Gitiles
Code Review Sign In
gerrit.osmocom.org / simtrace2 / a02b641650175c1a728cf26769b2dd0e28ff4ea6 / . / host / simtrace2-remsim.c
blob: 173ef2c42986e4d1fe716b7aed84b622e720e693 [file] [log] [blame]
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]1/* simtrace2-remsim - main program for the host PC
2 *
3 * (C) 2010-2016 by Harald Welte <hwelte@hmw-consulting.de>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2
7 * as published by the Free Software Foundation
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 */
18
19#include <errno.h>
20#include <unistd.h>
21#include <stdio.h>
22#include <stdlib.h>
23#include <string.h>
24#include <stdint.h>
Harald Welte1871c252016-03-20 15:30:46 +0100[diff] [blame]25#include <signal.h>
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]26#include <time.h>
27#define _GNU_SOURCE
28#include <getopt.h>
29
30#include <sys/time.h>
31#include <sys/types.h>
32#include <sys/socket.h>
33#include <netinet/in.h>
34#include <arpa/inet.h>
35
36#include <libusb.h>
37
38#include "simtrace.h"
39#include "cardemu_prot.h"
40#include "apdu_dispatch.h"
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]41#include "simtrace2-discovery.h"
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]42
43#include <osmocom/core/gsmtap.h>
44#include <osmocom/core/gsmtap_util.h>
45#include <osmocom/core/utils.h>
46#include <osmocom/core/socket.h>
47#include <osmocom/sim/class_tables.h>
48#include <osmocom/sim/sim.h>
49
50static struct gsmtap_inst *g_gti;
51struct libusb_device_handle *g_devh;
52const struct osim_cla_ins_card_profile *g_prof;
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]53static uint8_t g_in_ep;
54static uint8_t g_out_ep;
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]55static int g_udp_fd = -1;
56static struct osim_chan_hdl *g_chan;
57
58static int gsmtap_send_sim(const uint8_t *apdu, unsigned int len)
59{
60 struct gsmtap_hdr *gh;
61 unsigned int gross_len = len + sizeof(*gh);
62 uint8_t *buf = malloc(gross_len);
63 int rc;
64
65 if (!buf)
66 return -ENOMEM;
67
68 memset(buf, 0, sizeof(*gh));
69 gh = (struct gsmtap_hdr *) buf;
70 gh->version = GSMTAP_VERSION;
71 gh->hdr_len = sizeof(*gh)/4;
72 gh->type = GSMTAP_TYPE_SIM;
73
74 memcpy(buf + sizeof(*gh), apdu, len);
75
76 rc = write(gsmtap_inst_fd(g_gti), buf, gross_len);
77 if (rc < 0) {
78 perror("write gsmtap");
79 free(buf);
80 return rc;
81 }
82
83 free(buf);
84 return 0;
85}
86
87#if 0
88static void apdu_out_cb(uint8_t *buf, unsigned int len, void *user_data)
89{
90 printf("APDU: %s\n", osmo_hexdump(buf, len));
91 gsmtap_send_sim(buf, len);
92}
93#endif
94
95/*! \brief Transmit a given command to the SIMtrace2 device */
96static int tx_to_dev(uint8_t *buf, unsigned int len)
97{
98 struct cardemu_usb_msg_hdr *mh = (struct cardemu_usb_msg_hdr *) buf;
99 int xfer_len;
100
101 mh->msg_len = len;
102
103 printf("<- %s\n", osmo_hexdump(buf, len));
104
105 if (g_udp_fd < 0) {
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]106 return libusb_bulk_transfer(g_devh, g_out_ep, buf, len,
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]107 &xfer_len, 100000);
108 } else {
109 return write(g_udp_fd, buf, len);
110 }
111}
112
113/*! \brief Request the SIMtrace2 to generate a card-insert signal */
114static int request_card_insert(bool inserted)
115{
116 struct cardemu_usb_msg_cardinsert cins;
117
118 memset(&cins, 0, sizeof(cins));
119 cins.hdr.msg_type = CEMU_USB_MSGT_DT_CARDINSERT;
120 if (inserted)
121 cins.card_insert = 1;
122
123 return tx_to_dev((uint8_t *)&cins, sizeof(cins));
124}
125
126/*! \brief Request the SIMtrace2 to transmit a Procedure Byte, then Rx */
127static int request_pb_and_rx(uint8_t pb, uint8_t le)
128{
129 struct cardemu_usb_msg_tx_data *txd;
130 uint8_t buf[sizeof(*txd) + 1];
131 txd = (struct cardemu_usb_msg_tx_data *) buf;
132
133 printf("<= request_pb_and_rx(%02x, %d)\n", pb, le);
134
135 memset(txd, 0, sizeof(*txd));
136 txd->data_len = 1;
137 txd->hdr.msg_type = CEMU_USB_MSGT_DT_TX_DATA;
138 txd->flags = CEMU_DATA_F_PB_AND_RX;
139 txd->data[0] = pb;
140
141 return tx_to_dev((uint8_t *)txd, sizeof(*txd)+txd->data_len);
142}
143
144/*! \brief Request the SIMtrace2 to transmit a Procedure Byte, then Tx */
145static int request_pb_and_tx(uint8_t pb, const uint8_t *data, uint8_t data_len_in)
146{
147 uint32_t data_len = data_len_in;
148 struct cardemu_usb_msg_tx_data *txd;
149 uint8_t buf[sizeof(*txd) + 1 + data_len_in];
150 txd = (struct cardemu_usb_msg_tx_data *) buf;
151
152 printf("<= request_pb_and_tx(%02x, %s, %d)\n", pb, osmo_hexdump(data, data_len_in), data_len_in);
153
154 memset(txd, 0, sizeof(*txd));
155 txd->hdr.msg_type = CEMU_USB_MSGT_DT_TX_DATA;
156 txd->data_len = 1 + data_len_in;
157 txd->flags = CEMU_DATA_F_PB_AND_TX;
158 txd->data[0] = pb;
159 memcpy(txd->data+1, data, data_len_in);
160
161 return tx_to_dev(buf, sizeof(*txd)+txd->data_len);
162}
163
164/*! \brief Request the SIMtrace2 to send a Status Word */
165static int request_sw_tx(const uint8_t *sw)
166{
167 struct cardemu_usb_msg_tx_data *txd;
168 uint8_t buf[sizeof(*txd) + 2];
169 txd = (struct cardemu_usb_msg_tx_data *) buf;
170
171 printf("<= request_sw_tx(%02x %02x)\n", sw[0], sw[1]);
172
173 memset(txd, 0, sizeof(*txd));
174 txd->hdr.msg_type = CEMU_USB_MSGT_DT_TX_DATA;
175 txd->data_len = 2;
176 txd->flags = CEMU_DATA_F_PB_AND_TX | CEMU_DATA_F_FINAL;
177 txd->data[0] = sw[0];
178 txd->data[1] = sw[1];
179
180 return tx_to_dev((uint8_t *)txd, sizeof(*txd)+txd->data_len);
181}
182
Harald Welte9daaa792016-03-20 15:01:20 +0100[diff] [blame]183static void atr_update_csum(uint8_t *atr, unsigned int atr_len)
184{
185 uint8_t csum = 0;
186 int i;
187
188 for (i = 1; i < atr_len - 1; i++)
189 csum = csum ^ atr[i];
190
191 atr[atr_len-1] = csum;
192}
193
194static int request_set_atr(const uint8_t *atr, unsigned int atr_len)
195{
196 struct cardemu_usb_msg_set_atr *satr;
197 uint8_t buf[sizeof(*satr) + atr_len];
198 satr = (struct cardemu_usb_msg_set_atr *) buf;
199
200 printf("<= request_set_atr(%s)\n", osmo_hexdump(atr, atr_len));
201
202 memset(satr, 0, sizeof(*satr));
203 satr->hdr.msg_type = CEMU_USB_MSGT_DT_SET_ATR;
204 satr->atr_len = atr_len;
205 memcpy(satr->atr, atr, atr_len);
206
207 return tx_to_dev((uint8_t *)satr, sizeof(buf));
208}
209
