SIM协议栈实体在系统启动时会进行什么样的初始化步骤呢？以下以TI的协议栈实现来分析。

在app_init_sim_data这个函数中注册了SIM的insert和remove的hook函数。

simdrv_register(app_sim_insert, app_sim_remove);

GLOBAL void app_sim_insert( T_SIMDRV_atr_string_info *atr_string_info,

U8 config_requested,

T_SIMDRV_config_characteristics *config_characteristics)

{

//在ATR处理完成后，首先将当前dir设为MF

sim_data.act_directory = SIM_MF;

//首先选择DFgsm

error = FKT_Select (SIM_DF_GSM, response, SIM_MIN_DMF_ST_LEN);

//如果成功选择将返回信息存入dir_status中，并设置标识

SIM_SET_FLAG (GSM_DATAFIELD);

//否则选择DF1800

error = FKT_Select (SIM_DF_1800, response, SIM_MIN_DMF_ST_LEN);

SIM_CLEAR_FLAG (GSM_DATAFIELD);

然后分配一个协议原语

T_SIM_ACTIVATE_CNF * sim_activate_cnf;

if (SIM_IS_FLAG_SET (ACTIVATION_STARTED))

{

PALLOC (sim_activate, SIM_ACTIVATE_CNF);

sim_activate_cnf = sim_activate;

}

else

{

PALLOC (sim_activate, SIM_ACTIVATE_IND);

sim_activate_cnf = (T_SIM_ACTIVATE_CNF *)sim_activate;

}

//然后读取ECC

if (FKT_Select (SIM_ECC, response, SIM_MIN_EF_ST_LEN) EQ SIM_NO_ERROR)

FKT_ReadBinary (sim_activate_cnf->ec_code, 0, length);

//然后读取LP

if (FKT_Select (SIM_LP, response, SIM_MIN_EF_ST_LEN) EQ SIM_NO_ERROR)

FKT_ReadBinary (sim_activate_cnf->pref_lang, 0, length);

//将atr也放入协议原语中

memcpy (sim_activate_cnf->atr, atr_string_info->atr_string, length);

//接着检查PIN与PUk的状态

SIM_CLEAR_FLAG (SIM_PIN_FLAG);

sim_activate_cnf->pin_cnt = FKT_check_pin_count (dir_status.pinstatus);

sim_activate_cnf->puk_cnt = FKT_check_pin_count (dir_status.unbstatus);

sim_activate_cnf->pin2_cnt = FKT_check_pin_count (dir_status.pin2status);

sim_activate_cnf->puk2_cnt = FKT_check_pin_count (dir_status.unb2status);

//然后根据pin与puk的状态设置

sim_activate_cnf->cause = SIM_CAUSE_PIN1_EXPECT/SIM_CAUSE_PIN1_EXPECT;

//如果是SIM_CAUSE_PUK1_BLOCKED则向mmi发送消息后直接返回，不在继续向MM和GMM发送消息的过程。

TRACE_EVENT (”Card blocked”);

sim_activate_cnf->cause = SIM_CAUSE_PUK1_BLOCKED;

SIM_EM_SIM_ACTIVATION_RESULT;

PSENDX (MMI, sim_activate_cnf);

SIM_CLEAR_FLAG (ACTIVATION_STARTED);

return;

//如果pin与puk不需要则继续向下执行，否则等待pin与puk的验证。

if (SIM_IS_FLAG_CLEARED (SIM_PIN_FLAG))

/*

* PIN entering is not necessary

*/

{

SIM_SET_FLAG(PIN1_VERIFIED);

TRACE_EVENT (”Read the rest of Parameters”);

app_sim_read_parameters ();

app_start_status_timer (TRUE);

}

else

{

TRACE_EVENT (”Wait for PIN/PUK entering”);

SIM_CLEAR_FLAG (MM_KNOWS_FROM_SIM);

vsi_t_stop (VSI_CALLER SIM_TIMER);

}

app_sim_read_parameters ()

{

//分配SIM_MMI_INSERT_IND协议原语

PALLOC (sim_mmi_insert_ind, SIM_MMI_INSERT_IND);

