Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 1 | /* (C) 2010-2023 by Harald Welte <laforge@gnumonks.org> |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 2 | * |
| 3 | * All Rights Reserved |
| 4 | * |
Harald Welte | e08da97 | 2017-11-13 01:00:26 +0900 | [diff] [blame] | 5 | * SPDX-License-Identifier: GPL-2.0+ |
| 6 | * |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 7 | * This program is free software; you can redistribute it and/or modify |
| 8 | * it under the terms of the GNU General Public License as published by |
| 9 | * the Free Software Foundation; either version 2 of the License, or |
| 10 | * (at your option) any later version. |
| 11 | * |
| 12 | * This program is distributed in the hope that it will be useful, |
| 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 15 | * GNU General Public License for more details. |
| 16 | * |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 17 | */ |
| 18 | |
Max | 38b1723 | 2017-12-01 19:06:21 +0100 | [diff] [blame] | 19 | #include "config.h" |
| 20 | |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 21 | #include <errno.h> |
| 22 | #include <stdint.h> |
Harald Welte | d318e61 | 2011-12-07 12:16:27 +0100 | [diff] [blame] | 23 | #include <string.h> |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 24 | |
| 25 | #include <osmocom/core/utils.h> |
| 26 | #include <osmocom/core/linuxlist.h> |
| 27 | #include <osmocom/core/plugin.h> |
| 28 | |
| 29 | #include <osmocom/crypt/auth.h> |
| 30 | |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 31 | /*! \addtogroup auth |
| 32 | * @{ |
Neels Hofmeyr | 87e4550 | 2017-06-20 00:17:59 +0200 | [diff] [blame] | 33 | * GSM/GPRS/3G authentication core infrastructure |
Neels Hofmeyr | 17518fe | 2017-06-20 04:35:06 +0200 | [diff] [blame] | 34 | * |
| 35 | * \file auth_core.c */ |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 36 | |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 37 | static LLIST_HEAD(osmo_auths); |
| 38 | |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 39 | /* generate auth_data2 from auth_data (for legacy API/ABI compatibility */ |
| 40 | static int auth_data2auth_data2(struct osmo_sub_auth_data2 *out, const struct osmo_sub_auth_data *in) |
| 41 | { |
| 42 | out->type = in->type; |
| 43 | out->algo = in->algo; |
| 44 | switch (in->type) { |
| 45 | case OSMO_AUTH_TYPE_NONE: |
| 46 | return 0; |
| 47 | case OSMO_AUTH_TYPE_GSM: |
| 48 | memcpy(out->u.gsm.ki, in->u.gsm.ki, sizeof(out->u.gsm.ki)); |
| 49 | break; |
| 50 | case OSMO_AUTH_TYPE_UMTS: |
| 51 | memcpy(out->u.umts.opc, in->u.umts.opc, sizeof(in->u.umts.opc)); |
| 52 | out->u.umts.opc_len = sizeof(in->u.umts.opc); |
| 53 | memcpy(out->u.umts.k, in->u.umts.k, sizeof(in->u.umts.k)); |
| 54 | out->u.umts.k_len = sizeof(in->u.umts.k); |
| 55 | memcpy(out->u.umts.amf, in->u.umts.amf, sizeof(out->u.umts.amf)); |
| 56 | out->u.umts.sqn = in->u.umts.sqn; |
| 57 | out->u.umts.opc_is_op = in->u.umts.opc_is_op; |
| 58 | out->u.umts.ind_bitlen = in->u.umts.ind_bitlen; |
| 59 | out->u.umts.ind = in->u.umts.ind; |
| 60 | out->u.umts.sqn_ms = in->u.umts.sqn_ms; |
| 61 | break; |
| 62 | default: |
| 63 | return -EINVAL; |
| 64 | } |
| 65 | return 0; |
| 66 | } |
