bladox.com Forum Index bladox.com
Turbo SIM Toolkit Adapter Forums
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Crypto Functionality and STK

 
Post new topic   Reply to topic    bladox.com Forum Index -> Development
View previous topic :: View next topic  
Author Message
cporter
Guest





PostPosted: Sun Jun 10, 2007 4:12 pm    Post subject: Crypto Functionality and STK Reply with quote

Hi,

I would like to share some thoughts upon which I have been pondering for the last few weeks. I am sure that I'll get some positive feedback from this forum. So let me start (there's no particular ordering):

1. STK Triggers
------------------

There are many ways on how one may access an STK app on TurboSIM (or SIM card for that matter), including: ECMAScript + EFI (which is not so documented, except for generic non-techical standards), STK Triggers (e.g. SMS with a particular header), Direct user invocation through STK Menu, and so on.

I am aware that a number of STK triggers exist, but would it be possible that an STK Application is automatically loaded (triggered) with a particular value (parametrized), after an SMS is sent from another terminal (authentication server)? And are there any limitations or conditions for this to work properly?

How does Turbo STK API handle this? What special properties are required on both the Short message formulation and also on the STK application trigger registrations? Are there any demos with this regard?


2. Cryptographic Capabilities
---------------------------------

Having seen the ECC Key Signing example application provided within the Turbo Packages, I would like to clarify some aspects:

It isn't apparently clear how the message hashing is being carried out. Is there any documentation on both technical and usage aspects of the application?

I am aware of the need for EEPROM storage through the usage of reg_app_data() and app_data(). But is that the way one can store the private keys on TS? What are the best practices suggested?


3. STK Publications
----------------------

Are there any specialized forums/publications for SIM Application Toolkit development? I have encountered the following book:

Mobile Application Development with SMS and the SIM Toolkit - Guthery and Cronin, but it is tailored around the SmartTrust Toolkit.


I thank you all in advance.

Regards,

Chris Porter


Last edited by cporter on Fri Sep 28, 2007 12:33 pm; edited 1 time in total
Back to top
pz
Guest





PostPosted: Tue Jun 12, 2007 10:15 am    Post subject: Re: Crypto Functionality and STK Reply with quote

cporter wrote:
Hi,

I would like to share some thoughts upon which I have been pondering for the last few weeks. I am sure that I'll get some positive feedback from this forum. So let me start (there's no particular ordering):

1. STK Triggers
------------------

There are many ways on how one may access an STK app on TurboSIM (or SIM card for that matter), including: ECMAScript + EFI (which is not so documented, except for generic non-techical standards), STK Triggers (e.g. SMS with a particular header), Direct user invocation through STK Menu, and so on.

My objective is to invoke an STK application upon a certain user action while browsing on the web (e.g. user clicks Authenticate yourself). This could both be at WAP level or normal PC browsing. After the user selects the action, I want to trigger the STK application (through a message being sent by an authentication server). Now, as said before there are many ways on how to do this, but I tend to prefer the SMS approach for many reasons, such as wide-adoption).

I am aware that a number of STK triggers exist, but would it be possible that an STK Application is automatically loaded (triggered) with a particular value (parametrized), after an SMS is sent from another terminal (authentication server)? And are there any limitations or conditions for this to work properly?


In general there is only one limitation - your SMS has to get to SIM/Turbo SIM to be processed. Today many phones unfortunately don't store SMS to SIM and keep it in internal phone memory. There are means to tell phone "store it to SIM", see SMS DCS/PID codings. You can use just class 2 DCS but unfrotuantely for today lame phone implementations this may not be enough, best is to use so called DATA DOWNLOAD type of SMS - PID=0x7F, DCS=0xF6 (or something simillar, see SMS standard). This type of SMS is used by operators quite a lot and hence tested/pushed by operators -> phone vendors care. One drawback may be that such message type can be blocked for use only for given operator (you can use other operator that allows it, international delivery also works, usually it's blocked by sendning operator) and also not supported by internet SMS gateways (those services that connect to SMSC of various operators).

