osmocom
/
libosmocore
mirror of https://gerrit.osmocom.org/libosmocore
11
0
Fork 0
Code Issues Releases Wiki Activity
libosmocore/utils/osmo-auc-gen.c

324 lines
8.5 KiB
C
Raw Normal View History

doxygen: unify use of \file across the board Considering the various styles and implications found in the sources, edit scores of files to follow the same API doc guidelines around the doxygen grouping and the \file tag. Many files now show a short description in the generated API doc that was so far only available as C comment. The guidelines and reasoning behind it is documented at https://osmocom.org/projects/cellular-infrastructure/wiki/Guidelines_for_API_documentation In some instances, remove file comments and add to the corresponding group instead, to be shared among several files (e.g. bitvec). Change-Id: Ifa70e77e90462b5eb2b0457c70fd25275910c72b
2017-06-20 02:35:06 +00:00
/*! \file osmo-auc-gen.c
* GSM/GPRS/3G authentication testing tool. */
/*
* (C) 2010-2012 by Harald Welte <laforge@gnumonks.org>
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
*
* All Rights Reserved
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*
*/
#include <stdlib.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>
utils: resolve compiler warnings on implicit declarations CC osmo-auc-gen.o osmo-auc-gen.c: In function 'main': osmo-auc-gen.c:216:3: warning: implicit declaration of function 'time' [-Wimplicit-function-declaration]
2013-06-02 23:38:57 +00:00
#include <time.h>
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
#include <getopt.h>
Add missing includes to timer_test.c and osmo-auc-gen.c This fixes the build with -Werror-implicit-function-declaration. taken from malformatted patch of Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
2012-08-02 06:42:59 +00:00
#include <unistd.h>
utils: Fix compiler warnings n the osmo-auc-gen utility osmo-auc-gen.c:217:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] osmo-auc-gen.c:249:3: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 2 has type ‘uint64_t’ [-Wformat] Fixes: Coverity CID 1040668
2013-07-14 07:11:47 +00:00
#include <inttypes.h>
#include <time.h>
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
#include <osmocom/crypt/auth.h>
#include <osmocom/core/utils.h>
Add function to generate random identifier The function is a wrapper on top of getrandom() (if available via glibc) or corresponding syscall. If neither is available than failure is always returned. It's intended to generate small random data good enough for session identifiers and keys. To generate long-term cryptographic keys it's better to use special crypto libraries (like GnuTLS for example) instead. As an example it's used to replace old insecure random number generator in osmo-auc-gen utility. Change-Id: I0241b814ea4c4ce1458f7ad76e31d390383c2048 Related: OS#1694
2017-07-10 12:32:48 +00:00
#include <osmocom/gsm/gsm_utils.h>
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
osmo-auc-gen: Add "-I" mode for generating triplets.dat for strongswan If you want to use eap-sim-file with strongswan, you need a triplets.dat file in a specific format. osmo-auc-gen can now generate the respective format automatically.
2012-06-27 13:06:19 +00:00
static void dump_triplets_dat(struct osmo_auth_vector *vec)
{
if (vec->auth_types & OSMO_AUTH_TYPE_UMTS) {
fprintf(stderr, "triplets.dat doesn't support UMTS!\n");
return;
}
printf("imsi,");
printf("%s,", osmo_hexdump_nospc(vec->rand, sizeof(vec->rand)));
printf("%s,", osmo_hexdump_nospc(vec->sres, sizeof(vec->sres)));
printf("%s\n", osmo_hexdump_nospc(vec->kc, sizeof(vec->kc)));
}
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
static void dump_auth_vec(struct osmo_auth_vector *vec)
{
osmo-auc-gen: Print hex values without intermittent spaces When generating some authentication vectors using the osmo-auc-gen utility, it used to print values like this: AUTN: f7 55 bc 47 de d0 00 00 f9 ed 4b 3f 6c 2a 97 6f which is quite difficult to copy+paste on the terminal. Now it generates the following format: Change-Id: I2805615e0c2087ca632e0658b37a9e06929620b6 AUTN: f755bc47ded00000f9ed4b3f6c2a976f Reviewed-on: https://gerrit.osmocom.org/164 Reviewed-by: Harald Welte <laforge@gnumonks.org> Tested-by: Jenkins Builder
2016-05-18 17:36:42 +00:00
printf("RAND:\t%s\n", osmo_hexdump_nospc(vec->rand, sizeof(vec->rand)));
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
if (vec->auth_types & OSMO_AUTH_TYPE_UMTS) {