| 67 | |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 68 | static struct osmo_auth_impl *selected_auths[_OSMO_AUTH_ALG_NUM]; |
| 69 | |
Neels Hofmeyr | 87e4550 | 2017-06-20 00:17:59 +0200 | [diff] [blame] | 70 | /*! Register an authentication algorithm implementation with the core |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 71 | * \param[in] impl Structure describing implementation and it's callbacks |
Neels Hofmeyr | c7bf8d0 | 2016-05-08 22:23:40 +0200 | [diff] [blame] | 72 | * \returns 0 on success, or a negative error code on failure |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 73 | * |
| 74 | * This function is called by an authentication implementation plugin to |
| 75 | * register itself with the authentication core. |
| 76 | */ |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 77 | int osmo_auth_register(struct osmo_auth_impl *impl) |
| 78 | { |
| 79 | if (impl->algo >= ARRAY_SIZE(selected_auths)) |
| 80 | return -ERANGE; |
| 81 | |
| 82 | llist_add_tail(&impl->list, &osmo_auths); |
| 83 | |
| 84 | /* check if we want to select this implementation over others */ |
| 85 | if (!selected_auths[impl->algo] || |
| 86 | (selected_auths[impl->algo]->priority > impl->priority)) |
| 87 | selected_auths[impl->algo] = impl; |
| 88 | |
| 89 | return 0; |
| 90 | } |
| 91 | |
Neels Hofmeyr | 87e4550 | 2017-06-20 00:17:59 +0200 | [diff] [blame] | 92 | /*! Load all available authentication plugins from the given path |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 93 | * \param[in] path Path name of the directory containing the plugins |
Neels Hofmeyr | c7bf8d0 | 2016-05-08 22:23:40 +0200 | [diff] [blame] | 94 | * \returns number of plugins loaded in case of success, negative in case of error |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 95 | * |
| 96 | * This function will load all plugins contained in the specified path. |
| 97 | */ |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 98 | int osmo_auth_load(const char *path) |
| 99 | { |
| 100 | /* load all plugins available from path */ |
Max | 38b1723 | 2017-12-01 19:06:21 +0100 | [diff] [blame] | 101 | #if !defined(EMBEDDED) |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 102 | return osmo_plugin_load_all(path); |
Max | 38b1723 | 2017-12-01 19:06:21 +0100 | [diff] [blame] | 103 | #else |
| 104 | return -1; |
| 105 | #endif |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 106 | } |
| 107 | |
Neels Hofmeyr | 87e4550 | 2017-06-20 00:17:59 +0200 | [diff] [blame] | 108 | /*! Determine if a given authentication algorithm is supported |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 109 | * \param[in] algo Algorithm which should be checked |
Neels Hofmeyr | c7bf8d0 | 2016-05-08 22:23:40 +0200 | [diff] [blame] | 110 | * \returns 1 if algo is supported, 0 if not, negative error on failure |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 111 | * |
| 112 | * This function is used by an application to determine at runtime if a |
| 113 | * given authentication algorithm is supported or not. |
| 114 | */ |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 115 | int osmo_auth_supported(enum osmo_auth_algo algo) |
| 116 | { |
| 117 | if (algo >= ARRAY_SIZE(selected_auths)) |
