diff --git a/configs/open5gs/udm.yaml.in b/configs/open5gs/udm.yaml.in index e1486c06a..1f9fa2223 100644 --- a/configs/open5gs/udm.yaml.in +++ b/configs/open5gs/udm.yaml.in @@ -72,60 +72,48 @@ sbi: cert: @sysconfdir@/open5gs/tls/udm.crt # -# o Generate the private key as below. -# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key -# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key +# # -# o The private and public keys can be viewed with the command. -# The public key is used when creating the SIM. -# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text -# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text +# o Generate the private key as below. +# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key +# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key # -# hnet: -# o Home network public key identifier(PKI) value : 1 -# Protection scheme identifier : ECIES scheme profile A -# - id: 1 -# scheme: 1 -# key: /etc/open5gs/hnet/curve25519-1.key +# o The private and public keys can be viewed with the command. +# The public key is used when creating the SIM. +# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text +# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text # -# o Home network public key identifier(PKI) value : 2 -# Protection scheme identifier : ECIES scheme profile B -# - id: 2 -# scheme: 2 -# key: /etc/open5gs/hnet/secp256r1-2.key +# o Home network public key identifier(PKI) value : 1 +# Protection scheme identifier : ECIES scheme profile A +# udm: +# hnet: +# - id: 1 +# scheme: 1 +# key: /etc/open5gs/hnet/curve25519-1.key # -# o Home network public key identifier(PKI) value : 3 -# Protection scheme identifier : ECIES scheme profile A -# - id: 3 -# scheme: 1 -# key: /etc/open5gs/hnet/curve25519-1.key +# o Home network public key identifier(PKI) value : 2 +# Protection scheme identifier : ECIES scheme profile B +# udm: +# hnet: +# - id: 2 +# scheme: 2 +# key: /etc/open5gs/hnet/secp256r1-2.key # -# o Home network public key identifier(PKI) value : 4 -# Protection scheme identifier : ECIES scheme profile B -# - id: 4 -# scheme: 2 -# key: /etc/open5gs/hnet/secp256r1-2.key +# o Home network public key identifier(PKI) value : 3 +# Protection scheme identifier : ECIES scheme profile A +# udm: +# hnet: +# - id: 3 +# scheme: 1 +# key: /etc/open5gs/hnet/curve25519-1.key # -hnet: - - id: 1 - scheme: 1 - key: @sysconfdir@/open5gs/hnet/curve25519-1.key - - id: 2 - scheme: 2 - key: @sysconfdir@/open5gs/hnet/secp256r1-2.key - - id: 3 - scheme: 1 - key: @sysconfdir@/open5gs/hnet/curve25519-3.key - - id: 4 - scheme: 2 - key: @sysconfdir@/open5gs/hnet/secp256r1-4.key - - id: 5 - scheme: 1 - key: @sysconfdir@/open5gs/hnet/curve25519-5.key - - id: 6 - scheme: 2 - key: @sysconfdir@/open5gs/hnet/secp256r1-6.key - +# o Home network public key identifier(PKI) value : 4 +# Protection scheme identifier : ECIES scheme profile B +# udm: +# hnet: +# - id: 4 +# scheme: 2 +# key: /etc/open5gs/hnet/secp256r1-2.key # # # @@ -309,6 +297,25 @@ hnet: # delegated: no # udm: + hnet: + - id: 1 + scheme: 1 + key: @sysconfdir@/open5gs/hnet/curve25519-1.key + - id: 2 + scheme: 2 + key: @sysconfdir@/open5gs/hnet/secp256r1-2.key + - id: 3 + scheme: 1 + key: @sysconfdir@/open5gs/hnet/curve25519-3.key + - id: 4 + scheme: 2 + key: @sysconfdir@/open5gs/hnet/secp256r1-4.key + - id: 5 + scheme: 1 + key: @sysconfdir@/open5gs/hnet/curve25519-5.key + - id: 6 + scheme: 2 + key: @sysconfdir@/open5gs/hnet/secp256r1-6.key sbi: - addr: 127.0.0.12 port: 7777 diff --git a/configs/sample.yaml.in b/configs/sample.yaml.in index 96a484622..14345bd51 100644 --- a/configs/sample.yaml.in +++ b/configs/sample.yaml.in @@ -14,14 +14,6 @@ sbi: key: @build_configs_dir@/open5gs/tls/testclient.key cert: @build_configs_dir@/open5gs/tls/testclient.crt -hnet: - - id: 1 - scheme: 1 - key: @build_configs_dir@/open5gs/hnet/curve25519-1.key - - id: 2 - scheme: 2 - key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key - parameter: # no_nrf: true # no_scp: true @@ -264,6 +256,13 @@ ausf: port: 7777 udm: + hnet: + - id: 1 + scheme: 1 + key: @build_configs_dir@/open5gs/hnet/curve25519-1.key + - id: 2 + scheme: 2 + key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key sbi: - addr: 127.0.0.12 port: 7777 diff --git a/lib/sbi/context.c b/lib/sbi/context.c index 0156359d8..d54443417 100644 --- a/lib/sbi/context.c +++ b/lib/sbi/context.c @@ -203,7 +203,6 @@ static int ogs_sbi_context_validation( } } - return OGS_OK; } @@ -703,82 +702,6 @@ int ogs_sbi_context_parse_config( YAML_SEQUENCE_NODE); } } - } else if (!strcmp(root_key, "hnet")) { - ogs_yaml_iter_t hnet_array, hnet_iter; - ogs_yaml_iter_recurse(&root_iter, &hnet_array); - do { - uint8_t id = 0, scheme = 0; - const char *filename = NULL; - - if (ogs_yaml_iter_type(&hnet_array) == - YAML_MAPPING_NODE) { - memcpy(&hnet_iter, &hnet_array, - sizeof(ogs_yaml_iter_t)); - } else if (ogs_yaml_iter_type(&hnet_array) == - YAML_SEQUENCE_NODE) { - if (!ogs_yaml_iter_next(&hnet_array)) - break; - ogs_yaml_iter_recurse(&hnet_array, - &hnet_iter); - } else if (ogs_yaml_iter_type(&hnet_array) == - YAML_SCALAR_NODE) { - break; - } else - ogs_assert_if_reached(); - - while (ogs_yaml_iter_next(&hnet_iter)) { - const char *hnet_key = - ogs_yaml_iter_key(&hnet_iter); - ogs_assert(hnet_key); - if (!strcmp(hnet_key, "id")) { - const char *v = ogs_yaml_iter_value(&hnet_iter); - if (v) { - if (atoi(v) >= 1 && atoi(v) <= 254) id = atoi(v); - } - } else if (!strcmp(hnet_key, "scheme")) { - const char *v = ogs_yaml_iter_value(&hnet_iter); - if (v) { - if (atoi(v) == 1 || atoi(v) == 2) - scheme = atoi(v); - } - } else if (!strcmp(hnet_key, "key")) { - filename = ogs_yaml_iter_value(&hnet_iter); - } else - ogs_warn("unknown key `%s`", hnet_key); - } - - if (id >= OGS_HOME_NETWORK_PKI_VALUE_MIN && - id <= OGS_HOME_NETWORK_PKI_VALUE_MAX && - filename) { - if (scheme == OGS_PROTECTION_SCHEME_PROFILE_A) { - rv = ogs_pem_decode_curve25519_key( - filename, self.hnet[id].key); - if (rv == OGS_OK) { - self.hnet[id].avail = true; - self.hnet[id].scheme = scheme; - } else { - ogs_error( - "ogs_pem_decode_curve25519_key[%s] failed", - filename); - } - } else if (scheme == OGS_PROTECTION_SCHEME_PROFILE_B) { - rv = ogs_pem_decode_secp256r1_key( - filename, self.hnet[id].key); - if (rv == OGS_OK) { - self.hnet[id].avail = true; - self.hnet[id].scheme = scheme; - } else { - ogs_error( - "ogs_pem_decode_secp256r1_key[%s] failed", - filename); - } - } else - ogs_error("Invalid scheme [%d]", scheme); - } else - ogs_error("Invalid home network configuration " - "[id:%d, filename:%s]", id, filename); - } while (ogs_yaml_iter_type(&hnet_array) == - YAML_SEQUENCE_NODE); } } @@ -788,6 +711,82 @@ int ogs_sbi_context_parse_config( return OGS_OK; } +int ogs_sbi_context_parse_hnet_config(ogs_yaml_iter_t *root_iter) +{ + int rv; + ogs_yaml_iter_t hnet_array, hnet_iter; + + ogs_assert(root_iter); + ogs_yaml_iter_recurse(root_iter, &hnet_array); + do { + uint8_t id = 0, scheme = 0; + const char *filename = NULL; + + if (ogs_yaml_iter_type(&hnet_array) == YAML_MAPPING_NODE) { + memcpy(&hnet_iter, &hnet_array, sizeof(ogs_yaml_iter_t)); + } else if (ogs_yaml_iter_type(&hnet_array) == YAML_SEQUENCE_NODE) { + if (!ogs_yaml_iter_next(&hnet_array)) + break; + ogs_yaml_iter_recurse(&hnet_array, &hnet_iter); + } else if (ogs_yaml_iter_type(&hnet_array) == YAML_SCALAR_NODE) { + break; + } else + ogs_assert_if_reached(); + + while (ogs_yaml_iter_next(&hnet_iter)) { + const char *hnet_key = ogs_yaml_iter_key(&hnet_iter); + ogs_assert(hnet_key); + if (!strcmp(hnet_key, "id")) { + const char *v = ogs_yaml_iter_value(&hnet_iter); + if (v) { + if (atoi(v) >= 1 && atoi(v) <= 254) + id = atoi(v); + } + } else if (!strcmp(hnet_key, "scheme")) { + const char *v = ogs_yaml_iter_value(&hnet_iter); + if (v) { + if (atoi(v) == 1 || atoi(v) == 2) + scheme = atoi(v); + } + } else if (!strcmp(hnet_key, "key")) { + filename = ogs_yaml_iter_value(&hnet_iter); + } else + ogs_warn("unknown key `%s`", hnet_key); + } + + if (id >= OGS_HOME_NETWORK_PKI_VALUE_MIN && + id <= OGS_HOME_NETWORK_PKI_VALUE_MAX && + filename) { + if (scheme == OGS_PROTECTION_SCHEME_PROFILE_A) { + rv = ogs_pem_decode_curve25519_key( + filename, self.hnet[id].key); + if (rv == OGS_OK) { + self.hnet[id].avail = true; + self.hnet[id].scheme = scheme; + } else { + ogs_error("ogs_pem_decode_curve25519_key" + "[%s] failed", filename); + } + } else if (scheme == OGS_PROTECTION_SCHEME_PROFILE_B) { + rv = ogs_pem_decode_secp256r1_key( + filename, self.hnet[id].key); + if (rv == OGS_OK) { + self.hnet[id].avail = true; + self.hnet[id].scheme = scheme; + } else { + ogs_error("ogs_pem_decode_secp256r1_key[%s]" + " failed", filename); + } + } else + ogs_error("Invalid scheme [%d]", scheme); + } else + ogs_error("Invalid home network configuration " + "[id:%d, filename:%s]", id, filename); + } while (ogs_yaml_iter_type(&hnet_array) == YAML_SEQUENCE_NODE); + + return OGS_OK; +} + bool ogs_sbi_nf_service_is_available(const char *name) { int i; diff --git a/lib/sbi/context.h b/lib/sbi/context.h index 60c9860d5..b6a8c4543 100644 --- a/lib/sbi/context.h +++ b/lib/sbi/context.h @@ -334,6 +334,7 @@ void ogs_sbi_context_final(void); ogs_sbi_context_t *ogs_sbi_self(void); int ogs_sbi_context_parse_config( const char *local, const char *nrf, const char *scp); +int ogs_sbi_context_parse_hnet_config(ogs_yaml_iter_t *root_iter); bool ogs_sbi_nf_service_is_available(const char *name); diff --git a/src/udm/context.c b/src/udm/context.c index 7b9dcf62e..45535b45c 100644 --- a/src/udm/context.c +++ b/src/udm/context.c @@ -106,6 +106,9 @@ int udm_context_parse_config(void) /* handle config in sbi library */ } else if (!strcmp(udm_key, "discovery")) { /* handle config in sbi library */ + } else if (!strcmp(udm_key, "hnet")) { + rv = ogs_sbi_context_parse_hnet_config(&udm_iter); + if (rv != OGS_OK) return rv; } else ogs_warn("unknown key `%s`", udm_key); } diff --git a/tests/registration/abts-main.c b/tests/registration/abts-main.c index 37435de57..7596b2f39 100644 --- a/tests/registration/abts-main.c +++ b/tests/registration/abts-main.c @@ -61,12 +61,48 @@ static void terminate(void) test_child_terminate(); app_terminate(); - ogs_sbi_context_final(); test_5gc_final(); ogs_app_terminate(); } +static int test_udm_context_parse_config(void) +{ + int rv; + yaml_document_t *document = NULL; + ogs_yaml_iter_t root_iter; + + document = ogs_app()->document; + ogs_assert(document); + + ogs_yaml_iter_init(&root_iter, document); + while (ogs_yaml_iter_next(&root_iter)) { + const char *root_key = ogs_yaml_iter_key(&root_iter); + ogs_assert(root_key); + if (!strcmp(root_key, "udm")) { + ogs_yaml_iter_t udm_iter; + ogs_yaml_iter_recurse(&root_iter, &udm_iter); + while (ogs_yaml_iter_next(&udm_iter)) { + const char *udm_key = ogs_yaml_iter_key(&udm_iter); + ogs_assert(udm_key); + if (!strcmp(udm_key, "sbi")) { + /* handle config in sbi library */ + } else if (!strcmp(udm_key, "service_name")) { + /* handle config in sbi library */ + } else if (!strcmp(udm_key, "discovery")) { + /* handle config in sbi library */ + } else if (!strcmp(udm_key, "hnet")) { + rv = ogs_sbi_context_parse_hnet_config(&udm_iter); + if (rv != OGS_OK) return rv; + } else + ogs_warn("unknown key `%s`", udm_key); + } + } + } + + return OGS_OK; +} + static void initialize(const char *const argv[]) { int rv; @@ -76,8 +112,7 @@ static void initialize(const char *const argv[]) test_5gc_init(); - ogs_sbi_context_init(OpenAPI_nf_type_AMF); - ogs_assert(ogs_sbi_context_parse_config(NULL, "nrf", "scp") == OGS_OK); + ogs_assert(OGS_OK == test_udm_context_parse_config()); rv = app_initialize(argv); ogs_assert(rv == OGS_OK);