Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 1 | /* Authentication related functions */ |
| 2 | |
| 3 | /* |
| 4 | * (C) 2010 by Sylvain Munaut <tnt@246tNt.com> |
| 5 | * |
| 6 | * All Rights Reserved |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or modify |
Harald Welte | 9af6ddf | 2011-01-01 15:25:50 +0100 | [diff] [blame] | 9 | * it under the terms of the GNU Affero General Public License as published by |
| 10 | * the Free Software Foundation; either version 3 of the License, or |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 11 | * (at your option) any later version. |
| 12 | * |
| 13 | * This program is distributed in the hope that it will be useful, |
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
Harald Welte | 9af6ddf | 2011-01-01 15:25:50 +0100 | [diff] [blame] | 16 | * GNU Affero General Public License for more details. |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 17 | * |
Harald Welte | 9af6ddf | 2011-01-01 15:25:50 +0100 | [diff] [blame] | 18 | * You should have received a copy of the GNU Affero General Public License |
| 19 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 20 | * |
| 21 | */ |
| 22 | |
| 23 | #include <openbsc/db.h> |
| 24 | #include <openbsc/debug.h> |
Harald Welte | 86dda08 | 2010-12-23 18:07:49 +0100 | [diff] [blame] | 25 | #include <openbsc/auth.h> |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 26 | #include <openbsc/gsm_data.h> |
| 27 | |
Pablo Neira Ayuso | 136f453 | 2011-03-22 16:47:59 +0100 | [diff] [blame] | 28 | #include <osmocom/gsm/comp128.h> |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 29 | |
Daniel Willmann | 62a63f5 | 2015-10-08 16:10:25 +0200 | [diff] [blame] | 30 | #include <openssl/rand.h> |
| 31 | |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 32 | #include <stdlib.h> |
| 33 | |
Neels Hofmeyr | 37984bd | 2016-03-30 11:22:24 +0200 | [diff] [blame] | 34 | const struct value_string auth_action_names[] = { |
| 35 | #define AUTH_ACTION_STR(X) { X, #X } |
Neels Hofmeyr | f9b212f | 2016-03-30 11:22:27 +0200 | [diff] [blame] | 36 | AUTH_ACTION_STR(AUTH_ERROR), |
Neels Hofmeyr | 37984bd | 2016-03-30 11:22:24 +0200 | [diff] [blame] | 37 | AUTH_ACTION_STR(AUTH_NOT_AVAIL), |
| 38 | AUTH_ACTION_STR(AUTH_DO_AUTH_THEN_CIPH), |
| 39 | AUTH_ACTION_STR(AUTH_DO_CIPH), |
| 40 | AUTH_ACTION_STR(AUTH_DO_AUTH), |
| 41 | #undef AUTH_ACTION_STR |
| 42 | }; |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 43 | |
| 44 | static int |
Sylvain Munaut | e824d9c | 2010-06-11 00:19:42 +0200 | [diff] [blame] | 45 | _use_xor(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple) |
| 46 | { |
| 47 | int i, l = ainfo->a3a8_ki_len; |
| 48 | |
| 49 | if ((l > A38_XOR_MAX_KEY_LEN) || (l < A38_XOR_MIN_KEY_LEN)) { |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 50 | LOGP(DMM, LOGL_ERROR, "Invalid XOR key (len=%d) %s\n", |
Sylvain Munaut | e824d9c | 2010-06-11 00:19:42 +0200 | [diff] [blame] | 51 | ainfo->a3a8_ki_len, |
Pablo Neira Ayuso | c0d17f2 | 2011-05-07 12:12:48 +0200 | [diff] [blame] | 52 | osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len)); |
Sylvain Munaut | e824d9c | 2010-06-11 00:19:42 +0200 | [diff] [blame] | 53 | return -1; |
| 54 | } |
| 55 | |
| 56 | for (i=0; i<4; i++) |
Harald Welte | 121e9a4 | 2016-04-20 13:13:19 +0200 | [diff] [blame] | 57 | atuple->vec.sres[i] = atuple->vec.rand[i] ^ ainfo->a3a8_ki[i]; |
Sylvain Munaut | 0230b34 | 2010-09-21 19:03:09 +0200 | [diff] [blame] | 58 | for (i=4; i<12; i++) |
Harald Welte | 121e9a4 | 2016-04-20 13:13:19 +0200 | [diff] [blame] | 59 | atuple->vec.kc[i-4] = atuple->vec.rand[i] ^ ainfo->a3a8_ki[i]; |
Sylvain Munaut | e824d9c | 2010-06-11 00:19:42 +0200 | [diff] [blame] | 60 | |
| 61 | return 0; |
| 62 | } |
| 63 | |
| 64 | static int |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 65 | _use_comp128_v1(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple) |
| 66 | { |
| 67 | if (ainfo->a3a8_ki_len != A38_COMP128_KEY_LEN) { |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 68 | LOGP(DMM, LOGL_ERROR, "Invalid COMP128v1 key (len=%d) %s\n", |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 69 | ainfo->a3a8_ki_len, |
Pablo Neira Ayuso | c0d17f2 | 2011-05-07 12:12:48 +0200 | [diff] [blame] | 70 | osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len)); |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 71 | return -1; |
| 72 | } |
| 73 | |
Harald Welte | 121e9a4 | 2016-04-20 13:13:19 +0200 | [diff] [blame] | 74 | comp128(ainfo->a3a8_ki, atuple->vec.rand, atuple->vec.sres, atuple->vec.kc); |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 75 | |
| 76 | return 0; |
| 77 | } |
| 78 | |
| 79 | /* Return values |
| 80 | * -1 -> Internal error |
| 81 | * 0 -> Not available |
| 82 | * 1 -> Tuple returned, need to do auth, then enable cipher |
| 83 | * 2 -> Tuple returned, need to enable cipher |
| 84 | */ |
| 85 | int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple, |
| 86 | struct gsm_subscriber *subscr, int key_seq) |
| 87 | { |
| 88 | struct gsm_auth_info ainfo; |
Daniel Willmann | 62a63f5 | 2015-10-08 16:10:25 +0200 | [diff] [blame] | 89 | int rc; |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 90 | |
| 91 | /* Get subscriber info (if any) */ |
| 92 | rc = db_get_authinfo_for_subscr(&ainfo, subscr); |
| 93 | if (rc < 0) { |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 94 | LOGP(DMM, LOGL_NOTICE, |
| 95 | "No retrievable Ki for subscriber, skipping auth\n"); |
Neels Hofmeyr | f9b212f | 2016-03-30 11:22:27 +0200 | [diff] [blame] | 96 | return rc == -ENOENT ? AUTH_NOT_AVAIL : AUTH_ERROR; |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 97 | } |
| 98 | |
| 99 | /* If possible, re-use the last tuple and skip auth */ |
| 100 | rc = db_get_lastauthtuple_for_subscr(atuple, subscr); |
| 101 | if ((rc == 0) && |
Sylvain Munaut | cd8e810 | 2010-09-21 19:04:07 +0200 | [diff] [blame] | 102 | (key_seq != GSM_KEY_SEQ_INVAL) && |
Neels Hofmeyr | 0d929be | 2016-03-30 11:22:29 +0200 | [diff] [blame] | 103 | (key_seq == atuple->key_seq) && |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 104 | (atuple->use_count < 3)) |
| 105 | { |
| 106 | atuple->use_count++; |
| 107 | db_sync_lastauthtuple_for_subscr(atuple, subscr); |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 108 | DEBUGP(DMM, "Auth tuple use < 3, just doing ciphering\n"); |
Harald Welte | 86dda08 | 2010-12-23 18:07:49 +0100 | [diff] [blame] | 109 | return AUTH_DO_CIPH; |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 110 | } |
| 111 | |
| 112 | /* Generate a new one */ |
Neels Hofmeyr | cf1302e | 2016-03-30 11:22:30 +0200 | [diff] [blame] | 113 | if (rc != 0) { |
| 114 | /* If db_get_lastauthtuple_for_subscr() returned nothing, make |
| 115 | * sure the atuple memory is initialized to zero and thus start |
| 116 | * off with key_seq = 0. */ |
| 117 | memset(atuple, 0, sizeof(*atuple)); |
| 118 | } else { |
| 119 | /* If db_get_lastauthtuple_for_subscr() returned a previous |
| 120 | * tuple, use the next key_seq. */ |
| 121 | atuple->key_seq = (atuple->key_seq + 1) % 7; |
| 122 | } |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 123 | atuple->use_count = 1; |
Daniel Willmann | 62a63f5 | 2015-10-08 16:10:25 +0200 | [diff] [blame] | 124 | |
Harald Welte | 121e9a4 | 2016-04-20 13:13:19 +0200 | [diff] [blame] | 125 | if (RAND_bytes(atuple->vec.rand, sizeof(atuple->vec.rand)) != 1) { |
Daniel Willmann | 62a63f5 | 2015-10-08 16:10:25 +0200 | [diff] [blame] | 126 | LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed, can't generate new auth tuple\n"); |
Neels Hofmeyr | f9b212f | 2016-03-30 11:22:27 +0200 | [diff] [blame] | 127 | return AUTH_ERROR; |
Daniel Willmann | 62a63f5 | 2015-10-08 16:10:25 +0200 | [diff] [blame] | 128 | } |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 129 | |
| 130 | switch (ainfo.auth_algo) { |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 131 | case AUTH_ALGO_NONE: |
| 132 | DEBUGP(DMM, "No authentication for subscriber\n"); |
Neels Hofmeyr | 4e875ae | 2016-03-30 11:22:28 +0200 | [diff] [blame] | 133 | return AUTH_NOT_AVAIL; |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 134 | |
| 135 | case AUTH_ALGO_XOR: |
| 136 | if (_use_xor(&ainfo, atuple)) |
Neels Hofmeyr | 4e875ae | 2016-03-30 11:22:28 +0200 | [diff] [blame] | 137 | return AUTH_NOT_AVAIL; |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 138 | break; |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 139 | |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 140 | case AUTH_ALGO_COMP128v1: |
| 141 | if (_use_comp128_v1(&ainfo, atuple)) |
Neels Hofmeyr | 4e875ae | 2016-03-30 11:22:28 +0200 | [diff] [blame] | 142 | return AUTH_NOT_AVAIL; |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 143 | break; |
| 144 | |
| 145 | default: |
| 146 | DEBUGP(DMM, "Unsupported auth type algo_id=%d\n", |
| 147 | ainfo.auth_algo); |
Neels Hofmeyr | 4e875ae | 2016-03-30 11:22:28 +0200 | [diff] [blame] | 148 | return AUTH_NOT_AVAIL; |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 149 | } |
| 150 | |
| 151 | db_sync_lastauthtuple_for_subscr(atuple, subscr); |
| 152 | |
Harald Welte | 082b01f | 2010-12-23 22:54:06 +0100 | [diff] [blame] | 153 | DEBUGP(DMM, "Need to do authentication and ciphering\n"); |
Neels Hofmeyr | d2fa7a5 | 2016-03-10 23:30:37 +0100 | [diff] [blame] | 154 | return AUTH_DO_AUTH_THEN_CIPH; |
Sylvain Munaut | 30a1538 | 2009-12-24 00:27:26 +0100 | [diff] [blame] | 155 | } |
| 156 | |