- gerrit-log - lists.osmocom.org

[M] Change in pysim[master]: personalization: fix SdKey.apply_val() implementation

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40203?usp=email ) Change subject: personalization: fix SdKey.apply_val() implementation ...................................................................... personalization: fix SdKey.apply_val() implementation 'securityDomain' elements are decoded to ProfileElementSD instances, which keep higher level representations of the key data apart from the decoded[] lists. So far, apply_val() was dropping binary values in decoded[], which does not work, because ProfileElementSD._pre_encode() overwrites self.decoded[] from the higher level representation. Implement using - ProfileElementSD.find_key() and SecurityDomainKeyComponent to modify an exsiting entry, or - ProfileElementSD.add_key() to create a new entry. Before this patch, SdKey parameters seemed to patch PES successfully, but their modifications did not end up in the encoded DER. (BTW, this does not fix any other errors that may still be present in the various SdKey subclasses, patches coming up.) Related: SYS#6768 Change-Id: I07dfc378705eba1318e9e8652796cbde106c6a52 --- M pySim/esim/saip/__init__.py M pySim/esim/saip/personalization.py 2 files changed, 41 insertions(+), 27 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/03/40203/1 diff --git a/pySim/esim/saip/__init__.py b/pySim/esim/saip/__init__.py index 21f44ef..0b3d302 100644 --- a/pySim/esim/saip/__init__.py +++ b/pySim/esim/saip/__init__.py @@ -991,6 +991,13 @@ 'keyVersionNumber': bytes([self.key_version_number]), 'keyComponents': [k.to_saip_dict() for k in self.key_components]} + def get_key_component(self, key_type): + for kc in self.key_components: + if kc.key_type == key_type: + return kc.key_data + return None + + class ProfileElementSD(ProfileElement): """Class representing a securityDomain ProfileElement.""" type = 'securityDomain' diff --git a/pySim/esim/saip/personalization.py b/pySim/esim/saip/personalization.py index e3ded68..0eb0671 100644 --- a/pySim/esim/saip/personalization.py +++ b/pySim/esim/saip/personalization.py @@ -24,8 +24,10 @@ from osmocom.tlv import camel_to_snake from osmocom.utils import hexstr from pySim.utils import enc_iccid, dec_iccid, enc_imsi, dec_imsi, h2b, b2h, rpad, sanitize_iccid, all_subclasses_of -from pySim.esim.saip import ProfileElement, ProfileElementSequence from pySim.esim.saip import param_source +from pySim.esim.saip import ProfileElement, ProfileElementSD, ProfileElementSequence +from pySim.esim.saip import SecurityDomainKey, SecurityDomainKeyComponent +from pySim.global_platform import KeyUsageQualifier, KeyType def unrpad(s: hexstr, c='f') -> hexstr: return hexstr(s.rstrip(c)) @@ -498,36 +500,41 @@ default_source = param_source.RandomHexDigitSource @classmethod - def _apply_sd(cls, pe: ProfileElement, value): - assert pe.type == 'securityDomain' - for key in pe.decoded['keyList']: - if key['keyIdentifier'][0] == cls.key_id and key['keyVersionNumber'][0] == cls.kvn: - assert len(key['keyComponents']) == 1 - key['keyComponents'][0]['keyData'] = value - return - # Could not find matching key to patch, create a new one - key = { - 'keyUsageQualifier': bytes([cls.key_usage_qual]), - 'keyIdentifier': bytes([cls.key_id]), - 'keyVersionNumber': bytes([cls.kvn]), - 'keyComponents': [ - { 'keyType': bytes([cls.key_type]), 'keyData': value }, - ] - } - pe.decoded['keyList'].append(key) + def apply_val(cls, pes: ProfileElementSequence, val): + set_components = [ SecurityDomainKeyComponent(cls.key_type, val) ] - @classmethod - def apply_val(cls, pes: ProfileElementSequence, value): - for pe in pes.get_pes_for_type('securityDomain'): - cls._apply_sd(pe, value) + for pe in pes.pe_list: + if pe.type != 'securityDomain': + continue + assert isinstance(pe, ProfileElementSD) + + key = pe.find_key(key_version_number=cls.kvn, key_id=cls.key_id) + if not key: + # Could not find matching key to patch, create a new one + key = SecurityDomainKey( + key_version_number=cls.kvn, + key_id=cls.key_id, + key_usage_qualifier=KeyUsageQualifier.build(cls.key_usage_qual), + key_components=set_components, + ) + pe.add_key(key) + else: + print(f'{key.key_usage_qualifier=!r}') + key.key_components = set_components @classmethod def get_values_from_pes(cls, pes: ProfileElementSequence): - for pe in pes.get_pes_for_type('securityDomain'): - for key in pe.decoded['keyList']: - if key['keyIdentifier'][0] == cls.key_id and key['keyVersionNumber'][0] == cls.kvn: - if len(key['keyComponents']) >= 1: - yield { cls.name: b2h(key['keyComponents'][0]['keyData']) } + for pe in pes.pe_list: + if pe.type != 'securityDomain': + continue + assert isinstance(pe, ProfileElementSD) + + key = pe.find_key(key_version_number=cls.kvn, key_id=cls.key_id) + if not key: + continue + kc = key.get_key_component(cls.key_type) + if kc: + yield { cls.name: b2h(kc) } class SdKeyScp80_01(SdKey): kvn = 0x01 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40203?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I07dfc378705eba1318e9e8652796cbde106c6a52 Gerrit-Change-Number: 40203 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

