phone-side
/
osmocom-bb
mirror of https://gerrit.osmocom.org/osmocom-bb
9
0
Fork 0
Code Issues Releases Wiki Activity
osmocom-bb/src/host/layer23/src/mobile/subscriber.c

1354 lines
33 KiB
C
Raw Blame History

/*
* (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
*
* All Rights Reserved
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
*/
#include <stdint.h>
#include <errno.h>
#include <string.h>
#include <arpa/inet.h>
#include <osmocom/core/talloc.h>
#include <osmocom/crypt/auth.h>
#include <osmocom/bb/common/logging.h>
#include <osmocom/bb/common/osmocom_data.h>
#include <osmocom/bb/common/sap_interface.h>
#include <osmocom/bb/common/sap_proto.h>
#include <osmocom/bb/common/networks.h>
#include <osmocom/bb/mobile/vty.h>
/* enable to get an empty list of forbidden PLMNs, even if stored on SIM.
* if list is changed, the result is not written back to SIM */
//#define TEST_EMPTY_FPLMN
static void subscr_sim_query_cb(struct osmocom_ms *ms, struct msgb *msg);
static void subscr_sim_update_cb(struct osmocom_ms *ms, struct msgb *msg);
static void subscr_sim_key_cb(struct osmocom_ms *ms, struct msgb *msg);
/*
* support
*/
char *gsm_check_imsi(const char *imsi)
{
int i;
if (!imsi || strlen(imsi) != 15)
return "IMSI must have 15 digits!";
for (i = 0; i < strlen(imsi); i++) {
if (imsi[i] < '0' || imsi[i] > '9')
return "IMSI must have digits 0 to 9 only!";
}
return NULL;
}
static char *sim_decode_bcd(uint8_t *data, uint8_t length)
{
int i, j = 0;
static char result[32], c;
for (i = 0; i < (length << 1); i++) {
if ((i & 1))
c = (data[i >> 1] >> 4);
else
c = (data[i >> 1] & 0xf);
if (c == 0xf)
break;
result[j++] = c + '0';
if (j == sizeof(result) - 1)
break;
}
result[j] = '\0';
return result;
}
/*
* init/exit
*/
int gsm_subscr_init(struct osmocom_ms *ms)
{
struct gsm_subscriber *subscr = &ms->subscr;
memset(subscr, 0, sizeof(*subscr));
subscr->ms = ms;
/* set TMSI / LAC invalid */
subscr->tmsi = 0xffffffff;
subscr->lac = 0x0000;
/* set key invalid */
subscr->key_seq = 7;
/* any cell selection timer timeout */
subscr->any_timeout = ms->settings.any_timeout;
/* init lists */
INIT_LLIST_HEAD(&subscr->plmn_list);
INIT_LLIST_HEAD(&subscr->plmn_na);
/* open SIM */
subscr->sim_handle_query = sim_open(ms, subscr_sim_query_cb);
subscr->sim_handle_update = sim_open(ms, subscr_sim_update_cb);
subscr->sim_handle_key = sim_open(ms, subscr_sim_key_cb);
return 0;
}
int gsm_subscr_exit(struct osmocom_ms *ms)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct llist_head *lh, *lh2;
if (subscr->sim_handle_query) {
sim_close(ms, subscr->sim_handle_query);
subscr->sim_handle_query = 0;
}
if (subscr->sim_handle_update) {
sim_close(ms, subscr->sim_handle_update);
subscr->sim_handle_update = 0;
}
if (subscr->sim_handle_key) {
sim_close(ms, subscr->sim_handle_key);
subscr->sim_handle_key = 0;
}
/* flush lists */
llist_for_each_safe(lh, lh2, &subscr->plmn_list) {
llist_del(lh);
talloc_free(lh);
}
llist_for_each_safe(lh, lh2, &subscr->plmn_na) {
llist_del(lh);
talloc_free(lh);
}
return 0;
}
/*
* test card
*/
/* Attach test card, no SIM must be currently attached */
int gsm_subscr_testcard(struct osmocom_ms *ms, uint16_t mcc, uint16_t mnc,
uint16_t lac, uint32_t tmsi, uint8_t imsi_attached)
{
struct gsm_settings *set = &ms->settings;
struct gsm_subscriber *subscr = &ms->subscr;
struct msgb *nmsg;
char *error;
if (subscr->sim_valid) {
LOGP(DMM, LOGL_ERROR, "Cannot insert card, until current card "
"is detached.\n");
return -EBUSY;
}
error = gsm_check_imsi(set->test_imsi);
if (error) {
LOGP(DMM, LOGL_ERROR, "%s\n", error);
return -EINVAL;
}
/* reset subscriber */
gsm_subscr_exit(ms);
gsm_subscr_init(ms);
subscr->sim_type = GSM_SIM_TYPE_TEST;
sprintf(subscr->sim_name, "test");
subscr->sim_valid = 1;
if (imsi_attached && set->test_rplmn_valid) {
subscr->imsi_attached = imsi_attached;
subscr->ustate = GSM_SIM_U1_UPDATED;
} else