osmo-auc-gen: Print hex values without intermittent spaces When generating some authentication vectors using the osmo-auc-gen utility, it used to print values like this: AUTN: f7 55 bc 47 de d0 00 00 f9 ed 4b 3f 6c 2a 97 6f which is quite difficult to copy+paste on the terminal. Now it generates the following format: Change-Id: I2805615e0c2087ca632e0658b37a9e06929620b6 AUTN: f755bc47ded00000f9ed4b3f6c2a976f Reviewed-on: https://gerrit.osmocom.org/164 Reviewed-by: Harald Welte <laforge@gnumonks.org> Tested-by: Jenkins Builder
2016-05-18 17:36:42 +00:00
printf("AUTN:\t%s\n", osmo_hexdump_nospc(vec->autn, sizeof(vec->autn)));
printf("IK:\t%s\n", osmo_hexdump_nospc(vec->ik, sizeof(vec->ik)));
printf("CK:\t%s\n", osmo_hexdump_nospc(vec->ck, sizeof(vec->ck)));
printf("RES:\t%s\n", osmo_hexdump_nospc(vec->res, vec->res_len));
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
}
if (vec->auth_types & OSMO_AUTH_TYPE_GSM) {
osmo-auc-gen: Print hex values without intermittent spaces When generating some authentication vectors using the osmo-auc-gen utility, it used to print values like this: AUTN: f7 55 bc 47 de d0 00 00 f9 ed 4b 3f 6c 2a 97 6f which is quite difficult to copy+paste on the terminal. Now it generates the following format: Change-Id: I2805615e0c2087ca632e0658b37a9e06929620b6 AUTN: f755bc47ded00000f9ed4b3f6c2a976f Reviewed-on: https://gerrit.osmocom.org/164 Reviewed-by: Harald Welte <laforge@gnumonks.org> Tested-by: Jenkins Builder
2016-05-18 17:36:42 +00:00
printf("SRES:\t%s\n", osmo_hexdump_nospc(vec->sres, sizeof(vec->sres)));
printf("Kc:\t%s\n", osmo_hexdump_nospc(vec->kc, sizeof(vec->kc)));
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
}
}
static struct osmo_sub_auth_data test_aud = {
.type = OSMO_AUTH_TYPE_NONE,
.algo = OSMO_AUTH_ALG_NONE,
};
osmo-auc-gen: Introduce a small cmdline help/reference
2012-03-21 07:51:48 +00:00
static void help()
{
osmo-auc-gen: cmdline help: list algorithms; error messages In the -h help output, list the names of available algorithms. In case of option parsing failure, also print help() (so that e.g. for a typo in the algorithm, the list of algorithms is printed along with the error message). If there are -2/-3 or -a missing, show an error message that explains this. Change-Id: I76732b28d7a553a6293d1707fe398d28b5ef4886
2017-02-03 17:36:32 +00:00
int alg;
osmo-auc-gen: Introduce a small cmdline help/reference
2012-03-21 07:51:48 +00:00
printf( "-2 --2g\tUse 2G (GSM) authentication\n"
"-3 --3g\tUse 3G (UMTS) authentication\n"
"-a --algorithm\tSpecify name of the algorithm\n"
"-k --key\tSpecify Ki / K\n"
"-o --opc\tSpecify OPC (only for 3G)\n"
auth_milenage/osmo-auc-gen: compute OPC in case only OP is known
2012-03-21 08:03:16 +00:00
"-O --op\tSpecify OP (only for 3G)\n"
osmo-auc-gen: '-a' is already the algorithm. Fix the help
2015-05-25 16:11:37 +00:00
"-f --amf\tSpecify AMF (only for 3G)\n"
osmo-auc-gen: Introduce a small cmdline help/reference
2012-03-21 07:51:48 +00:00
"-s --sqn\tSpecify SQN (only for 3G)\n"
osmo-auc-gen: umts: add --ind arg During UMTS AKA, the caller typically indicates which IND slot the next used SQN should belong to. Without this option, osmo-auc-gen will always produce SQN from IND-slot 0. Add --ind option. Enhance the osmo-auc-gen_test.sh to expect errors with useful printouts on stderr, and add tests that verify valid --ind ranges. Related: OS#2465 Change-Id: Ib60eec80d58ca9a0a01e7fbd2bcbbd4339b1a6d8
2017-08-26 19:45:33 +00:00
"-i --ind\tSpecify IND slot for new SQN after AUTS (only for 3G)\n"
osmo-auc-gen: umts: add --ind-len arg osmo-auc-gen so far does not allow indicating the IND bit length of SQN. A default of 5 serves most practical cases, nevertheless we should allow passing arbitrary IND lengths. Enhance the test suite to test --ind-len. Related: OS#2465 Change-Id: Ia1d8b6a823ffc92290b3e39e4e4665aeff80ccc0
2017-08-26 19:38:51 +00:00
"-l --ind-len\tSpecify IND bit length (default=5) (only for 3G)\n"
osmo-auc-gen: Add mode for verifying user-supplied AUTS When -A is used on the command line, the respective AUTS value will be validated and the SQN of the UICC printed.
2012-03-22 15:45:23 +00:00
"-A --auts\tSpecify AUTS (only for 3G)\n"
osmo-auc-gen: Add "-I" mode for generating triplets.dat for strongswan If you want to use eap-sim-file with strongswan, you need a triplets.dat file in a specific format. osmo-auc-gen can now generate the respective format automatically.