Quote:

How does Turbo STK API handle this? What special properties are required on both the Short message formulation and also on the STK application trigger registrations? Are there any demos with this regard?


This is very widely used, many our apps use SMS commands - see pager, auto alarm (these work with "normal" message types). I would recommend to look at "Turbo SMS", where we define some format/heading and it's very easy to use. Kernel filters/passes messages to your application. See "locate" demo and also "Turbo SMS" chapter in devel docs - there is format, API, examples...

Quote:

Let me summarize the scenario through a UC:

1. User selects Authentication Command on web/wap site
2. STK application is triggered on mobile device after special message is sent from the Auth. server.
3. User makes use of STK application's operations (e.g. Sign to authenticate transaction)
4. Client STK application sends short message back to the server (with data e.g. Signature and other meta information).
5. Server carries out authentication procedures (Validation and Redirection).


Yes, easy to do.

Quote:

2. Cryptographic Capabilities
---------------------------------

Having seen the ECC Key Signing example application provided within the Turbo Packages, I would like to clarify some aspects:

A. It isn't apparently clear how the message hashing is being carried out. Is there any documentation on both technical and usage aspects of the application?


Message hashing isn't performed by sign application, it gets hash as input to sign. In full application user gets hash on screen with question "sign?". He can compare received hash with one generated by e.g. email application on PC in internet cafe. If he wouldn't trusted this given PC the idea is to have public service generating hashes. So this part is secure.

Quote:

B. How and where are the private keys persistently stored on TurboSIM, and in what way is the application accessing such keys?

I am aware of the need for EEPROM storage through the usage of reg_app_data() and app_data(). But is that the way one can store the private keys on TS? What are the best practices suggested?


As you describe, reg_app_data() allow your application to store/register one eeprom pointer. What you store there is up to you. There is another way for more sensitive stuff - protected memory, see chapter in devel docs for API and examples.

Quote:

3. STK Publications
----------------------

Are there any specialized forums/publications for SIM Application Toolkit development? I have encountered the following book:

Mobile Application Development with SMS and the SIM Toolkit - Guthery and Cronin, but it is tailored around the SmartTrust Toolkit.



I would recommend only the standards 11.11 and 11.14 available at etsi. These are the best and most reliable source. Then of course our devel docs and esp. examples.

As for forums - STK specific probably only this one, then there is JavaCard on java sun site (also some STK topics can be found there).

Btw. do you have any experience with WIM? Part of WAP doing what you want, published in 1999 but so far we haven't ever seen any SIM supporting it. As for phones - this is open, we don't know, maybe support is there but not seen because no WIM SIM available. It would be possible to implement WIM on out technology. So far we support only class 0xA0, WIM needs also 0x00 and ox8x, we have 0x00 on our TODO for long time.
Back to top
cporter
Guest





PostPosted: Fri Jun 22, 2007 10:25 am    Post subject: T_SMS_UD -- Cannot access SMS message part Reply with quote

Hi,

The analysis on how to create a 3-state process as described in the use case (above) proved to be feasible, or rather, achievable.

I've created an STK application which is triggered by a server-side message (SMS) sent using DCS 0xF6 and PID 0x00. THis in turn is to allow the user to sign some information and sends it back to the server.

There is one issue here (which may be extremely trivial), which is keeping me from proceeding further:

If I send the message using the normal SMS DCS and PID, the user gets to read whatever has been sent by the server in clear text (e.g. "Transaction 203").

But, if I send the TSMS/SMS over 0xF6 and 0x00, then issues arise:

- Although the app is triggered, I cannot read the message properly (so as to store into a msg variable for further processing). I am only getting the famous characters which in no way are related to the original message. I am assuming that it has something to do with pointer manipulation in C, but I have followed all example applications provided (such as pager.c, procsms.c, locserver.c, smspal.c), unfortunately, all in vain.

- I am trying to get to the tpdu, and then use tpdu_seek(s, T_SMS_UD), from which I then memcpy into my msg var.

- When I send messages using TSMS, I get the same behavior, or worse. The message is not silently recieved... Moreover, after I skip_head(paramData), I still do not get the user data (but some sort of uninitialized memory location dump).

