30 May
2023
30 May
'23
5:15 p.m.
laforge has uploaded this change for review. (
https://gerrit.osmocom.org/c/osmo-hlr/+/33096 )
Change subject: Introduce support for XOR-2G algorithm
......................................................................
Introduce support for XOR-2G algorithm
So far we supported a "xor" algorithm in osmo-hlr, without specifying
whether it's the XOR-3G or the (different) XOR-2G algorithm.
Furthermore, it was buggy in the sense that it permitted the XOR[-3G]
for 2G authentication data in the database.
This patch
* renames existing "xor" to "xor-3g"
* disallows "xor-3g" usage with 2G authentication data
* introduces support for XOR-2G as "xor-2g" in the VTY
Change-Id: I039a1f84fda54a908a82fe621e7fd078cb85e4c6
---
M include/osmocom/hlr/hlr_vty.h
M src/db_hlr.c
M src/hlr_vty_subscr.c
M tests/auc/auc_test.c
M tests/db/db_test.c
M tests/db/db_test.err
6 files changed, 45 insertions(+), 18 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-hlr refs/changes/96/33096/1
diff --git a/include/osmocom/hlr/hlr_vty.h b/include/osmocom/hlr/hlr_vty.h
index 83691b8..771945d 100644
--- a/include/osmocom/hlr/hlr_vty.h
+++ b/include/osmocom/hlr/hlr_vty.h
@@ -40,6 +40,7 @@
#define A38_XOR_MIN_KEY_LEN 12
#define A38_XOR_MAX_KEY_LEN 16
+#define A38_XOR2G_KEY_LEN 16
#define A38_COMP128_KEY_LEN 16
#define MILENAGE_KEY_LEN 16
diff --git a/src/db_hlr.c b/src/db_hlr.c
index 1dc4415..8dfbb15 100644
--- a/src/db_hlr.c
+++ b/src/db_hlr.c
@@ -238,8 +238,9 @@
case OSMO_AUTH_ALG_COMP128v1:
case OSMO_AUTH_ALG_COMP128v2:
case OSMO_AUTH_ALG_COMP128v3:
- case OSMO_AUTH_ALG_XOR:
+ case OSMO_AUTH_ALG_XOR_2G:
break;
+ case OSMO_AUTH_ALG_XOR_3G:
case OSMO_AUTH_ALG_MILENAGE:
LOGP(DAUC, LOGL_ERROR, "Cannot update auth tokens:"
" auth algo not suited for 2G: %s\n",
@@ -267,11 +268,12 @@
switch (aud->algo) {
case OSMO_AUTH_ALG_NONE:
case OSMO_AUTH_ALG_MILENAGE:
- case OSMO_AUTH_ALG_XOR:
+ case OSMO_AUTH_ALG_XOR_3G:
break;
case OSMO_AUTH_ALG_COMP128v1:
case OSMO_AUTH_ALG_COMP128v2:
case OSMO_AUTH_ALG_COMP128v3:
+ case OSMO_AUTH_ALG_XOR_2G:
LOGP(DAUC, LOGL_ERROR, "Cannot update auth tokens:"
" auth algo not suited for 3G: %s\n",
osmo_auth_alg_name(aud->algo));
diff --git a/src/hlr_vty_subscr.c b/src/hlr_vty_subscr.c
index c851062..0c5df48 100644
--- a/src/hlr_vty_subscr.c
+++ b/src/hlr_vty_subscr.c
@@ -460,14 +460,15 @@
return false;
}
-#define AUTH_ALG_TYPES_2G "(comp128v1|comp128v2|comp128v3|xor)"
+#define AUTH_ALG_TYPES_2G "(comp128v1|comp128v2|comp128v3|xor-3g|xor-2g)"
#define AUTH_ALG_TYPES_2G_HELP \
"Use COMP128v1 algorithm\n" \
"Use COMP128v2 algorithm\n" \
"Use COMP128v3 algorithm\n" \
- "Use XOR algorithm\n"
+ "Use XOR-3G algorithm\n" \
+ "Use XOR-2G algorithm\n"
-#define AUTH_ALG_TYPES_3G "milenage"
+#define AUTH_ALG_TYPES_3G "(milenage"
#define AUTH_ALG_TYPES_3G_HELP \
"Use Milenage algorithm\n"
@@ -486,10 +487,13 @@
} else if (!strcasecmp(alg_str, "comp128v3")) {
*algo = OSMO_AUTH_ALG_COMP128v3;
*minlen = *maxlen = A38_COMP128_KEY_LEN;
- } else if (!strcasecmp(alg_str, "xor")) {
- *algo = OSMO_AUTH_ALG_XOR;
+ } else if (!strcasecmp(alg_str, "xor-3g")) {
+ *algo = OSMO_AUTH_ALG_XOR_3G;
*minlen = A38_XOR_MIN_KEY_LEN;
*maxlen = A38_XOR_MAX_KEY_LEN;
+ } else if (!strcasecmp(alg_str, "xor-2g")) {
+ *algo = OSMO_AUTH_ALG_XOR_2G;
+ *minlen = *maxlen = A38_XOR2G_KEY_LEN;
} else if (!strcasecmp(alg_str, "milenage")) {
*algo = OSMO_AUTH_ALG_MILENAGE;
*minlen = *maxlen = MILENAGE_KEY_LEN;
diff --git a/tests/auc/auc_test.c b/tests/auc/auc_test.c
index 61cf82f..f39a5ad 100644
--- a/tests/auc/auc_test.c
+++ b/tests/auc/auc_test.c
@@ -477,7 +477,7 @@
aud3g = (struct osmo_sub_auth_data){
.type = OSMO_AUTH_TYPE_UMTS,
- .algo = OSMO_AUTH_ALG_XOR,
+ .algo = OSMO_AUTH_ALG_XOR_3G,
.u.umts.sqn = 0,
};
diff --git a/tests/db/db_test.c b/tests/db/db_test.c
index ab997bf..6727812 100644
--- a/tests/db/db_test.c
+++ b/tests/db/db_test.c
@@ -586,7 +586,7 @@
ASSERT_SEL_AUD(imsi0, 0, id);
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
- mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")),
+ mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")),
0);
ASSERT_SEL_AUD(imsi0, 0, id);
@@ -604,7 +604,7 @@
-ENOENT);
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
- mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")),
+ mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")),
0);
ASSERT_SEL_AUD(imsi0, 0, id);
@@ -707,12 +707,12 @@
ASSERT_SEL_AUD(imsi0, 0, id);
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
- mk_aud_2g(OSMO_AUTH_ALG_XOR, "f000000000000f00000000000f000000f00000000")),
+ mk_aud_2g(OSMO_AUTH_ALG_XOR_2G,
"f000000000000f00000000000f000000f00000000")),
-EINVAL);
ASSERT_SEL_AUD(imsi0, 0, id);
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
- mk_aud_2g(OSMO_AUTH_ALG_XOR, "f00")),
+ mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f00")),
-EINVAL);
ASSERT_SEL_AUD(imsi0, 0, id);
diff --git a/tests/db/db_test.err b/tests/db/db_test.err
index b4373cd..222d3a1 100644
--- a/tests/db/db_test.err
+++ b/tests/db/db_test.err
@@ -872,14 +872,14 @@
}
3G: none
-db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR,
"CededEffacedAceFacedBadFadedBeef")) --> 0
+db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G,
"CededEffacedAceFacedBadFadedBeef")) --> 0
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
DAUC IMSI='123456789000000': No 3G Auth Data
2G: struct osmo_sub_auth_data {
.type = GSM,
- .algo = XOR-3G,
+ .algo = XOR-2G,
.u.gsm.ki = 'cededeffacedacefacedbadfadedbeef',
}
3G: none
@@ -900,14 +900,14 @@
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_NONE, NULL)) --> -ENOENT
-db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR,
"CededEffacedAceFacedBadFadedBeef")) --> 0
+db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G,
"CededEffacedAceFacedBadFadedBeef")) --> 0
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
DAUC IMSI='123456789000000': No 3G Auth Data
2G: struct osmo_sub_auth_data {
.type = GSM,
- .algo = XOR-3G,
+ .algo = XOR-2G,
.u.gsm.ki = 'cededeffacedacefacedbadfadedbeef',
}
3G: none
@@ -1112,7 +1112,7 @@
.u.umts.ind_bitlen = 5,
}
-db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR,
"f000000000000f00000000000f000000f00000000")) --> -EINVAL
+db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G,
"f000000000000f00000000000f000000f00000000")) --> -EINVAL
DAUC Cannot update auth tokens: Invalid KI:
'f000000000000f00000000000f000000f00000000'
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
@@ -1132,7 +1132,7 @@
.u.umts.ind_bitlen = 5,
}
-db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR, "f00")) -->
-EINVAL
+db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f00"))
--> -EINVAL
DAUC Cannot update auth tokens: Invalid KI: 'f00'
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
--
To view, visit https://gerrit.osmocom.org/c/osmo-hlr/+/33096
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-hlr
Gerrit-Branch: master
Gerrit-Change-Id: I039a1f84fda54a908a82fe621e7fd078cb85e4c6
Gerrit-Change-Number: 33096
Gerrit-PatchSet: 1
Gerrit-Owner: laforge <laforge(a)osmocom.org>
Gerrit-MessageType: newchange
756
days inactive
756
days old
0 comments
1 participants
participants (1)
-
laforge