Skip to content
Snippets Groups Projects
Commit e9c4d622 authored by winckel's avatar winckel
Browse files 

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@4890 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 74a5ede0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1310 additions and 0 deletions
openair-cn/OPENAIRHSS/AUTHORS 0 → 100644
+ 0
0
View file @ e9c4d622
openair-cn/OPENAIRHSS/COPYING 0 → 120000
+ 1
0
View file @ e9c4d622
/usr/share/automake-1.11/COPYING
\ No newline at end of file
openair-cn/OPENAIRHSS/ChangeLog 0 → 100644
+ 0
0
View file @ e9c4d622
openair-cn/OPENAIRHSS/INSTALL 0 → 100644
+ 370
0
View file @ e9c4d622
Installation Instructions
*************************
Copyright (C) 1994-1996, 1999-2002, 2004-2011 Free Software Foundation,
Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved. This file is offered as-is,
without warranty of any kind.
Basic Installation
==================
Briefly, the shell commands `./configure; make; make install' should
configure, build, and install this package. The following
more-detailed instructions are generic; see the `README' file for
instructions specific to this package. Some packages provide this
`INSTALL' file but do not implement all of the features documented
below. The lack of an optional feature in a given package is not
necessarily a bug. More recommendations for GNU packages can be found
in *note Makefile Conventions: (standards)Makefile Conventions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, and a
file `config.log' containing compiler output (useful mainly for
debugging `configure').
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If you are using the cache, and at
some point `config.cache' contains results you don't want to keep, you
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
`configure' by a program called `autoconf'. You need `configure.ac' if
you want to change it or regenerate `configure' using a newer version
of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system.
Running `configure' might take a while. While running, it prints
some messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package, generally using the just-built uninstalled binaries.
4. Type `make install' to install the programs and any data files and
documentation. When installing into a prefix owned by root, it is
recommended that the package be configured and built as a regular
user, and only the `make install' phase executed with root
privileges.
5. Optionally, type `make installcheck' to repeat any self-tests, but
this time using the binaries in their final installed location.
This target does not install anything. Running this target as a
regular user, particularly if the prior `make install' required
root privileges, verifies that the installation completed
correctly.
6. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
7. Often, you can also type `make uninstall' to remove the installed
files again. In practice, not all packages have tested that
uninstallation works correctly, even though it is required by the
GNU Coding Standards.
8. Some packages, particularly those that use Automake, provide `make
distcheck', which can by used by developers to test that all other
targets like `make install' and `make uninstall' work correctly.
This target is generally not run by end users.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. Run `./configure --help'
for details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'. This
is known as a "VPATH" build.
With a non-GNU `make', it is safer to compile the package for one
architecture at a time in the source code directory. After you have
installed the package for one architecture, use `make distclean' before
reconfiguring for another architecture.
On MacOS X 10.5 and later systems, you can create libraries and
executables that work on multiple system types--known as "fat" or
"universal" binaries--by specifying multiple `-arch' options to the
compiler but only a single `-arch' option to the preprocessor. Like
this:
./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
CPP="gcc -E" CXXCPP="g++ -E"
This is not guaranteed to produce working output in all cases, you
may have to build one architecture at a time and combine the results
using the `lipo' tool if you have problems.
Installation Names
==================
By default, `make install' installs the package's commands under
`/usr/local/bin', include files under `/usr/local/include', etc. You
can specify an installation prefix other than `/usr/local' by giving
`configure' the option `--prefix=PREFIX', where PREFIX must be an
absolute file name.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
pass the option `--exec-prefix=PREFIX' to `configure', the package uses
PREFIX as the prefix for installing programs and libraries.
Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them. In general, the
default for these options is expressed in terms of `${prefix}', so that
specifying just `--prefix' will affect all of the other directory
specifications that were not explicitly provided.
The most portable way to affect installation locations is to pass the
correct locations to `configure'; however, many packages provide one or
both of the following shortcuts of passing variable assignments to the
`make install' command line to change installation locations without
having to reconfigure or recompile.
The first method involves providing an override variable for each
affected directory. For example, `make install
prefix=/alternate/directory' will choose an alternate location for all
directory configuration variables that were expressed in terms of
`${prefix}'. Any directories that were specified during `configure',
but not in terms of `${prefix}', must each be overridden at install
time for the entire installation to be relocated. The approach of
makefile variable overrides for each directory variable is required by
the GNU Coding Standards, and ideally causes no recompilation.
However, some platforms have known limitations with the semantics of
shared libraries that end up requiring recompilation when using this
method, particularly noticeable in packages that use GNU Libtool.
The second method involves providing the `DESTDIR' variable. For
example, `make install DESTDIR=/alternate/directory' will prepend
`/alternate/directory' before all installation names. The approach of
`DESTDIR' overrides is not required by the GNU Coding Standards, and
does not work on platforms that have drive letters. On the other hand,
it does better at avoiding recompilation issues, and works well even
when some directory options were not specified in terms of `${prefix}'
at `configure' time.
Optional Features
=================
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Some packages offer the ability to configure how verbose the
execution of `make' will be. For these packages, running `./configure
--enable-silent-rules' sets the default to minimal output, which can be
overridden with `make V=1'; while running `./configure
--disable-silent-rules' sets the default to verbose, which can be
overridden with `make V=0'.