接着读取SIM的Phase

error = FKT_Select (SIM_PHASE, NULL, 0);

if (error EQ SIM_NO_ERROR)

error = FKT_ReadBinary (&sim_data.sim_phase, 0, 1);

if (sim_data.sim_phase EQ 0)

sim_data.sim_phase = 1;

if (sim_data.sim_phase > 3)

sim_data.sim_phase = 3;

Phase为1的情况下会进行如下操作

// try to read the SIM service table

if (!app_read_sim_service_table(sim_mmi_insert_ind))

{

app_sim_mmi_insert_ind (sim_mmi_insert_ind, SIM_NO_OPERATION);

return;

}

if (app_sim_mm_insert_ind (sim_mmi_insert_ind) EQ FALSE)

app_sim_mmi_insert_ind (sim_mmi_insert_ind, SIM_NO_OPERATION);

else

app_sim_mmi_insert_ind (sim_mmi_insert_ind, SIM_ADN_ENABLED) ;

PSENDX (MMI, sim_mmi_insert_ind);

app_sim_sms_insert_ind ();

Phase为2+的情况说明该sim卡支持STK服务。

stk_perform_profile_download ();

/* Update the Terminal Support table*/

if(FKT_Select(SIM_CING_TRMST, NULL, 0) EQ SIM_NO_ERROR)

{

FKT_UpdateBinary (sim_data.trmst, MAX_TRMST, 0);

}

Phase 2和2+会接着进行如下的操作

result = app_fdn_bdn_procedures (sim_mmi_insert_ind);

if ((result EQ SIM_NO_OPERATION) OR

!app_sim_mm_insert_ind (sim_mmi_insert_ind))

app_sim_mmi_insert_ind (sim_mmi_insert_ind, SIM_NO_OPERATION);

else

app_sim_mmi_insert_ind (sim_mmi_insert_ind, result);

PSENDX (MMI, sim_mmi_insert_ind);

if (result NEQ SIM_NO_OPERATION)

app_sim_sms_insert_ind ();

}

}

SELECT

COMMAND	CLASS	INS	P1	P2	P3
SELECT	‘A0′	‘A4′	‘00′	‘00′	‘02′

Command parameters/data:

Byte(s)	Description	Length
1-2	File ID	2

Response parameters/data in case of an MF or DF:

Byte(s)	Description	Length
1-2	- RFU	2
3 - 4	Total amount of memory of the selected directory which is not allocated to any of the DFs or EFs under the selected directory	2
5 – 6	File ID	2
7	Type of file	1
8 - 12	RFU	5
13	Length of the following data (byte 14 to the end)	1
14 - 34	GSM specific data	21

GSM specific data:

Byte(s)	Description	Length
14	File characteristics	1
15	Number of DFs which are a direct child of the current directory	1
16	Number of EFs which are a direct child of the current directory	1
17	Number of CHVs, UNBLOCK CHVs andadministrative codes	1
18	RFU	1
19	CHV1 status	1
20	UNBLOCK CHV1 status	1
21	CHV2 status	1
22	UNBLOCK CHV2 status	1
23	RFU	1
24 - 34	Reserved for the administrative management 0 . lgth	11

Response parameters/data in case of an EF:

Byte(s)	Description	Length
1-2	RFU	2
3 -4	File size(for transparent EF: the length of the body part of the EF)(for linear fixed or cyclic EF: record length multiplied by the number of records of the EF)	2
5 - 6	File ID	2
7	Type of file	1
8	For transparent and linear fixed EFs this byte is RFU. For a cyclic EF all bits except bit 7 are RFU;b7=1 indicates that the INCREASE command is allowed on the selected cyclic file.	1
9 - 11	Access conditions	3
12	File status	1
13	Length of the following data (byte 14 to the end)	1
14	Structure of EF	1
15	Length of a record	1
16 and following	RFU	-

Read the rest of this post »

对SIM卡的操作必须严格按照GSM规范规定的协议进行。其格式如下：

•CLA •INS • P1 • P2 • P3 • Data
SIM卡返回数据格式如下：
Data •               SW1 • SW2

CLA：指令的类型
INS:指令代码。
P1,P2,P3：指令参数，其中P3表示data的长度。P3=00表示返回256字节长度的data。
SW1，SW2表示命令成功与否的状态。

在T=0的情况下，一些函数在使用select指令后需要使用get response指令并使用参数来得到对应的数据。
如果事先并不知道返回数据的长度，那么在第一个命令的返回状态中将会包括对应的长度。

SIM卡操作指令表如下
Read the rest of this post »

以下是一些比较重要的SIM卡中包含的EF信息。
EFLP (Language preference)
包含一个或多个语言的代码。
Identifier: ‘6F05′    Structure: transparent    Mandatory
File size: 1-n bytes                Update activity: low
Access Conditions:
READ           ALW
UPDATE        CHV1
INVALIDATE     ADM
REHABILITATE  ADM
Bytes Description                   M/O      Length
1 1st language code (highest prior.)    M        1 byte
2 2nd language code                 O           1 byte
n nth language code (lowest prior.)    O           1 byte

EFIMSI (IMSI)
包含IMSI(International Mobile Subscriber Identity)信息
Identifier: ‘6F07′ Structure: transparent Mandatory
File size: 9 bytes Update activity: low
Access Conditions:
READ CHV1
UPDATE ADM
INVALIDATE ADM
REHABILITATE CHV1
Bytes Description M/O Length
1 length of IMSI M 1 byte
2 - 9 IMSI M 8 bytes

EFKc (Ciphering key Kc)
包含用来加密的信息
Identifier: ‘6F20′ Structure: transparent Mandatory
File size: 9 bytes Update activity: high
Access Conditions:
READ CHV1
UPDATE CHV1
INVALIDATE ADM
REHABILITATE ADM
Bytes Description M/O Length
1 - 8 Ciphering key Kc M 8 bytes
9 Ciphering key sequence number n M 1 byte

EFPLMNsel (PLMN selector)
包含Mobile Network Code (MNC).和Mobile Country Code (MCC)信息
Identifier: ‘6F30′ Structure: transparent Optional
File size: 3n (n . bytes Update activity: low
Access Conditions:
READ CHV1
UPDATE CHV1
INVALIDATE ADM
REHABILITATE ADM
Bytes Description M/O Length
1 - 3 1st PLMN (highest priority) M 3 bytes
22 - 24 8th PLMN M 3 bytes
25 - 27 9th PLMN O 3 bytes
(3n-2)-3n nth PLMN (lowest priority) O 3 bytes
Read the rest of this post »

Ref.11.11
SIM卡在系统中连接如下图

Answer To Reset (ATR)
当手机reset SIM时，SIM卡会返回一些信息给手机，这些信息中包含SIM卡对应的一些信息和参数。具体对应可参考ISO/IEC 7816-3
TS：Initial character 高低电平，LSB MSB传输顺序的约定。
T0：Format character 表示接口字符的个数和历史字节的数量。
TA1：Interface character 表示有增强的波特率，公式 3571200 / ( Fi / Di )
TB1：Interface character表示编程电流 I /电压 P，高2位表示电流I，低6位表示电压P
TC1：Interface character 额外保护时间
TD1: Interface character  通讯协议
TA2: 协议T=0 不使用
TB2：不使用。
TC2：额外保护时间
TDi,TAi, TBi, TCi（i>1）
T1,…,TK : Historical characters
TCK: Check character

SIM卡中的内容
SIM卡类似一个文件夹，拥有多个目录和目录下的文件。目录和文件都有一个独立的对应标识。
Master File (MF): The unique mandatory file containing access conditions and optionally DFs and/or EFs.
Dedicated File (DF): A file containing access conditions and, optionally, Elementary Files (EFs) or other Dedicated Files (DFs).
Elementary File (EF): A file containing access conditions and data and no other files.

File identifier
The first byte identifies the type of file, and for GSM is:
- ‘3F’: Master File;
- ‘7F’: 1st level Dedicated File;
- ‘5F’: 2nd level Dedicated File;
- ‘2F’: Elementary File under the Master File;
- ‘6F’: Elementary File under a 1st level Dedicated File;
- ‘4F’: Elementary File under 2nd level Dedicated File.

Dedicated File (DF)
Two 1st level DFs are defined in this specification:
- DFGSM which contains the applications for both GSM and/or DCS 1800;
- DFTELECOM which contains telecom service features.
Read the rest of this post »

这篇的出现意味着我开始学习和分析GSM协议栈了。
TI Locosto GSM/GPRS协议栈架构如下图。