authentication: More documentation

author: Harald Welte <laforge@gnumonks.org> 2012-07-18 19:47:56 +0200
committer: Harald Welte <laforge@gnumonks.org> 2012-07-18 19:47:56 +0200
commit: 007a71e3329aa76bb92701c9eb10743c68c93af9 (patch)
tree: 9fa4d0e47340f7ec57a1d97f8da09d122dbb8e52
parent: a9e4a1402b96652004d808bbe09d27c9b884c5df (diff)
2 files changed, 81 insertions, 20 deletions
diff --git a/include/osmocom/crypt/auth.h b/include/osmocom/crypt/auth.h
index 67b32009..871e7c87 100644
--- a/include/osmocom/crypt/auth.h
+++ b/include/osmocom/crypt/auth.h
@@ -1,11 +1,17 @@
 #ifndef _OSMOCRYPTO_AUTH_H
 #define _OSMOCRYPTO_AUTH_H
 
+/*! \addtogroup auth
+ *  @{
+ */
+
+/*! \file auth.h */
+
 #include <stdint.h>
 
 #include <osmocom/core/linuxlist.h>
 
-/*! \brief Authentication Type */
+/*! \brief Authentication Type (GSM/UMTS) */
 enum osmo_sub_auth_type {
 	OSMO_AUTH_TYPE_NONE	= 0x00,
 	OSMO_AUTH_TYPE_GSM	= 0x01,
@@ -29,42 +35,44 @@ struct osmo_sub_auth_data {
 	enum osmo_auth_algo algo;
 	union {
 		struct {
-			uint8_t opc[16];
-			uint8_t k[16];
+			uint8_t opc[16]; /*!< operator invariant value */
+			uint8_t k[16];	/*!< secret key of the subscriber */
 			uint8_t amf[2];
-			uint64_t sqn;
-			int opc_is_op;
+			uint64_t sqn;	/*!< sequence number */
+			int opc_is_op;	/*!< is the OPC field OPC (0) or OP (1) ? */
 		} umts;
 		struct {
-			uint8_t ki[16];
+			uint8_t ki[16];	/*!< secret key */
 		} gsm;
 	} u;
 };
 
 /* data structure describing a computed auth vector, generated by AuC */
 struct osmo_auth_vector {
-	uint8_t rand[16];
-	uint8_t autn[16];
-	uint8_t ck[16];
-	uint8_t ik[16];
-	uint8_t res[16];
-	uint8_t res_len;
-	uint8_t kc[8];
-	uint8_t sres[4];
+	uint8_t rand[16];	/*!< random challenge */
+	uint8_t autn[16];	/*!< authentication nonce */
+	uint8_t ck[16];		/*!< ciphering key */
+	uint8_t ik[16];		/*!< integrity key */
+	uint8_t res[16];	/*!< authentication result */
+	uint8_t res_len;	/*!< length (in bytes) of res */
+	uint8_t kc[8];		/*!< Kc for GSM encryption (A5) */
+	uint8_t sres[4];	/*!< authentication result for GSM */
 	uint32_t auth_types;	/*!< bitmask of OSMO_AUTH_TYPE_* */
 };
 
 /* \brief An implementation of an authentication algorithm */
 struct osmo_auth_impl {
 	struct llist_head list;
-	enum osmo_auth_algo algo;
-	const char *name;
-	unsigned int priority;
+	enum osmo_auth_algo algo; /*!< algorithm we implement */
+	const char *name;	/*!< name of the implementation */
+	unsigned int priority;	/*!< priority value (resp. othe implementations */
 
+	/*! \brief callback for generate authentication vectors */
 	int (*gen_vec)(struct osmo_auth_vector *vec,
 			struct osmo_sub_auth_data *aud,
 			const uint8_t *_rand);
 
+	/* \brief callback for generationg auth vectors + re-sync */
 	int (*gen_vec_auts)(struct osmo_auth_vector *vec,
 			    struct osmo_sub_auth_data *aud,
 			    const uint8_t *rand_auts, const uint8_t *auts,
@@ -89,3 +97,5 @@ const char *osmo_auth_alg_name(enum osmo_auth_algo alg);
 enum osmo_auth_algo osmo_auth_alg_parse(const char *name);
 
 #endif /* _OSMOCRYPTO_AUTH_H */
+
+/* @} */
diff --git a/src/gsm/auth_core.c b/src/gsm/auth_core.c
index 5e886eef..5cf8dfcf 100644
--- a/src/gsm/auth_core.c
+++ b/src/gsm/auth_core.c
@@ -1,6 +1,6 @@
 /* GSM/GPRS/3G authentication core infrastructure */
 
-/* (C) 2010-2011 by Harald Welte <laforge@gnumonks.org>
+/* (C) 2010-2012 by Harald Welte <laforge@gnumonks.org>
  *
  * All Rights Reserved
  *
@@ -30,11 +30,23 @@
 
 #include <osmocom/crypt/auth.h>
 
+/*! \addtogroup auth
+ *  @{
+ */
+
+/* \file auth_core.c
+ */
+
 static LLIST_HEAD(osmo_auths);
 
 static struct osmo_auth_impl *selected_auths[_OSMO_AUTH_ALG_NUM];
 
-/* register a cipher with the core */
+/*! \brief Register an authentication algorithm implementation with the core
+ *  \param[in] impl Structure describing implementation and it's callbacks
+ *
+ * This function is called by an authentication implementation plugin to
+ * register itself with the authentication core.
+ */
 int osmo_auth_register(struct osmo_auth_impl *impl)
 {
 	if (impl->algo >= ARRAY_SIZE(selected_auths))
@@ -50,13 +62,23 @@ int osmo_auth_register(struct osmo_auth_impl *impl)
 	return 0;
 }
 
-/* load all available GPRS cipher plugins */
+/*! \brief Load all available authentication plugins from the given path
+ *  \param[in] path Path name of the directory containing the plugins
+ *
+ * This function will load all plugins contained in the specified path.
+ */
 int osmo_auth_load(const char *path)
 {
 	/* load all plugins available from path */
 	return osmo_plugin_load_all(path);
 }
 
+/*! \brief Determine if a given authentication algorithm is supported
+ *  \param[in] algo Algorithm which should be checked
+ *
+ * This function is used by an application to determine at runtime if a
+ * given authentication algorithm is supported or not.
+ */
 int osmo_auth_supported(enum osmo_auth_algo algo)
 {
 	if (algo >= ARRAY_SIZE(selected_auths))
@@ -68,6 +90,17 @@ int osmo_auth_supported(enum osmo_auth_algo algo)
 	return 0;
 }
 
+/*! \brief Generate authentication vector
+ *  \param[out] vec Generated authentication vector
+ *  \param[in] aud Subscriber-specific key material
+ *  \param[in] rand Random challenge to be used
+ *
+ * This function performs the core cryptographic function of the AUC,
+ * computing authentication triples/quintuples based on the permanent
+ * subscriber data and a random value.  The result is what is forwarded
+ * by the AUC via HLR and VLR to the MSC which will then be able to
+ * invoke authentication with the MS
+ */
 int osmo_auth_gen_vec(struct osmo_auth_vector *vec,
 		      struct osmo_sub_auth_data *aud,
 		      const uint8_t *_rand)
@@ -87,6 +120,20 @@ int osmo_auth_gen_vec(struct osmo_auth_vector *vec,
 	return 0;
 }
 
+/*! \brief Generate authentication vector and re-sync sequence
+ *  \param[out] vec Generated authentication vector
+ *  \param[in] aud Subscriber-specific key material
+ *  \param[in] rand_auts RAND value sent by the SIM/MS
+ *  \param[in] auts AUTS value sent by the SIM/MS
+ *  \param[in] rand Random challenge to be used to generate vector
+ *
+ * This function performs a special variant of the  core cryptographic
+ * function of the AUC: computing authentication triples/quintuples
+ * based on the permanent subscriber data, a random value as well as the
+ * AUTS and RAND values returned by the SIM/MS.  This special variant is
+ * needed if the sequence numbers between MS and AUC have for some
+ * reason become diffrent.
+ */
 int osmo_auth_gen_vec_auts(struct osmo_auth_vector *vec,
 			   struct osmo_sub_auth_data *aud,
 			   const uint8_t *rand_auts, const uint8_t *auts,
@@ -110,12 +157,16 @@ static const struct value_string auth_alg_vals[] = {
 	{ 0, NULL }
 };
 
+/*! \brief Get human-readable name of authentication algorithm */
 const char *osmo_auth_alg_name(enum osmo_auth_algo alg)
 {
 	return get_value_string(auth_alg_vals, alg);
 }
 
+/*! \brief Parse human-readable name of authentication algorithm */
 enum osmo_auth_algo osmo_auth_alg_parse(const char *name)
 {
 	return get_string_value(auth_alg_vals, name);
 }
+
+/*! @} */
author	Harald Welte <laforge@gnumonks.org>	2012-07-18 19:47:56 +0200
committer	Harald Welte <laforge@gnumonks.org>	2012-07-18 19:47:56 +0200
commit	007a71e3329aa76bb92701c9eb10743c68c93af9 (patch)
tree	9fa4d0e47340f7ec57a1d97f8da09d122dbb8e52
parent	a9e4a1402b96652004d808bbe09d27c9b884c5df (diff)