subscr->ustate = GSM_SIM_U2_NOT_UPDATED;
subscr->acc_barr = set->test_barr; /* we may access barred cell */
subscr->acc_class = 0xffff; /* we have any access class */
subscr->plmn_valid = set->test_rplmn_valid;
subscr->plmn_mcc = mcc;
subscr->plmn_mnc = mnc;
subscr->mcc = mcc;
subscr->mnc = mnc;
subscr->lac = lac;
subscr->tmsi = tmsi;
subscr->always_search_hplmn = set->test_always;
subscr->t6m_hplmn = 1; /* try to find home network every 6 min */
strcpy(subscr->imsi, set->test_imsi);
LOGP(DMM, LOGL_INFO, "(ms %s) Inserting test card (IMSI=%s %s, %s)\n",
ms->name, subscr->imsi, gsm_imsi_mcc(subscr->imsi),
gsm_imsi_mnc(subscr->imsi));
if (subscr->plmn_valid)
LOGP(DMM, LOGL_INFO, "-> Test card registered to %s %s 0x%04x"
"(%s, %s)\n", gsm_print_mcc(mcc),
gsm_print_mnc(mnc), lac, gsm_get_mcc(mcc),
gsm_get_mnc(mcc, mnc));
else
LOGP(DMM, LOGL_INFO, "-> Test card not registered\n");
if (subscr->imsi_attached)
LOGP(DMM, LOGL_INFO, "-> Test card attached\n");
/* insert card */
nmsg = gsm48_mmr_msgb_alloc(GSM48_MMR_REG_REQ);
if (!nmsg)
return -ENOMEM;
gsm48_mmr_downmsg(ms, nmsg);
return 0;
}
/*
* sim card
*/
static int subscr_sim_iccid(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
strcpy(subscr->iccid, sim_decode_bcd(data, length));
sprintf(subscr->sim_name, "sim-%s", subscr->iccid);
LOGP(DMM, LOGL_INFO, "received ICCID %s from SIM\n", subscr->iccid);
return 0;
}
static int subscr_sim_imsi(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
char *imsi;
/* get actual length */
if (length < 1)
return -EINVAL;
if (data[0] + 1 < length) {
LOGP(DMM, LOGL_NOTICE, "invalid length = %d\n", length);
return -EINVAL;
}
length = data[0];
/* decode IMSI, skip first digit (parity) */
imsi = sim_decode_bcd(data + 1, length);
if (strlen(imsi) - 1 > GSM_IMSI_LENGTH - 1 || strlen(imsi) - 1 < 6) {
LOGP(DMM, LOGL_NOTICE, "IMSI invalid length = %zu\n",
strlen(imsi) - 1);
return -EINVAL;
}
OSMO_STRLCPY_ARRAY(subscr->imsi, imsi + 1);
LOGP(DMM, LOGL_INFO, "received IMSI %s from SIM\n", subscr->imsi);
return 0;
}
static int subscr_sim_loci(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct gsm1111_ef_loci *loci;
if (length < 11)
return -EINVAL;
loci = (struct gsm1111_ef_loci *) data;
/* TMSI */
subscr->tmsi = ntohl(loci->tmsi);
/* LAI */
gsm48_decode_lai_hex(&loci->lai, &subscr->mcc, &subscr->mnc,
&subscr->lac);
/* location update status */
switch (loci->lupd_status & 0x07) {
case 0x00:
subscr->ustate = GSM_SIM_U1_UPDATED;
break;
case 0x02:
case 0x03:
subscr->ustate = GSM_SIM_U3_ROAMING_NA;
break;
default:
subscr->ustate = GSM_SIM_U2_NOT_UPDATED;
}
LOGP(DMM, LOGL_INFO, "received LOCI from SIM (mcc=%s mnc=%s lac=0x%04x "
"U%d)\n", gsm_print_mcc(subscr->mcc),
gsm_print_mnc(subscr->mnc), subscr->lac, subscr->ustate);
return 0;
}
static int subscr_sim_msisdn(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct gsm1111_ef_adn *adn;
if (length < sizeof(*adn))
return -EINVAL;
adn = (struct gsm1111_ef_adn *) (data + length - sizeof(*adn));
/* empty */
subscr->msisdn[0] = '\0';
if (adn->len_bcd <= 1)
return 0;
/* number */
if (((adn->ton_npi & 0x70) >> 4) == 1)
strcpy(subscr->msisdn, "+");
if (((adn->ton_npi & 0x70) >> 4) == 2)
strcpy(subscr->msisdn, "0");
strncat(subscr->msisdn, sim_decode_bcd(adn->number, adn->len_bcd - 1),
sizeof(subscr->msisdn) - 2);
LOGP(DMM, LOGL_INFO, "received MSISDN %s from SIM\n", subscr->msisdn);
return 0;
}
static int subscr_sim_smsp(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct gsm1111_ef_smsp *smsp;
if (length < sizeof(*smsp))
return -EINVAL;
smsp = (struct gsm1111_ef_smsp *) (data + length - sizeof(*smsp));
/* empty */
subscr->sms_sca[0] = '\0';
/* TS-Service Centre Address */
if (!(smsp->par_ind & 0x02) && smsp->ts_sca[0] <= 11) {
if (((smsp->ts_sca[1] & 0x70) >> 4) == 1)
strcpy(subscr->sms_sca, "+");
if (((smsp->ts_sca[1] & 0x70) >> 4) == 2)
strcpy(subscr->sms_sca, "0");
