Use generic auth API
diff mbox

Message ID 1413541198-18547-1-git-send-email-max.suraev@fairwaves.co
State Accepted
Headers show

Commit Message

Max Oct. 17, 2014, 10:19 a.m. UTC
Signed-off-by: Max <max.suraev@fairwaves.co>
---
 openbsc/src/libmsc/auth.c | 69 +++++++++++++++++++----------------------------
 1 file changed, 28 insertions(+), 41 deletions(-)

Comments

Max Oct. 17, 2014, 10:31 a.m. UTC | #1
Just realized that this long time ago published patch s not visible at patchwork.
I'd appreciate help with testing it against sim cards using xor - don't have any at
hands.

17.10.2014 12:19, Max пишет:
> Signed-off-by: Max <max.suraev@fairwaves.co>
> ---
>  openbsc/src/libmsc/auth.c | 69 +++++++++++++++++++----------------------------
>  1 file changed, 28 insertions(+), 41 deletions(-)
> 
> diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
> index 10d8edf..d04b2fc 100644
> --- a/openbsc/src/libmsc/auth.c
> +++ b/openbsc/src/libmsc/auth.c
> @@ -24,47 +24,11 @@
>  #include <openbsc/debug.h>
>  #include <openbsc/auth.h>
>  #include <openbsc/gsm_data.h>
> -
> -#include <osmocom/gsm/comp128.h>
> +#include <osmocom/crypt/auth.h>
>  
>  #include <stdlib.h>
>  
>  
> -static int
> -_use_xor(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple)
> -{
> -	int i, l = ainfo->a3a8_ki_len;
> -
> -	if ((l > A38_XOR_MAX_KEY_LEN) || (l < A38_XOR_MIN_KEY_LEN)) {
> -		LOGP(DMM, LOGL_ERROR, "Invalid XOR key (len=%d) %s\n",
> -			ainfo->a3a8_ki_len,
> -			osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len));
> -		return -1;
> -	}
> -
> -	for (i=0; i<4; i++)
> -		atuple->sres[i] = atuple->rand[i] ^ ainfo->a3a8_ki[i];
> -	for (i=4; i<12; i++)
> -		atuple->kc[i-4] = atuple->rand[i] ^ ainfo->a3a8_ki[i];
> -
> -	return 0;
> -}
> -
> -static int
> -_use_comp128_v1(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple)
> -{
> -	if (ainfo->a3a8_ki_len != A38_COMP128_KEY_LEN) {
> -		LOGP(DMM, LOGL_ERROR, "Invalid COMP128v1 key (len=%d) %s\n",
> -			ainfo->a3a8_ki_len,
> -			osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len));
> -		return -1;
> -	}
> -
> -	comp128(ainfo->a3a8_ki, atuple->rand, atuple->sres, atuple->kc);
> -
> -	return 0;
> -}
> -
>  /* Return values 
>   *  -1 -> Internal error
>   *   0 -> Not available
> @@ -76,6 +40,11 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
>  {
>  	struct gsm_auth_info ainfo;
>  	int i, rc;
> +	static struct osmo_sub_auth_data auth = {
> +	    .type = OSMO_AUTH_TYPE_GSM
> +	};
> +	struct osmo_auth_vector _vec;
> +	struct osmo_auth_vector *vec = &_vec;
>  
>  	/* Get subscriber info (if any) */
>  	rc = db_get_authinfo_for_subscr(&ainfo, subscr);
> @@ -109,13 +78,23 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
>  		return 0;
>  
>  	case AUTH_ALGO_XOR:
> -		if (_use_xor(&ainfo, atuple))
> -			return 0;
> +		auth.algo = OSMO_AUTH_ALG_XOR;
> +		if ((ainfo.a3a8_ki_len > A38_XOR_MAX_KEY_LEN) || (ainfo.a3a8_ki_len < A38_XOR_MIN_KEY_LEN)) {
> +			LOGP(DMM, LOGL_ERROR, "Invalid XOR key (len=%d) %s\n",
> +			     ainfo.a3a8_ki_len,
> +			     osmo_hexdump(ainfo.a3a8_ki, ainfo.a3a8_ki_len));
> +			return -1;
> +		}
>  		break;
>  
>  	case AUTH_ALGO_COMP128v1:
> -		if (_use_comp128_v1(&ainfo, atuple))
> -			return 0;
> +		auth.algo = OSMO_AUTH_ALG_COMP128v1;
> +		if (ainfo.a3a8_ki_len != A38_COMP128_KEY_LEN) {
> +			LOGP(DMM, LOGL_ERROR, "Invalid COMP128v1 key (len=%d) %s\n",
> +			     ainfo.a3a8_ki_len,
> +			     osmo_hexdump(ainfo.a3a8_ki, ainfo.a3a8_ki_len));
> +			return -1;
> +		}
>  		break;
>  
>  	default:
> @@ -124,6 +103,14 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
>  		return 0;
>  	}
>  
> +	memcpy(auth.u.gsm.ki, ainfo.a3a8_ki, sizeof(auth.u.gsm.ki));
> +
> +	if (osmo_auth_gen_vec(vec, &auth, atuple->rand) < 0)
> +		return -1;
> +
> +	memcpy(atuple->sres, vec->sres, 4);
> +	memcpy(atuple->kc, vec->kc, 8);
> +
>          db_sync_lastauthtuple_for_subscr(atuple, subscr);
>  
>  	DEBUGP(DMM, "Need to do authentication and ciphering\n");
>
Holger Freyther May 17, 2015, 5:12 p.m. UTC | #2
> On 17 Oct 2014, at 12:31, ☎ <Max.Suraev@fairwaves.co> wrote:


Dear Max,

> Just realized that this long time ago published patch s not visible at patchwork.
> I'd appreciate help with testing it against sim cards using xor - don't have any at
> hands.

okay this is still needed to be applied. Could you please re-base and re-send
the patch? sorry for the delay.

holger
Max June 1, 2015, 1:31 p.m. UTC | #3
Pardon for delay - got deadline at my back :)

I've just tried the patch from http://patchwork.ozlabs.org/patch/400499/ and it
applies cleanly to the latest git, all the tests pass.

