From 007a71e3329aa76bb92701c9eb10743c68c93af9 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Wed, 18 Jul 2012 19:47:56 +0200 Subject: authentication: More documentation --- include/osmocom/crypt/auth.h | 44 +++++++++++++++++++++------------- src/gsm/auth_core.c | 57 +++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 81 insertions(+), 20 deletions(-) diff --git a/include/osmocom/crypt/auth.h b/include/osmocom/crypt/auth.h index 67b32009..871e7c87 100644 --- a/include/osmocom/crypt/auth.h +++ b/include/osmocom/crypt/auth.h @@ -1,11 +1,17 @@ #ifndef _OSMOCRYPTO_AUTH_H #define _OSMOCRYPTO_AUTH_H +/*! \addtogroup auth + * @{ + */ + +/*! \file auth.h */ + #include #include -/*! \brief Authentication Type */ +/*! \brief Authentication Type (GSM/UMTS) */ enum osmo_sub_auth_type { OSMO_AUTH_TYPE_NONE = 0x00, OSMO_AUTH_TYPE_GSM = 0x01, @@ -29,42 +35,44 @@ struct osmo_sub_auth_data { enum osmo_auth_algo algo; union { struct { - uint8_t opc[16]; - uint8_t k[16]; + uint8_t opc[16]; /*!< operator invariant value */ + uint8_t k[16]; /*!< secret key of the subscriber */ uint8_t amf[2]; - uint64_t sqn; - int opc_is_op; + uint64_t sqn; /*!< sequence number */ + int opc_is_op; /*!< is the OPC field OPC (0) or OP (1) ? */ } umts; struct { - uint8_t ki[16]; + uint8_t ki[16]; /*!< secret key */ } gsm; } u; }; /* data structure describing a computed auth vector, generated by AuC */ struct osmo_auth_vector { - uint8_t rand[16]; - uint8_t autn[16]; - uint8_t ck[16]; - uint8_t ik[16]; - uint8_t res[16]; - uint8_t res_len; - uint8_t kc[8]; - uint8_t sres[4]; + uint8_t rand[16]; /*!< random challenge */ + uint8_t autn[16]; /*!< authentication nonce */ + uint8_t ck[16]; /*!< ciphering key */ + uint8_t ik[16]; /*!< integrity key */ + uint8_t res[16]; /*!< authentication result */ + uint8_t res_len; /*!< length (in bytes) of res */ + uint8_t kc[8]; /*!< Kc for GSM encryption (A5) */ + uint8_t sres[4]; /*!< authentication result for GSM */ uint32_t auth_types; /*!< bitmask of OSMO_AUTH_TYPE_* */ }; /* \brief An implementation of an authentication algorithm */ struct osmo_auth_impl { struct llist_head list; - enum osmo_auth_algo algo; - const char *name; - unsigned int priority; + enum osmo_auth_algo algo; /*!< algorithm we implement */ + const char *name; /*!< name of the implementation */ + unsigned int priority; /*!< priority value (resp. othe implementations */ + /*! \brief callback for generate authentication vectors */ int (*gen_vec)(struct osmo_auth_vector *vec, struct osmo_sub_auth_data *aud, const uint8_t *_rand); + /* \brief callback for generationg auth vectors + re-sync */ int (*gen_vec_auts)(struct osmo_auth_vector *vec, struct osmo_sub_auth_data *aud, const uint8_t *rand_auts, const uint8_t *auts, @@ -89,3 +97,5 @@ const char *osmo_auth_alg_name(enum osmo_auth_algo alg); enum osmo_auth_algo osmo_auth_alg_parse(const char *name); #endif /* _OSMOCRYPTO_AUTH_H */ + +/* @} */ diff --git a/src/gsm/auth_core.c b/src/gsm/auth_core.c index 5e886eef..5cf8dfcf 100644 --- a/src/gsm/auth_core.c +++ b/src/gsm/auth_core.c @@ -1,6 +1,6 @@ /* GSM/GPRS/3G authentication core infrastructure */ -/* (C) 2010-2011 by Harald Welte +/* (C) 2010-2012 by Harald Welte * * All Rights Reserved * @@ -30,11 +30,23 @@ #include +/*! \addtogroup auth + * @{ + */ + +/* \file auth_core.c + */ + static LLIST_HEAD(osmo_auths); static struct osmo_auth_impl *selected_auths[_OSMO_AUTH_ALG_NUM]; -/* register a cipher with the core */ +/*! \brief Register an authentication algorithm implementation with the core + * \param[in] impl Structure describing implementation and it's callbacks + * + * This function is called by an authentication implementation plugin to + * register itself with the authentication core. + */ int osmo_auth_register(struct osmo_auth_impl *impl) { if (impl->algo >= ARRAY_SIZE(selected_auths)) @@ -50,13 +62,23 @@ int osmo_auth_register(struct osmo_auth_impl *impl) return 0; } -/* load all available GPRS cipher plugins */ +/*! \brief Load all available authentication plugins from the given path + * \param[in] path Path name of the directory containing the plugins + * + * This function will load all plugins contained in the specified path. + */ int osmo_auth_load(const char *path) { /* load all plugins available from path */ return osmo_plugin_load_all(path); } +/*! \brief Determine if a given authentication algorithm is supported + * \param[in] algo Algorithm which should be checked + * + * This function is used by an application to determine at runtime if a + * given authentication algorithm is supported or not. + */ int osmo_auth_supported(enum osmo_auth_algo algo) { if (algo >= ARRAY_SIZE(selected_auths)) @@ -68,6 +90,17 @@ int osmo_auth_supported(enum osmo_auth_algo algo) return 0; } +/*! \brief Generate authentication vector + * \param[out] vec Generated authentication vector + * \param[in] aud Subscriber-specific key material + * \param[in] rand Random challenge to be used + * + * This function performs the core cryptographic function of the AUC, + * computing authentication triples/quintuples based on the permanent + * subscriber data and a random value. The result is what is forwarded + * by the AUC via HLR and VLR to the MSC which will then be able to + * invoke authentication with the MS + */ int osmo_auth_gen_vec(struct osmo_auth_vector *vec, struct osmo_sub_auth_data *aud, const uint8_t *_rand) @@ -87,6 +120,20 @@ int osmo_auth_gen_vec(struct osmo_auth_vector *vec, return 0; } +/*! \brief Generate authentication vector and re-sync sequence + * \param[out] vec Generated authentication vector + * \param[in] aud Subscriber-specific key material + * \param[in] rand_auts RAND value sent by the SIM/MS + * \param[in] auts AUTS value sent by the SIM/MS + * \param[in] rand Random challenge to be used to generate vector + * + * This function performs a special variant of the core cryptographic + * function of the AUC: computing authentication triples/quintuples + * based on the permanent subscriber data, a random value as well as the + * AUTS and RAND values returned by the SIM/MS. This special variant is + * needed if the sequence numbers between MS and AUC have for some + * reason become diffrent. + */ int osmo_auth_gen_vec_auts(struct osmo_auth_vector *vec, struct osmo_sub_auth_data *aud, const uint8_t *rand_auts, const uint8_t *auts, @@ -110,12 +157,16 @@ static const struct value_string auth_alg_vals[] = { { 0, NULL } }; +/*! \brief Get human-readable name of authentication algorithm */ const char *osmo_auth_alg_name(enum osmo_auth_algo alg) { return get_value_string(auth_alg_vals, alg); } +/*! \brief Parse human-readable name of authentication algorithm */ enum osmo_auth_algo osmo_auth_alg_parse(const char *name) { return get_string_value(auth_alg_vals, name); } + +/*! @} */ -- cgit v1.2.3