mirror of https://gerrit.osmocom.org/libosmocore
authentication: More documentation
This commit is contained in:
parent
a9e4a1402b
commit
007a71e332
|
|
@ -1,11 +1,17 @@
|
||||||
#ifndef _OSMOCRYPTO_AUTH_H
|
#ifndef _OSMOCRYPTO_AUTH_H
|
||||||
#define _OSMOCRYPTO_AUTH_H
|
#define _OSMOCRYPTO_AUTH_H
|
||||||
|
|
||||||
|
/*! \addtogroup auth
|
||||||
|
* @{
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*! \file auth.h */
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
|
||||||
#include <osmocom/core/linuxlist.h>
|
#include <osmocom/core/linuxlist.h>
|
||||||
|
|
||||||
/*! \brief Authentication Type */
|
/*! \brief Authentication Type (GSM/UMTS) */
|
||||||
enum osmo_sub_auth_type {
|
enum osmo_sub_auth_type {
|
||||||
OSMO_AUTH_TYPE_NONE = 0x00,
|
OSMO_AUTH_TYPE_NONE = 0x00,
|
||||||
OSMO_AUTH_TYPE_GSM = 0x01,
|
OSMO_AUTH_TYPE_GSM = 0x01,
|
||||||
|
|
@ -29,42 +35,44 @@ struct osmo_sub_auth_data {
|
||||||
enum osmo_auth_algo algo;
|
enum osmo_auth_algo algo;
|
||||||
union {
|
union {
|
||||||
struct {
|
struct {
|
||||||
uint8_t opc[16];
|
uint8_t opc[16]; /*!< operator invariant value */
|
||||||
uint8_t k[16];
|
uint8_t k[16]; /*!< secret key of the subscriber */
|
||||||
uint8_t amf[2];
|
uint8_t amf[2];
|
||||||
uint64_t sqn;
|
uint64_t sqn; /*!< sequence number */
|
||||||
int opc_is_op;
|
int opc_is_op; /*!< is the OPC field OPC (0) or OP (1) ? */
|
||||||
} umts;
|
} umts;
|
||||||
struct {
|
struct {
|
||||||
uint8_t ki[16];
|
uint8_t ki[16]; /*!< secret key */
|
||||||
} gsm;
|
} gsm;
|
||||||
} u;
|
} u;
|
||||||
};
|
};
|
||||||
|
|
||||||
/* data structure describing a computed auth vector, generated by AuC */
|
/* data structure describing a computed auth vector, generated by AuC */
|
||||||
struct osmo_auth_vector {
|
struct osmo_auth_vector {
|
||||||
uint8_t rand[16];
|
uint8_t rand[16]; /*!< random challenge */
|
||||||
uint8_t autn[16];
|
uint8_t autn[16]; /*!< authentication nonce */
|
||||||
uint8_t ck[16];
|
uint8_t ck[16]; /*!< ciphering key */
|
||||||
uint8_t ik[16];
|
uint8_t ik[16]; /*!< integrity key */
|
||||||
uint8_t res[16];
|
uint8_t res[16]; /*!< authentication result */
|
||||||
uint8_t res_len;
|
uint8_t res_len; /*!< length (in bytes) of res */
|
||||||
uint8_t kc[8];
|
uint8_t kc[8]; /*!< Kc for GSM encryption (A5) */
|
||||||
uint8_t sres[4];
|
uint8_t sres[4]; /*!< authentication result for GSM */
|
||||||
uint32_t auth_types; /*!< bitmask of OSMO_AUTH_TYPE_* */
|
uint32_t auth_types; /*!< bitmask of OSMO_AUTH_TYPE_* */
|
||||||
};
|
};
|
||||||
|
|
||||||
/* \brief An implementation of an authentication algorithm */
|
/* \brief An implementation of an authentication algorithm */
|
||||||
struct osmo_auth_impl {
|
struct osmo_auth_impl {
|
||||||
struct llist_head list;
|
struct llist_head list;
|
||||||
enum osmo_auth_algo algo;
|
enum osmo_auth_algo algo; /*!< algorithm we implement */
|
||||||
const char *name;
|
const char *name; /*!< name of the implementation */
|
||||||
unsigned int priority;
|
unsigned int priority; /*!< priority value (resp. othe implementations */
|
||||||
|
|
||||||
|
/*! \brief callback for generate authentication vectors */
|
||||||
int (*gen_vec)(struct osmo_auth_vector *vec,
|
int (*gen_vec)(struct osmo_auth_vector *vec,
|
||||||
struct osmo_sub_auth_data *aud,
|
struct osmo_sub_auth_data *aud,
