Commit a6145ca9 authored by Robert Schmidt's avatar Robert Schmidt

Merge remote-tracking branch 'origin/kdf_openssl' into integration_2022_wk06

parents 0d4a95b8 986a1a80
...@@ -83,27 +83,6 @@ else() ...@@ -83,27 +83,6 @@ else()
include_directories(${OPENPGM_INCLUDE_DIRS}) include_directories(${OPENPGM_INCLUDE_DIRS})
endif() endif()
pkg_search_module(NETTLE nettle)
if(NOT ${NETTLE_FOUND})
message( FATAL_ERROR "PACKAGE nettle not found: some targets will fail. Run build_oai -I again!")
else()
include_directories(${NETTLE_INCLUDE_DIRS})
endif()
message ("NETTLE VERSION_INSTALLED = ${NETTLE_VERSION}")
string(REGEX REPLACE "([0-9]+).*" "\\1" NETTLE_VERSION_MAJOR ${NETTLE_VERSION})
string(REGEX REPLACE "[0-9]+\\.([0-9]+).*" "\\1" NETTLE_VERSION_MINOR ${NETTLE_VERSION})
message ("NETTLE_VERSION_MAJOR = ${NETTLE_VERSION_MAJOR}")
message ("NETTLE_VERSION_MINOR = ${NETTLE_VERSION_MINOR}")
if ("${NETTLE_VERSION_MAJOR}" STREQUAL "" OR "${NETTLE_VERSION_MINOR}" STREQUAL "")
message( FATAL_ERROR "The nettle version not detected properly. Try to run build_oai -I again" )
endif()
add_definitions("-DNETTLE_VERSION_MAJOR=${NETTLE_VERSION_MAJOR}")
add_definitions("-DNETTLE_VERSION_MINOR=${NETTLE_VERSION_MINOR}")
pkg_search_module(XPM xpm) pkg_search_module(XPM xpm)
if(NOT ${XPM_FOUND}) if(NOT ${XPM_FOUND})
message("PACKAGE xpm not found: some targets will fail") message("PACKAGE xpm not found: some targets will fail")
...@@ -847,12 +826,17 @@ set(SECU_OSA_SRC ...@@ -847,12 +826,17 @@ set(SECU_OSA_SRC
${OPENAIR2_DIR}/UTIL/OSA/osa_snow3g.c ${OPENAIR2_DIR}/UTIL/OSA/osa_snow3g.c
${OPENAIR2_DIR}/UTIL/OSA/osa_stream_eea.c ${OPENAIR2_DIR}/UTIL/OSA/osa_stream_eea.c
${OPENAIR2_DIR}/UTIL/OSA/osa_stream_eia.c ${OPENAIR2_DIR}/UTIL/OSA/osa_stream_eia.c
) )
add_library(SECU_OSA ${SECU_OSA_SRC}) add_library(SECU_OSA ${SECU_OSA_SRC} $<TARGET_OBJECTS:ds> )
target_link_libraries(SECU_OSA ${NETTLE_LIBRARIES})
target_include_directories(SECU_OSA PRIVATE ${OPENAIR_DIR}/common/utils/ds/)
set(SECU_CN_SRC set(SECU_CN_SRC
${OPENAIR3_DIR}/SECU/secu_defs.c
${OPENAIR3_DIR}/SECU/kdf.c ${OPENAIR3_DIR}/SECU/kdf.c
${OPENAIR3_DIR}/SECU/aes_128_ctr.c
${OPENAIR3_DIR}/SECU/aes_128_cbc_cmac.c
${OPENAIR3_DIR}/SECU/sha_256_hmac.c
${OPENAIR3_DIR}/SECU/rijndael.c ${OPENAIR3_DIR}/SECU/rijndael.c
${OPENAIR3_DIR}/SECU/snow3g.c ${OPENAIR3_DIR}/SECU/snow3g.c
${OPENAIR3_DIR}/SECU/key_nas_deriver.c ${OPENAIR3_DIR}/SECU/key_nas_deriver.c
...@@ -861,9 +845,9 @@ set(SECU_CN_SRC ...@@ -861,9 +845,9 @@ set(SECU_CN_SRC
${OPENAIR3_DIR}/SECU/nas_stream_eea2.c ${OPENAIR3_DIR}/SECU/nas_stream_eea2.c
${OPENAIR3_DIR}/SECU/nas_stream_eia2.c ${OPENAIR3_DIR}/SECU/nas_stream_eia2.c
) )
add_library(SECU_CN ${SECU_CN_SRC})
target_link_libraries(SECU_CN ${NETTLE_LIBRARIES}) add_library(SECU_CN ${SECU_CN_SRC} $<TARGET_OBJECTS:ds>)
target_include_directories(SECU_CN PRIVATE ${OPENAIR_DIR}/common/utils/ds/)
# Physical Channel Procedures Scheduling # Physical Channel Procedures Scheduling
################################" ################################"
...@@ -1995,8 +1979,13 @@ add_library(LIB_NAS_SIMUE ...@@ -1995,8 +1979,13 @@ add_library(LIB_NAS_SIMUE
${libnas_ue_esm_sap_OBJS} ${libnas_ue_esm_sap_OBJS}
${libnrnas_emm_msg_OBJS} ${libnrnas_emm_msg_OBJS}
${libnrnas_ies_OBJS} ${libnrnas_ies_OBJS}
$<TARGET_OBJECTS:ds>
) )
target_include_directories(LIB_NAS_SIMUE PRIVATE ${OPENAIR_DIR}/common/utils/ds/)
target_link_libraries(LIB_NAS_SIMUE PRIVATE lte_rrc) target_link_libraries(LIB_NAS_SIMUE PRIVATE lte_rrc)
set(NAS_SIM_LIB LIB_NAS_SIMUE) set(NAS_SIM_LIB LIB_NAS_SIMUE)
target_link_libraries(LIB_NAS_SIMUE PRIVATE asn1_nr_rrc asn1_lte_rrc) target_link_libraries(LIB_NAS_SIMUE PRIVATE asn1_nr_rrc asn1_lte_rrc)
...@@ -2016,7 +2005,9 @@ add_library(LIB_NAS_UE ...@@ -2016,7 +2005,9 @@ add_library(LIB_NAS_UE
${libnas_ue_emm_sap_OBJS} ${libnas_ue_emm_sap_OBJS}
${libnas_ue_esm_OBJS} ${libnas_ue_esm_OBJS}
${libnas_ue_esm_sap_OBJS} ${libnas_ue_esm_sap_OBJS}
$<TARGET_OBJECTS:ds>
) )
target_include_directories(LIB_NAS_UE PRIVATE ${OPENAIR_DIR}/common/utils/ds/)
target_link_libraries(LIB_NAS_UE PRIVATE lte_rrc) target_link_libraries(LIB_NAS_UE PRIVATE lte_rrc)
set(NAS_UE_LIB LIB_NAS_UE) set(NAS_UE_LIB LIB_NAS_UE)
target_link_libraries(LIB_NAS_UE PRIVATE asn1_nr_rrc asn1_lte_rrc) target_link_libraries(LIB_NAS_UE PRIVATE asn1_nr_rrc asn1_lte_rrc)
...@@ -2048,6 +2039,8 @@ add_library(LIB_5GNAS_GNB ...@@ -2048,6 +2039,8 @@ add_library(LIB_5GNAS_GNB
${NAS_SRC}/NR_UE/ue_process_nas.c ${NAS_SRC}/NR_UE/ue_process_nas.c
${OPENAIR3_DIR}//UICC/usim_interface.c ${OPENAIR3_DIR}//UICC/usim_interface.c
) )
target_include_directories(LIB_5GNAS_GNB PRIVATE ${OPENAIR_DIR}/common/utils/ds/)
target_link_libraries(LIB_5GNAS_GNB PRIVATE SECU_CN ${CRYPTO_LIBRARIES}) target_link_libraries(LIB_5GNAS_GNB PRIVATE SECU_CN ${CRYPTO_LIBRARIES})
target_link_libraries(LIB_5GNAS_GNB PRIVATE asn1_nr_rrc asn1_lte_rrc) target_link_libraries(LIB_5GNAS_GNB PRIVATE asn1_nr_rrc asn1_lte_rrc)
...@@ -2417,7 +2410,7 @@ add_executable(nr-cuup ...@@ -2417,7 +2410,7 @@ add_executable(nr-cuup
target_link_libraries(nr-cuup PRIVATE target_link_libraries(nr-cuup PRIVATE
CONFIG_LIB ITTI SCTP_CLIENT CONFIG_LIB ITTI SCTP_CLIENT
GTPV1U e1ap e1_pdcp_if f1ap GTPV1U e1ap e1_pdcp_if f1ap
SECU_OSA ${OPENSSL_LIBRARIES} crypt z sctp dl pthread) SECU_OSA SECU_CN ${OPENSSL_LIBRARIES} crypt z sctp dl pthread)
target_link_libraries(nr-cuup PRIVATE asn1_lte_rrc asn1_nr_rrc) target_link_libraries(nr-cuup PRIVATE asn1_lte_rrc asn1_nr_rrc)
# nr-uesoftmodem is UE implementation # nr-uesoftmodem is UE implementation
...@@ -2676,8 +2669,7 @@ endforeach(myExe) ...@@ -2676,8 +2669,7 @@ endforeach(myExe)
foreach(myExe s1ap foreach(myExe s1ap
secu_knas_encrypt_eia1 secu_knas_encrypt_eia1
secu_kenb secu_kenb
aes128_ctr_encrypt aes128_ctr
aes128_ctr_decrypt
secu_knas_encrypt_eea2 secu_knas_encrypt_eea2
secu_knas secu_knas_encrypt_eea1 secu_knas secu_knas_encrypt_eea1
kdf kdf
...@@ -2807,6 +2799,7 @@ include (common/utils/telnetsrv/telnetsrv_CMakeLists.txt) ...@@ -2807,6 +2799,7 @@ include (common/utils/telnetsrv/telnetsrv_CMakeLists.txt)
include(${OPENAIR1_DIR}/PHY/CODING/nrLDPC_decoder/nrLDPC_tools/CMakeLists.txt) include(${OPENAIR1_DIR}/PHY/CODING/nrLDPC_decoder/nrLDPC_tools/CMakeLists.txt)
include (${OPENAIR_DIR}/common/utils/websrv/websrv_CMakeLists.txt) include (${OPENAIR_DIR}/common/utils/websrv/websrv_CMakeLists.txt)
add_subdirectory(common)
add_subdirectory(doc) add_subdirectory(doc)
add_subdirectory(openair2) add_subdirectory(openair2)
add_subdirectory(openair3) add_subdirectory(openair3)
...@@ -86,49 +86,8 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -msse4.2 -std=gnu99 -Wall -Wstrict-prototype ...@@ -86,49 +86,8 @@ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -msse4.2 -std=gnu99 -Wall -Wstrict-prototype
set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -ggdb -DMALLOC_CHECK_=3") set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -ggdb -DMALLOC_CHECK_=3")
set(CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO} -ggdb -DMALLOC_CHECK_=3 -O2") set(CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO} -ggdb -DMALLOC_CHECK_=3 -O2")
##This is to detect nettle version changes between Ubuntu 14.04/16.04
#set ( nettle_cmd "nettle-hash" )
#set ( nettle_arg "-V" )
#execute_process(COMMAND ${nettle_cmd} ${nettle_arg} RESULT_VARIABLE rv OUTPUT_VARIABLE ov ERROR_VARIABLE ev)
#
#string(REGEX MATCH "[+-]?[0-9]+([.][0-9]+)?" nv ${ov})
#
#message("NETTLE_VERSION = ${nv}")
#
## we need to remove decimal as floating point arithematic does not work properly with C preprocessor
#STRING(REGEX REPLACE "[.]" "" nv ${nv})
#
#if ("${nv}" STREQUAL "")
# message( FATAL_ERROR "The nettle version not detected properly. Try to run build_oai -I again" )
#endif()
#
#set (NETTLE_VERSION "${nv}")
#add_definitions("-DNETTLE_VERSION=${NETTLE_VERSION}")
include(FindPkgConfig) include(FindPkgConfig)
pkg_search_module(NETTLE nettle)
if(NOT ${NETTLE_FOUND})
message( FATAL_ERROR "PACKAGE nettle not found: some targets will fail. Run build_oai -I again!")
else()
include_directories(${NETTLE_INCLUDE_DIRS})
endif()
message ("NETTLE VERSION_INSTALLED = ${NETTLE_VERSION}")
string(REGEX REPLACE "([0-9]+).*" "\\1" NETTLE_VERSION_MAJOR ${NETTLE_VERSION})
string(REGEX REPLACE "[0-9]+\\.([0-9]+).*" "\\1" NETTLE_VERSION_MINOR ${NETTLE_VERSION})
message ("NETTLE_VERSION_MAJOR = ${NETTLE_VERSION_MAJOR}")
message ("NETTLE_VERSION_MINOR = ${NETTLE_VERSION_MINOR}")
if ("${NETTLE_VERSION_MAJOR}" STREQUAL "" OR "${NETTLE_VERSION_MINOR}" STREQUAL "")
message( FATAL_ERROR "The nettle version not detected properly. Try to run build_oai -I again" )
endif()
add_definitions("-DNETTLE_VERSION_MAJOR=${NETTLE_VERSION_MAJOR}")
add_definitions("-DNETTLE_VERSION_MINOR=${NETTLE_VERSION_MINOR}")
pkg_search_module(OPENSSL openssl REQUIRED) pkg_search_module(OPENSSL openssl REQUIRED)
include_directories(${OPENSSL_INCLUDE_DIRS}) include_directories(${OPENSSL_INCLUDE_DIRS})
...@@ -159,6 +118,9 @@ add_boolean_option(NAS_MME False "NAS_UE and NAS_MME are incompa ...@@ -159,6 +118,9 @@ add_boolean_option(NAS_MME False "NAS_UE and NAS_MME are incompa
# SECU LIB # SECU LIB
################################################################################ ################################################################################
set(secu_cn_SRC set(secu_cn_SRC
${OPENAIR3_DIR}/SECU/aes_128_ctr.c
${OPENAIR3_DIR}/SECU/aes_128_cbc_cmac.c
${OPENAIR3_DIR}/SECU/sha_256_hmac.c
${OPENAIR3_DIR}/SECU/kdf.c ${OPENAIR3_DIR}/SECU/kdf.c
${OPENAIR3_DIR}/SECU/rijndael.c ${OPENAIR3_DIR}/SECU/rijndael.c
${OPENAIR3_DIR}/SECU/snow3g.c ${OPENAIR3_DIR}/SECU/snow3g.c
...@@ -719,7 +681,6 @@ target_link_libraries (at_nas_ue ...@@ -719,7 +681,6 @@ target_link_libraries (at_nas_ue
-Wl,-whole-archive -Wl,-whole-archive
api_network api_user api_usim emm esm ies util secu_cn api_network api_user api_usim emm esm ies util secu_cn
-Wl,-no-whole-archive -Wl,-no-whole-archive
${NETTLE_LIBRARIES}
${OPENSSL_LIBRARIES} ${OPENSSL_LIBRARIES}
${CMAKE_THREAD_LIBS_INIT} m ) ${CMAKE_THREAD_LIBS_INIT} m )
......
