From 592bb33b51f8bd24736b81f6f70c33c15afd0299 Mon Sep 17 00:00:00 2001 From: septs Date: Tue, 10 Dec 2024 19:10:04 +0800 Subject: [PATCH 01/11] refactor: certificate issuer detecting --- .../angry/openeuicc/ui/EuiccInfoActivity.kt | 29 ++++++++----------- app-common/src/main/res/values/strings.xml | 6 ++-- .../lpac_jni/impl/RootCertificates.kt | 21 ++++++++++++-- 3 files changed, 35 insertions(+), 21 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt index bb1d5b6..6718ada 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt @@ -18,13 +18,12 @@ import im.angry.openeuicc.common.R import im.angry.openeuicc.core.EuiccChannel import im.angry.openeuicc.util.* import kotlinx.coroutines.launch -import net.typeblog.lpac_jni.impl.DEFAULT_PKID_GSMA_RSP2_ROOT_CI1 +import net.typeblog.lpac_jni.impl.PKID_GSMA_LIVE_CI import net.typeblog.lpac_jni.impl.PKID_GSMA_TEST_CI class EuiccInfoActivity : BaseEuiccAccessActivity() { companion object { private val YES_NO = Pair(R.string.yes, R.string.no) - private val SUPPORTED_UNSUPPORTED = Pair(R.string.supported, R.string.unsupported) } private lateinit var swipeRefresh: SwipeRefreshLayout @@ -103,21 +102,17 @@ class EuiccInfoActivity : BaseEuiccAccessActivity() { add(Pair(R.string.euicc_info_free_nvram, info?.freeNvram?.let(::formatFreeSpace))) } channel.lpa.euiccInfo2?.euiccCiPKIdListForSigning.orEmpty().let { signers -> - add( - Pair( - R.string.euicc_info_gsma_prod, - formatByBoolean( - signers.contains(DEFAULT_PKID_GSMA_RSP2_ROOT_CI1), - SUPPORTED_UNSUPPORTED - ) - ) - ) - add( - Pair( - R.string.euicc_info_gsma_test, - formatByBoolean(PKID_GSMA_TEST_CI.any(signers::contains), SUPPORTED_UNSUPPORTED) - ) - ) + // SGP.28 v1.0, eSIM CI Registration Criteria (Page 5 of 9, 2019-10-24) + // https://www.gsma.com/newsroom/wp-content/uploads/SGP.28-v1.0.pdf + // FS.27 v2.0, Security Guidelines for UICC Profiles (Page 25 of 27, 2024-01-30) + // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2020/12/FS.27-Security-Guidelines-for-UICC-Profiles-v2.0.pdf#page=25 + val resId = when { + signers.isEmpty() -> R.string.euicc_info_ci_not_mp + PKID_GSMA_LIVE_CI.any(signers::contains) -> R.string.euicc_info_ci_gsma_live + PKID_GSMA_TEST_CI.any(signers::contains) -> R.string.euicc_info_ci_gsma_test + else -> R.string.unknown + } + add(Pair(R.string.euicc_info_ci_type, getString(resId))) } } diff --git a/app-common/src/main/res/values/strings.xml b/app-common/src/main/res/values/strings.xml index 4a9f529..bfd6ad1 100644 --- a/app-common/src/main/res/values/strings.xml +++ b/app-common/src/main/res/values/strings.xml @@ -120,8 +120,10 @@ SAS Accreditation Number Protected Profile Version Free NVRAM (eSIM profile storage) - GSMA Production Certificate - GSMA Test Certificate + Certificate Issuer + This eUICC card is not in mass production + GSMA Live CI + GSMA Test CI Supported Unsupported diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt index 82c443f..9462b47 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt @@ -7,8 +7,25 @@ import java.security.cert.CertificateFactory const val DEFAULT_PKID_GSMA_RSP2_ROOT_CI1 = "81370f5125d0b1d408d4c3b232e6d25e795bebfb" -val PKID_GSMA_TEST_CI = - arrayOf("34eecf13156518d48d30bdf06853404d115f955d", "2209f61cd9ec5c9c854e787341ff83ecf9776a5b") +// SGP.28 v1.0, eSIM CI Registration Criteria (Page 5 of 9, 2019-10-24) +// https://www.gsma.com/newsroom/wp-content/uploads/SGP.28-v1.0.pdf +// FS.27 v2.0, Security Guidelines for UICC Profiles (Page 25 of 27, 2024-01-30) +// https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2020/12/FS.27-Security-Guidelines-for-UICC-Profiles-v2.0.pdf#page=25 + +val PKID_GSMA_LIVE_CI = arrayOf( + // GSMA RSP2 Root CI1 (SGP.22 v2+v3, CA: DigiCert) + // https://euicc-manual.osmocom.org/docs/pki/ci/files/81370f.txt + DEFAULT_PKID_GSMA_RSP2_ROOT_CI1, +) + +val PKID_GSMA_TEST_CI = arrayOf( + // Test CI (SGP.26, NIST P256) + // https://euicc-manual.osmocom.org/docs/pki/ci/files/34eecf.txt + "34eecf13156518d48d30bdf06853404d115f955d", + // Test CI (SGP.26, BRP P256r1) + // https://euicc-manual.osmocom.org/docs/pki/ci/files/2209f6.txt + "2209f61cd9ec5c9c854e787341ff83ecf9776a5b", +) private fun getCertificate(keyId: String): Certificate? = KNOWN_CI_CERTS[keyId]?.toByteArray()?.let { cert -> -- 2.45.3 From d4bbe4aebf7652f4a06b74958ef7e7afe0e1cf12 Mon Sep 17 00:00:00 2001 From: septs Date: Tue, 10 Dec 2024 19:36:17 +0800 Subject: [PATCH 02/11] feat: unknown ci as independent ci --- .../src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt | 4 ++-- app-common/src/main/res/values/strings.xml | 5 +++-- .../main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt index 6718ada..d60309f 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt @@ -103,14 +103,14 @@ class EuiccInfoActivity : BaseEuiccAccessActivity() { } channel.lpa.euiccInfo2?.euiccCiPKIdListForSigning.orEmpty().let { signers -> // SGP.28 v1.0, eSIM CI Registration Criteria (Page 5 of 9, 2019-10-24) - // https://www.gsma.com/newsroom/wp-content/uploads/SGP.28-v1.0.pdf + // https://www.gsma.com/newsroom/wp-content/uploads/SGP.28-v1.0.pdf#page=5 // FS.27 v2.0, Security Guidelines for UICC Profiles (Page 25 of 27, 2024-01-30) // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2020/12/FS.27-Security-Guidelines-for-UICC-Profiles-v2.0.pdf#page=25 val resId = when { signers.isEmpty() -> R.string.euicc_info_ci_not_mp PKID_GSMA_LIVE_CI.any(signers::contains) -> R.string.euicc_info_ci_gsma_live PKID_GSMA_TEST_CI.any(signers::contains) -> R.string.euicc_info_ci_gsma_test - else -> R.string.unknown + else -> R.string.euicc_info_ci_independent } add(Pair(R.string.euicc_info_ci_type, getString(resId))) } diff --git a/app-common/src/main/res/values/strings.xml b/app-common/src/main/res/values/strings.xml index bfd6ad1..1dded3c 100644 --- a/app-common/src/main/res/values/strings.xml +++ b/app-common/src/main/res/values/strings.xml @@ -122,8 +122,9 @@ Free NVRAM (eSIM profile storage) Certificate Issuer This eUICC card is not in mass production - GSMA Live CI - GSMA Test CI + GSMA Live CI + GSMA Test CI + Independent eSIM CA Supported Unsupported diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt index 9462b47..ba92119 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt @@ -8,7 +8,7 @@ import java.security.cert.CertificateFactory const val DEFAULT_PKID_GSMA_RSP2_ROOT_CI1 = "81370f5125d0b1d408d4c3b232e6d25e795bebfb" // SGP.28 v1.0, eSIM CI Registration Criteria (Page 5 of 9, 2019-10-24) -// https://www.gsma.com/newsroom/wp-content/uploads/SGP.28-v1.0.pdf +// https://www.gsma.com/newsroom/wp-content/uploads/SGP.28-v1.0.pdf#page=5 // FS.27 v2.0, Security Guidelines for UICC Profiles (Page 25 of 27, 2024-01-30) // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2020/12/FS.27-Security-Guidelines-for-UICC-Profiles-v2.0.pdf#page=25 -- 2.45.3 From c887d2be0241dda9574faa92f60a0bf0ca039696 Mon Sep 17 00:00:00 2001 From: septs Date: Tue, 10 Dec 2024 20:51:37 +0800 Subject: [PATCH 03/11] fix: compareable euiccinfo2 --- .../src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt | 4 ++-- .../net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt index e69c7ff..d0544fc 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt @@ -9,6 +9,6 @@ data class EuiccInfo2( val ppVersion: String, val freeNvram: Int, val freeRam: Int, - val euiccCiPKIdListForSigning: Array, - val euiccCiPKIdListForVerification: Array, + val euiccCiPKIdListForSigning: Set, + val euiccCiPKIdListForVerification: Set, ) \ No newline at end of file diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt index b617f2b..79bee8e 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt @@ -178,8 +178,8 @@ class LocalProfileAssistantImpl( LpacJni.euiccInfo2GetPpVersion(cInfo), LpacJni.euiccInfo2GetFreeNonVolatileMemory(cInfo).toInt(), LpacJni.euiccInfo2GetFreeVolatileMemory(cInfo).toInt(), - euiccCiPKIdListForSigning.toTypedArray(), - euiccCiPKIdListForVerification.toTypedArray() + euiccCiPKIdListForSigning.toSet(), + euiccCiPKIdListForVerification.toSet() ) LpacJni.euiccInfo2Free(cInfo) -- 2.45.3 From 36f9903abfbea16398f5ec5d03a084f0b332dfc0 Mon Sep 17 00:00:00 2001 From: septs Date: Tue, 10 Dec 2024 20:51:53 +0800 Subject: [PATCH 04/11] chore: update links --- .../src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt | 2 +- .../main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt index d60309f..592e2e1 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt @@ -105,7 +105,7 @@ class EuiccInfoActivity : BaseEuiccAccessActivity() { // SGP.28 v1.0, eSIM CI Registration Criteria (Page 5 of 9, 2019-10-24) // https://www.gsma.com/newsroom/wp-content/uploads/SGP.28-v1.0.pdf#page=5 // FS.27 v2.0, Security Guidelines for UICC Profiles (Page 25 of 27, 2024-01-30) - // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2020/12/FS.27-Security-Guidelines-for-UICC-Profiles-v2.0.pdf#page=25 + // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/01/FS.27-Security-Guidelines-for-UICC-Credentials-v2.0-FINAL-23-July.pdf#page=25 val resId = when { signers.isEmpty() -> R.string.euicc_info_ci_not_mp PKID_GSMA_LIVE_CI.any(signers::contains) -> R.string.euicc_info_ci_gsma_live diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt index ba92119..3de036c 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt @@ -10,7 +10,7 @@ const val DEFAULT_PKID_GSMA_RSP2_ROOT_CI1 = "81370f5125d0b1d408d4c3b232e6d25e795 // SGP.28 v1.0, eSIM CI Registration Criteria (Page 5 of 9, 2019-10-24) // https://www.gsma.com/newsroom/wp-content/uploads/SGP.28-v1.0.pdf#page=5 // FS.27 v2.0, Security Guidelines for UICC Profiles (Page 25 of 27, 2024-01-30) -// https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2020/12/FS.27-Security-Guidelines-for-UICC-Profiles-v2.0.pdf#page=25 +// https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/01/FS.27-Security-Guidelines-for-UICC-Credentials-v2.0-FINAL-23-July.pdf#page=25 val PKID_GSMA_LIVE_CI = arrayOf( // GSMA RSP2 Root CI1 (SGP.22 v2+v3, CA: DigiCert) -- 2.45.3 From 09269836e46909557df9a6b43bec5642a5cbc043 Mon Sep 17 00:00:00 2001 From: septs Date: Tue, 10 Dec 2024 21:04:43 +0800 Subject: [PATCH 05/11] feat: add new ci supports --- .../typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt | 4 ++-- .../java/net/typeblog/lpac_jni/impl/RootCertificates.kt | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt index 79bee8e..d0cba41 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt @@ -83,8 +83,8 @@ class LocalProfileAssistantImpl( throw IllegalArgumentException("Failed to initialize LPA") } - val pkids = euiccInfo2?.euiccCiPKIdListForVerification ?: arrayOf() - httpInterface.usePublicKeyIds(pkids) + val pkids = euiccInfo2?.euiccCiPKIdListForVerification ?: setOf() + httpInterface.usePublicKeyIds(pkids.toTypedArray()) } override fun setEs10xMss(mss: Byte) { diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt index 3de036c..e48ae8a 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt @@ -13,9 +13,14 @@ const val DEFAULT_PKID_GSMA_RSP2_ROOT_CI1 = "81370f5125d0b1d408d4c3b232e6d25e795 // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/01/FS.27-Security-Guidelines-for-UICC-Credentials-v2.0-FINAL-23-July.pdf#page=25 val PKID_GSMA_LIVE_CI = arrayOf( + // see https://www.gsma.com/solutions-and-impact/technologies/esim/gsma-root-ci/ + // // GSMA RSP2 Root CI1 (SGP.22 v2+v3, CA: DigiCert) // https://euicc-manual.osmocom.org/docs/pki/ci/files/81370f.txt DEFAULT_PKID_GSMA_RSP2_ROOT_CI1, + // OISITE GSMA CI G1 (SGP.22 v2+v3, CA: WISeKey) + // https://euicc-manual.osmocom.org/docs/pki/ci/files/4c2796.txt + "4c27967ad20c14b391e9601e41e604ad57c0222f", ) val PKID_GSMA_TEST_CI = arrayOf( @@ -77,7 +82,7 @@ internal val KNOWN_CI_CERTS = hashMapOf( -----END CERTIFICATE----- """.trimIndent(), // OISITE GSMA CI G1 (CA: WISeKey) - // Specs: SGP.21 and SGP.22 version 3 + // Specs: SGP.21 and SGP.22 version 2 and version 3 "4c27967ad20c14b391e9601e41e604ad57c0222f" to """ -----BEGIN CERTIFICATE----- MIIB9zCCAZ2gAwIBAgIUSpBSCCDYPOEG/IFHUCKpZ2pIAQMwCgYIKoZIzj0EAwIw -- 2.45.3 From 105d6af334c31f312bacc0eec6d239536983b96a Mon Sep 17 00:00:00 2001 From: septs Date: Tue, 10 Dec 2024 21:08:06 +0800 Subject: [PATCH 06/11] chore: update comments --- .../main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt index e48ae8a..d340cfc 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt @@ -13,6 +13,7 @@ const val DEFAULT_PKID_GSMA_RSP2_ROOT_CI1 = "81370f5125d0b1d408d4c3b232e6d25e795 // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/01/FS.27-Security-Guidelines-for-UICC-Credentials-v2.0-FINAL-23-July.pdf#page=25 val PKID_GSMA_LIVE_CI = arrayOf( + // List of GSMA Live CIs // see https://www.gsma.com/solutions-and-impact/technologies/esim/gsma-root-ci/ // // GSMA RSP2 Root CI1 (SGP.22 v2+v3, CA: DigiCert) @@ -24,6 +25,9 @@ val PKID_GSMA_LIVE_CI = arrayOf( ) val PKID_GSMA_TEST_CI = arrayOf( + // SGP.26 v3.0, 2023-12-01 + // see https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2023/12/SGP.26-v3.0.pdf + // // Test CI (SGP.26, NIST