but not
* does not evaluate/consider any *Matching ID* or *Confirmation Code* the expiration dates nor any CRL)
* does not evaluate/consider any *Confirmation Code*
* stores the sessions in an unencrypted _python shelve_ and is hence leaking one-time key materials * stores the sessions in an unencrypted _python shelve_ and is hence leaking one-time key materials
used for profile encryption and signing. used for profile encryption and signing.
@@ -82,7 +87,8 @@ osmo-smdpp currently doesn't have any configuration file or command line options
and it will bind its plain-HTTP ES9+ interface to local TCP port 8000. and it will bind its plain-HTTP ES9+ interface to local TCP port 8000.
The `smdpp-data/certs`` directory contains the DPtls, DPauth and DPpb as well as CI certificates The `smdpp-data/certs`` directory contains the DPtls, DPauth and DPpb as well as CI certificates
used; they are copied from GSMA SGP.26 v2. used; they are copied from GSMA SGP.26 v2. You can of course replace them with custom certificates
if you're operating eSIM with a *private root CA*.
The `smdpp-data/upp` directory contains the UPP (Unprotected Profile Package) used. The file names (without The `smdpp-data/upp` directory contains the UPP (Unprotected Profile Package) used. The file names (without
.der suffix) are looked up by the matchingID parameter from the activation code presented by the LPA. .der suffix) are looked up by the matchingID parameter from the activation code presented by the LPA.