# Find the native Nettle includes, library, and flags
#
# NETTLE_INCLUDE_DIR - where to find nettle.h, etc.
# NETTLE_LIBRARIES - List of libraries when using Nettle.
# NETTLE_FOUND - True if Nettle found.
IF (NETTLE_INCLUDE_DIR)
# Already in cache, be silent
SET(NETTLE_FIND_QUIETLY TRUE)
ENDIF (NETTLE_INCLUDE_DIR)
FIND_PATH(NETTLE_INCLUDE_DIR nettle/nettle-meta.h)
SET(NETTLE_NAMES nettle)
FIND_LIBRARY(NETTLE_LIBRARY NAMES ${NETTLE_NAMES} )
# handle the QUIETLY and REQUIRED arguments and set NETTLE_FOUND to TRUE if
# all listed variables are TRUE
INCLUDE(FindPackageHandleStandardArgs)
FIND_PACKAGE_HANDLE_STANDARD_ARGS(NETTLE DEFAULT_MSG NETTLE_LIBRARY NETTLE_INCLUDE_DIR)
IF(NETTLE_FOUND)
SET(NETTLE_LIBRARIES ${NETTLE_LIBRARY})
ELSE(NETTLE_FOUND)
SET(NETTLE_LIBRARIES )
ENDIF(NETTLE_FOUND)
MARK_AS_ADVANCED(NETTLE_LIBRARY NETTLE_INCLUDE_DIR)
...@@ -617,7 +617,6 @@ check_install_oai_software() { ...@@ -617,7 +617,6 @@ check_install_oai_software() {
openssl \ openssl \
xxd xxd
$SUDO apt-get install -y nettle-dev nettle-bin
elif [[ "$OS_BASEDISTRO" == "fedora" ]]; then elif [[ "$OS_BASEDISTRO" == "fedora" ]]; then
if [[ "$OS_DISTRO" == "rhel" ]] || [[ "$OS_DISTRO" == "centos" ]]; then if [[ "$OS_DISTRO" == "rhel" ]] || [[ "$OS_DISTRO" == "centos" ]]; then
if rpm -q epel-release > /dev/null; then if rpm -q epel-release > /dev/null; then
...@@ -642,16 +641,15 @@ check_install_oai_software() { ...@@ -642,16 +641,15 @@ check_install_oai_software() {
libgcrypt-devel \ libgcrypt-devel \
lksctp-tools \ lksctp-tools \
lksctp-tools-devel \ lksctp-tools-devel \
openssl-devel \
libtasn1 \ libtasn1 \
libtool \ libtool \
libxslt-devel \ libxslt-devel \
ninja-build \ ninja-build \
make \ make \
openssl \ openssl \
openssl-devel \
patch \ patch \
readline-devel \ readline-devel \
nettle-devel \
gnutls-devel \ gnutls-devel \
lapack \ lapack \
lapack-devel \ lapack-devel \
......
add_subdirectory(utils)
add_subdirectory(ds)
add_library(ds OBJECT
byte_array.c
)
target_include_directories(ds PUBLIC ${CMAKE_CURRENT_SOURCE_DIR})
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#include "byte_array.h"
#include "common/utils/assertions.h"
#include <string.h>
byte_array_t copy_byte_array(byte_array_t src)
{
byte_array_t dst = {0};
dst.buf = malloc(src.len);
DevAssert(dst.buf != NULL && "Memory exhausted");
memcpy(dst.buf, src.buf, src.len);
dst.len = src.len;
return dst;
}
void free_byte_array(byte_array_t ba)
{
free(ba.buf);
}
bool eq_byte_array(const byte_array_t* m0, const byte_array_t* m1)
{
if (m0 == m1)
return true;
if (m0 == NULL || m1 == NULL)
return false;
if (m0->len != m1->len)
return false;
const int rc = memcmp(m0->buf, m1->buf, m0->len);
if (rc != 0)
return false;
return true;
}
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#ifndef BYTE_ARRAY_H_OAI
#define BYTE_ARRAY_H_OAI
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
typedef struct {
size_t len;
uint8_t* buf;
} byte_array_t;
typedef struct {
uint8_t buf[32];
} byte_array_32_t;
byte_array_t copy_byte_array(byte_array_t src);
void free_byte_array(byte_array_t ba);
bool eq_byte_array(const byte_array_t* m0, const byte_array_t* m1);
#endif
...@@ -15,9 +15,6 @@ OPENAIR_DIR = /usr/local/oai/oai-develop/openairinterface5g ...@@ -15,9 +15,6 @@ OPENAIR_DIR = /usr/local/oai/oai-develop/openairinterface5g
FreeDiameter prefix not found, install freeDiameter if EPC, HSS FreeDiameter prefix not found, install freeDiameter if EPC, HSS
3. building the compilation directives ... 3. building the compilation directives ...
running cmake ../../.. running cmake ../../..
NETTLE VERSION_INSTALLED = 3.5.1
NETTLE_VERSION_MAJOR = 3
NETTLE_VERSION_MINOR = 5
cuda include /usr/include cuda include /usr/include
cuda library cuda library
-- CMAKE_BUILD_TYPE is RelWithDebInfo -- CMAKE_BUILD_TYPE is RelWithDebInfo
...@@ -61,9 +58,6 @@ Call Stack (most recent call first): ...@@ -61,9 +58,6 @@ Call Stack (most recent call first):
FreeDiameter prefix not found, install freeDiameter if EPC, HSS FreeDiameter prefix not found, install freeDiameter if EPC, HSS
3. building the compilation directives ... 3. building the compilation directives ...
running cmake ../../.. running cmake ../../..
NETTLE VERSION_INSTALLED = 3.5.1
NETTLE_VERSION_MAJOR = 3
NETTLE_VERSION_MINOR = 5
cuda include /usr/include cuda include /usr/include
cuda library cuda library
-- CMAKE_BUILD_TYPE is RelWithDebInfo -- CMAKE_BUILD_TYPE is RelWithDebInfo
...@@ -209,4 +203,4 @@ The interface should be intuitive enough, keeping in mind the following restrict ...@@ -209,4 +203,4 @@ The interface should be intuitive enough, keeping in mind the following restrict
Some front-end objects, which usage are less intuitive provide a tooltip to help interface usage. Some front-end objects, which usage are less intuitive provide a tooltip to help interface usage.
[oai web serverinterface home](websrv.md) [oai web serverinterface home](websrv.md)
\ No newline at end of file
...@@ -39,7 +39,6 @@ ENV TZ=Europe/Paris ...@@ -39,7 +39,6 @@ ENV TZ=Europe/Paris
RUN yum update -y && \ RUN yum update -y && \
yum install -y --enablerepo="ubi-8-codeready-builder" \ yum install -y --enablerepo="ubi-8-codeready-builder" \
lksctp-tools \ lksctp-tools \
nettle \
tzdata \ tzdata \
procps-ng \ procps-ng \
atlas \ atlas \
......
...@@ -44,7 +44,6 @@ RUN apt-get update && \ ...@@ -44,7 +44,6 @@ RUN apt-get update && \
tzdata \ tzdata \
procps \ procps \
libsctp1 \ libsctp1 \
libnettle6 \
libblas3 \ libblas3 \
libatlas3-base \ libatlas3-base \
libconfig9 \ libconfig9 \
......
...@@ -52,7 +52,6 @@ RUN yum repolist --disablerepo=* && \ ...@@ -52,7 +52,6 @@ RUN yum repolist --disablerepo=* && \
libX11 \ libX11 \
atlas \ atlas \
lksctp-tools \ lksctp-tools \
nettle \
tzdata \ tzdata \
net-tools \ net-tools \
iputils \ iputils \
......
...@@ -44,7 +44,6 @@ RUN yum repolist --disablerepo=* && \ ...@@ -44,7 +44,6 @@ RUN yum repolist --disablerepo=* && \
libX11 \ libX11 \
atlas \ atlas \
lksctp-tools \ lksctp-tools \
nettle \
tzdata \ tzdata \
gdb \ gdb \
python3 \ python3 \
......
...@@ -44,7 +44,6 @@ RUN apt-get update && \ ...@@ -44,7 +44,6 @@ RUN apt-get update && \
procps \ procps \
libsctp1 \ libsctp1 \
tzdata \ tzdata \
libnettle6 \
libblas3 \ libblas3 \
libatlas3-base \ libatlas3-base \
libconfig9 \ libconfig9 \
......
...@@ -41,7 +41,6 @@ RUN yum update -y && \ ...@@ -41,7 +41,6 @@ RUN yum update -y && \
yum install -y --enablerepo="ubi-8-codeready-builder" \ yum install -y --enablerepo="ubi-8-codeready-builder" \
lksctp-tools \ lksctp-tools \
procps-ng \ procps-ng \
nettle \
tzdata \ tzdata \
atlas \ atlas \
gdb \ gdb \
......
...@@ -45,7 +45,6 @@ RUN apt-get update && \ ...@@ -45,7 +45,6 @@ RUN apt-get update && \
tzdata \ tzdata \
procps \ procps \
libsctp1 \ libsctp1 \
libnettle6 \
liblapacke \ liblapacke \
libatlas3-base \ libatlas3-base \
libconfig9 \ libconfig9 \
......
...@@ -41,7 +41,6 @@ RUN yum update -y && \ ...@@ -41,7 +41,6 @@ RUN yum update -y && \
lksctp-tools \ lksctp-tools \
procps-ng \ procps-ng \
tzdata \ tzdata \
nettle \
net-tools \ net-tools \
iputils \ iputils \
iproute \ iproute \
......
...@@ -44,7 +44,6 @@ RUN apt-get update && \ ...@@ -44,7 +44,6 @@ RUN apt-get update && \
libsctp1 \ libsctp1 \
procps \ procps \
tzdata \ tzdata \
libnettle6 \
liblapacke \ liblapacke \
libatlas3-base \ libatlas3-base \
libconfig9 \ libconfig9 \
......
...@@ -46,7 +46,6 @@ FROM registry.access.redhat.com/ubi8/ubi:latest as oai-physim ...@@ -46,7 +46,6 @@ FROM registry.access.redhat.com/ubi8/ubi:latest as oai-physim
RUN yum update -y && \ RUN yum update -y && \
yum install -y --enablerepo="ubi-8-codeready-builder" \ yum install -y --enablerepo="ubi-8-codeready-builder" \
lksctp-tools \ lksctp-tools \
nettle \
tzdata \ tzdata \
atlas \ atlas \
hostname \ hostname \
......
...@@ -21,62 +21,61 @@ ...@@ -21,62 +21,61 @@
#include "nr_pdcp_integrity_nia2.h" #include "nr_pdcp_integrity_nia2.h"
#include <arpa/inet.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <stdint.h> #include <stdint.h>
#include <openssl/cmac.h>
void *nr_pdcp_integrity_nia2_init(unsigned char *integrity_key) #include "common/utils/assertions.h"
{ #include "openair3/SECU/aes_128.h"
CMAC_CTX *ctx; #include "openair3/SECU/aes_128_cbc_cmac.h"
ctx = CMAC_CTX_new();
if (ctx == NULL) abort();
CMAC_Init(ctx, integrity_key, 16, EVP_aes_128_cbc(), NULL); void *nr_pdcp_integrity_nia2_init(uint8_t integrity_key[16])
{
// This is a hack. Reduce the 3 functions to just cipher?