gsm48_decode_bcd_number2(subscr->sms_sca + strlen(subscr->sms_sca),
sizeof(subscr->sms_sca) - strlen(subscr->sms_sca),
smsp->ts_sca, sizeof(smsp->ts_sca), 1);
}
LOGP(DMM, LOGL_INFO, "received SMSP from SIM (sca=%s)\n",
subscr->sms_sca);
return 0;
}
static int subscr_sim_kc(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
if (length < 9)
return -EINVAL;
/* key */
memcpy(subscr->key, data, 8);
/* key sequence */
subscr->key_seq = data[8] & 0x07;
LOGP(DMM, LOGL_INFO, "received KEY from SIM\n");
return 0;
}
static int subscr_sim_plmnsel(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct gsm_sub_plmn_list *plmn;
struct llist_head *lh, *lh2;
uint8_t lai[5];
uint16_t dummy_lac;
/* flush list */
llist_for_each_safe(lh, lh2, &subscr->plmn_list) {
llist_del(lh);
talloc_free(lh);
}
while(length >= 3) {
/* end of list inside mandatory fields */
if (data[0] == 0xff && data[1] == 0xff && data[2] == 0x0ff)
break;
/* add to list */
plmn = talloc_zero(ms, struct gsm_sub_plmn_list);
if (!plmn)
return -ENOMEM;
lai[0] = data[0];
lai[1] = data[1];
lai[2] = data[2];
gsm48_decode_lai_hex((struct gsm48_loc_area_id *)lai,
&plmn->mcc, &plmn->mnc, &dummy_lac);
llist_add_tail(&plmn->entry, &subscr->plmn_list);
LOGP(DMM, LOGL_INFO, "received PLMN selector (mcc=%s mnc=%s) "
"from SIM\n",
gsm_print_mcc(plmn->mcc), gsm_print_mnc(plmn->mnc));
data += 3;
length -= 3;
}
return 0;
}
static int subscr_sim_hpplmn(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
if (length < 1)
return -EINVAL;
/* HPLMN search interval */
subscr->t6m_hplmn = *data; /* multiple of 6 minutes */
LOGP(DMM, LOGL_INFO, "received HPPLMN %d (%d mins) from SIM\n",
subscr->t6m_hplmn, subscr->t6m_hplmn * 6);
return 0;
}
static int subscr_sim_spn(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
int i;
/* UCS2 code not supported */
if (length < 17 || data[1] >= 0x80)
return -ENOTSUP;
data++;
for (i = 0; i < 16; i++) {
if (*data == 0xff)
break;
subscr->sim_spn[i] = *data++;
}
subscr->sim_spn[i] = '\0';
LOGP(DMM, LOGL_INFO, "received SPN %s from SIM\n", subscr->sim_spn);
return 0;
}
static int subscr_sim_acc(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
uint16_t ac;
if (length < 2)
return -EINVAL;
/* cell access */
memcpy(&ac, data, sizeof(ac));
subscr->acc_class = ntohs(ac);
LOGP(DMM, LOGL_INFO, "received ACC %04x from SIM\n", subscr->acc_class);
return 0;
}
static int subscr_sim_fplmn(struct osmocom_ms *ms, uint8_t *data,
uint8_t length)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct gsm_sub_plmn_na *na;
struct llist_head *lh, *lh2;
uint8_t lai[5];
uint16_t dummy_lac;
#ifdef TEST_EMPTY_FPLMN
return 0;
#endif
/* flush list */
llist_for_each_safe(lh, lh2, &subscr->plmn_na) {
llist_del(lh);
talloc_free(lh);
}
while (length >= 3) {
/* end of list inside mandatory fields */
if (data[0] == 0xff && data[1] == 0xff && data[2] == 0x0ff)
break;
/* add to list */
na = talloc_zero(ms, struct gsm_sub_plmn_na);
if (!na)
return -ENOMEM;
lai[0] = data[0];
lai[1] = data[1];
lai[2] = data[2];
gsm48_decode_lai_hex((struct gsm48_loc_area_id *)lai, &na->mcc,
&na->mnc, &dummy_lac);
LOGP(DMM, LOGL_INFO, "received Forbidden PLMN %s %s from SIM\n",
gsm_print_mcc(na->mcc), gsm_print_mnc(na->mnc));
na->cause = -1; /* must have a value, but SIM stores no cause */
llist_add_tail(&na->entry, &subscr->plmn_na);
data += 3;
length -= 3;
}
return 0;
}
static struct subscr_sim_file {
uint8_t mandatory;
uint16_t path[MAX_SIM_PATH_LENGTH];
uint16_t file;
uint8_t sim_job;
int (*func)(struct osmocom_ms *ms, uint8_t *data,
uint8_t length);
} subscr_sim_files[] = {
{ 1, { 0 }, 0x2fe2, SIM_JOB_READ_BINARY, subscr_sim_iccid },
{ 1, { 0x7f20, 0 }, 0x6f07, SIM_JOB_READ_BINARY, subscr_sim_imsi },
{ 1, { 0x7f20, 0 }, 0x6f7e, SIM_JOB_READ_BINARY, subscr_sim_loci },
{ 0, { 0x7f20, 0 }, 0x6f20, SIM_JOB_READ_BINARY, subscr_sim_kc },
{ 0, { 0x7f20, 0 }, 0x6f30, SIM_JOB_READ_BINARY, subscr_sim_plmnsel },