| 118 | return -ERANGE; |
| 119 | |
| 120 | if (selected_auths[algo]) |
| 121 | return 1; |
| 122 | |
| 123 | return 0; |
| 124 | } |
| 125 | |
Max | af25c37 | 2018-12-19 20:12:19 +0100 | [diff] [blame] | 126 | /* 3GPP TS 33.102 §6.8.2.3 C5 function to derive UMTS IK from GSM Kc */ |
Harald Welte | cd9cb90 | 2016-04-20 10:39:00 +0200 | [diff] [blame] | 127 | static inline void c5_function(uint8_t *ik, const uint8_t *kc) |
| 128 | { |
| 129 | unsigned int i; |
| 130 | |
| 131 | for (i = 0; i < 4; i++) |
| 132 | ik[i] = kc[i] ^ kc[i+4]; |
| 133 | memcpy(ik+4, kc, 8); |
| 134 | for (i = 12; i < 16; i++) |
| 135 | ik[i] = ik[i-12]; |
| 136 | } |
| 137 | |
Max | af25c37 | 2018-12-19 20:12:19 +0100 | [diff] [blame] | 138 | /* 3GPP TS 33.102 §6.8.2.3 C4 function to derive UMTS CK from GSM Kc */ |
Max | ceae123 | 2016-06-27 18:12:49 +0200 | [diff] [blame] | 139 | void osmo_c4(uint8_t *ck, const uint8_t *kc) |
Harald Welte | cd9cb90 | 2016-04-20 10:39:00 +0200 | [diff] [blame] | 140 | { |
| 141 | memcpy(ck, kc, 8); |
| 142 | memcpy(ck+8, kc, 8); |
| 143 | } |
| 144 | |
Neels Hofmeyr | 87e4550 | 2017-06-20 00:17:59 +0200 | [diff] [blame] | 145 | /*! Generate 3G CK + IK from 2G authentication vector |
Harald Welte | cd9cb90 | 2016-04-20 10:39:00 +0200 | [diff] [blame] | 146 | * \param vec Authentication Vector to be modified |
Neels Hofmeyr | c7bf8d0 | 2016-05-08 22:23:40 +0200 | [diff] [blame] | 147 | * \returns 1 if the vector was changed, 0 otherwise |
Harald Welte | cd9cb90 | 2016-04-20 10:39:00 +0200 | [diff] [blame] | 148 | * |
| 149 | * This function performs the C5 and C4 functions to derive the UMTS key |
| 150 | * material from the GSM key material in the supplied vector, _if_ the input |
Neels Hofmeyr | c7bf8d0 | 2016-05-08 22:23:40 +0200 | [diff] [blame] | 151 | * vector doesn't yet have UMTS authentication capability. |
| 152 | */ |
Harald Welte | cd9cb90 | 2016-04-20 10:39:00 +0200 | [diff] [blame] | 153 | int osmo_auth_3g_from_2g(struct osmo_auth_vector *vec) |
| 154 | { |
| 155 | if ((vec->auth_types & OSMO_AUTH_TYPE_GSM) && |
| 156 | !(vec->auth_types & OSMO_AUTH_TYPE_UMTS)) { |
| 157 | c5_function(vec->ik, vec->kc); |
Max | ceae123 | 2016-06-27 18:12:49 +0200 | [diff] [blame] | 158 | osmo_c4(vec->ck, vec->kc); |
Harald Welte | cd9cb90 | 2016-04-20 10:39:00 +0200 | [diff] [blame] | 159 | /* We cannot actually set OSMO_AUTH_TYPE_UMTS as we have no |
| 160 | * AUTN and no RES, and thus can only perform GSM |
| 161 | * authentication with this tuple. |
Neels Hofmeyr | c7bf8d0 | 2016-05-08 22:23:40 +0200 | [diff] [blame] | 162 | */ |
Harald Welte | cd9cb90 | 2016-04-20 10:39:00 +0200 | [diff] [blame] | 163 | return 1; |
| 164 | } |
| 165 | |
| 166 | return 0; |
| 167 | } |
| 168 | |
Neels Hofmeyr | 87e4550 | 2017-06-20 00:17:59 +0200 | [diff] [blame] | 169 | /*! Generate authentication vector |
Harald Welte | d8e5309 | 2023-05-30 15:01:38 +0200 | [diff] [blame] | 170 | * \param[out] vec Generated authentication vector. See below! |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 171 | * \param[in] aud Subscriber-specific key material |
Katerina Barone-Adesi | c28c6a0 | 2013-02-15 13:27:59 +0100 | [diff] [blame] | 172 | * \param[in] _rand Random challenge to be used |