[M] Change in pysim[master]: personalization: make AlgorithmID a new EnumParam

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40201?usp=email ) Change subject: personalization: make AlgorithmID a new EnumParam ...................................................................... personalization: make AlgorithmID a new EnumParam The AlgorithmID has a few preset values, and hardly anyone knows which is which. So instead of entering '1', '2' or '3', make it work with prededined values 'Milenage', 'TUAK' and 'usim-test'. Implement the enum value part abstractly in new EnumParam. Make AlgorithmID a subclass of EnumParam and define the values as from pySim/esim/asn1/saip/PE_Definitions-3.3.1.asn Related: SYS#6768 Change-Id: I71c2ec1b753c66cb577436944634f32792353240 --- M pySim/esim/saip/personalization.py 1 file changed, 92 insertions(+), 12 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/01/40201/1 diff --git a/pySim/esim/saip/personalization.py b/pySim/esim/saip/personalization.py index 317cac5..1ce420a 100644 --- a/pySim/esim/saip/personalization.py +++ b/pySim/esim/saip/personalization.py @@ -18,6 +18,7 @@ import abc import io import copy +import re from typing import List, Tuple, Generator, Optional from osmocom.tlv import camel_to_snake @@ -338,6 +339,70 @@ return bytes(val) +class EnumParam(ConfigurableParameter): + value_map = { + # For example: + #'Meaningful label for value 23': 0x23, + # Where 0x23 is a valid value to use for apply_val(). + } + _value_map_reverse = None + + @classmethod + def validate_val(cls, val): + orig_val = val + enum_val = None + if isinstance(val, str): + enum_name = val + enum_val = cls.map_name_to_val(enum_name) + + # if the str is not one of the known value_map.keys(), is it maybe one of value_map.keys()? + if enum_val is None and val in cls.value_map.values(): + enum_val = val + + if enum_val not in cls.value_map.values(): + raise ValueError(f"{cls.get_name()}: invalid argument: {orig_val!r}. Valid arguments are:" + f" {', '.join(cls.value_map.keys())}") + + return enum_val + + @classmethod + def map_name_to_val(cls, name:str, strict=True): + val = cls.value_map.get(name) + if val is not None: + return val + + clean_name = cls.clean_name_str(name) + for k, v in cls.value_map.items(): + if clean_name == cls.clean_name_str(k): + return v + + if strict: + raise ValueError(f"Problem in {cls.get_name()}: {name!r} is not a known value." + f" Known values are: {cls.value_map.keys()!r}") + return None + + @classmethod + def map_val_to_name(cls, val, strict=False) -> str: + if cls._value_map_reverse is None: + cls._value_map_reverse = dict((v, k) for k, v in cls.value_map.items()) + + name = cls._value_map_reverse.get(val) + if name: + return name + if strict: + raise ValueError(f"Problem in {cls.get_name()}: {val!r} ({type(val)}) is not a known value." + f" Known values are: {cls.value_map.values()!r}") + return None + + @classmethod + def name_normalize(cls, name:str) -> str: + return cls.map_val_to_name(cls.map_name_to_val(name)) + + @classmethod + def clean_name_str(cls, val): + return re.sub('[^0-9A-Za-z-_]', '', val).lower() + + class Iccid(DecimalParam): """ICCID Parameter. Input: string of decimal digits. If the string of digits is only 18 digits long, add a Luhn check digit.""" @@ -714,22 +779,37 @@ # if it is an int (algorithmID), just pass thru as int yield { cls.name: val } - -class AlgorithmID(DecimalParam, AlgoConfig): +class AlgorithmID(EnumParam, AlgoConfig): + '''use validate_val() from EnumParam, and apply_val() from AlgoConfig. + In get_values_from_pes(), return enum value names, not raw values.''' is_abstract = False - algo_config_key = 'algorithmID' - allow_len = 1 - default_value = 1 # Milenage + name = "Algorithm" + + # as in pySim/esim/asn1/saip/PE_Definitions-3.3.1.asn + value_map = { + "Milenage" : 1, + "TUAK" : 2, + "usim-test" : 3, + } + default_value = "Milenage" default_source = param_source.ConstantSource + algo_config_key = 'algorithmID' + + # EnumParam.validate_val() returns the int values from value_map + @classmethod - def validate_val(cls, val): - val = super().validate_val(val) - val = int(val) - valid = (1, 2, 3) - if val not in valid: - raise ValueError(f'Invalid algorithmID {val!r}, must be one of {valid}') - return val + def get_values_from_pes(cls, pes: ProfileElementSequence): + # return enum names, not raw values. + # use of super(): this intends to call AlgoConfig.get_values_from_pes() so that the cls argument is this cls + # here (AlgorithmID); i.e. AlgoConfig.get_values_from_pes(pes) doesn't work, because AlgoConfig needs to look up + # cls.algo_config_key. + for d in super(cls, cls).get_values_from_pes(pes): + if cls.name in d: + # convert int to value string + val = d[cls.name] + d[cls.name] = cls.map_val_to_name(val, strict=True) + yield d class K(BinaryParam, AlgoConfig): -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40201?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I71c2ec1b753c66cb577436944634f32792353240 Gerrit-Change-Number: 40201 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

[S] Change in pysim[master]: personalization: add get_typical_input_len() to ConfigurableParameter

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40202?usp=email ) Change subject: personalization: add get_typical_input_len() to ConfigurableParameter ...................................................................... personalization: add get_typical_input_len() to ConfigurableParameter The aim is to tell a user interface how wide an input text field should be chosen to be convenient -- ideally showing the entire value in all cases, but not too huge for fields that have no sane size limit. Change-Id: I2568a032167a10517d4d75d8076a747be6e21890 --- M pySim/esim/saip/personalization.py 1 file changed, 18 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/02/40202/1 diff --git a/pySim/esim/saip/personalization.py b/pySim/esim/saip/personalization.py index 1ce420a..e3ded68 100644 --- a/pySim/esim/saip/personalization.py +++ b/pySim/esim/saip/personalization.py @@ -259,6 +259,14 @@ return (min(vals), max(vals)) @classmethod + def get_typical_input_len(cls): + '''return a good length to use as the visible width of a user interface input field. + May be overridden by subclasses. + This default implementation returns the maximum allowed value length -- a good fit for most subclasses. + ''' + return cls.get_len_range()[1] or 16 + + @classmethod def get_all_implementations(cls, blacklist=None, allow_abstract=False): # return a set() so that multiple inheritance does not return dups return set(c @@ -267,7 +275,6 @@ and ((not blacklist) or (c not in blacklist))) ) - class DecimalParam(ConfigurableParameter): """Decimal digits. The input value may be a string of decimal digits like '012345', or an int. The output of validate_val() is a string with only decimal digits 0-9, in the required length with leading zeros if necessary. @@ -338,6 +345,16 @@ val = super().validate_val(val) return bytes(val) + @classmethod + def get_typical_input_len(cls): + # override to return twice the length, because of hex digits. + min_len, max_len = cls.get_len_range() + if max_len is None: + return None + # two hex characters per value octet. + # (maybe *3 to also allow for spaces?) + return max_len * 2 + class EnumParam(ConfigurableParameter): value_map = { -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40202?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I2568a032167a10517d4d75d8076a747be6e21890 Gerrit-Change-Number: 40202 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

[XS] Change in pysim[master]: comment in uicc.py on Security Domain Keys: add SCP81

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40204?usp=email ) Change subject: comment in uicc.py on Security Domain Keys: add SCP81 ...................................................................... comment in uicc.py on Security Domain Keys: add SCP81 Change-Id: Ib0205880f58e78c07688b4637abd5f67ea0570d1 --- M pySim/global_platform/uicc.py 1 file changed, 1 insertion(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/04/40204/1 diff --git a/pySim/global_platform/uicc.py b/pySim/global_platform/uicc.py index 97c0df0..98b76c6 100644 --- a/pySim/global_platform/uicc.py +++ b/pySim/global_platform/uicc.py @@ -91,6 +91,7 @@ # Key Usage: # KVN 0x01 .. 0x0F reserved for SCP80 +# KVN 0x81 .. 0x8f reserved for SCP81 # KVN 0x11 reserved for DAP specified in ETSI TS 102 226 # KVN 0x20 .. 0x2F reserved for SCP02 # KID 0x01 = ENC; 0x02 = MAC; 0x03 = DEK -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40204?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Ib0205880f58e78c07688b4637abd5f67ea0570d1 Gerrit-Change-Number: 40204 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