// No. The overhead is x8 times more. Don't change before measuring
// return integrity_key;
cbc_cmac_ctx_t* ctx = calloc(1, sizeof(cbc_cmac_ctx_t));
DevAssert(ctx != NULL && "Memory exhausted");
*ctx = init_aes_128_cbc_cmac(integrity_key);
return ctx; return ctx;
} }
static void compute_t(unsigned char *t, uint32_t count, int bearer, void nr_pdcp_integrity_nia2_integrity(void *integrity_context, unsigned char *out, unsigned char *buffer, int length, int bearer, int count, int direction)
int direction)
{ {
t[0] = (count >> 24) & 255; DevAssert(integrity_context != NULL);
t[1] = (count >> 16) & 255; DevAssert(out != NULL);
t[2] = (count >> 8) & 255; DevAssert(buffer != NULL);
t[3] = (count ) & 255; DevAssert(length > -1);
t[4] = ((bearer-1) << 3) | (direction << 2); // Strange range: [1-32] instead of [0-31]
memset(&t[5], 0, 8-5); DevAssert(bearer > 0 && bearer < 33);
} DevAssert(count > -1);
void nr_pdcp_integrity_nia2_integrity(void *integrity_context, cbc_cmac_ctx_t* ctx = (cbc_cmac_ctx_t*)integrity_context;
unsigned char *out,
unsigned char *buffer, int length,
int bearer, int count, int direction)
{
CMAC_CTX *ctx = integrity_context;
unsigned char t[8];
unsigned char mac[16];
size_t maclen;
/* see 33.401 B.2.3 for the input to 128-EIA2 aes_128_t k_iv = {0};
* (which is identical to 128-NIA2, see 33.501 D.3.1.3) */ memcpy(&k_iv.key, ctx->key, sizeof(k_iv.key));
compute_t(t, count, bearer, direction); k_iv.type = AES_INITIALIZATION_VECTOR_8;
k_iv.iv8.d.bearer = bearer -1;
k_iv.iv8.d.direction = direction;
k_iv.iv8.d.count = htonl(count);
CMAC_Init(ctx, NULL, 0, NULL, NULL); uint8_t result[16] = {0};
CMAC_Update(ctx, t, 8); byte_array_t msg = {.buf = buffer, .len = length};
CMAC_Update(ctx, buffer, length);
CMAC_Final(ctx, mac, &maclen); cipher_aes_128_cbc_cmac((cbc_cmac_ctx_t*)integrity_context, &k_iv, msg, sizeof(result), result);
//aes_128_cbc_cmac(&k_iv, msg, sizeof(result), result);
/* AES CMAC (RFC 4493) outputs 128 bits but NR PDCP PDUs have a MAC-I of // AES CMAC (RFC 4493) outputs 128 bits but NR PDCP PDUs have a MAC-I of
* 32 bits (see 38.323 6.2). RFC 4493 2.1 says to truncate most significant // 32 bits (see 38.323 6.2). RFC 4493 2.1 says to truncate most significant
* bit first (so seems to say 33.401 B.2.3) // bit first (so seems to say 33.401 B.2.3)
*/ // Precondition: out should have enough space...
memcpy(out, mac, 4); memcpy(out, result, 4);
} }
void nr_pdcp_integrity_nia2_free_integrity(void *integrity_context) void nr_pdcp_integrity_nia2_free_integrity(void *integrity_context)
{ {
CMAC_CTX *ctx = integrity_context; free( ( cbc_cmac_ctx_t*) integrity_context);
CMAC_CTX_free(ctx);
} }
...@@ -22,7 +22,9 @@ ...@@ -22,7 +22,9 @@
#ifndef _NR_PDCP_INTEGRITY_NIA2_H_ #ifndef _NR_PDCP_INTEGRITY_NIA2_H_
#define _NR_PDCP_INTEGRITY_NIA2_H_ #define _NR_PDCP_INTEGRITY_NIA2_H_
void *nr_pdcp_integrity_nia2_init(unsigned char *integrity_key); #include <stdint.h>
void *nr_pdcp_integrity_nia2_init(uint8_t integrity_key[16]);
void nr_pdcp_integrity_nia2_integrity(void *integrity_context, void nr_pdcp_integrity_nia2_integrity(void *integrity_context,
unsigned char *out, unsigned char *out,
......
...@@ -19,55 +19,50 @@ ...@@ -19,55 +19,50 @@
* contact@openairinterface.org * contact@openairinterface.org
*/ */
#include "openair3/SECU/aes_128_ctr.h"
#include "common/utils/assertions.h"
#include "nr_pdcp_security_nea2.h" #include "nr_pdcp_security_nea2.h"
#include <arpa/inet.h>
#include <assert.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <nettle/nettle-meta.h>
#include <nettle/aes.h>
#include <nettle/ctr.h>
#ifndef NETTLE_VERSION_MAJOR
/* hack: include bignum.h, not version.h because version.h does not exist
* in old versions and bignum.h includes version.h (as of today).
* May completely fail to work... maybe we should skip support of old
* versions of nettle.
*/
#include <nettle/bignum.h>
#endif
void *nr_pdcp_security_nea2_init(unsigned char *ciphering_key) void *nr_pdcp_security_nea2_init(unsigned char *ciphering_key)
{ {
void *ctx = calloc(1, nettle_aes128.context_size); // This is a hack, IMO init, cipher and free functions should be reduced to cipher.
if (ctx == NULL) exit(1); // Test show a ~10% more processing time
return ciphering_key;
#if !defined(NETTLE_VERSION_MAJOR) || NETTLE_VERSION_MAJOR < 3
nettle_aes128.set_encrypt_key(ctx, 16, ciphering_key);
#else
nettle_aes128.set_encrypt_key(ctx, ciphering_key);
#endif
return ctx;
} }
void nr_pdcp_security_nea2_cipher(void *security_context, void nr_pdcp_security_nea2_cipher(void *security_context, unsigned char *buffer, int length, int bearer, int count, int direction)
unsigned char *buffer, int length,
int bearer, int count, int direction)
{ {
unsigned char t[16] = {0}; DevAssert(security_context != NULL);
DevAssert(buffer != NULL);
DevAssert(length > 0);
DevAssert(bearer > -1 && bearer < 32);
DevAssert(direction > -1 && direction < 2);
DevAssert(count > -1);
aes_128_t p = {0};
const uint8_t *ciphering_key = (uint8_t const *)security_context;
memcpy(p.key, ciphering_key, 16);
p.type = AES_INITIALIZATION_VECTOR_16;
p.iv16.d.count = ntohl(count);
p.iv16.d.bearer = bearer;
p.iv16.d.direction = direction;
uint8_t out[length];
memset(out, 0, length);
t[0] = (count >> 24) & 255; byte_array_t msg = {.buf = buffer, .len = length};;
t[1] = (count >> 16) & 255; aes_128_ctr(&p, msg, length, out);
t[2] = (count >> 8) & 255;
t[3] = (count ) & 255;
t[4] = ((bearer-1) << 3) | (direction << 2);
nettle_ctr_crypt(security_context, nettle_aes128.encrypt, memcpy(buffer, out, length);
nettle_aes128.block_size, t,
length, buffer, buffer);
} }
void nr_pdcp_security_nea2_free_security(void *security_context) void nr_pdcp_security_nea2_free_security(void *security_context)
{ {
free(security_context); (void)security_context;
} }
Algorithms and Data Structures in C for common usage
add_subdirectory(ALG_DS)
OAISIM Security Algorithms v0.1 OAISIM Security Algorithms v0.1
Dependencies: Dependencies:
- nettle >= 2.5
- openssl >= 1.0.1 - openssl >= 1.0.1
Compilation: Compilation:
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
/*! /*!
* \file secu_defs.h * \file secu_defs.h
* \brief Openair security algorithms functions implementing 3GPP TS 33.401 * \brief Openair security algorithms functions implementing 3GPP TS 33.401
* \note HMAC computations are done by nettle/openssl library * \note HMAC computations are done by openssl library
* \author Sebastien ROUX * \author Sebastien ROUX
* \date 2013 * \date 2013
* \version 0.1 * \version 0.1
......
...@@ -19,31 +19,15 @@ ...@@ -19,31 +19,15 @@
* contact@openairinterface.org * contact@openairinterface.org
*/ */
#include <stdint.h> #include "../../../openair3/SECU/kdf.h"
#include <nettle/hmac.h> #include <stdint.h>
#include <string.h>
#include "osa_defs.h" #include "osa_defs.h"
#include "osa_internal.h" #include "osa_internal.h"
#include "common/utils/LOG/log.h" #include "common/utils/LOG/log.h"
static inline
void kdf(const uint8_t *s, const uint32_t s_length, const uint8_t *key,
const uint32_t key_length, uint8_t **out, uint32_t out_length)
{
struct hmac_sha256_ctx ctx;
uint8_t *buffer;
buffer = malloc(sizeof(uint8_t) * out_length);
hmac_sha256_set_key(&ctx, key_length, key);
hmac_sha256_update(&ctx, s_length, s);
hmac_sha256_digest(&ctx, out_length, buffer);
*out = buffer;
}
/*! /*!
* @brief Derive the keys from key and perform truncate on the generated key to * @brief Derive the keys from key and perform truncate on the generated key to
* reduce his size to 128 bits. Definition of the derivation function can * reduce his size to 128 bits. Definition of the derivation function can
...@@ -58,10 +42,9 @@ void kdf(const uint8_t *s, const uint32_t s_length, const uint8_t *key, ...@@ -58,10 +42,9 @@ void kdf(const uint8_t *s, const uint32_t s_length, const uint8_t *key,
* @param[out] out Pointer to reference where output of KDF will be stored. * @param[out] out Pointer to reference where output of KDF will be stored.
* NOTE: knas is dynamically allocated by the KDF function * NOTE: knas is dynamically allocated by the KDF function
*/ */
int derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id, int derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id, const uint8_t key[32], uint8_t **out)
const uint8_t key[32], uint8_t **out)
{ {
uint8_t string[7]; uint8_t string[7] = {0};
/* FC */ /* FC */
string[0] = FC_ALG_KEY_DER; string[0] = FC_ALG_KEY_DER;
...@@ -84,7 +67,7 @@ int derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id, ...@@ -84,7 +67,7 @@ int derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id,
{ {
int i; int i;
char payload[6 * sizeof(string) + 1]; char payload[6 * sizeof(string) + 1];
int index = 0; int index = 0;
for (i = 0; i < sizeof(string); i++) for (i = 0; i < sizeof(string); i++)
index += sprintf(&payload[index], "0x%02x ", string[i]); index += sprintf(&payload[index], "0x%02x ", string[i]);
...@@ -93,13 +76,17 @@ int derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id, ...@@ -93,13 +76,17 @@ int derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id,
} }
#endif #endif
kdf(string, 7, key, 32, out, 32); byte_array_t data = {.buf = string, .len = 7};
if (*out == NULL) {
*out = malloc(sizeof(uint8_t) * 32);
DevAssert(*out != NULL && "Memory exhausted");
}
kdf(key, data, 32, *out);
return 0; return 0;
} }
int nr_derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id, int nr_derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id, const uint8_t key[32], uint8_t **out)
const uint8_t key[32], uint8_t **out)
{ {
uint8_t string[7]; uint8_t string[7];
...@@ -120,17 +107,23 @@ int nr_derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id, ...@@ -120,17 +107,23 @@ int nr_derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id,
string[5] = 0x00; string[5] = 0x00;
string[6] = 0x01; string[6] = 0x01;
kdf(string, 7, key, 32, out, 32); byte_array_t data = {.buf = string, .len = 7};
if (*out == NULL) {
*out = malloc(sizeof(uint8_t) * 32);
DevAssert(*out != NULL && "Memory exhausted");
}
kdf(key, data, 32, *out);
// in NR, we use the last 16 bytes, ignoring the first 16 ones // in NR, we use the last 16 bytes, ignoring the first 16 ones
memcpy(*out, *out+16, 16); memcpy(*out, *out + 16, 16);
return 0; return 0;
} }
int nr_derive_key_ng_ran_star(uint16_t pci, uint64_t nr_arfcn_dl, const uint8_t key[32], uint8_t *key_ng_ran_star) int nr_derive_key_ng_ran_star(uint16_t pci, uint64_t nr_arfcn_dl, const uint8_t key[32], uint8_t *key_ng_ran_star)
{ {
uint8_t *out; uint8_t s[10] = {0};
uint8_t s[10];
/* FC */ /* FC */
s[0] = NR_FC_ALG_KEY_NG_RAN_STAR_DER; s[0] = NR_FC_ALG_KEY_NG_RAN_STAR_DER;
...@@ -152,18 +145,17 @@ int nr_derive_key_ng_ran_star(uint16_t pci, uint64_t nr_arfcn_dl, const uint8_t ...@@ -152,18 +145,17 @@ int nr_derive_key_ng_ran_star(uint16_t pci, uint64_t nr_arfcn_dl, const uint8_t
s[8] = 0x00; s[8] = 0x00;
s[9] = 0x03; s[9] = 0x03;
kdf(s, 10, key, 32, &out, 32);
memcpy(key_ng_ran_star, out, 32); byte_array_t data = {.buf = s, .len = 10};
free(out); const uint32_t len_key = 32;