Neels Hofmeyr | c7bf8d0 | 2016-05-08 22:23:40 +0200 | [diff] [blame] | 173 | * \returns 0 on success, negative error on failure |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 174 | * |
| 175 | * This function performs the core cryptographic function of the AUC, |
| 176 | * computing authentication triples/quintuples based on the permanent |
| 177 | * subscriber data and a random value. The result is what is forwarded |
| 178 | * by the AUC via HLR and VLR to the MSC which will then be able to |
Harald Welte | d8e5309 | 2023-05-30 15:01:38 +0200 | [diff] [blame] | 179 | * invoke authentication with the MS. |
| 180 | * |
| 181 | * Contrary to the older osmo_auth_gen_vec(), the caller must specify |
| 182 | * the desired RES length in the vec->res_len field prior to calling |
| 183 | * this function. The requested length must match the capabilities of |
| 184 | * the chosen algorithm (e.g. 4/8 for MILENAGE). |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 185 | */ |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 186 | int osmo_auth_gen_vec2(struct osmo_auth_vector *vec, |
| 187 | struct osmo_sub_auth_data2 *aud, |
| 188 | const uint8_t *_rand) |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 189 | { |
Harald Welte | 781bd5d | 2011-12-06 22:23:52 +0100 | [diff] [blame] | 190 | struct osmo_auth_impl *impl = selected_auths[aud->algo]; |
Harald Welte | 4afdd5d | 2011-12-07 02:38:18 +0100 | [diff] [blame] | 191 | int rc; |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 192 | |
| 193 | if (!impl) |
| 194 | return -ENOENT; |
| 195 | |
Harald Welte | 4afdd5d | 2011-12-07 02:38:18 +0100 | [diff] [blame] | 196 | rc = impl->gen_vec(vec, aud, _rand); |
| 197 | if (rc < 0) |
| 198 | return rc; |
| 199 | |
| 200 | memcpy(vec->rand, _rand, sizeof(vec->rand)); |
| 201 | |
| 202 | return 0; |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 203 | } |
| 204 | |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 205 | /*! Generate authentication vector |
| 206 | * \param[out] vec Generated authentication vector |
| 207 | * \param[in] aud Subscriber-specific key material |
| 208 | * \param[in] _rand Random challenge to be used |
| 209 | * \returns 0 on success, negative error on failure |
| 210 | * |
| 211 | * This function performs the core cryptographic function of the AUC, |
| 212 | * computing authentication triples/quintuples based on the permanent |
| 213 | * subscriber data and a random value. The result is what is forwarded |
| 214 | * by the AUC via HLR and VLR to the MSC which will then be able to |
| 215 | * invoke authentication with the MS |
| 216 | */ |
| 217 | int osmo_auth_gen_vec(struct osmo_auth_vector *vec, |
| 218 | struct osmo_sub_auth_data *aud, |
| 219 | const uint8_t *_rand) |
| 220 | { |
| 221 | struct osmo_sub_auth_data2 aud2; |
| 222 | int rc; |
| 223 | |
Harald Welte | d8e5309 | 2023-05-30 15:01:38 +0200 | [diff] [blame] | 224 | if (aud->type == OSMO_AUTH_TYPE_UMTS) { |
| 225 | /* old API callers are not expected to initialize this struct field, |
| 226 | * and always expect an 8-byte RES value */ |
| 227 | vec->res_len = 8; |
| 228 | } |