{ 0, { 0x7f20, 0 }, 0x6f31, SIM_JOB_READ_BINARY, subscr_sim_hpplmn },
{ 0, { 0x7f20, 0 }, 0x6f46, SIM_JOB_READ_BINARY, subscr_sim_spn },
{ 0, { 0x7f20, 0 }, 0x6f78, SIM_JOB_READ_BINARY, subscr_sim_acc },
{ 0, { 0x7f20, 0 }, 0x6f7b, SIM_JOB_READ_BINARY, subscr_sim_fplmn },
{ 0, { 0x7f10, 0 }, 0x6f40, SIM_JOB_READ_RECORD, subscr_sim_msisdn },
{ 0, { 0x7f10, 0 }, 0x6f42, SIM_JOB_READ_RECORD, subscr_sim_smsp },
{ 0, { 0 }, 0, 0, NULL }
};
/* request file from SIM */
static int subscr_sim_request(struct osmocom_ms *ms)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct subscr_sim_file *sf = &subscr_sim_files[subscr->sim_file_index];
struct msgb *nmsg;
struct sim_hdr *nsh;
int i;
/* we are done, fire up PLMN and cell selection process */
if (!sf->func) {
LOGP(DMM, LOGL_INFO, "(ms %s) Done reading SIM card "
"(IMSI=%s %s, %s)\n", ms->name, subscr->imsi,
gsm_imsi_mcc(subscr->imsi), gsm_imsi_mnc(subscr->imsi));
/* if LAI is valid, set RPLMN */
if (subscr->lac > 0x0000 && subscr->lac < 0xfffe) {
subscr->plmn_valid = 1;
subscr->plmn_mcc = subscr->mcc;
subscr->plmn_mnc = subscr->mnc;
LOGP(DMM, LOGL_INFO, "-> SIM card registered to %s %s "
"(%s, %s)\n", gsm_print_mcc(subscr->plmn_mcc),
gsm_print_mnc(subscr->plmn_mnc),
gsm_get_mcc(subscr->plmn_mcc),
gsm_get_mnc(subscr->plmn_mcc,
subscr->plmn_mnc));
} else
LOGP(DMM, LOGL_INFO, "-> SIM card not registered\n");
/* insert card */
nmsg = gsm48_mmr_msgb_alloc(GSM48_MMR_REG_REQ);
if (!nmsg)
return -ENOMEM;
gsm48_mmr_downmsg(ms, nmsg);
return 0;
}
/* trigger SIM reading */
nmsg = gsm_sim_msgb_alloc(subscr->sim_handle_query,
sf->sim_job);
if (!nmsg)
return -ENOMEM;
nsh = (struct sim_hdr *) nmsg->data;
i = 0;
while (sf->path[i]) {
nsh->path[i] = sf->path[i];
i++;
}
nsh->path[i] = 0; /* end of path */
nsh->file = sf->file;
nsh->rec_no = 1;
nsh->rec_mode = 0x04;
LOGP(DMM, LOGL_INFO, "Requesting SIM file 0x%04x\n", nsh->file);
sim_job(ms, nmsg);
return 0;
}
static void subscr_sim_query_cb(struct osmocom_ms *ms, struct msgb *msg)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct sim_hdr *sh = (struct sim_hdr *) msg->data;
uint8_t *payload = msg->data + sizeof(*sh);
uint16_t payload_len = msg->len - sizeof(*sh);
int rc;
struct subscr_sim_file *sf = &subscr_sim_files[subscr->sim_file_index];
struct msgb *nmsg;
/* error handling */
if (sh->job_type == SIM_JOB_ERROR) {
uint8_t cause = payload[0];
switch (cause) {
/* unlocking required */
case SIM_CAUSE_PIN1_REQUIRED:
LOGP(DMM, LOGL_INFO, "PIN is required, %d tries left\n",
payload[1]);
vty_notify(ms, NULL);
vty_notify(ms, "Please give PIN for ICCID %s (you have "
"%d tries left)\n", subscr->iccid, payload[1]);
subscr->sim_pin_required = 1;
break;
case SIM_CAUSE_PIN1_BLOCKED:
LOGP(DMM, LOGL_NOTICE, "PIN is blocked\n");
vty_notify(ms, NULL);
vty_notify(ms, "PIN is blocked\n");
if (payload[1]) {
vty_notify(ms, "Please give PUC for ICCID %s "
"(you have %d tries left)\n",
subscr->iccid, payload[1]);
}
subscr->sim_pin_required = 1;
break;
case SIM_CAUSE_PUC_BLOCKED:
LOGP(DMM, LOGL_NOTICE, "PUC is blocked\n");
vty_notify(ms, NULL);
vty_notify(ms, "PUC is blocked\n");
subscr->sim_pin_required = 1;
break;
default:
if (sf->func && !sf->mandatory) {
LOGP(DMM, LOGL_NOTICE, "SIM reading failed, "
"ignoring!\n");
goto ignore;
}
LOGP(DMM, LOGL_NOTICE, "SIM reading failed\n");
vty_notify(ms, NULL);
vty_notify(ms, "SIM failed, replace SIM!\n");
/* detach simcard */
subscr->sim_valid = 0;
nmsg = gsm48_mmr_msgb_alloc(GSM48_MMR_NREG_REQ);
if (!nmsg)
return;
gsm48_mmr_downmsg(ms, nmsg);
}
msgb_free(msg);
return;
}
/* if pin was successfully unlocked, then resend request */
if (subscr->sim_pin_required) {
subscr->sim_pin_required = 0;
subscr_sim_request(ms);
return;
}
/* done when nothing more to read. this happens on PIN requests */
if (!sf->func)
return;
/* call function do decode SIM reply */
rc = sf->func(ms, payload, payload_len);
if (rc) {