[XS] Change in pysim[master]: esim param_source: add is_abstract flag

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40206?usp=email ) Change subject: esim param_source: add is_abstract flag ...................................................................... esim param_source: add is_abstract flag Allow omitting some ParamSource subclassed from ParamSource.get_all_implementations(). My previous attempts at automagically detecting abstract classes failed conceptually, and the easiest, most explicit way is alrady used in ConfigurableParameter: add an is_abstract flag. Prep for Ie7171c152a7b478736f8825050305606b5af5735 Change-Id: Icfccdd0a8ecb5e0e9d22afa490d73c9f1849a64c --- M pySim/esim/saip/param_source.py 1 file changed, 7 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/06/40206/1 diff --git a/pySim/esim/saip/param_source.py b/pySim/esim/saip/param_source.py index ffb03b2..407882d 100644 --- a/pySim/esim/saip/param_source.py +++ b/pySim/esim/saip/param_source.py @@ -31,6 +31,7 @@ class ParamSource: 'abstract parameter source' + is_abstract = True # This name should be short but descriptive, useful for a user interface, like 'random decimal digits'. name = 'none' @@ -41,7 +42,7 @@ # return a set() so that multiple inheritance does not return dups return set(c for c in all_subclasses_of(cls) - if ((not blacklist) or (c not in blacklist)) + if (not c.is_abstract) and ((not blacklist) or (c not in blacklist)) ) @classmethod @@ -60,6 +61,7 @@ class ConstantSource(ParamSource): 'one value for all' + is_abstract = False name = 'constant' def __init__(self, val:str): @@ -70,6 +72,7 @@ class RandomDigitSource(ParamSource): 'return a different sequence of random decimal digits each' + is_abstract = False name = 'random decimal digits' def __init__(self, num_digits, first_value, last_value): @@ -109,6 +112,7 @@ class RandomHexDigitSource(ParamSource): 'return a different sequence of random hexadecimal digits each' + is_abstract = False name = 'random hexadecimal digits' def __init__(self, num_digits): @@ -131,6 +135,7 @@ class IncDigitSource(RandomDigitSource): 'incrementing sequence of digits' + is_abstract = False name = 'incrementing decimal digits' def __init__(self, *args, **kwargs): @@ -160,6 +165,7 @@ class CsvSource(ParamSource): 'apply a column from a CSV row, as passed in to ParamSource.get_next(csv_row)' + is_abstract = False name = 'from CSV' def __init__(self, csv_column): -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40206?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Icfccdd0a8ecb5e0e9d22afa490d73c9f1849a64c Gerrit-Change-Number: 40206 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

[S] Change in pysim[master]: param_source: allow input val expansion like '0 * 32'

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40207?usp=email ) Change subject: param_source: allow input val expansion like '0 * 32' ...................................................................... param_source: allow input val expansion like '0 * 32' Working with keys, we often generate 4, 8, 16, 32 digit wide random values. Those then typically have default input values like 00000000000000000000000000000000 it is hard for humans to count the number of digits. Much easier: 00*16 Teach the ParamSource subclasses dealing with random values to understand an expansion like this. Any expansion is carried out before all other input value handling. Use this expansion also in the default_value of ConfigurableParameter subclasses that have a default_source pointing at a ParamSource that now understand this expansion. Related: SYS#6768 Change-Id: Ie7171c152a7b478736f8825050305606b5af5735 --- M pySim/esim/saip/param_source.py M pySim/esim/saip/personalization.py 2 files changed, 33 insertions(+), 8 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/07/40207/1 diff --git a/pySim/esim/saip/param_source.py b/pySim/esim/saip/param_source.py index 407882d..7a039a3 100644 --- a/pySim/esim/saip/param_source.py +++ b/pySim/esim/saip/param_source.py @@ -18,6 +18,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import random +import re from pySim.utils import all_subclasses_of class ParamSourceExn(Exception): @@ -70,7 +71,28 @@ def get_next(self, csv_row:dict=None): return self.val -class RandomDigitSource(ParamSource): +class InputExpandingParamSource(ParamSource): + + @classmethod + def expand_str(cls, s:str): + # user convenience syntax '0*32' becomes '00000000000000000000000000000000' + if '*' not in s: + return s + tokens = re.split(r"([^ \t]+)[ \t]*\*[ \t]*([0-9]+)", s) + if len(tokens) < 3: + return s + parts = [] + for unchanged, snippet, repeat_str in zip(tokens[0::3], tokens[1::3], tokens[2::3]): + parts.append(unchanged) + repeat = int(repeat_str) + parts.append(snippet * repeat) + return ''.join(parts) + + @classmethod + def from_str(cls, s:str): + return cls(cls.expand_str(s)) + +class RandomDigitSource(InputExpandingParamSource): 'return a different sequence of random decimal digits each' is_abstract = False name = 'random decimal digits' @@ -98,6 +120,8 @@ @classmethod def from_str(cls, s:str): + s = cls.expand_str(s) + if '..' in s: first_str, last_str = s.split('..') first_str = first_str.strip() @@ -110,7 +134,7 @@ last_value = int(last_str) if last_str is not None else '9' * len(first_str) return cls(num_digits=len(first_str), first_value=first_value, last_value=last_value) -class RandomHexDigitSource(ParamSource): +class RandomHexDigitSource(InputExpandingParamSource): 'return a different sequence of random hexadecimal digits each' is_abstract = False name = 'random hexadecimal digits' @@ -131,6 +155,7 @@ @classmethod def from_str(cls, s:str): + s = cls.expand_str(s) return cls(num_digits=len(s.strip())) class IncDigitSource(RandomDigitSource): diff --git a/pySim/esim/saip/personalization.py b/pySim/esim/saip/personalization.py index 78ea5a8..7217af3 100644 --- a/pySim/esim/saip/personalization.py +++ b/pySim/esim/saip/personalization.py @@ -429,7 +429,7 @@ name = 'ICCID' min_len = 18 max_len = 20 - default_value = '0' * 18 + default_value = '0*18' default_source = param_source.IncDigitSource @classmethod @@ -581,7 +581,7 @@ class SdKeyAes(SdKey): key_type = KeyType.aes allow_len = (16,24,32) - default_value = '00' * 32 + default_value = '00*32' class SdKeyScp80(SdKeyAes): @@ -868,7 +868,7 @@ allow_len = 8 rpad = 16 keyReference = None - default_value = '0' * allow_len + default_value = f'0*{allow_len}' default_source = param_source.RandomDigitSource @classmethod @@ -906,7 +906,7 @@ rpad = 16 min_len = 4 max_len = 8 - default_value = '0' * max_len + default_value = f'0*{max_len}' default_source = param_source.RandomDigitSource keyReference = None @@ -947,7 +947,7 @@ class Pin1(Pin): is_abstract = False name = 'PIN1' - default_value = '0' * 4 # PIN are usually 4 digits + default_value = '0*4' # PIN are usually 4 digits keyReference = 0x01 class Pin2(Pin1): @@ -1052,7 +1052,7 @@ name = 'K' algo_config_key = 'key' allow_len = int(128/8) # length in bytes (from BinaryParam) - default_value = '00' * allow_len + default_value = f'00*{allow_len}' default_source = param_source.RandomHexDigitSource class Opc(K): -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40207?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Ie7171c152a7b478736f8825050305606b5af5735 Gerrit-Change-Number: 40207 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