| 229 | |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 230 | rc = auth_data2auth_data2(&aud2, aud); |
| 231 | if (rc < 0) |
| 232 | return rc; |
| 233 | |
| 234 | rc = osmo_auth_gen_vec2(vec, &aud2, _rand); |
| 235 | if (aud->type == OSMO_AUTH_TYPE_UMTS) |
| 236 | aud->u.umts.sqn = aud2.u.umts.sqn; |
| 237 | |
| 238 | return rc; |
| 239 | } |
| 240 | |
| 241 | /*! Generate authentication vector and re-sync sequence |
Harald Welte | d8e5309 | 2023-05-30 15:01:38 +0200 | [diff] [blame] | 242 | * \param[out] vec Generated authentication vector. See below! |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 243 | * \param[in] aud Subscriber-specific key material |
| 244 | * \param[in] auts AUTS value sent by the SIM/MS |
| 245 | * \param[in] rand_auts RAND value sent by the SIM/MS |
| 246 | * \param[in] _rand Random challenge to be used to generate vector |
| 247 | * \returns 0 on success, negative error on failure |
| 248 | * |
| 249 | * This function performs a special variant of the core cryptographic |
| 250 | * function of the AUC: computing authentication triples/quintuples |
| 251 | * based on the permanent subscriber data, a random value as well as the |
| 252 | * AUTS and RAND values returned by the SIM/MS. This special variant is |
| 253 | * needed if the sequence numbers between MS and AUC have for some |
| 254 | * reason become different. |
Harald Welte | d8e5309 | 2023-05-30 15:01:38 +0200 | [diff] [blame] | 255 | * |
| 256 | * Contrary to the older osmo_auth_gen_vec_auts(), the caller must specify |
| 257 | * the desired RES length in the vec->res_len field prior to calling |
| 258 | * this function. The requested length must match the capabilities of |
| 259 | * the chosen algorithm (e.g. 4/8 for MILENAGE). |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 260 | */ |
| 261 | int osmo_auth_gen_vec_auts2(struct osmo_auth_vector *vec, |
| 262 | struct osmo_sub_auth_data2 *aud, |
| 263 | const uint8_t *auts, const uint8_t *rand_auts, |
| 264 | const uint8_t *_rand) |
| 265 | { |
| 266 | struct osmo_auth_impl *impl = selected_auths[aud->algo]; |
| 267 | int rc; |
| 268 | |
| 269 | if (!impl || !impl->gen_vec_auts) |
| 270 | return -ENOENT; |
| 271 | |
| 272 | rc = impl->gen_vec_auts(vec, aud, auts, rand_auts, _rand); |
| 273 | if (rc < 0) |
| 274 | return rc; |
| 275 | |
| 276 | memcpy(vec->rand, _rand, sizeof(vec->rand)); |
| 277 | |
| 278 | return 0; |
| 279 | } |
| 280 | |
Neels Hofmeyr | 87e4550 | 2017-06-20 00:17:59 +0200 | [diff] [blame] | 281 | /*! Generate authentication vector and re-sync sequence |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 282 | * \param[out] vec Generated authentication vector |
| 283 | * \param[in] aud Subscriber-specific key material |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 284 | * \param[in] auts AUTS value sent by the SIM/MS |
Neels Hofmeyr | 03ab9a6 | 2017-02-03 05:00:24 +0100 | [diff] [blame] | 285 | * \param[in] rand_auts RAND value sent by the SIM/MS |
Katerina Barone-Adesi | c28c6a0 | 2013-02-15 13:27:59 +0100 | [diff] [blame] | 286 | * \param[in] _rand Random challenge to be used to generate vector |
Neels Hofmeyr | c7bf8d0 | 2016-05-08 22:23:40 +0200 | [diff] [blame] | 287 | * \returns 0 on success, negative error on failure |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 288 | * |
