From de2985721fabd219174c22127db02109e2ce35bc Mon Sep 17 00:00:00 2001 From: Kurtis Heimerl Date: Tue, 13 Aug 2013 22:43:52 +0000 Subject: [PATCH] adding public GPLv2 a53 library for use git-svn-id: http://wush.net/svn/range/software/public/a53/trunk@6164 19bc5d8c-e614-43d4-8b26-e1612bc8e597 --- COPYING | 279 ++++++++++++++++++++++++++++++++ Makefile | 49 ++++++ README | 14 ++ a5.c | 423 +++++++++++++++++++++++++++++++++++++++++++++++++ a5.h | 66 ++++++++ a53.h | 5 + a53test.cpp | 99 ++++++++++++ a5_speed.c | 72 +++++++++ a5_test.c | 128 +++++++++++++++ a5_test.ok | 30 ++++ bits.c | 221 ++++++++++++++++++++++++++ bits.h | 90 +++++++++++ gea.c | 45 ++++++ gea.h | 28 ++++ gea_test.c | 54 +++++++ gea_test.ok | 9 ++ gprs_cipher.h | 55 +++++++ ifc.cpp | 27 ++++ kasumi.c | 193 ++++++++++++++++++++++ kasumi.h | 36 +++++ kasumi_test.c | 128 +++++++++++++++ kasumi_test.ok | 10 ++ linuxlist.h | 360 +++++++++++++++++++++++++++++++++++++++++ utils.c | 213 +++++++++++++++++++++++++ utils.h | 22 +++ 25 files changed, 2656 insertions(+) create mode 100644 COPYING create mode 100644 Makefile create mode 100644 README create mode 100644 a5.c create mode 100644 a5.h create mode 100644 a53.h create mode 100644 a53test.cpp create mode 100644 a5_speed.c create mode 100644 a5_test.c create mode 100644 a5_test.ok create mode 100644 bits.c create mode 100644 bits.h create mode 100644 gea.c create mode 100644 gea.h create mode 100644 gea_test.c create mode 100644 gea_test.ok create mode 100644 gprs_cipher.h create mode 100644 ifc.cpp create mode 100644 kasumi.c create mode 100644 kasumi.h create mode 100644 kasumi_test.c create mode 100644 kasumi_test.ok create mode 100644 linuxlist.h create mode 100644 utils.c create mode 100644 utils.h diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..5e03b97 --- /dev/null +++ b/COPYING @@ -0,0 +1,279 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..5f8f314 --- /dev/null +++ b/Makefile @@ -0,0 +1,49 @@ +SOURCE_FILES=a5.c bits.c gea.c kasumi.c utils.c ifc.cpp +OBJECT_FILES=a5.o bits.o gea.o kasumi.o utils.o ifc.o +INCLUDE_FILES=a5.h bits.h gea.h gprs_cipher.h kasumi.h linuxlist.h utils.h + +# build A5/3 library +liba53.so.1.0: ${SOURCE_FILES} ${INCLUDE_FILES} Makefile + g++ -O3 -Wall -fPIC -c ${SOURCE_FILES} + g++ -shared -Wl,-soname,liba53.so.1 -o liba53.so.1.0 ${OBJECT_FILES} + ln -sf liba53.so.1.0 liba53.so.1 + ln -sf liba53.so.1.0 liba53.so + +# install A5/3 library +install: liba53.so.1.0 + cp liba53.so.1.0 /usr/lib + ln -sf /usr/lib/liba53.so.1.0 /usr/lib/liba53.so.1 + ln -sf /usr/lib/liba53.so.1.0 /usr/lib/liba53.so + cp a53.h /usr/include + +# test installed A5/3 library +installtest: install + g++ -o a53test a53test.cpp -I/usr/include -L/usr/lib -la53 + ./a53test + +clean: + rm -f ${OBJECT_FILES} liba53.so* a53test + +# otest: a5_test kasumi_test gea_test a5_speed +# ./a5_test | diff - a5_test.ok +# # ./kasumi_test | diff - kasumi_test.ok +# # ./gea_test | diff - gea_test.ok +# ./a5_speed +# +# a5_speed: a5_speed.c ${SOURCE_FILES} ${INCLUDE_FILES} Makefile +# g++ ${OPT} -o a5_speed a5_speed.c ${SOURCE_FILES} +# +# a5_test: a5_test.c ${SOURCE_FILES} ${INCLUDE_FILES} Makefile +# g++ ${OPT} -o a5_test a5_test.c ${SOURCE_FILES} +# +# # kasumi_test: kasumi_test.c ${SOURCE_FILES} ${INCLUDE_FILES} Makefile +# # g++ ${OPT} -o kasumi_test kasumi_test.c ${SOURCE_FILES} +# +# # gea_test: gea_test.c ${SOURCE_FILES} ${INCLUDE_FILES} Makefile +# # g++ ${OPT} -o gea_test gea_test.c ${SOURCE_FILES} +# +# clean: +# rm a5_test kasumi_test gea_test a5_speed +# +# +# diff --git a/README b/README new file mode 100644 index 0000000..e64da53 --- /dev/null +++ b/README @@ -0,0 +1,14 @@ +to build A5/3 library: + make + +to install A5/3 library: + make install + +to test installed A5/3 library: + make installtest + +installed files: + /usr/lib/liba53.so + /usr/lib/liba53.so.1 + /usr/lib/liba53.so.1.0 + /usr/include/a53.h diff --git a/a5.c b/a5.c new file mode 100644 index 0000000..94b62e7 --- /dev/null +++ b/a5.c @@ -0,0 +1,423 @@ +/* + * a5.c + * + * Full reimplementation of A5/1,2 (split and threadsafe) + * + * The logic behind the algorithm is taken from "A pedagogical implementation + * of the GSM A5/1 and A5/2 "voice privacy" encryption algorithms." by + * Marc Briceno, Ian Goldberg, and David Wagner. + * + * Copyright (C) 2011 Sylvain Munaut + * + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/*! \addtogroup a5 + * @{ + */ + +/*! \file gsm/a5.c + * \brief Osmocom GSM A5 ciphering algorithm implementation + */ + +#include +#include +#include +#include + +#include "bits.h" +#include "a5.h" +#include "kasumi.h" + +/*! \brief Main method to generate a A5/x cipher stream + * \param[in] n Which A5/x method to use + * \param[in] key 8 byte array for the key (as received from the SIM) + * \param[in] fn Frame number + * \param[out] dl Pointer to array of ubits to return Downlink cipher stream + * \param[out] ul Pointer to array of ubits to return Uplink cipher stream + * + * Currently A5/[0-4] are supported: -ENOTSUP returned in this case, 0 returned for supported ciphers. + * Either (or both) of dl/ul can be NULL if not needed. + */ +void +osmo_a5(int n, const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul) +{ + switch (n) + { + case 0: + if (dl) + memset(dl, 0x00, 114); + if (ul) + memset(ul, 0x00, 114); + break; + + case 1: + osmo_a5_1(key, fn, dl, ul); + break; + + case 2: + osmo_a5_2(key, fn, dl, ul); + break; + + case 3: + osmo_a5_3(key, fn, dl, ul); + break; + case 4: + osmo_a5_4(key, fn, dl, ul); + break; + + default: + /* a5/[5..7] not supported here/yet */ + + break; + } +} + + +/* ------------------------------------------------------------------------ */ +/* A5/1&2 common stuff */ +/* ------------------------------------------------------------------------ */ + +#define A5_R1_LEN 19 +#define A5_R2_LEN 22 +#define A5_R3_LEN 23 +#define A5_R4_LEN 17 /* A5/2 only */ + +#define A5_R1_MASK ((1<> 16; + x ^= x >> 8; + x ^= x >> 4; + x &= 0xf; + return (0x6996 >> x) & 1; +} + +/*! \brief Compute majority bit from 3 taps + * \param[in] v1 LFSR state ANDed with tap-bit + * \param[in] v2 LFSR state ANDed with tap-bit + * \param[in] v3 LFSR state ANDed with tap-bit + * \return The majority bit (0 or 1) + */ +static inline uint32_t +_a5_12_majority(uint32_t v1, uint32_t v2, uint32_t v3) +{ + return (!!v1 + !!v2 + !!v3) >= 2; +} + +/*! \brief Compute the next LFSR state + * \param[in] r Current state + * \param[in] mask LFSR mask + * \param[in] taps LFSR taps + * \return Next state + */ +static inline uint32_t +_a5_12_clock(uint32_t r, uint32_t mask, uint32_t taps) +{ + return ((r << 1) & mask) | _a5_12_parity(r & taps); +} + + +/* ------------------------------------------------------------------------ */ +/* A5/1 */ +/* ------------------------------------------------------------------------ */ + +#define A51_R1_CLKBIT 0x000100 +#define A51_R2_CLKBIT 0x000400 +#define A51_R3_CLKBIT 0x000400 + +/*! \brief GSM A5/1 Clocking function + * \param[in] r Register state + * \param[in] force Non-zero value disable conditional clocking + */ +static inline void +_a5_1_clock(uint32_t r[], int force) +{ + int cb[3], maj; + + cb[0] = !!(r[0] & A51_R1_CLKBIT); + cb[1] = !!(r[1] & A51_R2_CLKBIT); + cb[2] = !!(r[2] & A51_R3_CLKBIT); + + maj = _a5_12_majority(cb[0], cb[1], cb[2]); + + if (force || (maj == cb[0])) + r[0] = _a5_12_clock(r[0], A5_R1_MASK, A5_R1_TAPS); + + if (force || (maj == cb[1])) + r[1] = _a5_12_clock(r[1], A5_R2_MASK, A5_R2_TAPS); + + if (force || (maj == cb[2])) + r[2] = _a5_12_clock(r[2], A5_R3_MASK, A5_R3_TAPS); +} + +/*! \brief GSM A5/1 Output function + * \param[in] r Register state + * \return The A5/1 output function bit + */ +static inline uint8_t +_a5_1_get_output(uint32_t r[]) +{ + return (r[0] >> (A5_R1_LEN-1)) ^ + (r[1] >> (A5_R2_LEN-1)) ^ + (r[2] >> (A5_R3_LEN-1)); +} + +/*! \brief Generate a GSM A5/1 cipher stream + * \param[in] key 8 byte array for the key (as received from the SIM) + * \param[in] fn Frame number + * \param[out] dl Pointer to array of ubits to return Downlink cipher stream + * \param[out] ul Pointer to array of ubits to return Uplink cipher stream + * + * Either (or both) of dl/ul can be NULL if not needed. + */ +void +osmo_a5_1(const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul) +{ + uint32_t r[3] = {0, 0, 0}; + uint32_t fn_count; + uint32_t b; + int i; + + /* Key load */ + for (i=0; i<64; i++) + { + b = ( key[7 - (i>>3)] >> (i&7) ) & 1; + + _a5_1_clock(r, 1); + + r[0] ^= b; + r[1] ^= b; + r[2] ^= b; + } + + /* Frame count load */ + fn_count = osmo_a5_fn_count(fn); + + for (i=0; i<22; i++) + { + b = (fn_count >> i) & 1; + + _a5_1_clock(r, 1); + + r[0] ^= b; + r[1] ^= b; + r[2] ^= b; + } + + /* Mix */ + for (i=0; i<100; i++) + { + _a5_1_clock(r, 0); + } + + /* Output */ + for (i=0; i<114; i++) { + _a5_1_clock(r, 0); + if (dl) + dl[i] = _a5_1_get_output(r); + } + + for (i=0; i<114; i++) { + _a5_1_clock(r, 0); + if (ul) + ul[i] = _a5_1_get_output(r); + } +} + + +/* ------------------------------------------------------------------------ */ +/* A5/2 */ +/* ------------------------------------------------------------------------ */ + +#define A52_R4_CLKBIT0 0x000400 +#define A52_R4_CLKBIT1 0x000008 +#define A52_R4_CLKBIT2 0x000080 + +/*! \brief GSM A5/2 Clocking function + * \param[in] r Register state + * \param[in] force Non-zero value disable conditional clocking + */ +static inline void +_a5_2_clock(uint32_t r[], int force) +{ + int cb[3], maj; + + cb[0] = !!(r[3] & A52_R4_CLKBIT0); + cb[1] = !!(r[3] & A52_R4_CLKBIT1); + cb[2] = !!(r[3] & A52_R4_CLKBIT2); + + maj = (cb[0] + cb[1] + cb[2]) >= 2; + + if (force || (maj == cb[0])) + r[0] = _a5_12_clock(r[0], A5_R1_MASK, A5_R1_TAPS); + + if (force || (maj == cb[1])) + r[1] = _a5_12_clock(r[1], A5_R2_MASK, A5_R2_TAPS); + + if (force || (maj == cb[2])) + r[2] = _a5_12_clock(r[2], A5_R3_MASK, A5_R3_TAPS); + + r[3] = _a5_12_clock(r[3], A5_R4_MASK, A5_R4_TAPS); +} + +/*! \brief GSM A5/2 Output function + * \param[in] r Register state + * \return The A5/2 output function bit + */ +static inline uint8_t +_a5_2_get_output(uint32_t r[]) +{ + uint8_t b; + + b = (r[0] >> (A5_R1_LEN-1)) ^ + (r[1] >> (A5_R2_LEN-1)) ^ + (r[2] >> (A5_R3_LEN-1)) ^ + _a5_12_majority( r[0] & 0x08000, ~r[0] & 0x04000, r[0] & 0x1000) ^ + _a5_12_majority(~r[1] & 0x10000, r[1] & 0x02000, r[1] & 0x0200) ^ + _a5_12_majority( r[2] & 0x40000, r[2] & 0x10000, ~r[2] & 0x2000); + + return b; +} + +/*! \brief Generate a GSM A5/1 cipher stream + * \param[in] key 8 byte array for the key (as received from the SIM) + * \param[in] fn Frame number + * \param[out] dl Pointer to array of ubits to return Downlink cipher stream + * \param[out] ul Pointer to array of ubits to return Uplink cipher stream + * + * Either (or both) of dl/ul can be NULL if not needed. + */ +void +osmo_a5_2(const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul) +{ + uint32_t r[4] = {0, 0, 0, 0}; + uint32_t fn_count; + uint32_t b; + int i; + + /* Key load */ + for (i=0; i<64; i++) + { + b = ( key[7 - (i>>3)] >> (i&7) ) & 1; + + _a5_2_clock(r, 1); + + r[0] ^= b; + r[1] ^= b; + r[2] ^= b; + r[3] ^= b; + } + + /* Frame count load */ + fn_count = osmo_a5_fn_count(fn); + + for (i=0; i<22; i++) + { + b = (fn_count >> i) & 1; + + _a5_2_clock(r, 1); + + r[0] ^= b; + r[1] ^= b; + r[2] ^= b; + r[3] ^= b; + } + + r[0] |= 1 << 15; + r[1] |= 1 << 16; + r[2] |= 1 << 18; + r[3] |= 1 << 10; + + /* Mix */ + for (i=0; i<99; i++) + { + _a5_2_clock(r, 0); + } + + /* Output */ + for (i=0; i<114; i++) { + _a5_2_clock(r, 0); + if (dl) + dl[i] = _a5_2_get_output(r); + } + + for (i=0; i<114; i++) { + _a5_2_clock(r, 0); + if (ul) + ul[i] = _a5_2_get_output(r); + } +} + +/* ------------------------------------------------------------------------ */ +/* A5/3 */ +/* ------------------------------------------------------------------------ */ + +/*! \brief Generate a GSM A5/3 cipher stream + * \param[in] key 8 byte array for the key (as received from the SIM) + * \param[in] fn Frame number + * \param[out] dl Pointer to array of ubits to return Downlink cipher stream + * \param[out] ul Pointer to array of ubits to return Uplink cipher stream + * + * Either (or both) of dl/ul should be NULL if not needed. + * + * Implementation based on specifications from 3GPP TS 55.216, 3GPP TR 55.919 and ETSI TS 135 202 + * with slight simplifications (CE hardcoded to 0). + */ +void +osmo_a5_3(const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul) +{ + /* internal function require 128 bit key so we expand by concatenating supplied 64 bit key */ + uint8_t ck[16]; + memcpy(ck, key, 8); + memcpy(ck + 8, key, 8); + + osmo_a5_4(ck, fn, dl, ul); +} + +void +osmo_a5_4(const uint8_t *ck, uint32_t fn, ubit_t *dl, ubit_t *ul) +{ + uint8_t i, gamma[32]; + + if (ul) { + _kasumi_kgcore(0xF, 0, fn, 0, ck, gamma, 228); + uint8_t uplink[15]; + for(i = 0; i < 15; i++) uplink[i] = (gamma[i + 14] << 2) + (gamma[i + 15] >> 6); + osmo_pbit2ubit(ul, uplink, 114); + } + if (dl) { + _kasumi_kgcore(0xF, 0, fn, 0, ck, gamma, 114); + osmo_pbit2ubit(dl, gamma, 114); + } +} + +/*! @} */ diff --git a/a5.h b/a5.h new file mode 100644 index 0000000..47b85ab --- /dev/null +++ b/a5.h @@ -0,0 +1,66 @@ +/* + * a5.h + * + * Copyright (C) 2011 Sylvain Munaut + * + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef __OSMO_A5_H__ +#define __OSMO_A5_H__ + +#include +#include + +#include "bits.h" + +/*! \defgroup a5 GSM A5 ciphering algorithm + * @{ + */ + +/*! \file gsm/a5.h + * \brief Osmocom GSM A5 ciphering algorithm header + */ + +/*! \brief Converts a frame number into the 22 bit number used in A5/x + * \param[in] fn The true framenumber + * \return 22 bit word + */ +static inline uint32_t +osmo_a5_fn_count(uint32_t fn) +{ + int t1 = fn / (26 * 51); + int t2 = fn % 26; + int t3 = fn % 51; + return (t1 << 11) | (t3 << 5) | t2; +} + + /* Notes: + * - key must be 8 bytes long (or NULL for A5/0) + * - the dl and ul pointer must be either NULL or 114 bits long + * - fn is the _real_ GSM frame number. + * (converted internally to fn_count) + */ +void osmo_a5(int n, const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul); +void osmo_a5_1(const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul); +void osmo_a5_2(const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul); +void osmo_a5_3(const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul); +void osmo_a5_4(const uint8_t *ck, uint32_t fn, ubit_t *dl, ubit_t *ul); + +/*! @} */ + +#endif /* __OSMO_A5_H__ */ diff --git a/a53.h b/a53.h new file mode 100644 index 0000000..726d2ae --- /dev/null +++ b/a53.h @@ -0,0 +1,5 @@ +typedef unsigned char u8; +typedef unsigned short u16; +typedef unsigned int u32; + +void A53_GSM( u8 *key, int klen, int count, u8 *block1, u8 *block2 ); diff --git a/a53test.cpp b/a53test.cpp new file mode 100644 index 0000000..366e7be --- /dev/null +++ b/a53test.cpp @@ -0,0 +1,99 @@ +#include +#include +#include +#include +#include +using namespace std; + +void printer(int which, const char *label, u8 *vector, int lth) +{ + cout << " block" << which << " " << label << " = "; + int i; + for (i = 0; i < lth; i++) { + cout << hex << std::setw(2) << setfill('0') << (int)vector[i] << dec; + } +} + +void check(int which, u8 *exp, u8 *got) +{ + printer(which, "exp", exp, 15); + printer(which, "got", got, 15); + int err = 0; + int i; + for (i = 0; i < 15; i++) { + if (exp[i] == got[i]) continue; + err = 1; + break; + } + if (err) { + cout << " ERROR" << endl; + } else { + cout << " ok" << endl; + } +} + +int unhex(const char c) +{ + if (c >= '0' && c <= '9') return c - '0'; + if (c >= 'A' && c <= 'F') return c - 'A' + 10; + cout << "oops" << endl; + exit(1); +} + +int seti(const char *src) +{ + int r = 0; + for ( ; *src != 0; src++) { + r = (r << 4) + unhex(*src); + } + return r; +} + +void setu8(u8 *dst, const char *src) +{ + for ( ; *src != 0; src += 2) { + *dst++ = (unhex(src[0]) << 4) | (unhex(src[1])); + } +} + +int main() +{ + int i, keylth; + unsigned int count; + u8 key[16], exp1[15], exp2[15], got1[15], got2[15]; + const char *data[52] = { + "2BD6459F82C5BC00", "24F20F", "889EEAAF9ED1BA1ABBD8436232E440", "5CA3406AA244CF69CF047AADA2DF40", + "952C49104881FF48", "061527", "AB7DB38A573A325DAA76E4CB800A40", "4C4B594FEA9D00FE8978B7B7BC1080", + "EFA8B2229E720C2A", "33FD3F", "0E4015755A336469C3DD8680E30340", "6F10669E2B4E18B042431A28E47F80", + "3451F23A43BD2C87", "0E418C", "75F7C4C51560905DFBA05E46FB54C0", "192C95353CDF979E054186DF15BF00", + "CAA2639BE82435CF", "2FF229", "301437E4D4D6565D4904C631606EC0", "F0A3B8795E264D3E1A82F684353DC0", + "7AE67E87400B9FA6", "2F24E5", "F794290FEF643D2EA348A7796A2100", "CB6FA6C6B8A705AF9FEFE975818500", + "58AF69935540698B", "05446B", "749CA4E6B691E5A598C461D5FE4740", "31C9E444CD04677ADAA8A082ADBC40", + "017F81E5F236FE62", "156B26", "2A6976761E60CC4E8F9F52160276C0", "A544D8475F2C78C35614128F1179C0", + "1ACA8B448B767B39", "0BC3B5", "A4F70DC5A2C9707F5FA1C60EB10640", "7780B597B328C1400B5C74823E8500", + // "5ACB1D644C0D512041A5", "1D5157", "8EFAEC49C355CCD995C2BF649FD480", "F3A2910CAEDF587E976171AAF33B80", + // "9315819243A043BEBE6E", "2E196F", "AA08DB46DD3DED78A612085C529D00", "0250463DA0E3886F9BC2E3BB0D73C0", + // "3D43C388C9581E337FF1F97EB5C1F85E", "35D2CF", "A2FE3034B6B22CC4E33C7090BEC340", "170D7497432FF897B91BE8AECBA880", + // "A4496A64DF4F399F3B4506814A3E07A1", "212777", "89CDEE360DF9110281BCF57755A040", "33822C0C779598C9CBFC49183AF7C0", + }; + for (i = 32; i>=0; i-=4) { + cout << "test set " << (1+i/4) << endl; + setu8(key, data[i]); + keylth = strlen(data[i])*4; + count = seti(data[i+1]); + A53_GSM(key, keylth, count, got1, got2); + setu8(exp1, data[i+2]); + setu8(exp2, data[i+3]); + check(1, exp1, got1); + check(2, exp2, got2); + } + cout << "time test" << endl; + int n = 10000; + float t = clock(); + for (i = 0; i < n; i++) { + A53_GSM(key, keylth, count, got1, got2); + } + t = (clock() - t) / (CLOCKS_PER_SEC * (float)n); + cout << "GSM takes " << t << " seconds per iteration" << endl; + exit(0); +} diff --git a/a5_speed.c b/a5_speed.c new file mode 100644 index 0000000..0e27e93 --- /dev/null +++ b/a5_speed.c @@ -0,0 +1,72 @@ +#include +#include +#include +#include +#include +#include + +#include "bits.h" +#include "utils.h" +#include "a5.h" + +static const uint8_t key[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static const uint32_t fn = 123456; +static const uint8_t dl[] = { + /* A5/0 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + /* A5/1 */ + 0xcb, 0xa2, 0x55, 0x76, 0x17, 0x5d, 0x3b, 0x1c, + 0x7b, 0x2f, 0x29, 0xa8, 0xc1, 0xb6, 0x00, + + /* A5/2 */ + 0x45, 0x9c, 0x88, 0xc3, 0x82, 0xb7, 0xff, 0xb3, + 0x98, 0xd2, 0xf9, 0x6e, 0x0f, 0x14, 0x80, +}; +static const uint8_t ul[] = { + /* A5/0 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + /* A5/1 */ + 0xd9, 0x03, 0x5e, 0x0f, 0x2a, 0xec, 0x13, 0x9a, + 0x05, 0xd4, 0xa8, 0x7b, 0xb1, 0x64, 0x80, + + /* A5/2 */ + 0xf0, 0x3a, 0xac, 0xde, 0xe3, 0x5b, 0x5e, 0x65, + 0x80, 0xba, 0xab, 0xc0, 0x59, 0x26, 0x40, +}; + +void test_a5(int n, char * kc, uint32_t count, char * block1, char * block2) { + ubit_t out[114]; + int k = (n == 4) ? 16 : 8; + int ntrials; + float t; + int i; + uint8_t key[k]; + osmo_hexparse(kc, key, k); + ntrials = 10000; + + t = clock(); + for (i = 0; i < ntrials; i++) { + osmo_a5(n, key, count, out, NULL); + } + t = (clock() - t) / (CLOCKS_PER_SEC * (float)ntrials); + printf("osmo_a5 DL takes %g seconds per iteration\n", t); + + t = clock(); + for (i = 0; i < ntrials; i++) { + osmo_a5(n, key, count, NULL, out); + } + t = (clock() - t) / (CLOCKS_PER_SEC * (float)ntrials); + printf("osmo_a5 UL takes %g seconds per iteration\n", t); + +} + +int main(int argc, char **argv) +{ + test_a5(3, "2BD6459F82C5BC00", 0x24F20F, "889EEAAF9ED1BA1ABBD8436232E440", "5CA3406AA244CF69CF047AADA2DF40"); + + return 0; +} diff --git a/a5_test.c b/a5_test.c new file mode 100644 index 0000000..e4fcd1a --- /dev/null +++ b/a5_test.c @@ -0,0 +1,128 @@ +#include +#include +#include +#include +#include + +#include "bits.h" +#include "utils.h" +#include "a5.h" + +static const uint8_t key[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; +static const uint32_t fn = 123456; +static const uint8_t dl[] = { + /* A5/0 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + /* A5/1 */ + 0xcb, 0xa2, 0x55, 0x76, 0x17, 0x5d, 0x3b, 0x1c, + 0x7b, 0x2f, 0x29, 0xa8, 0xc1, 0xb6, 0x00, + + /* A5/2 */ + 0x45, 0x9c, 0x88, 0xc3, 0x82, 0xb7, 0xff, 0xb3, + 0x98, 0xd2, 0xf9, 0x6e, 0x0f, 0x14, 0x80, +}; +static const uint8_t ul[] = { + /* A5/0 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + /* A5/1 */ + 0xd9, 0x03, 0x5e, 0x0f, 0x2a, 0xec, 0x13, 0x9a, + 0x05, 0xd4, 0xa8, 0x7b, 0xb1, 0x64, 0x80, + + /* A5/2 */ + 0xf0, 0x3a, 0xac, 0xde, 0xe3, 0x5b, 0x5e, 0x65, + 0x80, 0xba, 0xab, 0xc0, 0x59, 0x26, 0x40, +}; + +inline bool print_a5(int n, int k, char * dir, ubit_t * out, char * block) { + uint8_t len = 114 / 8 + 1, buf[len], res[len]; + printf("A5/%d - %s: %s => ", n, dir, osmo_ubit_dump(out, 114)); + osmo_hexparse(block, res, len); + osmo_ubit2pbit(buf, out, 114); + if (0 != memcmp(buf, res, len)) { + printf("FAIL"); + printf("\nGOT: [%d] %s", k, osmo_hexdump_nospc(buf, len)); + printf("\nEXP: [%d] %s\n", k, osmo_hexdump_nospc(res, len)); + return false; + } + printf("OK\n"); + return true; +} + +inline bool test_a5(int n, char * kc, uint32_t count, char * block1, char * block2) { + ubit_t out[114]; + int k = (n == 4) ? 16 : 8; + uint8_t key[k]; + osmo_hexparse(kc, key, k); + + osmo_a5(n, key, count, out, NULL); + bool d = print_a5(n, k, "DL", out, block1); + + osmo_a5(n, key, count, NULL, out); + bool u = print_a5(n, k, "UL", out, block2); + + return d & u; +} + +int main(int argc, char **argv) +{ + ubit_t exp[114], out[114]; + int n, i; + + for (n=0; n<3; n++) { + /* "Randomize" */ + for (i=0; i<114; i++) + out[i] = i & 1; + + /* DL */ + osmo_pbit2ubit(exp, &dl[15*n], 114); + + osmo_a5(n, key, fn, out, NULL); + + printf("A5/%d - DL: %s", n, osmo_ubit_dump(out, 114)); + + if (!memcmp(exp, out, 114)) + printf(" => OK\n"); + else { + printf(" => BAD\n"); + printf(" Expected: %s", osmo_ubit_dump(out, 114)); + fprintf(stderr, "[!] A5/%d DL failed", n); + exit(1); + } + + /* UL */ + osmo_pbit2ubit(exp, &ul[15*n], 114); + + osmo_a5(n, key, fn, NULL, out); + + printf("A5/%d - UL: %s", n, osmo_ubit_dump(out, 114)); + + if (!memcmp(exp, out, 114)) + printf(" => OK\n"); + else { + printf(" => BAD\n"); + printf(" Expected: %s", osmo_ubit_dump(out, 114)); + fprintf(stderr, "[!] A5/%d UL failed", n); + exit(1); + } + } + +// test vectors from 3GPP TS 55.217 and TS 55.218 + test_a5(3, "2BD6459F82C5BC00", 0x24F20F, "889EEAAF9ED1BA1ABBD8436232E440", "5CA3406AA244CF69CF047AADA2DF40"); + test_a5(3, "952C49104881FF48", 0x061272, "FB4D5FBCEE13A33389285686E9A5C0", "25090378E0540457C57E367662E440"); + test_a5(3, "EFA8B2229E720C2A", 0x33FD3F, "0E4015755A336469C3DD8680E30340", "6F10669E2B4E18B042431A28E47F80"); + test_a5(3, "952C49104881FF48", 0x061527, "AB7DB38A573A325DAA76E4CB800A40", "4C4B594FEA9D00FE8978B7B7BC1080"); + test_a5(3, "3451F23A43BD2C87", 0x0E418C, "75F7C4C51560905DFBA05E46FB54C0", "192C95353CDF979E054186DF15BF00"); + test_a5(3, "CAA2639BE82435CF", 0x2FF229, "301437E4D4D6565D4904C631606EC0", "F0A3B8795E264D3E1A82F684353DC0"); + test_a5(3, "7AE67E87400B9FA6", 0x2F24E5, "F794290FEF643D2EA348A7796A2100", "CB6FA6C6B8A705AF9FEFE975818500"); + test_a5(3, "58AF69935540698B", 0x05446B, "749CA4E6B691E5A598C461D5FE4740", "31C9E444CD04677ADAA8A082ADBC40"); + test_a5(3, "017F81E5F236FE62", 0x156B26, "2A6976761E60CC4E8F9F52160276C0", "A544D8475F2C78C35614128F1179C0"); + test_a5(3, "1ACA8B448B767B39", 0x0BC3B5, "A4F70DC5A2C9707F5FA1C60EB10640", "7780B597B328C1400B5C74823E8500"); + test_a5(4, "3D43C388C9581E337FF1F97EB5C1F85E", 0x35D2CF, "A2FE3034B6B22CC4E33C7090BEC340", "170D7497432FF897B91BE8AECBA880"); + test_a5(4, "A4496A64DF4F399F3B4506814A3E07A1", 0x212777, "89CDEE360DF9110281BCF57755A040", "33822C0C779598C9CBFC49183AF7C0"); + + return 0; +} diff --git a/a5_test.ok b/a5_test.ok new file mode 100644 index 0000000..cefcdb6 --- /dev/null +++ b/a5_test.ok @@ -0,0 +1,30 @@ +A5/0 - DL: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 => OK +A5/0 - UL: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 => OK +A5/1 - DL: 110010111010001001010101011101100001011101011101001110110001110001111011001011110010100110101000110000011011011000 => OK +A5/1 - UL: 110110010000001101011110000011110010101011101100000100111001101000000101110101001010100001111011101100010110010010 => OK +A5/2 - DL: 010001011001110010001000110000111000001010110111111111111011001110011000110100101111100101101110000011110001010010 => OK +A5/2 - UL: 111100000011101010101100110111101110001101011011010111100110010110000000101110101010101111000000010110010010011001 => OK +A5/3 - DL: 100010001001111011101010101011111001111011010001101110100001101010111011110110000100001101100010001100101110010001 => OK +A5/3 - UL: 010111001010001101000000011010101010001001000100110011110110100111001111000001000111101010101101101000101101111101 => OK +A5/3 - DL: 111110110100110101011111101111001110111000010011101000110011001110001001001010000101011010000110111010011010010111 => OK +A5/3 - UL: 001001010000100100000011011110001110000001010100000001000101011111000101011111100011011001110110011000101110010001 => OK +A5/3 - DL: 000011100100000000010101011101010101101000110011011001000110100111000011110111011000011010000000111000110000001101 => OK +A5/3 - UL: 011011110001000001100110100111100010101101001110000110001011000001000010010000110001101000101000111001000111111110 => OK +A5/3 - DL: 101010110111110110110011100010100101011100111010001100100101110110101010011101101110010011001011100000000000101001 => OK +A5/3 - UL: 010011000100101101011001010011111110101010011101000000001111111010001001011110001011011110110111101111000001000010 => OK +A5/3 - DL: 011101011111011111000100110001010001010101100000100100000101110111111011101000000101111001000110111110110101010011 => OK +A5/3 - UL: 000110010010110010010101001101010011110011011111100101111001111000000101010000011000011011011111000101011011111100 => OK +A5/3 - DL: 001100000001010000110111111001001101010011010110010101100101110101001001000001001100011000110001011000000110111011 => OK +A5/3 - UL: 111100001010001110111000011110010101111000100110010011010011111000011010100000101111011010000100001101010011110111 => OK +A5/3 - DL: 111101111001010000101001000011111110111101100100001111010010111010100011010010001010011101111001011010100010000100 => OK +A5/3 - UL: 110010110110111110100110110001101011100010100111000001011010111110011111111011111110100101110101100000011000010100 => OK +A5/3 - DL: 011101001001110010100100111001101011011010010001111001011010010110011000110001000110000111010101111111100100011101 => OK +A5/3 - UL: 001100011100100111100100010001001100110100000100011001110111101011011010101010001010000010000010101011011011110001 => OK +A5/3 - DL: 001010100110100101110110011101100001111001100000110011000100111010001111100111110101001000010110000000100111011011 => OK +A5/3 - UL: 101001010100010011011000010001110101111100101100011110001100001101010110000101000001001010001111000100010111100111 => OK +A5/3 - DL: 101001001111011100001101110001011010001011001001011100000111111101011111101000011100011000001110101100010000011001 => OK +A5/3 - UL: 011101111000000010110101100101111011001100101000110000010100000000001011010111000111010010000010001111101000010100 => OK +A5/4 - DL: 101000101111111000110000001101001011011010110010001011001100010011100011001111000111000010010000101111101100001101 => OK +A5/4 - UL: 000101110000110101110100100101110100001100101111111110001001011110111001000110111110100010101110110010111010100010 => OK +A5/4 - DL: 100010011100110111101110001101100000110111111001000100010000001010000001101111001111010101110111010101011010000001 => OK +A5/4 - UL: 001100111000001000101100000011000111011110010101100110001100100111001011111111000100100100011000001110101111011111 => OK diff --git a/bits.c b/bits.c new file mode 100644 index 0000000..62de672 --- /dev/null +++ b/bits.c @@ -0,0 +1,221 @@ + +#include + +#include "bits.h" + +/*! \addtogroup bits + * @{ + */ + +/*! \file bits.c + * \brief Osmocom bit level support code + */ + + +/*! \brief convert unpacked bits to packed bits, return length in bytes + * \param[out] out output buffer of packed bits + * \param[in] in input buffer of unpacked bits + * \param[in] num_bits number of bits + */ +int osmo_ubit2pbit(pbit_t *out, const ubit_t *in, unsigned int num_bits) +{ + unsigned int i; + uint8_t curbyte = 0; + pbit_t *outptr = out; + + for (i = 0; i < num_bits; i++) { + uint8_t bitnum = 7 - (i % 8); + + curbyte |= (in[i] << bitnum); + + if(i % 8 == 7){ + *outptr++ = curbyte; + curbyte = 0; + } + } + /* we have a non-modulo-8 bitcount */ + if (i % 8) + *outptr++ = curbyte; + + return outptr - out; +} + +/*! \brief convert packed bits to unpacked bits, return length in bytes + * \param[out] out output buffer of unpacked bits + * \param[in] in input buffer of packed bits + * \param[in] num_bits number of bits + */ +int osmo_pbit2ubit(ubit_t *out, const pbit_t *in, unsigned int num_bits) +{ + unsigned int i; + ubit_t *cur = out; + ubit_t *limit = out + num_bits; + + for (i = 0; i < (num_bits/8)+1; i++) { + pbit_t byte = in[i]; + *cur++ = (byte >> 7) & 1; + if (cur >= limit) + break; + *cur++ = (byte >> 6) & 1; + if (cur >= limit) + break; + *cur++ = (byte >> 5) & 1; + if (cur >= limit) + break; + *cur++ = (byte >> 4) & 1; + if (cur >= limit) + break; + *cur++ = (byte >> 3) & 1; + if (cur >= limit) + break; + *cur++ = (byte >> 2) & 1; + if (cur >= limit) + break; + *cur++ = (byte >> 1) & 1; + if (cur >= limit) + break; + *cur++ = (byte >> 0) & 1; + if (cur >= limit) + break; + } + return cur - out; +} + +/*! \brief convert unpacked bits to packed bits (extended options) + * \param[out] out output buffer of packed bits + * \param[in] out_ofs offset into output buffer + * \param[in] in input buffer of unpacked bits + * \param[in] in_ofs offset into input buffer + * \param[in] num_bits number of bits + * \param[in] lsb_mode Encode bits in LSB orde instead of MSB + * \returns length in bytes (max written offset of output buffer + 1) + */ +int osmo_ubit2pbit_ext(pbit_t *out, unsigned int out_ofs, + const ubit_t *in, unsigned int in_ofs, + unsigned int num_bits, int lsb_mode) +{ + int op, bn; + for (unsigned i=0; i>3] |= 1 << bn; + else + out[op>>3] &= ~(1 << bn); + } + return ((out_ofs + num_bits - 1) >> 3) + 1; +} + +/*! \brief convert packed bits to unpacked bits (extended options) + * \param[out] out output buffer of unpacked bits + * \param[in] out_ofs offset into output buffer + * \param[in] in input buffer of packed bits + * \param[in] in_ofs offset into input buffer + * \param[in] num_bits number of bits + * \param[in] lsb_mode Encode bits in LSB orde instead of MSB + * \returns length in bytes (max written offset of output buffer + 1) + */ +int osmo_pbit2ubit_ext(ubit_t *out, unsigned int out_ofs, + const pbit_t *in, unsigned int in_ofs, + unsigned int num_bits, int lsb_mode) +{ + int ip, bn; + for (unsigned i=0; i>3] & (1<> 1; + if (k & 2) x = (x & 0x33333333) << 2 | (x & 0xCCCCCCCC) >> 2; + if (k & 4) x = (x & 0x0F0F0F0F) << 4 | (x & 0xF0F0F0F0) >> 4; + if (k & 8) x = (x & 0x00FF00FF) << 8 | (x & 0xFF00FF00) >> 8; + if (k & 16) x = (x & 0x0000FFFF) << 16 | (x & 0xFFFF0000) >> 16; + + return x; +} + +/* generalized bit reversal function, Chapter 7 "Hackers Delight" */ +uint32_t osmo_revbytebits_32(uint32_t x) +{ + x = (x & 0x55555555) << 1 | (x & 0xAAAAAAAA) >> 1; + x = (x & 0x33333333) << 2 | (x & 0xCCCCCCCC) >> 2; + x = (x & 0x0F0F0F0F) << 4 | (x & 0xF0F0F0F0) >> 4; + + return x; +} + +uint32_t osmo_revbytebits_8(uint8_t x) +{ + x = (x & 0x55) << 1 | (x & 0xAA) >> 1; + x = (x & 0x33) << 2 | (x & 0xCC) >> 2; + x = (x & 0x0F) << 4 | (x & 0xF0) >> 4; + + return x; +} + +void osmo_revbytebits_buf(uint8_t *buf, int ilen) +{ + unsigned int unaligned_cnt; + unsigned len_remain = ilen; + unsigned len = ilen; + + unaligned_cnt = ((unsigned long)buf & 3); + for (unsigned i = 0; i < unaligned_cnt; i++) { + buf[i] = osmo_revbytebits_8(buf[i]); + len_remain--; + if (len_remain <= 0) + return; + } + + for (unsigned i = unaligned_cnt; i < len; i += 4) { + uint32_t *cur = (uint32_t *) (buf + i); + *cur = osmo_revbytebits_32(*cur); + len_remain -= 4; + } + + for (unsigned i = len - len_remain; i < len; i++) { + buf[i] = osmo_revbytebits_8(buf[i]); + len_remain--; + } +} + +void osmo_revbytes_buf(uint8_t *buf, size_t len) +{ + uint8_t *end = buf + len - 1, tmp; + + while (buf < end) { + tmp = *buf; + *buf++ = *end; + *end-- = tmp; + } +} + +/* left circular shift */ +uint16_t rol16(uint16_t in, unsigned shift) +{ + return (in << shift) | (in >> (16 - shift)); +} + +/* return 2 bytes from a given array glued into single uint16_t */ +uint16_t osmo_get2bytes(const uint8_t *a) +{ /* UNSAFE! NO out-of-bounds access check. Do NOT use unless you know what you are doing! */ + return (uint16_t)((((uint16_t)a[0]) << 8) + (uint16_t)a[1]); +} + +/* convert uint64_t into array of 8 bytes in out */ +void osmo_64pack2pbit(uint64_t in, pbit_t *out) +{ + int i; + for (i = 7; i >=0; i--) { + out[i] = in & 0xFF; + in >>= 8; + } +} + +/*! @} */ diff --git a/bits.h b/bits.h new file mode 100644 index 0000000..bf79445 --- /dev/null +++ b/bits.h @@ -0,0 +1,90 @@ +#ifndef _OSMO_BITS_H +#define _OSMO_BITS_H + +#include +#include +/*! \defgroup bits soft, unpacked and packed bits + * @{ + */ + +/*! \file bits.h + * \brief Osmocom bit level support code + */ + +typedef int8_t sbit_t; /*!< \brief soft bit (-127...127) */ +typedef uint8_t ubit_t; /*!< \brief unpacked bit (0 or 1) */ +typedef uint8_t pbit_t; /*!< \brief packed bis (8 bits in a byte) */ + +/* + NOTE on the endianess of pbit_t: + Bits in a pbit_t are ordered MSB first, i.e. 0x80 is the first bit. + Bit i in a pbit_t array is array[i/8] & (1<<(7-i%8)) +*/ + +/*! \brief determine how many bytes we would need for \a num_bits packed bits + * \param[in] num_bits Number of packed bits + */ +static inline unsigned int osmo_pbit_bytesize(unsigned int num_bits) +{ + unsigned int pbit_bytesize = num_bits / 8; + + if (num_bits % 8) + pbit_bytesize++; + + return pbit_bytesize; +} + +int osmo_ubit2pbit(pbit_t *out, const ubit_t *in, unsigned int num_bits); + +int osmo_pbit2ubit(ubit_t *out, const pbit_t *in, unsigned int num_bits); + +int osmo_ubit2pbit_ext(pbit_t *out, unsigned int out_ofs, + const ubit_t *in, unsigned int in_ofs, + unsigned int num_bits, int lsb_mode); + +int osmo_pbit2ubit_ext(ubit_t *out, unsigned int out_ofs, + const pbit_t *in, unsigned int in_ofs, + unsigned int num_bits, int lsb_mode); + + +/* BIT REVERSAL */ + +/*! \brief bit-reversal mode for osmo_bit_reversal() */ +enum osmo_br_mode { + /*! \brief reverse all bits in a 32bit dword */ + OSMO_BR_BITS_IN_DWORD = 31, + /*! \brief reverse byte order in a 32bit dword */ + OSMO_BR_BYTES_IN_DWORD = 24, + /*! \brief reverse bits of each byte in a 32bit dword */ + OSMO_BR_BITS_IN_BYTE = 7, + /*! \brief swap the two 16bit words in a 32bit dword */ + OSMO_BR_WORD_SWAP = 16, +}; + +/*! \brief generic bit reversal function */ +uint32_t osmo_bit_reversal(uint32_t x, enum osmo_br_mode k); + +/* \brief reverse the bits within each byte of a 32bit word */ +uint32_t osmo_revbytebits_32(uint32_t x); + +/* \brief reverse the bits within a byte */ +uint32_t osmo_revbytebits_8(uint8_t x); + +/* \brief reverse the bits of each byte in a given buffer */ +void osmo_revbytebits_buf(uint8_t *buf, int len); + +/* \brief reverse the order of the bytes in a given buffer */ +void osmo_revbytes_buf(uint8_t *buf, size_t len); + +/* \brief left circular shift */ +uint16_t rol16(uint16_t in, unsigned shift); + +/* return 2 bytes from a given array glued into single uint16_t */ +uint16_t osmo_get2bytes(const uint8_t *a); + +/* convert uint64_t into array of 8 bytes in out */ +void osmo_64pack2pbit(uint64_t in, pbit_t *out); + +/*! @} */ + +#endif /* _OSMO_BITS_H */ diff --git a/gea.c b/gea.c new file mode 100644 index 0000000..2dbe6c5 --- /dev/null +++ b/gea.c @@ -0,0 +1,45 @@ +/* + * gea.c + * + * Full reimplementation of GEA3 + * + * Copyright (C) 2013 Max + * + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include + +#include "bits.h" +#include "gprs_cipher.h" +#include "kasumi.h" + + +int osmo_gea4(uint8_t *out, uint16_t len, uint8_t * kc, uint32_t iv, enum gprs_cipher_direction direction) { + _kasumi_kgcore(0xFF, 0, iv, direction, kc, out, len * 8); + + return 0; +} + +int osmo_gea3(uint8_t *out, uint16_t len, uint64_t kc, uint32_t iv, enum gprs_cipher_direction direction) { + uint8_t ck[16]; + osmo_64pack2pbit(kc, ck); + osmo_64pack2pbit(kc, ck + 8); + +// _kasumi_kgcore(0xFF, 0, iv, direction, ck, out, len * 8); + + return osmo_gea4(out, len, ck, iv, direction); +} diff --git a/gea.h b/gea.h new file mode 100644 index 0000000..3c51b68 --- /dev/null +++ b/gea.h @@ -0,0 +1,28 @@ +/* + * GEA3 header + * + * See gea.c for details + */ + +#ifndef __GEA_H__ +#define __GEA_H__ + +#include + +#include "gprs_cipher.h" + +/* + * Performs the GEA3 algorithm (used in GPRS) + * out : uint8_t [] + * len : uint16_t + * kc : uint64_t + * iv : uint32_t + * direct: 0 or 1 + */ + +int osmo_gea3(uint8_t *out, uint16_t len, uint64_t kc, uint32_t iv, enum gprs_cipher_direction direct); + +int osmo_gea4(uint8_t *out, uint16_t len, uint8_t * kc, uint32_t iv, enum gprs_cipher_direction direct); + +#endif /* __GEA_H__ */ + diff --git a/gea_test.c b/gea_test.c new file mode 100644 index 0000000..2283bad --- /dev/null +++ b/gea_test.c @@ -0,0 +1,54 @@ +#include +#include +#include +#include +#include + +#include "bits.h" +#include "utils.h" +#include "gprs_cipher.h" +#include "gea.h" + +void print_check(char * res, uint8_t * out, uint16_t len) { + uint8_t buf[len]; + osmo_hexparse(res, buf, len); + if (0 != memcmp(buf, out, len)) { + printf("FAIL:\n"); + printf("OUT: %s\n", osmo_hexdump_nospc(out, len)); + printf("EXP: %s\n", osmo_hexdump_nospc(buf, len)); + } + else printf("OK\n"); +} + +void test_gea3(uint64_t kc, uint32_t iv, int dir, uint16_t len, char * res) { + printf("%d: %d -> 0x%X ", len, dir, iv); + uint8_t out[len]; + osmo_gea3(out, len, kc, iv, dir); + print_check(res, out, len); +} + +void test_gea4(char * kc, uint32_t iv, int dir, uint16_t len, char * res) { + printf("%d: %d -> 0x%X ", len, dir, iv); + uint8_t out[len], ck[256]; + osmo_hexparse(kc, ck, len); + osmo_gea4(out, len, ck, iv, dir); + print_check(res, out, len); +} + +int main(int argc, char **argv) +{ + // printf("GEA3 support: %d\n", gprs_cipher_supported(GPRS_ALGO_GEA3)); + // printf("GEA4 support: %d\n", gprs_cipher_supported(GPRS_ALGO_GEA4)); +// test vectors according to 3GPP TS 55.217 and TS 55.218 +test_gea3(0x2BD6459F82C5BC00LL, 0x8E9421A3, 0, 59, "5F359709DE950D0105B17B6C90194280F880B48DCCDC2AFEED415DBEF4354EEBB21D073CCBBFB2D706BD7AFFD371FC96E3970D143DCB2624054826"); +test_gea3(0x952C49104881FF48LL, 0x5064DB71, 0, 59, "FDC03D738C8E14FF0320E59AAF75760799E9DA78DD8F888471C4AEAAC1849633A26CD84F459D265B83D7D9B9A0B1E54F4D75E331640DF19E0DB0E0"); +test_gea3(0xEFA8B2229E720C2ALL, 0x4BDBD5E5, 1, 59, "4718A2ADFC90590949DDADAB406EC3B925F1AF1214673909DAAB96BB4C18B1374BB1E99445A81CC856E47C6E49E9DBB9873D0831B2175CA1E109BA"); +test_gea3(0x3451F23A43BD2C87LL, 0x893FE14F, 0, 59, "B46B1E284E3F8B63B86D9DF0915CFCEDDF2F061895BF9F82BF2593AE4847E94A4626C393CF8941CE15EA7812690D8415B88C5730FE1F5D410E16A2"); +test_gea3(0xCAA2639BE82435CFLL, 0x8FE17885, 1, 