Let's simply use the matchingId for filesystem lookup of the UPP file.
This way we can have any number of profiles by simply creating the
respeective files.
Change-Id: I0bc3a14b9fdfcc6322917dd0c69d8295de486950
This adds classes for describing profile templates as well
as derived classes defining the profile templates of the
"Profile Interoperability Technical Specification", specifically
it's "ANNEX A (Normative): File Structure Templates Definition"
We need a machine-readable definition of those templates, so
we can fully interpret an unprotected profile package (UPP),
as the UPP usually only contains the increment/difference to
a given teplate.
Change-Id: I79bc0a480450ca2de4b687ba6f11d0a4ea4f14c8
This is sadly required as the Interoperable Profile format must process
elements of an ASN.1 sequence in order, which doesn't work if the parser
puts the elements in a python dict.
The osmocom fork of asn1tools hence uses OrderedDict to work around
this problem.
Change-Id: Id28fcf060f491bb3d76aa6d8026aa76058edb675
When replacing a file's contents, we must not just remove any
fillFileContent tuples, but also the fillFileOffset.
Change-Id: I3e4d97ae9de8a78f7bc0165ece5954481568b800
PERM-AR-DO actually originates in a different spec than all other parts
of the ara_m.py, so let's explicitly mention that.
Change-Id: I6e0014c323f605860d0f70cd0c04d7e461e8a9de
In case SELECT doesn't return any response data, we must reset
the lchan.selected_file_fcp* members to None to prevent pySim-shell
preventing stale data from the previously selected file.
Change-Id: Ia04b8634e328e604e8df7e8d59b7fd532242d2ca
As the ARA-M applet is a GlobalPlatform applet, its SELECT response
decoding should be used, not the ETSI EUICC TS 102 221 fall-back.
Change-Id: I1a30b88a385f6de663aa837483dd32c0d104856f
Encoding an empty AID-REF-DO (4F) is neccessary to achieve the meaning
described in "Secure Element Access Control - Public Release v1.0"
Table 6-1: "Empty: Indicates that the rules to be stored or retrieved
are associated with all SE applications not covered by a specific rule".
Change-Id: Iac6c3d78bc9ce36bac47589e5f7a0cc78e2efc38
We can only choose a CI certificate which is supported both by the eUICC
as well as which has signed our own SM-DP+ certificates.
Change-Id: I0b9130f06d501ca7d484063d56d606cfdd2544f4
This command is used for installation of GlobalPlatform keys. We only
implement the command without secure messaging at this point, as it is
used during card personalization. Authentication will later be handled
by generic implementations of SCP02 and/or SCP03.
Change-Id: Icffe9e7743266d7262fbf440dd361b21eed7c5cf
In If30c5d31b4e7dd60d3a5cfb1d1cbdcf61741a50e we introduced a store_data
comamnd, but forgot to add it to the pySim-shell manual.
Change-Id: I6039818c2c0c5373b4a4ef1e33e152de7fbbd01a
The patch introducing the is_hexstr type into the argparser was
accidentially also introduce in two locations where we actually don't
expect a hex-string.
This is a partial revert of I6426ea864bec82be60554dd125961a48d7751904
Change-Id: I3c3d2a2753aa7a2566a3b1add7ba70c86499d293
Closes: #6331
If we are not 'equipped' as we could not detect any known applications
on the card, we used to only permit the 'apdu' command. However, we
should also permit the 'reset' command, as it also is something that's
possible with ever card, even of unknown types.
Change-Id: I23199da727973d7095ac18031f49e1e8423aa287
Some specs call it 'invalidated', others call it 'deactivated'. If the
user is unfamiliar with this, the error message about "invalidated"
might not be obvious enough; let's also mention 'deactivated' in the
message and explicitly mention that it needs to be activated before use.
Change-Id: I91488b0e7dc25a8970022b09e575485a4165eefa
With the definitions from this commit, we can build key loading
TLVs, which is used to load ECC keys into eUICCs.
Change-Id: I853c94d37939ef3dd795f893232b0276a5a4af81
The DGI encoding is specified in Annex B of the
"GlobalPlatform Systems Scripting Language Specification v1.1.0"
which is an "archived" specification that is no longer published
by GlobalPlatform, despite it being referenced from the GlobalPlatform
Card Specification v2.3, which is the basis of the GSMA eSIM
specifications.