Can you please guide me further into this area? Do you have any example application which displays the T_SMS_UD section recieved, on the ME's display? I just want to prompt the user with the following server side text:

"Please verify the following data: [I have to extract the message content and place it here] ".

I thank you beforehand for your time!

Regards,

Chris
Back to top
pz
Guest





PostPosted: Mon Jun 25, 2007 10:40 am    Post subject: Re: T_SMS_UD -- Cannot access SMS message part Reply with quote

cporter wrote:
Hi,

The analysis on how to create a 3-state process as described in the use case (above) proved to be feasible, or rather, achievable.

I've created an STK application which is triggered by a server-side message (SMS) sent using DCS 0xF6 and PID 0x00. THis in turn is to allow the user to sign some information and sends it back to the server.

There is one issue here (which may be extremely trivial), which is keeping me from proceeding further:

If I send the message using the normal SMS DCS and PID, the user gets to read whatever has been sent by the server in clear text (e.g. "Transaction 203").

But, if I send the TSMS/SMS over 0xF6 and 0x00, then issues arise:

- Although the app is triggered, I cannot read the message properly (so as to store into a msg variable for further processing). I am only getting the famous characters which in no way are related to the original message. I am assuming that it has something to do with pointer manipulation in C, but I have followed all example applications provided (such as pager.c, procsms.c, locserver.c, smspal.c), unfortunately, all in vain.

- I am trying to get to the tpdu, and then use tpdu_seek(s, T_SMS_UD), from which I then memcpy into my msg var.

- When I send messages using TSMS, I get the same behavior, or worse. The message is not silently recieved... Moreover, after I skip_head(paramData), I still do not get the user data (but some sort of uninitialized memory location dump).

Can you please guide me further into this area? Do you have any example application which displays the T_SMS_UD section recieved, on the ME's display? I just want to prompt the user with the following server side text:

"Please verify the following data: [I have to extract the message content and place it here] ".

I thank you beforehand for your time!

Regards,

Chris


Are you aware of possible SMS codings? Standard (normal) SMS is 7 bit packed, i.e. you can fit 160 chars into 140 bytes. DCS 0xF6 is 8 bit, i.e. char=byte. You may also have 7 bit unpacked (and 16bit bet char but this is not interesting for this). My bet is on packed vs. unpacked issue - reason you seem to read trash.
Back to top
cporter
Guest





PostPosted: Mon Jun 25, 2007 11:00 am    Post subject: Reply with quote

Hi Pavel,

I thank you for your reply.

Quote:
Standard (normal) SMS is 7 bit packed, i.e. you can fit 160 chars into 140 bytes. DCS 0xF6 is 8 bit, i.e. char=byte.


Right, am I right in understanding that since I am using Class 2, then I have to include additional steps in order to read back text (e.g. dcs_78())?

Further more, is it possible to send plain text through Data Download?

I thank you for your time...

Regards,

Chris
Back to top
pz
Guest





PostPosted: Mon Jun 25, 2007 11:45 am    Post subject: Reply with quote

cporter wrote:
Hi Pavel,

I thank you for your reply.

Quote:
Standard (normal) SMS is 7 bit packed, i.e. you can fit 160 chars into 140 bytes. DCS 0xF6 is 8 bit, i.e. char=byte.


Right, am I right in understanding that since I am using Class 2, then I have to include additional steps in order to read back text (e.g. dcs_78())?


Class itself doesn't specify what coding (7/8/16 bit) is used, class says what ME should do with the SMS - whatever, store in SIM, show it only as flash. 0xF6 DCS is 8 bit coding - one char = one byte. Question is what you are sending, i.e. how you prepare the message - data. Because 7 bit packed is the most used format it is very possible your sending software packs it for you and you label it as 8 bit -> you see trash.

And yes, dcs_78() can be used for un/packing.

Quote:

Further more, is it possible to send plain text through Data Download?

I thank you for your time...

Regards,

Chris


You can send whatever - you have 140 bytes. DCS mainly says phone how to interpret the content - what is shown to user.

