Just tried SIM_ACCESS_CHANNEL on Inari and looks like it's not supported:
I/Gecko ( 369): -*- RadioInterface[0]: Received message from worker:
{"channel":0,"apdu":{"cla":0,"command":164,"p1":4,"p2":0,"p3":0},"rilMessageToken":342,"rilMessageType":"iccExchangeAPDU","rilRequestType":123,"rilRequestError":6,"error":"RequestNotSupported"}
If it's impossible to implement SIM_OPEN/ACCESS/CLOSE_CHANNEL with SIM_IO then
I think it's may be almost impossible to implement EAP-SIM without a patch of
wpa_supplicant.
Best Regards,
S.H. Kao
Software Engineer, Mozilla Taiwan
----- Original Message -----
From: [email protected]
To: [email protected]
Sent: Friday, September 27, 2013 5:32:10 PM
Subject: Re: [b2g] EAP-SIM Architecture proposal
Hi,
I'm proposing an alternative architecture without maintaining a patch over
wpa_supplicant.
Using a similar architecture to the project seek-for-android[1], we need a pcsc
daemon (pcscd) from pcsc-lite running on B2G as a fake card reader so
wpa_supplicant can communicate with it when EAP-SIM authentication needed. With
some modifications in pcscd we can implement these operations (as an
SmartCardInterface) with 3 RIL requests: SIM_OPEN_CHANNEL, SIM_CLOSE_CHANNEL
and SIM_ACCESS_CHANNEL, and redirect them to chrome process via unix domain
socket. For the detailed visualization of this architecture please refer to [2].
There're some potential problems:
a. we need 3 requests mentioned above but the target may not support them, so
far we only know nexus-s have these implemented and not sure for other devices.
possible solution: use SIM_IO to implement them (reference: [3])
b. we have to make sure the socket connection between pcscd & chrome process is
secured, otherwise someone my pretent they're 'fake pcscd' to connect and
access sim card with open/close/access channel operations (pointed out by Yoshi
Huang), possible solutions:
1. the domain socket will be opened in root privilege, so processes without
root privilege can't access it and it's safe on devices not rooted. I'm not
sure how secure we should achieve and have no idea if this is enough to solve
this problem.
2. Further more, we can parse the APDU received with SIM_ACCESS_CHANNEL (in
chrome process) and only allow EAP-SIM related commands to execute, basically
they will be get imsi & authentication related commands (I'm not sure about the
exact commands, need to do further tests)
3. maybe some challenge based protocols suggested by Henry Chang
Any problems or suggestions are welcome, Thanks!
S.H. Kao
[1] http://code.google.com/p/seek-for-android/wiki/EapSimAka
[2]
https://docs.google.com/presentation/d/1CK6aKzw5jhAjNopqrmifGHDIgvJsfGP1bXmpwk-Z0aw/edit?usp=sharing
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=921320
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
