dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/37947?usp=email )
Change subject: suci-tutorial: add section about SUCI calculation by the USIM ...................................................................... suci-tutorial: add section about SUCI calculation by the USIM The tutorial describes how SUCI calculation in the UE is configure, let's now ad a section about SUCI calculation by the USIM. Related: OS#6531 Change-Id: I45d47f9278b30d99ebde6891de0ba8cc74b1a0a0 --- M docs/suci-tutorial.rst 1 file changed, 51 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/47/37947/1 diff --git a/docs/suci-tutorial.rst b/docs/suci-tutorial.rst index 60d2190..3dc183a 100644 --- a/docs/suci-tutorial.rst +++ b/docs/suci-tutorial.rst @@ -193,3 +193,54 @@ whole modem shutting 5G down. If you don’t need SUCI concealment but the smartphone refuses to connect to any 5G network, try to disable the UST service 124. + +SUCI calculation by the USIM +---------------------------- + +The SUCI calculation can also be performed by the USIM application on the UICC +directly. The UE then uses the GET IDENTITY command (see also 3GPP TS 31.102, +section 7.5) to retrieve a SUCI value. + +The sysmoISIM-SJA5-S17 *SUCI calculation by the USIM*. The configuration is not +much different to the above described configuration of *SUCI calculation in the +UE*. + +The main difference is how the key provisioning is done. When the SUCI +calculation is done by the USIM, then the key material is not accessed by the +UE. The specification (see also 3GPP TS 31.102, section 7.5.1.1), also does not +specifiy any file or file format to store the key material. This means the exact +way to perform the key provisioning is an implementation detail of the USIM +card application. + +In the case of sysmoISIM-SJA5-S17 the key material is stored in EF.SUCI_Calc_Info, +which is located in DF.SAIP instead of DF.5GS + +:: + + pySIM-shell (00:MF)> select MF + pySIM-shell (00:MF)> select ADF.USIM + pySIM-shell (00:MF/ADF.USIM)> select DF.SAIP + pySIM-shell (00:MF/ADF.USIM/DF.5GS)> select EF.SUCI_Calc_Info + +The file format is exactly the same as specified in 3GPP TS 31.102, section +4.4.11.8. This means the above described key provisioning procedure can be +applied without any changed, except that the file location is different. + +To signal to the UE that the USIM is setup up for SUCI calculation, service +125 must be enabled as well (see also 3GPP TS 31.102, section 5.3.48) + +:: + pySIM-shell (00:MF/ADF.USIM/EF.UST)> ust_service_activate 124 + pySIM-shell (00:MF/ADF.USIM/EF.UST)> ust_service_activate 125 + +To verify that the SUCI calculation works as expected, it is possible to issue +a GET IDENTITY command using pySim-shell: + +:: + select ADF.USIM + get_identity + +The USIM should then return a SUCI TLV Data object that looks like this: + +:: + SUCI TLV Data Object: 0199f90717ff021b027a2c58ce1c6b89df088a9eb4d242596dd75746bb5f3503d2cf58a7461e4fd106e205c86f76544e9d732226a4e1 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/37947?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I45d47f9278b30d99ebde6891de0ba8cc74b1a0a0 Gerrit-Change-Number: 37947 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <[email protected]>
