Project

General

Profile

Feature #4807

Support for writing EF_SUCI_Calc_Info

Added by laforge 7 months ago. Updated 9 days ago.

Status:
Resolved
Priority:
Low
Assignee:
Target version:
-
Start date:
10/14/2020
Due date:
% Done:

100%

Spec Reference:

Description

Modern cards (including sysmoISIM-SJA2) have an ADF_USIM/EF_SUCI_Calc_Info which is used by 5G UE to perform the SUPI concealment (computation of SUCI).

It would be useful to have pySim support to
  • enable/disable this (Service 124 in EF_UST)
  • read/write ADF_USIM/EF_SUCI_Calc_Info

History

#1 Updated by Brandon 4 months ago

#2 Updated by merlinchlosta 3 months ago

Just a quick observation:

sysmoISIM-SJA2 has Services 123 (5G Security Parameters) & 124 set by default but no EF_5G_Auth_Keys and EF_SUCI_Calc_Info files present. My Qualcomm modems don't fall back to IMSI then but instead show a USIM failure and apparently stop searching/connecting anything 5G.

So either disabling the services or writing the files is a must with these modems and 5G-SA.

#3 Updated by laforge 3 months ago

On Sun, Feb 21, 2021 at 01:52:18PM +0000, merlinchlosta [REDMINE] wrote:

sysmoISIM-SJA2 has Services 123 (5G Security Parameters) & 124 set by default but no EF_5G_Auth_Keys and EF_SUCI_Calc_Info files present.

Those files defintiely exist. how did you check for those files presence and how did you determine
they don't? Please let me know so we can clarify.

DF_5GS should exist in ADF_USIM, and below DF_5GS there are
  • EF_5GS3GPPLOCI
  • EF_5GSN3GPPLOCI
  • EF_5GS3GPPNSC
  • EF_5GSN3GPPNSC
  • EF_5GAUTHKEYS
  • EF_UAC_AIC
  • EF_SUCI_CalcInfo
  • EF_OPL5G
  • EF_SNSI
  • EF_Routing_Indicator

So either disabling the services or writing the files is a must with these modems and 5G-SA.

Yes, you either need to
  1. disable the services in the SST (if not needed), or
  2. actually write your related information/configuration to the files (which do exist)

The same is true for virtually all the files on the cards. We generally try to create
all files that are ever specified anywhere in 3GPP specs, as creation of new files is only
possible during card personalization and not later at runtime. It's then up to the user to
enable/disable those services they need / want in EF.SST, EF.UST and EF.IST.

Regards,
Harald

#4 Updated by merlinchlosta 3 months ago

I've added the following code in pySim-read, just after USIM initialization (I'm not very familiar with SIM, want to make sure I'm in the right… directory?)

    # Check whether we have th AID of USIM, if so select it by its AID
    # EF.UST - File Id in ADF USIM : 6f38
    if '9000' == card.select_adf_by_aid():
        # Select USIM profile
        usim_card = UsimCard(scc)

        print("EF_UST available (just to check): %s" % str(usim_card.file_exists('6F38')))
        print("EF_SUCI_Calc_Info available: %s" % str(usim_card.file_exists('4F07')))
        print("EF_5G_Auth_Keys available: %s" % str(usim_card.file_exists('4F05')))

        (res, sw) = card.read_binary('6F38')
        if sw == '9000':
            print("EF_UST: %s" % res)
        else:
            print("EF_UST: Can't read, response code = %s" % (sw,))

        (res, sw) = card.read_binary('4F07')
        if sw == '9000':
            print("EF_SUCI_Calc_Info: %s" % res)
        else:
            print("EF_SUCI_Calc_Info: Can't read, response code = %s" % (sw,))

        (res, sw) = card.read_binary('4F05')
        if sw == '9000':
            print("EF_5G_Auth_Keys: %s" % res)
        else:
            print("EF_5G_Auth_Keys: Can't read, response code = %s" % (sw,))

Output:

Using PC/SC reader interface
Reading ...
Autodetected card type: sysmoISIM-SJA2
ICCID: 8988211000000448822
...
EF_UST available (just to check): True
EF_SUCI_Calc_Info available: False
EF_5G_Auth_Keys available: False
EF_UST: beff9f9de73e0408400170330000000000000000
Traceback (most recent call last):
  File "./pySim-read.py", line 267, in <module>
    (res, sw) = card.read_binary('4F07')
  File "/home/merlin/tools/pysim/pySim/cards.py", line 189, in read_binary
    return self._scc.read_binary(ef_path, length, offset)
  File "/home/merlin/tools/pysim/pySim/commands.py", line 128, in read_binary
    r = self.select_file(ef)
  File "/home/merlin/tools/pysim/pySim/commands.py", line 119, in select_file
    data, sw = self._tp.send_apdu_checksw(self.cla_byte + "a4" + self.sel_ctrl + "02" + i)
  File "/home/merlin/tools/pysim/pySim/transport/__init__.py", line 104, in send_apdu_checksw
    raise RuntimeError("SW match failed! Expected %s and got %s." % (sw.lower(), rv[1]))
RuntimeError: SW match failed! Expected 9000 and got 6a82.

Same if I read the other file first, 6a82 seems something like "not found". If I understand correctly, a locked file would still be found?

I've played with the MS Operation Mode as well but besides the card is pretty fresh.

#5 Updated by laforge 3 months ago

On Mon, Feb 22, 2021 at 07:19:26AM +0000, merlinchlosta [REDMINE] wrote:

I've added the following code in pySim-read, just after USIM initialization (I'm not very familiar with SIM, want to make sure I'm in the right… directory?)

You are not in the right directory. You are in ADF.USIM, not in ADF.USIM/DF.5GS

See 3GPP TS 31.102 for the directory hierarchy.

#6 Updated by merlinchlosta 3 months ago

Thanks a lot, the files are there of course.

For anybody googling this, I read ADF.USIM/DF.5GS like this: https://github.com/mrlnc/pysim/commit/c7f9afeeeb43dd4f62ced3f1c63aa21983fcdb24
and updated the UST with something like this in SysmoISIMSJA2.program():

        print("Disabling 5G Security Parameters")
        ust_5g = [122, 123, 124, 126]
        for service in ust_5g:
            sw = self.update_ust(service, 0)
            if sw != '9000':
                print("Disabling 5G Service %i failed with code %s"% (service, sw))

#7 Updated by merlinchlosta 2 months ago

For each key we need some parameters, which is quite annoying via CLI.
  • scheme (profile A or B)
  • key identifier (currently hardcoded & limited to 1 byte)
  • key
  • priority in some way

My WIP branch is here: https://github.com/mrlnc/pysim/tree/wip-suci

Right now the identifiers & file order are hardcoded to replicate the test file from TS31.121 4.9.4. Changing priority works as expected and is accepted by the modem.

I'll check out the pySim-shell first.

#8 Updated by laforge 2 months ago

Hi Merlin,

On Sat, Mar 06, 2021 at 04:31:00PM +0000, merlinchlosta [REDMINE] wrote:

For each key we need some parameters, which is quite annoying via CLI.

that's exactly why we started pySim-shell. The core code base is merged by now,
also showing a variety of example classes for encoding/decoding some of the files.

Feel free to reach out in case you have any questions regarding pySim-shell.

#9 Updated by merlinchlosta about 1 month ago

pysim-shell is pretty cool! I integrated SUCI-Calc-Info: https://github.com/mrlnc/pysim/tree/wip-shell-suci

Works:
  • Encode + Write
  • Read + Decode
  • Testcase replicating the example file from

I take the JSON input to encode the file; what would be the right place for documentation of the format?


pySIM-shell (MF)> select ADF.USIM
pySIM-shell (MF/ADF.USIM)> select DF.5GS 
pySIM-shell (MF/ADF.USIM/DF.5GS)> select EF.SUCI_Calc_Info 
pySIM-shell (MF/ADF.USIM/DF.5GS/EF.SUCI_Calc_Info)> update_binary_decoded '{"prot_scheme_id_list": [{"priority": 0, "identifier": 2, "key_index": 1}, {"priority": 1, "identifier": 1, "key_index": 2}, {"priority": 2, "identifier": 0, "key_index": 0}], "hnet_pubkey_list": [{"hnet_pubkey_identifier": 27, "hnet_pubkey": "0272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd1"}, {"hnet_pubkey_identifier": 30, "hnet_pubkey": "5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650"}]}
pySIM-shell (MF/ADF.USIM/DF.5GS/EF.SUCI_Calc_Info)> read_binary_decoded
9000: a006020101020000a14b80011b81210272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd180011e81205a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650a650ffffffffffffffffffffffffff -> {'prot_scheme_id_list': [{'priority': 0, 'identifier': 2, 'key_index': 1}, {'priority': 1, 'identifier': 1, 'key_index': 2}, {'priority': 2, 'identifier': 0, 'key_index': 0}], 'hnet_pubkey_list': [{'hnet_pubkey_identifier': 27, 'hnet_pubkey': '0272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd1'}, {'hnet_pubkey_identifier': 30, 'hnet_pubkey': '5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650'}]}
{
    "prot_scheme_id_list": [
        {
            "priority": 0,
            "identifier": 2,
            "key_index": 1
        },
        {
            "priority": 1,
            "identifier": 1,
            "key_index": 2
        },
        {
            "priority": 2,
            "identifier": 0,
            "key_index": 0
        }
    ],
    "hnet_pubkey_list": [
        {
            "hnet_pubkey_identifier": 27,
            "hnet_pubkey": "0272da71976234ce833a6907425867b82e074d44ef907dfb4b3e21c1c2256ebcd1" 
        },
        {
            "hnet_pubkey_identifier": 30,
            "hnet_pubkey": "5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650" 
        }
    ]
}

Export still fails; maybe I didn't register the directory correctly?
Output:


################################################################################
# MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI                                            #
################################################################################
# directory: MF/ADF.USIM/DF.5GS (3f00/a0000000871002/5fc0)
# file: EF.5GS3GPPLOCI (4f01)
# bad file: MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI/EF.5GS3GPPLOCI, string indices must be integers
#
################################################################################
# MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI/EF.5GSN3GPPLOCI                            #
################################################################################
# directory: MF/ADF.USIM/DF.5GS/EF.5GS3GPPLOCI (3f00/a0000000871002/5fc0/4f01)
# file: EF.5GSN3GPPLOCI (4f02)
# bad file: MF/ADF.USIM/DF.5GS/EF.5GSN3GPPLOCI/EF.5GSN3GPPLOCI, string indices must be integers

Fails because fcp_dec = self._cmd.rs.select(filename, self._cmd) doesn't return a dict but some hex string.

#10 Updated by laforge about 1 month ago

  • Status changed from New to In Progress
  • Assignee set to dexter

#11 Updated by laforge about 1 month ago

merlinchlosta wrote:

pysim-shell is pretty cool! I integrated SUCI-Calc-Info: https://github.com/mrlnc/pysim/tree/wip-shell-suci

happy to hear you like it.

I take the JSON input to encode the file; what would be the right place for documentation of the format?

Unfortunately we haven't yet figured that out. I'm not sure what kind of frameworks would exist in python to help us with documentation. Ideally the documentation would be written in-line next to the code (less chance to go out of date), and then extracted into some kind of spec/reference document.

Export still fails; maybe I didn't register the directory correctly?

I've assigned this ticket to dexter who wrote the export, maybe he can help.

#12 Updated by merlinchlosta about 1 month ago

applied your comments from github, gerrit PR: https://gerrit.osmocom.org/c/pysim/+/23564

#13 Updated by merlinchlosta about 1 month ago

Export works as expected since you removed the DF.5GS decode_select_response() in commit 082d4e095688df3cbbb8675e4bf4bdade6a28d14.

#14 Updated by dexter 9 days ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

Hello merlinchlosta,

thanks for contributing to pySim-shell. I see your patch got merged some time ago. I have now tested (decoded) reading and writing of EF_UST and ADF_USIM/EF_SUCI_Calc_Info and as far as I can tell it works fine. So I think we can close this ticket now.

Best regards.
Philipp

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)