59, "9FEFAF155A26CF35603E727CDAA87BA067FD84FF98A50B7FF0EC8E95A0FB70E79CB93DEE2B7E9AB59D050E1262401571F349C68229DDF0DECC4E85"); +test_gea3(0x1ACA8B448B767B39LL, 0x4F7BC3B5, 0, 59, "514F6C3A3B5A55CA190092F7BB6E80EF3EDB738FCDCE2FF90BB387DDE75BBC32A04A67B898A3DFB8198FFFC37D437CF69E7F9C13B51A868720E750"); +test_gea4("D3C5D592327FB11C4035C6680AF8C6D1", 0x0A3A59B4, 0, 51, "6E217CE41EBEFB5EC8094C15974290065E42BABC9AE35654A53085CE68DFA4426A2FF0AD4AF3341006A3F84B7613ACB4FBDC34"); +test_gea4("3D43C388C9581E337FF1F97EB5C1F85E", 0x48571AB9, 0, 59, "FC7314EF00A63ED0116F236C5D25C54EEC56A5B71F9F18B4D7941F84E422ACBDE5EEA9A204679002D14F312F3DEE2A1AC917C3FBDC3696143C0F5D"); +test_gea4("A4496A64DF4F399F3B4506814A3E07A1", 0xEB04ADE2, 1, 59, "2AEB5970FB06B718027D048488AAF24FB3B74EA4A6B1242FF85B108FF816A303C72757D9AAD862B835D1D287DBC141D0A28D79D87BB137CD1198CD"); + + return 0; +} diff --git a/gea_test.ok b/gea_test.ok new file mode 100644 index 0000000..2f50727 --- /dev/null +++ b/gea_test.ok @@ -0,0 +1,9 @@ +59: 0 -> 0x8E9421A3 OK +59: 0 -> 0x5064DB71 OK +59: 1 -> 0x4BDBD5E5 OK +59: 0 -> 0x893FE14F OK +59: 1 -> 0x8FE17885 OK +59: 0 -> 0x4F7BC3B5 OK +51: 0 -> 0xA3A59B4 OK +59: 0 -> 0x48571AB9 OK +59: 1 -> 0xEB04ADE2 OK diff --git a/gprs_cipher.h b/gprs_cipher.h new file mode 100644 index 0000000..b729fc4 --- /dev/null +++ b/gprs_cipher.h @@ -0,0 +1,55 @@ +#ifndef _GPRS_CIPHER_H +#define _GPRS_CIPHER_H + +#include "linuxlist.h" + +#define GSM0464_CIPH_MAX_BLOCK 1523 + +enum gprs_ciph_algo { + GPRS_ALGO_GEA0, + GPRS_ALGO_GEA1, + GPRS_ALGO_GEA2, + GPRS_ALGO_GEA3, + GPRS_ALGO_GEA4, + _GPRS_ALGO_NUM +}; + +enum gprs_cipher_direction { + GPRS_CIPH_MS2SGSN, + GPRS_CIPH_SGSN2MS, +}; + +/* An implementation of a GPRS cipher */ +struct gprs_cipher_impl { + struct llist_head list; + enum gprs_ciph_algo algo; + const char *name; + unsigned int priority; + + /* As specified in 04.64 Annex A. Uses Kc, IV and direction + * to generate the 1523 bytes cipher stream that need to be + * XORed wit the plaintext for encrypt / ciphertext for decrypt */ + int (*run)(uint8_t *out, uint16_t len, uint64_t kc, uint32_t iv, + enum gprs_cipher_direction direction); +}; + +/* register a cipher with the core (from a plugin) */ +int gprs_cipher_register(struct gprs_cipher_impl *ciph); + +/* load all available GPRS cipher plugins */ +int gprs_cipher_load(const char *path); + +/* function to be called by core code */ +int gprs_cipher_run(uint8_t *out, uint16_t len, enum gprs_ciph_algo algo, + uint64_t kc, uint32_t iv, enum gprs_cipher_direction dir); + +/* Do we have an implementation for this cipher? */ +int gprs_cipher_supported(enum gprs_ciph_algo algo); + +/* GSM TS 04.64 / Section A.2.1 : Generation of 'input' */ +uint32_t gprs_cipher_gen_input_ui(uint32_t iov_ui, uint8_t sapi, uint32_t lfn, uint32_t oc); + +/* GSM TS 04.64 / Section A.2.1 : Generation of 'input' */ +uint32_t gprs_cipher_gen_input_i(uint32_t iov_i, uint32_t lfn, uint32_t oc); + +#endif /* _GPRS_CIPHER_H */ diff --git a/ifc.cpp b/ifc.cpp new file mode 100644 index 0000000..f3b1aa9 --- /dev/null +++ b/ifc.cpp @@ -0,0 +1,27 @@ +#include "a53.h" +#include "a5.h" +#include + +void A53_GSM( u8 *key, int klen, int count, u8 *block1, u8 *block2 ) +{ + ubit_t dl[120]; + ubit_t ul[120]; + static bool first = true; + if (first) { + printf("public A5/3\n"); + first = false; + } + osmo_a5_3(key, (uint32_t)count, dl, ul); + for (int i = 0; i < 15; i++) { + unsigned char acc1 = 0; + unsigned char acc2 = 0; + for (int j = 0; j < 8; j++) { + acc1 |= (dl[i*8+j] & 1) << (7-j); + acc2 |= (ul[i*8+j] & 1) << (7-j); + } + block1[i] = acc1; + block2[i] = acc2; + } + block1[14] &= 0xC0; + block2[14] &= 0xC0; +} diff --git a/kasumi.c b/kasumi.c new file mode 100644 index 0000000..d0100c2 --- /dev/null +++ b/kasumi.c @@ -0,0 +1,193 @@ +/* Kasumi cipher and KGcore functions */ + +/* (C) 2013 by Max + * + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include +#include "bits.h" +#include "kasumi.h" + +static uint16_t +_kasumi_FI(uint16_t I, uint16_t skey) +{ + static uint16_t S7[] = { + 54, 50, 62, 56, 22, 34, 94, 96, 38, 6, 63, 93, 2, 18, 123, 33, + 55, 113, 39, 114, 21, 67, 65, 12, 47, 73, 46, 27, 25, 111, 124, 81, + 53, 9, 121, 79, 52, 60, 58, 48, 101, 127, 40, 120, 104, 70, 71, 43, + 20, 122, 72, 61, 23, 109, 13, 100, 77, 1, 16, 7, 82, 10, 105, 98, + 117, 116, 76, 11, 89, 106, 0,125,118, 99, 86, 69, 30, 57, 126, 87, + 112, 51, 17, 5, 95, 14, 90, 84, 91, 8, 35,103, 32, 97, 28, 66, + 102, 31, 26, 45, 75, 4, 85, 92, 37, 74, 80, 49, 68, 29, 115, 44, + 64, 107, 108, 24, 110, 83, 36, 78, 42, 19, 15, 41, 88, 119, 59, 3 + }; + static uint16_t S9[] = { + 167, 239, 161, 379, 391, 334, 9, 338, 38, 226, 48, 358, 452, 385, 90, 397, + 183, 253, 147, 331, 415, 340, 51, 362, 306, 500, 262, 82, 216, 159, 356, 177, + 175, 241, 489, 37, 206, 17, 0, 333, 44, 254, 378, 58, 143, 220, 81, 400, + 95, 3, 315, 245, 54, 235, 218, 405, 472, 264, 172, 494, 371, 290, 399, 76, + 165, 197, 395, 121, 257, 480, 423, 212, 240, 28, 462, 176, 406, 507, 288, 223, + 501, 407, 249, 265, 89, 186, 221, 428,164, 74, 440, 196, 458, 421, 350, 163, + 232, 158, 134, 354, 13, 250, 491, 142,191, 69, 193, 425, 152, 227, 366, 135, + 344, 300, 276, 242, 437, 320, 113, 278, 11, 243, 87, 317, 36, 93, 496, 27, + 487, 446, 482, 41, 68, 156, 457, 131, 326, 403, 339, 20, 39, 115, 442, 124, + 475, 384, 508, 53, 112, 170, 479, 151, 126, 169, 73, 268, 279, 321, 168, 364, + 363, 292, 46, 499, 393, 327, 324, 24, 456, 267, 157, 460, 488, 426, 309, 229, + 439, 506, 208, 271, 349, 401, 434, 236, 16, 209, 359, 52, 56, 120, 199, 277, + 465, 416, 252, 287, 246, 6, 83, 305, 420, 345, 153,502, 65, 61, 244, 282, + 173, 222, 418, 67, 386, 368, 261, 101, 476, 291, 195,430, 49, 79, 166, 330, + 280, 383, 373, 128, 382, 408, 155, 495, 367, 388, 274, 107, 459, 417, 62, 454, + 132, 225, 203, 316, 234, 14, 301, 91, 503, 286, 424, 211, 347, 307, 140, 374, + 35, 103, 125, 427, 19, 214, 453, 146, 498, 314, 444, 230, 256, 329, 198, 285, + 50, 116, 78, 410, 10, 205, 510, 171, 231, 45, 139, 467, 29, 86, 505, 32, + 72, 26, 342, 150, 313, 490, 431, 238, 411, 325, 149, 473, 40, 119, 174, 355, + 185, 233, 389, 71, 448, 273, 372, 55, 110, 178, 322, 12, 469, 392, 369, 190, + 1, 109, 375, 137, 181, 88, 75, 308, 260, 484, 98, 272, 370, 275, 412, 111, + 336, 318, 4, 504, 492, 259, 304, 77, 337, 435, 21, 357, 303, 332, 483, 18, + 47, 85, 25, 497, 474, 289, 100, 269, 296, 478, 270, 106, 31, 104, 433, 84, + 414, 486, 394, 96, 99, 154, 511, 148, 413, 361, 409, 255, 162, 215, 302, 201, + 266, 351, 343, 144, 441, 365, 108, 298, 251, 34, 182, 509, 138, 210, 335, 133, + 311, 352, 328, 141, 396, 346, 123, 319, 450, 281, 429, 228, 443, 481, 92, 404, + 485, 422, 248, 297, 23, 213, 130, 466, 22, 217, 283, 70, 294, 360, 419, 127, + 312, 377, 7, 468, 194, 2, 117, 295, 463, 258, 224, 447, 247, 187, 80, 398, + 284, 353, 105, 390, 299, 471, 470, 184, 57, 200, 348, 63, 204, 188, 33, 451, + 97, 30, 310, 219, 94, 160, 129, 493, 64, 179, 263, 102, 189, 207, 114, 402, + 438, 477, 387, 122, 192, 42, 381, 5, 145, 118, 180, 449, 293, 323, 136, 380, + 43, 66, 60, 455, 341, 445, 202, 432, 8, 237, 15, 376, 436, 464, 59, 461 + }; + uint16_t L, R; + + /* Split 16 bit input into two unequal halves: 9 and 7 bits, same for subkey */ + L = I >> 7; /* take 9 bits */ + R = I & 0x7F; /* take 7 bits */ + + L = S9[L] ^ R; + R = S7[R] ^ (L & 0x7F); + + L ^= (skey & 0x1FF); + R ^= (skey >> 9); + + L = S9[L] ^ R; + R = S7[R] ^ (L & 0x7F); + + return (R << 9) + L; +} + +static uint32_t +_kasumi_FO(uint32_t I, uint16_t *KOi1, uint16_t *KOi2, uint16_t *KOi3, uint16_t *KIi1, uint16_t *KIi2, uint16_t *KIi3, unsigned i) +{ + uint16_t L = I >> 16, R = I; /* Split 32 bit input into Left and Right parts */ + + L ^= KOi1[i]; + L = _kasumi_FI(L, KIi1[i]); + L ^= R; + + R ^= KOi2[i]; + R = _kasumi_FI(R, KIi2[i]); + R ^= L; + + L ^= KOi3[i]; + L = _kasumi_FI(L, KIi3[i]); + L ^= R; + + return (((uint32_t)R) << 16) + L; +} + +static uint32_t +_kasumi_FL(uint32_t I, uint16_t *KLi1, uint16_t *KLi2, unsigned i) +{ + uint16_t L = I >> 16, R = I, tmp; /* Split 32 bit input into Left and Right parts */ + + tmp = L & KLi1[i]; + R ^= rol16(tmp, 1); + + tmp = R | KLi2[i]; + L ^= rol16(tmp, 1); + + return (((uint32_t)L) << 16) + R; +} + +uint64_t +_kasumi(uint64_t P, uint16_t *KLi1, uint16_t *KLi2, uint16_t *KOi1, uint16_t *KOi2, uint16_t *KOi3, uint16_t *KIi1, uint16_t *KIi2, uint16_t *KIi3) +{ + uint32_t i, L = P >> 32, R = P; /* Split 64 bit input into Left and Right parts */ + + for (i = 0; i < 8; i++) + { + R ^= _kasumi_FO(_kasumi_FL(L, KLi1, KLi2, i), KOi1, KOi2, KOi3, KIi1, KIi2, KIi3, i); /* odd round */ + i++; + L ^= _kasumi_FL(_kasumi_FO(R, KOi1, KOi2, KOi3, KIi1, KIi2, KIi3, i), KLi1, KLi2, i); /* even round */ + } + return (((uint64_t)L) << 32) + R; /* Concatenate Left and Right 32 bits into 64 bit ciphertext */ +} + +/*! \brief Expand key into set of subkeys + * \param[in] key (128 bits) as array of bytes + * \param[out] arrays of round-specific subkeys - see TS 135 202 for details + */ +void +_kasumi_key_expand(const uint8_t *key, uint16_t *KLi1, uint16_t *KLi2, uint16_t *KOi1, uint16_t *KOi2, uint16_t *KOi3, uint16_t *KIi1, uint16_t *KIi2, uint16_t *KIi3) +{ + uint16_t i, C[] = { 0x0123, 0x4567, 0x89AB, 0xCDEF, 0xFEDC, 0xBA98, 0x7654, 0x3210 }; + + for (i = 0; i < 8; i++) /* Work with 16 bit subkeys and create prime subkeys */ + { + C[i] ^= osmo_get2bytes(key + i * 2); + } + /* C[] now stores K-prime[] */ + for (i = 0; i < 8; i++) /* Create round-specific subkeys */ + { + KLi1[i] = rol16(osmo_get2bytes(key + i * 2), 1); + KLi2[i] = C[(i + 2) & 0x7]; + + KOi1[i] = rol16(osmo_get2bytes(key + ((2 * (i + 1)) & 0xE)), 5); + KOi2[i] = rol16(osmo_get2bytes(key + ((2 * (i + 5)) & 0xE)), 8); + KOi3[i] = rol16(osmo_get2bytes(key + ((2 * (i + 6)) & 0xE)), 13); + + KIi1[i] = C[(i + 4) & 0x7]; + KIi2[i] = C[(i + 3) & 0x7]; + KIi3[i] = C[(i + 7) & 0x7]; + } +} + +void +_kasumi_kgcore(uint8_t CA, uint8_t cb, uint32_t cc, uint8_t