The TUAK algorithm is specified in 3GPP TS 35.231, 232 and 233 and
intended as an alternative to MILENAGE. It's based around the
cryptographic function of KeccakP1600, which is part of SHA-3.
This patch adds support for TUAK to the libosmogsm authentication
core API via 'struct osmo_auth_impl'.
Unit tests covering the test cases from the 3GPP specification are added
(and are all passing).
Change-Id: Ib905b8d8bdf248e8299bf50666ee1bca8298433d
3GPP specifies the C2 derivation function (generating GSM SRES from UMTS XRES)
independent of the MILENAGE algorithm. So instead of open-coding it in
milenage.c:gsm_milenage(), let's create a separate public function
osmo_auth_c2() similar to the already-existing osmo_auth_c3() function.
gsm_milenage() can then simply use that function.
Change-Id: I0e7cd55f5578f891cb6cc1b0442920ba5beddae4
There are 3G algorithms which support different lengths of RES values
(4, 8, 16 byte). For MILENAGE, we never really had to bother, as
the 4-byte RES is simply the first 4 bytes of the 8-byte RES.
However, for TUAK, the expected RES length is an input parameter to
the Keccak crypto functions, so the result of all parameters (including
CK, IK, ...) will be completely different for RES length 4 than RES
length 8.
So let's permit the caller of the osmocom auth API to specify the
requested RES length via the osmo_auth_vector.res_len parameter.
For backwards compatibility of callers of the old osmo_auth_gen_vec/
osmo_auth_gen_vec_auts API: Always force the res_len to 8 in this case,
which was the hard-coded length before this patch.
Change-Id: Ic662843fbe8b5c58e4af39ea630ad5ac13fd6bef
3GPP TS 33.102 Section 6.3.7 states that K can be 128 or 256 bits,
while our 'struct osmo_sub_auth_data' had a fixed-size 128bit field.
This means we cannot use our auth_core for algorithms with larger
key sizes, such as TUAK. Let's introduce osmo_sub_auth_data2 for
larger (and variable) sized K and OP[c].
K and OP[c] can even have different sizes in TUAK, where OP[c] is
always 256bit, but K can be 128 or 256 bits. So we need separate
length fields for K and OP[c].
I'm adding backwards-compatibility API wrappers, so old applications
just continue to work as they always did.
However, I'm not adding compatibility wrappers for the plug-in API
that can be used to register additional authentication implementations
at runtime. We don't know of any user of that API outside of
libosmocore, so the function signatures of the 'struct osmo_auth_impl'
are modified in an incompatible way.
Change-Id: Ie775fedba4a3fa12314c0f7c8a369662ef6a40df
Let's disambiguate. Our existing OSMO_AUTH_ALG_XOR was always only
the XOR-3G algorithm. Now that we recently introduced XOR-2G,
let's rename (with backwards compatibility #define).
Change-Id: I446e54d0ddf4a18c46ee022b1249af73552e3ce1
We've so far only been supporting XOR-3G algorithm as specified
in TS 34.108 (in both 3G and 2G-derivation mode).
However, XOR-3G used for 2G auth is different from the XOR-2G algorithm
as defined in Annex A of TS 51.010-1. Let's add support for that one,
too.
Change-Id: I0ee0565382c1e4515d44ff9b1752685c0a66ae39
Remove the paragraph about writing to the Free Software Foundation's
mailing address. The FSF has changed addresses in the past, and may do
so again. In 2021 this is not useful, let's rather have a bit less
boilerplate at the start of source files.
Change-Id: I5050285e75cf120407a1d883e99b3c4bcae8ffd7
To send a Ciphering Mode Command, we may need to derive a Kc from UMTS AKA
tokens. gsm_milenage() derives Kc from 3G tokens, but also derives an SRES.
For SRES, it requires an OPC, which may need to be derived from OP first. All
we need is a Kc, so we could feed a zero OPC ... but to simplify the function
call for cases where just a Kc is required, separate the c3 function out from
gsm_milenage(), as osmo_auth_c3(). Obviously call osmo_auth_c3() from
gsm_milenage() (meaning that osmo-hlr's 55.205 derived auc tests still cover
exactly that implementation).