[L] Change in pysim[master]: personalization: make sense of SdKey subclasses

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40205?usp=email ) Change subject: personalization: make sense of SdKey subclasses ...................................................................... personalization: make sense of SdKey subclasses After a call with Harald, I think I finally understand what SdKey subclasses we need. Change-Id: I8c9e6095e200103d2e1779964be06fff63c5cebf --- M pySim/esim/saip/personalization.py M tests/unittests/test_esim_saip.py 2 files changed, 304 insertions(+), 56 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/05/40205/1 diff --git a/pySim/esim/saip/personalization.py b/pySim/esim/saip/personalization.py index 0eb0671..78ea5a8 100644 --- a/pySim/esim/saip/personalization.py +++ b/pySim/esim/saip/personalization.py @@ -494,8 +494,9 @@ """Configurable Security Domain (SD) Key. Value is presented as bytes.""" # these will be set by subclasses key_type = None - key_id = None kvn = None + reserved_kvn = tuple() # tuple of all reserved kvn for a given SCPxx + key_id = None key_usage_qual = None default_source = param_source.RandomHexDigitSource @@ -514,7 +515,7 @@ key = SecurityDomainKey( key_version_number=cls.kvn, key_id=cls.key_id, - key_usage_qualifier=KeyUsageQualifier.build(cls.key_usage_qual), + key_usage_qualifier=cls.key_usage_qual, key_components=set_components, ) pe.add_key(key) @@ -536,106 +537,315 @@ if kc: yield { cls.name: b2h(kc) } -class SdKeyScp80_01(SdKey): +# Offer these Security Domain Keys: +# +# security domain | reserved KVN range +# ---------------------------- +# SCP80 | 0x01 .. 0x0f +# SCP81 | 0x81 .. 0x8f +# SCP02 | 0x20 .. 0x2f, 0xff +# SCP03 | 0x30 .. 0x3f +# +# The KVN allows adding multiple security domains of the same type. +# +# Also, for each security domain, there are three keys: ENC, MAC and DEK, indicated by key_id. +# key | alternate name | key_id | key_usage_qual +#----------------------------------------------- +# ENC | KIC | 0x01 | 0x18 +# MAC | KID | 0x02 | 0x14 +# DEK | KIK | 0x03 | 0x48 +# +# For each, offer a couple of separate SdKey subclasses, only partially covering the reserved KVN range. For KVN, again +# a separate subclass for eack key_id for ENC, MAC and DEK. +# +# All of these are AES keys. +# +# For example, for SCP80 we have: +# SdKeyAes +# SdKeyScp80Kvn01 +# SdKeyScp80Kvn01Enc +# SdKeyScp80Kvn01Mac +# SdKeyScp80Kvn01Dek +# SdKeyScp80Kvn02 +# SdKeyScp80Kvn02Enc +# SdKeyScp80Kvn02Mac +# SdKeyScp80Kvn02Dek +# SdKeyScp80Kvn03 +# SdKeyScp80Kvn03Enc +# SdKeyScp80Kvn03Mac +# SdKeyScp80Kvn03Dek +# +# (Only the leaf nodes with ...Enc/Mac/Dek are returned by +# ConfigurableParameter.get_all_implementations(allow_abstract=False)) + +class SdKeyAes(SdKey): + key_type = KeyType.aes + allow_len = (16,24,32) + default_value = '00' * 32 + + +class SdKeyScp80(SdKeyAes): + name = 'SCP80' + reserved_kvn = tuple(range(0x01, 0x0f + 1)) + +class SdKeyScp80Kvn01(SdKeyScp80): + name = 'SCP80 KVN01' kvn = 0x01 - key_type = 0x88 # AES key type - allow_len = (16,24,32) - -class SdKeyScp80_01Kic(SdKeyScp80_01): +class SdKeyScp80Kvn01Enc(SdKeyScp80Kvn01): + is_abstract = False + name = SdKeyScp80Kvn01.name + ' ENC' key_id = 0x01 - key_usage_qual = 0x18 # FIXME: ordering? - -class SdKeyScp80_01Kid(SdKeyScp80_01): + key_usage_qual = 0x18 +class SdKeyScp80Kvn01Mac(SdKeyScp80Kvn01): + is_abstract = False + name = SdKeyScp80Kvn01.name + ' MAC' key_id = 0x02 key_usage_qual = 0x14 +class SdKeyScp80Kvn01Dek(SdKeyScp80Kvn01): + is_abstract = False + name = SdKeyScp80Kvn01.name + ' DEK' + key_id = 0x03 + key_usage_qual = 0x48 -class SdKeyScp80_01Kik(SdKeyScp80_01): +class SdKeyScp80Kvn02(SdKeyScp80): + name = 'SCP80 KVN02' + kvn = 0x02 +class SdKeyScp80Kvn02Enc(SdKeyScp80Kvn02): + is_abstract = False + name = SdKeyScp80Kvn02.name + ' ENC' + key_id = 0x01 + key_usage_qual = 0x18 +class SdKeyScp80Kvn02Mac(SdKeyScp80Kvn02): + is_abstract = False + name = SdKeyScp80Kvn02.name + ' MAC' + key_id = 0x02 + key_usage_qual = 0x14 +class SdKeyScp80Kvn02Dek(SdKeyScp80Kvn02): + is_abstract = False + name = SdKeyScp80Kvn02.name + ' DEK' + key_id = 0x03 + key_usage_qual = 0x48 + +class SdKeyScp80Kvn03(SdKeyScp80): + name = 'SCP80 KVN03' + kvn = 0x03 +class SdKeyScp80Kvn03Enc(SdKeyScp80Kvn03): + is_abstract = False + name = SdKeyScp80Kvn03.name + ' ENC' + key_id = 0x01 + key_usage_qual = 0x18 +class SdKeyScp80Kvn03Mac(SdKeyScp80Kvn03): + is_abstract = False + name = SdKeyScp80Kvn03.name + ' MAC' + key_id = 0x02 + key_usage_qual = 0x14 +class SdKeyScp80Kvn03Dek(SdKeyScp80Kvn03): + is_abstract = False + name = SdKeyScp80Kvn03.name + ' DEK' key_id = 0x03 key_usage_qual = 0x48 -class SdKeyScp81_01(SdKey): - kvn = 0x81 # FIXME +class SdKeyScp81(SdKeyAes): + name = 'SCP81' + reserved_kvn = tuple(range(0x81, 0x8f + 1)) -class SdKeyScp81_01Psk(SdKeyScp81_01): +class SdKeyScp81Kvn81(SdKeyScp81): + name = 'SCP81 KVN81' + kvn = 0x81 +class SdKeyScp81Kvn81Enc(SdKeyScp81Kvn81): + is_abstract = False + name = SdKeyScp81Kvn81.name + ' ENC' key_id = 0x01 - key_type = 0x85 - key_usage_qual = 0x3C - -class SdKeyScp81_01Dek(SdKeyScp81_01): + key_usage_qual = 0x18 +class SdKeyScp81Kvn81Mac(SdKeyScp81Kvn81): + is_abstract = False + name = SdKeyScp81Kvn81.name + ' MAC' key_id = 0x02 - key_type = 0x88 + key_usage_qual = 0x14 +class SdKeyScp81Kvn81Dek(SdKeyScp81Kvn81): + is_abstract = False + name = SdKeyScp81Kvn81.name + ' DEK' + key_id = 0x03 + key_usage_qual = 0x48 + +class SdKeyScp81Kvn82(SdKeyScp81): + name = 'SCP81 KVN82' + kvn = 0x82 +class SdKeyScp81Kvn82Enc(SdKeyScp81Kvn82): + is_abstract = False + name = SdKeyScp81Kvn82.name + ' ENC' + key_id = 0x01 + key_usage_qual = 0x18 +class SdKeyScp81Kvn82Mac(SdKeyScp81Kvn82): + is_abstract = False + name = SdKeyScp81Kvn82.name + ' MAC' + key_id = 0x02 + key_usage_qual = 0x14 +class SdKeyScp81Kvn82Dek(SdKeyScp81Kvn82): + is_abstract = False + name = SdKeyScp81Kvn82.name + ' DEK' + key_id = 0x03 + key_usage_qual = 0x48 + +class SdKeyScp81Kvn83(SdKeyScp81): + name = 'SCP81 KVN83' + kvn = 0x83 +class SdKeyScp81Kvn83Enc(SdKeyScp81Kvn83): + is_abstract = False + name = SdKeyScp81Kvn83.name + ' ENC' + key_id = 0x01 + key_usage_qual = 0x18 +class SdKeyScp81Kvn83Mac(SdKeyScp81Kvn83): + is_abstract = False + name = SdKeyScp81Kvn83.name + ' MAC' + key_id = 0x02 + key_usage_qual = 0x14 +class SdKeyScp81Kvn83Dek(SdKeyScp81Kvn83): + is_abstract = False + name = SdKeyScp81Kvn83.name + ' DEK' + key_id = 0x03 key_usage_qual = 0x48 -class SdKeyScp02_20(SdKey): +class SdKeyScp02(SdKeyAes): + name = 