2012-06-27 13:06:19 +00:00
"-r --rand\tSpecify random value\n"
"-I --ipsec\tOutput in triplets.dat format for strongswan\n");
osmo-auc-gen: cmdline help: list algorithms; error messages In the -h help output, list the names of available algorithms. In case of option parsing failure, also print help() (so that e.g. for a typo in the algorithm, the list of algorithms is printed along with the error message). If there are -2/-3 or -a missing, show an error message that explains this. Change-Id: I76732b28d7a553a6293d1707fe398d28b5ef4886
2017-02-03 17:36:32 +00:00
fprintf(stderr, "\nAvailable algorithms for option -a:\n");
for (alg = 1; alg < _OSMO_AUTH_ALG_NUM; alg++)
fprintf(stderr, " %s\n",
osmo_auth_alg_name(alg));
osmo-auc-gen: Introduce a small cmdline help/reference
2012-03-21 07:51:48 +00:00
}
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
int main(int argc, char **argv)
{
struct osmo_auth_vector _vec;
struct osmo_auth_vector *vec = &_vec;
GSUP, OAP, osmo-gen-vec: fix AUTS length to 14, not 16 GSUP transmits AUTS for UMTS authentication procedures, and OAP uses the same procedures to authenticate. osmo-gen-vec is a utility program that passes AUTS to our osmo_auth_gen_vec_auts() API. According to 3GPP 33.102 6.3.3, AUTS = SQN^AK || MAC-S, which are 6 || 8 == 14 bytes. This is confirmed by 24.008 9.2.3a where the TLV has 16 bytes, TL = 2 and AUTS being the V = 14. It is not harmful for milenage_gen_vec_auts() to pass two more AUTS bytes. But writing 16 bytes to a GSUP struct is a potential problem when passing in a 14 byte long AUTS buffer to the GSUP API, which then reads past the AUTS buffer. The API implies the length, so far to be 16, so passing in a 14 byte buffer to GSUP would require copying to a larger buffer first. Fix this by using a length of 14 for AUTS everywhere instead. This constitues an ABI breakage, we may handle it as a "fix before an official release", otherwise we need a version bump. The OAP protocol document has also been updated, needs an update in the osmo-gsm-manuals as well. Change-Id: If25b173d9ec57ea4c504d860954912b7d82af455
2017-02-02 19:05:14 +00:00
uint8_t _rand[16], _auts[14];
utils: Fix false positive in compiler warning Fixes the warning below: warning: ‘sqn’ may be used uninitialized in this function [-Wmaybe-uninitialized] fprintf(stderr, "Requesting --sqn %"PRIu64" implies IND=%u," ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ " so no further --ind argument is allowed.\n", ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sqn, test_aud.u.umts.ind); ~~~~~~~~~~~~~~~~~~~~~~~~~ The warning is a false positive as sqn is only used in case sqn_is_set!=0, and in that code path, sqn is set. Change-Id: Ib5903db01ea6765bd6bb688e63f70925c5012f98
2017-11-16 15:37:55 +00:00
uint64_t sqn = 0;
osmo-auc-gen.c: squelch compiler warnings, move local var The compiler thinks that ind or ind_mask may be used uninitialized, because it doesn't analyze the conditionality of command line arguments and other variables set accordingly. Make the compiler happy by zero initializing. Change-Id: I9ddcb0525159da520aceaeb6e908a735a003bb5a
2017-09-12 01:25:43 +00:00
unsigned int ind = 0;
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
int rc, option_index;
int rand_is_set = 0;
osmo-auc-gen: Add mode for verifying user-supplied AUTS When -A is used on the command line, the respective AUTS value will be validated and the SQN of the UICC printed.
2012-03-22 15:45:23 +00:00
int auts_is_set = 0;
osmo-auc-gen: umts: properly request --sqn The user supplied an --sqn to generate a vector for, but milenage_gen_vec() performs a nontrivial SQN increment before generating the vector. To end up with the user supplied SQN, we need to reverse this increment beforehand. Do this after all cmdline args have been parsed, in case one of them modifies the IND-bitlen parameter, which affects the SQN calculations. Related: OS#2464 OS#2465 Change-Id: Ic51a8f6333fee9c02b4073ca360991d0aa69c74f
2017-08-26 20:08:36 +00:00
int sqn_is_set = 0;
osmo-auc-gen: umts: add --ind arg During UMTS AKA, the caller typically indicates which IND slot the next used SQN should belong to. Without this option, osmo-auc-gen will always produce SQN from IND-slot 0. Add --ind option. Enhance the osmo-auc-gen_test.sh to expect errors with useful printouts on stderr, and add tests that verify valid --ind ranges. Related: OS#2465 Change-Id: Ib60eec80d58ca9a0a01e7fbd2bcbbd4339b1a6d8
2017-08-26 19:45:33 +00:00
int ind_is_set = 0;
osmo-auc-gen: Add "-I" mode for generating triplets.dat for strongswan If you want to use eap-sim-file with strongswan, you need a triplets.dat file in a specific format. osmo-auc-gen can now generate the respective format automatically.