Prepares: If04e405426c55a81341747a9b450a69188525d5c (osmo-msc)
Related: OS#2745
Change-Id: I85a1d6ae95ad9e5ce9524ef7fc06414848afc2aa
Let's fix some erroneous/accidential references to wrong license,
update copyright information where applicable and introduce a
SPDX-License-Identifier to all files.
Change-Id: I39af26c6aaaf5c926966391f6565fc5936be21af
Add osmo_sub_auth_type_names[] and osmo_sub_auth_type_name().
Also add a hint to enum osmo_auth_algo's API doc that osmo_auth_alg_name()
already exists (it is defined further below).
Change-Id: I652a929bcd11c694d86812fb03d0a1cbd985efda
Considering the various styles and implications found in the sources, edit
scores of files to follow the same API doc guidelines around the doxygen
grouping and the \file tag.
Many files now show a short description in the generated API doc that was so
far only available as C comment.
The guidelines and reasoning behind it is documented at
https://osmocom.org/projects/cellular-infrastructure/wiki/Guidelines_for_API_documentation
In some instances, remove file comments and add to the corresponding group
instead, to be shared among several files (e.g. bitvec).
Change-Id: Ifa70e77e90462b5eb2b0457c70fd25275910c72b
Especially for short descriptions, it is annoying to have to type \brief for
every single API doc.
Drop all \brief and enable the AUTOBRIEF feature of doxygen, which always takes
the first sentence of an API doc as the brief description.
Change-Id: I11a8a821b065a128108641a2a63fb5a2b1916e87
It's a pity that even with this patch we still are fare away from having
the whole API documented. However, at least we have a more solid
foundation. Updates not only extend the documentation, but also make
sure it is rendered properly in the doxygen HTML.
Change-Id: I1344bd1a6869fb00de7c1899a8db93bba9bafce3
milenage_gen_vec() has parameter ordering of (..., auts, rand_auts, rand).
osmo_auth_gen_vec_auts() has (..., rand_auts, auts, rand), but actually feeds
args in the same order, so that its rand_auts becomes auts, and its auts
becomes rand_auts.
Interestingly enough, API user osmo-gen-vec.c also adheres to this misordering
and in turn passes auts for osmo_auth_gen_vec_auts()'s rand_auts and vice
versa, so that it matches milenage_gen_vec().
So both the implementation (milenage_*) and the API user use the same ordering,
just osmo_auth_gen_vec_auts() and osmo_auth_impl{ .gen_vec_auts() } in-between
have the argument names swapped.
Any current user of this API would need to adhere to this swapping or will not
get successful AUTS resolution to a SQN. So the least impact fix is to rename
the args without any actual functional change.
So swap the names rand_auts and auts for osmo_auth_gen_vec_auts() and
osmo_auth_impl{ .gen_vec_auts() }. (Also adjust API doc ordering)
Change-Id: I0dcbd49759fc32d3b8974102dbd1d6703364ebf4
This function perform 64 -> 128 bit key expansion which useful for
converting between UMTS CK and GSM Kc, A5/3 and A5/4, GEA3 and GEA4
keys.
Change-Id: I5a6c6deef6027cd6af144c9062d4c9166be26904
Related: OS#1582
Add various missing \returns doxygen entries.
In osmo_auth_3g_from_2g(), also adjust two comment-closing instances to
match common style and add a period to end a sentence.
(The recent addition of osmo_auth_3g_from_2g() raised my attention, and I added
more return value docs while at it.)
Change-Id: Iea71eb666bc061acb6b14215f398bd38d17b3ad3
Reviewed-on: https://gerrit.osmocom.org/33
Tested-by: Jenkins Builder
Reviewed-by: Holger Freyther <holger@freyther.de>
There is now a "libosmogsm.map" file containing an explicit list of
to-be-exported symbols. This should prevent us from leaking non-static
symbols into the global namespace.
A similar scheme should be adopted by all other osmocom libraries