|
||||||
const uint8_t *_rand);
|
const uint8_t *_rand);
|
||||||
|
|
||||||
|
/* \brief callback for generationg auth vectors + re-sync */
|
||||||
int (*gen_vec_auts)(struct osmo_auth_vector *vec,
|
int (*gen_vec_auts)(struct osmo_auth_vector *vec,
|
||||||
struct osmo_sub_auth_data *aud,
|
struct osmo_sub_auth_data *aud,
|
||||||
const uint8_t *rand_auts, const uint8_t *auts,
|
const uint8_t *rand_auts, const uint8_t *auts,
|
||||||
|
|
@ -89,3 +97,5 @@ const char *osmo_auth_alg_name(enum osmo_auth_algo alg);
|
||||||
enum osmo_auth_algo osmo_auth_alg_parse(const char *name);
|
enum osmo_auth_algo osmo_auth_alg_parse(const char *name);
|
||||||
|
|
||||||
#endif /* _OSMOCRYPTO_AUTH_H */
|
#endif /* _OSMOCRYPTO_AUTH_H */
|
||||||
|
|
||||||
|
/* @} */
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
/* GSM/GPRS/3G authentication core infrastructure */
|
/* GSM/GPRS/3G authentication core infrastructure */
|
||||||
|
|
||||||
/* (C) 2010-2011 by Harald Welte <laforge@gnumonks.org>
|
/* (C) 2010-2012 by Harald Welte <laforge@gnumonks.org>
|
||||||
*
|
*
|
||||||
* All Rights Reserved
|
* All Rights Reserved
|
||||||
*
|
*
|
||||||
|
|
@ -30,11 +30,23 @@
|
||||||
|
|
||||||
#include <osmocom/crypt/auth.h>
|
#include <osmocom/crypt/auth.h>
|
||||||
|
|
||||||
|
/*! \addtogroup auth
|
||||||
|
* @{
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* \file auth_core.c
|
||||||
|
*/
|
||||||
|
|
||||||
static LLIST_HEAD(osmo_auths);
|
static LLIST_HEAD(osmo_auths);
|
||||||
|
|
||||||
static struct osmo_auth_impl *selected_auths[_OSMO_AUTH_ALG_NUM];
|
static struct osmo_auth_impl *selected_auths[_OSMO_AUTH_ALG_NUM];
|
||||||
|
|
||||||
/* register a cipher with the core */
|
/*! \brief Register an authentication algorithm implementation with the core
|
||||||
|
* \param[in] impl Structure describing implementation and it's callbacks
|
||||||
|
*
|
||||||
|
* This function is called by an authentication implementation plugin to
|
||||||
|
* register itself with the authentication core.
|
||||||
|
*/
|
||||||
int osmo_auth_register(struct osmo_auth_impl *impl)
|
int osmo_auth_register(struct osmo_auth_impl *impl)
|
||||||
{
|
{
|
||||||
if (impl->algo >= ARRAY_SIZE(selected_auths))
|
if (impl->algo >= ARRAY_SIZE(selected_auths))
|
||||||
|
|
@ -50,13 +62,23 @@ int osmo_auth_register(struct osmo_auth_impl *impl)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* load all available GPRS cipher plugins */
|
/*! \brief Load all available authentication plugins from the given path
|
||||||
|
* \param[in] path Path name of the directory containing the plugins
|
||||||
|
*
|
||||||
|
* This function will load all plugins contained in the specified path.
|
||||||
|
*/
|
||||||
int osmo_auth_load(const char *path)
|
int osmo_auth_load(const char *path)
|
||||||
{
|
{
|
||||||
/* load all plugins available from path */
|
/* load all plugins available from path */
|
||||||
return osmo_plugin_load_all(path);
|
return osmo_plugin_load_all(path);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*! \brief Determine if a given authentication algorithm is supported
|
||||||
|
* \param[in] algo Algorithm which should be checked
|
||||||
|
*
|
||||||
|
* This function is used by an application to determine at runtime if a
|
||||||
|
* given authentication algorithm is supported or not.
