cellular-infrastructure
/
osmo-hlr
mirror of https://gerrit.osmocom.org/osmo-hlr
9
0
Fork 0
Code Issues Releases Wiki Activity

Introduce support for XOR-2G algorithm 

So far we supported a "xor" algorithm in osmo-hlr, without specifying
whether it's the XOR-3G or the (different) XOR-2G algorithm.

Furthermore, it was buggy in the sense that it permitted the XOR[-3G]
for 2G authentication data in the database.

This patch
* renames existing "xor" to "xor-3g"
* disallows "xor-3g" usage with 2G authentication data
* introduces support for XOR-2G as "xor-2g" in the VTY

Change-Id: I039a1f84fda54a908a82fe621e7fd078cb85e4c6
Depends: libosmocore.git I0ee0565382c1e4515d44ff9b1752685c0a66ae39
This commit is contained in:
Harald Welte 2023-05-30 16:57:27 +02:00
parent 5edf387353
commit 829713a69d
13 changed files with 43 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TODO-RELEASE
View File

@ -7,3 +7,4 @@
# If any interfaces have been added since the last public release: c:r:a + 1.
# If any interfaces have been removed or changed since the last public release: c:r:0.
#library what description / commit summary line
libosmogsm UPDATE_DEP_VER update libosmogsm version dependency after I0ee0565382c1e4515d44ff9b1752685c0a66ae39 is released

1
include/osmocom/hlr/hlr_vty.h
View File

@ -40,6 +40,7 @@ enum hlr_vty_node {
#define A38_XOR_MIN_KEY_LEN 12
#define A38_XOR_MAX_KEY_LEN 16
#define A38_XOR2G_KEY_LEN 16
#define A38_COMP128_KEY_LEN 16
#define MILENAGE_KEY_LEN 16

6
src/db_hlr.c
View File

@ -238,8 +238,9 @@ int db_subscr_update_aud_by_id(struct db_context *dbc, int64_t subscr_id,
case OSMO_AUTH_ALG_COMP128v1:
case OSMO_AUTH_ALG_COMP128v2:
case OSMO_AUTH_ALG_COMP128v3:
case OSMO_AUTH_ALG_XOR:
case OSMO_AUTH_ALG_XOR_2G:
break;
case OSMO_AUTH_ALG_XOR_3G:
case OSMO_AUTH_ALG_MILENAGE:
LOGP(DAUC, LOGL_ERROR, "Cannot update auth tokens:"
" auth algo not suited for 2G: %s\n",
@ -267,11 +268,12 @@ int db_subscr_update_aud_by_id(struct db_context *dbc, int64_t subscr_id,
switch (aud->algo) {
case OSMO_AUTH_ALG_NONE:
case OSMO_AUTH_ALG_MILENAGE:
case OSMO_AUTH_ALG_XOR:
case OSMO_AUTH_ALG_XOR_3G:
break;
case OSMO_AUTH_ALG_COMP128v1:
case OSMO_AUTH_ALG_COMP128v2:
case OSMO_AUTH_ALG_COMP128v3:
case OSMO_AUTH_ALG_XOR_2G:
LOGP(DAUC, LOGL_ERROR, "Cannot update auth tokens:"
" auth algo not suited for 3G: %s\n",
osmo_auth_alg_name(aud->algo));

19
src/hlr_vty_subscr.c
View File

@ -460,12 +460,12 @@ static bool is_hexkey_valid(struct vty *vty, const char *label,
return false;
}
#define AUTH_ALG_TYPES_2G "(comp128v1|comp128v2|comp128v3|xor)"
#define AUTH_ALG_TYPES_2G "(comp128v1|comp128v2|comp128v3|xor-2g)"
#define AUTH_ALG_TYPES_2G_HELP \
"Use COMP128v1 algorithm\n" \
"Use COMP128v2 algorithm\n" \
"Use COMP128v3 algorithm\n" \
"Use XOR algorithm\n"
"Use XOR-2G algorithm\n"
#define AUTH_ALG_TYPES_3G "milenage"
#define AUTH_ALG_TYPES_3G_HELP \
@ -486,10 +486,13 @@ bool auth_algo_parse(const char *alg_str, enum osmo_auth_algo *algo,
} else if (!strcasecmp(alg_str, "comp128v3")) {
*algo = OSMO_AUTH_ALG_COMP128v3;
*minlen = *maxlen = A38_COMP128_KEY_LEN;
} else if (!strcasecmp(alg_str, "xor")) {
*algo = OSMO_AUTH_ALG_XOR;
} else if (!strcasecmp(alg_str, "xor-3g")) {
*algo = OSMO_AUTH_ALG_XOR_3G;
*minlen = A38_XOR_MIN_KEY_LEN;
*maxlen = A38_XOR_MAX_KEY_LEN;
} else if (!strcasecmp(alg_str, "xor-2g")) {
*algo = OSMO_AUTH_ALG_XOR_2G;
*minlen = *maxlen = A38_XOR2G_KEY_LEN;
} else if (!strcasecmp(alg_str, "milenage")) {
*algo = OSMO_AUTH_ALG_MILENAGE;
*minlen = *maxlen = MILENAGE_KEY_LEN;
@ -659,11 +662,11 @@ DEFUN(subscriber_aud3g,
DEFUN(subscriber_aud3g_xor,
subscriber_aud3g_xor_cmd,
SUBSCR_UPDATE "aud3g xor k K"
SUBSCR_UPDATE "aud3g xor-3g k K"
" [ind-bitlen] [<0-28>]",
SUBSCR_UPDATE_HELP
"Set UMTS authentication data (3G, and 2G with UMTS AKA)\n"
"Use XOR algorithm\n"
"Use XOR-3G algorithm\n"
"Set Encryption Key K\n" "K as 32 hexadecimal characters\n"
"Set IND bit length\n" "IND bit length value (default: 5)\n")
{
@ -685,8 +688,8 @@ DEFUN(subscriber_aud3g_xor,
},
};
if (!auth_algo_parse("xor", &aud3g.algo, &minlen, &maxlen)) {
vty_out(vty, "%% Unknown auth algorithm: '%s'%s", "xor", VTY_NEWLINE);
if (!auth_algo_parse("xor-3g", &aud3g.algo, &minlen, &maxlen)) {
vty_out(vty, "%% Unknown auth algorithm: '%s'%s", "xor-3g", VTY_NEWLINE);
return CMD_WARNING;
}

2
tests/auc/auc_test.c
View File

@ -477,7 +477,7 @@ static void test_gen_vectors_3g_xor(void)
aud3g = (struct osmo_sub_auth_data){
.type = OSMO_AUTH_TYPE_UMTS,
.algo = OSMO_AUTH_ALG_XOR,
.algo = OSMO_AUTH_ALG_XOR_3G,
.u.umts.sqn = 0,
};

8
tests/db/db_test.c
View File

@ -586,7 +586,7 @@ static void test_subscr_aud(void)
ASSERT_SEL_AUD(imsi0, 0, id);
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")),
mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")),
0);
ASSERT_SEL_AUD(imsi0, 0, id);
@ -604,7 +604,7 @@ static void test_subscr_aud(void)
-ENOENT);
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")),
mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")),
0);
ASSERT_SEL_AUD(imsi0, 0, id);
@ -707,12 +707,12 @@ static void test_subscr_aud(void)
ASSERT_SEL_AUD(imsi0, 0, id);
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
mk_aud_2g(OSMO_AUTH_ALG_XOR, "f000000000000f00000000000f000000f00000000")),
mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f000000000000f00000000000f000000f00000000")),
-EINVAL);
ASSERT_SEL_AUD(imsi0, 0, id);
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
mk_aud_2g(OSMO_AUTH_ALG_XOR, "f00")),
mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f00")),
-EINVAL);
ASSERT_SEL_AUD(imsi0, 0, id);

12
tests/db/db_test.err
View File

@ -872,14 +872,14 @@ DAUC IMSI='123456789000000': No 3G Auth Data
}
3G: none
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")) --> 0
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")) --> 0
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
DAUC IMSI='123456789000000': No 3G Auth Data
2G: struct osmo_sub_auth_data {
.type = GSM,
.algo = XOR-3G,
.algo = XOR-2G,
.u.gsm.ki = 'cededeffacedacefacedbadfadedbeef',
}
3G: none
@ -900,14 +900,14 @@ DAUC IMSI='123456789000000': No 3G Auth Data
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_NONE, NULL)) --> -ENOENT
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")) --> 0
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")) --> 0
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
DAUC IMSI='123456789000000': No 3G Auth Data
2G: struct osmo_sub_auth_data {
.type = GSM,
.algo = XOR-3G,
.algo = XOR-2G,
.u.gsm.ki = 'cededeffacedacefacedbadfadedbeef',
}
3G: none
@ -1112,7 +1112,7 @@ db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
.u.umts.ind_bitlen = 5,
}
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR, "f000000000000f00000000000f000000f00000000")) --> -EINVAL
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f000000000000f00000000000f000000f00000000")) --> -EINVAL
DAUC Cannot update auth tokens: Invalid KI: 'f000000000000f00000000000f000000f00000000'
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
@ -1132,7 +1132,7 @@ db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
.u.umts.ind_bitlen = 5,
}
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR, "f00")) --> -EINVAL
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f00")) --> -EINVAL
DAUC Cannot update auth tokens: Invalid KI: 'f00'
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0

2
tests/db_upgrade/create_subscribers.vty
View File

@ -43,5 +43,5 @@ OsmoHLR# subscriber imsi 5555555 create
MSISDN: none
OsmoHLR# subscriber imsi 5555555 update msisdn 55555555555555
% Updated subscriber IMSI='5555555' to MSISDN='55555555555555'
OsmoHLR# subscriber imsi 5555555 update aud2g xor ki 55555555555555555555555555555555
OsmoHLR# subscriber imsi 5555555 update aud2g xor-2g ki 55555555555555555555555555555555
OsmoHLR# subscriber imsi 5555555 update aud3g milenage k 55555555555555555555555555555555 opc 55555555555555555555555555555555

4
tests/db_upgrade/db_upgrade_test.ok
View File

@ -12,7 +12,7 @@ Table auc_2g contents:
algo_id_2g|ki|subscriber_id
1|BeefedCafeFaceAcedAddedDecadeFee|1
2|33333333333333333333333333333333|4
4|55555555555555555555555555555555|6
6|55555555555555555555555555555555|6
Table: auc_3g
name|type|notnull|dflt_value|pk
@ -100,7 +100,7 @@ Table auc_2g contents:
algo_id_2g|ki|subscriber_id
1|BeefedCafeFaceAcedAddedDecadeFee|1
2|33333333333333333333333333333333|4
4|55555555555555555555555555555555|6
6|55555555555555555555555555555555|6
Table: auc_3g
name|type|notnull|dflt_value|pk

2
tests/db_upgrade/hlr_db_v0.sql
View File

@ -61,7 +61,7 @@ CREATE TABLE auc_2g (
);
INSERT INTO auc_2g VALUES(1,1,'BeefedCafeFaceAcedAddedDecadeFee');
INSERT INTO auc_2g VALUES(4,2,'33333333333333333333333333333333');
INSERT INTO auc_2g VALUES(6,4,'55555555555555555555555555555555');
INSERT INTO auc_2g VALUES(6,6,'55555555555555555555555555555555');
CREATE TABLE auc_3g (
subscriber_id INTEGER PRIMARY KEY, -- subscriber.id
algo_id_3g INTEGER NOT NULL, -- enum osmo_auth_algo value

4
tests/test_subscriber.ctrl
View File

@ -674,11 +674,11 @@ lmsi 00000000
GET 112 subscriber.by-imsi-901991234567891.aud2g
GET_REPLY 112 subscriber.by-imsi-901991234567891.aud2g none
SET 113 subscriber.by-imsi-901991234567891.aud2g xor,c01ffedc1cadaeac1d1f1edacac1ab0a
SET 113 subscriber.by-imsi-901991234567891.aud2g xor-2g,c01ffedc1cadaeac1d1f1edacac1ab0a
SET_REPLY 113 subscriber.by-imsi-901991234567891.aud2g OK
GET 114 subscriber.by-imsi-901991234567891.aud2g
GET_REPLY 114 subscriber.by-imsi-901991234567891.aud2g XOR-3G,c01ffedc1cadaeac1d1f1edacac1ab0a
GET_REPLY 114 subscriber.by-imsi-901991234567891.aud2g XOR-2G,c01ffedc1cadaeac1d1f1edacac1ab0a
SET 115 subscriber.by-imsi-901991234567891.aud2g none
SET_REPLY 115 subscriber.by-imsi-901991234567891.aud2g OK

16
tests/test_subscriber.vty
View File

@ -8,10 +8,10 @@ OsmoHLR# list
subscriber (imsi|msisdn|id|imei) IDENT delete
subscriber (imsi|msisdn|id|imei) IDENT update msisdn (none|MSISDN)
subscriber (imsi|msisdn|id|imei) IDENT update aud2g none
subscriber (imsi|msisdn|id|imei) IDENT update aud2g (comp128v1|comp128v2|comp128v3|xor) ki KI
subscriber (imsi|msisdn|id|imei) IDENT update aud2g (comp128v1|comp128v2|comp128v3|xor-2g) ki KI
subscriber (imsi|msisdn|id|imei) IDENT update aud3g none
subscriber (imsi|msisdn|id|imei) IDENT update aud3g milenage k K (op|opc) OP_C [ind-bitlen] [<0-28>]
subscriber (imsi|msisdn|id|imei) IDENT update aud3g xor k K [ind-bitlen] [<0-28>]
subscriber (imsi|msisdn|id|imei) IDENT update aud3g xor-3g k K [ind-bitlen] [<0-28>]
subscriber (imsi|msisdn|id|imei) IDENT update imei (none|IMEI)
subscriber (imsi|msisdn|id|imei) IDENT update network-access-mode (none|cs|ps|cs+ps)
show mslookup services
@ -144,7 +144,7 @@ OsmoHLR# subscriber imsi 123456789023000 update aud2g ?
comp128v1 Use COMP128v1 algorithm
comp128v2 Use COMP128v2 algorithm
comp128v3 Use COMP128v3 algorithm
xor Use XOR algorithm
xor-2g Use XOR-2G algorithm
OsmoHLR# subscriber imsi 123456789023000 update aud2g comp128v1 ?
ki Set Ki Encryption Key
@ -155,12 +155,12 @@ OsmoHLR# subscriber imsi 123456789023000 update aud2g comp128v1 ki ?
OsmoHLR# subscriber imsi 123456789023000 update aud2g comp128v1 ki val ?
<cr>
OsmoHLR# subscriber imsi 123456789023000 update aud2g xor ki Deaf0ff1ceD0d0DabbedD1ced1ceF00d
OsmoHLR# subscriber imsi 123456789023000 update aud2g xor-2g ki Deaf0ff1ceD0d0DabbedD1ced1ceF00d
OsmoHLR# subscriber imsi 123456789023000 show
ID: 101
IMSI: 123456789023000
MSISDN: 423
2G auth: XOR-3G
2G auth: XOR-2G
KI=deaf0ff1ced0d0dabbedd1ced1cef00d
OsmoHLR# subscriber imsi 123456789023000 update aud2g comp128v1 ki BeefedCafeFaceAcedAddedDecadeFee
@ -241,7 +241,7 @@ OsmoHLR# subscriber id 101 show
2G auth: COMP128v3
KI=c01ffedc1cadaeac1d1f1edacac1ab0a
OsmoHLR# subscriber id 101 update aud2g xor ki CoiffedCicadaeAcidifiedAcaciaBoa
OsmoHLR# subscriber id 101 update aud2g xor-2g ki CoiffedCicadaeAcidifiedAcaciaBoa
% Invalid value for KI: 'CoiffedCicadaeAcidifiedAcaciaBoa'
OsmoHLR# subscriber id 101 show
ID: 101
@ -250,7 +250,7 @@ OsmoHLR# subscriber id 101 show
2G auth: COMP128v3
KI=c01ffedc1cadaeac1d1f1edacac1ab0a
OsmoHLR# subscriber id 101 update aud2g xor ki C01ffedC1cadaeAc1d1f1edAcac1aB0aX
OsmoHLR# subscriber id 101 update aud2g xor-2g ki C01ffedC1cadaeAc1d1f1edAcac1aB0aX
% Invalid value for KI: 'C01ffedC1cadaeAc1d1f1edAcac1aB0aX'
OsmoHLR# subscriber id 101 show
ID: 101
@ -269,7 +269,7 @@ OsmoHLR# subscriber id 101 show
OsmoHLR# subscriber imsi 123456789023000 update aud3g ?
none Delete 3G authentication data
milenage Use Milenage algorithm
xor Use XOR algorithm
xor-3g Use XOR-3G algorithm
OsmoHLR# subscriber imsi 123456789023000 update aud3g milenage ?
k Set Encryption Key K

2
tests/test_subscriber_errors.ctrl
View File

@ -130,7 +130,7 @@ ERROR 54 Value failed verification.
SET 55 subscriber.by-imsi-901990000000003.aud2g foobar,2134
ERROR 55 Unknown auth algorithm.
SET 56 subscriber.by-imsi-901990000000003.aud2g xor,2134
SET 56 subscriber.by-imsi-901990000000003.aud2g xor-2g,2134
ERROR 56 Invalid KI.
SET 57 subscriber.by-imsi-901990000000003.aud3g foobar