Introduce support for XOR-2G algorithm
So far we supported a "xor" algorithm in osmo-hlr, without specifying whether it's the XOR-3G or the (different) XOR-2G algorithm. Furthermore, it was buggy in the sense that it permitted the XOR[-3G] for 2G authentication data in the database. This patch * renames existing "xor" to "xor-3g" * disallows "xor-3g" usage with 2G authentication data * introduces support for XOR-2G as "xor-2g" in the VTY Change-Id: I039a1f84fda54a908a82fe621e7fd078cb85e4c6 Depends: libosmocore.git I0ee0565382c1e4515d44ff9b1752685c0a66ae39
This commit is contained in:
parent
5edf387353
commit
829713a69d
|
@ -7,3 +7,4 @@
|
|||
# If any interfaces have been added since the last public release: c:r:a + 1.
|
||||
# If any interfaces have been removed or changed since the last public release: c:r:0.
|
||||
#library what description / commit summary line
|
||||
libosmogsm UPDATE_DEP_VER update libosmogsm version dependency after I0ee0565382c1e4515d44ff9b1752685c0a66ae39 is released
|
||||
|
|
|
@ -40,6 +40,7 @@ enum hlr_vty_node {
|
|||
|
||||
#define A38_XOR_MIN_KEY_LEN 12
|
||||
#define A38_XOR_MAX_KEY_LEN 16
|
||||
#define A38_XOR2G_KEY_LEN 16
|
||||
#define A38_COMP128_KEY_LEN 16
|
||||
#define MILENAGE_KEY_LEN 16
|
||||
|
||||
|
|
|
@ -238,8 +238,9 @@ int db_subscr_update_aud_by_id(struct db_context *dbc, int64_t subscr_id,
|
|||
case OSMO_AUTH_ALG_COMP128v1:
|
||||
case OSMO_AUTH_ALG_COMP128v2:
|
||||
case OSMO_AUTH_ALG_COMP128v3:
|
||||
case OSMO_AUTH_ALG_XOR:
|
||||
case OSMO_AUTH_ALG_XOR_2G:
|
||||
break;
|
||||
case OSMO_AUTH_ALG_XOR_3G:
|
||||
case OSMO_AUTH_ALG_MILENAGE:
|
||||
LOGP(DAUC, LOGL_ERROR, "Cannot update auth tokens:"
|
||||
" auth algo not suited for 2G: %s\n",
|
||||
|
@ -267,11 +268,12 @@ int db_subscr_update_aud_by_id(struct db_context *dbc, int64_t subscr_id,
|
|||
switch (aud->algo) {
|
||||
case OSMO_AUTH_ALG_NONE:
|
||||
case OSMO_AUTH_ALG_MILENAGE:
|
||||
case OSMO_AUTH_ALG_XOR:
|
||||
case OSMO_AUTH_ALG_XOR_3G:
|
||||
break;
|
||||
case OSMO_AUTH_ALG_COMP128v1:
|
||||
case OSMO_AUTH_ALG_COMP128v2:
|
||||
case OSMO_AUTH_ALG_COMP128v3:
|
||||
case OSMO_AUTH_ALG_XOR_2G:
|
||||
LOGP(DAUC, LOGL_ERROR, "Cannot update auth tokens:"
|
||||
" auth algo not suited for 3G: %s\n",
|
||||
osmo_auth_alg_name(aud->algo));
|
||||
|
|
|
@ -460,12 +460,12 @@ static bool is_hexkey_valid(struct vty *vty, const char *label,
|
|||
return false;
|
||||
}
|
||||
|
||||
#define AUTH_ALG_TYPES_2G "(comp128v1|comp128v2|comp128v3|xor)"
|
||||
#define AUTH_ALG_TYPES_2G "(comp128v1|comp128v2|comp128v3|xor-2g)"
|
||||
#define AUTH_ALG_TYPES_2G_HELP \
|
||||
"Use COMP128v1 algorithm\n" \
|
||||
"Use COMP128v2 algorithm\n" \
|
||||
"Use COMP128v3 algorithm\n" \
|
||||
"Use XOR algorithm\n"
|
||||
"Use XOR-2G algorithm\n"
|
||||
|
||||
#define AUTH_ALG_TYPES_3G "milenage"
|
||||
#define AUTH_ALG_TYPES_3G_HELP \
|
||||
|
@ -486,10 +486,13 @@ bool auth_algo_parse(const char *alg_str, enum osmo_auth_algo *algo,
|
|||
} else if (!strcasecmp(alg_str, "comp128v3")) {
|
||||
*algo = OSMO_AUTH_ALG_COMP128v3;
|
||||
*minlen = *maxlen = A38_COMP128_KEY_LEN;
|
||||
} else if (!strcasecmp(alg_str, "xor")) {
|
||||
*algo = OSMO_AUTH_ALG_XOR;
|
||||
} else if (!strcasecmp(alg_str, "xor-3g")) {
|
||||
*algo = OSMO_AUTH_ALG_XOR_3G;
|
||||
*minlen = A38_XOR_MIN_KEY_LEN;
|
||||
*maxlen = A38_XOR_MAX_KEY_LEN;
|
||||
} else if (!strcasecmp(alg_str, "xor-2g")) {
|
||||
*algo = OSMO_AUTH_ALG_XOR_2G;
|
||||
*minlen = *maxlen = A38_XOR2G_KEY_LEN;
|
||||
} else if (!strcasecmp(alg_str, "milenage")) {
|
||||
*algo = OSMO_AUTH_ALG_MILENAGE;
|
||||
*minlen = *maxlen = MILENAGE_KEY_LEN;
|
||||
|
@ -659,11 +662,11 @@ DEFUN(subscriber_aud3g,
|
|||
|
||||
DEFUN(subscriber_aud3g_xor,
|
||||
subscriber_aud3g_xor_cmd,
|
||||
SUBSCR_UPDATE "aud3g xor k K"
|
||||
SUBSCR_UPDATE "aud3g xor-3g k K"
|
||||
" [ind-bitlen] [<0-28>]",
|
||||
SUBSCR_UPDATE_HELP
|
||||
"Set UMTS authentication data (3G, and 2G with UMTS AKA)\n"
|
||||
"Use XOR algorithm\n"
|
||||
"Use XOR-3G algorithm\n"
|
||||
"Set Encryption Key K\n" "K as 32 hexadecimal characters\n"
|
||||
"Set IND bit length\n" "IND bit length value (default: 5)\n")
|
||||
{
|
||||
|
@ -685,8 +688,8 @@ DEFUN(subscriber_aud3g_xor,
|
|||
},
|
||||
};
|
||||
|
||||
if (!auth_algo_parse("xor", &aud3g.algo, &minlen, &maxlen)) {
|
||||
vty_out(vty, "%% Unknown auth algorithm: '%s'%s", "xor", VTY_NEWLINE);
|
||||
if (!auth_algo_parse("xor-3g", &aud3g.algo, &minlen, &maxlen)) {
|
||||
vty_out(vty, "%% Unknown auth algorithm: '%s'%s", "xor-3g", VTY_NEWLINE);
|
||||
return CMD_WARNING;
|
||||
}
|
||||
|
||||
|
|
|
@ -477,7 +477,7 @@ static void test_gen_vectors_3g_xor(void)
|
|||
|
||||
aud3g = (struct osmo_sub_auth_data){
|
||||
.type = OSMO_AUTH_TYPE_UMTS,
|
||||
.algo = OSMO_AUTH_ALG_XOR,
|
||||
.algo = OSMO_AUTH_ALG_XOR_3G,
|
||||
.u.umts.sqn = 0,
|
||||
};
|
||||
|
||||
|
|
|
@ -586,7 +586,7 @@ static void test_subscr_aud(void)
|
|||
ASSERT_SEL_AUD(imsi0, 0, id);
|
||||
|
||||
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
|
||||
mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")),
|
||||
mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")),
|
||||
0);
|
||||
ASSERT_SEL_AUD(imsi0, 0, id);
|
||||
|
||||
|
@ -604,7 +604,7 @@ static void test_subscr_aud(void)
|
|||
-ENOENT);
|
||||
|
||||
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
|
||||
mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")),
|
||||
mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")),
|
||||
0);
|
||||
ASSERT_SEL_AUD(imsi0, 0, id);
|
||||
|
||||
|
@ -707,12 +707,12 @@ static void test_subscr_aud(void)
|
|||
ASSERT_SEL_AUD(imsi0, 0, id);
|
||||
|
||||
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
|
||||
mk_aud_2g(OSMO_AUTH_ALG_XOR, "f000000000000f00000000000f000000f00000000")),
|
||||
mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f000000000000f00000000000f000000f00000000")),
|
||||
-EINVAL);
|
||||
ASSERT_SEL_AUD(imsi0, 0, id);
|
||||
|
||||
ASSERT_RC(db_subscr_update_aud_by_id(dbc, id,
|
||||
mk_aud_2g(OSMO_AUTH_ALG_XOR, "f00")),
|
||||
mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f00")),
|
||||
-EINVAL);
|
||||
ASSERT_SEL_AUD(imsi0, 0, id);
|
||||
|
||||
|
|
|
@ -872,14 +872,14 @@ DAUC IMSI='123456789000000': No 3G Auth Data
|
|||
}
|
||||
3G: none
|
||||
|
||||
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")) --> 0
|
||||
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")) --> 0
|
||||
|
||||
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
|
||||
DAUC IMSI='123456789000000': No 3G Auth Data
|
||||
|
||||
2G: struct osmo_sub_auth_data {
|
||||
.type = GSM,
|
||||
.algo = XOR-3G,
|
||||
.algo = XOR-2G,
|
||||
.u.gsm.ki = 'cededeffacedacefacedbadfadedbeef',
|
||||
}
|
||||
3G: none
|
||||
|
@ -900,14 +900,14 @@ DAUC IMSI='123456789000000': No 3G Auth Data
|
|||
|
||||
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_NONE, NULL)) --> -ENOENT
|
||||
|
||||
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR, "CededEffacedAceFacedBadFadedBeef")) --> 0
|
||||
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "CededEffacedAceFacedBadFadedBeef")) --> 0
|
||||
|
||||
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
|
||||
DAUC IMSI='123456789000000': No 3G Auth Data
|
||||
|
||||
2G: struct osmo_sub_auth_data {
|
||||
.type = GSM,
|
||||
.algo = XOR-3G,
|
||||
.algo = XOR-2G,
|
||||
.u.gsm.ki = 'cededeffacedacefacedbadfadedbeef',
|
||||
}
|
||||
3G: none
|
||||
|
@ -1112,7 +1112,7 @@ db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
|
|||
.u.umts.ind_bitlen = 5,
|
||||
}
|
||||
|
||||
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR, "f000000000000f00000000000f000000f00000000")) --> -EINVAL
|
||||
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f000000000000f00000000000f000000f00000000")) --> -EINVAL
|
||||
DAUC Cannot update auth tokens: Invalid KI: 'f000000000000f00000000000f000000f00000000'
|
||||
|
||||
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
|
||||
|
@ -1132,7 +1132,7 @@ db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
|
|||
.u.umts.ind_bitlen = 5,
|
||||
}
|
||||
|
||||
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR, "f00")) --> -EINVAL
|
||||
db_subscr_update_aud_by_id(dbc, id, mk_aud_2g(OSMO_AUTH_ALG_XOR_2G, "f00")) --> -EINVAL
|
||||
DAUC Cannot update auth tokens: Invalid KI: 'f00'
|
||||
|
||||
db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
|
||||
|
|
|
@ -43,5 +43,5 @@ OsmoHLR# subscriber imsi 5555555 create
|
|||
MSISDN: none
|
||||
OsmoHLR# subscriber imsi 5555555 update msisdn 55555555555555
|
||||
% Updated subscriber IMSI='5555555' to MSISDN='55555555555555'
|
||||
OsmoHLR# subscriber imsi 5555555 update aud2g xor ki 55555555555555555555555555555555
|
||||
OsmoHLR# subscriber imsi 5555555 update aud2g xor-2g ki 55555555555555555555555555555555
|
||||
OsmoHLR# subscriber imsi 5555555 update aud3g milenage k 55555555555555555555555555555555 opc 55555555555555555555555555555555
|
||||
|
|
|
@ -12,7 +12,7 @@ Table auc_2g contents:
|
|||
algo_id_2g|ki|subscriber_id
|
||||
1|BeefedCafeFaceAcedAddedDecadeFee|1
|
||||
2|33333333333333333333333333333333|4
|
||||
4|55555555555555555555555555555555|6
|
||||
6|55555555555555555555555555555555|6
|
||||
|
||||
Table: auc_3g
|
||||
name|type|notnull|dflt_value|pk
|
||||
|
@ -100,7 +100,7 @@ Table auc_2g contents:
|
|||
algo_id_2g|ki|subscriber_id
|
||||
1|BeefedCafeFaceAcedAddedDecadeFee|1
|
||||
2|33333333333333333333333333333333|4
|
||||
4|55555555555555555555555555555555|6
|
||||
6|55555555555555555555555555555555|6
|
||||
|
||||
Table: auc_3g
|
||||
name|type|notnull|dflt_value|pk
|
||||
|
|
|
@ -61,7 +61,7 @@ CREATE TABLE auc_2g (
|
|||
);
|
||||
INSERT INTO auc_2g VALUES(1,1,'BeefedCafeFaceAcedAddedDecadeFee');
|
||||
INSERT INTO auc_2g VALUES(4,2,'33333333333333333333333333333333');
|
||||
INSERT INTO auc_2g VALUES(6,4,'55555555555555555555555555555555');
|
||||
INSERT INTO auc_2g VALUES(6,6,'55555555555555555555555555555555');
|
||||
CREATE TABLE auc_3g (
|
||||
subscriber_id INTEGER PRIMARY KEY, -- subscriber.id
|
||||
algo_id_3g INTEGER NOT NULL, -- enum osmo_auth_algo value
|
||||
|
|
|
@ -674,11 +674,11 @@ lmsi 00000000
|
|||
GET 112 subscriber.by-imsi-901991234567891.aud2g
|
||||
GET_REPLY 112 subscriber.by-imsi-901991234567891.aud2g none
|
||||
|
||||
SET 113 subscriber.by-imsi-901991234567891.aud2g xor,c01ffedc1cadaeac1d1f1edacac1ab0a
|
||||
SET 113 subscriber.by-imsi-901991234567891.aud2g xor-2g,c01ffedc1cadaeac1d1f1edacac1ab0a
|
||||
SET_REPLY 113 subscriber.by-imsi-901991234567891.aud2g OK
|
||||
|
||||
GET 114 subscriber.by-imsi-901991234567891.aud2g
|
||||
GET_REPLY 114 subscriber.by-imsi-901991234567891.aud2g XOR-3G,c01ffedc1cadaeac1d1f1edacac1ab0a
|
||||
GET_REPLY 114 subscriber.by-imsi-901991234567891.aud2g XOR-2G,c01ffedc1cadaeac1d1f1edacac1ab0a
|
||||
|
||||
SET 115 subscriber.by-imsi-901991234567891.aud2g none
|
||||
SET_REPLY 115 subscriber.by-imsi-901991234567891.aud2g OK
|
||||
|
|
|
@ -8,10 +8,10 @@ OsmoHLR# list
|
|||
subscriber (imsi|msisdn|id|imei) IDENT delete
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update msisdn (none|MSISDN)
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update aud2g none
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update aud2g (comp128v1|comp128v2|comp128v3|xor) ki KI
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update aud2g (comp128v1|comp128v2|comp128v3|xor-2g) ki KI
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update aud3g none
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update aud3g milenage k K (op|opc) OP_C [ind-bitlen] [<0-28>]
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update aud3g xor k K [ind-bitlen] [<0-28>]
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update aud3g xor-3g k K [ind-bitlen] [<0-28>]
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update imei (none|IMEI)
|
||||
subscriber (imsi|msisdn|id|imei) IDENT update network-access-mode (none|cs|ps|cs+ps)
|
||||
show mslookup services
|
||||
|
@ -144,7 +144,7 @@ OsmoHLR# subscriber imsi 123456789023000 update aud2g ?
|
|||
comp128v1 Use COMP128v1 algorithm
|
||||
comp128v2 Use COMP128v2 algorithm
|
||||
comp128v3 Use COMP128v3 algorithm
|
||||
xor Use XOR algorithm
|
||||
xor-2g Use XOR-2G algorithm
|
||||
|
||||
OsmoHLR# subscriber imsi 123456789023000 update aud2g comp128v1 ?
|
||||
ki Set Ki Encryption Key
|
||||
|
@ -155,12 +155,12 @@ OsmoHLR# subscriber imsi 123456789023000 update aud2g comp128v1 ki ?
|
|||
OsmoHLR# subscriber imsi 123456789023000 update aud2g comp128v1 ki val ?
|
||||
<cr>
|
||||
|
||||
OsmoHLR# subscriber imsi 123456789023000 update aud2g xor ki Deaf0ff1ceD0d0DabbedD1ced1ceF00d
|
||||
OsmoHLR# subscriber imsi 123456789023000 update aud2g xor-2g ki Deaf0ff1ceD0d0DabbedD1ced1ceF00d
|
||||
OsmoHLR# subscriber imsi 123456789023000 show
|
||||
ID: 101
|
||||
IMSI: 123456789023000
|
||||
MSISDN: 423
|
||||
2G auth: XOR-3G
|
||||
2G auth: XOR-2G
|
||||
KI=deaf0ff1ced0d0dabbedd1ced1cef00d
|
||||
|
||||
OsmoHLR# subscriber imsi 123456789023000 update aud2g comp128v1 ki BeefedCafeFaceAcedAddedDecadeFee
|
||||
|
@ -241,7 +241,7 @@ OsmoHLR# subscriber id 101 show
|
|||
2G auth: COMP128v3
|
||||
KI=c01ffedc1cadaeac1d1f1edacac1ab0a
|
||||
|
||||
OsmoHLR# subscriber id 101 update aud2g xor ki CoiffedCicadaeAcidifiedAcaciaBoa
|
||||
OsmoHLR# subscriber id 101 update aud2g xor-2g ki CoiffedCicadaeAcidifiedAcaciaBoa
|
||||
% Invalid value for KI: 'CoiffedCicadaeAcidifiedAcaciaBoa'
|
||||
OsmoHLR# subscriber id 101 show
|
||||
ID: 101
|
||||
|
@ -250,7 +250,7 @@ OsmoHLR# subscriber id 101 show
|
|||
2G auth: COMP128v3
|
||||
KI=c01ffedc1cadaeac1d1f1edacac1ab0a
|
||||
|
||||
OsmoHLR# subscriber id 101 update aud2g xor ki C01ffedC1cadaeAc1d1f1edAcac1aB0aX
|
||||
OsmoHLR# subscriber id 101 update aud2g xor-2g ki C01ffedC1cadaeAc1d1f1edAcac1aB0aX
|
||||
% Invalid value for KI: 'C01ffedC1cadaeAc1d1f1edAcac1aB0aX'
|
||||
OsmoHLR# subscriber id 101 show
|
||||
ID: 101
|
||||
|
@ -269,7 +269,7 @@ OsmoHLR# subscriber id 101 show
|
|||
OsmoHLR# subscriber imsi 123456789023000 update aud3g ?
|
||||
none Delete 3G authentication data
|
||||
milenage Use Milenage algorithm
|
||||
xor Use XOR algorithm
|
||||
xor-3g Use XOR-3G algorithm
|
||||
|
||||
OsmoHLR# subscriber imsi 123456789023000 update aud3g milenage ?
|
||||
k Set Encryption Key K
|
||||
|
|
|
@ -130,7 +130,7 @@ ERROR 54 Value failed verification.
|
|||
SET 55 subscriber.by-imsi-901990000000003.aud2g foobar,2134
|
||||
ERROR 55 Unknown auth algorithm.
|
||||
|
||||
SET 56 subscriber.by-imsi-901990000000003.aud2g xor,2134
|
||||
SET 56 subscriber.by-imsi-901990000000003.aud2g xor-2g,2134
|
||||
ERROR 56 Invalid KI.
|
||||
|
||||
SET 57 subscriber.by-imsi-901990000000003.aud3g foobar
|
||||
|
|
Loading…
Reference in New Issue