Why do we need to rebase it? What kind of warnings/test failures have you hit with
this patch?

17.05.2015 19:12, Holger Freyther пишет:
> 
>> On 17 Oct 2014, at 12:31, ☎ <Max.Suraev@fairwaves.co> wrote:
> 
> 
> Dear Max,
> 
>> Just realized that this long time ago published patch s not visible at patchwork.
>> I'd appreciate help with testing it against sim cards using xor - don't have any at
>> hands.
> 
> okay this is still needed to be applied. Could you please re-base and re-send
> the patch? sorry for the delay.
> 
> holger
>

Patch
diff mbox

diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
index 10d8edf..d04b2fc 100644
--- a/openbsc/src/libmsc/auth.c
+++ b/openbsc/src/libmsc/auth.c
@@ -24,47 +24,11 @@ 
 #include <openbsc/debug.h>
 #include <openbsc/auth.h>
 #include <openbsc/gsm_data.h>
-
-#include <osmocom/gsm/comp128.h>
+#include <osmocom/crypt/auth.h>
 
 #include <stdlib.h>
 
 
-static int
-_use_xor(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple)
-{
-	int i, l = ainfo->a3a8_ki_len;
-
-	if ((l > A38_XOR_MAX_KEY_LEN) || (l < A38_XOR_MIN_KEY_LEN)) {
-		LOGP(DMM, LOGL_ERROR, "Invalid XOR key (len=%d) %s\n",
-			ainfo->a3a8_ki_len,
-			osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len));
-		return -1;
-	}
-
-	for (i=0; i<4; i++)
-		atuple->sres[i] = atuple->rand[i] ^ ainfo->a3a8_ki[i];
-	for (i=4; i<12; i++)
-		atuple->kc[i-4] = atuple->rand[i] ^ ainfo->a3a8_ki[i];
-
-	return 0;
-}
-
-static int
-_use_comp128_v1(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple)
-{
-	if (ainfo->a3a8_ki_len != A38_COMP128_KEY_LEN) {
-		LOGP(DMM, LOGL_ERROR, "Invalid COMP128v1 key (len=%d) %s\n",
-			ainfo->a3a8_ki_len,
-			osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len));
-		return -1;
-	}
-
-	comp128(ainfo->a3a8_ki, atuple->rand, atuple->sres, atuple->kc);
-
-	return 0;
-}
-
 /* Return values 
  *  -1 -> Internal error
  *   0 -> Not available
@@ -76,6 +40,11 @@  int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
 {
 	struct gsm_auth_info ainfo;
 	int i, rc;
+	static struct osmo_sub_auth_data auth = {
+	    .type = OSMO_AUTH_TYPE_GSM
+	};
+	struct osmo_auth_vector _vec;
+	struct osmo_auth_vector *vec = &_vec;
 
 	/* Get subscriber info (if any) */
 	rc = db_get_authinfo_for_subscr(&ainfo, subscr);
@@ -109,13 +78,23 @@  int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
 		return 0;
 
 	case AUTH_ALGO_XOR:
-		if (_use_xor(&ainfo, atuple))
-			return 0;
+		auth.algo = OSMO_AUTH_ALG_XOR;
+		if ((ainfo.a3a8_ki_len > A38_XOR_MAX_KEY_LEN) || (ainfo.a3a8_ki_len < A38_XOR_MIN_KEY_LEN)) {
+			LOGP(DMM, LOGL_ERROR, "Invalid XOR key (len=%d) %s\n",
+			     ainfo.a3a8_ki_len,
+			     osmo_hexdump(ainfo.a3a8_ki, ainfo.a3a8_ki_len));
+			return -1;
+		}
 		break;
 
 	case AUTH_ALGO_COMP128v1:
-		if (_use_comp128_v1(&ainfo, atuple))
-			return 0;
+		auth.algo = OSMO_AUTH_ALG_COMP128v1;
+		if (ainfo.a3a8_ki_len != A38_COMP128_KEY_LEN) {
+			LOGP(DMM, LOGL_ERROR, "Invalid COMP128v1 key (len=%d) %s\n",
+			     ainfo.a3a8_ki_len,
+			     osmo_hexdump(ainfo.a3a8_ki, ainfo.a3a8_ki_len));
+			return -1;
+		}
 		break;
 
 	default:
@@ -124,6 +103,14 @@  int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
 		return 0;
 	}
 
+	memcpy(auth.u.gsm.ki, ainfo.a3a8_ki, sizeof(auth.u.gsm.ki));
+
+	if (osmo_auth_gen_vec(vec, &auth, atuple->rand) < 0)
+		return -1;
+
+	memcpy(atuple->sres, vec->sres, 4);
+	memcpy(atuple->kc, vec->kc, 8);
+
         db_sync_lastauthtuple_for_subscr(atuple, subscr);
 
 	DEBUGP(DMM, "Need to do authentication and ciphering\n");