For some reason it was the belief of the specification authors that
yet another format of TLV encoding is needed, in addition to the BER-TLV
and COMPREHENSION-TLV used by the very same specifications.
The encoding of the tag is not really specified anywhere, but I've only
seen 16-bit examples. The encoding of the length is specified and
implemented here accordingly.
Change-Id: Ie29ab7eb39f3165f3d695fcc1f02051338095697
Actually, the GSMA eUICC is a kind of derivative of a GlobalPlatform
card, and the ECASD and ISD-R are security domains. As such, we
should make them derived classes of global_platform.CardApplicationSD
which means they inherit some of the shared shell_commands etc.
Change-Id: I660e874d9bcbb8c28a64e4ef82dc53bee97aacfc
We do have an is_hexstr function which we should use anywhere
where we expect the user to input a string of hex digits. This way
we validate the input before running in some random exception.
Change-Id: I6426ea864bec82be60554dd125961a48d7751904
This commit introduces the capability to parse and encode
SimAlliance/TCA "Interoperable Profiles" and apply personalization
operations on them.
Change-Id: I71c252a214a634e1bd6f73472107efe2688ee6d2
This commit introduces
* the osmo-smdpp.py program implementing the main procedures and the
HTTP/REST based ES9+
* python modules for ES8+ and non-volatile RSP Session State storage
* the ASN.1 source files required to parse/encode RSP
* 3GPP test certificates from SGP.26
* an unsigned profile package (UPP) of a SAIP v2.3 TS48 test profile
As I couldn't get the 'Klein' tls support to work, the SM-DP+ code
currently does not support HTTPS/TLS but plan HTTP, so you either have
to modify your LPA to use HTTP instead of HTTPS, or put a TLS proxy in
front.
I have successfully installed an eSIM profile on a test eUICC that
contains certificate/key data within the test CI defined in GSMA SGP.26
Change-Id: I6232847432dc6920cd2bd08c84d7099c29ca1c11
Contrary to {enable,disable}_profile, the delete_profile does not use
the ProfileIdentifier TLV, but directly the Iccid / IsdpAid.
Change-Id: I43e298524048703264e16cbdd0b76d82ba976985
This tool is a replacement for asn1c 'unber' program with a much more
useful/readable output:
* contains hexadecimal raw tag values
* contains hexdump of value, rather than HTML entities in pseudo-XML
Change-Id: I22c1a461ccba04c2c8caaab7ca29ea6ae76e2ea3
This is the protocol used for the ES8+ interface between SM-DP+ and the
eUICC in the GSMA eSIM system.
Change-Id: Ic461936f2e68e1e6f7faab33d06acf3063e261e7
The definitions are not used yet, as one would have to add that
dynamically based on which EF.DIR entries contain the 0x73 discretionary
template. As I don't have any cards implementing this so far, I'll skip
that part.
Change-Id: I532ff2c94021ab1b4520fe2b6988c8960319d208
In smart cards, files/records containing all-ff means they are simply
not used/initialized. Let's avoid raising exceptions when interpreting
0xff as length value and reading less bytes as value.
Change-Id: I09c3cb82063fc094eb047749996a6eceff757ea2
We cannot fully switch to construct for all of it easily due to
the priority value and the ordering/sorting by priority implemented
in the hand-coded version. But we can at least migrate the
encode/decode of the hnet_pubkey_list via construct.
Change-Id: I4ad5ea57bab37c2dc218e7752d538aa4cdc36ee3
If we are reading a file to check if we can skip the write to conserve
writes, don't treat exceptions as fatal. The file may well have the
access mode in a way that permits us to UPDATE but not to READ. Simply
fall-back to unconditional UPDATE in this case.
Change-Id: I7bffdaa7596e63c8f0ab04a3cb3ebe12f137d3a8
this has the advantage of getting the encoder for free (so far we only
had the decoder). While at it, also add some tests data for the unit
tests.
Change-Id: Ifb8caf5cd96706d7fb6b452d6552b115c0828797
It's customary in the SIM card universe to right-pad data with ff bytes.
So far we only test decoders without such padding, which is unrealistic.
Let's also tests the decoders with extra 'ff' padding present.
For some files this doesn't make sense, so we add a _test_no_pad class
attribute that can be spcified to prevent this new "test with ff-padding"
from being executed for the test data of the class.
Change-Id: I7f5cbb4a6f91040fe9adef9da0a1f30f9f156dae
Harald Welte