2012-06-27 13:06:19 +00:00
int fmt_triplets_dat = 0;
osmo-auc-gen.c: squelch compiler warnings, move local var The compiler thinks that ind or ind_mask may be used uninitialized, because it doesn't analyze the conditionality of command line arguments and other variables set accordingly. Make the compiler happy by zero initializing. Change-Id: I9ddcb0525159da520aceaeb6e908a735a003bb5a
2017-09-12 01:25:43 +00:00
uint64_t ind_mask = 0;
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
update copyright notice
2012-03-21 16:37:53 +00:00
printf("osmo-auc-gen (C) 2011-2012 by Harald Welte\n");
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
printf("This is FREE SOFTWARE with ABSOLUTELY NO WARRANTY\n\n");
osmo-auc-gen: Add mode for verifying user-supplied AUTS When -A is used on the command line, the respective AUTS value will be validated and the SQN of the UICC printed.
2012-03-22 15:45:23 +00:00
memset(_auts, 0, sizeof(_auts));
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
while (1) {
int c;
static struct option long_options[] = {
{ "2g", 0, 0, '2' },
{ "3g", 0, 0, '3' },
{ "algorithm", 1, 0, 'a' },
{ "key", 1, 0, 'k' },
{ "opc", 1, 0, 'o' },
auth_milenage/osmo-auc-gen: compute OPC in case only OP is known
2012-03-21 08:03:16 +00:00
{ "op", 1, 0, 'O' },
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
{ "amf", 1, 0, 'f' },
{ "sqn", 1, 0, 's' },
osmo-auc-gen: umts: add --ind arg During UMTS AKA, the caller typically indicates which IND slot the next used SQN should belong to. Without this option, osmo-auc-gen will always produce SQN from IND-slot 0. Add --ind option. Enhance the osmo-auc-gen_test.sh to expect errors with useful printouts on stderr, and add tests that verify valid --ind ranges. Related: OS#2465 Change-Id: Ib60eec80d58ca9a0a01e7fbd2bcbbd4339b1a6d8
2017-08-26 19:45:33 +00:00
{ "ind", 1, 0, 'i' },
osmo-auc-gen: umts: add --ind-len arg osmo-auc-gen so far does not allow indicating the IND bit length of SQN. A default of 5 serves most practical cases, nevertheless we should allow passing arbitrary IND lengths. Enhance the test suite to test --ind-len. Related: OS#2465 Change-Id: Ia1d8b6a823ffc92290b3e39e4e4665aeff80ccc0
2017-08-26 19:38:51 +00:00
{ "ind-len", 1, 0, 'l' },
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
{ "rand", 1, 0, 'r' },
osmo-auc-gen: Add mode for verifying user-supplied AUTS When -A is used on the command line, the respective AUTS value will be validated and the SQN of the UICC printed.
2012-03-22 15:45:23 +00:00
{ "auts", 1, 0, 'A' },
osmo-auc-gen: Introduce a small cmdline help/reference
2012-03-21 07:51:48 +00:00
{ "help", 0, 0, 'h' },
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
{ 0, 0, 0, 0 }
};
rc = 0;
osmo-auc-gen: umts: add --ind-len arg osmo-auc-gen so far does not allow indicating the IND bit length of SQN. A default of 5 serves most practical cases, nevertheless we should allow passing arbitrary IND lengths. Enhance the test suite to test --ind-len. Related: OS#2465 Change-Id: Ia1d8b6a823ffc92290b3e39e4e4665aeff80ccc0
2017-08-26 19:38:51 +00:00
c = getopt_long(argc, argv, "23a:k:o:f:s:i:l:r:hO:A:I", long_options,
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
&option_index);
if (c == -1)
break;
switch (c) {
case '2':
test_aud.type = OSMO_AUTH_TYPE_GSM;
break;
case '3':
test_aud.type = OSMO_AUTH_TYPE_UMTS;
osmo-auc-gen: umts: use default of ind_bitlen = 5 instead of 0 Most USIM out there seem to use IND-length = 5 bits, so do sysmousim-sjs1. Currently from initialization we are using an IND length of zero in osmo-auc-gen, which produces confusing SQN results after AUTS: Where want SQN to be incremented to the next IND array, usually +32, an IND-len of 0 makes for only +1. As result, the osmo-auc-gen_test.sh produces SQN 32 instead of 24 after receiving SQN.MS = 23 from AUTS: adjust test expectations. Related: OS#2465 Change-Id: I9fcc11fa2b5816302dcc6b72249b1ee40d5a61f5
2017-08-26 19:40:11 +00:00
test_aud.u.umts.ind_bitlen = 5;
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
break;
case 'a':
rc = osmo_auth_alg_parse(optarg);
if (rc < 0)
break;
test_aud.algo = rc;
break;
case 'k':
switch (test_aud.type) {
case OSMO_AUTH_TYPE_GSM:
