 |
The FreeRADIUS server
$Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
|
|
The FreeRADIUS server
$Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
|
Implementations of comp128v1, comp128v2, comp128v3 algorithms. More...
#include <string.h>#include <stdint.h>#include <stdbool.h>
Include dependency graph for comp128.h: This graph shows which files directly or indirectly include this file:Go to the source code of this file.
Functions | |
| void | comp128v1 (uint8_t sres[static 4], uint8_t kc[static 8], uint8_t const ki[static 16], uint8_t const rand[static 16]) |
| Calculate comp128v1 sres and kc from ki and rand. More... | |
| void | comp128v23 (uint8_t sres[static 4], uint8_t kc[static 8], uint8_t const ki[static 16], uint8_t const rand[static 16], bool v2) |
| Calculate comp128v2 or comp128v3 sres and kc from ki and rand. More... | |
Implementations of comp128v1, comp128v2, comp128v3 algorithms.
Definition in file comp128.h.
| void comp128v1 | ( | uint8_t | sres[static 4], |
| uint8_t | kc[static 8], | ||
| uint8_t const | ki[static 16], | ||
| uint8_t const | rand[static 16] | ||
| ) |
Calculate comp128v1 sres and kc from ki and rand.
This code derived from a leaked document from the GSM standards. Some missing pieces were filled in by reverse-engineering a working SIM. We have verified that this is the correct COMP128 algorithm.
The first page of the document identifies it as Technical Information: GSM System Security Study. 10-1617-01, 10th June 1988. The bottom of the title page is marked Racal Research Ltd. Worton Drive, Worton Grange Industrial Estate, Reading, Berks. RG2 0SB, England. Telephone: Reading (0734) 868601 Telex: 847152 The relevant bits are in Part I, Section 20 (pages 66–67). Enjoy!
Note: There are three typos in the spec (discovered by reverse-engineering). First, "z = (2 * x[n] + x[n]) mod 2^(9-j)" should clearly read "z = (2 * x[m] + x[n]) mod 2^(9-j)". Second, the "k" loop in the "Form bits from bytes" section is severely botched: the k index should run only from 0 to 3, and clearly the range on "the (8-k)th bit of byte j" is also off (should be 0..7, not 1..8, to be consistent with the subsequent section). Third, SRES is taken from the first 8 nibbles of x[], not the last 8 as claimed in the document. (And the document doesn't specify how Kc is derived, but that was also easily discovered with reverse engineering.) All of these typos have been corrected in the following code.
| [out] | sres | 4 byte value derived from ki and rand. |
| [out] | kc | 8 byte value derived from ki and rand. |
| [in] | ki | known only by the SIM and AuC (us in this case). |
| [in] | rand | 16 bytes of randomness. |
Definition at line 241 of file comp128.c.
Here is the call graph for this function: Here is the caller graph for this function:| void comp128v23 | ( | uint8_t | sres[static 4], |
| uint8_t | kc[static 8], | ||
| uint8_t const | ki[static 16], | ||
| uint8_t const | rand[static 16], | ||
| bool | v2 | ||
| ) |
Calculate comp128v2 or comp128v3 sres and kc from ki and rand.
| [out] | sres | 4 byte value derived from ki and rand. |
| [out] | kc | 8 byte value derived from ki and rand. |
| [in] | ki | known only by the SIM and AuC (us in this case). |
| [in] | rand | 16 bytes of randomness. |
| [in] | v2 | if true we use version comp128-2 else we use comp128-3. |
Definition at line 336 of file comp128.c.
Here is the call graph for this function: Here is the caller graph for this function:
1.9.1