Great! I'm doing same project. Now I can connect with EAP-SIM/AKA/AKA' by using SIM emulator in wpa_supplicant. Because I don't have SIM reader. If you want, I can upload the patch.
But I have concern about the approach using pcsc funcs. I guess each SIM vendor has own SIM API. So I think we need to know vendor specific SIM API. Is that true ? Regards, Masashi Honma. 2013/7/3 Dimi Lee <[email protected]>: > Hi all, > Currently taipei team are implementing the EAP-SIM WIFI authentication > protocol for B2G device. > We want to share current architecture to know if there are any problem or > suggestion of this design. > So any suggestion or question is welcome. > > I will briefly describe what is EAP-SIM first then introduce how we are going > to implement it. > > What is EAP-SIM? > > EAP-SIM protocol was developed by 3GPP and it is an authentication method > based on Extensible Authentication > Protocol(EAP) framework. It use SIM authentication algorithm between the > cleint and the Authentication server > to provide mutual authentication. > The basic idea is each SIM card contain a private key and this key is also > stored in operator's home location > register(HLR) which can be identified by IMSI of SIM card. So device send > it's IMSI to authentication server > so server can retrieve the private key. Because both device and server have > the same private key so they can > use challenge-response based authentication algorithm to verify each other. > > Architecture - Modification: > > wpa_supplicant support the flow to handle EAP-SIM authentication, it use a > component accessing card reader > interface to communicate with SIM card to get necessary information.But this > way is not supported in our B2G device. > > So what we are planing to do is use gecko RIL module instead of using card > read interface. > Although we are trying not to modify wpa_supplicant, this task cannot be done > without any modification of code > in wpa_supplicant. So we limit our changes only happen in one file > (pcsc_funcs.c) which the original function > of this file is using card reader interface to access sim card. What we do > here is modify this file and redirect > command from wpa_supplicant to gecko module to get sim information. > > The pcsc_funcs.c file provide following interface used by wpa_supplicant and > we will modify the implementation of each interface: > > 1.scard_init : Establish IPC connection to gecko > 2.scard_deinit : Close IPC channel > 3.scard_get_imsi : Use established IPC connection to get IMSI > 4.scard_gsm_auth : Use established IPC connection to notify RIL to do gsm > authentication > 5.scard_umts_auth : Use established IPC connection to notify RIL to do umts > authentication > You can use following link to get more clear view of this architecture. > https://docs.google.com/drawings/d/1FsY1EU_NF7Rsu_D6VU9V0KZHHSdSCXmV_MhwZ-6Mc0U/edit > > Architecture - Flow of EPA-SIM: > > When WifiManager is initialized, it firstly create a worker thread listen on > specific socket, We implement this component > in gecko/ipc/wpasupplicant to handle this job. > > When wpa_supplicant is trying to connect to an AP with EAP-SIM protocol, it > will call scard_init first. > In scard_init we will establish an IPC channel with ipc/wpasupplicant. > > When wpa_supplicant need any sim information or operation, it will call API > like scard_get_imsi, scard_gsm_auth ...etc > We use the IPC channel established before and notify WifiManager that > wpa_supplicant need sim operation. > Since WifiManager do not have the ability to access sim card, we create a RIL > instance in WifiManager and use API of > RadioInterfaceLayer to execute opeartion we need. > > Following is API we will need to add in nsIRadioInterfaceLayer.idl > > interface nsIRadioInterfaceLayer : nsISupports > { > void simGSMAuthentication(in DOMString rand); > void simUMTSAuthentication(in DOMString rand, in DOMString autn); > > ... > }; > > Please feel free to share any suggestion, we are glad to hear any feedback :) > Thanks, > > Best regards > Dimi > > > > _______________________________________________ > dev-b2g mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
