pySim/transport add support for T=1 protocol and fix APDU/TPDU layer conflicts

ETSI TS 102 221, section 7.3 specifies that UICCs (and eUICCs) may support two
different transport protocols: T=0 or T=1 or both. The spec also says that the
terminal must support both protocols.

This patch adds the necessary functionality to support the T=1 protocol
alongside the T=0 protocol. However, this also means that we have to sharpen
the lines between APDUs and TPDUs.

As this patch also touches the low level interface to readers it was also
manually tested with a classic serial reader. Calypso and AT command readers
were not tested.

Change-Id: I8b56d7804a2b4c392f43f8540e0b6e70001a8970
Related: OS#6367

Author: pmaier-sysmo

pySim-read.py

@@ -88,7 +88,7 @@ def select_app(adf: str, card: SimCard):
     scc.sel_ctrl = "0004"
 
     # Testing for Classic SIM or UICC
-    (res, sw) = sl.send_apdu(scc.cla_byte + "a4" + scc.sel_ctrl + "02" + "3f00")
+    (res, sw) = sl.send_apdu(scc.cla_byte + "a4" + scc.sel_ctrl + "02" + "3f00" + "00")
     if sw == '6e00':
         # Just a Classic SIM
         scc.cla_byte = "a0"

pySim-shell.py

@@ -114,6 +114,7 @@ def __init__(self, card, rs, sl, ch, script=None):
         self.conserve_write = True
         self.json_pretty_print = True
         self.apdu_trace = False
+        self.apdu_strict = False
 
         self.add_settable(Settable2Compat('numeric_path', bool, 'Print File IDs instead of names', self,
                                           onchange_cb=self._onchange_numeric_path))
@@ -122,6 +123,9 @@ def __init__(self, card, rs, sl, ch, script=None):
         self.add_settable(Settable2Compat('json_pretty_print', bool, 'Pretty-Print JSON output', self))
         self.add_settable(Settable2Compat('apdu_trace', bool, 'Trace and display APDUs exchanged with card', self,
                                           onchange_cb=self._onchange_apdu_trace))
+        self.add_settable(Settable2Compat('apdu_strict', bool,
+                                          'Enforce APDU responses according to ISO/IEC 7816-3, table 12', self,
+                                          onchange_cb=self._onchange_apdu_strict))
         self.equip(card, rs)
 
     def equip(self, card, rs):
@@ -198,6 +202,13 @@ def _onchange_apdu_trace(self, param_name, old, new):
             else:
                 self.card._scc._tp.apdu_tracer = None
 
+    def _onchange_apdu_strict(self, param_name, old, new):
+        if self.card:
+            if new == True:
+                self.card._scc._tp.apdu_strict = True
+            else:
+                self.card._scc._tp.apdu_strict = False
+
     class Cmd2ApduTracer(ApduTracer):
         def __init__(self, cmd2_app):
             self.cmd2 = cmd2_app

pySim-trace.py

@@ -55,7 +55,7 @@ def __init__(self, debug: bool = False, **kwargs):
     def __str__(self):
         return "dummy"
 
-    def _send_apdu_raw(self, pdu):
+    def _send_apdu(self, pdu):
         #print("DummySimLink-apdu: %s" % pdu)
         return [], '9000'
 

pySim/commands.py

@@ -142,8 +142,9 @@ def send_apdu_constr(self, cla: Hexstr, ins: Hexstr, p1: Hexstr, p2: Hexstr, cmd
                 Tuple of (decoded_data, sw)
         """
         cmd = cmd_constr.build(cmd_data) if cmd_data else ''
-        p3 = i2h([len(cmd)])
-        pdu = ''.join([cla, ins, p1, p2, p3, b2h(cmd)])
+        lc = i2h([len(cmd)]) if cmd_data else ''
+        le = '00' if resp_constr else ''
+        pdu = ''.join([cla, ins, p1, p2, lc, b2h(cmd), le])
         (data, sw) = self.send_apdu(pdu, apply_lchan = apply_lchan)
         if data:
             # filter the resulting dict to avoid '_io' members inside
@@ -247,7 +248,7 @@ def try_select_path(self, dir_list: List[Hexstr]) -> List[ResTuple]:
         if not isinstance(dir_list, list):
             dir_list = [dir_list]
         for i in dir_list:
-            data, sw = self.send_apdu(self.cla_byte + "a4" + self.sel_ctrl + "02" + i)
+            data, sw = self.send_apdu(self.cla_byte + "a4" + self.sel_ctrl + "02" + i + "00")
             rv.append((data, sw))
             if sw != '9000':
                 return rv
@@ -277,11 +278,11 @@ def select_file(self, fid: Hexstr) -> ResTuple:
                 fid : file identifier as hex string
         """
 