kdf(key, data, len_key, key_ng_ran_star);
return 0; return 0;
} }
int derive_skgNB(const uint8_t *keNB, const uint16_t sk_counter, uint8_t *skgNB) int derive_skgNB(const uint8_t *keNB, const uint16_t sk_counter, uint8_t *skgNB)
{ {
uint8_t *out; uint8_t s[5] = {0};
uint8_t s[5];
/* FC is 0x1c (see 3gpp 33.401 annex A.15) */ /* FC is 0x1c (see 3gpp 33.401 annex A.15) */
s[0] = 0x1c; s[0] = 0x1c;
...@@ -176,10 +168,8 @@ int derive_skgNB(const uint8_t *keNB, const uint16_t sk_counter, uint8_t *skgNB) ...@@ -176,10 +168,8 @@ int derive_skgNB(const uint8_t *keNB, const uint16_t sk_counter, uint8_t *skgNB)
s[3] = 0x00; s[3] = 0x00;
s[4] = 0x02; s[4] = 0x02;
kdf(s, 5, keNB, 32, &out, 32); byte_array_t data = {.buf = s, .len = 5};
kdf(keNB, data, 32, skgNB);
memcpy(skgNB, out, 32);
free(out);
return 0; return 0;
} }
...@@ -19,16 +19,15 @@ ...@@ -19,16 +19,15 @@
* contact@openairinterface.org * contact@openairinterface.org
*/ */
#include <arpa/inet.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include <nettle/nettle-meta.h>
#include <nettle/aes.h>
#include <nettle/ctr.h>
#include "common/utils/LOG/log.h" #include "common/utils/LOG/log.h"
#include "byte_array.h"
#include "openair3//SECU//aes_128_ctr.h"
#include "assertions.h" #include "assertions.h"
#include "osa_defs.h" #include "osa_defs.h"
...@@ -44,10 +43,13 @@ int stream_encrypt_eea0(stream_cipher_t *stream_cipher, uint8_t **out) ...@@ -44,10 +43,13 @@ int stream_encrypt_eea0(stream_cipher_t *stream_cipher, uint8_t **out)
DevAssert(stream_cipher != NULL); DevAssert(stream_cipher != NULL);
DevAssert(out != NULL); DevAssert(out != NULL);
LOG_D(OSA, "Entering stream_encrypt_eea0, bits length %u, bearer %u, " LOG_D(OSA,
"count %u, direction %s\n", stream_cipher->blength, "Entering stream_encrypt_eea0, bits length %u, bearer %u, "
stream_cipher->bearer, stream_cipher->count, stream_cipher->direction == SECU_DIRECTION_DOWNLINK ? "count %u, direction %s\n",
"Downlink" : "Uplink"); stream_cipher->blength,
stream_cipher->bearer,
stream_cipher->count,
stream_cipher->direction == SECU_DIRECTION_DOWNLINK ? "Downlink" : "Uplink");
byte_length = (stream_cipher->blength + 7) >> 3; byte_length = (stream_cipher->blength + 7) >> 3;
...@@ -59,7 +61,7 @@ int stream_encrypt_eea0(stream_cipher_t *stream_cipher, uint8_t **out) ...@@ -59,7 +61,7 @@ int stream_encrypt_eea0(stream_cipher_t *stream_cipher, uint8_t **out)
data = *out; data = *out;
} }
memcpy (data, stream_cipher->message, byte_length); memcpy(data, stream_cipher->message, byte_length);
return 0; return 0;
} }
...@@ -67,32 +69,32 @@ int stream_encrypt_eea0(stream_cipher_t *stream_cipher, uint8_t **out) ...@@ -67,32 +69,32 @@ int stream_encrypt_eea0(stream_cipher_t *stream_cipher, uint8_t **out)
int stream_encrypt_eea1(stream_cipher_t *stream_cipher, uint8_t **out) int stream_encrypt_eea1(stream_cipher_t *stream_cipher, uint8_t **out)
{ {
osa_snow_3g_context_t snow_3g_context; osa_snow_3g_context_t snow_3g_context;
int n ; int n;
int i = 0; int i = 0;
uint32_t zero_bit = 0; uint32_t zero_bit = 0;
uint32_t *KS; uint32_t *KS;
uint32_t K[4],IV[4]; uint32_t K[4], IV[4];
DevAssert(stream_cipher != NULL); DevAssert(stream_cipher != NULL);
DevAssert(stream_cipher->key != NULL); DevAssert(stream_cipher->key != NULL);
DevAssert(stream_cipher->key_length == 16); DevAssert(stream_cipher->key_length == 16);
DevAssert(out != NULL); DevAssert(out != NULL);
n = ( stream_cipher->blength + 31 ) / 32; n = (stream_cipher->blength + 31) / 32;
zero_bit = stream_cipher->blength & 0x7; zero_bit = stream_cipher->blength & 0x7;
memset(&snow_3g_context, 0, sizeof(snow_3g_context)); memset(&snow_3g_context, 0, sizeof(snow_3g_context));
/*Initialisation*/ /*Initialisation*/
/* Load the confidentiality key for SNOW 3G initialization as in section /* Load the confidentiality key for SNOW 3G initialization as in section
3.4. */ 3.4. */
memcpy(K+3,stream_cipher->key+0,4); /*K[3] = key[0]; we assume memcpy(K + 3, stream_cipher->key + 0, 4); /*K[3] = key[0]; we assume
K[3]=key[0]||key[1]||...||key[31] , with key[0] the K[3]=key[0]||key[1]||...||key[31] , with key[0] the
* most important bit of key*/ * most important bit of key*/
memcpy(K+2,stream_cipher->key+4,4); /*K[2] = key[1];*/ memcpy(K + 2, stream_cipher->key + 4, 4); /*K[2] = key[1];*/
memcpy(K+1,stream_cipher->key+8,4); /*K[1] = key[2];*/ memcpy(K + 1, stream_cipher->key + 8, 4); /*K[1] = key[2];*/
memcpy(K+0,stream_cipher->key+12,4); /*K[0] = key[3]; we assume memcpy(K + 0, stream_cipher->key + 12, 4); /*K[0] = key[3]; we assume
K[0]=key[96]||key[97]||...||key[127] , with key[127] the K[0]=key[96]||key[97]||...||key[127] , with key[127] the
* least important bit of key*/ * least important bit of key*/
K[3] = hton_int32(K[3]); K[3] = hton_int32(K[3]);
K[2] = hton_int32(K[2]); K[2] = hton_int32(K[2]);
K[1] = hton_int32(K[1]); K[1] = hton_int32(K[1]);
...@@ -106,26 +108,25 @@ int stream_encrypt_eea1(stream_cipher_t *stream_cipher, uint8_t **out) ...@@ -106,26 +108,25 @@ int stream_encrypt_eea1(stream_cipher_t *stream_cipher, uint8_t **out)
/* Run SNOW 3G algorithm to generate sequence of key stream bits KS*/ /* Run SNOW 3G algorithm to generate sequence of key stream bits KS*/
osa_snow3g_initialize(K, IV, &snow_3g_context); osa_snow3g_initialize(K, IV, &snow_3g_context);
KS = (uint32_t *)malloc(4*n); KS = (uint32_t *)malloc(4 * n);
osa_snow3g_generate_key_stream(n,(uint32_t*)KS, &snow_3g_context); osa_snow3g_generate_key_stream(n, (uint32_t *)KS, &snow_3g_context);
if (zero_bit > 0) { if (zero_bit > 0) {
KS[n - 1] = KS[n - 1] & (uint32_t)(0xFFFFFFFF << (8 - zero_bit)); KS[n - 1] = KS[n - 1] & (uint32_t)(0xFFFFFFFF << (8 - zero_bit));
} }
for (i=0; i<n; i++) { for (i = 0; i < n; i++) {
KS[i] = hton_int32(KS[i]); KS[i] = hton_int32(KS[i]);
} }
/* Exclusive-OR the input data with keystream to generate the output bit /* Exclusive-OR the input data with keystream to generate the output bit
stream */ stream */
for (i=0; i<n*4; i++) { for (i = 0; i < n * 4; i++) {
stream_cipher->message[i] ^= *(((uint8_t*)KS)+i); stream_cipher->message[i] ^= *(((uint8_t *)KS) + i);
} }
if (zero_bit > 0) { if (zero_bit > 0) {
int ceil_index = (stream_cipher->blength+7) >> 3; int ceil_index = (stream_cipher->blength + 7) >> 3;
stream_cipher->message[ceil_index - 1] = stream_cipher->message[ceil_index - 1] & (uint8_t)(0xFF << (8 - zero_bit)); stream_cipher->message[ceil_index - 1] = stream_cipher->message[ceil_index - 1] & (uint8_t)(0xFF << (8 - zero_bit));
} }
...@@ -136,91 +137,32 @@ int stream_encrypt_eea1(stream_cipher_t *stream_cipher, uint8_t **out) ...@@ -136,91 +137,32 @@ int stream_encrypt_eea1(stream_cipher_t *stream_cipher, uint8_t **out)
int stream_encrypt_eea2(stream_cipher_t *stream_cipher, uint8_t **out) int stream_encrypt_eea2(stream_cipher_t *stream_cipher, uint8_t **out)
{ {
uint8_t m[16];
uint32_t local_count;
void *ctx;
uint8_t *data = NULL;
uint32_t zero_bit = 0;
uint32_t byte_length;
DevAssert(stream_cipher != NULL); DevAssert(stream_cipher != NULL);
DevAssert(out != NULL); DevAssert(stream_cipher->key != NULL);
DevAssert(stream_cipher->key_length == 32);
LOG_D(OSA, "Entering stream_encrypt_eea2, bits length %u, bearer %u, " DevAssert(stream_cipher->bearer < 32);
"count %u, direction %s\n", stream_cipher->blength, DevAssert(stream_cipher->direction < 2);
stream_cipher->bearer, stream_cipher->count, stream_cipher->direction == SECU_DIRECTION_DOWNLINK ? DevAssert(stream_cipher->message != NULL);
"Downlink" : "Uplink"); DevAssert(stream_cipher->blength > 7);
zero_bit = stream_cipher->blength & 0x7;
byte_length = stream_cipher->blength >> 3;
if (zero_bit > 0)
byte_length += 1;
ctx = malloc(nettle_aes128.context_size);
if (*out == NULL) { if (*out == NULL) {
/* User provided output buffer */ *out = calloc(1, (stream_cipher->blength >> 3) + 1);
data = malloc(byte_length); DevAssert(*out != NULL && "Memory exhausted");
*out = data;
} else {
data = *out;
}
local_count = hton_int32(stream_cipher->count);
memset(m, 0, sizeof(m));
memcpy(&m[0], &local_count, 4);
m[4] = ((stream_cipher->bearer & 0x1F) << 3) |
((stream_cipher->direction & 0x01) << 2);
/* Other bits are 0 */
#if defined(SECU_DEBUG)
{
int i;
char payload[6 * byte_length + 1];
int index = 0;
for (i = 0; i < byte_length; i++)
index += sprintf(&payload[index], "0x%02x ", stream_cipher->message[i]);
LOG_D(OSA, "Original message: %s\n", payload);
}
#endif
#if NETTLE_VERSION_MAJOR < 3
nettle_aes128.set_encrypt_key(ctx, stream_cipher->key_length,
stream_cipher->key);
#else
nettle_aes128.set_encrypt_key(ctx,
stream_cipher->key);
#endif
nettle_ctr_crypt(ctx, nettle_aes128.encrypt,
nettle_aes128.block_size, m,
byte_length, data, stream_cipher->message);
if (zero_bit > 0)
data[byte_length - 1] = data[byte_length - 1] & (uint8_t)(0xFF << (8 - zero_bit));
free(ctx);
#if defined(SECU_DEBUG)
{
int i;
char payload[6 * byte_length + 1];
int index = 0;
for (i = 0; i < byte_length; i++)
index += sprintf(&payload[index], "0x%02x ", data[i]);
LOG_D(OSA, "Encrypted message: %s\n", payload);
} }
#endif
aes_128_t p = {0};
memcpy(p.key, stream_cipher->key, stream_cipher->key_length);
p.type = AES_INITIALIZATION_VECTOR_16;
p.iv16.d.count = htonl(stream_cipher->count);
p.iv16.d.bearer = stream_cipher->bearer;
p.iv16.d.direction = stream_cipher->direction;
DevAssert((stream_cipher->blength & 0x07) == 0 && "Cipher length must be multiple of one octet");
const uint32_t byte_lenght = stream_cipher->blength >> 3;
// Precondition: out must have enough space, at least as much as the input
const size_t len_out = byte_lenght;
byte_array_t msg = {.buf = stream_cipher->message, .len =byte_lenght};
aes_128_ctr(&p, msg, len_out, *out);
return 0; return 0;
} }
......
This diff is collapsed.
...@@ -544,7 +544,6 @@ Before compiling the core EPC, some packages should be installed on the platform ...@@ -544,7 +544,6 @@ Before compiling the core EPC, some packages should be installed on the platform
\item flex and bison \item flex and bison
\item openssl-dev \item openssl-dev
\item asn1c (see section \ref{sec:asn1c}) \item asn1c (see section \ref{sec:asn1c})
\item libnettle (see section \ref{sec:libnettle})
\item freediameter (see section \ref{sec:freediameter}) and gnutls 3.1.0 \item freediameter (see section \ref{sec:freediameter}) and gnutls 3.1.0
(see section \ref{sec:gnutls}) (see section \ref{sec:gnutls})
\end{itemize} \end{itemize}
...@@ -562,28 +561,6 @@ openssl-dev -y ...@@ -562,28 +561,6 @@ openssl-dev -y
\subsection{ASN1c} \subsection{ASN1c}
\label{sec:asn1c} \label{sec:asn1c}
\subsection{libnettle}
\label{sec:libnettle}
The nettle library is used by freediameter for certificate encryption and by core
EPC for key derivation.
\begin{lstlisting}
wget ftp://ftp.lysator.liu.se/pub/security/lsh/nettle-2.5.tar.gz
gunzip nettle-2.5.tar.gz
tar -xvf nettle-2.5.tar
cd nettle-2.5/
./configure --disable-openssl --enable-shared
make
make check
sudo make install
\end{lstlisting}
The commands provided above will download the required packages sources, configure
and install them on the system.
Note that any packages which is not in the Ubuntu repository is installed by default
in /usr/local instead of /usr.
This behaviour can be overriden at configuration time by providing --prefix=/usr to
the configuration script (configure).
\subsection{gnutls} \subsection{gnutls}
\label{sec:gnutls} \label{sec:gnutls}
......
...@@ -23,6 +23,7 @@ ...@@ -23,6 +23,7 @@
#include <openair3/NAS/COMMON/NR_NAS_defs.h> #include <openair3/NAS/COMMON/NR_NAS_defs.h>
#include <openair3/SECU/secu_defs.h> #include <openair3/SECU/secu_defs.h>
#include <openair3/SECU/kdf.h>
void servingNetworkName(uint8_t *msg, char * imsiStr, int nmc_size) { void servingNetworkName(uint8_t *msg, char * imsiStr, int nmc_size) {
//SNN-network-identifier in TS 24.501 //SNN-network-identifier in TS 24.501
...@@ -59,8 +60,12 @@ int resToresStar(uint8_t *msg, uicc_t* uicc) { ...@@ -59,8 +60,12 @@ int resToresStar(uint8_t *msg, uicc_t* uicc) {
uint8_t ckik[sizeof(uicc->ck) +sizeof(uicc->ik)]; uint8_t ckik[sizeof(uicc->ck) +sizeof(uicc->ik)];
memcpy(ckik, uicc->ck, sizeof(uicc->ck)); memcpy(ckik, uicc->ck, sizeof(uicc->ck));
memcpy(ckik+sizeof(uicc->ck),uicc->ik, sizeof(uicc->ik)); memcpy(ckik+sizeof(uicc->ck),uicc->ik, sizeof(uicc->ik));
uint8_t out[32]; uint8_t out[32] = {0};
kdf(S, ptr-S, ckik, 32, out, sizeof(out)); assert(ptr-S == 32);
//kdf(S, ptr-S, ckik, 32, out, sizeof(out));
byte_array_t data = {.buf = ckik, .len = 32};
kdf(S, data, 32, out);
memcpy(msg, out+16, 16); memcpy(msg, out+16, 16);
return 16; return 16;
} }
...@@ -37,6 +37,7 @@ ...@@ -37,6 +37,7 @@
#include "nr_nas_msg_sim.h" #include "nr_nas_msg_sim.h"
#include "aka_functions.h" #include "aka_functions.h"
#include "secu_defs.h" #include "secu_defs.h"
#include "kdf.h"
#include "PduSessionEstablishRequest.h" #include "PduSessionEstablishRequest.h"
#include "PduSessionEstablishmentAccept.h" #include "PduSessionEstablishmentAccept.h"
#include "intertask_interface.h" #include "intertask_interface.h"
...@@ -188,18 +189,20 @@ void transferRES(uint8_t ck[16], uint8_t ik[16], uint8_t *input, uint8_t rand[16 ...@@ -188,18 +189,20 @@ void transferRES(uint8_t ck[16], uint8_t ik[16], uint8_t *input, uint8_t rand[16
oldS[33] = 0x08; oldS[33] = 0x08;
uint8_t key[32]; uint8_t key[32] = {0};
memcpy(&key[0], ck, 16); memcpy(&key[0], ck, 16);
memcpy(&key[16], ik, 16); //KEY memcpy(&key[16], ik, 16); //KEY
uint8_t out[32]; uint8_t out[32] = {0};
kdf(key, 32, S, 31 + netNamesize, out, 32);
for (int i = 0; i < 16; i++) byte_array_t data = {.buf = S, .len = 31 + netNamesize};
output[i] = out[16 + i]; kdf(key, data, 32, out);
memcpy(output, out + 16, 16);
} }
void derive_kausf(uint8_t ck[16], uint8_t ik[16], uint8_t sqn[6], uint8_t kausf[32], uicc_t *uicc) { void derive_kausf(uint8_t ck[16], uint8_t ik[16], uint8_t sqn[6], uint8_t kausf[32], uicc_t *uicc) {
uint8_t S[100]={0}; uint8_t S[100]={0};
uint8_t key[32]; uint8_t key[32] = {0};
memcpy(&key[0], ck, 16); memcpy(&key[0], ck, 16);
memcpy(&key[16], ik, 16); //KEY memcpy(&key[16], ik, 16); //KEY
...@@ -213,7 +216,9 @@ void derive_kausf(uint8_t ck[16], uint8_t ik[16], uint8_t sqn[6], uint8_t kausf[ ...@@ -213,7 +216,9 @@ void derive_kausf(uint8_t ck[16], uint8_t ik[16], uint8_t sqn[6], uint8_t kausf[
} }
S[9 + netNamesize] = 0x00; S[9 + netNamesize] = 0x00;
S[10 + netNamesize] = 0x06; S[10 + netNamesize] = 0x06;
kdf(key, 32, S, 11 + netNamesize, kausf, 32);
byte_array_t data = {.buf = S, .len = 11 + netNamesize};
kdf(key, data, 32, kausf);
} }
void derive_kseaf(uint8_t kausf[32], uint8_t kseaf[32], uicc_t *uicc) { void derive_kseaf(uint8_t kausf[32], uint8_t kseaf[32], uicc_t *uicc) {
...@@ -223,12 +228,14 @@ void derive_kseaf(uint8_t kausf[32], uint8_t kseaf[32], uicc_t *uicc) { ...@@ -223,12 +228,14 @@ void derive_kseaf(uint8_t kausf[32], uint8_t kseaf[32], uicc_t *uicc) {
int netNamesize = strlen((char*)S+1); int netNamesize = strlen((char*)S+1);
S[1 + netNamesize] = (uint8_t)((netNamesize & 0xff00) >> 8); S[1 + netNamesize] = (uint8_t)((netNamesize & 0xff00) >> 8);
S[2 + netNamesize] = (uint8_t)(netNamesize & 0x00ff); S[2 + netNamesize] = (uint8_t)(netNamesize & 0x00ff);
kdf(kausf, 32, S, 3 + netNamesize, kseaf, 32);
byte_array_t data = {.buf = S , .len = 3 + netNamesize};
kdf(kausf, data, 32, kseaf);
} }
void derive_kamf(uint8_t *kseaf, uint8_t *kamf, uint16_t abba, uicc_t* uicc) { void derive_kamf(uint8_t *kseaf, uint8_t *kamf, uint16_t abba, uicc_t* uicc) {
int imsiLen = strlen(uicc->imsiStr); int imsiLen = strlen(uicc->imsiStr);
uint8_t S[100]; uint8_t S[100] = {0};
S[0] = 0x6D; //FC = 0x6D S[0] = 0x6D; //FC = 0x6D
memcpy(&S[1], uicc->imsiStr, imsiLen ); memcpy(&S[1], uicc->imsiStr, imsiLen );
S[1 + imsiLen] = (uint8_t)((imsiLen & 0xff00) >> 8); S[1 + imsiLen] = (uint8_t)((imsiLen & 0xff00) >> 8);
...@@ -237,12 +244,14 @@ void derive_kamf(uint8_t *kseaf, uint8_t *kamf, uint16_t abba, uicc_t* uicc) { ...@@ -237,12 +244,14 @@ void derive_kamf(uint8_t *kseaf, uint8_t *kamf, uint16_t abba, uicc_t* uicc) {
S[4 + imsiLen] = (abba & 0xff00) >> 8; S[4 + imsiLen] = (abba & 0xff00) >> 8;
S[5 + imsiLen] = 0x00; S[5 + imsiLen] = 0x00;
S[6 + imsiLen] = 0x02; S[6 + imsiLen] = 0x02;
kdf(kseaf, 32, S, 7 + imsiLen, kamf, 32);
byte_array_t data = {.buf = S, .len = 7 + imsiLen};
kdf(kseaf, data, 32, kamf);
} }
//------------------------------------------------------------------------------ //------------------------------------------------------------------------------
void derive_knas(algorithm_type_dist_t nas_alg_type, uint8_t nas_alg_id, uint8_t kamf[32], uint8_t *knas_int) { void derive_knas(algorithm_type_dist_t nas_alg_type, uint8_t nas_alg_id, uint8_t kamf[32], uint8_t *knas_int) {
uint8_t S[20]; uint8_t S[20] = {0};
uint8_t out[32] = { 0 }; uint8_t out[32] = { 0 };
S[0] = 0x69; //FC S[0] = 0x69; //FC
S[1] = (uint8_t)(nas_alg_type & 0xFF); S[1] = (uint8_t)(nas_alg_type & 0xFF);
...@@ -251,19 +260,20 @@ void derive_knas(algorithm_type_dist_t nas_alg_type, uint8_t nas_alg_id, uint8_t ...@@ -251,19 +260,20 @@ void derive_knas(algorithm_type_dist_t nas_alg_type, uint8_t nas_alg_id, uint8_t
S[4] = nas_alg_id; S[4] = nas_alg_id;
S[5] = 0x00; S[5] = 0x00;
S[6] = 0x01; S[6] = 0x01;
kdf(kamf, 32, S, 7, out, 32);
for (int i = 0; i < 16; i++) byte_array_t data = {.buf = S, .len = 7};
knas_int[i] = out[16 + i]; kdf(kamf, data, 32, out);
memcpy(knas_int, out+16, 16);
} }
void derive_kgnb(uint8_t kamf[32], uint32_t count, uint8_t *kgnb){ void derive_kgnb(uint8_t kamf[32], uint32_t count, uint8_t *kgnb){
/* Compute the KDF input parameter /* Compute the KDF input parameter
* S = FC(0x6E) || UL NAS Count || 0x00 0x04 || 0x01 || 0x00 0x01 * S = FC(0x6E) || UL NAS Count || 0x00 0x04 || 0x01 || 0x00 0x01
*/ */
uint8_t input[32]; uint8_t input[32] = {0};
// uint16_t length = 4; // uint16_t length = 4;
// int offset = 0; // int offset = 0;
uint8_t out[32] = { 0 };
LOG_TRACE(INFO, "%s with count= %d", __FUNCTION__, count); LOG_TRACE(INFO, "%s with count= %d", __FUNCTION__, count);
memset(input, 0, 32); memset(input, 0, 32);
...@@ -282,9 +292,9 @@ void derive_kgnb(uint8_t kamf[32], uint32_t count, uint8_t *kgnb){ ...@@ -282,9 +292,9 @@ void derive_kgnb(uint8_t kamf[32], uint32_t count, uint8_t *kgnb){
input[8] = 0; input[8] = 0;
input[9] = 1; input[9] = 1;
kdf(kamf, 32, input, 10, out, 32); byte_array_t data = {.buf = input, .len = 10};
for (int i = 0; i < 32; i++) kdf(kamf, data, 32, kgnb);
kgnb[i] = out[i];
printf("kgnb : "); printf("kgnb : ");
for(int pp=0;pp<32;pp++) for(int pp=0;pp<32;pp++)
printf("%02x ",kgnb[pp]); printf("%02x ",kgnb[pp]);
......
...@@ -67,6 +67,7 @@ Description Defines the authentication EMM procedure executed by the ...@@ -67,6 +67,7 @@ Description Defines the authentication EMM procedure executed by the
#include "usim_api.h" #include "usim_api.h"
#include "secu_defs.h" #include "secu_defs.h"
#include "kdf.h"
#include "Authentication.h" #include "Authentication.h"
#include "executables/lte-softmodem.h" #include "executables/lte-softmodem.h"
...@@ -982,14 +983,10 @@ static int _authentication_kasme(const OctetString *autn, ...@@ -982,14 +983,10 @@ static int _authentication_kasme(const OctetString *autn,
input_s[4],input_s[5],input_s[6],input_s[7], input_s[4],input_s[5],input_s[6],input_s[7],
input_s[8],input_s[9],input_s[10],input_s[11], input_s[8],input_s[9],input_s[10],input_s[11],
input_s[12],input_s[13]); input_s[12],input_s[13]);
/* TODO !!! Compute the Kasme key */
// todo_hmac_256(key, input_s, kasme->value); assert(ck->length + ik->length == 32);
kdf(key, byte_array_t data = {.len = offset, .buf = input_s};
ck->length + ik->length , /*key_length*/ kdf(key, data, kasme->length, kasme->value);
input_s,
offset,
kasme->value,
kasme->length);
LOG_TRACE(INFO,"EMM-PROC KASME (l=%d)%s", LOG_TRACE(INFO,"EMM-PROC KASME (l=%d)%s",
kasme->length, kasme->length,
......
...@@ -63,6 +63,7 @@ Description Defines the security mode control EMM procedure executed by the ...@@ -63,6 +63,7 @@ Description Defines the security mode control EMM procedure executed by the
# include "assertions.h" # include "assertions.h"
#include "secu_defs.h" #include "secu_defs.h"
#include "kdf.h"
#include "SecurityModeControl.h" #include "SecurityModeControl.h"
#if defined(NAS_BUILT_IN_UE) #if defined(NAS_BUILT_IN_UE)
...@@ -484,7 +485,9 @@ static int _security_kenb(const OctetString *kasme, OctetString *kenb, ...@@ -484,7 +485,9 @@ static int _security_kenb(const OctetString *kasme, OctetString *kenb,
input[5] = 0; input[5] = 0;
input[6] = 4; input[6] = 4;
kdf(kasme->value, 32, input, 7, kenb->value, 32); byte_array_t data = {.len = 7, .buf = input};
kdf(kasme->value, data, 32, kenb->value);
kenb->length = 32; kenb->length = 32;
return (RETURNok); return (RETURNok);
} }
...@@ -536,8 +539,12 @@ static int _security_kdf(const OctetString *kasme, OctetString *key, ...@@ -536,8 +539,12 @@ static int _security_kdf(const OctetString *kasme, OctetString *key,
input[5] = 0x00; input[5] = 0x00;
input[6] = 0x01; input[6] = 0x01;
assert(kasme->length == 32);
byte_array_t data = {.len = 7, .buf=input};
/* Compute the derived key */ /* Compute the derived key */
kdf(kasme->value, kasme->length, input, 7, output, 32); kdf(kasme->value, data, 32, output);
memcpy(key->value, &output[31 - key->length + 1], key->length); memcpy(key->value, &output[31 - key->length + 1], key->length);
return (RETURNok); return (RETURNok);
} }
......
...@@ -19,66 +19,70 @@ ...@@ -19,66 +19,70 @@
* contact@openairinterface.org * contact@openairinterface.org
*/ */
#include <stdio.h> #ifndef AES_128_OAI_H
#include <stdlib.h> #define AES_128_OAI_H
#include <endian.h>
#include <stdint.h> #include <stdint.h>
#include <unistd.h> #include <stdlib.h>
#include "test_util.h" // see 33.401 B.2.3 for the input to 128-EIA2
// (which is identical to 128-NIA2, see 33.501 D.3.1.3)
#include "secu_defs.h" typedef struct {
uint32_t count;
uint8_t padding: 2;
uint8_t direction: 1;
uint8_t bearer: 5;
uint8_t pad_8;
uint16_t pad_16;
uint64_t pad_64;
} data_iv16_t;
#include <nettle/nettle-meta.h> typedef struct{
#include <nettle/aes.h> union{
#include <nettle/ctr.h> data_iv16_t d;
uint8_t iv[16];
};
} iv16_t;
static void test_cipher_ctr(const struct nettle_cipher *cipher, const uint8_t *key, typedef struct {
unsigned key_length, const uint8_t *cleartext, unsigned length, uint32_t count;
const uint8_t *ciphertext, const uint8_t *ictr) uint8_t padding: 2;
{ uint8_t direction: 1;
void *ctx = malloc(cipher->context_size); uint8_t bearer: 5;
uint8_t *data = malloc(length); uint8_t pad_8;
uint8_t *ctr = malloc(cipher->block_size); uint16_t pad_16;
} data_iv8_t;
#if NETTLE_VERSION_MAJOR < 3 typedef struct{
cipher->set_encrypt_key(ctx, key_length, key); union{
#else data_iv8_t d;
cipher->set_encrypt_key(ctx, key); uint8_t iv[8];
#endif };
} iv8_t;
memcpy(ctr, ictr, cipher->block_size); typedef enum{
AES_INITIALIZATION_VECTOR_8,
AES_INITIALIZATION_VECTOR_16,
ctr_crypt(ctx, cipher->encrypt, AES_INITIALIZATION_VECTOR_END,
cipher->block_size, ctr, } iv_e;
length, data, cleartext);
if (compare_buffer(data, length, ciphertext, length) != 0) { #if __BYTE_ORDER == __BIG_ENDIAN
fail("Fail: test_cipher_ctr"); static_assert(0 != 0, "The struct iv_t needs little endianness");
} #endif
// static_assert((16 == sizeof(iv_t)) , "Initialization Vector needs to have an AES_BLOCK_SIZE" );
free(ctx); typedef struct {
free(data); uint8_t key[16];
free(ctr); iv_e type;
} union{
iv8_t iv8;
iv16_t iv16;
};
} aes_128_t;
#endif
void doit (void)
{
/* From NIST spec 800-38a on AES modes,
*
* http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38A.pdf
*
* F.5 CTR Example Vectors
*/
/* F.5.1 CTR-AES128.Encrypt */
test_cipher_ctr(&nettle_aes128,
HL("2b7e151628aed2a6abf7158809cf4f3c"),
HL("6bc1bee22e409f96e93d7e117393172a"
"ae2d8a571e03ac9c9eb76fac45af8e51"
"30c81c46a35ce411e5fbc1191a0a52ef"
"f69f2445df4f9b17ad2b417be66c3710"),
H("874d6191b620e3261bef6864990db6ce"
"9806f66b7970fdff8617187bb9fffdff"
"5ae4df3edbd5d35e5b4f09020db03eab"
"1e031dda2fbe03d1792170a0f3009cee"),
H("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
}
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include "aes_128_cbc_cmac.h"
#include "common/utils/assertions.h"
#include <openssl/cmac.h>
#if OPENSSL_VERSION_MAJOR >= 3
// code for version 3.0 or greater
#include <openssl/core_names.h>
static
const char *propq = NULL;
void aes_128_cbc_cmac(const aes_128_t* k_iv, byte_array_t msg, size_t len_out, uint8_t out[len_out])
{
OSSL_LIB_CTX* library_context = OSSL_LIB_CTX_new();
DevAssert(library_context != NULL);
/* Fetch the CMAC implementation */
EVP_MAC* mac = EVP_MAC_fetch(library_context, "CMAC", propq);
DevAssert(mac != NULL);
/* Create a context for the CMAC operation */
EVP_MAC_CTX* mctx = EVP_MAC_CTX_new(mac);
DevAssert(mctx != NULL);
// The underlying cipher to be used
char cipher_name[] = "aes128";
OSSL_PARAM params[2] = {0};
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, cipher_name,
sizeof(cipher_name));
params[1] = OSSL_PARAM_construct_end();
/* Initialise the CMAC operation */
int rc = EVP_MAC_init(mctx, k_iv->key, sizeof(k_iv->key), params);
DevAssert(rc != 0);
size_t sz_iv = 0;
uint8_t* iv = NULL;
if(k_iv->type == AES_INITIALIZATION_VECTOR_8){
sz_iv = 8;
iv = (uint8_t*)k_iv->iv8.iv;
} else if(k_iv->type == AES_INITIALIZATION_VECTOR_16) {
sz_iv = 16;
iv = (uint8_t*)k_iv->iv16.iv;
} else {
DevAssert(0!=0 && "Unknwon Initialization vector");
}
/* Make one or more calls to process the data to be authenticated */
rc = EVP_MAC_update(mctx, iv, sz_iv);
DevAssert(rc != 0);
/* Make one or more calls to process the data to be authenticated */
rc = EVP_MAC_update(mctx, msg.buf, msg.len);
DevAssert(rc != 0);
/* Make a call to the final with a NULL buffer to get the length of the MAC */
size_t out_len = 0;
rc = EVP_MAC_final(mctx, out, &out_len, len_out);
DevAssert(rc != 0);
EVP_MAC_CTX_free(mctx);
EVP_MAC_free(mac);
OSSL_LIB_CTX_free(library_context);
}
cbc_cmac_ctx_t init_aes_128_cbc_cmac(uint8_t key[16])
{
DevAssert(key != NULL);
OSSL_LIB_CTX* library_context = OSSL_LIB_CTX_new();
DevAssert(library_context != NULL);
/* Fetch the CMAC implementation */
EVP_MAC* mac = EVP_MAC_fetch(library_context, "CMAC", propq);
DevAssert(mac != NULL);
cbc_cmac_ctx_t ctx = {.lib_ctx = library_context, .mac = mac };
assert(16 == sizeof(ctx.key));
memcpy(ctx.key, key, 16);
return ctx;
}
void cipher_aes_128_cbc_cmac(cbc_cmac_ctx_t const* ctx, const aes_128_t* k_iv, byte_array_t msg, size_t len_out, uint8_t out[len_out])
{
DevAssert(ctx != NULL);
DevAssert(k_iv != NULL);
/* Create a context for the CMAC operation */
EVP_MAC_CTX* mctx = EVP_MAC_CTX_new(ctx->mac);
DevAssert(mctx != NULL);
// The underlying cipher to be used
char cipher_name[] = "aes128";
OSSL_PARAM params[2] = {0};
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, cipher_name,
sizeof(cipher_name));
params[1] = OSSL_PARAM_construct_end();
/* Initialise the CMAC operation */
int rc = EVP_MAC_init(mctx, k_iv->key, sizeof(k_iv->key), params);
DevAssert(rc != 0);
size_t sz_iv = 0;
uint8_t* iv = NULL;
if(k_iv->type == AES_INITIALIZATION_VECTOR_8){
sz_iv = 8;
iv = (uint8_t*)k_iv->iv8.iv;
} else if(k_iv->type == AES_INITIALIZATION_VECTOR_16) {
sz_iv = 16;
iv = (uint8_t*)k_iv->iv16.iv;
} else {
DevAssert(0!=0 && "Unknwon Initialization vector");
}
/* Make one or more calls to process the data to be authenticated */
rc = EVP_MAC_update(mctx, iv, sz_iv);
DevAssert(rc != 0);
/* Make one or more calls to process the data to be authenticated */
rc = EVP_MAC_update(mctx, msg.buf, msg.len);
DevAssert(rc != 0);
/* Make a call to the final with a NULL buffer to get the length of the MAC */
size_t out_len = 0;
rc = EVP_MAC_final(mctx, out, &out_len, len_out);
DevAssert(rc != 0);
EVP_MAC_CTX_free(mctx);
}
void free_aes_128_cbc_cmac(cbc_cmac_ctx_t const* ctx)
{
DevAssert(ctx != NULL);
EVP_MAC_free(ctx->mac);
OSSL_LIB_CTX_free(ctx->lib_ctx);
}
#else
// code for 1.1.x or lower
void aes_128_cbc_cmac(const aes_128_t* k_iv, byte_array_t msg, size_t len_out, uint8_t out[len_out])
{
DevAssert(k_iv != NULL);
CMAC_CTX *ctx = CMAC_CTX_new();
DevAssert(ctx != NULL);
CMAC_Init(ctx, k_iv->key, sizeof(k_iv->key), EVP_aes_128_cbc(), NULL);
size_t sz_iv = 0;
uint8_t* iv = NULL;
if(k_iv->type == AES_INITIALIZATION_VECTOR_8){
sz_iv = 8;
iv = (uint8_t*)k_iv->iv8.iv;
} else if(k_iv->type == AES_INITIALIZATION_VECTOR_16) {
sz_iv = 16;
iv = (uint8_t*)k_iv->iv16.iv;
} else {
DevAssert(0!=0 && "Unknwon Initialization vector");
}
CMAC_Update(ctx, iv, sz_iv);
CMAC_Update(ctx, msg.buf, msg.len);
size_t len_res = 0;
CMAC_Final(ctx, out, &len_res);
DevAssert(len_res <= len_out);
CMAC_CTX_free(ctx);
}
cbc_cmac_ctx_t init_aes_128_cbc_cmac(uint8_t key[16])
{
DevAssert(key != NULL);
cbc_cmac_ctx_t ctx = {.lib_ctx = NULL, .mac = NULL };
ctx.mac = CMAC_CTX_new();
DevAssert(ctx.mac != NULL);
//assert(16 == sizeof(ctx.key));
memcpy(ctx.key, key, 16); //sizeof(ctx.key));
CMAC_Init(ctx.mac, ctx.key, 16, EVP_aes_128_cbc(), NULL);
return ctx;
}
void cipher_aes_128_cbc_cmac(cbc_cmac_ctx_t const* ctx, const aes_128_t* k_iv, byte_array_t msg, size_t len_out, uint8_t out[len_out])
{
DevAssert(ctx != NULL);
DevAssert(k_iv != NULL);
//From https://man.openbsd.org/CMAC_Init.3
//If ctx is already initialized, CMAC_Init() can be called again with key,
//cipher, and impl all set to NULL and key_len set to 0. In that case, any
//data already processed is discarded and ctx is re-initialized to start
//reading data anew.
CMAC_Init(ctx->mac, NULL, 0, NULL, NULL);
size_t sz_iv = 0;
uint8_t* iv = NULL;
if(k_iv->type == AES_INITIALIZATION_VECTOR_8){
sz_iv = 8;
iv = (uint8_t*)k_iv->iv8.iv;
} else if(k_iv->type == AES_INITIALIZATION_VECTOR_16) {
sz_iv = 16;
iv = (uint8_t*)k_iv->iv16.iv;
} else {
DevAssert(0!=0 && "Unknwon Initialization vector");
}
CMAC_Update(ctx->mac, iv, sz_iv);
CMAC_Update(ctx->mac, msg.buf, msg.len);
size_t len_res = 0;
CMAC_Final(ctx->mac, out, &len_res);
DevAssert(len_res <= len_out);
}
void free_aes_128_cbc_cmac(cbc_cmac_ctx_t const* ctx)
{
DevAssert(ctx != NULL);
CMAC_CTX_free(ctx->mac);
}
#endif
...@@ -19,67 +19,30 @@ ...@@ -19,67 +19,30 @@
* contact@openairinterface.org * contact@openairinterface.org
*/ */
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <unistd.h>
#include "test_util.h" #ifndef AES_128_CBC_CMAC_H
#define AES_128_CBC_CMAC_H
#include "secu_defs.h" #include "aes_128.h"
#include "common/utils/ds/byte_array.h"
#include <nettle/nettle-meta.h>
#include <nettle/aes.h>
#include <nettle/ctr.h>
static #include <stdint.h>
void test_uncipher_ctr(const struct nettle_cipher *cipher, const uint8_t *key, #include <stdlib.h>
unsigned key_length, const uint8_t *cipheredtext,
unsigned length, const uint8_t *cleartext, const uint8_t *ictr)
{
void *ctx = malloc(cipher->context_size);
uint8_t *data = malloc(length);
uint8_t *ctr = malloc(cipher->block_size);
#if NETTLE_VERSION_MAJOR < 3 typedef struct {
cipher->set_encrypt_key(ctx, key_length, key); void* lib_ctx;
#else void* mac;
cipher->set_encrypt_key(ctx, key); uint8_t key[16];
#endif } cbc_cmac_ctx_t ;
void aes_128_cbc_cmac(const aes_128_t* k_iv, byte_array_t msg, size_t len_out, uint8_t out[len_out]);
memcpy(ctr, ictr, cipher->block_size); cbc_cmac_ctx_t init_aes_128_cbc_cmac(uint8_t key[16]);
ctr_crypt(ctx, cipher->encrypt, void cipher_aes_128_cbc_cmac(cbc_cmac_ctx_t const* ctx, const aes_128_t* k_iv, byte_array_t msg, size_t len_out, uint8_t out[len_out]);
cipher->block_size, ctr,
length, data, cipheredtext);
if (compare_buffer(data, length, cleartext, length) != 0) { void free_aes_128_cbc_cmac(cbc_cmac_ctx_t const* ctx);
fail("Fail: test_uncipher_ctr\n");
}
free(ctx); #endif
free(data);
free(ctr);
}
void doit (void)
{
/* From NIST spec 800-38a on AES modes,
*
* http://csrc.nist.gov/CryptoToolkit/modes/800-38_Series_Publications/SP800-38A.pdf
*
* F.5 CTR Example Vectors
*/
/* F.5.1 CTR-AES128.Encrypt */
test_uncipher_ctr(&nettle_aes128,
HL("2b7e151628aed2a6abf7158809cf4f3c"),
HL("6bc1bee22e409f96e93d7e117393172a"
"ae2d8a571e03ac9c9eb76fac45af8e51"
"30c81c46a35ce411e5fbc1191a0a52ef"
"f69f2445df4f9b17ad2b417be66c3710"),
H("874d6191b620e3261bef6864990db6ce"
"9806f66b7970fdff8617187bb9fffdff"
"5ae4df3edbd5d35e5b4f09020db03eab"
"1e031dda2fbe03d1792170a0f3009cee"),
H("f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"));
}
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
// TS 133 401 pag. 88
#include "aes_128_ctr.h"
#include "common/utils/assertions.h"
#include <openssl/aes.h>
#include <openssl/err.h>
#include <openssl/evp.h>
void aes_128_ctr(const aes_128_t* k_iv, byte_array_t msg, size_t len_out, uint8_t out[len_out])
{
DevAssert(k_iv != NULL);
DevAssert(sizeof(iv16_t) == AES_BLOCK_SIZE);
DevAssert(k_iv->type == AES_INITIALIZATION_VECTOR_16);
// Create and initialise the context
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
DevAssert(ctx != NULL);
// Set IV length if default 12 bytes (96 bits) is not appropriate
// int rc = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CTR_SET_IVLEN, 16, NULL))
// Initialise the encryption operation.
int rc = EVP_EncryptInit_ex(ctx, EVP_aes_128_ctr(), NULL, k_iv->key, k_iv->iv16.iv);
DevAssert(rc == 1);
OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == AES_BLOCK_SIZE);
int len_ev = 0;
rc = EVP_EncryptUpdate(ctx, out, &len_ev, msg.buf, msg.len);
DevAssert(!(len_ev > len_out) && "Buffer overflow");
// Finalise the encryption. Normally ciphertext bytes may be written at
// this stage, but this does not occur in GCM mode
rc = EVP_EncryptFinal_ex(ctx, out + len_ev, &len_ev);
DevAssert(rc == 1);
// Get the tag
// rc == EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag))
EVP_CIPHER_CTX_free(ctx);
}
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#ifndef AES_128_CTR_OAI_H
#define AES_128_CTR_OAI_H
#include "aes_128.h"
#include "common/utils/ds/byte_array.h"
#include <endian.h>
#include <stdint.h>
#include <stdlib.h>
void aes_128_ctr(const aes_128_t* k_iv, byte_array_t msg, size_t len_out, uint8_t out[len_out]);
#endif
...@@ -19,87 +19,18 @@ ...@@ -19,87 +19,18 @@
* contact@openairinterface.org * contact@openairinterface.org
*/ */
#include "common/utils/assertions.h"
#include "openair3/SECU/sha_256_hmac.h"
#include <stdlib.h> #include <stdlib.h>
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include <nettle/hmac.h>
#include "security_types.h" #include "kdf.h"
#include "secu_defs.h"
void kdf(const uint8_t *key, uint16_t key_len, uint8_t *s, uint16_t s_len, uint8_t *out, void kdf(const uint8_t key[32], byte_array_t data, size_t len, uint8_t out[len])
uint16_t out_len)
{ {
struct hmac_sha256_ctx ctx; // Do we still need kdf function?
sha_256_hmac(key, data, len, out);
memset(&ctx, 0, sizeof(ctx));
hmac_sha256_set_key(&ctx, key_len, key);
hmac_sha256_update(&ctx, s_len, s);
hmac_sha256_digest(&ctx, out_len, out);
}
#ifndef NAS_UE
int derive_keNB(const uint8_t kasme[32], const uint32_t nas_count, uint8_t *keNB)
{
uint8_t s[7];
// FC
s[0] = FC_KENB;
// P0 = Uplink NAS count
s[1] = (nas_count & 0xff000000) >> 24;
s[2] = (nas_count & 0x00ff0000) >> 16;
s[3] = (nas_count & 0x0000ff00) >> 8;
s[4] = (nas_count & 0x000000ff);
// Length of NAS count
s[5] = 0x00;
s[6] = 0x04;
kdf(kasme, 32, s, 7, keNB, 32);
return 0;
} }
#endif
int derive_keNB_star(
const uint8_t *kenb_32,
const uint16_t pci,
const uint32_t earfcn_dl,
const bool is_rel8_only,
uint8_t *kenb_star)
{
// see 33.401 section A.5 KeNB* derivation function
uint8_t s[10] = {0};
// FC = 0x13
s[0] = FC_KENB_STAR;
// P0 = PCI (target physical cell id)
s[1] = (pci & 0x0000ff00) >> 8;
s[2] = (pci & 0x000000ff);
// L0 = length of PCI (i.e. 0x00 0x02)
s[3] = 0x00;
s[4] = 0x02;
// P1 = EARFCN-DL (target physical cell downlink frequency)
if (is_rel8_only) {
s[5] = (earfcn_dl & 0x0000ff00) >> 8;
s[6] = (earfcn_dl & 0x000000ff);
s[7] = 0x00;
s[8] = 0x02;
kdf (kenb_32, 32, s, 9, kenb_star, 32);
} else {
s[5] = (earfcn_dl & 0x00ff0000) >> 16;
s[6] = (earfcn_dl & 0x0000ff00) >> 8;
s[7] = (earfcn_dl & 0x000000ff);
s[8] = 0x00;
s[9] = 0x03;
kdf (kenb_32, 32, s, 10, kenb_star, 32);
}
// L1 length of EARFCN-DL (i.e. L1 = 0x00 0x02 if EARFCN-DL is between 0 and 65535, and L1 = 0x00 0x03 if EARFCN-DL is between 65536 and 262143)
// NOTE: The length of EARFCN-DL cannot be generally set to 3 bytes for backward compatibility reasons: A Rel-8
// entity (UE or eNB) would always assume an input parameter length of 2 bytes for the EARFCN-DL. This
// would lead to different derived keys if another entity assumed an input parameter length of 3 bytes for the
// EARFCN-DL.
return 0;
}
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#ifndef KEY_DERIVATION_FUNCTION_OSA_H
#define KEY_DERIVATION_FUNCTION_OSA_H
#include <stdint.h>
#include <stdlib.h>
#include "byte_array.h"
void kdf(const uint8_t key[32], byte_array_t data, size_t len, uint8_t out[len]);
#endif
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
#include "security_types.h" #include "security_types.h"
#include "secu_defs.h" #include "secu_defs.h"
#include "kdf.h"
#define SECU_DEBUG 1 #define SECU_DEBUG 1
/*! /*!
...@@ -79,7 +80,9 @@ int derive_key_nas(algorithm_type_dist_t nas_alg_type, uint8_t nas_enc_alg_id, ...@@ -79,7 +80,9 @@ int derive_key_nas(algorithm_type_dist_t nas_alg_type, uint8_t nas_enc_alg_id,
printf("\n"); printf("\n");
#endif #endif
kdf(kasme, 32, s, 7, out, 32); //kdf(kasme, 32, s, 7, out, 32);
byte_array_t data = {.len = 7, .buf = s};
kdf(kasme, data, 32, out);
memcpy(knas, &out[31-16+1], 16); memcpy(knas, &out[31-16+1], 16);
......
...@@ -24,10 +24,6 @@ ...@@ -24,10 +24,6 @@
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include <nettle/nettle-meta.h>
#include <nettle/aes.h>
#include <nettle/ctr.h>
#include "assertions.h" #include "assertions.h"
#include "conversions.h" #include "conversions.h"
#include "secu_defs.h" #include "secu_defs.h"
......
...@@ -19,84 +19,40 @@ ...@@ -19,84 +19,40 @@
* contact@openairinterface.org * contact@openairinterface.org
*/ */
#include <arpa/inet.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include <nettle/nettle-meta.h> #include "aes_128_ctr.h"
#include <nettle/aes.h>
#include <nettle/ctr.h>
#include "assertions.h" #include "assertions.h"
#include "conversions.h" #include "conversions.h"
#include "secu_defs.h" #include "secu_defs.h"
// #define SECU_DEBUG
int nas_stream_encrypt_eea2(nas_stream_cipher_t *stream_cipher, uint8_t *out) int nas_stream_encrypt_eea2(nas_stream_cipher_t *stream_cipher, uint8_t *out)
{ {
uint8_t m[16];
uint32_t local_count;
void *ctx;
uint8_t *data;
uint32_t zero_bit = 0;
uint32_t byte_length;
DevAssert(stream_cipher != NULL); DevAssert(stream_cipher != NULL);
DevAssert(out != NULL); DevAssert(stream_cipher->key != NULL);
DevAssert(stream_cipher->key_length == 32);
zero_bit = stream_cipher->blength & 0x7; DevAssert(stream_cipher->bearer < 32);
DevAssert(stream_cipher->direction < 2);
byte_length = stream_cipher->blength >> 3; DevAssert(stream_cipher->message != NULL);
DevAssert(stream_cipher->blength > 7);
if (zero_bit > 0)
byte_length += 1; aes_128_t p = {0};
memcpy(p.key, stream_cipher->key, stream_cipher->key_length);
ctx = malloc(nettle_aes128.context_size); p.type = AES_INITIALIZATION_VECTOR_16;
data = malloc(byte_length); p.iv16.d.count = htonl(stream_cipher->count);
p.iv16.d.bearer = stream_cipher->bearer;
local_count = hton_int32(stream_cipher->count); p.iv16.d.direction = stream_cipher->direction;
memset(m, 0, sizeof(m)); DevAssert((stream_cipher->blength & 0x07) == 0);
memcpy(&m[0], &local_count, 4); const uint32_t byte_lenght = stream_cipher->blength >> 3;
m[4] = ((stream_cipher->bearer & 0x1F) << 3) | // Precondition: out must have enough space, at least as much as the input
((stream_cipher->direction & 0x01) << 2); const size_t len_out = byte_lenght;
/* Other bits are 0 */ byte_array_t msg = {.buf = stream_cipher->message, .len = byte_lenght};
aes_128_ctr(&p, msg, len_out, out);
#if defined(SECU_DEBUG)
{
int i;
printf("Blength: %u, Zero bits: %u\n", stream_cipher->blength, zero_bit);
for (i = 0; i < sizeof(m); i++)
printf("0x%02x ", m[i]);
printf("\n");
}
#endif
#if NETTLE_VERSION_MAJOR < 3
nettle_aes128.set_encrypt_key(ctx, stream_cipher->key_length,
stream_cipher->key);
#else
nettle_aes128.set_encrypt_key(ctx,
stream_cipher->key);
#endif
nettle_ctr_crypt(ctx, nettle_aes128.encrypt,
nettle_aes128.block_size, m,
byte_length, data, stream_cipher->message);
if (zero_bit > 0)
data[byte_length - 1] = data[byte_length - 1] & (uint8_t)(0xFF << (8 - zero_bit));
memcpy(out, data, byte_length);
free(data);
free(ctx);
return 0; return 0;
} }
...@@ -19,6 +19,7 @@ ...@@ -19,6 +19,7 @@
* contact@openairinterface.org * contact@openairinterface.org
*/ */