'SCP02' + reserved_kvn = tuple(range(0x20, 0x2f + 1)) + (0xff, ) +class SdKeyScp02Kvn20(SdKeyScp02): + name = 'SCP02 20' kvn = 0x20 - key_type = 0x88 # AES key type - allow_len = (16,24,32) - -class SdKeyScp02_20Enc(SdKeyScp02_20): +class SdKeyScp02Kvn20Enc(SdKeyScp02Kvn20): + is_abstract = False + name = SdKeyScp02Kvn20.name + ' ENC' key_id = 0x01 key_usage_qual = 0x18 - -class SdKeyScp02_20Mac(SdKeyScp02_20): +class SdKeyScp02Kvn20Mac(SdKeyScp02Kvn20): + is_abstract = False + name = SdKeyScp02Kvn20.name + ' MAC' key_id = 0x02 key_usage_qual = 0x14 +class SdKeyScp02Kvn20Dek(SdKeyScp02Kvn20): + is_abstract = False + name = SdKeyScp02Kvn20.name + ' DEK' + key_id = 0x03 + key_usage_qual = 0x48 -class SdKeyScp02_20Dek(SdKeyScp02_20): +class SdKeyScp02Kvn21(SdKeyScp02): + name = 'SCP02 21' + kvn = 0x21 +class SdKeyScp02Kvn21Enc(SdKeyScp02Kvn21): + is_abstract = False + name = SdKeyScp02Kvn21.name + ' ENC' + key_id = 0x01 + key_usage_qual = 0x18 +class SdKeyScp02Kvn21Mac(SdKeyScp02Kvn21): + is_abstract = False + name = SdKeyScp02Kvn21.name + ' MAC' + key_id = 0x02 + key_usage_qual = 0x14 +class SdKeyScp02Kvn21Dek(SdKeyScp02Kvn21): + is_abstract = False + name = SdKeyScp02Kvn21.name + ' DEK' + key_id = 0x03 + key_usage_qual = 0x48 + +class SdKeyScp02Kvn22(SdKeyScp02): + name = 'SCP02 22' + kvn = 0x22 +class SdKeyScp02Kvn22Enc(SdKeyScp02Kvn22): + is_abstract = False + name = SdKeyScp02Kvn22.name + ' ENC' + key_id = 0x01 + key_usage_qual = 0x18 +class SdKeyScp02Kvn22Mac(SdKeyScp02Kvn22): + is_abstract = False + name = SdKeyScp02Kvn22.name + ' MAC' + key_id = 0x02 + key_usage_qual = 0x14 +class SdKeyScp02Kvn22Dek(SdKeyScp02Kvn22): + is_abstract = False + name = SdKeyScp02Kvn22.name + ' DEK' + key_id = 0x03 + key_usage_qual = 0x48 + +class SdKeyScp02Kvnff(SdKeyScp02): + name = 'SCP02 ff' + kvn = 0xff +class SdKeyScp02KvnffEnc(SdKeyScp02Kvnff): + is_abstract = False + name = SdKeyScp02Kvnff.name + ' ENC' + key_id = 0x01 + key_usage_qual = 0x18 +class SdKeyScp02KvnffMac(SdKeyScp02Kvnff): + is_abstract = False + name = SdKeyScp02Kvnff.name + ' MAC' + key_id = 0x02 + key_usage_qual = 0x14 +class SdKeyScp02KvnffDek(SdKeyScp02Kvnff): + is_abstract = False + name = SdKeyScp02Kvnff.name + ' DEK' key_id = 0x03 key_usage_qual = 0x48 -class SdKeyScp03_30(SdKey): +class SdKeyScp03(SdKeyAes): + name = 'SCP03 30' + reserved_kvn = tuple(range(0x30, 0x3f + 1)) + +class SdKeyScp03Kvn30(SdKeyScp03): + name = 'SCP03 30' kvn = 0x30 - key_type = 0x88 # AES key type - allow_len = (16,24,32) - -class SdKeyScp03_30Enc(SdKeyScp03_30): +class SdKeyScp03Kvn30Enc(SdKeyScp03Kvn30): + is_abstract = False + name = SdKeyScp03Kvn30.name + ' ENC' key_id = 0x01 key_usage_qual = 0x18 - -class SdKeyScp03_30Mac(SdKeyScp03_30): +class SdKeyScp03Kvn30Mac(SdKeyScp03Kvn30): + is_abstract = False + name = SdKeyScp03Kvn30.name + ' MAC' key_id = 0x02 key_usage_qual = 0x14 - -class SdKeyScp03_30Dek(SdKeyScp03_30): +class SdKeyScp03Kvn30Dek(SdKeyScp03Kvn30): + is_abstract = False + name = SdKeyScp03Kvn30.name + ' DEK' key_id = 0x03 key_usage_qual = 0x48 - -class SdKeyScp03_31(SdKey): +class SdKeyScp03Kvn31(SdKeyScp03): + name = 'SCP03 31' kvn = 0x31 - key_type = 0x88 # AES key type - allow_len = (16,24,32) - -class SdKeyScp03_31Enc(SdKeyScp03_31): +class SdKeyScp03Kvn31Enc(SdKeyScp03Kvn31): + is_abstract = False + name = SdKeyScp03Kvn31.name + ' ENC' key_id = 0x01 key_usage_qual = 0x18 - -class SdKeyScp03_31Mac(SdKeyScp03_31): +class SdKeyScp03Kvn31Mac(SdKeyScp03Kvn31): + is_abstract = False + name = SdKeyScp03Kvn31.name + ' MAC' key_id = 0x02 key_usage_qual = 0x14 - -class SdKeyScp03_31Dek(SdKeyScp03_31): +class SdKeyScp03Kvn31Dek(SdKeyScp03Kvn31): + is_abstract = False + name = SdKeyScp03Kvn31.name + ' DEK' key_id = 0x03 key_usage_qual = 0x48 - -class SdKeyScp03_32(SdKey): +class SdKeyScp03Kvn32(SdKeyScp03): + name = 'SCP03 32' kvn = 0x32 - key_type = 0x88 # AES key type - allow_len = (16,24,32) - -class SdKeyScp03_32Enc(SdKeyScp03_32): +class SdKeyScp03Kvn32Enc(SdKeyScp03Kvn32): + is_abstract = False + name = SdKeyScp03Kvn32.name + ' ENC' key_id = 0x01 key_usage_qual = 0x18 - -class SdKeyScp03_32Mac(SdKeyScp03_32): +class SdKeyScp03Kvn32Mac(SdKeyScp03Kvn32): + is_abstract = False + name = SdKeyScp03Kvn32.name + ' MAC' key_id = 0x02 key_usage_qual = 0x14 - -class SdKeyScp03_32Dek(SdKeyScp03_32): +class SdKeyScp03Kvn32Dek(SdKeyScp03Kvn32): + is_abstract = False + name = SdKeyScp03Kvn32.name + ' DEK' key_id = 0x03 key_usage_qual = 0x48 diff --git a/tests/unittests/test_esim_saip.py b/tests/unittests/test_esim_saip.py index e7e324d..6c2cdd1 100755 --- a/tests/unittests/test_esim_saip.py +++ b/tests/unittests/test_esim_saip.py @@ -63,6 +63,44 @@ # TODO: we don't actually test the results here, but we just verify there is no exception pes.to_der() + def test_personalization2(self): + """Test some of the personalization operations.""" + pes = ProfileElementSequence.from_der(self.per_input) + prev_val = set(SdKeyScp80_01Kic.get_values_from_pes(pes)) + print(f'{prev_val=}') + self.assertTrue(prev_val) + + set_val = '42342342342342342342342342342342' + param = SdKeyScp80_01Kic(set_val) + param.validate() + param.apply(pes) + + get_val1 = set(SdKeyScp80_01Kic.get_values_from_pes(pes)) + print(f'{get_val1=} {set_val=}') + self.assertEqual(get_val1, set((set_val,))) + + get_val1b = set(SdKeyScp80_01Kic.get_values_from_pes(pes)) + print(f'{get_val1b=} {set_val=}') + self.assertEqual(get_val1b, set((set_val,))) + + print("HELLOO") + der = pes.to_der() + print("DONEDONE") + + get_val1c = set(SdKeyScp80_01Kic.get_values_from_pes(pes)) + print(f'{get_val1c=} {set_val=}') + self.assertEqual(get_val1c, set((set_val,))) + + # assertTrue to not dump the entire der. + # Expecting the modified DER to be different. If this assertion fails, then no change has happened in the output + # DER and the ConfigurableParameter subclass is buggy. + self.assertTrue(der != self.per_input) + + pes2 = ProfileElementSequence.from_der(der) + get_val2 = set(SdKeyScp80_01Kic.get_values_from_pes(pes2)) + print(f'{get_val2=} {set_val=}') + self.assertEqual(get_val2, set((set_val,))) + def test_constructor_encode(self): """Test that DER-encoding of PE created by "empty" constructor works without raising exception.""" for cls in [ProfileElementMF, ProfileElementPuk, ProfileElementPin, ProfileElementTelecom, -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40205?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I8c9e6095e200103d2e1779964be06fff63c5cebf Gerrit-Change-Number: 40205 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

