sysmocom
/
open5gs
forked from acouzens/open5gs
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[SBI] Move HNET PKI conf inside UDM

This commit is contained in:
Sukchan Lee 2023-02-18 12:41:08 +09:00
parent 05fbaf6958
commit 0df402bd49
6 changed files with 180 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
configs/open5gs/udm.yaml.in
View File

@ -72,60 +72,48 @@ sbi:
cert: @sysconfdir@/open5gs/tls/udm.crt
#
# o Generate the private key as below.
# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
# <Home Network Public Key>
#
# o The private and public keys can be viewed with the command.
# The public key is used when creating the SIM.
# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
# o Generate the private key as below.
# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
#
# hnet:
# o Home network public key identifier(PKI) value : 1
# Protection scheme identifier : ECIES scheme profile A
# - id: 1
# scheme: 1
# key: /etc/open5gs/hnet/curve25519-1.key
# o The private and public keys can be viewed with the command.
# The public key is used when creating the SIM.
# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
#
# o Home network public key identifier(PKI) value : 2
# Protection scheme identifier : ECIES scheme profile B
# - id: 2
# scheme: 2
# key: /etc/open5gs/hnet/secp256r1-2.key
# o Home network public key identifier(PKI) value : 1
# Protection scheme identifier : ECIES scheme profile A
# udm:
# hnet:
# - id: 1
# scheme: 1
# key: /etc/open5gs/hnet/curve25519-1.key
#
# o Home network public key identifier(PKI) value : 3
# Protection scheme identifier : ECIES scheme profile A
# - id: 3
# scheme: 1
# key: /etc/open5gs/hnet/curve25519-1.key
# o Home network public key identifier(PKI) value : 2
# Protection scheme identifier : ECIES scheme profile B
# udm:
# hnet:
# - id: 2
# scheme: 2
# key: /etc/open5gs/hnet/secp256r1-2.key
#
# o Home network public key identifier(PKI) value : 4
# Protection scheme identifier : ECIES scheme profile B
# - id: 4
# scheme: 2
# key: /etc/open5gs/hnet/secp256r1-2.key
# o Home network public key identifier(PKI) value : 3
# Protection scheme identifier : ECIES scheme profile A
# udm:
# hnet:
# - id: 3
# scheme: 1
# key: /etc/open5gs/hnet/curve25519-1.key
#
hnet:
- id: 1
scheme: 1
key: @sysconfdir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-2.key
- id: 3
scheme: 1
key: @sysconfdir@/open5gs/hnet/curve25519-3.key
- id: 4
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-4.key
- id: 5
scheme: 1
key: @sysconfdir@/open5gs/hnet/curve25519-5.key
- id: 6
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
# o Home network public key identifier(PKI) value : 4
# Protection scheme identifier : ECIES scheme profile B
# udm:
# hnet:
# - id: 4
# scheme: 2
# key: /etc/open5gs/hnet/secp256r1-2.key
#
# <SBI Server>
#
@ -309,6 +297,25 @@ hnet:
# delegated: no
#
udm:
hnet:
- id: 1
scheme: 1
key: @sysconfdir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-2.key
- id: 3
scheme: 1
key: @sysconfdir@/open5gs/hnet/curve25519-3.key
- id: 4
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-4.key
- id: 5
scheme: 1
key: @sysconfdir@/open5gs/hnet/curve25519-5.key
- id: 6
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
sbi:
- addr: 127.0.0.12
port: 7777

15
configs/sample.yaml.in
View File

@ -14,14 +14,6 @@ sbi:
key: @build_configs_dir@/open5gs/tls/testclient.key
cert: @build_configs_dir@/open5gs/tls/testclient.crt
hnet:
- id: 1
scheme: 1
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
parameter:
# no_nrf: true
# no_scp: true
@ -264,6 +256,13 @@ ausf:
port: 7777
udm:
hnet:
- id: 1
scheme: 1
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
sbi:
- addr: 127.0.0.12
port: 7777

