diff options
author | Harald Welte <laforge@gnumonks.org> | 2011-12-06 21:53:42 +0100 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2011-12-06 21:53:42 +0100 |
commit | d82e0eb697abab4eb994800ab649bc36cca99a83 (patch) | |
tree | 408400bb23b0fef7a7597952b6d64c057c8ecc96 | |
parent | 39a287db7497180ffaf24c5d0de91a15e0fa0d5a (diff) |
Add a generic abstraction for GSM/3G authentication algorithms
Indiidual algorithms can be implemented as plugins. libosmogsm itself
only provides COMP128v1 via this generic interface.
-rw-r--r-- | include/osmocom/crypt/Makefile.am | 2 | ||||
-rw-r--r-- | include/osmocom/crypt/auth.h | 87 | ||||
-rw-r--r-- | src/gsm/Makefile.am | 2 | ||||
-rw-r--r-- | src/gsm/auth_comp128v1.c | 47 | ||||
-rw-r--r-- | src/gsm/auth_core.c | 93 |
5 files changed, 229 insertions, 2 deletions
diff --git a/include/osmocom/crypt/Makefile.am b/include/osmocom/crypt/Makefile.am index 7ce69fdd..e4a6e538 100644 --- a/include/osmocom/crypt/Makefile.am +++ b/include/osmocom/crypt/Makefile.am @@ -1,3 +1,3 @@ -osmocrypt_HEADERS = gprs_cipher.h +osmocrypt_HEADERS = gprs_cipher.h auth.h osmocryptdir = $(includedir)/osmocom/crypt diff --git a/include/osmocom/crypt/auth.h b/include/osmocom/crypt/auth.h new file mode 100644 index 00000000..12690f84 --- /dev/null +++ b/include/osmocom/crypt/auth.h @@ -0,0 +1,87 @@ +#ifndef _OSMOCRYPTO_AUTH_H +#define _OSMOCRYPTO_AUTH_H + +#include <stdint.h> + +#include <osmocom/core/linuxlist.h> + +/*! \brief Authentication Type */ +enum osmo_sub_auth_type { + OSMO_AUTH_TYPE_NONE = 0x00, + OSMO_AUTH_TYPE_GSM = 0x01, + OSMO_AUTH_TYPE_UMTS = 0x02, +}; + +/*! \brief Authentication Algorithm */ +enum osmo_auth_algo { + OSMO_AUTH_ALG_NONE, + OSMO_AUTH_ALG_COMP128v1, + OSMO_AUTH_ALG_COMP128v2, + OSMO_AUTH_ALG_COMP128v3, + OSMO_AUTH_ALG_XOR, + OSMO_AUTH_ALG_MILENAGE, + _OSMO_AUTH_ALG_NUM, +}; + +/*! \brief permanent (secret) subscriber auth data */ +struct osmo_sub_auth_data { + enum osmo_sub_auth_type type; + enum osmo_auth_algo algo; + union { + struct { + uint8_t opc[16]; + uint8_t k[16]; + uint8_t amf[2]; + uint64_t sqn; + } umts; + struct { + uint8_t ki[16]; + } gsm; + }; +}; + +/* data structure describing a computed auth vector, generated by AuC */ +struct osmo_auth_vector { + uint8_t rand[16]; + uint8_t autn[16]; + uint8_t ck[16]; + uint8_t ik[16]; + uint8_t res[16]; + uint8_t res_len; + uint8_t kc[8]; + uint8_t sres[4]; + uint32_t auth_types; /*!< bitmask of OSMO_AUTH_TYPE_* */ +}; + +/* \brief An implementation of an authentication algorithm */ +struct osmo_auth_impl { + struct llist_head list; + enum osmo_auth_algo algo; + const char *name; + unsigned int priority; + + int (*gen_vec)(struct osmo_auth_vector *vec, + struct osmo_sub_auth_data *aud, + const uint8_t *_rand); + + int (*gen_vec_auts)(struct osmo_auth_vector *vec, + struct osmo_sub_auth_data *aud, + const uint8_t *rand_auts, const uint8_t *auts, + const uint8_t *_rand); +}; + +int osmo_auth_gen_vec(struct osmo_auth_vector *vec, + struct osmo_sub_auth_data *aud, const uint8_t *_rand); + +int osmo_auth_gen_vec_auts(struct osmo_auth_vector *vec, + struct osmo_sub_auth_data *aud, + const uint8_t *rand_auts, const uint8_t *auts, + const uint8_t *_rand); + +int osmo_auth_register(struct osmo_auth_impl *impl); + +int osmo_auth_load(const char *path); + +int osmo_auth_supported(enum osmo_auth_algo algo); + +#endif /* _OSMOCRYPTO_AUTH_H */ diff --git a/src/gsm/Makefile.am