Particular systems
==================
On HP-UX, the default C compiler is not ANSI C compatible. If GNU
CC is not installed, it is recommended to use the following options in
order to use an ANSI C compiler:
./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
and if that doesn't work, install pre-built binaries of GCC for HP-UX.
HP-UX `make' updates targets which have the same time stamps as
their prerequisites, which makes it generally unusable when shipped
generated files such as `configure' are involved. Use GNU `make'
instead.
On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
parse its `<wchar.h>' header file. The option `-nodtk' can be used as
a workaround. If GNU CC is not installed, it is therefore recommended
to try
./configure CC="cc"
and if that doesn't work, try
./configure CC="cc -nodtk"
On Solaris, don't put `/usr/ucb' early in your `PATH'. This
directory contains several dysfunctional programs; working variants of
these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
in your `PATH', put it _after_ `/usr/bin'.
On Haiku, software installed for all users goes in `/boot/common',
not `/usr/local'. It is recommended to use the following options:
./configure --prefix=/boot/common
Specifying the System Type
==========================
There may be some features `configure' cannot figure out
automatically, but needs to determine by the type of machine the package
will run on. Usually, assuming the package is built to be run on the
_same_ architectures, `configure' can figure that out, but if it prints
a message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
CPU-COMPANY-SYSTEM
where SYSTEM can have one of these forms:
OS
KERNEL-OS
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
platform different from the build platform, you should specify the
"host" platform (i.e., that on which the generated programs will
eventually be run) with `--host=TYPE'.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Defining Variables
==================
Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
them in the `configure' command line, using `VAR=value'. For example:
./configure CC=/usr/local2/bin/gcc
causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
Unfortunately, this technique does not work for `CONFIG_SHELL' due to
an Autoconf bug. Until the bug is fixed you can use this workaround:
CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
`configure' Invocation
======================
`configure' recognizes the following options to control how it
operates.
`--help'
`-h'
Print a summary of all of the options to `configure', and exit.
`--help=short'
`--help=recursive'
Print a summary of the options unique to this package's
`configure', and exit. The `short' variant lists options used
only in the top level, while the `recursive' variant lists options
also present in any nested packages.
`--version'
`-V'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`--cache-file=FILE'
Enable the cache: use and save the results of the tests in FILE,
traditionally `config.cache'. FILE defaults to `/dev/null' to
disable caching.
`--config-cache'
`-C'
Alias for `--cache-file=config.cache'.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made. To
suppress all normal output, redirect it to `/dev/null' (any error
messages will still be shown).
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--prefix=DIR'
Use DIR as the installation prefix. *note Installation Names::
for more details, including other options available for fine-tuning
the installation locations.
`--no-create'
`-n'
Run the configure checks, but stop before creating any output
files.
`configure' also accepts some other, not widely useful, options. Run
`configure --help' for more details.
openair-cn/OPENAIRHSS/Makefile.am 0 → 100644
+ 26
0
View file @ e9c4d622
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = access_restriction auc db s6a utils tests .
AM_CFLAGS = @ADD_CFLAGS@ \
-I$(top_srcdir)/access_restriction \
-I$(top_srcdir)/auc \
-I$(top_srcdir)/db \
-I$(top_srcdir)/s6a \
-I$(top_srcdir)/utils
bin_PROGRAMS = openair-hss
openair_hssdir=$(sysconfdir)/openair-hss
openair_hss_DATA = $(top_builddir)/conf/hss.conf $(top_srcdir)/conf/hss_fd.conf
openair_hss_LDADD = \
$(top_builddir)/s6a/libs6a.la \
$(top_builddir)/db/libdb.la \
$(top_builddir)/auc/libauc.la \
$(top_builddir)/access_restriction/libaccess_restriction.la \
$(top_builddir)/utils/libutils.la
openair_hss_SOURCES = \
hss_config.h \
hss_main.c
openair-cn/OPENAIRHSS/NEWS 0 → 100644
+ 0
0
View file @ e9c4d622
openair-cn/OPENAIRHSS/README 0 → 100644
+ 0
0
View file @ e9c4d622
openair-cn/OPENAIRHSS/access_restriction/Makefile.am 0 → 100644
+ 9
0
View file @ e9c4d622
AM_CFLAGS = @ADD_CFLAGS@ \
-I$(top_srcdir) \
-I$(top_srcdir)/utils
noinst_LTLIBRARIES = libaccess_restriction.la
libaccess_restriction_la_LDFLAGS = -all-static
libaccess_restriction_la_SOURCES = \
access_restriction.c access_restriction.h
\ No newline at end of file
openair-cn/OPENAIRHSS/access_restriction/access_restriction.c 0 → 100644
+ 100
0
View file @ e9c4d622
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include "conversion.h"
#include "access_restriction.h"
/* TODO: identification of MCC and MNC within an IMSI should be done according
* to a table that maps MCC to 2 or 3 digits expected...
* By default we will assume there is only 2 digits for our use.
*/
/* Split a PLMN formed of <MCC><MNC> to mcc and mnc.
* In case MNC is formed of only two digits a 0 is inserted at the most significant
* digit.
* When PLMN is represented using european convention it contains only two digits,
* while three digits are used in North American Standard.
* Encoding of PLMN is defined in ITU E.212.
* @param plmn string either 5 or 6 digits resulting of the concatenation of
* MCC and MNC.