auth_core: don't use anonymous unions to make certain gcc versions happy
2011-12-07 10:35:02 +00:00
rc = osmo_hexparse(optarg, test_aud.u.gsm.ki,
sizeof(test_aud.u.gsm.ki));
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
break;
case OSMO_AUTH_TYPE_UMTS:
auth_core: don't use anonymous unions to make certain gcc versions happy
2011-12-07 10:35:02 +00:00
rc = osmo_hexparse(optarg, test_aud.u.umts.k,
sizeof(test_aud.u.umts.k));
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
break;
default:
fprintf(stderr, "please specify 2g/3g first!\n");
}
break;
case 'o':
if (test_aud.type != OSMO_AUTH_TYPE_UMTS) {
fprintf(stderr, "Only UMTS has OPC\n");
exit(2);
}
auth_core: don't use anonymous unions to make certain gcc versions happy
2011-12-07 10:35:02 +00:00
rc = osmo_hexparse(optarg, test_aud.u.umts.opc,
sizeof(test_aud.u.umts.opc));
auth_milenage/osmo-auc-gen: compute OPC in case only OP is known
2012-03-21 08:03:16 +00:00
test_aud.u.umts.opc_is_op = 0;
break;
case 'O':
if (test_aud.type != OSMO_AUTH_TYPE_UMTS) {
fprintf(stderr, "Only UMTS has OP\n");
exit(2);
}
rc = osmo_hexparse(optarg, test_aud.u.umts.opc,
sizeof(test_aud.u.umts.opc));
test_aud.u.umts.opc_is_op = 1;
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
break;
osmo-auc-gen: Add mode for verifying user-supplied AUTS When -A is used on the command line, the respective AUTS value will be validated and the SQN of the UICC printed.
2012-03-22 15:45:23 +00:00
case 'A':
if (test_aud.type != OSMO_AUTH_TYPE_UMTS) {
fprintf(stderr, "Only UMTS has AUTS\n");
exit(2);
}
rc = osmo_hexparse(optarg, _auts, sizeof(_auts));
auts_is_set = 1;
break;
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
case 'f':
if (test_aud.type != OSMO_AUTH_TYPE_UMTS) {
fprintf(stderr, "Only UMTS has AMF\n");
exit(2);
}
auth_core: don't use anonymous unions to make certain gcc versions happy
2011-12-07 10:35:02 +00:00
rc = osmo_hexparse(optarg, test_aud.u.umts.amf,
sizeof(test_aud.u.umts.amf));
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
break;
case 's':
if (test_aud.type != OSMO_AUTH_TYPE_UMTS) {
fprintf(stderr, "Only UMTS has SQN\n");
exit(2);
}
osmo-auc-gen: umts: properly request --sqn The user supplied an --sqn to generate a vector for, but milenage_gen_vec() performs a nontrivial SQN increment before generating the vector. To end up with the user supplied SQN, we need to reverse this increment beforehand. Do this after all cmdline args have been parsed, in case one of them modifies the IND-bitlen parameter, which affects the SQN calculations. Related: OS#2464 OS#2465 Change-Id: Ic51a8f6333fee9c02b4073ca360991d0aa69c74f
2017-08-26 20:08:36 +00:00
sqn = strtoull(optarg, 0, 10);
sqn_is_set = 1;
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
break;
osmo-auc-gen: umts: add --ind arg During UMTS AKA, the caller typically indicates which IND slot the next used SQN should belong to. Without this option, osmo-auc-gen will always produce SQN from IND-slot 0. Add --ind option. Enhance the osmo-auc-gen_test.sh to expect errors with useful printouts on stderr, and add tests that verify valid --ind ranges. Related: OS#2465 Change-Id: Ib60eec80d58ca9a0a01e7fbd2bcbbd4339b1a6d8
2017-08-26 19:45:33 +00:00
case 'i':
if (test_aud.type != OSMO_AUTH_TYPE_UMTS) {
fprintf(stderr, "Only UMTS has IND\n");
exit(2);
}
ind = atoi(optarg);
ind_is_set = 1;
break;
osmo-auc-gen: umts: add --ind-len arg osmo-auc-gen so far does not allow indicating the IND bit length of SQN. A default of 5 serves most practical cases, nevertheless we should allow passing arbitrary IND lengths. Enhance the test suite to test --ind-len. Related: OS#2465 Change-Id: Ia1d8b6a823ffc92290b3e39e4e4665aeff80ccc0
2017-08-26 19:38:51 +00:00
case 'l':
if (test_aud.type != OSMO_AUTH_TYPE_UMTS) {
fprintf(stderr, "Only UMTS has IND bitlen\n");
exit(2);
}
test_aud.u.umts.ind_bitlen = atoi(optarg);
break;
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
case 'r':
rc = osmo_hexparse(optarg, _rand, sizeof(_rand));
rand_is_set = 1;
break;
osmo-auc-gen: Add "-I" mode for generating triplets.dat for strongswan If you want to use eap-sim-file with strongswan, you need a triplets.dat file in a specific format. osmo-auc-gen can now generate the respective format automatically.
