Feature #4807
closedSupport for writing EF_SUCI_Calc_Info
100%
Description
Modern cards (including sysmoISIM-SJA2) have an ADF_USIM/EF_SUCI_Calc_Info which is used by 5G UE to perform the SUPI concealment (computation of SUCI).
It would be useful to have pySim support to- enable/disable this (Service 124 in EF_UST)
- read/write ADF_USIM/EF_SUCI_Calc_Info
Updated by merlinchlosta about 3 years ago
Just a quick observation:
sysmoISIM-SJA2 has Services 123 (5G Security Parameters) & 124 set by default but no EF_5G_Auth_Keys and EF_SUCI_Calc_Info files present. My Qualcomm modems don't fall back to IMSI then but instead show a USIM failure and apparently stop searching/connecting anything 5G.
So either disabling the services or writing the files is a must with these modems and 5G-SA.
Updated by laforge about 3 years ago
On Sun, Feb 21, 2021 at 01:52:18PM +0000, merlinchlosta [REDMINE] wrote:
sysmoISIM-SJA2 has Services 123 (5G Security Parameters) & 124 set by default but no EF_5G_Auth_Keys and EF_SUCI_Calc_Info files present.
Those files defintiely exist. how did you check for those files presence and how did you determine
they don't? Please let me know so we can clarify.
- EF_5GS3GPPLOCI
- EF_5GSN3GPPLOCI
- EF_5GS3GPPNSC
- EF_5GSN3GPPNSC
- EF_5GAUTHKEYS
- EF_UAC_AIC
- EF_SUCI_CalcInfo
- EF_OPL5G
- EF_SNSI
- EF_Routing_Indicator
Yes, you either need toSo either disabling the services or writing the files is a must with these modems and 5G-SA.
- disable the services in the SST (if not needed), or
- actually write your related information/configuration to the files (which do exist)
The same is true for virtually all the files on the cards. We generally try to create
all files that are ever specified anywhere in 3GPP specs, as creation of new files is only
possible during card personalization and not later at runtime. It's then up to the user to
enable/disable those services they need / want in EF.SST, EF.UST and EF.IST.
Regards,
Harald
Updated by merlinchlosta about 3 years ago
I've added the following code in pySim-read, just after USIM initialization (I'm not very familiar with SIM, want to make sure I'm in the right… directory?)
# Check whether we have th AID of USIM, if so select it by its AID
# EF.UST - File Id in ADF USIM : 6f38
if '9000' == card.select_adf_by_aid():
# Select USIM profile
usim_card = UsimCard(scc)
print("EF_UST available (just to check): %s" % str(usim_card.file_exists('6F38')))
print("EF_SUCI_Calc_Info available: %s" % str(usim_card.file_exists('4F07')))
print("EF_5G_Auth_Keys available: %s" % str(usim_card.file_exists('4F05')))
(res, sw) = card.read_binary('6F38')
if sw == '9000':
print("EF_UST: %s" % res)
else:
print("EF_UST: Can't read, response code = %s" % (sw,))
(res, sw) = card.read_binary('4F07')
if sw == '9000':
print("EF_SUCI_Calc_Info: %s" % res)
else:
print("EF_SUCI_Calc_Info: Can't read, response code = %s" % (sw,))
(res, sw) = card.read_binary('4F05')
if sw == '9000':
print("EF_5G_Auth_Keys: %s" % res)
else:
print("EF_5G_Auth_Keys: Can't read, response code = %s" % (sw,))
Output:
Using PC/SC reader interface
Reading ...
Autodetected card type: sysmoISIM-SJA2
ICCID: 8988211000000448822
...
EF_UST available (just to check): True
EF_SUCI_Calc_Info available: False
EF_5G_Auth_Keys available: False
EF_UST: beff9f9de73e0408400170330000000000000000
Traceback (most recent call last):
File "./pySim-read.py", line 267, in <module>
(res, sw) = card.read_binary('4F07')
File "/home/merlin/tools/pysim/pySim/cards.py", line 189, in read_binary
return self._scc.read_binary(ef_path, length, offset)
File "/home/merlin/tools/pysim/pySim/commands.py", line 128, in read_binary
r = self.select_file(ef)
File "/home/merlin/tools/pysim/pySim/commands.py", line 119, in select_file
data, sw = self._tp.send_apdu_checksw(self.cla_byte + "a4" + self.sel_ctrl + "02" + i)
File "/home/merlin/tools/pysim/pySim/transport/__init__.py", line 104, in send_apdu_checksw
raise RuntimeError("SW match failed! Expected %s and got %s." % (sw.lower(), rv[1]))
RuntimeError: SW match failed! Expected 9000 and got 6a82.
Same if I read the other file first, 6a82 seems something like "not found". If I understand correctly, a locked file would still be found?
I've played with the MS Operation Mode as well but besides the card is pretty fresh.
Updated by laforge about 3 years ago
On Mon, Feb 22, 2021 at 07:19:26AM +0000, merlinchlosta [REDMINE] wrote:
I've added the following code in pySim-read, just after USIM initialization (I'm not very familiar with SIM, want to make sure I'm in the right… directory?)
You are not in the right directory. You are in ADF.USIM, not in ADF.USIM/DF.5GS
See 3GPP TS 31.102 for the directory hierarchy.
Updated by merlinchlosta about 3 years ago
Thanks a lot, the files are there of course.
For anybody googling this, I read ADF.USIM/DF.5GS like this: https://github.com/mrlnc/pysim/commit/c7f9afeeeb43dd4f62ced3f1c63aa21983fcdb24
and updated the UST with something like this in SysmoISIMSJA2.program():
print("Disabling 5G Security Parameters")
ust_5g = [122, 123, 124, 126]
for service in ust_5g:
sw = self.update_ust(service, 0)
if sw != '9000':
print("Disabling 5G Service %i failed with code %s"% (service, sw))
Updated by merlinchlosta about 3 years ago
- scheme (profile A or B)
- key identifier (currently hardcoded & limited to 1 byte)
- key
- priority in some way
My WIP branch is here: https://github.com/mrlnc/pysim/tree/wip-suci
Right now the identifiers & file order are hardcoded to replicate the test file from TS31.121 4.9.4. Changing priority works as expected and is accepted by the modem.
I'll check out the pySim-shell first.
Updated by laforge about 3 years ago
Hi Merlin,
On Sat, Mar 06, 2021 at 04:31:00PM +0000, merlinchlosta [REDMINE] wrote:
For each key we need some parameters, which is quite annoying via CLI.
that's exactly why we started pySim-shell. The core code base is merged by now,
also showing a variety of example classes for encoding/decoding some of the files.
Feel free to reach out in case you have any questions regarding pySim-shell.
Updated by merlinchlosta about 3 years ago
pysim-shell is pretty cool! I integrated SUCI-Calc-Info: https://github.com/mrlnc/pysim/tree/wip-shell-suci
Works:- Encode + Write
- Read + Decode
- Testcase replicating the example file from
I take the JSON input to encode the file; what would be the right place for documentation of the format?
pySIM-shell (MF)> select ADF.USIM
pySIM-shell (MF/ADF.USIM)> select DF.5GS
pySIM-shell (MF/ADF.USIM/DF.5GS)> select EF.SUCI_Calc_Info
pySIM-shell (MF/ADF.USIM/DF.5GS/EF.SUCI_Calc_Info)> update_binary_decoded '{"prot_scheme_id_list": [{"priority": 0, "identifier": 2, "key_index": 1}, {"priority": 1, "identifier": 1, "key_index": 2}, {"priority": 2, "identifier": 0, "key_index": 0}], "hnet_pubkey_list": [{"hnet_pubkey_identifier": 27, "hnet_pubkey": "0272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd1"}, {"hnet_pubkey_identifier": 30, "hnet_pubkey": "5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650"}]}
pySIM-shell (MF/ADF.USIM/DF.5GS/EF.SUCI_Calc_Info)> read_binary_decoded
9000: a006020101020000a14b80011b81210272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd180011e81205a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650a650ffffffffffffffffffffffffff -> {'prot_scheme_id_list': [{'priority': 0, 'identifier': 2, 'key_index': 1}, {'priority': 1, 'identifier': 1, 'key_index': 2}, {'priority': 2, 'identifier': 0, 'key_index': 0}], 'hnet_pubkey_list': [{'hnet_pubkey_identifier': 27, 'hnet_pubkey': '0272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd1'}, {'hnet_pubkey_identifier': 30, 'hnet_pubkey': '5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650'}]}
{
"prot_scheme_id_list": [
{
"priority": 0,
"identifier": 2,
"key_index": 1
},
{
"priority": 1,
"identifier": 1,
"key_index": 2
},
{
"priority": 2,
"identifier": 0,
"key_index": 0
}
],
"hnet_pubkey_list": [
{
"hnet_pubkey_identifier": 27,
"hnet_pubkey": "0272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd1"
},
{
"hnet_pubkey_identifier": 30,
"hnet_pubkey": "5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650"
}
]
}
Export still fails; maybe I didn't register the directory correctly?
Output:
################################################################################
# MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI #
################################################################################
# directory: MF/ADF.USIM/DF.5GS (3f00/a0000000871002/5fc0)
# file: EF.5GS3GPPLOCI (4f01)
# bad file: MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI/EF.5GS3GPPLOCI, string indices must be integers
#
################################################################################
# MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI/EF.5GSN3GPPLOCI #
################################################################################
# directory: MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI (3f00/a0000000871002/5fc0/4f01)
# file: EF.5GSN3GPPLOCI (4f02)
# bad file: MF/ADF.USIM/DF.5GS/EF.5GSN3GPPLOCI/EF.5GSN3GPPLOCI, string indices must be integers
Fails because
fcp_dec = self._cmd.rs.select(filename, self._cmd)
doesn't return a dict but some hex string.Updated by laforge about 3 years ago
- Status changed from New to In Progress
- Assignee set to dexter
Updated by laforge about 3 years ago
merlinchlosta wrote:
pysim-shell is pretty cool! I integrated SUCI-Calc-Info: https://github.com/mrlnc/pysim/tree/wip-shell-suci
happy to hear you like it.
I take the JSON input to encode the file; what would be the right place for documentation of the format?
Unfortunately we haven't yet figured that out. I'm not sure what kind of frameworks would exist in python to help us with documentation. Ideally the documentation would be written in-line next to the code (less chance to go out of date), and then extracted into some kind of spec/reference document.
Export still fails; maybe I didn't register the directory correctly?
I've assigned this ticket to dexter who wrote the export, maybe he can help.
Updated by merlinchlosta about 3 years ago
applied your comments from github, gerrit PR: https://gerrit.osmocom.org/c/pysim/+/23564
Updated by merlinchlosta about 3 years ago
Export works as expected since you removed the DF.5GS decode_select_response() in commit 082d4e095688df3cbbb8675e4bf4bdade6a28d14.
Updated by dexter almost 3 years ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
Hello merlinchlosta,
thanks for contributing to pySim-shell. I see your patch got merged some time ago. I have now tested (decoded) reading and writing of EF_UST and ADF_USIM/EF_SUCI_Calc_Info and as far as I can tell it works fine. So I think we can close this ticket now.
Best regards.
Philipp