*/
int split_plmn(uint8_t plmn[3], uint8_t mcc[3], uint8_t mnc[3])
{
if (plmn == NULL) {
return -1;
}
mcc[0] = plmn[0] & 0x0F;
mcc[1] = (plmn[0] & 0xF0) >> 4;
mcc[2] = plmn[1] & 0x0F;
if ((plmn[1] & 0xF0) == 0xF0) {
/* Only 2 digits case */
mnc[1] = plmn[2] & 0x0F;
mnc[2] = (plmn[2] & 0xF0) >> 4;
mnc[0] = 0;
} else {
mnc[0] = plmn[2] & 0x0F;
mnc[1] = (plmn[2] & 0xF0) >> 4;
mnc[2] = ((plmn[1] & 0xF0) >> 4);
}
return 0;
}
/* Apply restriction (if any) to current 'visited' PLMN for this user.
* Criterias are based on ODB (operator determined barring), visited PLMN
* and user PLMN (obtain from IMSI).
* @param imsi is the user identity formed of MCC.MNC.MSIN (14 or 15 digits long)
* @param vplmn is the plmn of the cell the UE is currently attached to
*/
#define FORMAT_MCC(mCC) (mCC[0] * 100 + mCC[1] * 10 + mCC[2])
#define FORMAT_MNC(mNC) (mNC[0] * 100 + mNC[1] * 10 + mNC[2])
int apply_access_restriction(char *imsi, uint8_t *vplmn)
{
uint8_t vmcc[3], vmnc[3];
uint8_t hmcc[3], hmnc[3];
uint8_t imsi_hex[15];
if (bcd_to_hex(imsi_hex, imsi, strlen(imsi)) != 0) {
fprintf(stderr, "Failed to convert imsi %s to hex representation\n",
imsi);
return -1;
}
/* There is a problem while converting the PLMN... */
if (split_plmn(vplmn, vmcc, vmnc) != 0) {
fprintf(stderr, "Fail to convert vplmn %02x%02x%02x to mcc/mnc for imsi %s\n",
vplmn[0], vplmn[1], vplmn[2], imsi);
return -1;
}
fprintf(stderr, "Converted %02x%02x%02x to plmn %u.%u\n", vplmn[0], vplmn[1], vplmn[2],
FORMAT_MCC(vmcc), FORMAT_MNC(vmnc));
/* MCC is always 3 digits */
memcpy(hmcc, &imsi_hex[0], 3);
if (memcmp(vmcc, hmcc, 3) != 0) {
fprintf(stderr, "Only France MCC is handled for now, got imsi plmn %u.%u for a visited plmn %u.%u\n",
FORMAT_MCC(hmcc), FORMAT_MNC(hmnc), FORMAT_MCC(vmcc), FORMAT_MNC(vmnc));
/* Reject the association */
return -1;
}
/* In France MNC is composed of 2 digits and thus imsi by 14 digit */
hmnc[0] = 0;
memcpy(&hmnc[1], &imsi_hex[3], 2);
if ((memcmp(vmcc, hmcc, 3) != 0) && (memcmp(vmnc, hmnc, 3) != 0)) {
fprintf(stderr, "UE is roaming from %u.%u to %u.%u which is not allowed"
" by the ODB\n", FORMAT_MCC(hmcc), FORMAT_MNC(hmnc), FORMAT_MCC(vmcc), FORMAT_MNC(vmnc));
return -1;
}
/* User has successfully passed all the checking -> accept the association */
return 0;
}
openair-cn/OPENAIRHSS/access_restriction/access_restriction.h 0 → 100644
+ 8
0
View file @ e9c4d622
#ifndef ACCESS_RESTRICTION_H_
#define ACCESS_RESTRICTION_H_
int split_plmn(uint8_t *plmn, uint8_t mcc[3], uint8_t mnc[3]);
int apply_access_restriction(char *imsi, uint8_t *vplmn);
#endif /* ACCESS_RESTRICTION_H_ */
openair-cn/OPENAIRHSS/auc/Makefile.am 0 → 100644
+ 14
0
View file @ e9c4d622
AM_CFLAGS = @ADD_CFLAGS@ \
-I$(top_srcdir) \
-I$(top_srcdir)/utils
noinst_LTLIBRARIES = libauc.la
libauc_la_LDFLAGS = -all-static
libauc_la_SOURCES = \
auc.h \
fx.c \
kdf.c \
random.c \
rijndael.c \
sequence_number.c
\ No newline at end of file
openair-cn/OPENAIRHSS/auc/auc.h 0 → 100644
+ 87
0
View file @ e9c4d622
#include <stdint.h>
#include <stdio.h>
#include <gmp.h>
#ifndef AUC_H_
#define AUC_H_
#define SQN_LENGTH_BITS (48)
#define SQN_LENGTH_OCTEST (SQN_LENGTH_BITS/8)
#define IK_LENGTH_BITS (128)
#define IK_LENGTH_OCTETS (IK_LENGTH_BITS/8)
#define RAND_LENGTH_OCTETS (16)
#define RAND_LENGTH_BITS (RAND_LENGTH_OCTETS*8)
#define XRES_LENGTH_OCTETS (8)
#define AUTN_LENGTH_OCTETS (16)
#define KASME_LENGTH_OCTETS (32)
#define MAC_S_LENGTH (8)
extern uint8_t opc[16];
typedef mpz_t random_t;
typedef mpz_t sqn_t;
typedef uint8_t u8;
typedef struct {
uint8_t rand[16];
uint8_t rand_new;
uint8_t xres[8];
uint8_t autn[16];
uint8_t kasme[32];
} auc_vector_t;
void RijndaelKeySchedule(u8 key[16]);
void RijndaelEncrypt(u8 in[16], u8 out[16]);
/* Sequence number functions */
struct sqn_ue_s;
struct sqn_ue_s *sqn_exists(uint64_t imsi);
void sqn_insert(struct sqn_ue_s *item);
void sqn_init(struct sqn_ue_s *item);
struct sqn_ue_s *sqn_new(uint64_t imsi);
void sqn_list_init(void);
void sqn_get(uint64_t imsi, uint8_t sqn[6]);