2012-06-27 13:06:19 +00:00
case 'I':
fmt_triplets_dat = 1;
break;
osmo-auc-gen: Introduce a small cmdline help/reference
2012-03-21 07:51:48 +00:00
case 'h':
help();
exit(0);
default:
help();
exit(1);
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
}
if (rc < 0) {
osmo-auc-gen: cmdline help: list algorithms; error messages In the -h help output, list the names of available algorithms. In case of option parsing failure, also print help() (so that e.g. for a typo in the algorithm, the list of algorithms is printed along with the error message). If there are -2/-3 or -a missing, show an error message that explains this. Change-Id: I76732b28d7a553a6293d1707fe398d28b5ef4886
2017-02-03 17:36:32 +00:00
help();
fprintf(stderr, "\nError parsing argument of option `%c'\n", c);
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
exit(2);
}
}
if (!rand_is_set) {
Add function to generate random identifier The function is a wrapper on top of getrandom() (if available via glibc) or corresponding syscall. If neither is available than failure is always returned. It's intended to generate small random data good enough for session identifiers and keys. To generate long-term cryptographic keys it's better to use special crypto libraries (like GnuTLS for example) instead. As an example it's used to replace old insecure random number generator in osmo-auc-gen utility. Change-Id: I0241b814ea4c4ce1458f7ad76e31d390383c2048 Related: OS#1694
2017-07-10 12:32:48 +00:00
rc = osmo_get_rand_id(_rand, 16);
if (rc < 0) {
fprintf(stderr, "\nError: unable to obtain secure random numbers: %s!\n",
strerror(-rc));
exit(3);
osmo-auc-gen: Fix compiler warnings about aliasing I ran "./utils/osmo-auc-gen -2 -a COMP128v1" and verified that the RAND doen't look empty Fixes: osmo-auc-gen.c: In function ‘main’: osmo-auc-gen.c:219:3: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(uint32_t *)&_rand[0] = rand(); ^ osmo-auc-gen.c:220:3: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(uint32_t *)(&_rand[4]) = rand(); ^ osmo-auc-gen.c:221:3: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(uint32_t *)(&_rand[8]) = rand(); ^ osmo-auc-gen.c:222:3: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing] *(uint32_t *)(&_rand[12]) = rand();
2014-06-22 14:53:55 +00:00
}
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
}
osmo-auc-gen: Introduce a small cmdline help/reference
2012-03-21 07:51:48 +00:00
if (test_aud.type == OSMO_AUTH_TYPE_NONE ||
test_aud.algo == OSMO_AUTH_ALG_NONE) {
help();
osmo-auc-gen: cmdline help: list algorithms; error messages In the -h help output, list the names of available algorithms. In case of option parsing failure, also print help() (so that e.g. for a typo in the algorithm, the list of algorithms is printed along with the error message). If there are -2/-3 or -a missing, show an error message that explains this. Change-Id: I76732b28d7a553a6293d1707fe398d28b5ef4886
2017-02-03 17:36:32 +00:00
fprintf(stderr, "\nError: you need to pass at least"
" -2 or -3, as well as an algorithm to use.\n");
osmo-auc-gen: Introduce a small cmdline help/reference
2012-03-21 07:51:48 +00:00
exit(2);
}
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
memset(vec, 0, sizeof(*vec));
osmo-auc-gen: umts: properly request --sqn The user supplied an --sqn to generate a vector for, but milenage_gen_vec() performs a nontrivial SQN increment before generating the vector. To end up with the user supplied SQN, we need to reverse this increment beforehand. Do this after all cmdline args have been parsed, in case one of them modifies the IND-bitlen parameter, which affects the SQN calculations. Related: OS#2464 OS#2465 Change-Id: Ic51a8f6333fee9c02b4073ca360991d0aa69c74f
2017-08-26 20:08:36 +00:00
if (test_aud.type == OSMO_AUTH_TYPE_UMTS) {
osmo-auc-gen.c: squelch compiler warnings, move local var The compiler thinks that ind or ind_mask may be used uninitialized, because it doesn't analyze the conditionality of command line arguments and other variables set accordingly. Make the compiler happy by zero initializing. Change-Id: I9ddcb0525159da520aceaeb6e908a735a003bb5a
2017-09-12 01:25:43 +00:00
uint64_t seq_1 = 1LL << test_aud.u.umts.ind_bitlen;
osmo-auc-gen: umts: print out the IND of the SQN used Make ind_mask available in the main(){} scope, in order to print out IND = SQN & ind_mask. Adjust test suite expectations. Related: OS#2465 Change-Id: I91eac53c4af66a58b9372d9baf5781fc9f29b1fc
2017-08-26 20:29:51 +00:00
ind_mask = seq_1 - 1;
osmo-auc-gen: umts: properly request --sqn The user supplied an --sqn to generate a vector for, but milenage_gen_vec() performs a nontrivial SQN increment before generating the vector. To end up with the user supplied SQN, we need to reverse this increment beforehand. Do this after all cmdline args have been parsed, in case one of them modifies the IND-bitlen parameter, which affects the SQN calculations. Related: OS#2464 OS#2465 Change-Id: Ic51a8f6333fee9c02b4073ca360991d0aa69c74f
2017-08-26 20:08:36 +00:00
if (sqn_is_set) {
/* Before calculating the UMTS auth vector, osmo_auth_gen_vec() increments SEQ.