-        return self.send_apdu_checksw(self.cla_byte + "a4" + self.sel_ctrl + "02" + fid)
+        return self.send_apdu_checksw(self.cla_byte + "a4" + self.sel_ctrl + "02" + fid + "00")
 
     def select_parent_df(self) -> ResTuple:
         """Execute SELECT to switch to the parent DF """
-        return self.send_apdu_checksw(self.cla_byte + "a4030400")
+        return self.send_apdu_checksw(self.cla_byte + "a40304")
 
     def select_adf(self, aid: Hexstr) -> ResTuple:
         """Execute SELECT a given Applicaiton ADF.
@@ -291,7 +292,7 @@ def select_adf(self, aid: Hexstr) -> ResTuple:
         """
 
         aidlen = ("0" + format(len(aid) // 2, 'x'))[-2:]
-        return self.send_apdu_checksw(self.cla_byte + "a4" + "0404" + aidlen + aid)
+        return self.send_apdu_checksw(self.cla_byte + "a4" + "0404" + aidlen + aid + "00")
 
     def read_binary(self, ef: Path, length: int = None, offset: int = 0) -> ResTuple:
         """Execute READD BINARY.
@@ -494,9 +495,9 @@ def binary_size(self, ef: Path) -> int:
     # TS 102 221 Section 11.3.1 low-level helper
     def _retrieve_data(self, tag: int, first: bool = True) -> ResTuple:
         if first:
-            pdu = '80cb008001%02x' % (tag)
+            pdu = '80cb008001%02x00' % (tag)
         else:
-            pdu = '80cb000000'
+            pdu = '80cb0000'
         return self.send_apdu_checksw(pdu)
 
     def retrieve_data(self, ef: Path, tag: int) -> ResTuple:
@@ -569,7 +570,7 @@ def run_gsm(self, rand: Hexstr) -> ResTuple:
         if len(rand) != 32:
             raise ValueError('Invalid rand')
         self.select_path(['3f00', '7f20'])
-        return self.send_apdu_checksw('a088000010' + rand, sw='9000')
+        return self.send_apdu_checksw('a088000010' + rand + '00', sw='9000')
 
     def authenticate(self, rand: Hexstr, autn: Hexstr, context: str = '3g') -> ResTuple:
         """Execute AUTHENTICATE (USIM/ISIM).
@@ -602,7 +603,7 @@ def authenticate(self, rand: Hexstr, autn: Hexstr, context: str = '3g') -> ResTu
 
     def status(self) -> ResTuple:
         """Execute a STATUS command as per TS 102 221 Section 11.1.2."""
-        return self.send_apdu_checksw('80F2000000')
+        return self.send_apdu_checksw('80F20000')
 
     def deactivate_file(self) -> ResTuple:
         """Execute DECATIVATE FILE command as per TS 102 221 Section 11.1.14."""
@@ -651,7 +652,7 @@ def manage_channel(self, mode: str = 'open', lchan_nr: int =0) -> ResTuple:
             p1 = 0x80
         else:
             p1 = 0x00
-        pdu = self.cla_byte + '70%02x%02x00' % (p1, lchan_nr)
+        pdu = self.cla_byte + '70%02x%02x' % (p1, lchan_nr)
         return self.send_apdu_checksw(pdu)
 
     def reset_card(self) -> Hexstr:

pySim/euicc.py

@@ -332,7 +332,7 @@ def __init__(self):
     def store_data(scc: SimCardCommands, tx_do: Hexstr, exp_sw: SwMatchstr ="9000") -> Tuple[Hexstr, SwHexstr]:
         """Perform STORE DATA according to Table 47+48 in Section 5.7.2 of SGP.22.
         Only single-block store supported for now."""
-        capdu = '80E29100%02x%s' % (len(tx_do)//2, tx_do)
+        capdu = '80E29100%02x%s00' % (len(tx_do)//2, tx_do)
         return scc.send_apdu_checksw(capdu, exp_sw)
 
     @staticmethod

pySim/global_platform/__init__.py

@@ -580,7 +580,7 @@ def store_data(self, data: bytes, structure:str = 'none', encryption:str = 'none
                                       {'last_block': len(remainder) == 0, 'encryption': encryption,
                                        'structure': structure, 'response': response_permitted})
                 hdr = "80E2%02x%02x%02x" % (p1b[0], block_nr, len(chunk))
-                data, _sw = self._cmd.lchan.scc.send_apdu_checksw(hdr + b2h(chunk))
+                data, _sw = self._cmd.lchan.scc.send_apdu_checksw(hdr + b2h(chunk) + "00")
                 block_nr += 1
                 response += data
             return data
@@ -646,7 +646,7 @@ def put_key(self, old_kvn:int, kvn: int, kid: int, key_dict: dict) -> bytes:
             See GlobalPlatform CardSpecification v2.3 Section 11.8 for details."""
             key_data = kvn.to_bytes(1, 'big') + build_construct(ADF_SD.AddlShellCommands.KeyDataBasic, key_dict)
             hdr = "80D8%02x%02x%02x" % (old_kvn, kid, len(key_data))
-            data, _sw = self._cmd.lchan.scc.send_apdu_checksw(hdr + b2h(key_data))
+            data, _sw = self._cmd.lchan.scc.send_apdu_checksw(hdr + b2h(key_data) + "00")
             return data
 
         get_status_parser = argparse.ArgumentParser()
@@ -671,7 +671,7 @@ def get_status(self, subset:str, aid_search_qualifier:Hexstr = '') -> List[GpReg
             grd_list = []
             while True:
                 hdr = "80F2%s%02x%02x" % (subset_hex, p2, len(cmd_data))
-                data, sw = self._cmd.lchan.scc.send_apdu(hdr + b2h(cmd_data))
+                data, sw = self._cmd.lchan.scc.send_apdu(hdr + b2h(cmd_data) + "00")
                 remainder = h2b(data)
                 while len(remainder):
                     # tlv sequence, each element is one GpRegistryRelatedData()
@@ -752,7 +752,7 @@ def do_install_for_install(self, opts):
             self.install(p1, 0x00, b2h(ifi_bytes))
 
         def install(self, p1:int, p2:int, data:Hexstr) -> ResTuple:
-            cmd_hex = "80E6%02x%02x%02x%s" % (p1, p2, len(data)//2, data)
+            cmd_hex = "80E6%02x%02x%02x%s00" % (p1, p2, len(data)//2, data)
             return self._cmd.lchan.scc.send_apdu_checksw(cmd_hex)
 
         del_cc_parser = argparse.ArgumentParser()

pySim/global_platform/scp.py

@@ -24,7 +24,7 @@
 from construct import Optional as COptional
 from osmocom.utils import b2h
 from osmocom.tlv import bertlv_parse_len, bertlv_encode_len
-
+from pySim.utils import parse_command_apdu
 from pySim.secure_channel import SecureChannel
 
 logger = logging.getLogger(__name__)
@@ -248,7 +248,7 @@ def _compute_cryptograms(self, card_challenge: bytes, host_challenge: bytes):
     def gen_init_update_apdu(self, host_challenge: bytes = b'\x00'*8) -> bytes:
         """Generate INITIALIZE UPDATE APDU."""
         self.host_challenge = host_challenge
-        return bytes([self._cla(), INS_INIT_UPDATE, self.card_keys.kvn, 0, 8]) + self.host_challenge
+        return bytes([self._cla(), INS_INIT_UPDATE, self.card_keys.kvn, 0, 8]) + self.host_challenge + b'\x00'
 
     def parse_init_update_resp(self, resp_bin: bytes):
         """Parse response to INITIALZIE UPDATE."""
@@ -280,9 +280,13 @@ def _wrap_cmd_apdu(self, apdu: bytes, *args, **kwargs) -> bytes:
         if not self.do_cmac:
             return apdu
 