/* Random number functions */
struct random_state_s;
void random_init(void);
void generate_random(uint8_t *random, ssize_t length);
void SetOPc(u8 op_c[16]);
void f1 ( u8 k[16], u8 rand[16], u8 sqn[6], u8 amf[2],
u8 mac_a[8] );
void f1star( u8 k[16], u8 rand[16], u8 sqn[6], u8 amf[2],
u8 mac_s[8] );
void f2345 ( u8 k[16], u8 rand[16],
u8 res[8], u8 ck[16], u8 ik[16], u8 ak[6] );
void f5star( u8 k[16], u8 rand[16],
u8 ak[6] );
void generate_autn(u8 sqn[6], u8 ak[6], u8 amf[2], u8 mac_a[8], u8 autn[16]);
int generate_vector(uint64_t imsi, uint8_t key[16], uint8_t plmn[3],
uint8_t sqn[6], auc_vector_t *vector);
inline
void kdf(uint8_t *key, uint16_t key_len, uint8_t *s, uint16_t s_len, uint8_t *out,
uint16_t out_len);
inline
void derive_kasme(uint8_t ck[16], uint8_t ik[16], uint8_t plmn[3], uint8_t sqn[6],
uint8_t ak[6], uint8_t kasme[32]);
uint8_t *sqn_ms_derive(uint8_t *key, uint8_t *auts, uint8_t *rand);
static inline void print_buffer(const char *prefix, uint8_t *buffer, int length)
{
int i;
fprintf(stdout, "%s", prefix);
for (i = 0; i < length; i++) {
fprintf(stdout, "%02x.", buffer[i]);
}
fprintf(stdout, "\n");
}
#endif /* AUC_H_ */
openair-cn/OPENAIRHSS/auc/fx.c 0 → 100644
+ 249
0
View file @ e9c4d622
/*-------------------------------------------------------------------
* Example algorithms f1, f1*, f2, f3, f4, f5, f5*
*-------------------------------------------------------------------
*
* A sample implementation of the example 3GPP authentication and
* key agreement functions f1, f1*, f2, f3, f4, f5 and f5*. This is
* a byte-oriented implementation of the functions, and of the block
* cipher kernel function Rijndael.
*
* This has been coded for clarity, not necessarily for efficiency.
*
* The functions f2, f3, f4 and f5 share the same inputs and have
* been coded together as a single function. f1, f1* and f5* are
* all coded separately.
*
*-----------------------------------------------------------------*/
#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "auc.h"
/*--------- Operator Variant Algorithm Configuration Field --------*/
/*------- Insert your value of OP here -------*/
u8 OP[16];
/*--------------------------- prototypes --------------------------*/
void ComputeOPc( u8 op_c[16] );
void SetOPc(u8 op_c[16])
{
memcpy(OP, op_c, 16);
}
void generate_autn(u8 sqn[6], u8 ak[6], u8 amf[2], u8 mac_a[8], u8 autn[16])
{
int i;
for (i = 0; i < 6; i++) {
autn[i] = sqn[i] ^ ak[i];
}
memcpy(&autn[6], amf, 2);
memcpy(&autn[8], mac_a, 8);
}
/*-------------------------------------------------------------------
* Algorithm f1
*-------------------------------------------------------------------
*
* Computes network authentication code MAC-A from key K, random
* challenge RAND, sequence number SQN and authentication management
* field AMF.
*
*-----------------------------------------------------------------*/
void f1 ( u8 k[16], u8 _rand[16], u8 sqn[6], u8 amf[2],
u8 mac_a[8] )
{
u8 op_c[16];
u8 temp[16];
u8 in1[16];
u8 out1[16];
u8 rijndaelInput[16];
u8 i;
RijndaelKeySchedule( k );
ComputeOPc( op_c );
for (i=0; i<16; i++)
rijndaelInput[i] = _rand[i] ^ op_c[i];
RijndaelEncrypt( rijndaelInput, temp );
for (i=0; i<6; i++)
{
in1[i] = sqn[i];
in1[i+8] = sqn[i];
}
for (i=0; i<2; i++)
{
in1[i+6] = amf[i];
in1[i+14] = amf[i];
}
/* XOR op_c and in1, rotate by r1=64, and XOR *
* on the constant c1 (which is all zeroes) */
for (i=0; i<16; i++)
rijndaelInput[(i+8) % 16] = in1[i] ^ op_c[i];
/* XOR on the value temp computed before */
for (i=0; i<16; i++)
rijndaelInput[i] ^= temp[i];
RijndaelEncrypt( rijndaelInput, out1 );
for (i=0; i<16; i++)
out1[i] ^= op_c[i];
for (i=0; i<8; i++)
mac_a[i] = out1[i];
return;
} /* end of function f1 */
/*-------------------------------------------------------------------
* Algorithms f2-f5
*-------------------------------------------------------------------
*
* Takes key K and random challenge RAND, and returns response RES,
* confidentiality key CK, integrity key IK and anonymity key AK.
*
*-----------------------------------------------------------------*/
void f2345 ( u8 k[16], u8 _rand[16],
u8 res[8], u8 ck[16], u8 ik[16], u8 ak[6] )
{
u8 op_c[16];
u8 temp[16];
u8 out[16];
u8 rijndaelInput[16];
u8 i;
RijndaelKeySchedule( k );
ComputeOPc( op_c );
for (i=0; i<16; i++)
rijndaelInput[i] = _rand[i] ^ op_c[i];
RijndaelEncrypt( rijndaelInput, temp );
/* To obtain output block OUT2: XOR OPc and TEMP, *
* rotate by r2=0, and XOR on the constant c2 (which *
* is all zeroes except that the last bit is 1). */
for (i=0; i<16; i++)
rijndaelInput[i] = temp[i] ^ op_c[i];
rijndaelInput[15] ^= 1;
RijndaelEncrypt( rijndaelInput, out );
for (i=0; i<16; i++)
out[i] ^= op_c[i];
for (i=0; i<8; i++)
res[i] = out[i+8];
for (i=0; i<6; i++)
ak[i] = out[i];
/* To obtain output block OUT3: XOR OPc and TEMP, *
* rotate by r3=32, and XOR on the constant c3 (which *
* is all zeroes except that the next to last bit is 1). */
for (i=0; i<16; i++)
rijndaelInput[(i+12) % 16] = temp[i] ^ op_c[i];
rijndaelInput[15] ^= 2;
RijndaelEncrypt( rijndaelInput, out );
for (i=0; i<16; i++)
out[i] ^= op_c[i];
for (i=0; i<16; i++)
ck[i] = out[i];
/* To obtain output block OUT4: XOR OPc and TEMP, *
* rotate by r4=64, and XOR on the constant c4 (which *
* is all zeroes except that the 2nd from last bit is 1). */
for (i=0; i<16; i++)
rijndaelInput[(i+8) % 16] = temp[i] ^ op_c[i];
rijndaelInput[15] ^= 4;
RijndaelEncrypt( rijndaelInput, out );
for (i=0; i<16; i++)
out[i] ^= op_c[i];
for (i=0; i<16; i++)
ik[i] = out[i];
return;
} /* end of function f2345 */
/*-------------------------------------------------------------------
* Algorithm f1*
*-------------------------------------------------------------------
*
* Computes resynch authentication code MAC-S from key K, random
* challenge RAND, sequence number SQN and authentication management
* field AMF.
*
*-----------------------------------------------------------------*/
void f1star( u8 k[16], u8 _rand[16], u8 sqn[6], u8 amf[2],
u8 mac_s[8] )
{
u8 op_c[16];
u8 temp[16];
u8 in1[16];
u8 out1[16];
u8 rijndaelInput[16];
u8 i;
RijndaelKeySchedule( k );
ComputeOPc( op_c );
for (i=0; i<16; i++)
rijndaelInput[i] = _rand[i] ^ op_c[i];
RijndaelEncrypt( rijndaelInput, temp );
for (i=0; i<6; i++)
{
in1[i] = sqn[i];
in1[i+8] = sqn[i];
}
for (i=0; i<2; i++)
{
in1[i+6] = amf[i];
in1[i+14] = amf[i];
}
/* XOR op_c and in1, rotate by r1=64, and XOR *
* on the constant c1 (which is all zeroes) */
for (i=0; i<16; i++)
rijndaelInput[(i+8) % 16] = in1[i] ^ op_c[i];
/* XOR on the value temp computed before */
for (i=0; i<16; i++)
rijndaelInput[i] ^= temp[i];
RijndaelEncrypt( rijndaelInput, out1 );
for (i=0; i<16; i++)
out1[i] ^= op_c[i];
for (i=0; i<8; i++)
mac_s[i] = out1[i+8];
return;
} /* end of function f1star */
/*-------------------------------------------------------------------
* Algorithm f5*
*-------------------------------------------------------------------
*
* Takes key K and random challenge RAND, and returns resynch
* anonymity key AK.
