Gitiles
Code Review Sign In
gerrit.osmocom.org / libosmocore / 08450c9ec6a2be9f58a9882e2ad0e78c61426254 / . / src / gsm / auth_core.c
blob: 421ecee50adadf311013c1069c3451d7c974c5e4 [file] [log] [blame]
Harald Welte08450c92023-05-30 10:55:37 +0200[diff] [blame^]1/* (C) 2010-2023 by Harald Welte <laforge@gnumonks.org>
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]2 *
3 * All Rights Reserved
4 *
Harald Weltee08da972017-11-13 01:00:26 +0900[diff] [blame]5 * SPDX-License-Identifier: GPL-2.0+
6 *
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]17 */
18
Max38b17232017-12-01 19:06:21 +0100[diff] [blame]19#include "config.h"
20
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]21#include <errno.h>
22#include <stdint.h>
Harald Welted318e612011-12-07 12:16:27 +0100[diff] [blame]23#include <string.h>
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]24
25#include <osmocom/core/utils.h>
26#include <osmocom/core/linuxlist.h>
27#include <osmocom/core/plugin.h>
28
29#include <osmocom/crypt/auth.h>
30
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]31/*! \addtogroup auth
32 * @{
Neels Hofmeyr87e45502017-06-20 00:17:59 +0200[diff] [blame]33 * GSM/GPRS/3G authentication core infrastructure
Neels Hofmeyr17518fe2017-06-20 04:35:06 +0200[diff] [blame]34 *
35 * \file auth_core.c */
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]36
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]37static LLIST_HEAD(osmo_auths);
38
Harald Welte08450c92023-05-30 10:55:37 +0200[diff] [blame^]39/* generate auth_data2 from auth_data (for legacy API/ABI compatibility */
40static int auth_data2auth_data2(struct osmo_sub_auth_data2 *out, const struct osmo_sub_auth_data *in)
41{
42 out->type = in->type;
43 out->algo = in->algo;
44 switch (in->type) {
45 case OSMO_AUTH_TYPE_NONE:
46 return 0;
47 case OSMO_AUTH_TYPE_GSM:
48 memcpy(out->u.gsm.ki, in->u.gsm.ki, sizeof(out->u.gsm.ki));
49 break;
50 case OSMO_AUTH_TYPE_UMTS:
51 memcpy(out->u.umts.opc, in->u.umts.opc, sizeof(in->u.umts.opc));
52 out->u.umts.opc_len = sizeof(in->u.umts.opc);
53 memcpy(out->u.umts.k, in->u.umts.k, sizeof(in->u.umts.k));
54 out->u.umts.k_len = sizeof(in->u.umts.k);
55 memcpy(out->u.umts.amf, in->u.umts.amf, sizeof(out->u.umts.amf));
56 out->u.umts.sqn = in->u.umts.sqn;
57 out->u.umts.opc_is_op = in->u.umts.opc_is_op;
58 out->u.umts.ind_bitlen = in->u.umts.ind_bitlen;
59 out->u.umts.ind = in->u.umts.ind;
60 out->u.umts.sqn_ms = in->u.umts.sqn_ms;
61 break;
62 default:
63 return -EINVAL;
64 }
65 return 0;
66}
67
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]68static struct osmo_auth_impl *selected_auths[_OSMO_AUTH_ALG_NUM];
69
Neels Hofmeyr87e45502017-06-20 00:17:59 +0200[diff] [blame]70/*! Register an authentication algorithm implementation with the core
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]71 * \param[in] impl Structure describing implementation and it's callbacks
Neels Hofmeyrc7bf8d02016-05-08 22:23:40 +0200[diff] [blame]72 * \returns 0 on success, or a negative error code on failure
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]73 *
74 * This function is called by an authentication implementation plugin to
75 * register itself with the authentication core.