[S] Change in pysim[master]: personalization: allow reading back multiple values from PES

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40199?usp=email ) Change subject: personalization: allow reading back multiple values from PES ...................................................................... personalization: allow reading back multiple values from PES Change-Id: Iecb68af7c216c6b9dc3add469564416b6f37f7b2 --- M pySim/esim/saip/personalization.py 1 file changed, 26 insertions(+), 18 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/99/40199/1 diff --git a/pySim/esim/saip/personalization.py b/pySim/esim/saip/personalization.py index ca37e3a..34d7df9 100644 --- a/pySim/esim/saip/personalization.py +++ b/pySim/esim/saip/personalization.py @@ -216,26 +216,24 @@ @classmethod def get_values_from_pes(cls, pes: ProfileElementSequence) -> Generator: - '''This is what subclasses implement: yield all values from a decoded profile package. + """This is what subclasses implement: yield all values from a decoded profile package. Find all values in the pes, and yield them decoded to a valid cls.input_value format. Should be a generator function, i.e. use 'yield' instead of 'return'. - Usage example: + Yielded value must be a dict(). Usually, an implementation will return only one key, like - cls = esim.saip.personalization.Iccid - # use a set() to get a list of unique values from all results - vals = set( cls.get_values_from_pes(pes) ) - if len(vals) != 1: - raise ValueError(f'{cls.name}: need exactly one value, got {vals}') - # the set contains a single value, return it - return vals.pop() + { "ICCID": "1234567890123456789" } + + Some implementations have more than one value to return, like + + { "IMSI": "00101012345678", "IMSI-ACC" : "5" } Implementation example: for pe in pes: if my_condition(pe): - yield b2h(my_bin_value_from(pe)) - ''' + yield { cls.name: b2h(my_bin_value_from(pe)) } + """ pass @classmethod @@ -364,12 +362,12 @@ def get_values_from_pes(cls, pes: ProfileElementSequence): padded = b2h(pes.get_pe_for_type('header').decoded['iccid']) iccid = unrpad(padded) - yield iccid + yield { cls.name: iccid } for pe in pes.get_pes_for_type('mf'): iccid_pe = pe.decoded.get('ef-iccid', None) if iccid_pe: - yield dec_iccid(b2h(file_tuples_content_as_bytes(iccid_pe))) + yield { cls.name: dec_iccid(b2h(file_tuples_content_as_bytes(iccid_pe))) } class Imsi(DecimalParam): """Configurable IMSI. Expects value to be a string of digits. Automatically sets the ACC to @@ -396,8 +394,13 @@ def get_values_from_pes(cls, pes: ProfileElementSequence): for pe in pes.get_pes_for_type('usim'): imsi_pe = pe.decoded.get('ef-imsi', None) + acc_pe = pe.decoded.get('ef-acc', None) + y = {} if imsi_pe: - yield dec_imsi(b2h(file_tuples_content_as_bytes(imsi_pe))) + y[cls.name] = dec_imsi(b2h(file_tuples_content_as_bytes(imsi_pe))) + if acc_pe: + y[cls.name + '-ACC'] = b2h(file_tuples_content_as_bytes(acc_pe)) + yield y class SdKey(BinaryParam): @@ -438,7 +441,7 @@ for key in pe.decoded['keyList']: if key['keyIdentifier'][0] == cls.key_id and key['keyVersionNumber'][0] == cls.kvn: if len(key['keyComponents']) >= 1: - yield b2h(key['keyComponents'][0]['keyData']) + yield { cls.name: b2h(key['keyComponents'][0]['keyData']) } class SdKeyScp80_01(SdKey): kvn = 0x01 @@ -582,7 +585,7 @@ for pukCodes in obtain_all_pe_from_pelist(mf_pes, 'pukCodes'): for pukCode in pukCodes.decoded['pukCodes']: if pukCode['keyReference'] == cls.keyReference: - yield cls.decimal_hex_to_str(pukCode['pukValue']) + yield { cls.name: cls.decimal_hex_to_str(pukCode['pukValue']) } class Puk1(Puk): is_abstract = False @@ -623,13 +626,14 @@ @classmethod def _read_all_pinvalues_from_pe(cls, pe: ProfileElement): + "This is a separate function because subclasses may feed different pe arguments." for pinCodes in obtain_all_pe_from_pelist(pe, 'pinCodes'): if pinCodes.decoded['pinCodes'][0] != 'pinconfig': continue for pinCode in pinCodes.decoded['pinCodes'][1]: if pinCode['keyReference'] == cls.keyReference: - yield cls.decimal_hex_to_str(pinCode['pinValue']) + yield { cls.name: cls.decimal_hex_to_str(pinCode['pinValue']) } @classmethod def get_values_from_pes(cls, pes: ProfileElementSequence): @@ -698,7 +702,11 @@ algoConfiguration = pe.decoded['algoConfiguration'] if algoConfiguration[0] != 'algoParameter': continue - yield algoConfiguration[1][cls.algo_config_key] + val = algoConfiguration[1][cls.algo_config_key] + if isinstance(val, bytes): + val = b2h(val) + # if it is an int (algorithmID), just pass thru as int + yield { cls.name: val } class AlgorithmID(DecimalParam, AlgoConfig): -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40199?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Iecb68af7c216c6b9dc3add469564416b6f37f7b2 Gerrit-Change-Number: 40199 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

