Implement the XOR-2G authentication algorithm

We've so far only been supporting XOR-3G algorithm as specified in TS 34.108 (in both 3G and 2G-derivation mode). However, XOR-3G used for 2G auth is different from the XOR-2G algorithm as defined in Annex A of TS 51.010-1. Let's add support for that one, too. Change-Id: I0ee0565382c1e4515d44ff9b1752685c0a66ae39
2023-02-21 22:18:11 +01:00 · 2023-02-21 22:18:11 +01:00 · e93c5e99b6
parent 8d9ed738a7
commit e93c5e99b6
4 changed files with 82 additions and 1 deletions
--- a/include/osmocom/crypt/auth.h
+++ b/include/osmocom/crypt/auth.h
@ -32,6 +32,7 @@ enum osmo_auth_algo {
 	OSMO_AUTH_ALG_COMP128v3,
 	OSMO_AUTH_ALG_XOR,
 	OSMO_AUTH_ALG_MILENAGE,
+	OSMO_AUTH_ALG_XOR_2G,
 	_OSMO_AUTH_ALG_NUM,
 };

--- a/src/gsm/Makefile.am
+++ b/src/gsm/Makefile.am
@ -26,7 +26,7 @@ libgsmint_la_SOURCES =  a5.c rxlev_stat.c tlv_parser.c comp128.c comp128v23.c \
 			gprs_cipher_core.c gprs_rlc.c gsm0480.c abis_nm.c gsm0502.c \
 			gsm0411_utils.c gsm0411_smc.c gsm0411_smr.c gsm0414.c \
 			lapdm.c kasumi.c gsm29205.c gsm_04_08_gprs.c \
-			auth_core.c auth_comp128v1.c auth_comp128v23.c auth_xor.c \
+			auth_core.c auth_comp128v1.c auth_comp128v23.c auth_xor.c auth_xor_2g.c \
 			auth_milenage.c milenage/aes-encblock.c gea.c \
 			milenage/aes-internal.c milenage/aes-internal-enc.c \
 			milenage/milenage.c gan.c ipa.c gsm0341.c apn.c \
--- a/src/gsm/auth_core.c
+++ b/src/gsm/auth_core.c
@ -210,6 +210,7 @@ static const struct value_string auth_alg_vals[] = {
 	{ OSMO_AUTH_ALG_COMP128v3, "COMP128v3" },
 	{ OSMO_AUTH_ALG_XOR, "XOR" },
 	{ OSMO_AUTH_ALG_MILENAGE, "MILENAGE" },
+	{ OSMO_AUTH_ALG_XOR_2G, "XOR-2G" },
 	{ 0, NULL }
 };

--- a/src/gsm/auth_xor_2g.c
+++ b/src/gsm/auth_xor_2g.c
@ -0,0 +1,79 @@
+/*! \file auth_xor.c
+ * GSM XOR-2G algorithm as specified in Annex 4 (A.4.1.2) of 3GPP TS 51.010-1.
+ * This is implemented by typical GSM MS tester */
+
+/*
+ * (C) 2023 by Harald Welte <laforge@gnumonks.org>
+ *
+ * All Rights Reserved
+ *
+ * Author: Daniel Willmann <dwillmann@sysmocom.de>
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ */
+
+#include <string.h>
+#include <stdint.h>
+#include <errno.h>
+
+#include <osmocom/crypt/auth.h>
+
+/*! \addtogroup auth
+ *  @{
+ */
+
+static void xor(uint8_t *out, const uint8_t *a, const uint8_t *b, size_t len)
+{
+	size_t i;
+
+	for (i = 0; i < len; i++)
+		out[i] = a[i] ^ b[i];
+}
+
+/* GSM XOR-2G algorithm as specified in Annex 4 (A.4.1.2) of 3GPP TS 51.010-1. */
+static int xor2g_gen_vec(struct osmo_auth_vector *vec,
+		       struct osmo_sub_auth_data *aud,
+		       const uint8_t *_rand)
+{
+	uint8_t res1[16];
+
+	if (aud->type != OSMO_AUTH_TYPE_GSM)
+		return -ENOTSUP;
+
+	/* Step 1: XOR to the challenge RAND, a predefined number Ki, having the same bit length (128 bits) as
+	 * RAND. */
+	xor(res1, aud->u.gsm.ki, _rand, sizeof(res1));
+
+	/* Step 2: The most significant 32 bits of RES1 form SRES. */
+	memcpy(vec->sres, res1, 4);
+	/* The next 64 bits of RES1 form Kc */
+	memcpy(vec->kc, res1+4, 8);
+
+	vec->auth_types = OSMO_AUTH_TYPE_GSM;
+	return 0;
+}
+
+static struct osmo_auth_impl xor2g_alg = {
+	.algo = OSMO_AUTH_ALG_XOR_2G,
+	.name = "XOR-2G (libosmogsm built-in)",
+	.priority = 1000,
+	.gen_vec = &xor2g_gen_vec,
+};
+
+static __attribute__((constructor)) void on_dso_load_xor(void)
+{
+	osmo_auth_register(&xor2g_alg);
+}
+
+/*! @} */