P256) // https://euicc-manual.osmocom.org/docs/pki/ci/files/34eecf.txt "34eecf13156518d48d30bdf06853404d115f955d", -- 2.45.3 From 56cc11308176103e36b7469b28583ca609928631 Mon Sep 17 00:00:00 2001 From: septs Date: Tue, 10 Dec 2024 21:23:22 +0800 Subject: [PATCH 07/11] chore: update comments --- .../net/typeblog/lpac_jni/impl/RootCertificates.kt | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt index d340cfc..cfd5779 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/RootCertificates.kt @@ -12,10 +12,9 @@ const val DEFAULT_PKID_GSMA_RSP2_ROOT_CI1 = "81370f5125d0b1d408d4c3b232e6d25e795 // FS.27 v2.0, Security Guidelines for UICC Profiles (Page 25 of 27, 2024-01-30) // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/01/FS.27-Security-Guidelines-for-UICC-Credentials-v2.0-FINAL-23-July.pdf#page=25 +// List of GSMA Live CIs +// https://www.gsma.com/solutions-and-impact/technologies/esim/gsma-root-ci/ val PKID_GSMA_LIVE_CI = arrayOf( - // List of GSMA Live CIs - // see https://www.gsma.com/solutions-and-impact/technologies/esim/gsma-root-ci/ - // // GSMA RSP2 Root CI1 (SGP.22 v2+v3, CA: DigiCert) // https://euicc-manual.osmocom.org/docs/pki/ci/files/81370f.txt DEFAULT_PKID_GSMA_RSP2_ROOT_CI1, @@ -24,10 +23,9 @@ val PKID_GSMA_LIVE_CI = arrayOf( "4c27967ad20c14b391e9601e41e604ad57c0222f", ) +// SGP.26 v3.0, 2023-12-01 +// https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2023/12/SGP.26-v3.0.pdf val PKID_GSMA_TEST_CI = arrayOf( - // SGP.26 v3.0, 2023-12-01 - // see https://www.gsma.com/solutions-and-impact/technologies/esim/wp-content/uploads/2023/12/SGP.26-v3.0.pdf - // // Test CI (SGP.26, NIST P256) // https://euicc-manual.osmocom.org/docs/pki/ci/files/34eecf.txt "34eecf13156518d48d30bdf06853404d115f955d", -- 2.45.3 From bd57bebbb45f46e630063549532beea4c62fa953 Mon Sep 17 00:00:00 2001 From: septs Date: Wed, 11 Dec 2024 07:33:11 +0800 Subject: [PATCH 08/11] chore: update --- .../src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt | 2 +- app-common/src/main/res/values/strings.xml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt index 592e2e1..562292b 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt @@ -107,7 +107,7 @@ class EuiccInfoActivity : BaseEuiccAccessActivity() { // FS.27 v2.0, Security Guidelines for UICC Profiles (Page 25 of 27, 2024-01-30) // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/01/FS.27-Security-Guidelines-for-UICC-Credentials-v2.0-FINAL-23-July.pdf#page=25 val resId = when { - signers.isEmpty() -> R.string.euicc_info_ci_not_mp + signers.isEmpty() -> R.string.unknown // the case is not pm, but it's is not common PKID_GSMA_LIVE_CI.any(signers::contains) -> R.string.euicc_info_ci_gsma_live PKID_GSMA_TEST_CI.any(signers::contains) -> R.string.euicc_info_ci_gsma_test else -> R.string.euicc_info_ci_independent diff --git a/app-common/src/main/res/values/strings.xml b/app-common/src/main/res/values/strings.xml index 1dded3c..6cce3e6 100644 --- a/app-common/src/main/res/values/strings.xml +++ b/app-common/src/main/res/values/strings.xml @@ -121,7 +121,6 @@ Protected Profile Version Free NVRAM (eSIM profile storage) Certificate Issuer - This eUICC card is not in mass production GSMA Live CI GSMA Test CI Independent eSIM CA -- 2.45.3 From 8028f82e5f93288615fdfac0d5eb920c3a6abc9d Mon Sep 17 00:00:00 2001 From: septs Date: Wed, 11 Dec 2024 11:18:33 +0800 Subject: [PATCH 09/11] chore: remove (un)supported pair --- app-common/src/main/res/values/strings.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/app-common/src/main/res/values/strings.xml b/app-common/src/main/res/values/strings.xml index 6cce3e6..1a2a85c 100644 --- a/app-common/src/main/res/values/strings.xml +++ b/app-common/src/main/res/values/strings.xml @@ -125,9 +125,6 @@ GSMA Test CI Independent eSIM CA - Supported - Unsupported - Yes No -- 2.45.3 From 2769428600ee522f4441579a5b61d35a2ef81176 Mon Sep 17 00:00:00 2001 From: septs Date: Wed, 11 Dec 2024 13:01:53 +0800 Subject: [PATCH 10/11] revert --- .../src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt | 4 ++-- .../typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt index d0544fc..e69c7ff 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/EuiccInfo2.kt @@ -9,6 +9,6 @@ data class EuiccInfo2( val ppVersion: String, val freeNvram: Int, val freeRam: Int, - val euiccCiPKIdListForSigning: Set, - val euiccCiPKIdListForVerification: Set, + val euiccCiPKIdListForSigning: Array, + val euiccCiPKIdListForVerification: Array, ) \ No newline at end of file diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt index d0cba41..b617f2b 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/LocalProfileAssistantImpl.kt @@ -83,8 +83,8 @@ class LocalProfileAssistantImpl( throw IllegalArgumentException("Failed to initialize LPA") } - val pkids = euiccInfo2?.euiccCiPKIdListForVerification ?: setOf() - httpInterface.usePublicKeyIds(pkids.toTypedArray()) + val pkids = euiccInfo2?.euiccCiPKIdListForVerification ?: arrayOf() + httpInterface.usePublicKeyIds(pkids) } override fun setEs10xMss(mss: Byte) { @@ -178,8 +178,8 @@ class LocalProfileAssistantImpl( LpacJni.euiccInfo2GetPpVersion(cInfo), LpacJni.euiccInfo2GetFreeNonVolatileMemory(cInfo).toInt(), LpacJni.euiccInfo2GetFreeVolatileMemory(cInfo).toInt(), - euiccCiPKIdListForSigning.toSet(), - euiccCiPKIdListForVerification.toSet() + euiccCiPKIdListForSigning.toTypedArray(), + euiccCiPKIdListForVerification.toTypedArray() ) LpacJni.euiccInfo2Free(cInfo) -- 2.45.3 From cb0959639f258c289de0a2546bf42a8abc6b66a8 Mon Sep 17 00:00:00 2001 From: septs Date: Wed, 11 Dec 2024 15:10:30 +0800 Subject: [PATCH 11/11] fix: typo --- .../src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt index 562292b..854ea74 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/EuiccInfoActivity.kt @@ -107,7 +107,7 @@ class EuiccInfoActivity : BaseEuiccAccessActivity() { // FS.27 v2.0, Security Guidelines for UICC Profiles (Page 25 of 27, 2024-01-30) // https://www.gsma.com/solutions-and-impact/technologies/security/wp-content/uploads/2024/01/FS.27-Security-Guidelines-for-UICC-Credentials-v2.0-FINAL-23-July.pdf#page=25 val resId = when { - signers.isEmpty() -> R.string.unknown // the case is not pm, but it's is not common + signers.isEmpty() -> R.string.unknown // the case is not mp, but it's is not common PKID_GSMA_LIVE_CI.any(signers::contains) -> R.string.euicc_info_ci_gsma_live PKID_GSMA_TEST_CI.any(signers::contains) -> R.string.euicc_info_ci_gsma_test else -> R.string.euicc_info_ci_independent -- 2.45.3