| 289 | * This function performs a special variant of the core cryptographic |
| 290 | * function of the AUC: computing authentication triples/quintuples |
| 291 | * based on the permanent subscriber data, a random value as well as the |
| 292 | * AUTS and RAND values returned by the SIM/MS. This special variant is |
| 293 | * needed if the sequence numbers between MS and AUC have for some |
Thorsten Alteholz | a81055d | 2017-03-02 22:13:48 +0100 | [diff] [blame] | 294 | * reason become different. |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 295 | */ |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 296 | int osmo_auth_gen_vec_auts(struct osmo_auth_vector *vec, |
| 297 | struct osmo_sub_auth_data *aud, |
Neels Hofmeyr | 03ab9a6 | 2017-02-03 05:00:24 +0100 | [diff] [blame] | 298 | const uint8_t *auts, const uint8_t *rand_auts, |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 299 | const uint8_t *_rand) |
| 300 | { |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 301 | struct osmo_sub_auth_data2 aud2; |
Neels Hofmeyr | 3b8cb39 | 2017-02-21 19:54:36 +0100 | [diff] [blame] | 302 | int rc; |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 303 | |
Harald Welte | d8e5309 | 2023-05-30 15:01:38 +0200 | [diff] [blame] | 304 | if (aud->type == OSMO_AUTH_TYPE_UMTS) { |
| 305 | /* old API callers are not expected to initialize this struct field, |
| 306 | * and always expect an 8-byte RES value */ |
| 307 | vec->res_len = 8; |
| 308 | } |
| 309 | |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 310 | rc = auth_data2auth_data2(&aud2, aud); |
Neels Hofmeyr | 3b8cb39 | 2017-02-21 19:54:36 +0100 | [diff] [blame] | 311 | if (rc < 0) |
| 312 | return rc; |
| 313 | |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 314 | rc = osmo_auth_gen_vec_auts2(vec, &aud2, auts, rand_auts, _rand); |
| 315 | if (aud->type == OSMO_AUTH_TYPE_UMTS) { |
| 316 | aud->u.umts.sqn = aud2.u.umts.sqn; |
| 317 | aud->u.umts.sqn_ms = aud2.u.umts.sqn_ms; |
| 318 | } |
Neels Hofmeyr | 3b8cb39 | 2017-02-21 19:54:36 +0100 | [diff] [blame] | 319 | |
Harald Welte | 08450c9 | 2023-05-30 10:55:37 +0200 | [diff] [blame] | 320 | return rc; |
Harald Welte | d82e0eb | 2011-12-06 21:53:42 +0100 | [diff] [blame] | 321 | } |
Harald Welte | a5ab162 | 2011-12-07 02:33:11 +0100 | [diff] [blame] | 322 | |
Harald Welte | 1c72bfb | 2012-04-04 22:05:24 +0200 | [diff] [blame] | 323 | static const struct value_string auth_alg_vals[] = { |
Harald Welte | a5ab162 | 2011-12-07 02:33:11 +0100 | [diff] [blame] | 324 | { OSMO_AUTH_ALG_NONE, "None" }, |
| 325 | { OSMO_AUTH_ALG_COMP128v1, "COMP128v1" }, |
| 326 | { OSMO_AUTH_ALG_COMP128v2, "COMP128v2" }, |
| 327 | { OSMO_AUTH_ALG_COMP128v3, "COMP128v3" }, |
Harald Welte | 9b7c9ae | 2023-02-21 22:24:15 +0100 | [diff] [blame] | 328 | { OSMO_AUTH_ALG_XOR_3G, "XOR-3G" }, |
Harald Welte | a5ab162 | 2011-12-07 02:33:11 +0100 | [diff] [blame] | 329 | { OSMO_AUTH_ALG_MILENAGE, "MILENAGE" }, |
Harald Welte | e93c5e9 | 2023-02-21 22:18:11 +0100 | [diff] [blame] | 330 | { OSMO_AUTH_ALG_XOR_2G, "XOR-2G" }, |
Harald Welte | 8bd9d5d | 2023-05-28 09:36:50 +0200 | [diff] [blame] | 331 | { OSMO_AUTH_ALG_TUAK, "TUAK" }, |
Harald Welte | a5ab162 | 2011-12-07 02:33:11 +0100 | [diff] [blame] | 332 | { 0, NULL } |
| 333 | }; |
| 334 | |
Neels Hofmeyr | 87e4550 | 2017-06-20 00:17:59 +0200 | [diff] [blame] | 335 | /*! Get human-readable name of authentication algorithm */ |
Harald Welte | a5ab162 | 2011-12-07 02:33:11 +0100 | [diff] [blame] | 336 | const char *osmo_auth_alg_name(enum osmo_auth_algo alg) |
| 337 | { |
| 338 | return get_value_string(auth_alg_vals, alg); |
| 339 | } |
| 340 | |
Neels Hofmeyr | 87e4550 | 2017-06-20 00:17:59 +0200 | [diff] [blame] | 341 | /*! Parse human-readable name of authentication algorithm */ |
Harald Welte | a5ab162 | 2011-12-07 02:33:11 +0100 | [diff] [blame] | 342 | enum osmo_auth_algo osmo_auth_alg_parse(const char *name) |
| 343 | { |
| 344 | return get_string_value(auth_alg_vals, name); |
| 345 | } |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 346 | |
Neels Hofmeyr | 26e30b1 | 2017-10-07 04:41:22 +0200 | [diff] [blame] | 347 | const struct value_string osmo_sub_auth_type_names[] = { |
| 348 | { OSMO_AUTH_TYPE_NONE, "None" }, |
| 349 | { OSMO_AUTH_TYPE_GSM, "GSM" }, |
| 350 | { OSMO_AUTH_TYPE_UMTS, "UMTS" }, |
| 351 | { 0, NULL } |
| 352 | }; |
| 353 | |
Neels Hofmeyr | aa84b71 | 2017-12-18 03:12:01 +0100 | [diff] [blame] | 354 | /* Derive GSM AKA ciphering key Kc from UMTS AKA CK and IK (auth function c3 from 3GPP TS 33.103 § |
| 355 | * 4.6.1). |
| 356 | * \param[out] kc GSM AKA Kc, 8 byte target buffer. |
| 357 | * \param[in] ck UMTS AKA CK, 16 byte input buffer. |
| 358 | * \param[in] ik UMTS AKA IK, 16 byte input buffer. |
| 359 | */ |
| 360 | void osmo_auth_c3(uint8_t kc[], const uint8_t ck[], const uint8_t ik[]) |
| 361 | { |
| 362 | int i; |
| 363 | for (i = 0; i < 8; i++) |
| 364 | kc[i] = ck[i] ^ ck[i + 8] ^ ik[i] ^ ik[i + 8]; |
| 365 | } |
| 366 | |
Harald Welte | 76f4c5c | 2023-05-30 15:57:08 +0200 | [diff] [blame] | 367 | /*! Derive GSM SRES from UMTS [X]RES (auth function c2 from 3GPP TS 33.103 Section 6.8.1.2 |
| 368 | * \param[out] sres GSM SRES value, 4 byte target buffer |
| 369 | * \param[in] res UMTS XRES, 4..16 bytes input buffer |
| 370 | * \param[in] res_len length of res parameter (in bytes) |
| 371 | * \param[in] sres_deriv_func SRES derivation function (1 or 2, see 3GPP TS 55.205 Section 4 |
| 372 | */ |
| 373 | void osmo_auth_c2(uint8_t sres[4], const uint8_t *res, size_t res_len, uint8_t sres_deriv_func) |
| 374 | { |
| 375 | uint8_t xres[16]; |
| 376 | |
| 377 | OSMO_ASSERT(sres_deriv_func == 1 || sres_deriv_func == 2); |
| 378 | OSMO_ASSERT(res_len <= sizeof(xres)); |
| 379 | |
| 380 | memcpy(xres, res, res_len); |
| 381 | |
| 382 | /* zero-pad the end, if XRES is < 16 bytes */ |
| 383 | if (res_len < sizeof(xres)) |
| 384 | memset(xres+res_len, 0, sizeof(xres)-res_len); |
| 385 | |
| 386 | if (sres_deriv_func == 1) { |
| 387 | /* SRES derivation function #1 */ |
| 388 | for (unsigned int i = 0; i < 4; i++) |
| 389 | sres[i] = xres[i] ^ xres[4+i] ^ xres[8+i] ^ xres[12+i]; |
| 390 | } else { |
| 391 | /* SRES derivation function #2 */ |
| 392 | memcpy(sres, xres, 4); |
| 393 | } |
| 394 | } |
| 395 | |
Harald Welte | 007a71e | 2012-07-18 19:47:56 +0200 | [diff] [blame] | 396 | /*! @} */ |