sim-rest-server

Sometimes there are use cases where a [remote] application will need access to a USIM for authentication purposes. This is, for example, in case an IMS test client needs to perform USIM based authentication against an IMS core.

The pysim repository contains two programs: sim-rest-server.py and sim-rest-client.py that implement a simple approach to achieve the above:

sim-rest-server.py speaks to a [usually local] USIM via the PC/SC API and provides a high-level REST API towards [local or remote] applications that wish to perform UMTS AKA using the USIM.

sim-rest-client.py implements a small example client program to illustrate how the REST API provided by sim-rest-server.py can be used.

REST API Calls

POST /sim-auth-api/v1/slot/SLOT_NR

where SLOT_NR is the integer-encoded slot number (corresponds to PC/SC reader number). When using a single sysmoOCTSIM board, this is in the range of 0..7

Example: /sim-auth-api/v1/slot/0 for the first slot.

Request Body

The request body is a JSON document, comprising of

  1. the RAND and AUTN parameters as hex-encoded string

  2. the application against which to authenticate (USIM, ISIM)

Example:

{
    "rand": "bb685a4b2fc4d697b9d6a129dd09a091",
    "autn": "eea7906f8210000004faf4a7df279b56"
}

HTTP Status Codes

HTTP status codes are used to represent errors within the REST server and the SIM reader hardware. They are not used to communicate protocol level errors reported by the SIM Card. An unsuccessful authentication will hence have a 200 OK HTTP Status code and then encode the SIM specific error information in the Response Body.

Status

Code

Description

200

OK

Successful execution

400

Bad Request

Request body is malformed

404

Not Found

Specified SIM Slot doesn’t exist

410

Gone

No SIM card inserted in slot

Response Body

The response body is a JSON document, either

  1. a successful outcome; encoding RES, CK, IK as hex-encoded string

  2. a sync failure; encoding AUTS as hex-encoded string

  3. errors #. authentication error (incorrect MAC) #. authentication error (security context not supported) #. key freshness failure #. unspecified card error

Example (succcess):

{
   "successful_3g_authentication": {
        "res": "b15379540ec93985",
        "ck": "713fde72c28cbd282a4cd4565f3d6381",
        "ik": "2e641727c95781f1020d319a0594f31a",
        "kc": "771a2c995172ac42"
    }
}

Example (re-sync case):

{
    "synchronisation_failure": {
        "auts": "dc2a591fe072c92d7c46ecfe97e5"
    }
}

Concrete example using the included sysmoISIM-SJA2

This was tested using SIMs ending in IMSI numbers 45890…45899

The following command were executed successfully:

Slot 0

$ /usr/local/src/pysim/contrib/sim-rest-client.py -c 1 -n 0 -k 841EAD87BC9D974ECA1C167409357601 -o 3211CACDD64F51C3FD3013ECD9A582A0
-> {'rand': 'fb195c7873b20affa278887920b9dd57', 'autn': 'd420895a6aa2000089cd016f8d8ae67c'}
<- {'successful_3g_authentication': {'res': '131004db2ff1ce8e', 'ck': 'd42eb5aa085307903271b2422b698bad', 'ik': '485f81e6fd957fe3cad374adf12fe1ca', 'kc': '64d3f2a32f801214'}}

Slot 1

$ /usr/local/src/pysim/contrib/sim-rest-client.py -c 1 -n 1 -k 5C2CE9633FF9B502B519A4EACD16D9DF -o 9834D619E71A02CD76F00CC7AA34FB32
-> {'rand': '433dc5553db95588f1d8b93870930b66', 'autn': '126bafdcbe9e00000026a208da61075d'}
<- {'successful_3g_authentication': {'res': '026d7ac42d379207', 'ck': '83a90ba331f47a95c27a550b174c4a1f', 'ik': '31e1d10329ffaf0ca1684a1bf0b0a14a', 'kc': 'd15ac5b0fff73ecc'}}