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]210/*! \brief Process a STATUS message from the SIMtrace2 */
211static int process_do_status(uint8_t *buf, int len)
212{
213 struct cardemu_usb_msg_status *status;
214 status = (struct cardemu_usb_msg_status *) buf;
215
216 printf("=> STATUS: flags=0x%x, fi=%u, di=%u, wi=%u wtime=%u\n",
217 status->flags, status->fi, status->di, status->wi,
218 status->waiting_time);
219
220 return 0;
221}
222
223/*! \brief Process a PTS indication message from the SIMtrace2 */
224static int process_do_pts(uint8_t *buf, int len)
225{
226 struct cardemu_usb_msg_pts_info *pts;
227 pts = (struct cardemu_usb_msg_pts_info *) buf;
228
229 printf("=> PTS req: %s\n", osmo_hexdump(pts->req, sizeof(pts->req)));
230
231 return 0;
232}
233
234/*! \brief Process a ERROR indication message from the SIMtrace2 */
235static int process_do_error(uint8_t *buf, int len)
236{
237 struct cardemu_usb_msg_error *err;
238 err = (struct cardemu_usb_msg_error *) buf;
239
240 printf("=> ERROR: %u/%u/%u: %s\n",
241 err->severity, err->subsystem, err->code,
242 err->msg_len ? err->msg : "");
243
244 return 0;
245}
246
247/*! \brief Process a RX-DATA indication message from the SIMtrace2 */
248static int process_do_rx_da(uint8_t *buf, int len)
249{
250 static struct apdu_context ac;
251 struct cardemu_usb_msg_rx_data *data;
252 const uint8_t sw_success[] = { 0x90, 0x00 };
253 int rc;
254
255 data = (struct cardemu_usb_msg_rx_data *) buf;
256
257 printf("=> DATA: flags=%x, %s: ", data->flags,
258 osmo_hexdump(data->data, data->data_len));
259
260 rc = apdu_segment_in(&ac, data->data, data->data_len,
261 data->flags & CEMU_DATA_F_TPDU_HDR);
262
263 if (rc & APDU_ACT_TX_CAPDU_TO_CARD) {
264 struct msgb *tmsg = msgb_alloc(1024, "TPDU");
265 struct osim_reader_hdl *rh = g_chan->card->reader;
266 uint8_t *cur;
267
268 /* Copy TPDU header */
269 cur = msgb_put(tmsg, sizeof(ac.hdr));
270 memcpy(cur, &ac.hdr, sizeof(ac.hdr));
271 /* Copy D(c), if any */
272 if (ac.lc.tot) {
273 cur = msgb_put(tmsg, ac.lc.tot);
274 memcpy(cur, ac.dc, ac.lc.tot);
275 }
276 /* send to actual card */
277 tmsg->l3h = tmsg->tail;
278 rc = rh->ops->transceive(rh, tmsg);
279 if (rc < 0) {
280 fprintf(stderr, "error during transceive: %d\n", rc);
281 msgb_free(tmsg);
282 return rc;
283 }
284 msgb_apdu_sw(tmsg) = msgb_get_u16(tmsg);
285 ac.sw[0] = msgb_apdu_sw(tmsg) >> 8;
286 ac.sw[1] = msgb_apdu_sw(tmsg) & 0xff;
287 printf("SW=0x%04x, len_rx=%d\n", msgb_apdu_sw(tmsg), msgb_l3len(tmsg));
288 if (msgb_l3len(tmsg))
289 request_pb_and_tx(ac.hdr.ins, tmsg->l3h, msgb_l3len(tmsg));
290 request_sw_tx(ac.sw);
291 } else if (ac.lc.tot > ac.lc.cur) {
292 request_pb_and_rx(ac.hdr.ins, ac.lc.tot - ac.lc.cur);
293 }
294 return 0;
295}
296
297/*! \brief Process an incoming message from the SIMtrace2 */
298static int process_usb_msg(uint8_t *buf, int len)
299{
300 struct cardemu_usb_msg_hdr *sh = (struct cardemu_usb_msg_hdr *)buf;
301 uint8_t *payload;
302 int payload_len;
303 int rc;
304
305 printf("-> %s\n", osmo_hexdump(buf, len));
306
307 switch (sh->msg_type) {
308 case CEMU_USB_MSGT_DO_STATUS:
309 rc = process_do_status(buf, len);
310 break;
