I found a new functionality on wpa_supplicant master branch.
http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=a5d44ac0839358f25c4586de58b4125a21e2c7b6
http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=569ccf719f794d5df243f86892668995ab6d3868
http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=db13605816d4ab1e15a05129e3f30316dffad67a
If we port this patch, We can do EAP-SIM/AKA/AKA' without pcsc_func.c
modification.
Indeed this patch is not included in wpa_supplicant in the Android.
But this patch will be added in future release.
So I think backporting this patch and use this is better solution.
Regards,
Masashi Honma.
2013/9/30 Shao-Hang Kao <s...@mozilla.com>:
> cc mvines,
>
> we proposed another architecture without patching wpa_supplicant but require
> 3 RIL requests which may not supported on all devices:
>
> // UICC Secure Access
> this.REQUEST_SIM_OPEN_CHANNEL = 121;
> this.REQUEST_SIM_CLOSE_CHANNEL = 122;
> this.REQUEST_SIM_ACCESS_CHANNEL = 123;
>
> any suggestions?
>
> Best Regards,
> S.H. Kao
> Software Engineer, Mozilla Taiwan
>
> ----- Original Message -----
> From: "Shao-Hang Kao" <s...@mozilla.com>
> To: dev-b2g@lists.mozilla.org
> Sent: Monday, September 30, 2013 6:26:24 PM
> Subject: Re: [b2g] EAP-SIM Architecture proposal
>
> Just tried SIM_ACCESS_CHANNEL on Inari and looks like it's not supported:
>
> I/Gecko ( 369): -*- RadioInterface[0]: Received message from worker:
> {"channel":0,"apdu":{"cla":0,"command":164,"p1":4,"p2":0,"p3":0},"rilMessageToken":342,"rilMessageType":"iccExchangeAPDU","rilRequestType":123,"rilRequestError":6,"error":"RequestNotSupported"}
>
> If it's impossible to implement SIM_OPEN/ACCESS/CLOSE_CHANNEL with SIM_IO
> then I think it's may be almost impossible to implement EAP-SIM without a
> patch of wpa_supplicant.
>
> Best Regards,
> S.H. Kao
> Software Engineer, Mozilla Taiwan
>
> ----- Original Message -----
> From: s...@mozilla.com
> To: dev-b2g@lists.mozilla.org
> Sent: Friday, September 27, 2013 5:32:10 PM
> Subject: Re: [b2g] EAP-SIM Architecture proposal
>
> Hi,
>
> I'm proposing an alternative architecture without maintaining a patch over
> wpa_supplicant.
>
> Using a similar architecture to the project seek-for-android[1], we need a
> pcsc daemon (pcscd) from pcsc-lite running on B2G as a fake card reader so
> wpa_supplicant can communicate with it when EAP-SIM authentication needed.
> With some modifications in pcscd we can implement these operations (as an
> SmartCardInterface) with 3 RIL requests: SIM_OPEN_CHANNEL, SIM_CLOSE_CHANNEL
> and SIM_ACCESS_CHANNEL, and redirect them to chrome process via unix domain
> socket. For the detailed visualization of this architecture please refer to
> [2].
>
> There're some potential problems:
> a. we need 3 requests mentioned above but the target may not support them, so
> far we only know nexus-s have these implemented and not sure for other
> devices. possible solution: use SIM_IO to implement them (reference: [3])
> b. we have to make sure the socket connection between pcscd & chrome process
> is secured, otherwise someone my pretent they're 'fake pcscd' to connect and
> access sim card with open/close/access channel operations (pointed out by
> Yoshi Huang), possible solutions:
> 1. the domain socket will be opened in root privilege, so processes
> without root privilege can't access it and it's safe on devices not rooted.
> I'm not sure how secure we should achieve and have no idea if this is enough
> to solve this problem.
> 2. Further more, we can parse the APDU received with SIM_ACCESS_CHANNEL
> (in chrome process) and only allow EAP-SIM related commands to execute,
> basically they will be get imsi & authentication related commands (I'm not
> sure about the exact commands, need to do further tests)
> 3. maybe some challenge based protocols suggested by Henry Chang
>
> Any problems or suggestions are welcome, Thanks!
>
> S.H. Kao
>
> [1] http://code.google.com/p/seek-for-android/wiki/EapSimAka
> [2]
> https://docs.google.com/presentation/d/1CK6aKzw5jhAjNopqrmifGHDIgvJsfGP1bXmpwk-Z0aw/edit?usp=sharing
> [3] https://bugzilla.mozilla.org/show_bug.cgi?id=921320
> _______________________________________________
> dev-b2g mailing list
> dev-b2g@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-b2g
> _______________________________________________
> dev-b2g mailing list
> dev-b2g@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-b2g
> _______________________________________________
> dev-b2g mailing list
> dev-b2g@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-b2g
_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g
