Hi Kevin,
On Sat, Nov 02, 2013 at 07:02:12PM +0100, Kevin Redon wrote:
I tested the reserved COMP128v23 code from
www.hackingprojects.net
Thanks, I didn't even know that there was now a publicly-documented,
publicly-leaked vresion of COMP128v2/v3 available. This of course means
that nobody can claim the algorithm is a trade secret anymore, and thus
I don't see problems with us implementing it in libosmocore for
subsequent use in other osmocom projects like osmo-nitb, etc.
I then checked the output from osmo-auc-gen again the
values provided
also the python code and all values matched
thanks!
WARNING: I also renamed COMP128 to COMP128v1, but
don't know if this
breaks any compatibility with other projects
Exactly to avoid that, I would simply skip it. I know it's sort-of
strange that comp128 refers to v1 without explicitly stating it, but I
think for the sake of simplicitly we should keep it.
Finally, I hope somebody will have enough reason of porting osmo-nitb
over to the generic osmo_auth API in libosmocore, rather than calling
the comp128[v1] algorithm directly. At that point, COMP128v2/v3 as well
as milenage support will come more or less automagically.
Afer that, we could probably resort to not exporting the comp128()
functions directly anymore, but require all users to go through the
osmo_auth_* API.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)