But maybe it's something else, I'm just quessing. Post your code if you can.
Back to top
cporter
Guest





PostPosted: Tue Jun 26, 2007 5:55 am    Post subject: Data Coding Scheme Reply with quote

Good morning Pavel,

The following are some code extracts I have been using to create a 2-way communication channel between an STK Client and SMS Server (Although it is not technically correct to call it a Client/Server app). |

As a sending mechanism, both from Client ME and also from SMS Gateway, the following command set is being used:

res = send_sms (msg, msg_len, ms, MSISDN_ADN, 0xF6, 0x00, NULL, NULL);

.. whereby msg is being generated by another section of the application (both at the client and at the serving side)

On the recieving side (ME), the following code is being used:

void mt_eventSMSHandler(File_apdu_data * fd)
{

//As suggested by all rec_sms methods in example code
u8 *t;
u8 *data = fd->data;
u8 i;
u16 j;
u8 *s;
u8 *msg;

//------- reaching TPDU ---------------
s = data;

// Skip State
s++;
i = *s;

// Skip SMSC Address
s += i + 1;
i = *s;

//Initialize Msg variable
msg = malloc (161);
if (msg)
{
//Obtain length of User Data
t = tpdu_seek (s, T_SMS_UDL);
i = *t;

//Get SMS Body
memcpy (msg, t + 1, 140);

//Given that it was sent using 0xF6, convert back to default alphabet
dcs_78 (msg, i, DCS_8_TO_7);

//Should be \0 terminated?
msg[i] = '\0';
}

display_text(locale(lc_Confirm_Transaction), NULL);
display_text (msg, NULL);

//Trigger another method
stk_thread (smsSignData, NULL);
}

Through the above approach, the message being displayed is somehow composed of the extended characters found in the Default Alphabet table (6.2.1 of 03.3Cool. Hence, being illegible.

I am quite sure that I am overlooking some details here. Any suggestions on how I should be re-constucting the message body?

I thank you in advance for your time.

Yours,

Chris
Back to top
pz
Guest





PostPosted: Thu Jun 28, 2007 7:44 am    Post subject: Re: Data Coding Scheme Reply with quote

cporter wrote:
Good morning Pavel,

The following are some code extracts I have been using to create a 2-way communication channel between an STK Client and SMS Server (Although it is not technically correct to call it a Client/Server app). |


We use this terminology all the time, who cares...

Quote:

As a sending mechanism, both from Client ME and also from SMS Gateway, the following command set is being used:

res = send_sms (msg, msg_len, ms, MSISDN_ADN, 0xF6, 0x00, NULL, NULL);

.. whereby msg is being generated by another section of the application (both at the client and at the serving side)


So the sender is also application in some turbo device?

Quote:

On the recieving side (ME), the following code is being used:

void mt_eventSMSHandler(File_apdu_data * fd)
{

//As suggested by all rec_sms methods in example code
u8 *t;
u8 *data = fd->data;
u8 i;
u16 j;
u8 *s;
u8 *msg;

//------- reaching TPDU ---------------
s = data;

// Skip State
s++;
i = *s;

// Skip SMSC Address
s += i + 1;
i = *s;

//Initialize Msg variable
msg = malloc (161);
if (msg)
{
//Obtain length of User Data
t = tpdu_seek (s, T_SMS_UDL);
i = *t;

//Get SMS Body
memcpy (msg, t + 1, 140);

//Given that it was sent using 0xF6, convert back to default alphabet
dcs_78 (msg, i, DCS_8_TO_7);


No, it's received as 8 bit, unpacked, just to be passed to display_text().

Quote:

//Should be \0 terminated?
msg[i] = '\0';
}

display_text(locale(lc_Confirm_Transaction), NULL);
display_text (msg, NULL);

//Trigger another method
stk_thread (smsSignData, NULL);
Quote:


No, no, you are already in stk_thread(), no? Invoked in turbo_handler() ACTION_SMS.


}

Through the above approach, the message being displayed is somehow composed of the extended characters found in the Default Alphabet table (6.2.1 of 03.3Cool. Hence, being illegible.