b/src/gsm/Makefile.am index 2fa6b4dd..ec05148d 100644 --- a/src/gsm/Makefile.am +++ b/src/gsm/Makefile.am @@ -11,7 +11,7 @@ libosmogsm_la_SOURCES = a5.c rxlev_stat.c tlv_parser.c comp128.c gsm_utils.c \ rsl.c gsm48.c gsm48_ie.c gsm0808.c sysinfo.c \ gprs_cipher_core.c gsm0480.c abis_nm.c gsm0502.c \ gsm0411_utils.c gsm0411_smc.c gsm0411_smr.c \ - lapd_core.c lapdm.c + lapd_core.c lapdm.c auth_core.c auth_comp128v1.c libosmogsm_la_LDFLAGS = -version-info $(LIBVERSION) libosmogsm_la_LIBADD = $(top_builddir)/src/libosmocore.la diff --git a/src/gsm/auth_comp128v1.c b/src/gsm/auth_comp128v1.c new file mode 100644 index 00000000..2e1ad2c9 --- /dev/null +++ b/src/gsm/auth_comp128v1.c @@ -0,0 +1,47 @@ + +/* GSM/GPRS/3G authentication core infrastructure */ + +/* (C) 2010-2011 by Harald Welte <laforge@gnumonks.org> + * + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <osmocom/crypt/auth.h> +#include <osmocom/gsm/comp128.h> + +static int c128v1_gen_vec(struct osmo_auth_vector *vec, + struct osmo_sub_auth_data *aud, + const uint8_t *_rand) +{ + comp128(aud->gsm.ki, _rand, vec->sres, vec->kc); + vec->auth_types = OSMO_AUTH_TYPE_GSM; + + return 0; +} + +static struct osmo_auth_impl c128v1_alg = { + .algo = OSMO_AUTH_ALG_COMP128v1, + .name = "COMP128v1 (libosmogsm built-in)", + .priority = 1000, + .gen_vec = &c128v1_gen_vec, +}; + +static __attribute__((constructor)) void on_dso_load_c128(void) +{ + osmo_auth_register(&c128v1_alg); +} diff --git a/src/gsm/auth_core.c b/src/gsm/auth_core.c new file mode 100644 index 00000000..78121bf7 --- /dev/null +++ b/src/gsm/auth_core.c @@ -0,0 +1,93 @@ +/* GSM/GPRS/3G authentication core infrastructure */ + +/* (C) 2010-2011 by Harald Welte <laforge@gnumonks.org> + * + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <errno.h> +#include <stdint.h> + +#include <osmocom/core/utils.h> +#include <osmocom/core/linuxlist.h> +#include <osmocom/core/plugin.h> + +#include <osmocom/crypt/auth.h> + +static LLIST_HEAD(osmo_auths); + +static struct osmo_auth_impl *selected_auths[_OSMO_AUTH_ALG_NUM]; + +/* register a cipher with the core */ +int osmo_auth_register(struct osmo_auth_impl *impl) +{ + if (impl->algo >= ARRAY_SIZE(selected_auths)) + return -ERANGE; + + llist_add_tail(&impl->list, &osmo_auths); + + /* check if we want to select this implementation over others */ + if (!selected_auths[impl->algo] || + (selected_auths[impl->algo]->priority > impl->priority)) + selected_auths[impl->algo] = impl; + + return 0; +} + +/* load all available GPRS cipher plugins */ +int osmo_auth_load(const char *path) +{ + /* load all plugins available from path */ + return osmo_plugin_load_all(path); +} + +int osmo_auth_supported(enum osmo_auth_algo algo) +{ + if (algo >= ARRAY_SIZE(selected_auths)) + return -ERANGE; + + if (selected_auths[algo]) + return 1; + + return 0; +} + +int osmo_auth_gen_vec(struct osmo_auth_vector *vec, + struct osmo_sub_auth_data *aud, + const uint8_t *_rand) +{ + struct osmo_auth_impl *impl = selected_auths[aud->type]; + + if (!impl) + return -ENOENT; + + return impl->gen_vec(vec, aud, _rand); +} + +int osmo_auth_gen_vec_auts(struct osmo_auth_vector *vec, + struct osmo_sub_auth_data *aud, + const uint8_t *rand_auts, const uint8_t *auts, + const uint8_t *_rand) +{ + struct osmo_auth_impl *impl = selected_auths[aud->type]; + + if (!impl || !impl->gen_vec_auts) + return -ENOENT; + + return impl->gen_vec_auts(vec, aud, rand_auts, auts, _rand); +} |