* To end up with the SQN passed in by the user, we need to pass in SEQ-1, and
* indicate which IND slot to target. */
test_aud.u.umts.sqn = sqn - seq_1;
test_aud.u.umts.ind = sqn & ind_mask;
}
osmo-auc-gen: umts: add --ind arg During UMTS AKA, the caller typically indicates which IND slot the next used SQN should belong to. Without this option, osmo-auc-gen will always produce SQN from IND-slot 0. Add --ind option. Enhance the osmo-auc-gen_test.sh to expect errors with useful printouts on stderr, and add tests that verify valid --ind ranges. Related: OS#2465 Change-Id: Ib60eec80d58ca9a0a01e7fbd2bcbbd4339b1a6d8
2017-08-26 19:45:33 +00:00
if (sqn_is_set && ind_is_set) {
fprintf(stderr, "Requesting --sqn %"PRIu64" implies IND=%u,"
" so no further --ind argument is allowed.\n",
sqn, test_aud.u.umts.ind);
exit(2);
}
if (ind_is_set) {
if (ind >= (1 << test_aud.u.umts.ind_bitlen)) {
fprintf(stderr, "Requested --ind %u is too large for IND bitlen of %u\n",
ind, test_aud.u.umts.ind_bitlen);
exit(2);
}
test_aud.u.umts.ind = ind;
}
osmo-auc-gen: umts: properly request --sqn The user supplied an --sqn to generate a vector for, but milenage_gen_vec() performs a nontrivial SQN increment before generating the vector. To end up with the user supplied SQN, we need to reverse this increment beforehand. Do this after all cmdline args have been parsed, in case one of them modifies the IND-bitlen parameter, which affects the SQN calculations. Related: OS#2464 OS#2465 Change-Id: Ic51a8f6333fee9c02b4073ca360991d0aa69c74f
2017-08-26 20:08:36 +00:00
}
osmo-auc-gen: Add mode for verifying user-supplied AUTS When -A is used on the command line, the respective AUTS value will be validated and the SQN of the UICC printed.
2012-03-22 15:45:23 +00:00
if (!auts_is_set)
rc = osmo_auth_gen_vec(vec, &test_aud, _rand);
else
rc = osmo_auth_gen_vec_auts(vec, &test_aud, _auts, _rand, _rand);
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
if (rc < 0) {
osmo-auc-gen: Add mode for verifying user-supplied AUTS When -A is used on the command line, the respective AUTS value will be validated and the SQN of the UICC printed.
2012-03-22 15:45:23 +00:00
if (!auts_is_set)
fprintf(stderr, "error generating auth vector\n");
else
fprintf(stderr, "AUTS from MS seems incorrect\n");
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
exit(1);
}
osmo-auc-gen: Add "-I" mode for generating triplets.dat for strongswan If you want to use eap-sim-file with strongswan, you need a triplets.dat file in a specific format. osmo-auc-gen can now generate the respective format automatically.
2012-06-27 13:06:19 +00:00
if (fmt_triplets_dat)
dump_triplets_dat(vec);
osmo-auc-gen: clarify SQN output, prepare for SQN changes Upcoming patches will change the way SQN are incremented. Change the SQN related output by osmo-auc-gen so that it also makes sense after these changes, and so that its output is proven to remain unchanged for the same arguments: Always show the SQN used for vector generation when a UMTS vector was generated. Don't show the next SQN, it will not make sense anymore (see later patches). The adjustments of expected output of osmo-auc-gen_test illustrates how the output changes. Related: OS#1968 Change-Id: I35d9c669002ff3e8570e07b444cca34ce57c3b0c
2017-03-15 00:16:43 +00:00
else {
osmo-auc-gen: Add "-I" mode for generating triplets.dat for strongswan If you want to use eap-sim-file with strongswan, you need a triplets.dat file in a specific format. osmo-auc-gen can now generate the respective format automatically.