*
*-----------------------------------------------------------------*/
void f5star( u8 k[16], u8 _rand[16],
u8 ak[6] )
{
u8 op_c[16];
u8 temp[16];
u8 out[16];
u8 rijndaelInput[16];
u8 i;
RijndaelKeySchedule( k );
ComputeOPc( op_c );
for (i=0; i<16; i++)
rijndaelInput[i] = _rand[i] ^ op_c[i];
RijndaelEncrypt( rijndaelInput, temp );
/* To obtain output block OUT5: XOR OPc and TEMP, *
* rotate by r5=96, and XOR on the constant c5 (which *
* is all zeroes except that the 3rd from last bit is 1). */
for (i=0; i<16; i++)
rijndaelInput[(i+4) % 16] = temp[i] ^ op_c[i];
rijndaelInput[15] ^= 8;
RijndaelEncrypt( rijndaelInput, out );
for (i=0; i<16; i++)
out[i] ^= op_c[i];
for (i=0; i<6; i++)
ak[i] = out[i];
return;
} /* end of function f5star */
/*-------------------------------------------------------------------
* Function to compute OPc from OP and K. Assumes key schedule has
a lready been performed. *
*-----------------------------------------------------------------*/
void ComputeOPc( u8 op_c[16] )
{
u8 i;
RijndaelEncrypt( OP, op_c );
for (i=0; i<16; i++)
op_c[i] ^= OP[i];
return;
} /* end of function ComputeOPc */
openair-cn/OPENAIRHSS/auc/kdf.c 0 → 100644
+ 139
0
View file @ e9c4d622
#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <gmp.h>
#include <nettle/hmac.h>
#include "auc.h"
uint8_t opc[16] = {
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
};
/*
* @param key the input key
* @param key_len length of the key
* @param s string for key derivation as defined in 3GPP TS.33401 Annex A
* @param s_len length of s
* @param out buffer to place the output of kdf
* @param ou_len expected length for the output key
*/
inline
void kdf(uint8_t *key, uint16_t key_len, uint8_t *s, uint16_t s_len, uint8_t *out,
uint16_t out_len)
{
struct hmac_sha256_ctx ctx;
memset(&ctx, 0, sizeof(ctx));
hmac_sha256_set_key(&ctx, key_len, key);
hmac_sha256_update(&ctx, s_len, s);
hmac_sha256_digest(&ctx, out_len, out);
}
/*
* Derive the Kasme using the KDF (key derive function).
* See 3GPP TS.33401 Annex A.2
* The input String S to the KDF is composed of 14 bytes:
* FC = 0x10
* P0 = SN id = PLMN
* L0 = length(SN id) = 0x00 0x03
* P1 = SQN xor AK
* L1 = length(P1) = 0x00 0x06
*/
inline
void derive_kasme(uint8_t ck[16], uint8_t ik[16], uint8_t plmn[3], uint8_t sqn[6],
uint8_t ak[6], uint8_t *kasme)
{
uint8_t s[14];
int i;
uint8_t key[32];
/* The input key is equal to the concatenation of CK and IK */
memcpy(&key[0], ck, 16);
memcpy(&key[16], ik, 16);
SetOPc(opc);
/* FC */
s[0] = 0x10;
/* SN id is composed of MCC and MNC
* Octets:
* 1 MCC digit 2 | MCC digit 1
* 2 MNC digit 3 | MCC digit 3
* 3 MNC digit 2 | MNC digit 1
*/
memcpy(&s[1], plmn, 3);
/* L0 */
s[4] = 0x00;
s[5] = 0x03;
/* P1 */
for (i = 0; i < 6; i++) {
s[6 + i] = sqn[i] ^ ak[i];
}
/* L1 */
s[12] = 0x00;
s[13] = 0x06;
#if defined(DEBUG_AUC_KDF)
for (i = 0; i < 32; i++)
printf("0x%02x ", key[i]);
printf("\n");
for (i = 0; i < 14; i++)
printf("0x%02x ", s[i]);
printf("\n");
#endif
kdf(key, 32, s, 14, kasme, 32);
}
int generate_vector(uint64_t imsi, uint8_t key[16], uint8_t plmn[3],
uint8_t sqn[6], auc_vector_t *vector)
{
/* in E-UTRAN an authentication vector is composed of:
* - RAND
* - XRES
* - AUTN
* - KASME
*/
uint8_t amf[] = { 0x80, 0x00 };
uint8_t mac_a[8];
uint8_t ck[16];
uint8_t ik[16];
uint8_t ak[6];
int i;
if (vector == NULL) {
return EINVAL;
}
/* Compute MAC */
f1(key, vector->rand, sqn, amf, mac_a);
print_buffer("MAC_A : ", mac_a, 8);
print_buffer("SQN : ", sqn, 6);
print_buffer("AK : ", ak, 6);
print_buffer("RAND : ", vector->rand, 16);
/* Compute XRES, CK, IK, AK */
f2345(key, vector->rand, vector->xres, ck, ik, ak);
/* AUTN = SQN ^ AK || AMF || MAC */
generate_autn(sqn, ak, amf, mac_a, vector->autn);
print_buffer("XRES : ", vector->xres, 8);
derive_kasme(ck, ik, plmn, sqn, ak, vector->kasme);
print_buffer("KASME : ", vector->kasme, 32);
return 0;
}
openair-cn/OPENAIRHSS/auc/random.c 0 → 100644
+ 54
0
View file @ e9c4d622
#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <gmp.h>
#include <sys/time.h>
#include "auc.h"
typedef struct random_state_s {
pthread_mutex_t lock;
gmp_randstate_t state;
} random_state_t;
random_state_t random_state;
void random_init(void)
{
// mpz_t number;
// pthread_mutex_init(&random_state.lock, NULL);
// mpz_init(number);
// gmp_randinit_default(random_state.state);
// srand(time(NULL));
struct timeval t1;
gettimeofday(&t1, NULL);
srand(t1.tv_usec * t1.tv_sec);
}
/* Generate a random number between 0 and 2^length - 1 where length is expressed
* in bits.
