Hi Masashi, In current architecture, we use RadioInterfaceLayer.js to access RIL interface. And the implementation of RIL interface to do EAP-SIM/EAP-AKA is handled by vendor's RIL module. Vendor's RIL module will access SIM through SIM API. Because our component do not access SIM directly, so we don't need to know if SIM API is different.
Best regards Dimi ----- Original Message ----- From: "Masashi Honma" <[email protected]> To: "Dimi Lee" <[email protected]> Cc: "dev-b2g" <[email protected]> Sent: Thursday, July 4, 2013 8:03:16 AM Subject: Re: [b2g] EAP-SIM Architecture proposal Great! I'm doing same project. Now I can connect with EAP-SIM/AKA/AKA' by using SIM emulator in wpa_supplicant. Because I don't have SIM reader. If you want, I can upload the patch. But I have concern about the approach using pcsc funcs. I guess each SIM vendor has own SIM API. So I think we need to know vendor specific SIM API. Is that true ? Regards, Masashi Honma. 2013/7/3 Dimi Lee <[email protected]>: > Hi all, > Currently taipei team are implementing the EAP-SIM WIFI authentication > protocol for B2G device. > We want to share current architecture to know if there are any problem or > suggestion of this design. > So any suggestion or question is welcome. > > I will briefly describe what is EAP-SIM first then introduce how we are going > to implement it. > > What is EAP-SIM? > > EAP-SIM protocol was developed by 3GPP and it is an authentication method > based on Extensible Authentication > Protocol(EAP) framework. It use SIM authentication algorithm between the > cleint and the Authentication server > to provide mutual authentication. > The basic idea is each SIM card contain a private key and this key is also > stored in operator's home location > register(HLR) which can be identified by IMSI of SIM card. So device send > it's IMSI to authentication server > so server can retrieve the private key. Because both device and server have > the same private key so they can > use challenge-response based authentication algorithm to verify each other. > > Architecture - Modification: > > wpa_supplicant support the flow to handle EAP-SIM authentication, it use a > component accessing card reader > interface to communicate with SIM card to get necessary information.But this > way is not supported in our B2G device. > > So what we are planing to do is use gecko RIL module instead of using card > read interface. > Although we are trying not to modify wpa_supplicant, this task cannot be done > without any modification of code > in wpa_supplicant. So we limit our changes only happen in one file > (pcsc_funcs.c) which the original function > of this file is using card reader interface to access sim card. What we do > here is modify this file and redirect > command from wpa_supplicant to gecko module to get sim information. > > The pcsc_funcs.c file provide following interface used by wpa_supplicant and > we will modify the implementation of each interface: > > 1.scard_init : Establish IPC connection to gecko > 2.scard_deinit : Close IPC channel > 3.scard_get_imsi : Use established IPC connection to get IMSI > 4.scard_gsm_auth : Use established IPC connection to notify RIL to do gsm > authentication > 5.scard_umts_auth : Use established IPC connection to notify RIL to do umts > authentication > You can use following link to get more clear view of this architecture. > https://docs.google.com/drawings/d/1FsY1EU_NF7Rsu_D6VU9V0KZHHSdSCXmV_MhwZ-6Mc0U/edit > > Architecture - Flow of EPA-SIM: > > When WifiManager is initialized, it firstly create a worker thread listen on > specific socket, We implement this component > in gecko/ipc/wpasupplicant to handle this job. > > When wpa_supplicant is trying to connect to an AP with EAP-SIM protocol, it > will call scard_init first. > In scard_init we will establish an IPC channel with ipc/wpasupplicant. > > When wpa_supplicant need any sim information or operation, it will call API > like scard_get_imsi, scard_gsm_auth ...etc > We use the IPC channel established before and notify WifiManager that > wpa_supplicant need sim operation. > Since WifiManager do not have the ability to access sim card, we create a RIL > instance in WifiManager and use API of > RadioInterfaceLayer to execute opeartion we need. > > Following is API we will need to add in nsIRadioInterfaceLayer.idl > > interface nsIRadioInterfaceLayer : nsISupports > { > void simGSMAuthentication(in DOMString rand); > void simUMTSAuthentication(in DOMString rand, in DOMString autn); > > ... > }; > > Please feel free to share any suggestion, we are glad to hear any feedback :) > Thanks, > > Best regards > Dimi > > > > _______________________________________________ > dev-b2g mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
