From a9c91cc0a1c7ce600012bb3ed6be3703972dd89e Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@osmocom.org>
Date: Tue, 30 May 2023 11:58:28 +0200
Subject: [PATCH] libosmogsm: Ensure MILENAGE + XOR-3G K length is 128 bit

Since Change-Id Ie775fedba4a3fa12314c0f7c8a369662ef6a40df we are
supporting K-lengths != 128 bit.  However, our existing MILENAGE
and XOR-3G algorithms only support that key length, so let's add
some explicit checks for that.

Change-Id: Iae8b93cf059abda087101cdd01bbcf92d355753b
---
 src/gsm/auth_milenage.c | 11 +++++++++++
 src/gsm/auth_xor.c      | 12 ++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/gsm/auth_milenage.c b/src/gsm/auth_milenage.c
index 84780c6b5..9e94293fd 100644
--- a/src/gsm/auth_milenage.c
+++ b/src/gsm/auth_milenage.c
@@ -19,6 +19,7 @@
  *
  */
 
+#include <errno.h>
 #include <osmocom/crypt/auth.h>
 #include <osmocom/core/bits.h>
 #include "milenage/common.h"
@@ -57,6 +58,11 @@ static int milenage_gen_vec(struct osmo_auth_vector *vec,
 
 	OSMO_ASSERT(aud->algo == OSMO_AUTH_ALG_MILENAGE);
 
+	if (aud->u.umts.k_len != 16)
+		return -EINVAL;
+	if (aud->u.umts.opc_len != 16)
+		return -EINVAL;
+
 	opc = gen_opc_if_needed(aud, gen_opc);
 	if (!opc)
 		return -1;
@@ -154,6 +160,11 @@ static int milenage_gen_vec_auts(struct osmo_auth_vector *vec,
 
 	OSMO_ASSERT(aud->algo == OSMO_AUTH_ALG_MILENAGE);
 
+	if (aud->u.umts.k_len != 16)
+		return -EINVAL;
+	if (aud->u.umts.opc_len != 16)
+		return -EINVAL;
+
 	opc = gen_opc_if_needed(aud, gen_opc);
 
 	rc = milenage_auts(opc, aud->u.umts.k, rand_auts, auts, sqn_out);
diff --git a/src/gsm/auth_xor.c b/src/gsm/auth_xor.c
index c94b02f7c..a506a03df 100644
--- a/src/gsm/auth_xor.c
+++ b/src/gsm/auth_xor.c
@@ -55,9 +55,11 @@ static int xor_gen_vec(struct osmo_auth_vector *vec,
 	/* Step 1: xdout = (ki or k) ^ rand */
 	if (aud->type == OSMO_AUTH_TYPE_GSM)
 		xor(xdout, aud->u.gsm.ki, _rand, sizeof(xdout));
-	else if (aud->type == OSMO_AUTH_TYPE_UMTS)
+	else if (aud->type == OSMO_AUTH_TYPE_UMTS) {
+		if (aud->u.umts.k_len != 16)
+			return -EINVAL;
 		xor(xdout, aud->u.umts.k, _rand, sizeof(xdout));
-	else
+	} else
 		return -ENOTSUP;
 
 	/**
@@ -141,9 +143,11 @@ static int xor_gen_vec_auts(struct osmo_auth_vector *vec,
 	/* Step 1: xdout = (ki or k) ^ rand */
 	if (aud->type == OSMO_AUTH_TYPE_GSM)
 		xor(xdout, aud->u.gsm.ki, _rand, sizeof(xdout));
-	else if (aud->type == OSMO_AUTH_TYPE_UMTS)
+	else if (aud->type == OSMO_AUTH_TYPE_UMTS) {
+		if (aud->u.umts.k_len != 16)
+			return -EINVAL;
 		xor(xdout, aud->u.umts.k, _rand, sizeof(xdout));
-	else
+	} else
 		return -ENOTSUP;
 
 	/* Step 2: ak = xdout[2-8] */