[M] Change in pysim[master]: personalization: implement reading back values from a PES

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40198?usp=email ) Change subject: personalization: implement reading back values from a PES ...................................................................... personalization: implement reading back values from a PES Implement get_values_from_pes(), the reverse direction of apply_val(): read back and return values from a ProfileElementSequence. Implement for all ConfigurableParameter subclasses. Future: SdKey.get_values_from_pes() is reading pe.decoded[], which works fine, but I07dfc378705eba1318e9e8652796cbde106c6a52 will change this implementation to use the higher level ProfileElementSD members. Implementation detail: Implement get_values_from_pes() as classmethod that returns a generator. Subclasses should yield all occurences of their parameter in a given PES. For example, the ICCID can appear in multiple places. Iccid.get_values_from_pes() yields all of the individual values. A set() of the results quickly tells whether the PES is consistent. Rationales for reading back values: This allows auditing an eSIM profile, particularly for producing an output.csv from a batch personalization (that generated lots of random key material which now needs to be fed to an HLR...). Reading back from a binary result is more reliable than storing the values that were fed into a personalization. By auditing final DER results with this code, I discovered: - "oh, there already was some key material in my UPP template." - "all IMSIs ended up the same, forgot to set up the parameter." - the SdKey.apply() implementations currently don't work, see I07dfc378705eba1318e9e8652796cbde106c6a52 for a fix. Change-Id: I234fc4317f0bdc1a486f0cee4fa432c1dce9b463 --- M pySim/esim/saip/personalization.py 1 file changed, 121 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/98/40198/1 diff --git a/pySim/esim/saip/personalization.py b/pySim/esim/saip/personalization.py index aaa4d8f..ca37e3a 100644 --- a/pySim/esim/saip/personalization.py +++ b/pySim/esim/saip/personalization.py @@ -18,13 +18,17 @@ import abc import io import copy -from typing import List, Tuple, Generator +from typing import List, Tuple, Generator, Optional from osmocom.tlv import camel_to_snake -from pySim.utils import enc_iccid, enc_imsi, h2b, rpad, sanitize_iccid, all_subclasses_of +from osmocom.utils import hexstr +from pySim.utils import enc_iccid, dec_iccid, enc_imsi, dec_imsi, h2b, b2h, rpad, sanitize_iccid, all_subclasses_of from pySim.esim.saip import ProfileElement, ProfileElementSequence from pySim.esim.saip import param_source +def unrpad(s: hexstr, c='f') -> hexstr: + return hexstr(s.rstrip(c)) + def remove_unwanted_tuples_from_list(l: List[Tuple], unwanted_keys: List[str]) -> List[Tuple]: """In a list of tuples, remove all tuples whose first part equals 'unwanted_key'.""" return list(filter(lambda x: x[0] not in unwanted_keys, l)) @@ -36,6 +40,22 @@ file.append(('fillFileContent', new_content)) return file +def file_tuples_content_as_bytes(l: List[Tuple]) -> Optional[bytes]: + """linearize a list of fillFileContent / fillFileOffset tuples into a stream of bytes.""" + stream = io.BytesIO() + for k, v in l: + if k == 'doNotCreate': + return None + if k == 'fileDescriptor': + pass + elif k == 'fillFileOffset': + stream.seek(v, os.SEEK_CUR) + elif k == 'fillFileContent': + stream.write(v) + else: + return ValueError("Unknown key '%s' in tuple list" % k) + return stream.getvalue() + class ConfigurableParameter: r"""Base class representing a part of the eSIM profile that is configurable during the personalization process (with dynamic data from elsewhere). @@ -195,6 +215,30 @@ pass @classmethod + def get_values_from_pes(cls, pes: ProfileElementSequence) -> Generator: + '''This is what subclasses implement: yield all values from a decoded profile package. + Find all values in the pes, and yield them decoded to a valid cls.input_value format. + Should be a generator function, i.e. use 'yield' instead of 'return'. + + Usage example: + + cls = esim.saip.personalization.Iccid + # use a set() to get a list of unique values from all results + vals = set( cls.get_values_from_pes(pes) ) + if len(vals) != 1: + raise ValueError(f'{cls.name}: need exactly one value, got {vals}') + # the set contains a single value, return it + return vals.pop() + + Implementation example: + + for pe in pes: + if my_condition(pe): + yield b2h(my_bin_value_from(pe)) + ''' + pass + + @classmethod def get_len_range(cls): """considering all of min_len, max_len and allow_len, get a tuple of the resulting (min, max) of permitted value length. For example, if an input value is an int, which needs to be represented with a minimum nr of @@ -260,6 +304,17 @@ # a DecimalHexParam subclass expects the apply_val() input to be a bytes instance ready for the pes return h2b(val) + @classmethod + def decimal_hex_to_str(cls, val): + 'useful for get_values_from_pes() implementations of subclasses' + if isinstance(val, bytes): + val = b2h(val) + assert isinstance(val, hexstr) + if cls.rpad is not None: + c = cls.rpad_char or 'f' + val = unrpad(val, c) + return val.to_bytes().decode('ascii') + class BinaryParam(ConfigurableParameter): allow_types = (str, io.BytesIO, bytes, bytearray) @@ -305,6 +360,17 @@ # patch MF/EF.ICCID file_replace_content(pes.get_pe_for_type('mf').decoded['ef-iccid'], h2b(enc_iccid(val))) + @classmethod + def get_values_from_pes(cls, pes: ProfileElementSequence): + padded = b2h(pes.get_pe_for_type('header').decoded['iccid']) + iccid = unrpad(padded) + yield iccid + + for pe in pes.get_pes_for_type('mf'): + iccid_pe = pe.decoded.get('ef-iccid', None) + if iccid_pe: + yield dec_iccid(b2h(file_tuples_content_as_bytes(iccid_pe))) + class Imsi(DecimalParam): """Configurable IMSI. Expects value to be a string of digits. Automatically sets the ACC to the last digit of the IMSI.""" @@ -326,6 +392,13 @@ file_replace_content(pe.decoded['ef-acc'], acc.to_bytes(2, 'big')) # TODO: DF.GSM_ACCESS if not linked? + @classmethod + def get_values_from_pes(cls, pes: ProfileElementSequence): + for pe in pes.get_pes_for_type('usim'): + imsi_pe = pe.decoded.get('ef-imsi', None) + if imsi_pe: + yield dec_imsi(b2h(file_tuples_content_as_bytes(imsi_pe))) + class SdKey(BinaryParam): """Configurable Security Domain (SD) Key. Value is presented as bytes.""" @@ -359,6 +432,14 @@ for pe in pes.get_pes_for_type('securityDomain'): cls._apply_sd(pe, value) + @classmethod + def get_values_from_pes(cls, pes: ProfileElementSequence): + for pe in pes.get_pes_for_type('securityDomain'): + for key in pe.decoded['keyList']: + if key['keyIdentifier'][0] == cls.key_id and key['keyVersionNumber'][0] == cls.kvn: + if len(key['keyComponents']) >= 1: + yield b2h(key['keyComponents'][0]['keyData']) + class SdKeyScp80_01(SdKey): kvn = 0x01 key_type = 0x88 # AES key type @@ -495,6 +576,14 @@ raise ValueError("input template UPP has unexpected structure:" f" cannot find pukCode with keyReference={cls.keyReference}") + @classmethod + def get_values_from_pes(cls, pes: ProfileElementSequence): + mf_pes = pes.pes_by_naa['mf'][0] + for pukCodes in obtain_all_pe_from_pelist(mf_pes, 'pukCodes'): + for pukCode in pukCodes.decoded['pukCodes']: + if pukCode['keyReference'] == cls.keyReference: + yield cls.decimal_hex_to_str(pukCode['pukValue']) + class Puk1(Puk): is_abstract = False name = 'PUK1' @@ -532,6 +621,20 @@ raise ValueError('input template UPP has unexpected structure:' + f' {cls.get_name()} cannot find pinCode with keyReference={cls.keyReference}') + @classmethod + def _read_all_pinvalues_from_pe(cls, pe: ProfileElement): + for pinCodes in obtain_all_pe_from_pelist(pe, 'pinCodes'): + if pinCodes.decoded['pinCodes'][0] != 'pinconfig': + continue + + for pinCode in pinCodes.decoded['pinCodes'][1]: + if pinCode['keyReference'] == cls.keyReference: + yield cls.decimal_hex_to_str(pinCode['pinValue']) + + @classmethod + def get_values_from_pes(cls, pes: ProfileElementSequence): + yield from cls._read_all_pinvalues_from_pe(pes.pes_by_naa['mf'][0]) + class Pin1(Pin): is_abstract = False name = 'PIN1' @@ -555,6 +658,14 @@ raise ValueError('input template UPP has unexpected structure:' + f' {cls.get_name()} cannot find pinCode with keyReference={cls.keyReference} in {naa=}') + @classmethod + def get_values_from_pes(cls, pes: ProfileElementSequence): + for naa in pes.pes_by_naa: + if naa not in ['usim','isim','csim','telecom']: + continue + for pe in pes.pes_by_naa[naa]: + yield from cls._read_all_pinvalues_from_pe(pe) + class Adm1(Pin): is_abstract = False name = 'ADM1' @@ -581,6 +692,14 @@ raise ValueError('input template UPP has unexpected structure:' f' {cls.__name__} cannot find algoParameter with key={cls.algo_config_key}') + @classmethod + def get_values_from_pes(cls, pes: ProfileElementSequence): + for pe in pes.get_pes_for_type('akaParameter'): + algoConfiguration = pe.decoded['algoConfiguration'] + if algoConfiguration[0] != 'algoParameter': + continue + yield algoConfiguration[1][cls.algo_config_key] + class AlgorithmID(DecimalParam, AlgoConfig): is_abstract = False -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40198?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I234fc4317f0bdc1a486f0cee4fa432c1dce9b463 Gerrit-Change-Number: 40198 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

[XS] Change in pysim[master]: personalization: indicate default ParamSource per ConfigurableParameter

by neels

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/40200?usp=email ) Change subject: personalization: indicate default ParamSource per ConfigurableParameter ...................................................................... personalization: indicate default ParamSource per ConfigurableParameter Add default_source class members pointing to ParamSource classes to all ConfigurableParameter subclasses. This is useful to automatically set up a default ParamSource for a given ConfigurableParameter subclass, during user interaction to produce a batch personalization. For example, if the user selects a Pin1 parameter, a calling program can implicitly set this to a RandomDigitSource, which will magically make it work the way that most users need. BTW, default_source and default_value can be combined to configure a matching ParamSource instance: my_source = MyParam.default_source.from_str( MyParam.default_value ) Change-Id: Ie58d13bce3fa1aa2547cf3cee918c2f5b30a8b32 --- M pySim/esim/saip/personalization.py 1 file changed, 8 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/00/40200/1 diff --git a/pySim/esim/saip/personalization.py b/pySim/esim/saip/personalization.py index 34d7df9..317cac5 100644 --- a/pySim/esim/saip/personalization.py +++ b/pySim/esim/saip/personalization.py @@ -130,6 +130,7 @@ max_len = None allow_len = None # a list of specific lengths default_value = None + default_source = None # a param_source.ParamSource subclass def __init__(self, input_value=None): self.input_value = input_value # the raw input value as given by caller @@ -345,6 +346,7 @@ min_len = 18 max_len = 20 default_value = '0' * 18 + default_source = param_source.IncDigitSource @classmethod def validate_val(cls, val): @@ -378,6 +380,7 @@ min_len = 6 max_len = 15 default_value = '00101' + ('0' * 10) + default_source = param_source.IncDigitSource @classmethod def apply_val(cls, pes: ProfileElementSequence, val): @@ -410,6 +413,7 @@ key_id = None kvn = None key_usage_qual = None + default_source = param_source.RandomHexDigitSource @classmethod def _apply_sd(cls, pe: ProfileElement, value): @@ -566,6 +570,7 @@ rpad = 16 keyReference = None default_value = '0' * allow_len + default_source = param_source.RandomDigitSource @classmethod def apply_val(cls, pes: ProfileElementSequence, val): @@ -603,6 +608,7 @@ min_len = 4 max_len = 8 default_value = '0' * max_len + default_source = param_source.RandomDigitSource keyReference = None @staticmethod @@ -714,6 +720,7 @@ algo_config_key = 'algorithmID' allow_len = 1 default_value = 1 # Milenage + default_source = param_source.ConstantSource @classmethod def validate_val(cls, val): @@ -732,6 +739,7 @@ algo_config_key = 'key' allow_len = int(128/8) # length in bytes (from BinaryParam) default_value = '00' * allow_len + default_source = param_source.RandomHexDigitSource class Opc(K): name = 'OPc' -- To view, visit https://gerrit.osmocom.org/c/pysim/+/40200?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: Ie58d13bce3fa1aa2547cf3cee918c2f5b30a8b32 Gerrit-Change-Number: 40200 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de>

2 months

1
0
0 0

2025

2024

2023

2022

gerrit-log