I am quite sure that I am overlooking some details here. Any suggestions on how I should be re-constucting the message body?

I thank you in advance for your time.

Yours,

Chris


Have you tried to look at the source of pager app? All is there, for 7bit packed alphabet though.
Back to top
cporter
Guest





PostPosted: Thu Jun 28, 2007 10:42 am    Post subject: Pager Code Reply with quote

Hi Pavel,

Quote:

So the sender is also application in some turbo device?


No, the sender is an application on an SMS Server (e.g. NowSMS, Kannel based app on Unix). Its role is to recieve an SMS, and process its content through another application, while sending results (e.g. "Success") back to ME client.

Quote:

No, no, you are already in stk_thread(), no? Invoked in turbo_handler() ACTION_SMS.


Thought that I could open another thread, but I believe I'd rather call that method within the same thread. Will modify and test for performance shifts.

Quote:

Have you tried to look at the source of pager app? All is there, for 7bit packed alphabet though.


Unfortunately, I tried using the recieve method implemented in the pager app (without the PIN section), but with no success... the application would not even process anything. For the sake of completeness, I copied the code (as is), removed certain conditions, and implemented the recieve function as follows:

...

s = data;
s++; // state
i = *s;
s += i + 1; // TS-Service-Centre-Address

i = *s;
if ((i & 0x03) == 0x00) //deliver
{
msg = malloc (161);
if (msg)
{
if (i & 0x40)
{
// UHDI
u16 bits, b1;

dbsp ("UHDI\n");
t = tpdu_seek (s, T_SMS_DCS);
j = *t;
t = tpdu_seek (s, T_SMS_UDL);
l = *t;
t++;
i = *t; //UDHL
if (dcs_is_7b (j))
{
dbsp ("7B\n");
j = 7 - ((1 + i) * Cool % 7; //padding, fill bits
if (j == 7)
j = 0;
dbsp ("JP ");
dbih (j);
dbc ('\n');
j += (1 + i) * 8; // header in bits divisible 7
dbsp ("J7 ");
dbih (j);
dbc ('\n');
bits = l * 7 - j;
dbsp ("BITS ");
dbih (j);
dbc ('\n');
for (b1 = 0; b1 < bits; b1++)
set_bit (msg, b1, get_bit (t, b1 + j));

i = bits / 7;
dcs_78 (msg, i, DCS_7_TO_8);
msg[i] = '\0';
}
else
{
dbsp ("8B\n");
memcpy (msg, t + 1 + i, l - 1 - i);
msg[l - 1 - i] = '\0';
}
}
else
{
t = tpdu_seek (s, T_SMS_UDL);
i = *t;
memcpy (msg, t + 1, 140);

t = tpdu_seek (s, T_SMS_DCS);
if (dcs_is_7b (*t))
dcs_78 (msg, i, DCS_7_TO_8);
msg[i] = '\0';
}

display_text(msg, null);
...

Once again, I recieved a chunk of extended characters with a <next> at the end.

I am not sure about the following statements:

if ((i & 0x03) == 0x00) //deliver

and

if (i & 0x40)

I apologize for asking for assistance on such matters, but unfortunately, I had no luck through the example app code.

In the meantime I am also working on the Kannel API, trying to establish a listener and server over a GSM modem setup.

I thank you once again for your time!

Regards,

Chris Porter
Back to top
pz
Guest





PostPosted: Thu Jun 28, 2007 11:24 am    Post subject: Re: Pager Code Reply with quote

cporter wrote:
Hi Pavel,

Quote:

So the sender is also application in some turbo device?


No, the sender is an application on an SMS Server (e.g. NowSMS, Kannel based app on Unix). Its role is to recieve an SMS, and process its content through another application, while sending results (e.g. "Success") back to ME client.


And are you sure what this part is sending? I would recommend to simply print what you receive as hexa, e.g. for(i=0;i<200 (something big);i++){dbch(s[i]);dbc(' ');}dbc('\n');

Do you use prog for debugging? Do you have L1/L2 kernel so you can see what's actually received?

Quote:

Quote:

No, no, you are already in stk_thread(), no? Invoked in turbo_handler() ACTION_SMS.


Thought that I could open another thread, but I believe I'd rather call that method within the same thread. Will modify and test for performance shifts.


No, stk_thread() is used as separated loop (thread) spawned/forked from main GSM loop (what we call main loop processing all APDU's). Not related to performance.

Quote:

Quote:

Have you tried to look at the source of pager app? All is there, for 7bit packed alphabet though.


Unfortunately, I tried using the recieve method implemented in the pager app (without the PIN section), but with no success... the application would not even process anything. For the sake of completeness, I copied the code (as is), removed certain conditions, and implemented the recieve function as follows:

...

s = data;
s++; // state
i = *s;
s += i + 1; // TS-Service-Centre-Address

i = *s;
if ((i & 0x03) == 0x00) //deliver
{
msg = malloc (161);
if (msg)
{
if (i & 0x40)
{
// UHDI
u16 bits, b1;

dbsp ("UHDI\n");
t = tpdu_seek (s, T_SMS_DCS);
j = *t;
t = tpdu_seek (s, T_SMS_UDL);
l = *t;
t++;
i = *t; //UDHL
if (dcs_is_7b (j))
{
dbsp ("7B\n");
j = 7 - ((1 + i) * Cool % 7; //padding, fill bits
if (j == 7)
j = 0;
dbsp ("JP ");
dbih (j);
dbc ('\n');
j += (1 + i) * 8; // header in bits divisible 7
dbsp ("J7 ");
dbih (j);
dbc ('\n');
bits = l * 7 - j;
dbsp ("BITS ");
dbih (j);
dbc ('\n');
for (b1 = 0; b1 < bits; b1++)
set_bit (msg, b1, get_bit (t, b1 + j));

i = bits / 7;
dcs_78 (msg, i, DCS_7_TO_8);
msg[i] = '\0';
}
else
{
dbsp ("8B\n");
memcpy (msg, t + 1 + i, l - 1 - i);
msg[l - 1 - i] = '\0';
}
}
else
{
t = tpdu_seek (s, T_SMS_UDL);
i = *t;
memcpy (msg, t + 1, 140);

t = tpdu_seek (s, T_SMS_DCS);
if (dcs_is_7b (*t))
dcs_78 (msg, i, DCS_7_TO_8);
msg[i] = '\0';
}

display_text(msg, null);
...

Once again, I recieved a chunk of extended characters with a <next> at the end.

I am not sure about the following statements:

if ((i & 0x03) == 0x00) //deliver

and

if (i & 0x40)

I apologize for asking for assistance on such matters, but unfortunately, I had no luck through the example app code.


See 11.11, deliver means that message is delivered type, i.e. not that one sent by user, 0x40 means not read - ME can rewrite message more times to SIM.

Quote:

In the meantime I am also working on the Kannel API, trying to establish a listener and server over a GSM modem setup.

I thank you once again for your time!

Regards,

Chris Porter


Please try to dump whole data (=received message) to see what you are receiving.
Back to top
cporter
Guest





PostPosted: Thu Jun 28, 2007 1:27 pm    Post subject: Debugging Reply with quote

Hi Pavel,

Quote:

Do you use prog for debugging? Do you have L1/L2 kernel so you can see what's actually received?


I currently have an issue with TL2. I am using a Nokia E50 and a 6070, but unfortunately the way the connectors are built, I cannot use the ME/TL2/TP setup for debugging.

By tonight I'll be getting a new device (which accepts TL2's cabling) so as to actually and formally start my development Smile. So far, I've been developing on a trial and error basis just to proof the concept, but this cannot go any further.

Quote:

Do you have L1/L2 kernel so you can see what's actually received?


Can you please provide me with such set of tools?

Quote:

See 11.11, deliver means that message is delivered type, i.e. not that one sent by user, 0x40 means not read - ME can rewrite message more times to SIM.


Thanks for the info ... I've been through 11.11/11.14, but obviously a thorough understanding is yet to be achieved!


Regards,

Chris
Back to top
Display posts from previous:   
Post new topic   Reply to topic    bladox.com Forum Index -> Development All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group