*/
void generate_random(uint8_t *random_p, ssize_t length)
{
// random_t random_nb;
// mpz_init_set_ui(random_nb, 0);
// pthread_mutex_lock(&random_state.lock);
// mpz_urandomb(random_nb, random_state.state, 8 * length);
// pthread_mutex_unlock(&random_state.lock);
// mpz_export(random_p, NULL, 1, length, 0, 0, random_nb);
int r = 0, i, mask = 0, shift;
for (i = 0; i < length; i ++) {
// if ((i % sizeof(i)) == 0)
// r = rand();
// shift = 8 * (i % sizeof(i));
// mask = 0xFF << shift;
// random_p[i] = (r & mask) >> shift;
random_p[i] = rand();
}
}
openair-cn/OPENAIRHSS/auc/rijndael.c 0 → 100644
+ 181
0
View file @ e9c4d622
#include <stdlib.h>
#include <stdint.h>
#include <gmp.h>
#include "auc.h"
typedef uint8_t u8;
typedef uint32_t u32;
/*-------------------- Rijndael round subkeys ---------------------*/
u8 roundKeys[11][4][4];
/*--------------------- Rijndael S box table ----------------------*/
u8 S[256] = {
99,124,119,123,242,107,111,197, 48, 1,103, 43,254,215,171,118,
202,130,201,125,250, 89, 71,240,173,212,162,175,156,164,114,192,
183,253,147, 38, 54, 63,247,204, 52,165,229,241,113,216, 49, 21,
4,199, 35,195, 24,150, 5,154, 7, 18,128,226,235, 39,178,117,
9,131, 44, 26, 27,110, 90,160, 82, 59,214,179, 41,227, 47,132,
83,209, 0,237, 32,252,177, 91,106,203,190, 57, 74, 76, 88,207,
208,239,170,251, 67, 77, 51,133, 69,249, 2,127, 80, 60,159,168,
81,163, 64,143,146,157, 56,245,188,182,218, 33, 16,255,243,210,
205, 12, 19,236, 95,151, 68, 23,196,167,126, 61,100, 93, 25,115,
96,129, 79,220, 34, 42,144,136, 70,238,184, 20,222, 94, 11,219,
224, 50, 58, 10, 73, 6, 36, 92,194,211,172, 98,145,149,228,121,
231,200, 55,109,141,213, 78,169,108, 86,244,234,101,122,174, 8,
186,120, 37, 46, 28,166,180,198,232,221,116, 31, 75,189,139,138,
112, 62,181,102, 72, 3,246, 14, 97, 53, 87,185,134,193, 29,158,
225,248,152, 17,105,217,142,148,155, 30,135,233,206, 85, 40,223,
140,161,137, 13,191,230, 66,104, 65,153, 45, 15,176, 84,187, 22,
};
/*------- This array does the multiplication by x in GF(2^8) ------*/
u8 Xtime[256] = {
0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30,
32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62,
64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94,
96, 98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,
128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,
160,162,164,166,168,170,172,174,176,178,180,182,184,186,188,190,
192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,
224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,
27, 25, 31, 29, 19, 17, 23, 21, 11, 9, 15, 13, 3, 1, 7, 5,
59, 57, 63, 61, 51, 49, 55, 53, 43, 41, 47, 45, 35, 33, 39, 37,
91, 89, 95, 93, 83, 81, 87, 85, 75, 73, 79, 77, 67, 65, 71, 69,
123,121,127,125,115,113,119,117,107,105,111,109, 99, 97,103,101,
155,153,159,157,147,145,151,149,139,137,143,141,131,129,135,133,
187,185,191,189,179,177,183,181,171,169,175,173,163,161,167,165,
219,217,223,221,211,209,215,213,203,201,207,205,195,193,199,197,
251,249,255,253,243,241,247,245,235,233,239,237,227,225,231,229
};
/*-------------------------------------------------------------------
* Rijndael key schedule function. Takes 16-byte key and creates
* all Rijndael's internal subkeys ready for encryption.
*-----------------------------------------------------------------*/
void RijndaelKeySchedule( u8 key[16] )
{
u8 roundConst;
int i, j;
/* first round key equals key */
for (i=0; i<16; i++)
roundKeys[0][i & 0x03][i>>2] = key[i];
roundConst = 1;
/* now calculate round keys */
for (i=1; i<11; i++)
{
roundKeys[i][0][0] = S[roundKeys[i-1][1][3]]
^ roundKeys[i-1][0][0] ^ roundConst;
roundKeys[i][1][0] = S[roundKeys[i-1][2][3]]
^ roundKeys[i-1][1][0];
roundKeys[i][2][0] = S[roundKeys[i-1][3][3]]
^ roundKeys[i-1][2][0];
roundKeys[i][3][0] = S[roundKeys[i-1][0][3]]
^ roundKeys[i-1][3][0];
for (j=0; j<4; j++)
{
roundKeys[i][j][1] = roundKeys[i-1][j][1] ^ roundKeys[i][j][0];
roundKeys[i][j][2] = roundKeys[i-1][j][2] ^ roundKeys[i][j][1];
roundKeys[i][j][3] = roundKeys[i-1][j][3] ^ roundKeys[i][j][2];
}
/* update round constant */
roundConst = Xtime[roundConst];
}
return;
} /* end of function RijndaelKeySchedule */
/* Round key addition function */