cd, const uint8_t *ck, uint8_t *co, uint16_t cl) +{ + uint16_t KLi1[8], KLi2[8], KOi1[8], KOi2[8], KOi3[8], KIi1[8], KIi2[8], KIi3[8], i; + uint64_t A = ((uint64_t)cc) << 32, BLK = 0, _ca = ((uint64_t)CA << 16) ; + A |= _ca; + _ca = (uint64_t)((cb << 3) | (cd << 2)) << 24; + A |= _ca; + /* Register loading complete: see TR 55.919 8.2 and TS 55.216 3.2 */ + + uint8_t ck_km[16]; + for (i = 0; i < 16; i++) ck_km[i] = ck[i] ^ 0x55; /* Modified key established */ + + /* preliminary round with modified key */ + _kasumi_key_expand(ck_km, KLi1, KLi2, KOi1, KOi2, KOi3, KIi1, KIi2, KIi3); + A = _kasumi(A, KLi1, KLi2, KOi1, KOi2, KOi3, KIi1, KIi2, KIi3); + + /* Run Kasumi in OFB to obtain enough data for gamma. */ + _kasumi_key_expand(ck, KLi1, KLi2, KOi1, KOi2, KOi3, KIi1, KIi2, KIi3); + for (i = 0; i < cl / 64 + 1; i++) /* i is a block counter */ + { + BLK = _kasumi(A ^ i ^ BLK, KLi1, KLi2, KOi1, KOi2, KOi3, KIi1, KIi2, KIi3); + osmo_64pack2pbit(BLK, co + (i * 8)); + } +} diff --git a/kasumi.h b/kasumi.h new file mode 100644 index 0000000..8479968 --- /dev/null +++ b/kasumi.h @@ -0,0 +1,36 @@ +/* + * KASUMI header + * + * See kasumi.c for details + */ + +#ifndef __KASUMI_H__ +#define __KASUMI_H__ + +#include + +/* + * Single iteration of KASUMI cipher +*/ +uint64_t _kasumi(uint64_t P, uint16_t *KLi1, uint16_t *KLi2, uint16_t *KOi1, uint16_t *KOi2, uint16_t *KOi3, uint16_t *KIi1, uint16_t *KIi2, uint16_t *KIi3); + +/* + * Implementation of the KGCORE algorithm (used by A5/3, A5/4, GEA3, GEA4 and ECSD) + * + * CA : uint8_t + * cb : uint8_t + * cc : uint32_t + * cd : uint8_t + * ck : uint8_t [8] + * co : uint8_t [output, cl-dependent] + * cl : uint16_t + */ +void _kasumi_kgcore(uint8_t CA, uint8_t cb, uint32_t cc, uint8_t cd, const uint8_t *ck, uint8_t *co, uint16_t cl); + +/*! \brief Expand key into set of subkeys + * \param[in] key (128 bits) as array of bytes + * \param[out] arrays of round-specific subkeys - see TS 135 202 for details + */ +void _kasumi_key_expand(const uint8_t *key, uint16_t *KLi1, uint16_t *KLi2, uint16_t *KOi1, uint16_t *KOi2, uint16_t *KOi3, uint16_t *KIi1, uint16_t *KIi2, uint16_t *KIi3); + +#endif /* __KASUMI_H__ */ diff --git a/kasumi_test.c b/kasumi_test.c new file mode 100644 index 0000000..d12b3a1 --- /dev/null +++ b/kasumi_test.c @@ -0,0 +1,128 @@ +#include +#include +#include +#include +#include + +#include "bits.h" +#include "utils.h" +#include "kasumi.h" // for testing internal A5/3 functions + + +inline int _compare_mem(uint8_t * x, uint8_t * y, size_t len) { + if (0 != memcmp(x, y, len)) { + printf ("X: %s\t", osmo_hexdump_nospc(x, len)); + printf ("Y: %s\n", osmo_hexdump_nospc(y, len)); + return 0; + } + return 1; +} + +inline static void test_expansion(uint8_t * test_key, uint16_t * _KLi1, uint16_t * _KLi2, uint16_t * _KOi1, uint16_t * _KOi2, uint16_t * _KOi3, uint16_t * _KIi1, uint16_t * _KIi2, uint16_t * _KIi3, uint16_t * _KLi1_r, uint16_t * _KLi2_r, uint16_t * _KOi1_r, uint16_t * _KOi2_r, uint16_t * _KOi3_r, uint16_t * _KIi1_r, uint16_t * _KIi2_r, uint16_t * _KIi3_r) +{ + _kasumi_key_expand(test_key, _KLi1, _KLi2, _KOi1, _KOi2, _KOi3, _KIi1, _KIi2, _KIi3); + int passed = 1; + passed = _compare_mem((uint8_t *)_KLi1, (uint8_t *)_KLi1_r, 16); + passed = _compare_mem((uint8_t *)_KLi2, (uint8_t *)_KLi2_r, 16); + passed = _compare_mem((uint8_t *)_KOi1, (uint8_t *)_KOi1_r, 16); + passed = _compare_mem((uint8_t *)_KOi2, (uint8_t *)_KOi2_r, 16); + passed = _compare_mem((uint8_t *)_KOi3, (uint8_t *)_KOi3_r, 16); + passed = _compare_mem((uint8_t *)_KIi1, (uint8_t *)_KIi1_r, 16); + passed = _compare_mem((uint8_t *)_KIi2, (uint8_t *)_KIi2_r, 16); + passed = _compare_mem((uint8_t *)_KIi3, (uint8_t *)_KIi3_r, 16); + if (passed) printf(" OK. "); else printf("FAILED!"); +} + +int main(int argc, char **argv) +{ + uint16_t _KLi1[8], _KLi2[8], _KOi1[8], _KOi2[8], _KOi3[8], _KIi1[8], _KIi2[8], _KIi3[8], _KLi1_r[8], _KLi2_r[8], _KOi1_r[8], _KOi2_r[8], _KOi3_r[8], _KIi1_r[8], _KIi2_r[8], _KIi3_r[8]; + + printf("testing KASUMI key expansion and encryption (ETSI TS 135 203):\n"); + printf("KASUMI Test Set 1..."); + +uint8_t _test_key1[] = {0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48}; +_KLi1_r[0] = 0x57AC; _KLi1_r[1] = 0x8B3E; _KLi1_r[2] = 0x058B; _KLi1_r[3] = 0x6601; _KLi1_r[4] = 0x2A59; _KLi1_r[5] = 0x9220; _KLi1_r[6] = 0x9102; _KLi1_r[7] = 0xFE91; +_KLi2_r[0] = 0x0B6E; _KLi2_r[1] = 0x7EEF; _KLi2_r[2] = 0x6BF0; _KLi2_r[3] = 0xF388; _KLi2_r[4] = 0x3ED5; _KLi2_r[5] = 0xCD58; _KLi2_r[6] = 0x2AF5; _KLi2_r[7] = 0x00F8; +_KOi1_r[0] = 0xB3E8; _KOi1_r[1] = 0x58B0; _KOi1_r[2] = 0x6016; _KOi1_r[3] = 0xA592; _KOi1_r[4] = 0x2209; _KOi1_r[5] = 0x1029; _KOi1_r[6] = 0xE91F; _KOi1_r[7] = 0x7AC5; +_KOi2_r[0] = 0x1049; _KOi2_r[1] = 0x8148; _KOi2_r[2] = 0x48FF; _KOi2_r[3] = 0xD62B; _KOi2_r[4] = 0x9F45; _KOi2_r[5] = 0xC582; _KOi2_r[6] = 0x00B3; _KOi2_r[7] = 0x2C95; +_KOi3_r[0] = 0x2910; _KOi3_r[1] = 0x1FE9; _KOi3_r[2] = 0xC57A; _KOi3_r[3] = 0xE8B3; _KOi3_r[4] = 0xB058; _KOi3_r[5] = 0x1660; _KOi3_r[6] = 0x92A5; _KOi3_r[7] = 0x0922; +_KIi1_r[0] = 0x6BF0; _KIi1_r[1] = 0xF388; _KIi1_r[2] = 0x3ED5; _KIi1_r[3] = 0xCD58; _KIi1_r[4] = 0x2AF5; _KIi1_r[5] = 0x00F8; _KIi1_r[6] = 0x0B6E; _KIi1_r[7] = 0x7EEF; +_KIi2_r[0] = 0x7EEF; _KIi2_r[1] = 0x6BF0; _KIi2_r[2] = 0xF388; _KIi2_r[3] = 0x3ED5; _KIi2_r[4] = 0xCD58; _KIi2_r[5] = 0x2AF5; _KIi2_r[6] = 0x00F8; _KIi2_r[7] = 0x0B6E; +_KIi3_r[0] = 0xCD58; _KIi3_r[1] = 0x2AF5; _KIi3_r[2] = 0x00F8; _KIi3_r[3] = 0x0B6E; _KIi3_r[4] = 0x7EEF; _KIi3_r[5] = 0x6BF0; _KIi3_r[6] = 0xF388; _KIi3_r[7] = 0x3ED5; +test_expansion(_test_key1, _KLi1, _KLi2, _KOi1, _KOi2, _KOi3, _KIi1, _KIi2, _KIi3, _KLi1_r, _KLi2_r, _KOi1_r, _KOi2_r, _KOi3_r, _KIi1_r, _KIi2_r, _KIi3_r); + +if (0xDF1F9B251C0BF45FLL == _kasumi(0xEA024714AD5C4D84LL, _KLi1, _KLi2, _KOi1, _KOi2, _KOi3, _KIi1, _KIi2, _KIi3)) + printf("OK."); else printf("FAILED!"); + +printf("\nKASUMI Test Set 2..."); + +uint8_t _test_key2[] = {0x8C, 0xE3, 0x3E, 0x2C, 0xC3, 0xC0, 0xB5, 0xFC, 0x1F, 0x3D, 0xE8, 0xA6, 0xDC, 0x66, 0xB1, 0xF3}; +_KLi1_r[0] = 0x19C7; _KLi1_r[1] = 0x7C58; _KLi1_r[2] = 0x8781; _KLi1_r[3] = 0x6BF9; _KLi1_r[4] = 0x3E7A; _KLi1_r[5] = 0xD14D; _KLi1_r[6] = 0xB8CD; _KLi1_r[7] = 0x63E7; +_KLi2_r[0] = 0x4A6B; _KLi2_r[1] = 0x7813; _KLi2_r[2] = 0xE1E1; _KLi2_r[3] = 0x523E; _KLi2_r[4] = 0xAA32; _KLi2_r[5] = 0x83E3; _KLi2_r[6] = 0x8DC0; _KLi2_r[7] = 0x7B4B; +_KOi1_r[0] = 0xC587; _KOi1_r[1] = 0x7818; _KOi1_r[2] = 0xBF96; _KOi1_r[3] = 0xE7A3; _KOi1_r[4] = 0x14DD; _KOi1_r[5] = 0x8CDB; _KOi1_r[6] = 0x3E76; _KOi1_r[7] = 0x9C71; +_KOi2_r[0] = 0xA6E8; _KOi2_r[1] = 0x66DC; _KOi2_r[2] = 0xF3B1; _KOi2_r[3] = 0xE38C; _KOi2_r[4] = 0x2C3E; _KOi2_r[5] = 0xC0C3; _KOi2_r[6] = 0xFCB5; _KOi2_r[7] = 0x3D1F; +_KOi3_r[0] = 0xDB8C; _KOi3_r[1] = 0x763E; _KOi3_r[2] = 0x719C; _KOi3_r[3] = 0x87C5; _KOi3_r[4] = 0x1878; _KOi3_r[5] = 0x96BF; _KOi3_r[6] = 0xA3E7; _KOi3_r[7] = 0xDD14; +_KIi1_r[0] = 0xE1E1; _KIi1_r[1] = 0x523E; _KIi1_r[2] = 0xAA32; _KIi1_r[3] = 0x83E3; _KIi1_r[4] = 0x8DC0; _KIi1_r[5] = 0x7B4B; _KIi1_r[6] = 0x4A6B; _KIi1_r[7] = 0x7813; +_KIi2_r[0] = 0x7813; _KIi2_r[1] = 0xE1E1; _KIi2_r[2] = 0x523E; _KIi2_r[3] = 0xAA32; _KIi2_r[4] = 0x83E3; _KIi2_r[5] = 0x8DC0; _KIi2_r[6] = 0x7B4B; _KIi2_r[7] = 0x4A6B; +_KIi3_r[0] = 0x83E3; _KIi3_r[1] = 0x8DC0; _KIi3_r[2] = 0x7B4B; _KIi3_r[3] = 0x4A6B; _KIi3_r[4] = 0x7813; _KIi3_r[5] = 0xE1E1; _KIi3_r[6] = 0x523E; _KIi3_r[7] = 0xAA32; +test_expansion(_test_key2, _KLi1, _KLi2, _KOi1, _KOi2, _KOi3, _KIi1, _KIi2, _KIi3, _KLi1_r, _KLi2_r, _KOi1_r, _KOi2_r, _KOi3_r, _KIi1_r, _KIi2_r, _KIi3_r); + +if (0xDE551988CEB2F9B7LL == _kasumi(0xD3C5D592327FB11CLL, _KLi1, _KLi2, _KOi1, _KOi2, _KOi3, _KIi1, _KIi2, _KIi3)) + printf("OK."); else printf("FAILED!"); + +printf("\nKASUMI Test Set 3..."); + +uint8_t _test_key3[] = {0x40, 0x35, 0xC6, 0x68, 0x0A, 0xF8, 0xC6, 0xD1, 0xA8, 0xFF, 0x86, 0x67, 0xB1, 0x71, 0x40, 0x13}; +_KLi1_r[0] = 0x806A; _KLi1_r[1] = 0x8CD1; _KLi1_r[2] = 0x15F0; _KLi1_r[3] = 0x8DA3; _KLi1_r[4] = 0x51FF; _KLi1_r[5] = 0x0CCF; _KLi1_r[6] = 0x62E3; _KLi1_r[7] = 0x8026; +_KLi2_r[0] = 0x8353; _KLi2_r[1] = 0x0B3E; _KLi2_r[2] = 0x5623; _KLi2_r[3] = 0x3CFF; _KLi2_r[4] = 0xC725; _KLi2_r[5] = 0x7203; _KLi2_r[6] = 0x4116; _KLi2_r[7] = 0x830F; +_KOi1_r[0] = 0xCD18; _KOi1_r[1] = 0x5F01; _KOi1_r[2] = 0xDA38; _KOi1_r[3] = 0x1FF5; _KOi1_r[4] = 0xCCF0; _KOi1_r[5] = 0x2E36; _KOi1_r[6] = 0x0268; _KOi1_r[7] = 0x06A8; +_KOi2_r[0] = 0x6786; _KOi2_r[1] = 0x71B1; _KOi2_r[2] = 0x1340; _KOi2_r[3] = 0x3540; _KOi2_r[4] = 0x68C6; _KOi2_r[5] = 0xF80A; _KOi2_r[6] = 0xD1C6; _KOi2_r[7] = 0xFFA8; +_KOi3_r[0] = 0x362E; _KOi3_r[1] = 0x6802; _KOi3_r[2] = 0xA806; _KOi3_r[3] = 0x18CD; _KOi3_r[4] = 0x015F; _KOi3_r[5] = 0x38DA; _KOi3_r[6] = 0xF51F; _KOi3_r[7] = 0xF0CC; +_KIi1_r[0] = 0x5623; _KIi1_r[1] = 0x3CFF; _KIi1_r[2] = 0xC725; _KIi1_r[3] = 0x7203; _KIi1_r[4] = 0x4116; _KIi1_r[5] = 0x830F; _KIi1_r[6] = 0x8353; _KIi1_r[7] = 0x0B3E; +_KIi2_r[0] = 0x0B3E; _KIi2_r[1] = 0x5623; _KIi2_r[2] = 0x3CFF; _KIi2_r[3] = 0xC725; _KIi2_r[4] = 0x7203; _KIi2_r[5] = 0x4116; _KIi2_r[6] = 0x830F; _KIi2_r[7] = 0x8353; +_KIi3_r[0] = 0x7203; _KIi3_r[1] = 0x4116; _KIi3_r[2] = 0x830F; _KIi3_r[3] = 0x8353; _KIi3_r[4] = 0x0B3E; _KIi3_r[5] = 0x5623; _KIi3_r[6] = 0x3CFF; _KIi3_r[7] = 0xC725; +test_expansion(_test_key3, _KLi1, _KLi2, _KOi1, _KOi2, _KOi3, _KIi1, _KIi2, _KIi3, _KLi1_r, _KLi2_r, _KOi1_r, _KOi2_r, _KOi3_r, _KIi1_r, _KIi2_r, _KIi3_r); + +if (0x4592B0E78690F71BLL == _kasumi(0x62A540981BA6F9B7LL, _KLi1, _KLi2, _KOi1, _KOi2, _KOi3, _KIi1, _KIi2, _KIi3)) + printf("OK."); else printf("FAILED!"); + +printf("\nKASUMI Test Set 4..."); +uint8_t _test_key4[] = {0x3A, 0x3B, 0x39, 0xB5, 0xC3, 0xF2, 0x37, 0x6D, 0x69, 0xF7, 0xD5, 0x46, 0xE5, 0xF8, 0x5D, 0x43}; +uint64_t I4 = 0xCA49C1C75771AB0BLL, i; +_kasumi_key_expand(_test_key4, _KLi1, _KLi2, _KOi1, _KOi2, _KOi3, _KIi1, _KIi2, _KIi3); + +for (i = 0; i < 50; i++) + I4 = _kasumi(I4, _KLi1, _KLi2, _KOi1, _KOi2, _KOi3, _KIi1, _KIi2, _KIi3); + +if (0x738BAD4C4A690802LL == I4) printf(" OK.\n"); else printf("FAILED!"); + + +uint8_t gamma[32]; + +uint8_t _Key1[] = {0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xBC, 0x00, 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xBC, 0x00}, +_gamma1[] = {0x88, 0x9E, 0xEA, 0xAF, 0x9E, 0xD1, 0xBA, 0x1A, 0xBB, 0xD8, 0x43, 0x62, 0x32, 0xE4, 0x57, 0x28, 0xD0, 0x1A, 0xA8, 0x91, 0x33, 0xDA, 0x73, 0xC1, 0x1E, 0xAB, 0x68, 0xB7, 0xD8, 0x9B, 0xC8, 0x41}; +_kasumi_kgcore(0xF, 0, 0x0024F20F, 0, _Key1, gamma, 228); +printf ("KGCORE Test Set 1: %d\n", _compare_mem(gamma, _gamma1, 32)); + +uint8_t _Key2[] = {0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48, 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48}, +_gamma2[] = {0xFB, 0x4D, 0x5F, 0xBC, 0xEE, 0x13, 0xA3, 0x33, 0x89, 0x28, 0x56, 0x86, 0xE9, 0xA5, 0xC9, 0x42, 0x40, 0xDE, 0x38, 0x15, 0x01, 0x15, 0xF1, 0x5F, 0x8D, 0x9D, 0x98, 0xB9, 0x1A, 0x94, 0xB2, 0x96}; +_kasumi_kgcore(0xF, 0, 0x00061272, 0, _Key2, gamma, 228); +printf ("KGCORE Test Set 2: %d\n", _compare_mem(gamma, _gamma2, 32)); + +uint8_t _Key3[] = {0xEF, 0xA8, 0xB2, 0x22, 0x9E, 0x72, 0x0C, 0x2A, 0xEF, 0xA8, 0xB2, 0x22, 0x9E, 0x72, 0x0C, 0x2A}, +_gamma3[] = {0x0E, 0x40, 0x15, 0x75, 0x5A, 0x33, 0x64, 0x69, 0xC3, 0xDD, 0x86, 0x80, 0xE3, 0x03, 0x5B, 0xC4, 0x19, 0xA7, 0x8A, 0xD3, 0x86, 0x2C, 0x10, 0x90, 0xC6, 0x8A, 0x39, 0x1F, 0xE8, 0xA6, 0xAD, 0xEB}; +_kasumi_kgcore(0xF, 0, 0x0033FD3F, 0, _Key3, gamma, 228); +printf ("KGCORE Test Set 3: %d\n", _compare_mem(gamma, _gamma3, 32)); + +uint8_t _Key4[] = {0x5A, 0xCB, 0x1D, 0x64, 0x4C, 0x0D, 0x51, 0x20, 0x4E, 0xA5, 0x5A, 0xCB, 0x1D, 0x64, 0x4C, 0x0D}, +_gamma4[] = {0xE0, 0x95, 0x30, 0x6A, 0xD5, 0x08, 0x6E, 0x2E, 0xAC, 0x7F, 0x31, 0x07, 0xDE, 0x4F, 0xA2, 0x2D, 0xC1, 0xDF, 0xC9, 0x7D, 0x5B, 0xC5, 0x66, 0x1D, 0xD6, 0x09, 0x6F, 0x47, 0x6A, 0xED, 0xC6, 0x4B}; +_kasumi_kgcore(0xF, 0, 0x00156B26, 0, _Key4, gamma, 228); +printf ("KGCORE Test Set 4: %d\n", _compare_mem(gamma, _gamma4, 32)); + +uint8_t _Key5[] = {0xD3, 0xC5, 0xD5, 0x92, 0x32, 0x7F, 0xB1, 0x1C, 0x40, 0x35, 0xC6, 0x68, 0x0A, 0xF8, 0xC6, 0xD1}, +_gamma5[] = {0xDC, 0xE6, 0x43, 0x62, 0xAB, 0x5F, 0x89, 0xC1, 0x1E, 0xF0, 0xB3, 0x05, 0x16, 0x65, 0x70, 0xF4, 0x88, 0x9D, 0x55, 0x11, 0xE9, 0xE3, 0x57, 0x5D, 0x06, 0x2B, 0x5C, 0xED, 0x60, 0x39, 0x50, 0x6A}; +_kasumi_kgcore(0xF, 0, 0x000A59B4, 0, _Key5, gamma, 228); +printf ("KGCORE Test Set 5: %d\n", _compare_mem(gamma, _gamma5, 32)); + + return 0; +} diff --git a/kasumi_test.ok b/kasumi_test.ok new file mode 100644 index 0000000..2c2af4c --- /dev/null +++ b/kasumi_test.ok @@ -0,0 +1,10 @@ +testing KASUMI key expansion and encryption (ETSI TS 135 203): +KASUMI Test Set 1... OK. OK. +KASUMI Test Set 2... OK. OK. +KASUMI Test Set 3... OK. OK. +KASUMI Test Set 4... OK. +KGCORE Test Set 1: 1 +KGCORE Test Set 2: 1 +KGCORE Test Set 3: 1 +KGCORE Test Set 4: 1 +KGCORE Test Set 5: 1 diff --git a/linuxlist.h b/linuxlist.h new file mode 100644 index 0000000..ff2c491 --- /dev/null +++ b/linuxlist.h @@ -0,0 +1,360 @@ +#ifndef _LINUX_LLIST_H +#define _LINUX_LLIST_H + +#include + +#ifndef inline +#define inline __inline__ +#endif + +static inline void prefetch(__attribute__((unused)) const void *x) {;} + +/** + * container_of - cast a member of a structure out to the containing structure + * + * @ptr: the pointer to the member. + * @type: the type of the container struct this is embedded in. + * @member: the name of the member within the struct. + * + */ +#define container_of(ptr, type, member) ({ \ + const typeof( ((type *)0)->member ) *__mptr = (typeof( ((type *)0)->member ) *)(ptr); \ + (type *)( (char *)__mptr - offsetof(type, member) );}) + + +/* + * These are non-NULL pointers that will result in page faults + * under normal circumstances, used to verify that nobody uses + * non-initialized llist entries. + */ +#define LLIST_POISON1 ((void *) 0x00100100) +#define LLIST_POISON2 ((void *) 0x00200200) + +/* + * Simple doubly linked llist implementation. + * + * Some of the internal functions ("__xxx") are useful when + * manipulating whole llists rather than single entries, as + * sometimes we already know the next/prev entries and we can + * generate better code by using them directly rather than + * using the generic single-entry routines. + */ + +struct llist_head { + struct llist_head *next, *prev; +}; + +#define LLIST_HEAD_INIT(name) { &(name), &(name) } + +#define LLIST_HEAD(name) \ + struct llist_head name = LLIST_HEAD_INIT(name) + +#define INIT_LLIST_HEAD(ptr) do { \ + (ptr)->next = (ptr); (ptr)->prev = (ptr); \ +} while (0) + +/* + * Insert a new entry between two known consecutive entries. + * + * This is only for internal llist manipulation where we know + * the prev/next entries already! + */ +static inline void __llist_add(struct llist_head *_new, + struct llist_head *prev, + struct llist_head *next) +{ + next->prev = _new; + _new->next = next; + _new->prev = prev; + prev->next = _new; +} + +/** + * llist_add - add a new entry + * @new: new entry to be added + * @head: llist head to add it after + * + * Insert a new entry after the specified head. + * This is good for implementing stacks. + */ +static inline void llist_add(struct llist_head *_new, struct llist_head *head) +{ + __llist_add(_new, head, head->next); +} + +/** + * llist_add_tail - add a new entry + * @new: new entry to be added + * @head: llist head to add it before + * + * Insert a new entry before the specified head. + * This is useful for implementing queues. + */ +static inline void llist_add_tail(struct llist_head *_new, struct llist_head *head) +{ + __llist_add(_new, head->prev, head); +} + +/* + * Delete a llist entry by making the prev/next entries + * point to each other. + * + * This is only for internal llist manipulation where we know + * the prev/next entries already! + */ +static inline void __llist_del(struct llist_head * prev, struct llist_head * next) +{ + next->prev = prev; + prev->next = next; +} + +/** + * llist_del - deletes entry from llist. + * @entry: the element to delete from the llist. + * Note: llist_empty on entry does not return true after this, the entry is + * in an undefined state. + */ +static inline void llist_del(struct llist_head *entry) +{ + __llist_del(entry->prev, entry->next); + entry->next = (struct llist_head *)LLIST_POISON1; + entry->prev = (struct llist_head *)LLIST_POISON2; +} + +/** + * llist_del_init - deletes entry from llist and reinitialize it. + * @entry: the element to delete from the llist. + */ +static inline void llist_del_init(struct llist_head *entry) +{ + __llist_del(entry->prev, entry->next); + INIT_LLIST_HEAD(entry); +} + +/** + * llist_move - delete from one llist and add as another's head + * @llist: the entry to move + * @head: the head that will precede our entry + */ +static inline void llist_move(struct llist_head *llist, struct llist_head *head) +{ + __llist_del(llist->prev, llist->next); + llist_add(llist, head); +} + +/** + * llist_move_tail - delete from one llist and add as another's tail + * @llist: the entry to move + * @head: the head that will follow our entry + */ +static inline void llist_move_tail(struct llist_head *llist, + struct llist_head *head) +{ + __llist_del(llist->prev, llist->next); + llist_add_tail(llist, head); +} + +/** + * llist_empty - tests whether a llist is empty + * @head: the llist to test. + */ +static inline int llist_empty(const struct llist_head *head) +{ + return head->next == head; +} + +static inline void __llist_splice(struct llist_head *llist, + struct llist_head *head) +{ + struct llist_head *first = llist->next; + struct llist_head *last = llist->prev; + struct llist_head *at = head->next; + + first->prev = head; + head->next = first; + + last->next = at; + at->prev = last; +} + +/** + * llist_splice - join two llists + * @llist: the new llist to add. + * @head: the place to add it in the first llist. + */ +static inline void llist_splice(struct llist_head *llist, struct llist_head *head) +{ + if (!llist_empty(llist)) + __llist_splice(llist, head); +} + +/** + * llist_splice_init - join two llists and reinitialise the emptied llist. + * @llist: the new llist to add. + * @head: the place to add it in the first llist. + * + * The llist at @llist is reinitialised + */ +static inline void llist_splice_init(struct llist_head *llist, + struct llist_head *head) +{ + if (!llist_empty(llist)) { + __llist_splice(llist, head); + INIT_LLIST_HEAD(llist); + } +} + +/** + * llist_entry - get the struct for this entry + * @ptr: the &struct llist_head pointer. + * @type: the type of the struct this is embedded in. + * @member: the name of the llist_struct within the struct. + */ +#define llist_entry(ptr, type, member) \ + container_of(ptr, type, member) + +/** + * llist_for_each - iterate over a llist + * @pos: the &struct llist_head to use as a loop counter. + * @head: the head for your llist. + */ +#define llist_for_each(pos, head) \ + for (pos = (head)->next, prefetch(pos->next); pos != (head); \ + pos = pos->next, prefetch(pos->next)) + +/** + * __llist_for_each - iterate over a llist + * @pos: the &struct llist_head to use as a loop counter. + * @head: the head for your llist. + * + * This variant differs from llist_for_each() in that it's the + * simplest possible llist iteration code, no prefetching is done. + * Use this for code that knows the llist to be very short (empty + * or 1 entry) most of the time. + */ +#define __llist_for_each(pos, head) \ + for (pos = (head)->next; pos != (head); pos = pos->next) + +/** + * llist_for_each_prev - iterate over a llist backwards + * @pos: the &struct llist_head to use as a loop counter. + * @head: the head for your llist. + */ +#define llist_for_each_prev(pos, head) \ + for (pos = (head)->prev, prefetch(pos->prev); pos != (head); \ + pos = pos->prev, prefetch(pos->prev)) + +/** + * llist_for_each_safe - iterate over a llist safe against removal of llist entry + * @pos: the &struct llist_head to use as a loop counter. + * @n: another &struct llist_head to use as temporary storage + * @head: the head for your llist. + */ +#define llist_for_each_safe(pos, n, head) \ + for (pos = (head)->next, n = pos->next; pos != (head); \ + pos = n, n = pos->next) + +/** + * llist_for_each_entry - iterate over llist of given type + * @pos: the type * to use as a loop counter. + * @head: the head for your llist. + * @member: the name of the llist_struct within the struct. + */ +#define llist_for_each_entry(pos, head, member) \ + for (pos = llist_entry((head)->next, typeof(*pos), member), \ + prefetch(pos->member.next); \ + &pos->member != (head); \ + pos = llist_entry(pos->member.next, typeof(*pos), member), \ + prefetch(pos->member.next)) + +/** + * llist_for_each_entry_reverse - iterate backwards over llist of given type. + * @pos: the type * to use as a loop counter. + * @head: the head for your llist. + * @member: the name of the llist_struct within the struct. + */ +#define llist_for_each_entry_reverse(pos, head, member) \ + for (pos = llist_entry((head)->prev, typeof(*pos), member), \ + prefetch(pos->member.prev); \ + &pos->member != (head); \ + pos = llist_entry(pos->member.prev, typeof(*pos), member), \ + prefetch(pos->member.prev)) + +/** + * llist_for_each_entry_continue - iterate over llist of given type + * continuing after existing point + * @pos: the type * to use as a loop counter. + * @head: the head for your llist. + * @member: the name of the llist_struct within the struct. + */ +#define llist_for_each_entry_continue(pos, head, member) \ + for (pos = llist_entry(pos->member.next, typeof(*pos), member), \ + prefetch(pos->member.next); \ + &pos->member != (head); \ + pos = llist_entry(pos->member.next, typeof(*pos), member), \ + prefetch(pos->member.next)) + +/** + * llist_for_each_entry_safe - iterate over llist of given type safe against removal of llist entry + * @pos: the type * to use as a loop counter. + * @n: another type * to use as temporary storage + * @head: the head for your llist. + * @member: the name of the llist_struct within the struct. + */ +#define llist_for_each_entry_safe(pos, n, head, member) \ + for (pos = llist_entry((head)->next, typeof(*pos), member), \ + n = llist_entry(pos->member.next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = n, n = llist_entry(n->member.next, typeof(*n), member)) + +/** + * llist_for_each_rcu - iterate over an rcu-protected llist + * @pos: the &struct llist_head to use as a loop counter. + * @head: the head for your llist. + */ +#define llist_for_each_rcu(pos, head) \ + for (pos = (head)->next, prefetch(pos->next); pos != (head); \ + pos = pos->next, ({ smp_read_barrier_depends(); 0;}), prefetch(pos->next)) + +#define __llist_for_each_rcu(pos, head) \ + for (pos = (head)->next; pos != (head); \ + pos = pos->next, ({ smp_read_barrier_depends(); 0;})) + +/** + * llist_for_each_safe_rcu - iterate over an rcu-protected llist safe + * against removal of llist entry + * @pos: the &struct llist_head to use as a loop counter. + * @n: another &struct llist_head to use as temporary storage + * @head: the head for your llist. + */ +#define llist_for_each_safe_rcu(pos, n, head) \ + for (pos = (head)->next, n = pos->next; pos != (head); \ + pos = n, ({ smp_read_barrier_depends(); 0;}), n = pos->next) + +/** + * llist_for_each_entry_rcu - iterate over rcu llist of given type + * @pos: the type * to use as a loop counter. + * @head: the head for your llist. + * @member: the name of the llist_struct within the struct. + */ +#define llist_for_each_entry_rcu(pos, head, member) \ + for (pos = llist_entry((head)->next, typeof(*pos), member), \ + prefetch(pos->member.next); \ + &pos->member != (head); \ + pos = llist_entry(pos->member.next, typeof(*pos), member), \ + ({ smp_read_barrier_depends(); 0;}), \ + prefetch(pos->member.next)) + + +/** + * llist_for_each_continue_rcu - iterate over an rcu-protected llist + * continuing after existing point. + * @pos: the &struct llist_head to use as a loop counter. + * @head: the head for your llist. + */ +#define llist_for_each_continue_rcu(pos, head) \ + for ((pos) = (pos)->next, prefetch((pos)->next); (pos) != (head); \ + (pos) = (pos)->next, ({ smp_read_barrier_depends(); 0;}), prefetch((pos)->next)) + + +#endif diff --git a/utils.c b/utils.c new file mode 100644 index 0000000..97201b0 --- /dev/null +++ b/utils.c @@ -0,0 +1,213 @@ + +#include +#include +#include +#include + +#include "utils.h" + +/*! \addtogroup utils + * @{ + */ + +/*! \file utils.c */ + +static char namebuf[255]; + +/*! \brief get human-readable string for given value + * \param[in] vs Array of value_string tuples + * \param[in] val Value to be converted + * \returns pointer to human-readable string + */ +const char *get_value_string(const struct value_string *vs, uint32_t val) +{ + int i; + + for (i = 0;; i++) { + if (vs[i].value == 0 && vs[i].str == NULL) + break; + if (vs[i].value == val) + return vs[i].str; + } + + snprintf(namebuf, sizeof(namebuf), "unknown 0x%x", val); + return namebuf; +} + +/*! \brief get numeric value for given human-readable string + * \param[in] vs Array of value_string tuples + * \param[in] str human-readable string + * \returns numeric value (>0) or negative numer in case of error + */ +int get_string_value(const struct value_string *vs, const char *str) +{ + int i; + + for (i = 0;; i++) { + if (vs[i].value == 0 && vs[i].str == NULL) + break; + if (!strcasecmp(vs[i].str, str)) + return vs[i].value; + } + return -EINVAL; +} + +/*! \brief Convert BCD-encoded digit into printable character + * \param[in] bcd A single BCD-encoded digit + * \returns single printable character + */ +char osmo_bcd2char(uint8_t bcd) +{ + if (bcd < 0xa) + return '0' + bcd; + else + return 'A' + (bcd - 0xa); +} + +/* only works for numbers in ascii */ +uint8_t osmo_char2bcd(char c) +{ + return c - 0x30; +} + +int osmo_hexparse(const char *str, uint8_t *b, int max_len) + +{ + int i, l, v; + + l = strlen(str); + if ((l&1) || ((l>>1) > max_len)) + return -1; + + memset(b, 0x00, max_len); + + for (i=0; i= '0' && c <= '9') + v = c - '0'; + else if (c >= 'a' && c <= 'f') + v = 10 + (c - 'a'); + else if (c >= 'A' && c <= 'F') + v = 10 + (c - 'A'); + else + return -1; + b[i>>1] |= v << (i&1 ? 0 : 4); + } + + return i>>1; +} + +static char hexd_buff[4096]; + +static char *_osmo_hexdump(const unsigned char *buf, int len, const char *delim) +{ + int i; + char *cur = hexd_buff; + + hexd_buff[0] = 0; + for (i = 0; i < len; i++) { + int len_remain = sizeof(hexd_buff) - (cur - hexd_buff); + if (len_remain <= 0) + break; + int rc = snprintf(cur, len_remain, "%02x%s", buf[i], delim); + if (rc <= 0) + break; + cur += rc; + } + hexd_buff[sizeof(hexd_buff)-1] = 0; + return hexd_buff; +} + +/*! \brief Convert a sequence of unpacked bits to ASCII string + * \param[in] bits A sequence of unpacked bits + * \param[in] len Length of bits + */ +char *osmo_ubit_dump(const uint8_t *bits, unsigned int len) +{ + if (len > sizeof(hexd_buff)-1) + len = sizeof(hexd_buff)-1; + memset(hexd_buff, 0, sizeof(hexd_buff)); + + for (unsigned i = 0; i < len; i++) { + char outch; + switch (bits[i]) { + case 0: + outch = '0'; + break; + case 0xff: + outch = '?'; + break; + case 1: + outch = '1'; + break; + default: + outch = 'E'; + break; + } + hexd_buff[i] = outch; + } + hexd_buff[sizeof(hexd_buff)-1] = 0; + return hexd_buff; +} + +/*! \brief Convert binary sequence to hexadecimal ASCII string + * \param[in] buf pointer to sequence of bytes + * \param[in] len length of buf in number of bytes + * \returns pointer to zero-terminated string + * + * This function will print a sequence of bytes as hexadecimal numbers, + * adding one space character between each byte (e.g. "1a ef d9") + */ +char *osmo_hexdump(const unsigned char *buf, int len) +{ + return _osmo_hexdump(buf, len, " "); +} + +/*! \brief Convert binary sequence to hexadecimal ASCII string + * \param[in] buf pointer to sequence of bytes + * \param[in] len length of buf in number of bytes + * \returns pointer to zero-terminated string + * + * This function will print a sequence of bytes as hexadecimal numbers, + * without any space character between each byte (e.g. "1aefd9") + */ +char *osmo_hexdump_nospc(const unsigned char *buf, int len) +{ + return _osmo_hexdump(buf, len, ""); +} + + /* Compat with previous typo to preserve abi */ +// char *osmo_osmo_hexdump_nospc(const unsigned char *buf, int len) + // __attribute__((weak, alias("osmo_hexdump_nospc"))); + +// #include "../config.h" +#ifdef HAVE_CTYPE_H +#include +/*! \brief Convert an entire string to lower case + * \param[out] out output string, caller-allocated + * \param[in] in input string + */ +void osmo_str2lower(char *out, const char *in) +{ + unsigned int i; + + for (i = 0; i < strlen(in); i++) + out[i] = tolower(in[i]); + out[strlen(in)] = '\0'; +} + +/*! \brief Convert an entire string to upper case + * \param[out] out output string, caller-allocated + * \param[in] in input string + */ +void osmo_str2upper(char *out, const char *in) +{ + unsigned int i; + + for (i = 0; i < strlen(in); i++) + out[i] = toupper(in[i]); + out[strlen(in)] = '\0'; +} +#endif /* HAVE_CTYPE_H */ + +/*! @} */ diff --git a/utils.h b/utils.h new file mode 100644 index 0000000..d8f764f --- /dev/null +++ b/utils.h @@ -0,0 +1,22 @@ +#ifndef OSMOCORE_UTIL_H +#define OSMOCORE_UTIL_H + +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + +#include + +struct value_string { + unsigned int value; + const char *str; +}; + +const char *get_value_string(const struct value_string *vs, uint32_t val); +int get_string_value(const struct value_string *vs, const char *str); + +char *osmo_ubit_dump(const uint8_t *bits, unsigned int len); +char *osmo_hexdump_nospc(const unsigned char *buf, int len); + +int osmo_hexparse(const char *str, uint8_t *b, int max_len); + + +#endif