|
||||||
|
*/
|
||||||
int osmo_auth_supported(enum osmo_auth_algo algo)
|
int osmo_auth_supported(enum osmo_auth_algo algo)
|
||||||
{
|
{
|
||||||
if (algo >= ARRAY_SIZE(selected_auths))
|
if (algo >= ARRAY_SIZE(selected_auths))
|
||||||
|
|
@ -68,6 +90,17 @@ int osmo_auth_supported(enum osmo_auth_algo algo)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*! \brief Generate authentication vector
|
||||||
|
* \param[out] vec Generated authentication vector
|
||||||
|
* \param[in] aud Subscriber-specific key material
|
||||||
|
* \param[in] rand Random challenge to be used
|
||||||
|
*
|
||||||
|
* This function performs the core cryptographic function of the AUC,
|
||||||
|
* computing authentication triples/quintuples based on the permanent
|
||||||
|
* subscriber data and a random value. The result is what is forwarded
|
||||||
|
* by the AUC via HLR and VLR to the MSC which will then be able to
|
||||||
|
* invoke authentication with the MS
|
||||||
|
*/
|
||||||
int osmo_auth_gen_vec(struct osmo_auth_vector *vec,
|
int osmo_auth_gen_vec(struct osmo_auth_vector *vec,
|
||||||
struct osmo_sub_auth_data *aud,
|
struct osmo_sub_auth_data *aud,
|
||||||
const uint8_t *_rand)
|
const uint8_t *_rand)
|
||||||
|
|
@ -87,6 +120,20 @@ int osmo_auth_gen_vec(struct osmo_auth_vector *vec,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*! \brief Generate authentication vector and re-sync sequence
|
||||||
|
* \param[out] vec Generated authentication vector
|
||||||
|
* \param[in] aud Subscriber-specific key material
|
||||||
|
* \param[in] rand_auts RAND value sent by the SIM/MS
|
||||||
|
* \param[in] auts AUTS value sent by the SIM/MS
|
||||||
|
* \param[in] rand Random challenge to be used to generate vector
|
||||||
|
*
|
||||||
|
* This function performs a special variant of the core cryptographic
|
||||||
|
* function of the AUC: computing authentication triples/quintuples
|
||||||
|
* based on the permanent subscriber data, a random value as well as the
|
||||||
|
* AUTS and RAND values returned by the SIM/MS. This special variant is
|
||||||
|
* needed if the sequence numbers between MS and AUC have for some
|
||||||
|
* reason become diffrent.
|
||||||
|
*/
|
||||||
int osmo_auth_gen_vec_auts(struct osmo_auth_vector *vec,
|
int osmo_auth_gen_vec_auts(struct osmo_auth_vector *vec,
|
||||||
struct osmo_sub_auth_data *aud,
|
struct osmo_sub_auth_data *aud,
|
||||||
const uint8_t *rand_auts, const uint8_t *auts,
|
const uint8_t *rand_auts, const uint8_t *auts,
|
||||||
|
|
@ -110,12 +157,16 @@ static const struct value_string auth_alg_vals[] = {
|
||||||
{ 0, NULL }
|
{ 0, NULL }
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/*! \brief Get human-readable name of authentication algorithm */
|
||||||
const char *osmo_auth_alg_name(enum osmo_auth_algo alg)
|
const char *osmo_auth_alg_name(enum osmo_auth_algo alg)
|
||||||
{
|
{
|
||||||
return get_value_string(auth_alg_vals, alg);
|
return get_value_string(auth_alg_vals, alg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*! \brief Parse human-readable name of authentication algorithm */
|
||||||
enum osmo_auth_algo osmo_auth_alg_parse(const char *name)
|
enum osmo_auth_algo osmo_auth_alg_parse(const char *name)
|
||||||
{
|
{
|
||||||
return get_string_value(auth_alg_vals, name);
|
return get_string_value(auth_alg_vals, name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*! @} */
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue