3GPP AKA - Milenage algorithm (3GPP TS 35.205, .206, .207, .208) More...

#include <stddef.h>
#include <string.h>
#include <freeradius-devel/tls/strerror.h>
#include <freeradius-devel/util/proto.h>
#include <openssl/evp.h>
#include "common.h"
#include "milenage.h"

Include dependency graph for milenage.c:

Go to the source code of this file.

Macros
#define	MILENAGE_MAC_A_SIZE 8

#define	MILENAGE_MAC_S_SIZE 8

Functions
static int	aes_128_encrypt_block (EVP_CIPHER_CTX *evp_ctx, uint8_t const key[16], uint8_t const in[16], uint8_t out[16])

int	milenage_auts (uint64_t *sqn, uint8_t const opc[MILENAGE_OPC_SIZE], uint8_t const ki[MILENAGE_KI_SIZE], uint8_t const rand[MILENAGE_RAND_SIZE], uint8_t const auts[MILENAGE_AUTS_SIZE])
	Milenage AUTS validation. More...

int	milenage_check (uint8_t ik[MILENAGE_IK_SIZE], uint8_t ck[MILENAGE_CK_SIZE], uint8_t res[MILENAGE_RES_SIZE], uint8_t auts[MILENAGE_AUTS_SIZE], uint8_t const opc[MILENAGE_OPC_SIZE], uint8_t const ki[MILENAGE_KI_SIZE], uint64_t sqn, uint8_t const rand[MILENAGE_RAND_SIZE], uint8_t const autn[MILENAGE_AUTN_SIZE])
	Milenage check. More...

static int	milenage_f1 (uint8_t mac_a[MILENAGE_MAC_A_SIZE], uint8_t mac_s[MILENAGE_MAC_S_SIZE], uint8_t const opc[MILENAGE_OPC_SIZE], uint8_t const k[MILENAGE_KI_SIZE], uint8_t const rand[MILENAGE_RAND_SIZE], uint8_t const sqn[MILENAGE_SQN_SIZE], uint8_t const amf[MILENAGE_AMF_SIZE])
	milenage_f1 - Milenage f1 and f1* algorithms More...

static int	milenage_f2345 (uint8_t res[MILENAGE_RES_SIZE], uint8_t ik[MILENAGE_IK_SIZE], uint8_t ck[MILENAGE_CK_SIZE], uint8_t ak[MILENAGE_AK_SIZE], uint8_t ak_resync[MILENAGE_AK_SIZE], uint8_t const opc[MILENAGE_OPC_SIZE], uint8_t const k[MILENAGE_KI_SIZE], uint8_t const rand[MILENAGE_RAND_SIZE])
	milenage_f2345 - Milenage f2, f3, f4, f5, f5* algorithms More...

void	milenage_gsm_from_umts (uint8_t sres[MILENAGE_SRES_SIZE], uint8_t kc[MILENAGE_KC_SIZE], uint8_t const ik[MILENAGE_IK_SIZE], uint8_t const ck[MILENAGE_CK_SIZE], uint8_t const res[MILENAGE_RES_SIZE])
	Generate GSM-Milenage (3GPP TS 55.205) authentication triplet from a quintuplet. More...

int	milenage_gsm_generate (uint8_t sres[MILENAGE_SRES_SIZE], uint8_t kc[MILENAGE_KC_SIZE], uint8_t const opc[MILENAGE_OPC_SIZE], uint8_t const ki[MILENAGE_KI_SIZE], uint8_t const rand[MILENAGE_RAND_SIZE])
	Generate GSM-Milenage (3GPP TS 55.205) authentication triplet. More...

int	milenage_opc_generate (uint8_t opc[MILENAGE_OPC_SIZE], uint8_t const op[MILENAGE_OP_SIZE], uint8_t const ki[MILENAGE_KI_SIZE])
	Derive OPc from OP and Ki. More...

int	milenage_umts_generate (uint8_t autn[MILENAGE_AUTN_SIZE], uint8_t ik[MILENAGE_IK_SIZE], uint8_t ck[MILENAGE_CK_SIZE], uint8_t ak[MILENAGE_AK_SIZE], uint8_t res[MILENAGE_RES_SIZE], uint8_t const opc[MILENAGE_OPC_SIZE], uint8_t const amf[MILENAGE_AMF_SIZE], uint8_t const ki[MILENAGE_KI_SIZE], uint64_t sqn, uint8_t const rand[MILENAGE_RAND_SIZE])
	Generate AKA AUTN, IK, CK, RES. More...

Detailed Description

3GPP AKA - Milenage algorithm (3GPP TS 35.205, .206, .207, .208)

This file implements an example authentication algorithm defined for 3GPP AKA. This can be used to implement a simple HLR/AuC into hlr_auc_gw to allow EAP-AKA to be tested properly with real USIM cards.

This implementations assumes that the r1..r5 and c1..c5 constants defined in TS 35.206 are used, i.e., r1=64, r2=0, r3=32, r4=64, r5=96, c1=00..00, c2=00..01, c3=00..02, c4=00..04, c5=00..08. The block cipher is assumed to be AES (Rijndael).

This software may be distributed under the terms of the BSD license. See README for more details.

Copyright: 2017 The FreeRADIUS server project; 2006-2007 (j@w1..nosp@m.fi)

Definition in file milenage.c.

Macro Definition Documentation

◆ MILENAGE_MAC_A_SIZE

#define MILENAGE_MAC_A_SIZE 8

Definition at line 29 of file milenage.c.

◆ MILENAGE_MAC_S_SIZE

#define MILENAGE_MAC_S_SIZE 8

Definition at line 30 of file milenage.c.

Function Documentation

◆ aes_128_encrypt_block()

static int aes_128_encrypt_block	(	EVP_CIPHER_CTX *	evp_ctx,
		uint8_t const	key[16],
		uint8_t const	in[16],
		uint8_t	out[16]
	)

inlinestatic

Definition at line 32 of file milenage.c.

Here is the caller graph for this function:

◆ milenage_auts()

int milenage_auts	(	uint64_t *	sqn,
		uint8_t const	opc[MILENAGE_OPC_SIZE],
		uint8_t const	ki[MILENAGE_KI_SIZE],
		uint8_t const	rand[MILENAGE_RAND_SIZE],
		uint8_t const	auts[MILENAGE_AUTS_SIZE]
	)

Milenage AUTS validation.

Parameters

[out]	sqn	SQN = 48-bit sequence number (host byte order).
[in]	opc	128-bit operator variant algorithm configuration field (encr.).
[in]	ki	128-bit subscriber key.
[in]	rand	128-bit random challenge.
[in]	auts	112-bit authentication token from client.

Returns

0 on success with sqn filled.
-1 on failure.

Definition at line 329 of file milenage.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ milenage_check()

int milenage_check	(	uint8_t	ik[MILENAGE_IK_SIZE],
		uint8_t	ck[MILENAGE_CK_SIZE],
		uint8_t	res[MILENAGE_RES_SIZE],
		uint8_t	auts[MILENAGE_AUTS_SIZE],
		uint8_t const	opc[MILENAGE_OPC_SIZE],
		uint8_t const	ki[MILENAGE_KI_SIZE],
		uint64_t	sqn,
		uint8_t const	rand[MILENAGE_RAND_SIZE],
		uint8_t const	autn[MILENAGE_AUTN_SIZE]
	)

Milenage check.

Parameters

[out]	ik	Buffer for IK = 128-bit integrity key (f4), or NULL.
[out]	ck	Buffer for CK = 128-bit confidentiality key (f3), or NULL.
[out]	res	Buffer for RES = 64-bit signed response (f2), or NULL.
[in]	auts	112-bit buffer for AUTS.
[in]	opc	128-bit operator variant algorithm configuration field (encr.).
[in]	ki	128-bit subscriber key.
[in]	sqn	48-bit sequence number.
[in]	rand	128-bit random challenge.
[in]	autn	128-bit authentication token.

Returns

0 on success.
-1 on failure.
-2 on synchronization failure

Definition at line 417 of file milenage.c.

Here is the call graph for this function:

◆ milenage_f1()

static int milenage_f1	(	uint8_t	mac_a[MILENAGE_MAC_A_SIZE],
		uint8_t	mac_s[MILENAGE_MAC_S_SIZE],
		uint8_t const	opc[MILENAGE_OPC_SIZE],
		uint8_t const	k[MILENAGE_KI_SIZE],
		uint8_t const	rand[MILENAGE_RAND_SIZE],
		uint8_t const	sqn[MILENAGE_SQN_SIZE],
		uint8_t const	amf[MILENAGE_AMF_SIZE]
	)

static

milenage_f1 - Milenage f1 and f1* algorithms

Parameters

[in]	opc	128-bit value derived from OP and K.
[in]	k	128-bit subscriber key.
[in]	rand	128-bit random challenge.
[in]	sqn	48-bit sequence number.
[in]	amf	16-bit authentication management field.
[out]	mac_a	Buffer for MAC-A = 64-bit network authentication code, or NULL
[out]	mac_s	Buffer for MAC-S = 64-bit resync authentication code, or NULL

Returns

0 on success.
-1 on failure.

Definition at line 77 of file milenage.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ milenage_f2345()

static int milenage_f2345	(	uint8_t	res[MILENAGE_RES_SIZE],
		uint8_t	ik[MILENAGE_IK_SIZE],
		uint8_t	ck[MILENAGE_CK_SIZE],
		uint8_t	ak[MILENAGE_AK_SIZE],
		uint8_t	ak_resync[MILENAGE_AK_SIZE],
		uint8_t const	opc[MILENAGE_OPC_SIZE],
		uint8_t const	k[MILENAGE_KI_SIZE],
		uint8_t const	rand[MILENAGE_RAND_SIZE]
	)

static

milenage_f2345 - Milenage f2, f3, f4, f5, f5* algorithms

Parameters

[out]	res	Buffer for RES = 64-bit signed response (f2), or NULL
[out]	ck	Buffer for CK = 128-bit confidentiality key (f3), or NULL
[out]	ik	Buffer for IK = 128-bit integrity key (f4), or NULL
[out]	ak	Buffer for AK = 48-bit anonymity key (f5), or NULL
[out]	ak_resync	Buffer for AK = 48-bit anonymity key (f5*), or NULL
[in]	opc	128-bit value derived from OP and K.
[in]	k	128-bit subscriber key
[in]	rand	128-bit random challenge

Returns

0 on success.
-1 on failure.

Definition at line 151 of file milenage.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ milenage_gsm_from_umts()

void milenage_gsm_from_umts	(	uint8_t	sres[MILENAGE_SRES_SIZE],
		uint8_t	kc[MILENAGE_KC_SIZE],
		uint8_t const	ik[MILENAGE_IK_SIZE],
		uint8_t const	ck[MILENAGE_CK_SIZE],
		uint8_t const	res[MILENAGE_RES_SIZE]
	)

Generate GSM-Milenage (3GPP TS 55.205) authentication triplet from a quintuplet.

Parameters

[out]	sres	Buffer for SRES = 32-bit SRES.
[out]	kc	64-bit Kc.
[in]	ik	128-bit integrity.
[in]	ck	Confidentiality key.
[in]	res	64-bit signed response.

Definition at line 358 of file milenage.c.

Here is the caller graph for this function:

◆ milenage_gsm_generate()

int milenage_gsm_generate	(	uint8_t	sres[MILENAGE_SRES_SIZE],
		uint8_t	kc[MILENAGE_KC_SIZE],
		uint8_t const	opc[MILENAGE_OPC_SIZE],
		uint8_t const	ki[MILENAGE_KI_SIZE],
		uint8_t const	rand[MILENAGE_RAND_SIZE]
	)

Generate GSM-Milenage (3GPP TS 55.205) authentication triplet.

Parameters

[out]	sres	Buffer for SRES = 32-bit SRES.
[out]	kc	64-bit Kc.
[in]	opc	128-bit operator variant algorithm configuration field (encr.).
[in]	ki	128-bit subscriber key.
[in]	rand	128-bit random challenge.

Returns

0 on success.
-1 on failure.

Definition at line 386 of file milenage.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ milenage_opc_generate()

int milenage_opc_generate	(	uint8_t	opc[MILENAGE_OPC_SIZE],
		uint8_t const	op[MILENAGE_OP_SIZE],
		uint8_t const	ki[MILENAGE_KI_SIZE]
	)

Derive OPc from OP and Ki.

Parameters

[out]	opc	The derived Operator Code used as an input to other Milenage functions.
[in]	op	Operator Code.
[in]	ki	Subscriber key.

Returns

0 on success.
-1 on failure.

Definition at line 243 of file milenage.c.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ milenage_umts_generate()

int milenage_umts_generate	(	uint8_t	autn[MILENAGE_AUTN_SIZE],
		uint8_t	ik[MILENAGE_IK_SIZE],
		uint8_t	ck[MILENAGE_CK_SIZE],
		uint8_t	ak[MILENAGE_AK_SIZE],
		uint8_t	res[MILENAGE_RES_SIZE],
		uint8_t const	opc[MILENAGE_OPC_SIZE],
		uint8_t const	amf[MILENAGE_AMF_SIZE],
		uint8_t const	ki[MILENAGE_KI_SIZE],
		uint64_t	sqn,
		uint8_t const	rand[MILENAGE_RAND_SIZE]
	)

Generate AKA AUTN, IK, CK, RES.

Parameters

[out]	autn	Buffer for AUTN = 128-bit authentication token.
[out]	ik	Buffer for IK = 128-bit integrity key (f4), or NULL.
[out]	ck	Buffer for CK = 128-bit confidentiality key (f3), or NULL.
[out]	ak	Buffer for AK = 48-bit anonymity key (f5), or NULL
[out]	res	Buffer for RES = 64-bit signed response (f2), or NULL.
[in]	opc	128-bit operator variant algorithm configuration field (encr.).
[in]	amf	16-bit authentication management field.
[in]	ki	128-bit subscriber key.
[in]	sqn	48-bit sequence number (host byte order).
[in]	rand	128-bit random challenge.

Returns

0 on success.
-1 on failure.

Definition at line 282 of file milenage.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ MILENAGE_MAC_A_SIZE

◆ MILENAGE_MAC_S_SIZE

Function Documentation

◆ aes_128_encrypt_block()

◆ milenage_auts()

◆ milenage_check()

◆ milenage_f1()

◆ milenage_f2345()

◆ milenage_gsm_from_umts()

◆ milenage_gsm_generate()

◆ milenage_opc_generate()

◆ milenage_umts_generate()