Hi All,
I’ve just purchased some Sysmocom ISIM SJA5 S17 cards which can do the authentication based SUCI calculation on the USIM.
I’ve managed to get the Profile A based SUCI calculation in USIM working but I’m struggling with the Profile B based calculation.
Using the same Profile-B based key set-up the SUCI calculation via ME works which suggests my public key data is correct. However when I do the same set-up with SUCI calculation via USIM the handset will not PRACH/RRC-connect. I get this behaviour across a number of different handsets.
It appears the phone handsets don’t like the SIM card when configured for Profile-B based SUCI calculation via USIM.
Does the SJA5 S17 card only support Profile A based SUCI Calculation in USIM and not Profile-B?
If the SJA5 S17 card can support Profile-B SUCI Calculation in USIM any ideas what I may have missed in my card set-up (currently I enable services no. 124 and 125, and then populate the DF.SAIP/EF.SUCI_Calc_Info file)?
Many thanks,
Warren
Hi Warren,
do you have some kind of APDU trace of what happens between the USIM and the UE in the working Profile-A vs the non-working Profile-B case? You can obtain such traces for example via QXDM/DIAG or via a SIMtrace2 or related device.
The only constraint I’m currently aware of is the fact that only the uncompressed form is supported - as it is described as a constraint in the TCA package interoperable specification (v. 3.3) section 12.2.
Can you please double-check you’re not using the compressed format?
Hi Harald,
Thanks for getting back to me.
Yes I have attempted to use compressed form:
sudo openssl ecparam -name prime256v1 -genkey -conv_form compressed -out ./secp256r1-41.key
Sorry I didn’t realise “compressed” form was not supported, I’ll try “uncompressed” form and hopefully that will correct the issue.
Many thanks,
Warren
Hi Harald,
Using Profile-B in “uncompressed” form has fixed the issue.
Also the iPro13 handset accepted the SIM card so I’m guessing it must check the length of the Profile-B public key and if it’s length is less than the expected uncompressed form it must reject/disable use of the SIM card.
Many thanks for your help, much appreciated.
Regards,
Warren
great!
There is no way for the iPhone or any phone to check the length of the key if it is service 125 (suci on card). They will simply be sending a GET IDENTITY command (or whatever was the first step of the SUCI based mechanism) and that will return a non-successful status word.
Well, to be honest it wasn’t stated clearly in the sysmoISIM-SJA5 user manual so far, which I have corrected now after your inquiry here. So let’s hope future users will read/find that notice there.
Ah ok, thanks for that clarification
That would be really helpful, many thanks again