dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/42189?usp=email )
Change subject: tests/pySim-smpp2sim_test: add testcases for AES128 and AES256 ...................................................................... tests/pySim-smpp2sim_test: add testcases for AES128 and AES256 Extend the existing test script so that it can handle multiple testcases. Also add support for switching eUICC profiles. Finally, add a testcases to test OTA-SMS (RFM) with AES128 and AES256 encryption. Change-Id: I1f10504f3a29a8c74a17991632d932819fecfa5a Related: OS#6868 --- D tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg M tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh A tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg A tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg A tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg 5 files changed, 161 insertions(+), 46 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/89/42189/1 diff --git a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg deleted file mode 100644 index 1c2a953..0000000 --- a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.cfg +++ /dev/null @@ -1,9 +0,0 @@ -# Card parameter: -ICCID="8949440000001155314" -KIC='51D4FC44BCBA7C4589DFADA3297720AF' -KID='0449699C472CE71E2FB7B56245EF7684' - -# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response -TAR='B00010' -APDU='A0A40000027F20A0C0000016' -EXPECTED_RESPONSE='0000ffff7f2002000000000009b106350400838a838a 9000' \ No newline at end of file diff --git a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh index 2ca0a9e..0881319 100755 --- a/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh +++ b/tests/pySim-smpp2sim_test/pySim-smpp2sim_test.sh @@ -20,13 +20,14 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +PYSIM_SHELL=./pySim-shell.py +PYSIM_SHELL_LOG=./pySim-shell.log PYSIM_SMPP2SIM=./pySim-smpp2sim.py PYSIM_SMPP2SIM_LOG=./pySim-smpp2sim.log PYSIM_SMPP2SIM_PORT=2775 PYSIM_SMPP2SIM_TIMEOUT=10 PYSIM_SMPPOTATOOL=./contrib/smpp-ota-tool.py PYSIM_SMPPOTATOOL_LOG=./smpp-ota-tool.log -PYSIM_SHELL=./pySim-shell.py function dump_logs { echo "" @@ -44,12 +45,11 @@ function send_test_request { echo "" echo "Sending request to SMPP server:" - TAR=$1 - C_APDU=$2 - R_APDU_EXPECTED=$3 + C_APDU=$1 + R_APDU_EXPECTED=$2 echo "Sending: $C_APDU" - COMMANDLINE="$PYSIM_SMPPOTATOOL --verbose --port $PYSIM_SMPP2SIM_PORT --kic $KIC --kid $KID --tar $TAR --apdu $C_APDU" + COMMANDLINE="$PYSIM_SMPPOTATOOL --verbose --port $PYSIM_SMPP2SIM_PORT --kic $KIC --kid $KID --kic_idx $KEY_INDEX --kid_idx $KEY_INDEX --algo-crypt $ALGO_CRYPT --algo-auth $ALGO_AUTH --tar $TAR --apdu $C_APDU" echo "Commandline: $COMMANDLINE" R_APDU=`$COMMANDLINE 2> $PYSIM_SMPPOTATOOL_LOG` if [ $? -ne 0 ]; then @@ -57,7 +57,7 @@ dump_logs exit 1 fi - + echo "" echo "Got response from SMPP server:" echo "Sent: $C_APDU" echo "Received: $R_APDU" @@ -68,16 +68,14 @@ exit 1 fi echo "Response matches the expected response -- success!" - echo "" } function start_smpp_server { PCSC_READER=$1 - - # Start the SMPP server echo "" echo "Starting SMPP server:" + # Start the SMPP server COMMANDLINE="$PYSIM_SMPP2SIM -p $PCSC_READER --smpp-bind-port $PYSIM_SMPP2SIM_PORT --apdu-trace" echo "Commandline: $COMMANDLINE" $COMMANDLINE > $PYSIM_SMPP2SIM_LOG 2>&1 & @@ -102,55 +100,117 @@ echo "SMPP server reachable (port=$PYSIM_SMPP2SIM_PORT)" } -function find_card_by_iccid { - # Find reader number of the card - ICCID=$1 +function stop_smpp_server { + echo "" + echo "Stopping SMPP server:" + kill $PYSIM_SMPP2SIM_PID + echo "SMPP server stopped (PID=$PYSIM_SMPP2SIM_PID)" + trap EXIT +} +function find_card_by_iccid_or_eid { + ICCID=$1 + EID=$2 echo "" echo "Searching for card:" echo "ICCID: \"$ICCID\"" + if [ -n "$EID" ]; then + echo "EID: \"$EID\"" + fi + # Determine number of available PCSC readers + PCSC_READER_COUNT=`pcsc_scan -rn | wc -l` + + # In case an EID is set, search for a card with that EID first + if [ -n "$EID" ]; then + for PCSC_READER in $(seq 0 $(($PCSC_READER_COUNT-1))); do + echo "probing card (eID) in reader $PCSC_READER ..." + RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select ADF.ISD-R" -e "get_eid" 2> /dev/null | tail -3` + echo $RESULT_JSON | grep $EID > /dev/null + if [ $? -eq 0 ]; then + echo "Found card (eID) in reader $PCSC_READER" + return $PCSC_READER + fi + done + fi + + # Search for card with the given ICCID if [ -z "$ICCID" ]; then echo "invalid ICCID, zero length ICCID is not allowed! -- abort" exit 1 fi - - PCSC_READER_COUNT=`pcsc_scan -rn | wc -l` for PCSC_READER in $(seq 0 $(($PCSC_READER_COUNT-1))); do - echo "probing card in reader $PCSC_READER ..." - EF_ICCID_DECODED=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e 'select EF.ICCID' -e 'read_binary_decoded --oneline' 2> /dev/null | tail -1` - echo $EF_ICCID_DECODED | grep $ICCID > /dev/null + echo "probing card (ICCID) in reader $PCSC_READER ..." + RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select EF.ICCID" -e "read_binary_decoded" 2> /dev/null | tail -3` + echo $RESULT_JSON | grep $ICCID > /dev/null if [ $? -eq 0 ]; then - echo "Found card in reader $PCSC_READER" + echo "Found card (by ICCID) in reader $PCSC_READER" return $PCSC_READER fi done - echo "Card with ICCID \"$ICCID\" not found -- abort" + echo "Card not found -- abort" exit 1 } +function enable_profile { + PCSC_READER=$1 + ICCID=$2 + EID=$3 + if [ -z "$EID" ]; then + # This is no eUICC, nothing to enable + return 0 + fi + + # Check if the profile is already enabled + RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select EF.ICCID" -e "read_binary_decoded" 2> /dev/null | tail -3` + ICCID_ENABLED=`echo $RESULT_JSON | jq -r '.iccid'` + if [ $ICCID != $ICCID_ENABLED ]; then + # Disable the currentle enabled profile + echo "" + echo "Disabeling currently enabled profile:" + echo "ICCID: \"$ICCID\"" + RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select ADF.ISD-R" -e "disable_profile --iccid $ICCID_ENABLED" 2> /dev/null | tail -3` + echo $RESULT_JSON | grep "ok" > /dev/null + if [ $? -ne 0 ]; then + echo "unable to disable profile with \"$ICCID_ENABLED\"" + exit 1 + fi + echo "profile disabled" + + # Enable the profile we intend to test with + echo "" + echo "Enabeling profile:" + echo "ICCID: \"$ICCID\"" + RESULT_JSON=`$PYSIM_SHELL -p $PCSC_READER --noprompt -e "select ADF.ISD-R" -e "enable_profile --iccid $ICCID" 2> /dev/null | tail -3` + echo $RESULT_JSON | grep "ok\|profileNotInDisabledState" > /dev/null + if [ $? -ne 0 ]; then + echo "unable to enable profile with \"$ICCID\"" + exit 1 + fi + echo "profile enabled" + fi +} + export PYTHONPATH=./ echo "pySim-smpp2sim_test - a test program to test pySim-smpp2sim.py" echo "==============================================================" -# TODO: At the moment we can only have one card and one testcase. This is -# sufficient for now. We can extend this later as needed. +TESTCASE_DIR=`dirname $0` +for TEST_CONFIG_FILE in $TESTCASE_DIR/testcase_*.cfg ; do + echo "" + echo "running testcase: $TEST_CONFIG_FILE" + . $TEST_CONFIG_FILE + find_card_by_iccid_or_eid $ICCID $EID + PCSC_READER=$? + enable_profile $PCSC_READER $ICCID $EID + start_smpp_server $PCSC_READER + send_test_request $APDU "$EXPECTED_RESPONSE" + stop_smpp_server + echo "" + echo "testcase ok" + echo "--------------------------------------------------------------" +done -# Read test parameters from config from file -TEST_CONFIG_FILE=${0%.