mirror of https://gerrit.osmocom.org/libosmocore
authentication: More documentation
This commit is contained in:
parent
a9e4a1402b
commit
007a71e332
|
@ -1,11 +1,17 @@
|
|||
#ifndef _OSMOCRYPTO_AUTH_H
|
||||
#define _OSMOCRYPTO_AUTH_H
|
||||
|
||||
/*! \addtogroup auth
|
||||
* @{
|
||||
*/
|
||||
|
||||
/*! \file auth.h */
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
#include <osmocom/core/linuxlist.h>
|
||||
|
||||
/*! \brief Authentication Type */
|
||||
/*! \brief Authentication Type (GSM/UMTS) */
|
||||
enum osmo_sub_auth_type {
|
||||
OSMO_AUTH_TYPE_NONE = 0x00,
|
||||
OSMO_AUTH_TYPE_GSM = 0x01,
|
||||
|
@ -29,42 +35,44 @@ struct osmo_sub_auth_data {
|
|||
enum osmo_auth_algo algo;
|
||||
union {
|
||||
struct {
|
||||
uint8_t opc[16];
|
||||
uint8_t k[16];
|
||||
uint8_t opc[16]; /*!< operator invariant value */
|
||||
uint8_t k[16]; /*!< secret key of the subscriber */
|
||||
uint8_t amf[2];
|
||||
uint64_t sqn;
|
||||
int opc_is_op;
|
||||
uint64_t sqn; /*!< sequence number */
|
||||
int opc_is_op; /*!< is the OPC field OPC (0) or OP (1) ? */
|
||||
} umts;
|
||||
struct {
|
||||
uint8_t ki[16];
|
||||
uint8_t ki[16]; /*!< secret key */
|
||||
} gsm;
|
||||
} u;
|
||||
};
|
||||
|
||||
/* data structure describing a computed auth vector, generated by AuC */
|
||||
struct osmo_auth_vector {
|
||||
uint8_t rand[16];
|
||||
uint8_t autn[16];
|
||||
uint8_t ck[16];
|
||||
uint8_t ik[16];
|
||||
uint8_t res[16];
|
||||
uint8_t res_len;
|
||||
uint8_t kc[8];
|
||||
uint8_t sres[4];
|
||||
uint8_t rand[16]; /*!< random challenge */
|
||||
uint8_t autn[16]; /*!< authentication nonce */
|
||||
uint8_t ck[16]; /*!< ciphering key */
|
||||
uint8_t ik[16]; /*!< integrity key */
|
||||
uint8_t res[16]; /*!< authentication result */
|
||||
uint8_t res_len; /*!< length (in bytes) of res */
|
||||
uint8_t kc[8]; /*!< Kc for GSM encryption (A5) */
|
||||
uint8_t sres[4]; /*!< authentication result for GSM */
|
||||
uint32_t auth_types; /*!< bitmask of OSMO_AUTH_TYPE_* */
|
||||
};
|
||||
|
||||
/* \brief An implementation of an authentication algorithm */
|
||||
struct osmo_auth_impl {
|
||||
struct llist_head list;
|
||||
enum osmo_auth_algo algo;
|
||||
const char *name;
|
||||
unsigned int priority;
|
||||
enum osmo_auth_algo algo; /*!< algorithm we implement */
|
||||
const char *name; /*!< name of the implementation */
|
||||
unsigned int priority; /*!< priority value (resp. othe implementations */
|
||||
|
||||
/*! \brief callback for generate authentication vectors */
|
||||
int (*gen_vec)(struct osmo_auth_vector *vec,
|
||||
struct osmo_sub_auth_data *aud,
|
||||
const uint8_t *_rand);
|
||||
|
||||
/* \brief callback for generationg auth vectors + re-sync */
|
||||
int (*gen_vec_auts)(struct osmo_auth_vector *vec,
|
||||
struct osmo_sub_auth_data *aud,
|
||||
const uint8_t *rand_auts, const uint8_t *auts,
|
||||
|
@ -89,3 +97,5 @@ const char *osmo_auth_alg_name(enum osmo_auth_algo alg);
|
|||
enum osmo_auth_algo osmo_auth_alg_parse(const char *name);
|
||||
|
||||
#endif /* _OSMOCRYPTO_AUTH_H */
|
||||
|
||||
/* @} */
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/* GSM/GPRS/3G authentication core infrastructure */
|
||||
|
||||
/* (C) 2010-2011 by Harald Welte <laforge@gnumonks.org>
|
||||
/* (C) 2010-2012 by Harald Welte <laforge@gnumonks.org>
|
||||
*
|
||||
* All Rights Reserved
|
||||
*
|
||||
|
@ -30,11 +30,23 @@
|
|||
|
||||
#include <osmocom/crypt/auth.h>
|
||||
|
||||
/*! \addtogroup auth
|
||||
* @{
|
||||
*/
|
||||
|
||||
/* \file auth_core.c
|
||||
*/
|
||||
|
||||
static LLIST_HEAD(osmo_auths);
|
||||
|
||||
static struct osmo_auth_impl *selected_auths[_OSMO_AUTH_ALG_NUM];
|
||||
|
||||
/* register a cipher with the core */
|
||||
/*! \brief Register an authentication algorithm implementation with the core
|
||||
* \param[in] impl Structure describing implementation and it's callbacks
|
||||
*
|
||||
* This function is called by an authentication implementation plugin to
|
||||
* register itself with the authentication core.
|
||||
*/
|
||||
int osmo_auth_register(struct osmo_auth_impl *impl)
|
||||
{
|
||||
if (impl->algo >= ARRAY_SIZE(selected_auths))
|
||||
|
@ -50,13 +62,23 @@ int osmo_auth_register(struct osmo_auth_impl *impl)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* load all available GPRS cipher plugins */
|
||||
/*! \brief Load all available authentication plugins from the given path
|
||||
* \param[in] path Path name of the directory containing the plugins
|
||||
*
|
||||
* This function will load all plugins contained in the specified path.
|
||||
*/
|
||||
int osmo_auth_load(const char *path)
|
||||
{
|
||||
/* load all plugins available from path */
|
||||
return osmo_plugin_load_all(path);
|
||||
}
|
||||
|
||||
/*! \brief Determine if a given authentication algorithm is supported
|
||||
* \param[in] algo Algorithm which should be checked
|
||||
*
|
||||
* This function is used by an application to determine at runtime if a
|
||||
* given authentication algorithm is supported or not.
|
||||
*/
|
||||
int osmo_auth_supported(enum osmo_auth_algo algo)
|
||||
{
|
||||
if (algo >= ARRAY_SIZE(selected_auths))
|
||||
|
@ -68,6 +90,17 @@ int osmo_auth_supported(enum osmo_auth_algo algo)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*! \brief Generate authentication vector
|
||||
* \param[out] vec Generated authentication vector
|
||||
* \param[in] aud Subscriber-specific key material
|
||||
* \param[in] rand Random challenge to be used
|
||||
*
|
||||
* This function performs the core cryptographic function of the AUC,
|
||||
* computing authentication triples/quintuples based on the permanent
|
||||
* subscriber data and a random value. The result is what is forwarded
|
||||
* by the AUC via HLR and VLR to the MSC which will then be able to
|
||||
* invoke authentication with the MS
|
||||
*/
|
||||
int osmo_auth_gen_vec(struct osmo_auth_vector *vec,
|
||||
struct osmo_sub_auth_data *aud,
|
||||
const uint8_t *_rand)
|
||||
|
@ -87,6 +120,20 @@ int osmo_auth_gen_vec(struct osmo_auth_vector *vec,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/*! \brief Generate authentication vector and re-sync sequence
|
||||
* \param[out] vec Generated authentication vector
|
||||
* \param[in] aud Subscriber-specific key material
|
||||
* \param[in] rand_auts RAND value sent by the SIM/MS
|
||||
* \param[in] auts AUTS value sent by the SIM/MS
|
||||
* \param[in] rand Random challenge to be used to generate vector
|
||||
*
|
||||
* This function performs a special variant of the core cryptographic
|
||||
* function of the AUC: computing authentication triples/quintuples
|
||||
* based on the permanent subscriber data, a random value as well as the
|
||||
* AUTS and RAND values returned by the SIM/MS. This special variant is
|
||||
* needed if the sequence numbers between MS and AUC have for some
|
||||
* reason become diffrent.
|
||||
*/
|
||||
int osmo_auth_gen_vec_auts(struct osmo_auth_vector *vec,
|
||||
struct osmo_sub_auth_data *aud,
|
||||
const uint8_t *rand_auts, const uint8_t *auts,
|
||||
|
@ -110,12 +157,16 @@ static const struct value_string auth_alg_vals[] = {
|
|||
{ 0, NULL }
|
||||
};
|
||||
|
||||
/*! \brief Get human-readable name of authentication algorithm */
|
||||
const char *osmo_auth_alg_name(enum osmo_auth_algo alg)
|
||||
{
|
||||
return get_value_string(auth_alg_vals, alg);
|
||||
}
|
||||
|
||||
/*! \brief Parse human-readable name of authentication algorithm */
|
||||
enum osmo_auth_algo osmo_auth_alg_parse(const char *name)
|
||||
{
|
||||
return get_string_value(auth_alg_vals, name);
|
||||
}
|
||||
|
||||
/*! @} */
|
||||
|
|
Loading…
Reference in New Issue