Hi Dimi, I have a couple of concerns here.
First off, my understanding is that this doesn't create any new workers, right? This only adds additional code to the already existing worker that we are using to communicate with the wpasupplicant. Is this correct? If so that's fine. We need to avoid adding more workers, but adding functionality to existing ones sounds fine for now. I'm also worried about having to modify the wpa supplicant. My understanding is that OEMs ship their own wpa supplicant quite often. How will we ensure that this feature will still work on a shipped device? Other than that I don't have much input. But I'm very much not an expert in this code. cc'ing Kyle who have might more opinions. / Jonas On Wed, Jul 3, 2013 at 12:58 AM, Dimi Lee <d...@mozilla.com> wrote: > Hi all, > Currently taipei team are implementing the EAP-SIM WIFI authentication > protocol for B2G device. > We want to share current architecture to know if there are any problem or > suggestion of this design. > So any suggestion or question is welcome. > > I will briefly describe what is EAP-SIM first then introduce how we are going > to implement it. > > What is EAP-SIM? > > EAP-SIM protocol was developed by 3GPP and it is an authentication method > based on Extensible Authentication > Protocol(EAP) framework. It use SIM authentication algorithm between the > cleint and the Authentication server > to provide mutual authentication. > The basic idea is each SIM card contain a private key and this key is also > stored in operator's home location > register(HLR) which can be identified by IMSI of SIM card. So device send > it's IMSI to authentication server > so server can retrieve the private key. Because both device and server have > the same private key so they can > use challenge-response based authentication algorithm to verify each other. > > Architecture - Modification: > > wpa_supplicant support the flow to handle EAP-SIM authentication, it use a > component accessing card reader > interface to communicate with SIM card to get necessary information.But this > way is not supported in our B2G device. > > So what we are planing to do is use gecko RIL module instead of using card > read interface. > Although we are trying not to modify wpa_supplicant, this task cannot be done > without any modification of code > in wpa_supplicant. So we limit our changes only happen in one file > (pcsc_funcs.c) which the original function > of this file is using card reader interface to access sim card. What we do > here is modify this file and redirect > command from wpa_supplicant to gecko module to get sim information. > > The pcsc_funcs.c file provide following interface used by wpa_supplicant and > we will modify the implementation of each interface: > > 1.scard_init : Establish IPC connection to gecko > 2.scard_deinit : Close IPC channel > 3.scard_get_imsi : Use established IPC connection to get IMSI > 4.scard_gsm_auth : Use established IPC connection to notify RIL to do gsm > authentication > 5.scard_umts_auth : Use established IPC connection to notify RIL to do umts > authentication > You can use following link to get more clear view of this architecture. > https://docs.google.com/drawings/d/1FsY1EU_NF7Rsu_D6VU9V0KZHHSdSCXmV_MhwZ-6Mc0U/edit > > Architecture - Flow of EPA-SIM: > > When WifiManager is initialized, it firstly create a worker thread listen on > specific socket, We implement this component > in gecko/ipc/wpasupplicant to handle this job. > > When wpa_supplicant is trying to connect to an AP with EAP-SIM protocol, it > will call scard_init first. > In scard_init we will establish an IPC channel with ipc/wpasupplicant. > > When wpa_supplicant need any sim information or operation, it will call API > like scard_get_imsi, scard_gsm_auth ...etc > We use the IPC channel established before and notify WifiManager that > wpa_supplicant need sim operation. > Since WifiManager do not have the ability to access sim card, we create a RIL > instance in WifiManager and use API of > RadioInterfaceLayer to execute opeartion we need. > > Following is API we will need to add in nsIRadioInterfaceLayer.idl > > interface nsIRadioInterfaceLayer : nsISupports > { > void simGSMAuthentication(in DOMString rand); > void simUMTSAuthentication(in DOMString rand, in DOMString autn); > > ... > }; > > Please feel free to share any suggestion, we are glad to hear any feedback :) > Thanks, > > Best regards > Dimi > > > > _______________________________________________ > dev-b2g mailing list > dev-b2g@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
