This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Vadim Yanitskiy gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/7398 libmsc/auth.c: use libosmogsm authentication API No need to reinvent the wheel, the following auth algorithms are supported by libosmogsm API at the moment: - OSMO_AUTH_ALG_XOR, - OSMO_AUTH_ALG_COMP128v1, - OSMO_AUTH_ALG_COMP128v2, - OSMO_AUTH_ALG_COMP128v3, - OSMO_AUTH_ALG_MILENAGE. Let's remove the custom implementation and switch to this API. Change-Id: I08dae631bcfc1bb3a4817084723e04a59c745329 --- M openbsc/src/libmsc/auth.c 1 file changed, 25 insertions(+), 63 deletions(-) git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/98/7398/1 diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c index 8c8af11..059d7b3 100644 --- a/openbsc/src/libmsc/auth.c +++ b/openbsc/src/libmsc/auth.c @@ -25,9 +25,8 @@ #include <openbsc/auth.h> #include <openbsc/gsm_data.h> -#include <osmocom/gsm/comp128v23.h> -#include <osmocom/gsm/comp128.h> #include <osmocom/core/utils.h> +#include <osmocom/crypt/auth.h> #include <openssl/rand.h> @@ -42,58 +41,6 @@ { 0, NULL } }; -static int -_use_xor(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple) -{ - int i, l = ainfo->a3a8_ki_len; - - if ((l > A38_XOR_MAX_KEY_LEN) || (l < A38_XOR_MIN_KEY_LEN)) { - LOGP(DMM, LOGL_ERROR, "Invalid XOR key (len=%d) %s\n", - ainfo->a3a8_ki_len, - osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len)); - return -1; - } - - for (i=0; i<4; i++) - atuple->vec.sres[i] = atuple->vec.rand[i] ^ ainfo->a3a8_ki[i]; - for (i=4; i<12; i++) - atuple->vec.kc[i-4] = atuple->vec.rand[i] ^ ainfo->a3a8_ki[i]; - - return 0; -} - -static int -_use_comp128(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple, - enum gsm_auth_algo algo) -{ - if (ainfo->a3a8_ki_len != A38_COMP128_KEY_LEN) { - LOGP(DMM, LOGL_ERROR, "Invalid COMP128v1 key (len=%d) %s\n", - ainfo->a3a8_ki_len, - osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len)); - return -1; - } - - switch (algo) { - case AUTH_ALGO_COMP128v1: - comp128(ainfo->a3a8_ki, atuple->vec.rand, - atuple->vec.sres, atuple->vec.kc); - break; - case AUTH_ALGO_COMP128v2: - comp128v2(ainfo->a3a8_ki, atuple->vec.rand, - atuple->vec.sres, atuple->vec.kc); - break; - case AUTH_ALGO_COMP128v3: - comp128v3(ainfo->a3a8_ki, atuple->vec.rand, - atuple->vec.sres, atuple->vec.kc); - break; - default: - /* Unsupported version */ - return -ENOTSUP; - } - - return 0; -} - /* Return values * -1 -> Internal error * 0 -> Not available @@ -103,6 +50,7 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple, struct gsm_subscriber *subscr, int key_seq) { + struct osmo_sub_auth_data aud2g; struct gsm_auth_info ainfo; int rc; @@ -146,29 +94,43 @@ return AUTH_ERROR; } + /* Prepare the auth data */ + memset(&aud2g, 0x00, sizeof(struct osmo_sub_auth_data)); + aud2g.type = OSMO_AUTH_TYPE_GSM; + + /* Choose an authentication algorithm */ switch (ainfo.auth_algo) { case AUTH_ALGO_NONE: DEBUGP(DMM, "No authentication for subscriber\n"); return AUTH_NOT_AVAIL; - case AUTH_ALGO_XOR: - if (_use_xor(&ainfo, atuple)) - return AUTH_NOT_AVAIL; + aud2g.algo = OSMO_AUTH_ALG_XOR; break; - case AUTH_ALGO_COMP128v1: - case AUTH_ALGO_COMP128v2: - case AUTH_ALGO_COMP128v3: - if (_use_comp128(&ainfo, atuple, ainfo.auth_algo)) - return AUTH_NOT_AVAIL; + aud2g.algo = OSMO_AUTH_ALG_COMP128v1; break; - + case AUTH_ALGO_COMP128v2: + aud2g.algo = OSMO_AUTH_ALG_COMP128v2; + break; + case AUTH_ALGO_COMP128v3: + aud2g.algo = OSMO_AUTH_ALG_COMP128v3; + break; default: DEBUGP(DMM, "Unsupported auth type algo_id=%d\n", ainfo.auth_algo); return AUTH_NOT_AVAIL; } + /* Copy actual KI to auth data */ + memcpy(aud2g.u.gsm.ki, ainfo.a3a8_ki, ainfo.a3a8_ki_len); + + /* Generate an auth vector */ + rc = osmo_auth_gen_vec(&atuple->vec, &aud2g, atuple->vec.rand); + if (rc < 0) { + DEBUGP(DMM, "Error in 2G vector generation\n"); + return AUTH_NOT_AVAIL; + } + db_sync_lastauthtuple_for_subscr(atuple, subscr); DEBUGP(DMM, "Need to do authentication and ciphering\n"); -- To view, visit https://gerrit.osmocom.org/7398 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I08dae631bcfc1bb3a4817084723e04a59c745329 Gerrit-PatchSet: 1 Gerrit-Project: openbsc Gerrit-Branch: master Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>