From aa84b71f0fe014156e90dde2f0c44694368dc034 Mon Sep 17 00:00:00 2001
From: Neels Hofmeyr <neels@hofmeyr.de>
Date: Mon, 18 Dec 2017 03:12:01 +0100
Subject: [PATCH] add osmo_auth_c3() (separate from gsm_milenage())

To send a Ciphering Mode Command, we may need to derive a Kc from UMTS AKA
tokens. gsm_milenage() derives Kc from 3G tokens, but also derives an SRES.
For SRES, it requires an OPC, which may need to be derived from OP first. All
we need is a Kc, so we could feed a zero OPC ...  but to simplify the function
call for cases where just a Kc is required, separate the c3 function out from
gsm_milenage(), as osmo_auth_c3(). Obviously call osmo_auth_c3() from
gsm_milenage() (meaning that osmo-hlr's 55.205 derived auc tests still cover
exactly that implementation).

Prepares: If04e405426c55a81341747a9b450a69188525d5c (osmo-msc)
Related: OS#2745
Change-Id: I85a1d6ae95ad9e5ce9524ef7fc06414848afc2aa
---
 include/osmocom/crypt/auth.h |  2 ++
 src/gsm/auth_core.c          | 13 +++++++++++++
 src/gsm/libosmogsm.map       |  1 +
 src/gsm/milenage/milenage.c  |  5 ++---
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/include/osmocom/crypt/auth.h b/include/osmocom/crypt/auth.h
index 4dbc6a4d3..e544126b9 100644
--- a/include/osmocom/crypt/auth.h
+++ b/include/osmocom/crypt/auth.h
@@ -105,4 +105,6 @@ void osmo_c4(uint8_t *ck, const uint8_t *kc);
 const char *osmo_auth_alg_name(enum osmo_auth_algo alg);
 enum osmo_auth_algo osmo_auth_alg_parse(const char *name);
 
+void osmo_auth_c3(uint8_t kc[], const uint8_t ck[], const uint8_t ik[]);
+
 /* @} */
diff --git a/src/gsm/auth_core.c b/src/gsm/auth_core.c
index 400708f95..f171ed49f 100644
--- a/src/gsm/auth_core.c
+++ b/src/gsm/auth_core.c
@@ -236,4 +236,17 @@ const struct value_string osmo_sub_auth_type_names[] = {
 	{ 0, NULL }
 };
 
+/* Derive GSM AKA ciphering key Kc from UMTS AKA CK and IK (auth function c3 from 3GPP TS 33.103 §
+ * 4.6.1).
+ * \param[out] kc  GSM AKA Kc, 8 byte target buffer.
+ * \param[in] ck  UMTS AKA CK, 16 byte input buffer.
+ * \param[in] ik  UMTS AKA IK, 16 byte input buffer.
+ */
+void osmo_auth_c3(uint8_t kc[], const uint8_t ck[], const uint8_t ik[])
+{
+	int i;
+	for (i = 0; i < 8; i++)
+		kc[i] = ck[i] ^ ck[i + 8] ^ ik[i] ^ ik[i + 8];
+}
+
 /*! @} */
diff --git a/src/gsm/libosmogsm.map b/src/gsm/libosmogsm.map
index 6e6638a9a..d915234cf 100644
--- a/src/gsm/libosmogsm.map
+++ b/src/gsm/libosmogsm.map
@@ -340,6 +340,7 @@ osmo_auth_3g_from_2g;
 osmo_auth_load;
 osmo_auth_register;
 osmo_auth_supported;
+osmo_auth_c3;
 osmo_sub_auth_type_names;
 
 osmo_rsl2sitype;
diff --git a/src/gsm/milenage/milenage.c b/src/gsm/milenage/milenage.c
index 7cf33122f..3c14ab962 100644
--- a/src/gsm/milenage/milenage.c
+++ b/src/gsm/milenage/milenage.c
@@ -29,7 +29,7 @@
 #include "common.h"
 #include "aes_wrap.h"
 #include "milenage.h"
-
+#include <osmocom/crypt/auth.h>
 
 /**
  * milenage_f1 - Milenage f1 and f1* algorithms
@@ -249,8 +249,7 @@ int gsm_milenage(const u8 *opc, const u8 *k, const u8 *_rand, u8 *sres, u8 *kc)
 	if (milenage_f2345(opc, k, _rand, res, ck, ik, NULL, NULL))
 		return -1;
 
-	for (i = 0; i < 8; i++)
-		kc[i] = ck[i] ^ ck[i + 8] ^ ik[i] ^ ik[i + 8];
+	osmo_auth_c3(kc, ck, ik);
 
 #ifdef GSM_MILENAGE_ALT_SRES
 	os_memcpy(sres, res, 4);