laforge submitted this change.
tests/pySim-smpp2sim_test: add testcases for AES128 and AES256
Extend the existing test script so that it can handle multiple
testcases. Also add support for switching eUICC profiles.
Finally, add a testcases to test OTA-SMS (RFM) with AES128 and
AES256 encryption.
Change-Id: I1f10504f3a29a8c74a17991632d932819fecfa5a
Related: OS#6868
---
D tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg
M tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh
A tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg
A tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg
A tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg
5 files changed, 161 insertions(+), 46 deletions(-)
diff --git a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg
deleted file mode 100644
index 1c2a953..0000000
--- a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg
+++ /dev/null
@@ -1,9 +0,0 @@
-# Card parameter:
-ICCID="8949440000001155314"
-KIC='51D4FC44BCBA7C4589DFADA3297720AF'
-KID='0449699C472CE71E2FB7B56245EF7684'
-
-# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response
-TAR='B00010'
-APDU='A0A40000027F20A0C0000016'
-EXPECTED_RESPONSE='0000ffff7f2002000000000009b106350400838a838a 9000'
\ No newline at end of file
diff --git a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh
index 2ca0a9e..0881319 100755
--- a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh
+++ b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh
@@ -20,13 +20,14 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+PYSIM_SHELL=./pySim-shell.py
+PYSIM_SHELL_LOG=./pySim-shell.log
PYSIM_SMPP2SIM=./pySim-smpp2sim.py
PYSIM_SMPP2SIM_LOG=./pySim-smpp2sim.log
PYSIM_SMPP2SIM_PORT=2775
PYSIM_SMPP2SIM_TIMEOUT=10
PYSIM_SMPPOTATOOL=./contrib/smpp-ota-tool.py
PYSIM_SMPPOTATOOL_LOG=./smpp-ota-tool.log
-PYSIM_SHELL=./pySim-shell.py
function dump_logs {
echo ""
@@ -44,12 +45,11 @@
function send_test_request {
echo ""
echo "Sending request to SMPP server:"
- TAR=$1
- C_APDU=$2
- R_APDU_EXPECTED=$3
+ C_APDU=$1
+ R_APDU_EXPECTED=$2
echo "Sending: $C_APDU"
- COMMANDLINE="$PYSIM_SMPPOTATOOL --verbose --port $PYSIM_SMPP2SIM_PORT --kic $KIC --kid $KID --tar $TAR --apdu $C_APDU"
+ COMMANDLINE="$PYSIM_SMPPOTATOOL --verbose --port $PYSIM_SMPP2SIM_PORT --kic $KIC --kid $KID --kic_idx $KEY_INDEX --kid_idx $KEY_INDEX --algo-crypt $ALGO_CRYPT --algo-auth $ALGO_AUTH --tar $TAR --apdu $C_APDU"
echo "Commandline: $COMMANDLINE"
R_APDU=`$COMMANDLINE 2> $PYSIM_SMPPOTATOOL_LOG`
if [ $? -ne 0 ]; then
@@ -57,7 +57,7 @@
dump_logs
exit 1
fi
-
+ echo ""
echo "Got response from SMPP server:"
echo "Sent: $C_APDU"
echo "Received: $R_APDU"
@@ -68,16 +68,14 @@
exit 1
fi
echo "Response matches the expected response -- success!"
- echo ""
}
function start_smpp_server {
PCSC_READER=$1
-
- # Start the SMPP server
echo ""
echo "Starting SMPP server:"
+ # Start the SMPP server
COMMANDLINE="$PYSIM_SMPP2SIM -p $PCSC_READER --smpp-bind-port $PYSIM_SMPP2SIM_PORT --apdu-trace"
echo "Commandline: $COMMANDLINE"
$COMMANDLINE > $PYSIM_SMPP2SIM_LOG 2>&1 &
@@ -102,55 +100,117 @@
echo "SMPP server reachable (port=$PYSIM_SMPP2SIM_PORT)"
}
-function find_card_by_iccid {
- # Find reader number of the card
- ICCID=$1
+function stop_smpp_server {
+ echo ""
+ echo "Stopping SMPP server:"
+ kill $PYSIM_SMPP2SIM_PID
+ echo "SMPP server stopped (PID=$PYSIM_SMPP2SIM_PID)"
+ trap EXIT
+}
+function find_card_by_iccid_or_eid {
+ ICCID=$1
+ EID=$2
echo ""
echo "Searching for card:"
echo "ICCID: \"$ICCID\""
+ if [ -n "$EID" ]; then
+ echo "EID: \"$EID\""
+ fi
+ # Determine number of available PCSC readers
+ PCSC_READER_COUNT=`pcsc_scan -rn | wc -l`
+
+ # In case an EID is set, search for a card with that EID first
+ if [ -n "$EID" ]; then
+ for PCSC_READER in $(seq 0 $(($PCSC_READER_COUNT-1))); do
+ echo "probing card (eID) in reader $PCSC_READER ..."
+ RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select ADF.ISD-R" -e "get_eid" 2> /dev/null | tail -3`
+ echo $RESULT_JSON | grep $EID > /dev/null
+ if [ $? -eq 0 ]; then
+ echo "Found card (eID) in reader $PCSC_READER"
+ return $PCSC_READER
+ fi
+ done
+ fi
+
+ # Search for card with the given ICCID
if [ -z "$ICCID" ]; then
echo "invalid ICCID, zero length ICCID is not allowed! -- abort"
exit 1
fi
-
- PCSC_READER_COUNT=`pcsc_scan -rn | wc -l`
for PCSC_READER in $(seq 0 $(($PCSC_READER_COUNT-1))); do
- echo "probing card in reader $PCSC_READER ..."
- EF_ICCID_DECODED=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e 'select EF.ICCID' -e 'read_binary_decoded --oneline' 2> /dev/null | tail -1`
- echo $EF_ICCID_DECODED | grep $ICCID > /dev/null
+ echo "probing card (ICCID) in reader $PCSC_READER ..."
+ RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select EF.ICCID" -e "read_binary_decoded" 2> /dev/null | tail -3`
+ echo $RESULT_JSON | grep $ICCID > /dev/null
if [ $? -eq 0 ]; then
- echo "Found card in reader $PCSC_READER"
+ echo "Found card (by ICCID) in reader $PCSC_READER"
return $PCSC_READER
fi
done
- echo "Card with ICCID \"$ICCID\" not found -- abort"
+ echo "Card not found -- abort"
exit 1
}
+function enable_profile {
+ PCSC_READER=$1
+ ICCID=$2
+ EID=$3
+ if [ -z "$EID" ]; then
+ # This is no eUICC, nothing to enable
+ return 0
+ fi
+
+ # Check if the profile is already enabled
+ RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select EF.ICCID" -e "read_binary_decoded" 2> /dev/null | tail -3`
+ ICCID_ENABLED=`echo $RESULT_JSON | jq -r '.iccid'`
+ if [ $ICCID != $ICCID_ENABLED ]; then
+ # Disable the currentle enabled profile
+ echo ""
+ echo "Disabeling currently enabled profile:"
+ echo "ICCID: \"$ICCID\""
+ RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select ADF.ISD-R" -e "disable_profile --iccid $ICCID_ENABLED" 2> /dev/null | tail -3`
+ echo $RESULT_JSON | grep "ok" > /dev/null
+ if [ $? -ne 0 ]; then
+ echo "unable to disable profile with \"$ICCID_ENABLED\""
+ exit 1
+ fi
+ echo "profile disabled"
+
+ # Enable the profile we intend to test with
+ echo ""
+ echo "Enabeling profile:"
+ echo "ICCID: \"$ICCID\""
+ RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select ADF.ISD-R" -e "enable_profile --iccid $ICCID" 2> /dev/null | tail -3`
+ echo $RESULT_JSON | grep "ok\|profileNotInDisabledState" > /dev/null
+ if [ $? -ne 0 ]; then
+ echo "unable to enable profile with \"$ICCID\""
+ exit 1
+ fi
+ echo "profile enabled"
+ fi
+}
+
export PYTHONPATH=./
echo "pySim-smpp2sim_test - a test program to test pySim-smpp2sim.py"
echo "=============================================================="
-# TODO: At the moment we can only have one card and one testcase. This is
-# sufficient for now. We can extend this later as needed.
+TESTCASE_DIR=`dirname $0`
+for TEST_CONFIG_FILE in $TESTCASE_DIR/testcase_*.cfg ; do
+ echo ""
+ echo "running testcase: $TEST_CONFIG_FILE"
+ . $TEST_CONFIG_FILE
+ find_card_by_iccid_or_eid $ICCID $EID
+ PCSC_READER=$?
+ enable_profile $PCSC_READER $ICCID $EID
+ start_smpp_server $PCSC_READER
+ send_test_request $APDU "$EXPECTED_RESPONSE"
+ stop_smpp_server
+ echo ""
+ echo "testcase ok"
+ echo "--------------------------------------------------------------"
+done
-# Read test parameters from config from file
-TEST_CONFIG_FILE=${0%.*}.cfg
-echo "using config file: $TEST_CONFIG_FILE"
-if ! [ -e "$TEST_CONFIG_FILE" ]; then
- echo "test configuration file does not exist! -- abort"
- exit 1
-fi
-. $TEST_CONFIG_FILE
-
-# Execute testcase
-find_card_by_iccid $ICCID
-start_smpp_server $?
-send_test_request $TAR $APDU "$EXPECTED_RESPONSE"
-
-
-
+echo "done."
diff --git a/tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg b/tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg
new file mode 100644
index 0000000..e056490
--- /dev/null
+++ b/tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg
@@ -0,0 +1,17 @@
+# Preparation:
+# This testcase executes against a sysmoISIM-SJA5 card. For the testcase, the
+# key configuration on the card may be used as it is.
+
+# Card parameter:
+ICCID="8949440000001155314" # <-- change to the ICCID of your card!
+EID=""
+KIC='51D4FC44BCBA7C4589DFADA3297720AF' # <-- change to the KIC1 of your card!
+KID='0449699C472CE71E2FB7B56245EF7684' # <-- change to the KID1 of your card!
+KEY_INDEX=1
+ALGO_CRYPT=triple_des_cbc2
+ALGO_AUTH=triple_des_cbc2
+TAR='B00010'
+
+# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response
+APDU='A0A40000027F20A0C0000016'
+EXPECTED_RESPONSE='0000ffff7f2002000000000009b106350400838a838a 9000'
diff --git a/tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg b/tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg
new file mode 100644
index 0000000..cfd0ef5
--- /dev/null
+++ b/tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg
@@ -0,0 +1,19 @@
+# Preparation:
+# This testcase executes against a sysmoEUICC1-C2T, which is equipped with the
+# TS48V1-B-UNIQUE test profile from https://test.rsp.sysmocom.de/ (Activation
+# code: 1$smdpp.test.rsp.sysmocom.de$TS48V1-B-UNIQUE). This testprofile must be
+# present on the eUICC before this testcase can be executed.
+
+# Card parameter:
+ICCID="8949449999999990031"
+EID="89049044900000000000000000102355" # <-- change to the EID of your card!
+KIC='66778899aabbccdd1122334455eeff10'
+KID='112233445566778899aabbccddeeff10'
+KEY_INDEX=2
+ALGO_CRYPT=aes_cbc
+ALGO_AUTH=aes_cmac
+TAR='b00120'
+
+# Testcase: Send OTA-SMS that selects DF.ICCID and returns the select response
+APDU='00a40004022fe200C000001d'
+EXPECTED_RESPONSE='621b8202412183022fe2a503d001408a01058b032f06038002000a8800 9000'
\ No newline at end of file
diff --git a/tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg b/tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg
new file mode 100644
index 0000000..0bffbbe
--- /dev/null
+++ b/tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg
@@ -0,0 +1,28 @@
+# Preparation:
+# This testcase executes against a sysmoISIM-SJA5 card. Since this card model is
+# shipped with a classic DES key configuration, it is necessary to provision
+# AES128 test keys before this testcase may be executed. The the following
+# pySim-shell command sequence may be used:
+#
+# verify_adm 34173960 # <-- change to the ADM key of your card!
+# select /DF.SYSTEM/EF.0348_KEY
+# update_record 10 fe03601111111111111111111111111111111111111111111111111111111111111111
+# update_record 11 fe03612222222222222222222222222222222222222222222222222222222222222222
+# update_record 12 fe03623333333333333333333333333333333333333333333333333333333333333333
+#
+# This overwrites one of the already existing 3DES SCP02 key (KVN 47) and replaces it
+# with an AES256 SCP80 key (KVN 3).
+
+# Card parameter:
+ICCID="8949440000001155314" # <-- change to the ICCID of your card!
+EID=""
+KIC='1111111111111111111111111111111111111111111111111111111111111111'
+KID='2222222222222222222222222222222222222222222222222222222222222222'
+KEY_INDEX=3
+ALGO_CRYPT=aes_cbc
+ALGO_AUTH=aes_cmac
+TAR='B00010'
+
+# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response
+APDU='A0A40000027F20A0C0000016'
+EXPECTED_RESPONSE='0000ffff7f2002000000000009b106350400838a838a 9000'
To view, visit change 42189. To unsubscribe, or for help writing mail filters, visit settings.