311 case CEMU_USB_MSGT_DO_PTS:
312 rc = process_do_pts(buf, len);
313 break;
314 case CEMU_USB_MSGT_DO_ERROR:
315 rc = process_do_error(buf, len);
316 break;
317 case CEMU_USB_MSGT_DO_RX_DATA:
318 rc = process_do_rx_da(buf, len);
319 break;
320 default:
321 printf("unknown simtrace msg type 0x%02x\n", sh->msg_type);
322 rc = -1;
323 break;
324 }
325
326 return rc;
327}
328
329static void print_welcome(void)
330{
331 printf("simtrace2-remsim - Remote SIM card forwarding\n"
332 "(C) 2010-2016 by Harald Welte <laforge@gnumonks.org>\n\n");
333}
334
335static void print_help(void)
336{
337 printf( "\t-i\t--gsmtap-ip\tA.B.C.D\n"
338 "\t-a\t--skip-atr\n"
339 "\t-h\t--help\n"
340 "\t-k\t--keep-running\n"
341 "\n"
342 );
343}
344
345static const struct option opts[] = {
346 { "gsmtap-ip", 1, 0, 'i' },
347 { "skip-atr", 0, 0, 'a' },
348 { "help", 0, 0, 'h' },
349 { "keep-running", 0, 0, 'k' },
350 { NULL, 0, 0, 0 }
351};
352
353static void run_mainloop(void)
354{
355 unsigned int msg_count, byte_count = 0;
356 char buf[16*265];
357 int xfer_len;
358 int rc;
359
360 printf("Entering main loop\n");
361
362 while (1) {
363 /* read data from SIMtrace2 device (local or via USB) */
364 if (g_udp_fd < 0) {
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]365 rc = libusb_bulk_transfer(g_devh, g_in_ep, buf, sizeof(buf), &xfer_len, 100000);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]366 if (rc < 0 && rc != LIBUSB_ERROR_TIMEOUT) {
367 fprintf(stderr, "BULK IN transfer error; rc=%d\n", rc);
368 return;
369 }
370 } else {
371 rc = read(g_udp_fd, buf, sizeof(buf));
372 if (rc <= 0) {
373 fprintf(stderr, "shor read from UDP\n");
374 return;
375 }
376 xfer_len = rc;
377 }
378 /* dispatch any incoming data */
379 if (xfer_len > 0) {
380 //printf("URB: %s\n", osmo_hexdump(buf, rc));
381 process_usb_msg(buf, xfer_len);
382 msg_count++;
383 byte_count += xfer_len;
384 }
385 }
386}
387
Harald Welte1871c252016-03-20 15:30:46 +0100[diff] [blame]388static void signal_handler(int signal)
389{
390 switch (signal) {
391 case SIGINT:
392 request_card_insert(false);
393 exit(0);
394 break;
395 default:
396 break;
397 }
398}
399
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]400int main(int argc, char **argv)
401{
402 char *gsmtap_host = "127.0.0.1";
403 int rc;
404 int c, ret = 1;
405 int skip_atr = 0;
406 int keep_running = 0;
407 int remote_udp_port = 52342;
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]408 int if_num = 0;
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]409 char *remote_udp_host = NULL;
410 struct osim_reader_hdl *reader;
411 struct osim_card_hdl *card;
412
413 print_welcome();
414
415 while (1) {
416 int option_index = 0;
417
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]418 c = getopt_long(argc, argv, "r:p:hi:I:ak", opts, &option_index);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]419 if (c == -1)
420 break;
421 switch (c) {
422 case 'r':
423 remote_udp_host = optarg;
424 break;
425 case 'p':
426 remote_udp_port = atoi(optarg);
427 break;
428 case 'h':
429 print_help();
430 exit(0);
431 break;
432 case 'i':
433 gsmtap_host = optarg;
434 break;
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]435 case 'I':
436 if_num = atoi(optarg);
437 break;
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]438 case 'a':
439 skip_atr = 1;
440 break;
441 case 'k':
442 keep_running = 1;
443 break;
444 }
445 }
446
447 g_prof = &osim_uicc_sim_cic_profile;
448
449 if (!remote_udp_host) {
450 rc = libusb_init(NULL);
451 if (rc < 0) {
452 fprintf(stderr, "libusb initialization failed\n");
453 goto do_exit;
454 }
455 } else {
456 g_udp_fd = osmo_sock_init(AF_INET, SOCK_DGRAM, IPPROTO_UDP, remote_udp_host,
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]457 remote_udp_port+if_num, OSMO_SOCK_F_CONNECT);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]458 if (g_udp_fd < 0) {
459 fprintf(stderr, "error binding UDP port\n");
460 goto do_exit;
461 }
462 }
463
464 g_gti = gsmtap_source_init(gsmtap_host, GSMTAP_UDP_PORT, 0);
465 if (!g_gti) {
466 perror("unable to open GSMTAP");
467 goto close_exit;
468 }
469 gsmtap_source_add_sink(g_gti);
470
471 reader = osim_reader_open(OSIM_READER_DRV_PCSC, 0, "", NULL);
472 if (!reader) {
473 perror("unable to open PC/SC reader");
474 goto close_exit;
475 }
476
477 card = osim_card_open(reader, OSIM_PROTO_T0);
478 if (!card) {
479 perror("unable to open SIM card");
480 goto close_exit;
481 }
482
483 g_chan = llist_entry(card->channels.next, struct osim_chan_hdl, list);
484 if (!g_chan) {
485 perror("SIM card has no channel?!?");
486 goto close_exit;
487 }
488
Harald Welte1871c252016-03-20 15:30:46 +0100[diff] [blame]489 signal(SIGINT, &signal_handler);
490
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]491 do {
492 if (g_udp_fd < 0) {
493 g_devh = libusb_open_device_with_vid_pid(NULL, SIMTRACE_USB_VENDOR, SIMTRACE_USB_PRODUCT);
494 if (!g_devh) {
495 fprintf(stderr, "can't open USB device\n");
496 goto close_exit;
497 }
498
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]499 rc = libusb_claim_interface(g_devh, if_num);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]500 if (rc < 0) {
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]501 fprintf(stderr, "can't claim interface %d; rc=%d\n", if_num, rc);
502 goto close_exit;
503 }
504
505 rc = get_usb_ep_addrs(g_devh, if_num, &g_out_ep, &g_in_ep, NULL);
506 if (rc < 0) {
507 fprintf(stderr, "can't obtain EP addrs; rc=%d\n", rc);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]508 goto close_exit;
509 }
510 }
511
512 request_card_insert(true);
Harald Welte9daaa792016-03-20 15:01:20 +0100[diff] [blame]513 uint8_t real_atr[] = { 0x3B, 0x9F, 0x96, 0x80, 0x1F, 0xC7, 0x80, 0x31,
514 0xA0, 0x73, 0xBE, 0x21, 0x13, 0x67, 0x43, 0x20,
515 0x07, 0x18, 0x00, 0x00, 0x01, 0xA5 };
516 atr_update_csum(real_atr, sizeof(real_atr));
517 request_set_atr(real_atr, sizeof(real_atr));
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]518
519 run_mainloop();
520 ret = 0;
521
522 if (g_udp_fd < 0)
523 libusb_release_interface(g_devh, 0);
524close_exit:
525 if (g_devh)
526 libusb_close(g_devh);
527 if (keep_running)
528 sleep(1);
529 } while (keep_running);
530
531release_exit:
532 if (g_udp_fd < 0)
533 libusb_exit(NULL);
534do_exit:
535 return ret;
536}