*}.cfg -echo "using config file: $TEST_CONFIG_FILE" -if ! [ -e "$TEST_CONFIG_FILE" ]; then - echo "test configuration file does not exist! -- abort" - exit 1 -fi -. $TEST_CONFIG_FILE - -# Execute testcase -find_card_by_iccid $ICCID -start_smpp_server $? -send_test_request $TAR $APDU "$EXPECTED_RESPONSE" - - - +echo "done." diff --git a/tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg b/tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg new file mode 100644 index 0000000..06405c9 --- /dev/null +++ b/tests/pySim-smpp2sim_test/testcase_3des_cbc2_rfm.cfg @@ -0,0 +1,17 @@ +# Preperation: +# This testcase executes against a sysmoISIM-SJA5 card. For the testcase, the +# key configuration on the card may be used as it is. + +# Card parameter: +ICCID="8949440000001155314" # <-- change to the ICCID of your card! +EID="" +KIC='51D4FC44BCBA7C4589DFADA3297720AF' # <-- change to the KIC1 of your card! +KID='0449699C472CE71E2FB7B56245EF7684' # <-- change to the KID1 of your card! +KEY_INDEX=1 +ALGO_CRYPT=triple_des_cbc2 +ALGO_AUTH=triple_des_cbc2 +TAR='B00010' + +# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response +APDU='A0A40000027F20A0C0000016' +EXPECTED_RESPONSE='0000ffff7f2002000000000009b106350400838a838a 9000' diff --git a/tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg b/tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg new file mode 100644 index 0000000..968c1be --- /dev/null +++ b/tests/pySim-smpp2sim_test/testcase_aes128_cbc_cmac_rfm.cfg @@ -0,0 +1,19 @@ +# Preperation: +# This testcase executes against a sysmoEUICC1-C2T, which is equipped with the +# TS48V1-B-UNIQUE test profile from https://test.rsp.sysmocom.de/ (Activation +# code: 1$smdpp.test.rsp.sysmocom.de$TS48V1-B-UNIQUE). This testprofile must be +# present on the eUICC before this testcase can be executed. + +# Card parameter: +ICCID="8949449999999990031" +EID="89049044900000000000000000102355" # <-- change to the EID of your card! +KIC='66778899aabbccdd1122334455eeff10' +KID='112233445566778899aabbccddeeff10' +KEY_INDEX=2 +ALGO_CRYPT=aes_cbc +ALGO_AUTH=aes_cmac +TAR='b00120' + +# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response +APDU='00a40004022fe200C000001d' +EXPECTED_RESPONSE='621b8202412183022fe2a503d001408a01058b032f06038002000a8800 9000' \ No newline at end of file diff --git a/tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg b/tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg new file mode 100644 index 0000000..5592715 --- /dev/null +++ b/tests/pySim-smpp2sim_test/testcase_aes256_cbc_cmac_rfm.cfg @@ -0,0 +1,28 @@ +# Preperation: +# This testcase executes against a sysmoISIM-SJA5 card. Since this card model is +# shipped with a classic DES key configuration, it is necessary to provision +# AES128 test keys before this testcase may be executed. The the following +# pySim-shell command sequence may be used: +# +# verify_adm 34173960 # <-- change to the ADM key of your card! +# select /DF.SYSTEM/EF.0348_KEY +# update_record 10 fe03601111111111111111111111111111111111111111111111111111111111111111 +# update_record 11 fe03612222222222222222222222222222222222222222222222222222222222222222 +# update_record 12 fe03623333333333333333333333333333333333333333333333333333333333333333 +# +# This overwrites one of the already existing 3DES SCP02 key (KVN 47) and replaces it +# with an AES256 SCP80 key (KVN 3). + +# Card parameter: +ICCID="8949440000001155314" # <-- change to the ICCID of your card! +EID="" +KIC='1111111111111111111111111111111111111111111111111111111111111111' +KID='2222222222222222222222222222222222222222222222222222222222222222' +KEY_INDEX=3 +ALGO_CRYPT=aes_cbc +ALGO_AUTH=aes_cmac +TAR='B00010' + +# Testcase: Send OTA-SMS that selects DF.GSM and returns the select response +APDU='A0A40000027F20A0C0000016' +EXPECTED_RESPONSE='0000ffff7f2002000000000009b106350400838a838a 9000' -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42189?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I1f10504f3a29a8c74a17991632d932819fecfa5a Gerrit-Change-Number: 42189 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <[email protected]>
