[PATCH] openbsc[master]: libmsc/auth.c: use libosmogsm authentication API

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Vadim Yanitskiy gerrit-no-reply at lists.osmocom.org
Mon Mar 19 17:56:18 UTC 2018


Review at  https://gerrit.osmocom.org/7398

libmsc/auth.c: use libosmogsm authentication API

No need to reinvent the wheel, the following auth algorithms
are supported by libosmogsm API at the moment:

  - OSMO_AUTH_ALG_XOR,
  - OSMO_AUTH_ALG_COMP128v1,
  - OSMO_AUTH_ALG_COMP128v2,
  - OSMO_AUTH_ALG_COMP128v3,
  - OSMO_AUTH_ALG_MILENAGE.

Let's remove the custom implementation and switch to this API.

Change-Id: I08dae631bcfc1bb3a4817084723e04a59c745329
---
M openbsc/src/libmsc/auth.c
1 file changed, 25 insertions(+), 63 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/98/7398/1

diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
index 8c8af11..059d7b3 100644
--- a/openbsc/src/libmsc/auth.c
+++ b/openbsc/src/libmsc/auth.c
@@ -25,9 +25,8 @@
 #include <openbsc/auth.h>
 #include <openbsc/gsm_data.h>
 
-#include <osmocom/gsm/comp128v23.h>
-#include <osmocom/gsm/comp128.h>
 #include <osmocom/core/utils.h>
+#include <osmocom/crypt/auth.h>
 
 #include <openssl/rand.h>
 
@@ -42,58 +41,6 @@
 	{ 0, NULL }
 };
 
-static int
-_use_xor(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple)
-{
-	int i, l = ainfo->a3a8_ki_len;
-
-	if ((l > A38_XOR_MAX_KEY_LEN) || (l < A38_XOR_MIN_KEY_LEN)) {
-		LOGP(DMM, LOGL_ERROR, "Invalid XOR key (len=%d) %s\n",
-			ainfo->a3a8_ki_len,
-			osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len));
-		return -1;
-	}
-
-	for (i=0; i<4; i++)
-		atuple->vec.sres[i] = atuple->vec.rand[i] ^ ainfo->a3a8_ki[i];
-	for (i=4; i<12; i++)
-		atuple->vec.kc[i-4] = atuple->vec.rand[i] ^ ainfo->a3a8_ki[i];
-
-	return 0;
-}
-
-static int
-_use_comp128(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple,
-	enum gsm_auth_algo algo)
-{
-	if (ainfo->a3a8_ki_len != A38_COMP128_KEY_LEN) {
-		LOGP(DMM, LOGL_ERROR, "Invalid COMP128v1 key (len=%d) %s\n",
-			ainfo->a3a8_ki_len,
-			osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len));
-		return -1;
-	}
-
-	switch (algo) {
-	case AUTH_ALGO_COMP128v1:
-		comp128(ainfo->a3a8_ki, atuple->vec.rand,
-			atuple->vec.sres, atuple->vec.kc);
-		break;
-	case AUTH_ALGO_COMP128v2:
-		comp128v2(ainfo->a3a8_ki, atuple->vec.rand,
-			atuple->vec.sres, atuple->vec.kc);
-		break;
-	case AUTH_ALGO_COMP128v3:
-		comp128v3(ainfo->a3a8_ki, atuple->vec.rand,
-			atuple->vec.sres, atuple->vec.kc);
-		break;
-	default:
-		/* Unsupported version */
-		return -ENOTSUP;
-	}
-
-	return 0;
-}
-
 /* Return values 
  *  -1 -> Internal error
  *   0 -> Not available
@@ -103,6 +50,7 @@
 int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
                               struct gsm_subscriber *subscr, int key_seq)
 {
+	struct osmo_sub_auth_data aud2g;
 	struct gsm_auth_info ainfo;
 	int rc;
 
@@ -146,29 +94,43 @@
 		return AUTH_ERROR;
 	}
 
+	/* Prepare the auth data */
+	memset(&aud2g, 0x00, sizeof(struct osmo_sub_auth_data));
+	aud2g.type = OSMO_AUTH_TYPE_GSM;
+
+	/* Choose an authentication algorithm */
 	switch (ainfo.auth_algo) {
 	case AUTH_ALGO_NONE:
 		DEBUGP(DMM, "No authentication for subscriber\n");
 		return AUTH_NOT_AVAIL;
-
 	case AUTH_ALGO_XOR:
-		if (_use_xor(&ainfo, atuple))
-			return AUTH_NOT_AVAIL;
+		aud2g.algo = OSMO_AUTH_ALG_XOR;
 		break;
-
 	case AUTH_ALGO_COMP128v1:
-	case AUTH_ALGO_COMP128v2:
-	case AUTH_ALGO_COMP128v3:
-		if (_use_comp128(&ainfo, atuple, ainfo.auth_algo))
-			return AUTH_NOT_AVAIL;
+		aud2g.algo = OSMO_AUTH_ALG_COMP128v1;
 		break;
-
+	case AUTH_ALGO_COMP128v2:
+		aud2g.algo = OSMO_AUTH_ALG_COMP128v2;
+		break;
+	case AUTH_ALGO_COMP128v3:
+		aud2g.algo = OSMO_AUTH_ALG_COMP128v3;
+		break;
 	default:
 		DEBUGP(DMM, "Unsupported auth type algo_id=%d\n",
 			ainfo.auth_algo);
 		return AUTH_NOT_AVAIL;
 	}
 
+	/* Copy actual KI to auth data */
+	memcpy(aud2g.u.gsm.ki, ainfo.a3a8_ki, ainfo.a3a8_ki_len);
+
+	/* Generate an auth vector */
+	rc = osmo_auth_gen_vec(&atuple->vec, &aud2g, atuple->vec.rand);
+	if (rc < 0) {
+		DEBUGP(DMM, "Error in 2G vector generation\n");
+		return AUTH_NOT_AVAIL;
+	}
+
         db_sync_lastauthtuple_for_subscr(atuple, subscr);
 
 	DEBUGP(DMM, "Need to do authentication and ciphering\n");

-- 
To view, visit https://gerrit.osmocom.org/7398
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I08dae631bcfc1bb3a4817084723e04a59c745329
Gerrit-PatchSet: 1
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>



More information about the gerrit-log mailing list