76 */
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]77int osmo_auth_register(struct osmo_auth_impl *impl)
78{
79 if (impl->algo >= ARRAY_SIZE(selected_auths))
80 return -ERANGE;
81
82 llist_add_tail(&impl->list, &osmo_auths);
83
84 /* check if we want to select this implementation over others */
85 if (!selected_auths[impl->algo] ||
86 (selected_auths[impl->algo]->priority > impl->priority))
87 selected_auths[impl->algo] = impl;
88
89 return 0;
90}
91
Neels Hofmeyr87e45502017-06-20 00:17:59 +0200[diff] [blame]92/*! Load all available authentication plugins from the given path
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]93 * \param[in] path Path name of the directory containing the plugins
Neels Hofmeyrc7bf8d02016-05-08 22:23:40 +0200[diff] [blame]94 * \returns number of plugins loaded in case of success, negative in case of error
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]95 *
96 * This function will load all plugins contained in the specified path.
97 */
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]98int osmo_auth_load(const char *path)
99{
100 /* load all plugins available from path */
Max38b17232017-12-01 19:06:21 +0100[diff] [blame]101#if !defined(EMBEDDED)
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]102 return osmo_plugin_load_all(path);
Max38b17232017-12-01 19:06:21 +0100[diff] [blame]103#else
104 return -1;
105#endif
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]106}
107
Neels Hofmeyr87e45502017-06-20 00:17:59 +0200[diff] [blame]108/*! Determine if a given authentication algorithm is supported
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]109 * \param[in] algo Algorithm which should be checked
Neels Hofmeyrc7bf8d02016-05-08 22:23:40 +0200[diff] [blame]110 * \returns 1 if algo is supported, 0 if not, negative error on failure
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]111 *
112 * This function is used by an application to determine at runtime if a
113 * given authentication algorithm is supported or not.
114 */
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]115int osmo_auth_supported(enum osmo_auth_algo algo)
116{
117 if (algo >= ARRAY_SIZE(selected_auths))
118 return -ERANGE;
119
120 if (selected_auths[algo])
121 return 1;
122
123 return 0;
124}
125
Maxaf25c372018-12-19 20:12:19 +0100[diff] [blame]126/* 3GPP TS 33.102 §6.8.2.3 C5 function to derive UMTS IK from GSM Kc */
Harald Weltecd9cb902016-04-20 10:39:00 +0200[diff] [blame]127static inline void c5_function(uint8_t *ik, const uint8_t *kc)
128{
129 unsigned int i;
130
131 for (i = 0; i < 4; i++)
132 ik[i] = kc[i] ^ kc[i+4];
133 memcpy(ik+4, kc, 8);
134 for (i = 12; i < 16; i++)
135 ik[i] = ik[i-12];
136}
137
Maxaf25c372018-12-19 20:12:19 +0100[diff] [blame]138/* 3GPP TS 33.102 §6.8.2.3 C4 function to derive UMTS CK from GSM Kc */
Maxceae1232016-06-27 18:12:49 +0200[diff] [blame]139void osmo_c4(uint8_t *ck, const uint8_t *kc)
Harald Weltecd9cb902016-04-20 10:39:00 +0200[diff] [blame]140{
141 memcpy(ck, kc, 8);
142 memcpy(ck+8, kc, 8);
143}
144
Neels Hofmeyr87e45502017-06-20 00:17:59 +0200[diff] [blame]145/*! Generate 3G CK + IK from 2G authentication vector
Harald Weltecd9cb902016-04-20 10:39:00 +0200[diff] [blame]146 * \param vec Authentication Vector to be modified
Neels Hofmeyrc7bf8d02016-05-08 22:23:40 +0200[diff] [blame]147 * \returns 1 if the vector was changed, 0 otherwise
Harald Weltecd9cb902016-04-20 10:39:00 +0200[diff] [blame]148 *
149 * This function performs the C5 and C4 functions to derive the UMTS key
150 * material from the GSM key material in the supplied vector, _if_ the input
Neels Hofmeyrc7bf8d02016-05-08 22:23:40 +0200[diff] [blame]151 * vector doesn't yet have UMTS authentication capability.
152 */
Harald Weltecd9cb902016-04-20 10:39:00 +0200[diff] [blame]153int osmo_auth_3g_from_2g(struct osmo_auth_vector *vec)
154{
155 if ((vec->auth_types & OSMO_AUTH_TYPE_GSM) &&
156 !(vec->auth_types & OSMO_AUTH_TYPE_UMTS)) {
157 c5_function(vec->ik, vec->kc);
Maxceae1232016-06-27 18:12:49 +0200[diff] [blame]158 osmo_c4(vec->ck, vec->kc);
Harald Weltecd9cb902016-04-20 10:39:00 +0200[diff] [blame]159 /* We cannot actually set OSMO_AUTH_TYPE_UMTS as we have no
160 * AUTN and no RES, and thus can only perform GSM
161 * authentication with this tuple.
Neels Hofmeyrc7bf8d02016-05-08 22:23:40 +0200[diff] [blame]162 */
Harald Weltecd9cb902016-04-20 10:39:00 +0200[diff] [blame]163 return 1;
164 }
165
166 return 0;
167}
168
Neels Hofmeyr87e45502017-06-20 00:17:59 +0200[diff] [blame]169/*! Generate authentication vector
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]170 * \param[out] vec Generated authentication vector
171 * \param[in] aud Subscriber-specific key material
Katerina Barone-Adesic28c6a02013-02-15 13:27:59 +0100[diff] [blame]172 * \param[in] _rand Random challenge to be used
Neels Hofmeyrc7bf8d02016-05-08 22:23:40 +0200[diff] [blame]173 * \returns 0 on success, negative error on failure
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]174 *
175 * This function performs the core cryptographic function of the AUC,
176 * computing authentication triples/quintuples based on the permanent
177 * subscriber data and a random value. The result is what is forwarded
178 * by the AUC via HLR and VLR to the MSC which will then be able to
179 * invoke authentication with the MS
180 */
Harald Welte08450c92023-05-30 10:55:37 +0200[diff] [blame^]181int osmo_auth_gen_vec2(struct osmo_auth_vector *vec,
182 struct osmo_sub_auth_data2 *aud,
183 const uint8_t *_rand)
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]184{
Harald Welte781bd5d2011-12-06 22:23:52 +0100[diff] [blame]185 struct osmo_auth_impl *impl = selected_auths[aud->algo];
Harald Welte4afdd5d2011-12-07 02:38:18 +0100[diff] [blame]186 int rc;
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]187
188 if (!impl)
189 return -ENOENT;
190
Harald Welte4afdd5d2011-12-07 02:38:18 +0100[diff] [blame]191 rc = impl->gen_vec(vec, aud, _rand);
192 if (rc < 0)
193 return rc;
194
195 memcpy(vec->rand, _rand, sizeof(vec->rand));
196
197 return 0;
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]198}
199
Harald Welte08450c92023-05-30 10:55:37 +0200[diff] [blame^]200/*! Generate authentication vector
201 * \param[out] vec Generated authentication vector
202 * \param[in] aud Subscriber-specific key material
203 * \param[in] _rand Random challenge to be used
204 * \returns 0 on success, negative error on failure
205 *
206 * This function performs the core cryptographic function of the AUC,
207 * computing authentication triples/quintuples based on the permanent
208 * subscriber data and a random value. The result is what is forwarded
209 * by the AUC via HLR and VLR to the MSC which will then be able to
210 * invoke authentication with the MS
211 */
212int osmo_auth_gen_vec(struct osmo_auth_vector *vec,
213 struct osmo_sub_auth_data *aud,
214 const uint8_t *_rand)
215{
216 struct osmo_sub_auth_data2 aud2;
217 int rc;
218
219 rc = auth_data2auth_data2(&aud2, aud);
220 if (rc < 0)
221 return rc;
222
223 rc = osmo_auth_gen_vec2(vec, &aud2, _rand);
224 if (aud->type == OSMO_AUTH_TYPE_UMTS)
225 aud->u.umts.sqn = aud2.u.umts.sqn;
226
227 return rc;
228}
229
230/*! Generate authentication vector and re-sync sequence
231 * \param[out] vec Generated authentication vector
232 * \param[in] aud Subscriber-specific key material
233 * \param[in] auts AUTS value sent by the SIM/MS
234 * \param[in] rand_auts RAND value sent by the SIM/MS
235 * \param[in] _rand Random challenge to be used to generate vector
236 * \returns 0 on success, negative error on failure
237 *
238 * This function performs a special variant of the core cryptographic
239 * function of the AUC: computing authentication triples/quintuples
240 * based on the permanent subscriber data, a random value as well as the
241 * AUTS and RAND values returned by the SIM/MS. This special variant is
242 * needed if the sequence numbers between MS and AUC have for some
243 * reason become different.
244 */
245int osmo_auth_gen_vec_auts2(struct osmo_auth_vector *vec,
246 struct osmo_sub_auth_data2 *aud,
247 const uint8_t *auts, const uint8_t *rand_auts,
248 const uint8_t *_rand)
249{
250 struct osmo_auth_impl *impl = selected_auths[aud->algo];
251 int rc;
252
253 if (!impl || !impl->gen_vec_auts)
254 return -ENOENT;
255
256 rc = impl->gen_vec_auts(vec, aud, auts, rand_auts, _rand);
257 if (rc < 0)
258 return rc;
259
260 memcpy(vec->rand, _rand, sizeof(vec->rand));
261
262 return 0;
263}
264
Neels Hofmeyr87e45502017-06-20 00:17:59 +0200[diff] [blame]265/*! Generate authentication vector and re-sync sequence
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]266 * \param[out] vec Generated authentication vector
267 * \param[in] aud Subscriber-specific key material
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]268 * \param[in] auts AUTS value sent by the SIM/MS
Neels Hofmeyr03ab9a62017-02-03 05:00:24 +0100[diff] [blame]269 * \param[in] rand_auts RAND value sent by the SIM/MS
Katerina Barone-Adesic28c6a02013-02-15 13:27:59 +0100[diff] [blame]270 * \param[in] _rand Random challenge to be used to generate vector
Neels Hofmeyrc7bf8d02016-05-08 22:23:40 +0200[diff] [blame]271 * \returns 0 on success, negative error on failure
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]272 *
273 * This function performs a special variant of the core cryptographic
274 * function of the AUC: computing authentication triples/quintuples
275 * based on the permanent subscriber data, a random value as well as the
276 * AUTS and RAND values returned by the SIM/MS. This special variant is
277 * needed if the sequence numbers between MS and AUC have for some
Thorsten Alteholza81055d2017-03-02 22:13:48 +0100[diff] [blame]278 * reason become different.
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]279 */
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]280int osmo_auth_gen_vec_auts(struct osmo_auth_vector *vec,
281 struct osmo_sub_auth_data *aud,
Neels Hofmeyr03ab9a62017-02-03 05:00:24 +0100[diff] [blame]282 const uint8_t *auts, const uint8_t *rand_auts,
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]283 const uint8_t *_rand)
284{
Harald Welte08450c92023-05-30 10:55:37 +0200[diff] [blame^]285 struct osmo_sub_auth_data2 aud2;
Neels Hofmeyr3b8cb392017-02-21 19:54:36 +0100[diff] [blame]286 int rc;
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]287
Harald Welte08450c92023-05-30 10:55:37 +0200[diff] [blame^]288 rc = auth_data2auth_data2(&aud2, aud);
Neels Hofmeyr3b8cb392017-02-21 19:54:36 +0100[diff] [blame]289 if (rc < 0)
290 return rc;
291
Harald Welte08450c92023-05-30 10:55:37 +0200[diff] [blame^]292 rc = osmo_auth_gen_vec_auts2(vec, &aud2, auts, rand_auts, _rand);
293 if (aud->type == OSMO_AUTH_TYPE_UMTS) {
294 aud->u.umts.sqn = aud2.u.umts.sqn;
295 aud->u.umts.sqn_ms = aud2.u.umts.sqn_ms;
296 }
Neels Hofmeyr3b8cb392017-02-21 19:54:36 +0100[diff] [blame]297
Harald Welte08450c92023-05-30 10:55:37 +0200[diff] [blame^]298 return rc;
Harald Welted82e0eb2011-12-06 21:53:42 +0100[diff] [blame]299}
Harald Weltea5ab1622011-12-07 02:33:11 +0100[diff] [blame]300
Harald Welte1c72bfb2012-04-04 22:05:24 +0200[diff] [blame]301static const struct value_string auth_alg_vals[] = {
Harald Weltea5ab1622011-12-07 02:33:11 +0100[diff] [blame]302 { OSMO_AUTH_ALG_NONE, "None" },
303 { OSMO_AUTH_ALG_COMP128v1, "COMP128v1" },
304 { OSMO_AUTH_ALG_COMP128v2, "COMP128v2" },
305 { OSMO_AUTH_ALG_COMP128v3, "COMP128v3" },
Harald Welte9b7c9ae2023-02-21 22:24:15 +0100[diff] [blame]306 { OSMO_AUTH_ALG_XOR_3G, "XOR-3G" },
Harald Weltea5ab1622011-12-07 02:33:11 +0100[diff] [blame]307 { OSMO_AUTH_ALG_MILENAGE, "MILENAGE" },
Harald Weltee93c5e92023-02-21 22:18:11 +0100[diff] [blame]308 { OSMO_AUTH_ALG_XOR_2G, "XOR-2G" },
Harald Weltea5ab1622011-12-07 02:33:11 +0100[diff] [blame]309 { 0, NULL }
310};
311
Neels Hofmeyr87e45502017-06-20 00:17:59 +0200[diff] [blame]312/*! Get human-readable name of authentication algorithm */
Harald Weltea5ab1622011-12-07 02:33:11 +0100[diff] [blame]313const char *osmo_auth_alg_name(enum osmo_auth_algo alg)
314{
315 return get_value_string(auth_alg_vals, alg);
316}
317
Neels Hofmeyr87e45502017-06-20 00:17:59 +0200[diff] [blame]318/*! Parse human-readable name of authentication algorithm */
Harald Weltea5ab1622011-12-07 02:33:11 +0100[diff] [blame]319enum osmo_auth_algo osmo_auth_alg_parse(const char *name)
320{
321 return get_string_value(auth_alg_vals, name);
322}
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]323
Neels Hofmeyr26e30b12017-10-07 04:41:22 +0200[diff] [blame]324const struct value_string osmo_sub_auth_type_names[] = {
325 { OSMO_AUTH_TYPE_NONE, "None" },
326 { OSMO_AUTH_TYPE_GSM, "GSM" },
327 { OSMO_AUTH_TYPE_UMTS, "UMTS" },
328 { 0, NULL }
329};
330
Neels Hofmeyraa84b712017-12-18 03:12:01 +0100[diff] [blame]331/* Derive GSM AKA ciphering key Kc from UMTS AKA CK and IK (auth function c3 from 3GPP TS 33.103 §
332 * 4.6.1).
333 * \param[out] kc GSM AKA Kc, 8 byte target buffer.
334 * \param[in] ck UMTS AKA CK, 16 byte input buffer.
335 * \param[in] ik UMTS AKA IK, 16 byte input buffer.
336 */
337void osmo_auth_c3(uint8_t kc[], const uint8_t ck[], const uint8_t ik[])
338{
339 int i;
340 for (i = 0; i < 8; i++)
341 kc[i] = ck[i] ^ ck[i + 8] ^ ik[i] ^ ik[i + 8];
342}
343
Harald Welte007a71e2012-07-18 19:47:56 +0200[diff] [blame]344/*! @} */