2012-06-27 13:06:19 +00:00
dump_auth_vec(vec);
osmo-auc-gen: umts: print out the IND of the SQN used Make ind_mask available in the main(){} scope, in order to print out IND = SQN & ind_mask. Adjust test suite expectations. Related: OS#2465 Change-Id: I91eac53c4af66a58b9372d9baf5781fc9f29b1fc
2017-08-26 20:29:51 +00:00
if (test_aud.type == OSMO_AUTH_TYPE_UMTS) {
osmo_auth_gen_vec: UMTS auth: store last used SQN, not next Prepare for the implementation of splitting SQN increments in SEQ and an IND part; particularly to clearly show where the changes in auth/milenage_test's expectations originate. Rationale: the source of UMTS auth vectors, for us usually OsmoHLR, typically stores the last used SQN, not the next one to be used. Particularly with the upcoming fix of the SQN scheme, this change is important: the next SQN will depend on which entity asks for it, because each auth consumer may have a particular slot in the IND part of SQN. It does not make sense to store the next SQN, because we will not know which consumer that will be for. The milenage_test has always calculated a tuple for SQN == 34. To account for the increment now happening before calculating a tuple, lower the test_aud->sqn by one to 0x21 == 33, so that it is still calculating for SQN == 34. Because we are no longer incrementing SQN after the tuple is generated, milenage_test's expected output after doing an AUTS resync to 31 changes to the next SQN = 32, the SQN used for the generated tuple. (BTW, a subsequent patch will illustrate AUTS in detail.) osmo-auc-gen now needs to pass the user requested SQN less one, because the SQN will be incremented befor generating the auth vector. Also the SQN remains the same after generating, so SQN output needs less decrementing. Note that the expected output for osmo-auc-gen_test remains unchanged, hence the same input arguments (particularly -s <sqn> and -A <auts>) still produce the same results. Note: osmo-hlr regression tests will require adjustments when this patch is merged, because it must now pass desired_sqn - 1 instead of just desired_sqn. See osmo-hlr change-id I4ec5a578537acb1d9e1ebfe00a72417fc3ca5894 . Related: OS#1968 Change-Id: Iadf43f21e0605e9e85f7e8026c40985f7ceff1a3
2017-03-13 16:36:17 +00:00
printf("SQN:\t%" PRIu64 "\n", test_aud.u.umts.sqn);
osmo-auc-gen: umts: print out the IND of the SQN used Make ind_mask available in the main(){} scope, in order to print out IND = SQN & ind_mask. Adjust test suite expectations. Related: OS#2465 Change-Id: I91eac53c4af66a58b9372d9baf5781fc9f29b1fc
2017-08-26 20:29:51 +00:00
printf("IND:\t%u\n", (unsigned int)(test_aud.u.umts.sqn & ind_mask));
umts aka: add sqn_ms out-param, print SQN.MS in osmo-auc-gen When doing UMTS AKA with AUTS, it can be interesting to know the SQN.MS that was encoded in the AUTS. The only way to know this is to provide it as a separate out-parameter from milenage_gen_vec_auts(), because the SQN.MS from AUTS stored in umts.sqn is immediately modified non-trivially by milenage_gen_vec(). Add sqn_ms to struct osmo_sub_auth_data to retain SQN.MS even after a vector was generated. Use this to print out SQN.MS for 'osmo-auc-gen -3 -A'. Adjust test suite expectations. Related: OS#2464 Change-Id: I9fc05bbf169d06716f40b995154fd42a3f91bef3
2017-08-26 20:43:50 +00:00
if (auts_is_set)
printf("SQN.MS:\t%" PRIu64 "\n", test_aud.u.umts.sqn_ms);
osmo-auc-gen: umts: print out the IND of the SQN used Make ind_mask available in the main(){} scope, in order to print out IND = SQN & ind_mask. Adjust test suite expectations. Related: OS#2465 Change-Id: I91eac53c4af66a58b9372d9baf5781fc9f29b1fc
2017-08-26 20:29:51 +00:00
}
osmo-auc-gen: clarify SQN output, prepare for SQN changes Upcoming patches will change the way SQN are incremented. Change the SQN related output by osmo-auc-gen so that it also makes sense after these changes, and so that its output is proven to remain unchanged for the same arguments: Always show the SQN used for vector generation when a UMTS vector was generated. Don't show the next SQN, it will not make sense anymore (see later patches). The adjustments of expected output of osmo-auc-gen_test illustrates how the output changes. Related: OS#1968 Change-Id: I35d9c669002ff3e8570e07b444cca34ce57c3b0c
2017-03-15 00:16:43 +00:00
}
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
osmo-auc-gen: Add mode for verifying user-supplied AUTS When -A is used on the command line, the respective AUTS value will be validated and the SQN of the UICC printed.
2012-03-22 15:45:23 +00:00
exit(0);
add 'osmo-auc-gen' tool that can be used to generate auth vectors Thsi tool usses libosmocore in order to generate 2G and 3G authentication vectors from private key material, exactly like an AuC would produce them in a real network.
2011-12-07 01:38:42 +00:00
}