#include <assert.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <stdint.h> #include <stdint.h>
...@@ -26,15 +27,8 @@ ...@@ -26,15 +27,8 @@
#include "secu_defs.h" #include "secu_defs.h"
#include <openssl/aes.h> #include <arpa/inet.h>
#include <openssl/cmac.h> #include "aes_128_cbc_cmac.h"
#include <openssl/evp.h>
// test
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/bio.h>
#include "assertions.h" #include "assertions.h"
#include "conversions.h" #include "conversions.h"
...@@ -45,84 +39,28 @@ ...@@ -45,84 +39,28 @@
* @param[in] stream_cipher Structure containing various variables to setup encoding * @param[in] stream_cipher Structure containing various variables to setup encoding
* @param[out] out For EIA2 the output string is 32 bits long * @param[out] out For EIA2 the output string is 32 bits long
*/ */
int nas_stream_encrypt_eia2(nas_stream_cipher_t *stream_cipher, uint8_t out[4]) int nas_stream_encrypt_eia2(nas_stream_cipher_t *stream_cipher, uint8_t out[4])
{ {
uint8_t *m = NULL;
uint32_t local_count;
size_t size = 4;
uint8_t data[16];
CMAC_CTX *cmac_ctx = NULL;
const EVP_CIPHER *cipher = EVP_aes_128_cbc();
uint32_t zero_bit = 0;
uint32_t m_length;
int ret;
DevAssert(stream_cipher != NULL); DevAssert(stream_cipher != NULL);
DevAssert(stream_cipher->key != NULL); DevAssert(stream_cipher->message != NULL);
DevAssert(stream_cipher->key_length > 0); DevAssert(stream_cipher->bearer < 32);
DevAssert(out != NULL); DevAssert(stream_cipher->key_length == 16);
DevAssert((stream_cipher->blength & 0x7) == 0);
memset(data, 0, 16);
aes_128_t k_iv = {0};
zero_bit = stream_cipher->blength & 0x7; memcpy(&k_iv.key, stream_cipher->key, sizeof(k_iv.key));
k_iv.type = AES_INITIALIZATION_VECTOR_8;
m_length = stream_cipher->blength >> 3; k_iv.iv8.d.bearer = stream_cipher->bearer;
k_iv.iv8.d.direction = stream_cipher->direction;
if (zero_bit > 0) k_iv.iv8.d.count = htonl(stream_cipher->count);
m_length += 1;
size_t const m_length = stream_cipher->blength >> 3;
local_count = hton_int32(stream_cipher->count); uint8_t result[16] = {0};
byte_array_t msg = {.buf = stream_cipher->message, .len = m_length };
m = calloc(m_length + 8, sizeof(uint8_t)); aes_128_cbc_cmac(&k_iv, msg, sizeof(result), result);
memcpy(&m[0], &local_count, 4); memcpy(out, result, 4);
m[4] = ((stream_cipher->bearer & 0x1F) << 3) | ((stream_cipher->direction & 0x01) << 2);
memcpy(&m[8], stream_cipher->message, m_length);
#if defined(SECU_DEBUG)
{
int i;
printf("Byte length: %u, Zero bits: %u\nm: ", m_length + 8, zero_bit);
for (i = 0; i < m_length + 8; i++)
printf("%02x", m[i]);
printf("\nKey:");
for (i = 0; i < stream_cipher->key_length; i++)
printf("%02x", stream_cipher->key[i]);
printf("\nMessage:");
for (i = 0; i < m_length; i++)
printf("%02x", stream_cipher->message[i]);
printf("\n");
}
#endif
cmac_ctx = CMAC_CTX_new();
ret = CMAC_Init(cmac_ctx, stream_cipher->key, stream_cipher->key_length, cipher, NULL);
ret = CMAC_Update(cmac_ctx, m, m_length + 8);
(void)ret; /* avoid gcc warning "set but not used" */
CMAC_Final(cmac_ctx, data, &size);
CMAC_CTX_free(cmac_ctx);
#if defined(SECU_DEBUG)
{
int i;
printf("out: ");
for (i = 0; i < size; i++)
printf("%02x", data[i]);
printf("\n");
}
#endif
memcpy(out, data, 4);
free(m);
return 0; return 0;
} }
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#include "secu_defs.h"
#include "kdf.h"
#ifndef NAS_UE
int derive_keNB(const uint8_t kasme[32], const uint32_t nas_count, uint8_t *keNB)
{
uint8_t s[7] = {0};
// FC
s[0] = FC_KENB;
// P0 = Uplink NAS count
s[1] = (nas_count & 0xff000000) >> 24;
s[2] = (nas_count & 0x00ff0000) >> 16;
s[3] = (nas_count & 0x0000ff00) >> 8;
s[4] = (nas_count & 0x000000ff);
// Length of NAS count
s[5] = 0x00;
s[6] = 0x04;
// kdf(kasme, 32, s, 7, keNB, 32);
byte_array_t data = {.buf = s, .len = 7};
kdf(kasme, data, 32, keNB);
return 0;
}
#endif
int derive_keNB_star(
const uint8_t *kenb_32,
const uint16_t pci,
const uint32_t earfcn_dl,
const bool is_rel8_only,
uint8_t *kenb_star)
{
// see 33.401 section A.5 KeNB* derivation function
uint8_t s[10] = {0};
byte_array_t data = {.buf = s};
// FC = 0x13
s[0] = FC_KENB_STAR;
// P0 = PCI (target physical cell id)
s[1] = (pci & 0x0000ff00) >> 8;
s[2] = (pci & 0x000000ff);
// L0 = length of PCI (i.e. 0x00 0x02)
s[3] = 0x00;
s[4] = 0x02;
// P1 = EARFCN-DL (target physical cell downlink frequency)
if (is_rel8_only) {
s[5] = (earfcn_dl & 0x0000ff00) >> 8;
s[6] = (earfcn_dl & 0x000000ff);
s[7] = 0x00;
s[8] = 0x02;
// kdf (kenb_32, 32, s, 9, kenb_star, 32);
data.len = 9;
} else {
s[5] = (earfcn_dl & 0x00ff0000) >> 16;
s[6] = (earfcn_dl & 0x0000ff00) >> 8;
s[7] = (earfcn_dl & 0x000000ff);
s[8] = 0x00;
s[9] = 0x03;
//kdf (kenb_32, 32, s, 10, kenb_star, 32);
data.len = 10;
}
kdf (kenb_32, data, 32, kenb_star);
// L1 length of EARFCN-DL (i.e. L1 = 0x00 0x02 if EARFCN-DL is between 0 and 65535, and L1 = 0x00 0x03 if EARFCN-DL is between 65536 and 262143)
// NOTE: The length of EARFCN-DL cannot be generally set to 3 bytes for backward compatibility reasons: A Rel-8
// entity (UE or eNB) would always assume an input parameter length of 2 bytes for the EARFCN-DL. This
// would lead to different derived keys if another entity assumed an input parameter length of 3 bytes for the
// EARFCN-DL.
return 0;
}
...@@ -24,6 +24,7 @@ ...@@ -24,6 +24,7 @@
#include "security_types.h" #include "security_types.h"
#include <stdbool.h> #include <stdbool.h>
#include <stdint.h>
#define EIA0_ALG_ID 0x00 #define EIA0_ALG_ID 0x00
#define EIA1_128_ALG_ID 0x01 #define EIA1_128_ALG_ID 0x01
...@@ -36,13 +37,6 @@ ...@@ -36,13 +37,6 @@
#define SECU_DIRECTION_UPLINK 0 #define SECU_DIRECTION_UPLINK 0
#define SECU_DIRECTION_DOWNLINK 1 #define SECU_DIRECTION_DOWNLINK 1
void kdf(const uint8_t *key,
uint16_t key_len,
uint8_t *s,
uint16_t s_len,
uint8_t *out,
uint16_t out_len);
int derive_keNB(const uint8_t kasme[32], const uint32_t nas_count, uint8_t *keNB); int derive_keNB(const uint8_t kasme[32], const uint32_t nas_count, uint8_t *keNB);
int derive_keNB_star(const uint8_t *kenb_32, const uint16_t pci, const uint32_t earfcn_dl, int derive_keNB_star(const uint8_t *kenb_32, const uint16_t pci, const uint32_t earfcn_dl,
......
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#include "common/utils/assertions.h"
#include "sha_256_hmac.h"
#include <openssl/hmac.h>
#if OPENSSL_VERSION_MAJOR >= 3
// code for version 3.0 or greater
#include <openssl/core_names.h>
void sha_256_hmac(const uint8_t key[32], byte_array_t data, size_t len, uint8_t out[len])
{
DevAssert(key != NULL);
DevAssert(data.buf != NULL);
DevAssert(data.len != 0);
DevAssert(len != 0);
OSSL_LIB_CTX* library_context = OSSL_LIB_CTX_new();
DevAssert(library_context != NULL);
// A property query used for selecting the MAC implementation.
const char* propq = NULL;
// Fetch the HMAC implementation
EVP_MAC* mac = EVP_MAC_fetch(library_context, "HMAC", propq);
DevAssert(mac != NULL);
// Create a context for the HMAC operation
EVP_MAC_CTX* mctx = EVP_MAC_CTX_new(mac);
DevAssert(mctx != NULL);
// The underlying digest to be used
OSSL_PARAM params[2] = {0};
char digest_name[] = "SHA2-256";
params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, digest_name, sizeof(digest_name));
params[1] = OSSL_PARAM_construct_end();
// Initialise the HMAC operation
int rc = EVP_MAC_init(mctx, key, 32, params);
DevAssert(rc == 1);
// Make one or more calls to process the data to be authenticated
rc = EVP_MAC_update(mctx, data.buf, data.len);
DevAssert(rc == 1);
// Make one call to the final to get the MAC
rc = EVP_MAC_final(mctx, out, &len, len);
DevAssert(rc == 1);
// OpenSSL free functions will ignore NULL arguments
EVP_MAC_CTX_free(mctx);
EVP_MAC_free(mac);
OSSL_LIB_CTX_free(library_context);
}
#else
// code for 1.1.x or lower
void sha_256_hmac(const uint8_t key[32], byte_array_t data, size_t len, uint8_t out[len])
{
DevAssert(key != NULL);
DevAssert(data.buf != NULL);
DevAssert(data.len != 0);
DevAssert(len != 0);
HMAC_CTX* ctx = HMAC_CTX_new();
HMAC_Init_ex(ctx, key, 32, EVP_sha256(), NULL);
HMAC_Update(ctx, data.buf, data.len);
HMAC_Final(ctx, out, (uint32_t*)&len);
HMAC_CTX_free(ctx);
}
#endif
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#ifndef SHA_256_HMAC_OAI_H
#define SHA_256_HMAC_OAI_H
#include <stdint.h>
#include <stdlib.h>
#include "byte_array.h"
void sha_256_hmac(const uint8_t key[32], byte_array_t data, size_t len, uint8_t out[len]);
#endif
...@@ -43,8 +43,7 @@ if HAVE_CHECK ...@@ -43,8 +43,7 @@ if HAVE_CHECK
TESTS = \ TESTS = \
test_kdf \ test_kdf \
test_aes128_cmac_encrypt \ test_aes128_cmac_encrypt \
test_aes128_ctr_encrypt \ test_aes128_ctr \
test_aes128_ctr_decrypt \
test_secu_kenb \ test_secu_kenb \
test_secu_knas \ test_secu_knas \
test_secu_knas_encrypt_eea1 \ test_secu_knas_encrypt_eea1 \
...@@ -68,8 +67,7 @@ common_ldadd = $(top_builddir)/SECU/libsecu.la \ ...@@ -68,8 +67,7 @@ common_ldadd = $(top_builddir)/SECU/libsecu.la \
check_PROGRAMS = \ check_PROGRAMS = \
test_kdf \ test_kdf \
test_aes128_cmac_encrypt \ test_aes128_cmac_encrypt \
test_aes128_ctr_encrypt \ test_aes128_ctr \
test_aes128_ctr_decrypt \
test_secu_kenb \ test_secu_kenb \
test_secu_knas \ test_secu_knas \
test_secu_knas_encrypt_eea1 \ test_secu_knas_encrypt_eea1 \
......
This diff is collapsed.
...@@ -14,14 +14,6 @@ DATE_REV := $(shell date '+%F %T') ...@@ -14,14 +14,6 @@ DATE_REV := $(shell date '+%F %T')
NUM_CORES:=$(shell cat /proc/cpuinfo | grep processor | wc -l) NUM_CORES:=$(shell cat /proc/cpuinfo | grep processor | wc -l)
# Check for libraries and export cflags/linker variables
NETTLE_FOUND := $(shell if pkg-config --exists nettle; then echo "1" ; else echo "0"; fi)
ifeq ($(NETTLE_FOUND), 1)
NETTLE_LIBS := $(shell pkg-config --libs nettle)
#else
#@echo "package nettle not installed"
endif
OPENSSL_FOUND := $(shell if pkg-config --exists openssl; then echo "1" ; else echo "0"; fi) OPENSSL_FOUND := $(shell if pkg-config --exists openssl; then echo "1" ; else echo "0"; fi)
ifeq ($(OPENSSL_FOUND), 1) ifeq ($(OPENSSL_FOUND), 1)
OPENSSL_LIBS := $(shell pkg-config --libs openssl) OPENSSL_LIBS := $(shell pkg-config --libs openssl)
......
...@@ -20,7 +20,7 @@ First, you must have all four openair SW directories, openair1, openair2, openai ...@@ -20,7 +20,7 @@ First, you must have all four openair SW directories, openair1, openair2, openai
- libpgm-5.1 and libpgm-5.1-dev for distributed simulation with reliable multicast transmport - libpgm-5.1 and libpgm-5.1-dev for distributed simulation with reliable multicast transmport
- libxml2 and libxml2-dev - libxml2 and libxml2-dev
- libforms-bin libforms-dev - libforms-bin libforms-dev
- nettle-dev nettle-bin openssl libssl-dev - openssl libssl-dev
- libatlas-base-dev and libatlas-headers (for Ubuntu 11.04, libatlas-dev instead of libatlas-headers) - libatlas-base-dev and libatlas-headers (for Ubuntu 11.04, libatlas-dev instead of libatlas-headers)
- asn1c and the LTE ASN1 files (for more information on how to install this and generate the required files see the README file in openair2/RRC/LITE/MESSAGES) - asn1c and the LTE ASN1 files (for more information on how to install this and generate the required files see the README file in openair2/RRC/LITE/MESSAGES)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment