Hi.
Attached is a small patch which replaces direct call to comp128 from libosmocore to auth api call. This will help to remove comp128 from libosmocore public api and to use other auth functions in openbsc in future.
Hi,
☎ wrote:
Attached is a small patch which replaces direct call to comp128 from libosmocore to auth api call.
Thanks!
+++ b/openbsc/src/libmsc/auth.c
..
@@ -60,9 +59,17 @@ _use_comp128_v1(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple) return -1; }
- comp128(ainfo->a3a8_ki, atuple->rand, atuple->sres, atuple->kc);
- return 0;
- static struct osmo_sub_auth_data auth = {
.type = OSMO_AUTH_TYPE_GSM,.algo = OSMO_AUTH_ALG_COMP128v1- };
- memcpy(auth.u.gsm.ki, ainfo->a3a8_ki, sizeof(auth.u.gsm.ki));
- struct osmo_auth_vector _vec;
- struct osmo_auth_vector *vec = &_vec;
- int r = osmo_auth_gen_vec(vec, &auth, atuple->rand);
- memcpy(atuple->sres, vec->sres, 4);
- memcpy(atuple->kc, vec->kc, 8);
- return r;
}
Maybe add a newline or two, and I think the openbsc style is to declare all variables at the start of the function.
//Peter
Improved version attached.
19.11.2013 13:32, Peter Stuge пишет:
Hi,
☎ wrote:
Attached is a small patch which replaces direct call to comp128 from libosmocore to auth api call.
Thanks!
+++ b/openbsc/src/libmsc/auth.c
..
@@ -60,9 +59,17 @@ _use_comp128_v1(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple) return -1; }
- comp128(ainfo->a3a8_ki, atuple->rand, atuple->sres, atuple->kc);
- return 0;
- static struct osmo_sub_auth_data auth = {
.type = OSMO_AUTH_TYPE_GSM,.algo = OSMO_AUTH_ALG_COMP128v1- };
- memcpy(auth.u.gsm.ki, ainfo->a3a8_ki, sizeof(auth.u.gsm.ki));
- struct osmo_auth_vector _vec;
- struct osmo_auth_vector *vec = &_vec;
- int r = osmo_auth_gen_vec(vec, &auth, atuple->rand);
- memcpy(atuple->sres, vec->sres, 4);
- memcpy(atuple->kc, vec->kc, 8);
- return r;
}
Maybe add a newline or two, and I think the openbsc style is to declare all variables at the start of the function.
//Peter
Hi Max,
thanks for your patch.
I think it would make more sense to
1) add XOR to libosmocore 2) have a table or function to map from AUTH_ALGO_COMP128v1 to OSMO_AUTH_ALG_COMP128v1 (as well as mappings for any other ciphers
at that time, _use_xor() / _use_comp128_v1() become superfluous, and auth_get_tuple_for_subscr() can call osmo_auth_gen_vec() directly.
This way, adding more algorithms only has to add mappings for the AUTH_ALGO_* to OSMO_AUTH_ALG_ values (and a way how the vty can change the algorithm for a given subscriber).
What do you think?
Regards, Harald
22.11.2013 17:07, Harald Welte пишет:
Hi Max,
thanks for your patch.
I think it would make more sense to
- add XOR to libosmocore
Was it actually used for anything besides internal testing inside OpenBSC? I do not recall seeing xor "hash function" in gsm spec, so I'm not sure it will be generally useful except for giving nightmares to security researchers :)
- have a table or function to map from AUTH_ALGO_COMP128v1 to OSMO_AUTH_ALG_COMP128v1 (as well as mappings for any other ciphers
Can we use OSMO_AUTH_ALG_COMP128v1 directly? As far as I can see it's only used to map some text into algorithm in vty code and than use selected algorithm in auth code. What is include/openbsc/gsm_data.h for?
at that time, _use_xor() / _use_comp128_v1() become superfluous, and auth_get_tuple_for_subscr() can call osmo_auth_gen_vec() directly.
I was thinking to use osmo_auth_gen_vec() and replace gsm_auth_tuple with osmo_auth_vec but I'm not sure what parts of libmsc considered as "stable" api so I opted for minimum-intrusion patches just to get rid of direct access to libosmocore's comp128v* functions. Of course the more generic code from libosmocore is used - the better.
Hi,
- add XOR to libosmocore
Was it actually used for anything besides internal testing inside OpenBSC? I do not recall seeing xor "hash function" in gsm spec, so I'm not sure it will be generally useful except for giving nightmares to security researchers :)
It's used by some test sims and some test equipement.
Cheers,
Sylvain
Here it is - rely on libosmocore to do the right stuff for us.
Hi.
As a follow-up for recent discussion - here is the patch from CCC.
-------- Исходное сообщение -------- Тема: Re: [PATCH] Use generic osmocom auth api Дата: Fri, 27 Dec 2013 23:02:40 +0100 От: ☎ Max.Suraev@fairwaves.ru Кому: openbsc@lists.osmocom.org
Here it is - rely on libosmocore to do the right stuff for us.
-
Harald Welte -
Peter Stuge -
Sylvain Munaut -
☎