void KeyAdd(u8 state[4][4], u8 roundKeys[11][4][4], int round)
{
int i, j;
for (i=0; i<4; i++)
for (j=0; j<4; j++)
state[i][j] ^= roundKeys[round][i][j];
return;
}
/* Byte substitution transformation */
int ByteSub(u8 state[4][4])
{
int i, j;
for (i=0; i<4; i++)
for (j=0; j<4; j++)
state[i][j] = S[state[i][j]];
return 0;
}
/* Row shift transformation */
void ShiftRow(u8 state[4][4])
{
u8 temp;
/* left rotate row 1 by 1 */
temp = state[1][0];
state[1][0] = state[1][1];
state[1][1] = state[1][2];
state[1][2] = state[1][3];
state[1][3] = temp;
/* left rotate row 2 by 2 */
temp = state[2][0];
state[2][0] = state[2][2];
state[2][2] = temp;
temp = state[2][1];
state[2][1] = state[2][3];
state[2][3] = temp;
/* left rotate row 3 by 3 */
temp = state[3][0];
state[3][0] = state[3][3];
state[3][3] = state[3][2];
state[3][2] = state[3][1];
state[3][1] = temp;
return;
}
/* MixColumn transformation*/
void MixColumn(u8 state[4][4])
{
u8 temp, tmp, tmp0;
int i;
/* do one column at a time */
for (i=0; i<4;i++)
{
temp = state[0][i] ^ state[1][i] ^ state[2][i] ^ state[3][i];
tmp0 = state[0][i];
/* Xtime array does multiply by x in GF2^8 */
tmp = Xtime[state[0][i] ^ state[1][i]];
state[0][i] ^= temp ^ tmp;
tmp = Xtime[state[1][i] ^ state[2][i]];
state[1][i] ^= temp ^ tmp;
tmp = Xtime[state[2][i] ^ state[3][i]];
state[2][i] ^= temp ^ tmp;
tmp = Xtime[state[3][i] ^ tmp0];
state[3][i] ^= temp ^ tmp;
}
return;
}
/*-------------------------------------------------------------------
* Rijndael encryption function. Takes 16-byte input and creates
* 16-byte output (using round keys already derived from 16-byte
* key).
*-----------------------------------------------------------------*/
void RijndaelEncrypt( u8 input[16], u8 output[16] )
{
u8 state[4][4];
int i, r;
/* initialise state array from input byte string */
for (i=0; i<16; i++)
state[i & 0x3][i>>2] = input[i];
/* add first round_key */
KeyAdd(state, roundKeys, 0);
/* do lots of full rounds */
for (r=1; r<=9; r++)
{
ByteSub(state);
ShiftRow(state);
MixColumn(state);
KeyAdd(state, roundKeys, r);
}
/* final round */
ByteSub(state);
ShiftRow(state);
KeyAdd(state, roundKeys, r);
/* produce output byte string from state array */
for (i=0; i<16; i++)
{
output[i] = state[i & 0x3][i>>2];
}
return;
} /* end of function RijndaelEncrypt */
openair-cn/OPENAIRHSS/auc/sequence_number.c 0 → 100644
+ 54
0
View file @ e9c4d622
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include "auc.h"
uint8_t *sqn_ms_derive(uint8_t *key, uint8_t *auts, uint8_t *rand_p)
{
/* AUTS = Conc(SQN MS ) || MAC-S
* Conc(SQN MS ) = SQN MS ^ f5* (RAND)
* MAC-S = f1* (SQN MS || RAND || AMF)
*/
uint8_t ak[6];
uint8_t *conc_sqn_ms;
uint8_t *mac_s;
uint8_t mac_s_computed[MAC_S_LENGTH];
uint8_t *sqn_ms;
uint8_t amf[2] = { 0, 0 };
int i;
conc_sqn_ms = auts;
mac_s = &auts[6];
sqn_ms = malloc(SQN_LENGTH_OCTEST);
SetOPc(opc);
/* Derive AK from key and rand */
f5star(key, rand_p, ak);
for (i = 0; i < 6; i++) {
sqn_ms[i] = ak[i] ^ conc_sqn_ms[i];
}
print_buffer("KEY : ", key, 16);
print_buffer("RAND : ", rand_p, 16);
print_buffer("AUTS : ", auts, 14);
print_buffer("AK : ", ak, 6);
print_buffer("SQN_MS : ", sqn_ms, 6);
print_buffer("MAC_S : ", mac_s, 8);
f1star(key, rand_p, sqn_ms, amf, mac_s_computed);
print_buffer("MAC_S +: ", mac_s_computed, 8);
if (memcmp(mac_s_computed, mac_s, 8) != 0) {
fprintf(stderr, "Failed to verify computed SQN_MS\n");
free(sqn_ms);
return NULL;
}
return sqn_ms;
}
openair-cn/OPENAIRHSS/autogen.sh 0 → 100755
+ 2
0
View file @ e9c4d622
#!/bin/sh
autoreconf --force --install -I m4
\ No newline at end of file
openair-cn/OPENAIRHSS/conf/hss.conf 0 → 100644
+ 8
0
View file @ e9c4d622
## MySQL mandatory options
MYSQL_server = "127.0.0.1";
MYSQL_user = "hssadmin";
MYSQL_pass = "admin";
MYSQL_db = "oai_db";
## Freediameter options
FD_conf = "/etc/openair-hss/hss_fd.conf";
openair-cn/OPENAIRHSS/conf/hss.conf.in 0 → 100644
+ 8
0
View file @ e9c4d622
## MySQL mandatory options
MYSQL_server = "127.0.0.1";
MYSQL_user = "hssadmin";
MYSQL_pass = "admin";
MYSQL_db = "oai_db";
## Freediameter options
FD_conf = "@AM_CONF_DIR@/hss_fd.conf";
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment