diff options
Diffstat (limited to 'src/shared/libosmocore/src/gsm/a5.c')
| -rw-r--r-- | src/shared/libosmocore/src/gsm/a5.c | 367 |
1 files changed, 0 insertions, 367 deletions
diff --git a/src/shared/libosmocore/src/gsm/a5.c b/src/shared/libosmocore/src/gsm/a5.c deleted file mode 100644 index 356060ab..00000000 --- a/src/shared/libosmocore/src/gsm/a5.c +++ /dev/null @@ -1,367 +0,0 @@ -/* - * a5.c - * - * Full reimplementation of A5/1,2 (split and threadsafe) - * - * The logic behind the algorithm is taken from "A pedagogical implementation - * of the GSM A5/1 and A5/2 "voice privacy" encryption algorithms." by - * Marc Briceno, Ian Goldberg, and David Wagner. - * - * Copyright (C) 2011 Sylvain Munaut <tnt@246tNt.com> - * - * All Rights Reserved - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -/*! \addtogroup a5 - * @{ - */ - -/*! \file gsm/a5.c - * \brief Osmocom GSM A5 ciphering algorithm implementation - */ - -#include <string.h> - -#include <osmocom/gsm/a5.h> - -/*! \brief Main method to generate a A5/x cipher stream - * \param[in] n Which A5/x method to use - * \param[in] key 8 byte array for the key (as received from the SIM) - * \param[in] fn Frame number - * \param[out] dl Pointer to array of ubits to return Downlink cipher stream - * \param[out] ul Pointer to array of ubits to return Uplink cipher stream - * - * Currently A5/[0-2] are supported. - * Either (or both) of dl/ul can be NULL if not needed. - */ -void -osmo_a5(int n, const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul) -{ - switch (n) - { - case 0: - if (dl) - memset(dl, 0x00, 114); - if (ul) - memset(ul, 0x00, 114); - break; - - case 1: - osmo_a5_1(key, fn, dl, ul); - break; - - case 2: - osmo_a5_2(key, fn, dl, ul); - break; - - default: - /* a5/[3..7] not supported here/yet */ - break; - } -} - - -/* ------------------------------------------------------------------------ */ -/* A5/1&2 common stuff */ -/* ------------------------------------------------------------------------ */ - -#define A5_R1_LEN 19 -#define A5_R2_LEN 22 -#define A5_R3_LEN 23 -#define A5_R4_LEN 17 /* A5/2 only */ - -#define A5_R1_MASK ((1<<A5_R1_LEN)-1) -#define A5_R2_MASK ((1<<A5_R2_LEN)-1) -#define A5_R3_MASK ((1<<A5_R3_LEN)-1) -#define A5_R4_MASK ((1<<A5_R4_LEN)-1) - -#define A5_R1_TAPS 0x072000 /* x^19 + x^18 + x^17 + x^14 + 1 */ -#define A5_R2_TAPS 0x300000 /* x^22 + x^21 + 1 */ -#define A5_R3_TAPS 0x700080 /* x^23 + x^22 + x^21 + x^8 + 1 */ -#define A5_R4_TAPS 0x010800 /* x^17 + x^12 + 1 */ - -/*! \brief Computes parity of a 32-bit word - * \param[in] x 32 bit word - * \return Parity bit (xor of all bits) as 0 or 1 - */ -static inline uint32_t -_a5_12_parity(uint32_t x) -{ - x ^= x >> 16; - x ^= x >> 8; - x ^= x >> 4; - x &= 0xf; - return (0x6996 >> x) & 1; -} - -/*! \brief Compute majority bit from 3 taps - * \param[in] v1 LFSR state ANDed with tap-bit - * \param[in] v2 LFSR state ANDed with tap-bit - * \param[in] v3 LFSR state ANDed with tap-bit - * \return The majority bit (0 or 1) - */ -static inline uint32_t -_a5_12_majority(uint32_t v1, uint32_t v2, uint32_t v3) -{ - return (!!v1 + !!v2 + !!v3) >= 2; -} - -/*! \brief Compute the next LFSR state - * \param[in] r Current state - * \param[in] mask LFSR mask - * \param[in] taps LFSR taps - * \return Next state - */ -static inline uint32_t -_a5_12_clock(uint32_t r, uint32_t mask, uint32_t taps) -{ - return ((r << 1) & mask) | _a5_12_parity(r & taps); -} - - -/* ------------------------------------------------------------------------ */ -/* A5/1 */ -/* ------------------------------------------------------------------------ */ - -#define A51_R1_CLKBIT 0x000100 -#define A51_R2_CLKBIT 0x000400 -#define A51_R3_CLKBIT 0x000400 - -/*! \brief GSM A5/1 Clocking function - * \param[in] r Register state - * \param[in] force Non-zero value disable conditional clocking - */ -static inline void -_a5_1_clock(uint32_t r[], int force) -{ - int cb[3], maj; - - cb[0] = !!(r[0] & A51_R1_CLKBIT); - cb[1] = !!(r[1] & A51_R2_CLKBIT); - cb[2] = !!(r[2] & A51_R3_CLKBIT); - - maj = _a5_12_majority(cb[0], cb[1], cb[2]); - - if (force || (maj == cb[0])) - r[0] = _a5_12_clock(r[0], A5_R1_MASK, A5_R1_TAPS); - - if (force || (maj == cb[1])) - r[1] = _a5_12_clock(r[1], A5_R2_MASK, A5_R2_TAPS); - - if (force || (maj == cb[2])) - r[2] = _a5_12_clock(r[2], A5_R3_MASK, A5_R3_TAPS); -} - -/*! \brief GSM A5/1 Output function - * \param[in] r Register state - * \return The A5/1 output function bit - */ -static inline uint8_t -_a5_1_get_output(uint32_t r[]) -{ - return (r[0] >> (A5_R1_LEN-1)) ^ - (r[1] >> (A5_R2_LEN-1)) ^ - (r[2] >> (A5_R3_LEN-1)); -} - -/*! \brief Generate a GSM A5/1 cipher stream - * \param[in] key 8 byte array for the key (as received from the SIM) - * \param[in] fn Frame number - * \param[out] dl Pointer to array of ubits to return Downlink cipher stream - * \param[out] ul Pointer to array of ubits to return Uplink cipher stream - * - * Either (or both) of dl/ul can be NULL if not needed. - */ -void -osmo_a5_1(const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul) -{ - uint32_t r[3] = {0, 0, 0}; - uint32_t fn_count; - uint32_t b; - int i; - - /* Key load */ - for (i=0; i<64; i++) - { - b = ( key[7 - (i>>3)] >> (i&7) ) & 1; - - _a5_1_clock(r, 1); - - r[0] ^= b; - r[1] ^= b; - r[2] ^= b; - } - - /* Frame count load */ - fn_count = osmo_a5_fn_count(fn); - - for (i=0; i<22; i++) - { - b = (fn_count >> i) & 1; - - _a5_1_clock(r, 1); - - r[0] ^= b; - r[1] ^= b; - r[2] ^= b; - } - - /* Mix */ - for (i=0; i<100; i++) - { - _a5_1_clock(r, 0); - } - - /* Output */ - for (i=0; i<114; i++) { - _a5_1_clock(r, 0); - if (dl) - dl[i] = _a5_1_get_output(r); - } - - for (i=0; i<114; i++) { - _a5_1_clock(r, 0); - if (ul) - ul[i] = _a5_1_get_output(r); - } -} - - -/* ------------------------------------------------------------------------ */ -/* A5/2 */ -/* ------------------------------------------------------------------------ */ - -#define A52_R4_CLKBIT0 0x000400 -#define A52_R4_CLKBIT1 0x000008 -#define A52_R4_CLKBIT2 0x000080 - -/*! \brief GSM A5/2 Clocking function - * \param[in] r Register state - * \param[in] force Non-zero value disable conditional clocking - */ -static inline void -_a5_2_clock(uint32_t r[], int force) -{ - int cb[3], maj; - - cb[0] = !!(r[3] & A52_R4_CLKBIT0); - cb[1] = !!(r[3] & A52_R4_CLKBIT1); - cb[2] = !!(r[3] & A52_R4_CLKBIT2); - - maj = (cb[0] + cb[1] + cb[2]) >= 2; - - if (force || (maj == cb[0])) - r[0] = _a5_12_clock(r[0], A5_R1_MASK, A5_R1_TAPS); - - if (force || (maj == cb[1])) - r[1] = _a5_12_clock(r[1], A5_R2_MASK, A5_R2_TAPS); - - if (force || (maj == cb[2])) - r[2] = _a5_12_clock(r[2], A5_R3_MASK, A5_R3_TAPS); - - r[3] = _a5_12_clock(r[3], A5_R4_MASK, A5_R4_TAPS); -} - -/*! \brief GSM A5/2 Output function - * \param[in] r Register state - * \return The A5/2 output function bit - */ -static inline uint8_t -_a5_2_get_output(uint32_t r[]) -{ - uint8_t b; - - b = (r[0] >> (A5_R1_LEN-1)) ^ - (r[1] >> (A5_R2_LEN-1)) ^ - (r[2] >> (A5_R3_LEN-1)) ^ - _a5_12_majority( r[0] & 0x08000, ~r[0] & 0x04000, r[0] & 0x1000) ^ - _a5_12_majority(~r[1] & 0x10000, r[1] & 0x02000, r[1] & 0x0200) ^ - _a5_12_majority( r[2] & 0x40000, r[2] & 0x10000, ~r[2] & 0x2000); - - return b; -} - -/*! \brief Generate a GSM A5/1 cipher stream - * \param[in] key 8 byte array for the key (as received from the SIM) - * \param[in] fn Frame number - * \param[out] dl Pointer to array of ubits to return Downlink cipher stream - * \param[out] ul Pointer to array of ubits to return Uplink cipher stream - * - * Either (or both) of dl/ul can be NULL if not needed. - */ -void -osmo_a5_2(const uint8_t *key, uint32_t fn, ubit_t *dl, ubit_t *ul) -{ - uint32_t r[4] = {0, 0, 0, 0}; - uint32_t fn_count; - uint32_t b; - int i; - - /* Key load */ - for (i=0; i<64; i++) - { - b = ( key[7 - (i>>3)] >> (i&7) ) & 1; - - _a5_2_clock(r, 1); - - r[0] ^= b; - r[1] ^= b; - r[2] ^= b; - r[3] ^= b; - } - - /* Frame count load */ - fn_count = osmo_a5_fn_count(fn); - - for (i=0; i<22; i++) - { - b = (fn_count >> i) & 1; - - _a5_2_clock(r, 1); - - r[0] ^= b; - r[1] ^= b; - r[2] ^= b; - r[3] ^= b; - } - - r[0] |= 1 << 15; - r[1] |= 1 << 16; - r[2] |= 1 << 18; - r[3] |= 1 << 10; - - /* Mix */ - for (i=0; i<99; i++) - { - _a5_2_clock(r, 0); - } - - /* Output */ - for (i=0; i<114; i++) { - _a5_2_clock(r, 0); - if (dl) - dl[i] = _a5_2_get_output(r); - } - - for (i=0; i<114; i++) { - _a5_2_clock(r, 0); - if (ul) - ul[i] = _a5_2_get_output(r); - } -} - -/*! @} */ |