Gitiles
Code Review Sign In
gerrit.osmocom.org / simtrace2 / cf1c19abe04d876c3020bfc65b8eeef5cf895d0a / . / host / simtrace2-remsim.c
blob: b96d481e78b703500992f991ef0ca11d8be4b378 [file] [log] [blame]
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]1/* simtrace2-remsim - main program for the host PC
2 *
3 * (C) 2010-2016 by Harald Welte <hwelte@hmw-consulting.de>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2
7 * as published by the Free Software Foundation
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 */
18
19#include <errno.h>
20#include <unistd.h>
21#include <stdio.h>
22#include <stdlib.h>
23#include <string.h>
24#include <stdint.h>
25#include <time.h>
26#define _GNU_SOURCE
27#include <getopt.h>
28
29#include <sys/time.h>
30#include <sys/types.h>
31#include <sys/socket.h>
32#include <netinet/in.h>
33#include <arpa/inet.h>
34
35#include <libusb.h>
36
37#include "simtrace.h"
38#include "cardemu_prot.h"
39#include "apdu_dispatch.h"
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]40#include "simtrace2-discovery.h"
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]41
42#include <osmocom/core/gsmtap.h>
43#include <osmocom/core/gsmtap_util.h>
44#include <osmocom/core/utils.h>
45#include <osmocom/core/socket.h>
46#include <osmocom/sim/class_tables.h>
47#include <osmocom/sim/sim.h>
48
49static struct gsmtap_inst *g_gti;
50struct libusb_device_handle *g_devh;
51const struct osim_cla_ins_card_profile *g_prof;
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]52static uint8_t g_in_ep;
53static uint8_t g_out_ep;
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]54static int g_udp_fd = -1;
55static struct osim_chan_hdl *g_chan;
56
57static int gsmtap_send_sim(const uint8_t *apdu, unsigned int len)
58{
59 struct gsmtap_hdr *gh;
60 unsigned int gross_len = len + sizeof(*gh);
61 uint8_t *buf = malloc(gross_len);
62 int rc;
63
64 if (!buf)
65 return -ENOMEM;
66
67 memset(buf, 0, sizeof(*gh));
68 gh = (struct gsmtap_hdr *) buf;
69 gh->version = GSMTAP_VERSION;
70 gh->hdr_len = sizeof(*gh)/4;
71 gh->type = GSMTAP_TYPE_SIM;
72
73 memcpy(buf + sizeof(*gh), apdu, len);
74
75 rc = write(gsmtap_inst_fd(g_gti), buf, gross_len);
76 if (rc < 0) {
77 perror("write gsmtap");
78 free(buf);
79 return rc;
80 }
81
82 free(buf);
83 return 0;
84}
85
86#if 0
87static void apdu_out_cb(uint8_t *buf, unsigned int len, void *user_data)
88{
89 printf("APDU: %s\n", osmo_hexdump(buf, len));
90 gsmtap_send_sim(buf, len);
91}
92#endif
93
94/*! \brief Transmit a given command to the SIMtrace2 device */
95static int tx_to_dev(uint8_t *buf, unsigned int len)
96{
97 struct cardemu_usb_msg_hdr *mh = (struct cardemu_usb_msg_hdr *) buf;
98 int xfer_len;
99
100 mh->msg_len = len;
101
102 printf("<- %s\n", osmo_hexdump(buf, len));
103
104 if (g_udp_fd < 0) {
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]105 return libusb_bulk_transfer(g_devh, g_out_ep, buf, len,
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]106 &xfer_len, 100000);
107 } else {
108 return write(g_udp_fd, buf, len);
109 }
110}
111
112/*! \brief Request the SIMtrace2 to generate a card-insert signal */
113static int request_card_insert(bool inserted)
114{
115 struct cardemu_usb_msg_cardinsert cins;
116
117 memset(&cins, 0, sizeof(cins));
118 cins.hdr.msg_type = CEMU_USB_MSGT_DT_CARDINSERT;
119 if (inserted)
120 cins.card_insert = 1;
121
122 return tx_to_dev((uint8_t *)&cins, sizeof(cins));
123}
124
125/*! \brief Request the SIMtrace2 to transmit a Procedure Byte, then Rx */
126static int request_pb_and_rx(uint8_t pb, uint8_t le)
127{
128 struct cardemu_usb_msg_tx_data *txd;
129 uint8_t buf[sizeof(*txd) + 1];
130 txd = (struct cardemu_usb_msg_tx_data *) buf;
131
132 printf("<= request_pb_and_rx(%02x, %d)\n", pb, le);
133
134 memset(txd, 0, sizeof(*txd));
135 txd->data_len = 1;
136 txd->hdr.msg_type = CEMU_USB_MSGT_DT_TX_DATA;
137 txd->flags = CEMU_DATA_F_PB_AND_RX;
138 txd->data[0] = pb;
139
140 return tx_to_dev((uint8_t *)txd, sizeof(*txd)+txd->data_len);
141}
142
143/*! \brief Request the SIMtrace2 to transmit a Procedure Byte, then Tx */
144static int request_pb_and_tx(uint8_t pb, const uint8_t *data, uint8_t data_len_in)
145{
146 uint32_t data_len = data_len_in;
147 struct cardemu_usb_msg_tx_data *txd;
148 uint8_t buf[sizeof(*txd) + 1 + data_len_in];
149 txd = (struct cardemu_usb_msg_tx_data *) buf;
150
151 printf("<= request_pb_and_tx(%02x, %s, %d)\n", pb, osmo_hexdump(data, data_len_in), data_len_in);
152
153 memset(txd, 0, sizeof(*txd));
154 txd->hdr.msg_type = CEMU_USB_MSGT_DT_TX_DATA;
155 txd->data_len = 1 + data_len_in;
156 txd->flags = CEMU_DATA_F_PB_AND_TX;
157 txd->data[0] = pb;
158 memcpy(txd->data+1, data, data_len_in);
159
160 return tx_to_dev(buf, sizeof(*txd)+txd->data_len);
161}
162
163/*! \brief Request the SIMtrace2 to send a Status Word */
164static int request_sw_tx(const uint8_t *sw)
165{
166 struct cardemu_usb_msg_tx_data *txd;
167 uint8_t buf[sizeof(*txd) + 2];
168 txd = (struct cardemu_usb_msg_tx_data *) buf;
169
170 printf("<= request_sw_tx(%02x %02x)\n", sw[0], sw[1]);
171
172 memset(txd, 0, sizeof(*txd));
173 txd->hdr.msg_type = CEMU_USB_MSGT_DT_TX_DATA;
174 txd->data_len = 2;
175 txd->flags = CEMU_DATA_F_PB_AND_TX | CEMU_DATA_F_FINAL;
176 txd->data[0] = sw[0];
177 txd->data[1] = sw[1];
178
179 return tx_to_dev((uint8_t *)txd, sizeof(*txd)+txd->data_len);
180}
181
Harald Welte9daaa792016-03-20 15:01:20 +0100[diff] [blame]182static void atr_update_csum(uint8_t *atr, unsigned int atr_len)
183{
184 uint8_t csum = 0;
185 int i;
186
187 for (i = 1; i < atr_len - 1; i++)
188 csum = csum ^ atr[i];
189
190 atr[atr_len-1] = csum;
191}
192
193static int request_set_atr(const uint8_t *atr, unsigned int atr_len)
194{
195 struct cardemu_usb_msg_set_atr *satr;
196 uint8_t buf[sizeof(*satr) + atr_len];
197 satr = (struct cardemu_usb_msg_set_atr *) buf;
198
199 printf("<= request_set_atr(%s)\n", osmo_hexdump(atr, atr_len));
200
201 memset(satr, 0, sizeof(*satr));
202 satr->hdr.msg_type = CEMU_USB_MSGT_DT_SET_ATR;
203 satr->atr_len = atr_len;
204 memcpy(satr->atr, atr, atr_len);
205
206 return tx_to_dev((uint8_t *)satr, sizeof(buf));
207}
208
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]209/*! \brief Process a STATUS message from the SIMtrace2 */
210static int process_do_status(uint8_t *buf, int len)
211{
212 struct cardemu_usb_msg_status *status;
213 status = (struct cardemu_usb_msg_status *) buf;
214
215 printf("=> STATUS: flags=0x%x, fi=%u, di=%u, wi=%u wtime=%u\n",
216 status->flags, status->fi, status->di, status->wi,
217 status->waiting_time);
218
219 return 0;
220}
221
222/*! \brief Process a PTS indication message from the SIMtrace2 */
223static int process_do_pts(uint8_t *buf, int len)
224{
225 struct cardemu_usb_msg_pts_info *pts;
226 pts = (struct cardemu_usb_msg_pts_info *) buf;
227
228 printf("=> PTS req: %s\n", osmo_hexdump(pts->req, sizeof(pts->req)));
229
230 return 0;
231}
232
233/*! \brief Process a ERROR indication message from the SIMtrace2 */
234static int process_do_error(uint8_t *buf, int len)
235{
236 struct cardemu_usb_msg_error *err;
237 err = (struct cardemu_usb_msg_error *) buf;
238
239 printf("=> ERROR: %u/%u/%u: %s\n",
240 err->severity, err->subsystem, err->code,
241 err->msg_len ? err->msg : "");
242
243 return 0;
244}
245
246/*! \brief Process a RX-DATA indication message from the SIMtrace2 */
247static int process_do_rx_da(uint8_t *buf, int len)
248{
249 static struct apdu_context ac;
250 struct cardemu_usb_msg_rx_data *data;
251 const uint8_t sw_success[] = { 0x90, 0x00 };
252 int rc;
253
254 data = (struct cardemu_usb_msg_rx_data *) buf;
255
256 printf("=> DATA: flags=%x, %s: ", data->flags,
257 osmo_hexdump(data->data, data->data_len));
258
259 rc = apdu_segment_in(&ac, data->data, data->data_len,
260 data->flags & CEMU_DATA_F_TPDU_HDR);
261
262 if (rc & APDU_ACT_TX_CAPDU_TO_CARD) {
263 struct msgb *tmsg = msgb_alloc(1024, "TPDU");
264 struct osim_reader_hdl *rh = g_chan->card->reader;
265 uint8_t *cur;
266
267 /* Copy TPDU header */
268 cur = msgb_put(tmsg, sizeof(ac.hdr));
269 memcpy(cur, &ac.hdr, sizeof(ac.hdr));
270 /* Copy D(c), if any */
271 if (ac.lc.tot) {
272 cur = msgb_put(tmsg, ac.lc.tot);
273 memcpy(cur, ac.dc, ac.lc.tot);
274 }
275 /* send to actual card */
276 tmsg->l3h = tmsg->tail;
277 rc = rh->ops->transceive(rh, tmsg);
278 if (rc < 0) {
279 fprintf(stderr, "error during transceive: %d\n", rc);
280 msgb_free(tmsg);
281 return rc;
282 }
283 msgb_apdu_sw(tmsg) = msgb_get_u16(tmsg);
284 ac.sw[0] = msgb_apdu_sw(tmsg) >> 8;
285 ac.sw[1] = msgb_apdu_sw(tmsg) & 0xff;
286 printf("SW=0x%04x, len_rx=%d\n", msgb_apdu_sw(tmsg), msgb_l3len(tmsg));
287 if (msgb_l3len(tmsg))
288 request_pb_and_tx(ac.hdr.ins, tmsg->l3h, msgb_l3len(tmsg));
289 request_sw_tx(ac.sw);
290 } else if (ac.lc.tot > ac.lc.cur) {
291 request_pb_and_rx(ac.hdr.ins, ac.lc.tot - ac.lc.cur);
292 }
293 return 0;
294}
295
296/*! \brief Process an incoming message from the SIMtrace2 */
297static int process_usb_msg(uint8_t *buf, int len)
298{
299 struct cardemu_usb_msg_hdr *sh = (struct cardemu_usb_msg_hdr *)buf;
300 uint8_t *payload;
301 int payload_len;
302 int rc;
303
304 printf("-> %s\n", osmo_hexdump(buf, len));
305
306 switch (sh->msg_type) {
307 case CEMU_USB_MSGT_DO_STATUS:
308 rc = process_do_status(buf, len);
309 break;
310 case CEMU_USB_MSGT_DO_PTS:
311 rc = process_do_pts(buf, len);
312 break;
313 case CEMU_USB_MSGT_DO_ERROR:
314 rc = process_do_error(buf, len);
315 break;
316 case CEMU_USB_MSGT_DO_RX_DATA:
317 rc = process_do_rx_da(buf, len);
318 break;
319 default:
320 printf("unknown simtrace msg type 0x%02x\n", sh->msg_type);
321 rc = -1;
322 break;
323 }
324
325 return rc;
326}
327
328static void print_welcome(void)
329{
330 printf("simtrace2-remsim - Remote SIM card forwarding\n"
331 "(C) 2010-2016 by Harald Welte <laforge@gnumonks.org>\n\n");
332}
333
334static void print_help(void)
335{
336 printf( "\t-i\t--gsmtap-ip\tA.B.C.D\n"
337 "\t-a\t--skip-atr\n"
338 "\t-h\t--help\n"
339 "\t-k\t--keep-running\n"
340 "\n"
341 );
342}
343
344static const struct option opts[] = {
345 { "gsmtap-ip", 1, 0, 'i' },
346 { "skip-atr", 0, 0, 'a' },
347 { "help", 0, 0, 'h' },
348 { "keep-running", 0, 0, 'k' },
349 { NULL, 0, 0, 0 }
350};
351
352static void run_mainloop(void)
353{
354 unsigned int msg_count, byte_count = 0;
355 char buf[16*265];
356 int xfer_len;
357 int rc;
358
359 printf("Entering main loop\n");
360
361 while (1) {
362 /* read data from SIMtrace2 device (local or via USB) */
363 if (g_udp_fd < 0) {
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]364 rc = libusb_bulk_transfer(g_devh, g_in_ep, buf, sizeof(buf), &xfer_len, 100000);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]365 if (rc < 0 && rc != LIBUSB_ERROR_TIMEOUT) {
366 fprintf(stderr, "BULK IN transfer error; rc=%d\n", rc);
367 return;
368 }
369 } else {
370 rc = read(g_udp_fd, buf, sizeof(buf));
371 if (rc <= 0) {
372 fprintf(stderr, "shor read from UDP\n");
373 return;
374 }
375 xfer_len = rc;
376 }
377 /* dispatch any incoming data */
378 if (xfer_len > 0) {
379 //printf("URB: %s\n", osmo_hexdump(buf, rc));
380 process_usb_msg(buf, xfer_len);
381 msg_count++;
382 byte_count += xfer_len;
383 }
384 }
385}
386
387int main(int argc, char **argv)
388{
389 char *gsmtap_host = "127.0.0.1";
390 int rc;
391 int c, ret = 1;
392 int skip_atr = 0;
393 int keep_running = 0;
394 int remote_udp_port = 52342;
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]395 int if_num = 0;
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]396 char *remote_udp_host = NULL;
397 struct osim_reader_hdl *reader;
398 struct osim_card_hdl *card;
399
400 print_welcome();
401
402 while (1) {
403 int option_index = 0;
404
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]405 c = getopt_long(argc, argv, "r:p:hi:I:ak", opts, &option_index);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]406 if (c == -1)
407 break;
408 switch (c) {
409 case 'r':
410 remote_udp_host = optarg;
411 break;
412 case 'p':
413 remote_udp_port = atoi(optarg);
414 break;
415 case 'h':
416 print_help();
417 exit(0);
418 break;
419 case 'i':