LOGP(DMM, LOGL_NOTICE, "SIM reading failed, file invalid\n");
if (subscr_sim_files[subscr->sim_file_index].mandatory) {
vty_notify(ms, NULL);
vty_notify(ms, "SIM failed, data invalid, replace "
"SIM!\n");
msgb_free(msg);
return;
}
}
ignore:
msgb_free(msg);
/* trigger next file */
subscr->sim_file_index++;
subscr_sim_request(ms);
}
/* enter PIN */
void gsm_subscr_sim_pin(struct osmocom_ms *ms, char *pin1, char *pin2,
int8_t mode)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct msgb *nmsg;
uint8_t job;
/* skip, if no real valid SIM */
if (!GSM_SIM_IS_READER(subscr->sim_type))
return;
switch (mode) {
case -1:
job = SIM_JOB_PIN1_DISABLE;
LOGP(DMM, LOGL_INFO, "disabling PIN %s\n", pin1);
break;
case 1:
job = SIM_JOB_PIN1_ENABLE;
LOGP(DMM, LOGL_INFO, "enabling PIN %s\n", pin1);
break;
case 2:
job = SIM_JOB_PIN1_CHANGE;
LOGP(DMM, LOGL_INFO, "changing PIN %s to %s\n", pin1, pin2);
break;
case 99:
job = SIM_JOB_PIN1_UNBLOCK;
LOGP(DMM, LOGL_INFO, "unblocking PIN %s with PUC %s\n", pin1,
pin2);
break;
default:
if (!subscr->sim_pin_required) {
LOGP(DMM, LOGL_ERROR, "No PIN required now\n");
return;
}
LOGP(DMM, LOGL_INFO, "entering PIN %s\n", pin1);
job = SIM_JOB_PIN1_UNLOCK;
}
nmsg = gsm_sim_msgb_alloc(subscr->sim_handle_query, job);
if (!nmsg)
return;
memcpy(msgb_put(nmsg, strlen(pin1) + 1), pin1, strlen(pin1) + 1);
memcpy(msgb_put(nmsg, strlen(pin2) + 1), pin2, strlen(pin2) + 1);
sim_job(ms, nmsg);
}
/* Attach SIM reader, no SIM must be currently attached */
int gsm_subscr_simcard(struct osmocom_ms *ms)
{
struct gsm_subscriber *subscr = &ms->subscr;
if (subscr->sim_valid) {
LOGP(DMM, LOGL_ERROR, "Cannot attach card, until current card "
"is detached.\n");
return -EBUSY;
}
/* reset subscriber */
gsm_subscr_exit(ms);
gsm_subscr_init(ms);
subscr->sim_type = GSM_SIM_TYPE_L1PHY;
sprintf(subscr->sim_name, "sim");
subscr->sim_valid = 1;
subscr->ustate = GSM_SIM_U2_NOT_UPDATED;
/* start with first index */
subscr->sim_file_index = 0;
return subscr_sim_request(ms);
}
/* update plmn not allowed list on SIM */
static int subscr_write_plmn_na(struct osmocom_ms *ms)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct msgb *nmsg;
struct sim_hdr *nsh;
struct gsm_sub_plmn_na *na, *nas[4] = { NULL, NULL, NULL, NULL };
int count = 0, i;
uint8_t *data;
uint8_t lai[5];
#ifdef TEST_EMPTY_FPLMN
return 0;
#endif
/* skip, if no real valid SIM */
if (!GSM_SIM_IS_READER(subscr->sim_type) || !subscr->sim_valid)
return 0;
/* get tail list from "PLMN not allowed" */
llist_for_each_entry(na, &subscr->plmn_na, entry) {
if (count < 4)
nas[count] = na;
else {
nas[0] = nas[1];
nas[1] = nas[2];
nas[2] = nas[3];
nas[3] = na;
}
count++;
}
/* write to SIM */
LOGP(DMM, LOGL_INFO, "Updating FPLMN on SIM\n");
nmsg = gsm_sim_msgb_alloc(subscr->sim_handle_update,
SIM_JOB_UPDATE_BINARY);
if (!nmsg)
return -ENOMEM;
nsh = (struct sim_hdr *) nmsg->data;
data = msgb_put(nmsg, 12);
nsh->path[0] = 0x7f20;
nsh->path[1] = 0;
nsh->file = 0x6f7b;
for (i = 0; i < 4; i++) {
if (nas[i]) {
gsm48_encode_lai_hex((struct gsm48_loc_area_id *)lai,
nas[i]->mcc, nas[i]->mnc, 0);
*data++ = lai[0];
*data++ = lai[1];
*data++ = lai[2];
} else {
*data++ = 0xff;
*data++ = 0xff;
*data++ = 0xff;
}
}
sim_job(ms, nmsg);
return 0;
}
/* update LOCI on SIM */
int gsm_subscr_write_loci(struct osmocom_ms *ms)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct msgb *nmsg;
struct sim_hdr *nsh;
struct gsm1111_ef_loci *loci;
/* skip, if no real valid SIM */
if (!GSM_SIM_IS_READER(subscr->sim_type) || !subscr->sim_valid)
return 0;
LOGP(DMM, LOGL_INFO, "Updating LOCI on SIM\n");
/* write to SIM */
nmsg = gsm_sim_msgb_alloc(subscr->sim_handle_update,
SIM_JOB_UPDATE_BINARY);
if (!nmsg)
return -ENOMEM;
nsh = (struct sim_hdr *) nmsg->data;
nsh->path[0] = 0x7f20;
nsh->path[1] = 0;
nsh->file = 0x6f7e;
loci = (struct gsm1111_ef_loci *)msgb_put(nmsg, sizeof(*loci));
/* TMSI */
loci->tmsi = htonl(subscr->tmsi);
/* LAI */
gsm48_encode_lai_hex(&loci->lai, subscr->mcc, subscr->mnc, subscr->lac);
/* TMSI time */
loci->tmsi_time = 0xff;
/* location update status */
switch (subscr->ustate) {
case GSM_SIM_U1_UPDATED:
loci->lupd_status = 0x00;
break;
case GSM_SIM_U3_ROAMING_NA:
loci->lupd_status = 0x03;
break;
default:
loci->lupd_status = 0x01;
}
sim_job(ms, nmsg);
return 0;
}
static void subscr_sim_update_cb(struct osmocom_ms *ms, struct msgb *msg)
{
struct sim_hdr *sh = (struct sim_hdr *) msg->data;
uint8_t *payload = msg->data + sizeof(*sh);
/* error handling */
if (sh->job_type == SIM_JOB_ERROR)
LOGP(DMM, LOGL_NOTICE, "SIM update failed (cause %d)\n",
*payload);
msgb_free(msg);
}
int gsm_subscr_generate_kc(struct osmocom_ms *ms, uint8_t key_seq,
uint8_t *rand, uint8_t no_sim)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct msgb *nmsg;
struct sim_hdr *nsh;
/* not a SIM */
if (!GSM_SIM_IS_READER(subscr->sim_type)
|| !subscr->sim_valid || no_sim) {
struct gsm48_mm_event *nmme;
LOGP(DMM, LOGL_INFO, "Sending dummy authentication response\n");
nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_AUTH_RESPONSE);
if (!nmsg)
return -ENOMEM;
nmme = (struct gsm48_mm_event *) nmsg->data;
nmme->sres[0] = 0x12;
nmme->sres[1] = 0x34;
nmme->sres[2] = 0x56;
nmme->sres[3] = 0x78;
gsm48_mmevent_msg(ms, nmsg);
return 0;
}
/* test SIM */
if (subscr->sim_type == GSM_SIM_TYPE_TEST) {
struct gsm48_mm_event *nmme;
struct gsm_settings *set = &ms->settings;
static struct osmo_sub_auth_data auth = {
.type = OSMO_AUTH_TYPE_GSM
};
struct osmo_auth_vector _vec;
struct osmo_auth_vector *vec = &_vec;
auth.algo = set->test_ki_type;
memcpy(auth.u.gsm.ki, set->test_ki, sizeof(auth.u.gsm.ki));
int ret = osmo_auth_gen_vec(vec, &auth, rand);
if (ret < 0)
return ret;
/* store sequence */
subscr->key_seq = key_seq;
memcpy(subscr->key, vec->kc, 8);
LOGP(DMM, LOGL_INFO, "Sending authentication response\n");
nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_AUTH_RESPONSE);
if (!nmsg)
return -ENOMEM;
nmme = (struct gsm48_mm_event *) nmsg->data;
memcpy(nmme->sres, vec->sres, 4);
gsm48_mmevent_msg(ms, nmsg);
return 0;
}
LOGP(DMM, LOGL_INFO, "Generating KEY at SIM\n");
/* command to SIM */
nmsg = gsm_sim_msgb_alloc(subscr->sim_handle_key, SIM_JOB_RUN_GSM_ALGO);
if (!nmsg)
return -ENOMEM;
nsh = (struct sim_hdr *) nmsg->data;
nsh->path[0] = 0x7f20;
nsh->path[1] = 0;
/* random */
memcpy(msgb_put(nmsg, 16), rand, 16);
/* store sequence */
subscr->key_seq = key_seq;
sim_job(ms, nmsg);
return 0;
}
static void subscr_sim_key_cb(struct osmocom_ms *ms, struct msgb *msg)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct sim_hdr *sh = (struct sim_hdr *) msg->data;
uint8_t *payload = msg->data + sizeof(*sh);
uint16_t payload_len = msg->len - sizeof(*sh);
struct msgb *nmsg;
struct sim_hdr *nsh;
struct gsm48_mm_event *nmme;
uint8_t *data;
/* error handling */
if (sh->job_type == SIM_JOB_ERROR) {
LOGP(DMM, LOGL_NOTICE, "key generation on SIM failed "
"(cause %d)\n", *payload);
msgb_free(msg);
return;
}
if (payload_len < 12) {
LOGP(DMM, LOGL_NOTICE, "response from SIM too short\n");
return;
}
/* store key */
memcpy(subscr->key, payload + 4, 8);
/* write to SIM */
LOGP(DMM, LOGL_INFO, "Updating KC on SIM\n");
nmsg = gsm_sim_msgb_alloc(subscr->sim_handle_update,
SIM_JOB_UPDATE_BINARY);
if (!nmsg)
return;
nsh = (struct sim_hdr *) nmsg->data;
nsh->path[0] = 0x7f20;
nsh->path[1] = 0;
nsh->file = 0x6f20;
data = msgb_put(nmsg, 9);
memcpy(data, subscr->key, 8);
data[8] = subscr->key_seq;
sim_job(ms, nmsg);
/* return signed response */
nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_AUTH_RESPONSE);
if (!nmsg)
return;
nmme = (struct gsm48_mm_event *) nmsg->data;
memcpy(nmme->sres, payload, 4);
gsm48_mmevent_msg(ms, nmsg);
msgb_free(msg);
}
/*
* detach
*/
/* Detach card */
int gsm_subscr_remove(struct osmocom_ms *ms)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct msgb *nmsg;
if (!subscr->sim_valid) {
LOGP(DMM, LOGL_ERROR, "Cannot remove card, no card present\n");
return -EINVAL;
}
/* remove card */
nmsg = gsm48_mmr_msgb_alloc(GSM48_MMR_NREG_REQ);
if (!nmsg)
return -ENOMEM;
gsm48_mmr_downmsg(ms, nmsg);
return 0;
}
/*
* state and lists
*/
static const char *subscr_ustate_names[] = {
"U0_NULL",
"U1_UPDATED",
"U2_NOT_UPDATED",
"U3_ROAMING_NA"
};
/* change to new U state */
void new_sim_ustate(struct gsm_subscriber *subscr, int state)
{
LOGP(DMM, LOGL_INFO, "(ms %s) new state %s -> %s\n", subscr->ms->name,
subscr_ustate_names[subscr->ustate],
subscr_ustate_names[state]);
subscr->ustate = state;
}
/* del forbidden PLMN. if MCC==0, flush complete list */
int gsm_subscr_del_forbidden_plmn(struct gsm_subscriber *subscr, uint16_t mcc,
uint16_t mnc)
{
struct gsm_sub_plmn_na *na, *na2;
int deleted = 0;
llist_for_each_entry_safe(na, na2, &subscr->plmn_na, entry) {
if (!mcc || (na->mcc == mcc && na->mnc == mnc)) {
LOGP(DPLMN, LOGL_INFO, "Delete from list of forbidden "
"PLMNs (mcc=%s, mnc=%s)\n",
gsm_print_mcc(mcc), gsm_print_mnc(mnc));
llist_del(&na->entry);
talloc_free(na);
deleted = 1;
if (mcc)
break;
}
}
if (deleted) {
/* update plmn not allowed list on SIM */
subscr_write_plmn_na(subscr->ms);
}
return -EINVAL;
}
/* add forbidden PLMN */
int gsm_subscr_add_forbidden_plmn(struct gsm_subscriber *subscr, uint16_t mcc,
uint16_t mnc, uint8_t cause)
{
struct gsm_sub_plmn_na *na;
/* if already in the list, remove and add to tail */
gsm_subscr_del_forbidden_plmn(subscr, mcc, mnc);
LOGP(DPLMN, LOGL_INFO, "Add to list of forbidden PLMNs "
"(mcc=%s, mnc=%s)\n", gsm_print_mcc(mcc), gsm_print_mnc(mnc));
na = talloc_zero(subscr->ms, struct gsm_sub_plmn_na);
if (!na)
return -ENOMEM;
na->mcc = mcc;
na->mnc = mnc;
na->cause = cause ? : -1; /* cause 0 is not allowed */
llist_add_tail(&na->entry, &subscr->plmn_na);
/* don't add Home PLMN to SIM */
if (subscr->sim_valid && gsm_match_mnc(mcc, mnc, subscr->imsi))
return -EINVAL;
/* update plmn not allowed list on SIM */
subscr_write_plmn_na(subscr->ms);
return 0;
}
/* search forbidden PLMN */
int gsm_subscr_is_forbidden_plmn(struct gsm_subscriber *subscr, uint16_t mcc,
uint16_t mnc)
{
struct gsm_sub_plmn_na *na;
llist_for_each_entry(na, &subscr->plmn_na, entry) {
if (na->mcc == mcc && na->mnc == mnc)
return 1;
}
return 0;
}
int gsm_subscr_get_key_seq(struct osmocom_ms *ms, struct gsm_subscriber *subscr)
{
if (ms->settings.force_rekey)
return 7;
else
return subscr->key_seq;
}
int gsm_subscr_dump_forbidden_plmn(struct osmocom_ms *ms,
void (*print)(void *, const char *, ...), void *priv)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct gsm_sub_plmn_na *temp;
print(priv, "MCC |MNC |cause\n");
print(priv, "-------+-------+-------\n");
llist_for_each_entry(temp, &subscr->plmn_na, entry)
print(priv, "%s |%s%s |#%d\n",
gsm_print_mcc(temp->mcc), gsm_print_mnc(temp->mnc),
((temp->mnc & 0x00f) == 0x00f) ? " ":"", temp->cause);
return 0;
}
/* dump subscriber */
void gsm_subscr_dump(struct gsm_subscriber *subscr,
void (*print)(void *, const char *, ...), void *priv)
{
int i;
struct gsm_sub_plmn_list *plmn_list;
struct gsm_sub_plmn_na *plmn_na;
print(priv, "Mobile Subscriber of MS '%s':\n", subscr->ms->name);
if (!subscr->sim_valid) {
print(priv, " No SIM present.\n");
return;
}
print(priv, " IMSI: %s\n", subscr->imsi);
if (subscr->iccid[0])
print(priv, " ICCID: %s\n", subscr->iccid);
if (subscr->sim_spn[0])
print(priv, " Service Provider Name: %s\n", subscr->sim_spn);
if (subscr->msisdn[0])
print(priv, " MSISDN: %s\n", subscr->msisdn);
if (subscr->sms_sca[0])
print(priv, " SMS Service Center Address: %s\n",
subscr->sms_sca);
print(priv, " Status: %s IMSI %s", subscr_ustate_names[subscr->ustate],
(subscr->imsi_attached) ? "attached" : "detached");
if (subscr->tmsi != 0xffffffff)
print(priv, " TMSI 0x%08x", subscr->tmsi);
if (subscr->lac > 0x0000 && subscr->lac < 0xfffe) {
print(priv, "\n");
print(priv, " LAI: MCC %s MNC %s LAC 0x%04x "
"(%s, %s)\n", gsm_print_mcc(subscr->mcc),
gsm_print_mnc(subscr->mnc), subscr->lac,
gsm_get_mcc(subscr->mcc),
gsm_get_mnc(subscr->mcc, subscr->mnc));
} else
print(priv, " LAI: invalid\n");
if (subscr->key_seq != 7) {
print(priv, " Key: sequence %d ", subscr->key_seq);
for (i = 0; i < sizeof(subscr->key); i++)
print(priv, " %02x", subscr->key[i]);
print(priv, "\n");
}
if (subscr->plmn_valid)
print(priv, " Registered PLMN: MCC %s MNC %s (%s, %s)\n",
gsm_print_mcc(subscr->plmn_mcc),
gsm_print_mnc(subscr->plmn_mnc),
gsm_get_mcc(subscr->plmn_mcc),
gsm_get_mnc(subscr->plmn_mcc, subscr->plmn_mnc));
print(priv, " Access barred cells: %s\n",
(subscr->acc_barr) ? "yes" : "no");
print(priv, " Access classes:");
for (i = 0; i < 16; i++)
if ((subscr->acc_class & (1 << i)))
print(priv, " C%d", i);
print(priv, "\n");
if (!llist_empty(&subscr->plmn_list)) {
print(priv, " List of preferred PLMNs:\n");
print(priv, " MCC |MNC\n");
print(priv, " -------+-------\n");
llist_for_each_entry(plmn_list, &subscr->plmn_list, entry)
print(priv, " %s |%s (%s, %s)\n",
gsm_print_mcc(plmn_list->mcc),
gsm_print_mnc(plmn_list->mnc),
gsm_get_mcc(plmn_list->mcc),
gsm_get_mnc(plmn_list->mcc, plmn_list->mnc));
}
if (!llist_empty(&subscr->plmn_na)) {
print(priv, " List of forbidden PLMNs:\n");
print(priv, " MCC |MNC |cause\n");
print(priv, " -------+-------+-------\n");
llist_for_each_entry(plmn_na, &subscr->plmn_na, entry)
print(priv, " %s |%s%s |#%d "
"(%s, %s)\n", gsm_print_mcc(plmn_na->mcc),
gsm_print_mnc(plmn_na->mnc),
((plmn_na->mnc & 0x00f) == 0x00f) ? " ":"",
plmn_na->cause, gsm_get_mcc(plmn_na->mcc),
gsm_get_mnc(plmn_na->mcc, plmn_na->mnc));
}
}
/*
* SAP interface integration
*/
/* Attach SIM card over SAP */
int gsm_subscr_sapcard(struct osmocom_ms *ms)
{
struct gsm_subscriber *subscr = &ms->subscr;
struct msgb *nmsg;
int rc;
if (subscr->sim_valid) {
LOGP(DMM, LOGL_ERROR, "Cannot insert card, until current card "
"is detached.\n");
return -EBUSY;
}
/* reset subscriber */
gsm_subscr_exit(ms);
gsm_subscr_init(ms);
subscr->sim_type = GSM_SIM_TYPE_SAP;
sprintf(subscr->sim_name, "sap");
subscr->sim_valid = 1;
/* Try to connect to the SAP interface */
vty_notify(ms, NULL);
vty_notify(ms, "Connecting to the SAP interface...\n");
rc = sap_open(ms);
if (rc < 0) {
LOGP(DSAP, LOGL_ERROR, "Failed during sap_open(), no SAP based SIM reader\n");
vty_notify(ms, "SAP connection error!\n");
ms->sap_wq.bfd.fd = -1;
/* Detach SIM */
subscr->sim_valid = 0;
nmsg = gsm48_mmr_msgb_alloc(GSM48_MMR_NREG_REQ);
if (!nmsg)
return -ENOMEM;
gsm48_mmr_downmsg(ms, nmsg);
return rc;
}
return 0;
}
/* Deattach sapcard */
int gsm_subscr_remove_sapcard(struct osmocom_ms *ms)
{
return sap_close(ms);
}
int gsm_subscr_sap_rsp_cb(struct osmocom_ms *ms, int res_code,
uint8_t res_type, uint16_t param_len, const uint8_t *param_val)
{
struct msgb *msg;
int rc = 0;
/* Response parameter is not encoded in case of error */
if (res_code != SAP_RESULT_OK_REQ_PROC_CORR)
goto ignore_rsp;
switch (res_type) {
case SAP_TRANSFER_APDU_RESP:
/* Prevent NULL-pointer dereference */
if (!param_len || !param_val) {
rc = -EINVAL;
goto ignore_rsp;
}
/* FIXME: why do we use this length? */
msg = msgb_alloc(GSM_SAP_LENGTH, "sap_apdu");
if (!msg) {
rc = -ENOMEM;
goto ignore_rsp;
}
msg->data = msgb_put(msg, param_len);
memcpy(msg->data, param_val, param_len);
return sim_apdu_resp(ms, msg);
case SAP_TRANSFER_ATR_RESP:
/* TODO: don't read SIM again (if already) */
LOGP(DSAP, LOGL_INFO, "SAP card is ready, start reading...\n");
return subscr_sim_request(ms);
default:
rc = -ENOTSUP;
goto ignore_rsp;
}
return 0;
ignore_rsp:
LOGP(DSAP, LOGL_NOTICE, "Ignored SAP response '%s' (code=%d)\n",
get_value_string(sap_msg_names, res_type), res_code);
return rc;
}
View Git Blame Copy Permalink