153
lib/sbi/context.c
View File

@ -203,7 +203,6 @@ static int ogs_sbi_context_validation(
}
}
return OGS_OK;
}
@ -703,82 +702,6 @@ int ogs_sbi_context_parse_config(
YAML_SEQUENCE_NODE);
}
}
} else if (!strcmp(root_key, "hnet")) {
ogs_yaml_iter_t hnet_array, hnet_iter;
ogs_yaml_iter_recurse(&root_iter, &hnet_array);
do {
uint8_t id = 0, scheme = 0;
const char *filename = NULL;
if (ogs_yaml_iter_type(&hnet_array) ==
YAML_MAPPING_NODE) {
memcpy(&hnet_iter, &hnet_array,
sizeof(ogs_yaml_iter_t));
} else if (ogs_yaml_iter_type(&hnet_array) ==
YAML_SEQUENCE_NODE) {
if (!ogs_yaml_iter_next(&hnet_array))
break;
ogs_yaml_iter_recurse(&hnet_array,
&hnet_iter);
} else if (ogs_yaml_iter_type(&hnet_array) ==
YAML_SCALAR_NODE) {
break;
} else
ogs_assert_if_reached();
while (ogs_yaml_iter_next(&hnet_iter)) {
const char *hnet_key =
ogs_yaml_iter_key(&hnet_iter);
ogs_assert(hnet_key);
if (!strcmp(hnet_key, "id")) {
const char *v = ogs_yaml_iter_value(&hnet_iter);
if (v) {
if (atoi(v) >= 1 && atoi(v) <= 254) id = atoi(v);
}
} else if (!strcmp(hnet_key, "scheme")) {
const char *v = ogs_yaml_iter_value(&hnet_iter);
if (v) {
if (atoi(v) == 1 || atoi(v) == 2)
scheme = atoi(v);
}
} else if (!strcmp(hnet_key, "key")) {
filename = ogs_yaml_iter_value(&hnet_iter);
} else
ogs_warn("unknown key `%s`", hnet_key);
}
if (id >= OGS_HOME_NETWORK_PKI_VALUE_MIN &&
id <= OGS_HOME_NETWORK_PKI_VALUE_MAX &&
filename) {
if (scheme == OGS_PROTECTION_SCHEME_PROFILE_A) {
rv = ogs_pem_decode_curve25519_key(
filename, self.hnet[id].key);
if (rv == OGS_OK) {
self.hnet[id].avail = true;
self.hnet[id].scheme = scheme;
} else {
ogs_error(
"ogs_pem_decode_curve25519_key[%s] failed",
filename);
}
} else if (scheme == OGS_PROTECTION_SCHEME_PROFILE_B) {
rv = ogs_pem_decode_secp256r1_key(
filename, self.hnet[id].key);
if (rv == OGS_OK) {
self.hnet[id].avail = true;
self.hnet[id].scheme = scheme;
} else {
ogs_error(
"ogs_pem_decode_secp256r1_key[%s] failed",
filename);
}
} else
ogs_error("Invalid scheme [%d]", scheme);
} else
ogs_error("Invalid home network configuration "
"[id:%d, filename:%s]", id, filename);
} while (ogs_yaml_iter_type(&hnet_array) ==
YAML_SEQUENCE_NODE);
}
}
@ -788,6 +711,82 @@ int ogs_sbi_context_parse_config(
return OGS_OK;
}
int ogs_sbi_context_parse_hnet_config(ogs_yaml_iter_t *root_iter)
{
int rv;
ogs_yaml_iter_t hnet_array, hnet_iter;
ogs_assert(root_iter);
ogs_yaml_iter_recurse(root_iter, &hnet_array);
do {
uint8_t id = 0, scheme = 0;
const char *filename = NULL;
if (ogs_yaml_iter_type(&hnet_array) == YAML_MAPPING_NODE) {
memcpy(&hnet_iter, &hnet_array, sizeof(ogs_yaml_iter_t));
} else if (ogs_yaml_iter_type(&hnet_array) == YAML_SEQUENCE_NODE) {
if (!ogs_yaml_iter_next(&hnet_array))
break;
ogs_yaml_iter_recurse(&hnet_array, &hnet_iter);
} else if (ogs_yaml_iter_type(&hnet_array) == YAML_SCALAR_NODE) {
break;
} else
ogs_assert_if_reached();
while (ogs_yaml_iter_next(&hnet_iter)) {
const char *hnet_key = ogs_yaml_iter_key(&hnet_iter);
ogs_assert(hnet_key);
if (!strcmp(hnet_key, "id")) {
const char *v = ogs_yaml_iter_value(&hnet_iter);
if (v) {
if (atoi(v) >= 1 && atoi(v) <= 254)
id = atoi(v);
}
} else if (!strcmp(hnet_key, "scheme")) {
const char *v = ogs_yaml_iter_value(&hnet_iter);
if (v) {
if (atoi(v) == 1 || atoi(v) == 2)
scheme = atoi(v);
}
} else if (!strcmp(hnet_key, "key")) {
filename = ogs_yaml_iter_value(&hnet_iter);
} else
ogs_warn("unknown key `%s`", hnet_key);
}
if (id >= OGS_HOME_NETWORK_PKI_VALUE_MIN &&
id <= OGS_HOME_NETWORK_PKI_VALUE_MAX &&
filename) {
if (scheme == OGS_PROTECTION_SCHEME_PROFILE_A) {
rv = ogs_pem_decode_curve25519_key(
filename, self.hnet[id].key);
if (rv == OGS_OK) {
self.hnet[id].avail = true;
self.hnet[id].scheme = scheme;
} else {
ogs_error("ogs_pem_decode_curve25519_key"
"[%s] failed", filename);
}
} else if (scheme == OGS_PROTECTION_SCHEME_PROFILE_B) {
rv = ogs_pem_decode_secp256r1_key(
filename, self.hnet[id].key);
if (rv == OGS_OK) {
self.hnet[id].avail = true;
self.hnet[id].scheme = scheme;
} else {
ogs_error("ogs_pem_decode_secp256r1_key[%s]"
" failed", filename);
}
} else
ogs_error("Invalid scheme [%d]", scheme);
} else
ogs_error("Invalid home network configuration "
"[id:%d, filename:%s]", id, filename);
} while (ogs_yaml_iter_type(&hnet_array) == YAML_SEQUENCE_NODE);
return OGS_OK;
}
bool ogs_sbi_nf_service_is_available(const char *name)
{
int i;

1
lib/sbi/context.h
View File

@ -334,6 +334,7 @@ void ogs_sbi_context_final(void);
ogs_sbi_context_t *ogs_sbi_self(void);
int ogs_sbi_context_parse_config(
const char *local, const char *nrf, const char *scp);
int ogs_sbi_context_parse_hnet_config(ogs_yaml_iter_t *root_iter);
bool ogs_sbi_nf_service_is_available(const char *name);

3
src/udm/context.c
View File

@ -106,6 +106,9 @@ int udm_context_parse_config(void)
/* handle config in sbi library */
} else if (!strcmp(udm_key, "discovery")) {
/* handle config in sbi library */
} else if (!strcmp(udm_key, "hnet")) {
rv = ogs_sbi_context_parse_hnet_config(&udm_iter);
if (rv != OGS_OK) return rv;
} else
ogs_warn("unknown key `%s`", udm_key);
}

41
tests/registration/abts-main.c
View File

@ -61,12 +61,48 @@ static void terminate(void)
test_child_terminate();
app_terminate();
ogs_sbi_context_final();
test_5gc_final();
ogs_app_terminate();
}
static int test_udm_context_parse_config(void)
{
int rv;
yaml_document_t *document = NULL;
ogs_yaml_iter_t root_iter;
document = ogs_app()->document;
ogs_assert(document);
ogs_yaml_iter_init(&root_iter, document);
while (ogs_yaml_iter_next(&root_iter)) {
const char *root_key = ogs_yaml_iter_key(&root_iter);
ogs_assert(root_key);
if (!strcmp(root_key, "udm")) {
ogs_yaml_iter_t udm_iter;
ogs_yaml_iter_recurse(&root_iter, &udm_iter);
while (ogs_yaml_iter_next(&udm_iter)) {
const char *udm_key = ogs_yaml_iter_key(&udm_iter);
ogs_assert(udm_key);
if (!strcmp(udm_key, "sbi")) {
/* handle config in sbi library */
} else if (!strcmp(udm_key, "service_name")) {
/* handle config in sbi library */
} else if (!strcmp(udm_key, "discovery")) {
/* handle config in sbi library */
} else if (!strcmp(udm_key, "hnet")) {
rv = ogs_sbi_context_parse_hnet_config(&udm_iter);
if (rv != OGS_OK) return rv;
} else
ogs_warn("unknown key `%s`", udm_key);
}
}
}
return OGS_OK;
}
static void initialize(const char *const argv[])
{
int rv;
@ -76,8 +112,7 @@ static void initialize(const char *const argv[])
test_5gc_init();
ogs_sbi_context_init(OpenAPI_nf_type_AMF);
ogs_assert(ogs_sbi_context_parse_config(NULL, "nrf", "scp") == OGS_OK);
ogs_assert(OGS_OK == test_udm_context_parse_config());
rv = app_initialize(argv);
ogs_assert(rv == OGS_OK);