420 gsmtap_host = optarg;
421 break;
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]422 case 'I':
423 if_num = atoi(optarg);
424 break;
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]425 case 'a':
426 skip_atr = 1;
427 break;
428 case 'k':
429 keep_running = 1;
430 break;
431 }
432 }
433
434 g_prof = &osim_uicc_sim_cic_profile;
435
436 if (!remote_udp_host) {
437 rc = libusb_init(NULL);
438 if (rc < 0) {
439 fprintf(stderr, "libusb initialization failed\n");
440 goto do_exit;
441 }
442 } else {
443 g_udp_fd = osmo_sock_init(AF_INET, SOCK_DGRAM, IPPROTO_UDP, remote_udp_host,
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]444 remote_udp_port+if_num, OSMO_SOCK_F_CONNECT);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]445 if (g_udp_fd < 0) {
446 fprintf(stderr, "error binding UDP port\n");
447 goto do_exit;
448 }
449 }
450
451 g_gti = gsmtap_source_init(gsmtap_host, GSMTAP_UDP_PORT, 0);
452 if (!g_gti) {
453 perror("unable to open GSMTAP");
454 goto close_exit;
455 }
456 gsmtap_source_add_sink(g_gti);
457
458 reader = osim_reader_open(OSIM_READER_DRV_PCSC, 0, "", NULL);
459 if (!reader) {
460 perror("unable to open PC/SC reader");
461 goto close_exit;
462 }
463
464 card = osim_card_open(reader, OSIM_PROTO_T0);
465 if (!card) {
466 perror("unable to open SIM card");
467 goto close_exit;
468 }
469
470 g_chan = llist_entry(card->channels.next, struct osim_chan_hdl, list);
471 if (!g_chan) {
472 perror("SIM card has no channel?!?");
473 goto close_exit;
474 }
475
476 do {
477 if (g_udp_fd < 0) {
478 g_devh = libusb_open_device_with_vid_pid(NULL, SIMTRACE_USB_VENDOR, SIMTRACE_USB_PRODUCT);
479 if (!g_devh) {
480 fprintf(stderr, "can't open USB device\n");
481 goto close_exit;
482 }
483
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]484 rc = libusb_claim_interface(g_devh, if_num);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]485 if (rc < 0) {
Harald Welte236caf62016-03-19 21:28:09 +0100[diff] [blame]486 fprintf(stderr, "can't claim interface %d; rc=%d\n", if_num, rc);
487 goto close_exit;
488 }
489
490 rc = get_usb_ep_addrs(g_devh, if_num, &g_out_ep, &g_in_ep, NULL);
491 if (rc < 0) {
492 fprintf(stderr, "can't obtain EP addrs; rc=%d\n", rc);
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]493 goto close_exit;
494 }
495 }
496
497 request_card_insert(true);
Harald Welte9daaa792016-03-20 15:01:20 +0100[diff] [blame]498 uint8_t real_atr[] = { 0x3B, 0x9F, 0x96, 0x80, 0x1F, 0xC7, 0x80, 0x31,
499 0xA0, 0x73, 0xBE, 0x21, 0x13, 0x67, 0x43, 0x20,
500 0x07, 0x18, 0x00, 0x00, 0x01, 0xA5 };
501 atr_update_csum(real_atr, sizeof(real_atr));
502 request_set_atr(real_atr, sizeof(real_atr));
Harald Welte095ac6c2016-03-19 13:39:33 +0100[diff] [blame]503
504 run_mainloop();
505 ret = 0;
506
507 if (g_udp_fd < 0)
508 libusb_release_interface(g_devh, 0);
509close_exit:
510 if (g_devh)
511 libusb_close(g_devh);
512 if (keep_running)
513 sleep(1);
514 } while (keep_running);
515
516release_exit:
517 if (g_udp_fd < 0)
518 libusb_exit(NULL);
519do_exit:
520 return ret;
521}