-        lc = len(apdu) - 5
-        assert len(apdu) >= 5, "Wrong APDU length: %d" % len(apdu)
-        assert len(apdu) == 5 or apdu[4] == lc, "Lc differs from length of data: %d vs %d" % (apdu[4], lc)
+        (case, lc, le, data) = parse_command_apdu(apdu)
+
+        # TODO: add support for extended length fields.
+        assert lc <= 256
+        assert le <= 256
+        lc &= 0xFF
+        le &= 0xFF
 
         # CLA without log. channel can be 80 or 00 only
         cla = apdu[0]
@@ -298,16 +302,25 @@ def _wrap_cmd_apdu(self, apdu: bytes, *args, **kwargs) -> bytes:
             # CMAC on modified APDU
             mlc = lc + 8
             clac = cla | CLA_SM
-        mac = self.sk.calc_mac_1des(bytes([clac]) + apdu[1:4] + bytes([mlc]) + apdu[5:])
+        mac = self.sk.calc_mac_1des(bytes([clac]) + apdu[1:4] + bytes([mlc]) + data)
         if self.do_cenc:
             k = DES3.new(self.sk.enc, DES.MODE_CBC, b'\x00'*8)
-            data = k.encrypt(pad80(apdu[5:], 8))
+            data = k.encrypt(pad80(data, 8))
             lc = len(data)
-        else:
-            data = apdu[5:]
 
         lc += 8
         apdu = bytes([self._cla(True, b8)]) + apdu[1:4] + bytes([lc]) + data + mac
+
+        # Since we attach a signature, we will always send some data. This means that if the APDU is of case #4
+        # or case #2, we must attach an additional Le byte to signal that we expect a response. It is technically
+        # legal to use 0x00 (=256) as Le byte, even when the caller has specified a different value in the original
+        # APDU. This is due to the fact that Le always describes the maximum expected length of the response
+        # (see also ISO/IEC 7816-4, section 5.1). In addition to that, it should also important that depending on
+        # the configuration of the SCP, the response may also contain a signature that makes the response larger
+        # than specified in the Le field of the original APDU.
+        if case == 4 or case == 2:
+            apdu += b'\x00'
+
         return apdu
 
     def unwrap_rsp_apdu(self, sw: bytes, rsp_apdu: bytes) -> bytes:
@@ -454,7 +467,7 @@ def gen_init_update_apdu(self, host_challenge: Optional[bytes] = None) -> bytes:
         if len(host_challenge) != self.s_mode:
             raise ValueError('Host Challenge must be %u bytes long' % self.s_mode)
         self.host_challenge = host_challenge
-        return bytes([self._cla(), INS_INIT_UPDATE, self.card_keys.kvn, 0, len(host_challenge)]) + host_challenge
+        return bytes([self._cla(), INS_INIT_UPDATE, self.card_keys.kvn, 0, len(host_challenge)]) + host_challenge + b'\x00'
 
     def parse_init_update_resp(self, resp_bin: bytes):
         """Parse response to INITIALIZE UPDATE."""
@@ -489,12 +502,16 @@ def _wrap_cmd_apdu(self, apdu: bytes, skip_cenc: bool = False) -> bytes:
         ins = apdu[1]
         p1 = apdu[2]
         p2 = apdu[3]
-        lc = apdu[4]
-        assert lc == len(apdu) - 5
-        cmd_data = apdu[5:]
+        (case, lc, le, cmd_data) = parse_command_apdu(apdu)
+
+        # TODO: add support for extended length fields.
+        assert lc <= 256
+        assert le <= 256
+        lc &= 0xFF
+        le &= 0xFF
 
         if self.do_cenc and not skip_cenc:
-            if lc == 0:
+            if case <= 2:
                 # No encryption shall be applied to a command where there is no command data field. In this
                 # case, the encryption counter shall still be incremented
                 self.sk.block_nr += 1
@@ -519,6 +536,11 @@ def _wrap_cmd_apdu(self, apdu: bytes, skip_cenc: bool = False) -> bytes:
         apdu = bytes([mcla, ins, p1, p2, mlc]) + cmd_data
         cmac = self.sk.calc_cmac(apdu)
         apdu += cmac[:self.s_mode]
+
+        # See comment in SCP03._wrap_cmd_apdu()
+        if case == 4 or case == 2:
+            apdu += b'\x00'
+
         return apdu
 
     def unwrap_rsp_apdu(self, sw: bytes, rsp_apdu: bytes) -> bytes: