laforge submitted this change.

View Change

Approvals: laforge: Looks good to me, approved Jenkins Builder: Verified 
contrib/smpp-ota-tool: warn about mixed up KIC/KIC indexes

Cards usually have multiple sets of KIC, KID (and KIK). The keys
are selected through an index. However, mixing keys from different
sets is concidered as a security violation and cards should reject
such configurations.

Let's print a warning to make users aware that something is off.

Change-Id: Ieb4e14145baba1c2cb4a237b612b04694940f402
Related: OS#6868
---
M contrib/smpp-ota-tool.py
1 file changed, 4 insertions(+), 0 deletions(-)

diff --git a/contrib/smpp-ota-tool.py b/contrib/smpp-ota-tool.py
index c2e9562..0903533 100755
--- a/contrib/smpp-ota-tool.py
+++ b/contrib/smpp-ota-tool.py
@@ -214,6 +214,10 @@
                         format='%(asctime)s %(levelname)s %(message)s',
                         datefmt='%Y-%m-%d %H:%M:%S')
 
+    if opts.kic_idx != opts.kid_idx:
+        logger.warning("KIC index (%s) and KID index (%s) are different (security violation, card should reject message)",
+                       opts.kic_idx, opts.kid_idx)
+
     ota_keyset = OtaKeyset(algo_crypt=opts.algo_crypt,
                            kic_idx=opts.kic_idx,
                            kic=h2b(opts.kic),

To view, visit change 42186. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: pysim
Gerrit-Branch: master
Gerrit-Change-Id: Ieb4e14145baba1c2cb4a237b612b04694940f402
Gerrit-Change-Number: 42186
Gerrit-PatchSet: 2
Gerrit-Owner: dexter <pmaier@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge@osmocom.org>