forked from acouzens/open5gs
[SBI] Move HNET PKI conf inside UDM
This commit is contained in:
parent
05fbaf6958
commit
0df402bd49
|
@ -72,60 +72,48 @@ sbi:
|
|||
cert: @sysconfdir@/open5gs/tls/udm.crt
|
||||
|
||||
#
|
||||
# o Generate the private key as below.
|
||||
# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
|
||||
# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
|
||||
# <Home Network Public Key>
|
||||
#
|
||||
# o The private and public keys can be viewed with the command.
|
||||
# The public key is used when creating the SIM.
|
||||
# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
|
||||
# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
|
||||
# o Generate the private key as below.
|
||||
# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
|
||||
# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
|
||||
#
|
||||
# hnet:
|
||||
# o Home network public key identifier(PKI) value : 1
|
||||
# Protection scheme identifier : ECIES scheme profile A
|
||||
# - id: 1
|
||||
# scheme: 1
|
||||
# key: /etc/open5gs/hnet/curve25519-1.key
|
||||
# o The private and public keys can be viewed with the command.
|
||||
# The public key is used when creating the SIM.
|
||||
# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
|
||||
# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
|
||||
#
|
||||
# o Home network public key identifier(PKI) value : 2
|
||||
# Protection scheme identifier : ECIES scheme profile B
|
||||
# - id: 2
|
||||
# scheme: 2
|
||||
# key: /etc/open5gs/hnet/secp256r1-2.key
|
||||
# o Home network public key identifier(PKI) value : 1
|
||||
# Protection scheme identifier : ECIES scheme profile A
|
||||
# udm:
|
||||
# hnet:
|
||||
# - id: 1
|
||||
# scheme: 1
|
||||
# key: /etc/open5gs/hnet/curve25519-1.key
|
||||
#
|
||||
# o Home network public key identifier(PKI) value : 3
|
||||
# Protection scheme identifier : ECIES scheme profile A
|
||||
# - id: 3
|
||||
# scheme: 1
|
||||
# key: /etc/open5gs/hnet/curve25519-1.key
|
||||
# o Home network public key identifier(PKI) value : 2
|
||||
# Protection scheme identifier : ECIES scheme profile B
|
||||
# udm:
|
||||
# hnet:
|
||||
# - id: 2
|
||||
# scheme: 2
|
||||
# key: /etc/open5gs/hnet/secp256r1-2.key
|
||||
#
|
||||
# o Home network public key identifier(PKI) value : 4
|
||||
# Protection scheme identifier : ECIES scheme profile B
|
||||
# - id: 4
|
||||
# scheme: 2
|
||||
# key: /etc/open5gs/hnet/secp256r1-2.key
|
||||
# o Home network public key identifier(PKI) value : 3
|
||||
# Protection scheme identifier : ECIES scheme profile A
|
||||
# udm:
|
||||
# hnet:
|
||||
# - id: 3
|
||||
# scheme: 1
|
||||
# key: /etc/open5gs/hnet/curve25519-1.key
|
||||
#
|
||||
hnet:
|
||||
- id: 1
|
||||
scheme: 1
|
||||
key: @sysconfdir@/open5gs/hnet/curve25519-1.key
|
||||
- id: 2
|
||||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-2.key
|
||||
- id: 3
|
||||
scheme: 1
|
||||
key: @sysconfdir@/open5gs/hnet/curve25519-3.key
|
||||
- id: 4
|
||||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-4.key
|
||||
- id: 5
|
||||
scheme: 1
|
||||
key: @sysconfdir@/open5gs/hnet/curve25519-5.key
|
||||
- id: 6
|
||||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
|
||||
|
||||
# o Home network public key identifier(PKI) value : 4
|
||||
# Protection scheme identifier : ECIES scheme profile B
|
||||
# udm:
|
||||
# hnet:
|
||||
# - id: 4
|
||||
# scheme: 2
|
||||
# key: /etc/open5gs/hnet/secp256r1-2.key
|
||||
#
|
||||
# <SBI Server>
|
||||
#
|
||||
|
@ -309,6 +297,25 @@ hnet:
|
|||
# delegated: no
|
||||
#
|
||||
udm:
|
||||
hnet:
|
||||
- id: 1
|
||||
scheme: 1
|
||||
key: @sysconfdir@/open5gs/hnet/curve25519-1.key
|
||||
- id: 2
|
||||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-2.key
|
||||
- id: 3
|
||||
scheme: 1
|
||||
key: @sysconfdir@/open5gs/hnet/curve25519-3.key
|
||||
- id: 4
|
||||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-4.key
|
||||
- id: 5
|
||||
scheme: 1
|
||||
key: @sysconfdir@/open5gs/hnet/curve25519-5.key
|
||||
- id: 6
|
||||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
|
||||
sbi:
|
||||
- addr: 127.0.0.12
|
||||
port: 7777
|
||||
|
|
|
@ -14,14 +14,6 @@ sbi:
|
|||
key: @build_configs_dir@/open5gs/tls/testclient.key
|
||||
cert: @build_configs_dir@/open5gs/tls/testclient.crt
|
||||
|
||||
hnet:
|
||||
- id: 1
|
||||
scheme: 1
|
||||
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
|
||||
- id: 2
|
||||
scheme: 2
|
||||
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
|
||||
|
||||
parameter:
|
||||
# no_nrf: true
|
||||
# no_scp: true
|
||||
|
@ -264,6 +256,13 @@ ausf:
|
|||
port: 7777
|
||||
|
||||
udm:
|
||||
hnet:
|
||||
- id: 1
|
||||
scheme: 1
|
||||
key: @build_configs_dir@/open5gs/hnet/curve25519-1.key
|
||||
- id: 2
|
||||
scheme: 2
|
||||
key: @build_configs_dir@/open5gs/hnet/secp256r1-2.key
|
||||
sbi:
|
||||
- addr: 127.0.0.12
|
||||
port: 7777
|
||||
|
|
|
@ -203,7 +203,6 @@ static int ogs_sbi_context_validation(
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
return OGS_OK;
|
||||
}
|
||||
|
||||
|
@ -703,82 +702,6 @@ int ogs_sbi_context_parse_config(
|
|||
YAML_SEQUENCE_NODE);
|
||||
}
|
||||
}
|
||||
} else if (!strcmp(root_key, "hnet")) {
|
||||
ogs_yaml_iter_t hnet_array, hnet_iter;
|
||||
ogs_yaml_iter_recurse(&root_iter, &hnet_array);
|
||||
do {
|
||||
uint8_t id = 0, scheme = 0;
|
||||
const char *filename = NULL;
|
||||
|
||||
if (ogs_yaml_iter_type(&hnet_array) ==
|
||||
YAML_MAPPING_NODE) {
|
||||
memcpy(&hnet_iter, &hnet_array,
|
||||
sizeof(ogs_yaml_iter_t));
|
||||
} else if (ogs_yaml_iter_type(&hnet_array) ==
|
||||
YAML_SEQUENCE_NODE) {
|
||||
if (!ogs_yaml_iter_next(&hnet_array))
|
||||
break;
|
||||
ogs_yaml_iter_recurse(&hnet_array,
|
||||
&hnet_iter);
|
||||
} else if (ogs_yaml_iter_type(&hnet_array) ==
|
||||
YAML_SCALAR_NODE) {
|
||||
break;
|
||||
} else
|
||||
ogs_assert_if_reached();
|
||||
|
||||
while (ogs_yaml_iter_next(&hnet_iter)) {
|
||||
const char *hnet_key =
|
||||
ogs_yaml_iter_key(&hnet_iter);
|
||||
ogs_assert(hnet_key);
|
||||
if (!strcmp(hnet_key, "id")) {
|
||||
const char *v = ogs_yaml_iter_value(&hnet_iter);
|
||||
if (v) {
|
||||
if (atoi(v) >= 1 && atoi(v) <= 254) id = atoi(v);
|
||||
}
|
||||
} else if (!strcmp(hnet_key, "scheme")) {
|
||||
const char *v = ogs_yaml_iter_value(&hnet_iter);
|
||||
if (v) {
|
||||
if (atoi(v) == 1 || atoi(v) == 2)
|
||||
scheme = atoi(v);
|
||||
}
|
||||
} else if (!strcmp(hnet_key, "key")) {
|
||||
filename = ogs_yaml_iter_value(&hnet_iter);
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", hnet_key);
|
||||
}
|
||||
|
||||
if (id >= OGS_HOME_NETWORK_PKI_VALUE_MIN &&
|
||||
id <= OGS_HOME_NETWORK_PKI_VALUE_MAX &&
|
||||
filename) {
|
||||
if (scheme == OGS_PROTECTION_SCHEME_PROFILE_A) {
|
||||
rv = ogs_pem_decode_curve25519_key(
|
||||
filename, self.hnet[id].key);
|
||||
if (rv == OGS_OK) {
|
||||
self.hnet[id].avail = true;
|
||||
self.hnet[id].scheme = scheme;
|
||||
} else {
|
||||
ogs_error(
|
||||
"ogs_pem_decode_curve25519_key[%s] failed",
|
||||
filename);
|
||||
}
|
||||
} else if (scheme == OGS_PROTECTION_SCHEME_PROFILE_B) {
|
||||
rv = ogs_pem_decode_secp256r1_key(
|
||||
filename, self.hnet[id].key);
|
||||
if (rv == OGS_OK) {
|
||||
self.hnet[id].avail = true;
|
||||
self.hnet[id].scheme = scheme;
|
||||
} else {
|
||||
ogs_error(
|
||||
"ogs_pem_decode_secp256r1_key[%s] failed",
|
||||
filename);
|
||||
}
|
||||
} else
|
||||
ogs_error("Invalid scheme [%d]", scheme);
|
||||
} else
|
||||
ogs_error("Invalid home network configuration "
|
||||
"[id:%d, filename:%s]", id, filename);
|
||||
} while (ogs_yaml_iter_type(&hnet_array) ==
|
||||
YAML_SEQUENCE_NODE);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -788,6 +711,82 @@ int ogs_sbi_context_parse_config(
|
|||
return OGS_OK;
|
||||
}
|
||||
|
||||
int ogs_sbi_context_parse_hnet_config(ogs_yaml_iter_t *root_iter)
|
||||
{
|
||||
int rv;
|
||||
ogs_yaml_iter_t hnet_array, hnet_iter;
|
||||
|
||||
ogs_assert(root_iter);
|
||||
ogs_yaml_iter_recurse(root_iter, &hnet_array);
|
||||
do {
|
||||
uint8_t id = 0, scheme = 0;
|
||||
const char *filename = NULL;
|
||||
|
||||
if (ogs_yaml_iter_type(&hnet_array) == YAML_MAPPING_NODE) {
|
||||
memcpy(&hnet_iter, &hnet_array, sizeof(ogs_yaml_iter_t));
|
||||
} else if (ogs_yaml_iter_type(&hnet_array) == YAML_SEQUENCE_NODE) {
|
||||
if (!ogs_yaml_iter_next(&hnet_array))
|
||||
break;
|
||||
ogs_yaml_iter_recurse(&hnet_array, &hnet_iter);
|
||||
} else if (ogs_yaml_iter_type(&hnet_array) == YAML_SCALAR_NODE) {
|
||||
break;
|
||||
} else
|
||||
ogs_assert_if_reached();
|
||||
|
||||
while (ogs_yaml_iter_next(&hnet_iter)) {
|
||||
const char *hnet_key = ogs_yaml_iter_key(&hnet_iter);
|
||||
ogs_assert(hnet_key);
|
||||
if (!strcmp(hnet_key, "id")) {
|
||||
const char *v = ogs_yaml_iter_value(&hnet_iter);
|
||||
if (v) {
|
||||
if (atoi(v) >= 1 && atoi(v) <= 254)
|
||||
id = atoi(v);
|
||||
}
|
||||
} else if (!strcmp(hnet_key, "scheme")) {
|
||||
const char *v = ogs_yaml_iter_value(&hnet_iter);
|
||||
if (v) {
|
||||
if (atoi(v) == 1 || atoi(v) == 2)
|
||||
scheme = atoi(v);
|
||||
}
|
||||
} else if (!strcmp(hnet_key, "key")) {
|
||||
filename = ogs_yaml_iter_value(&hnet_iter);
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", hnet_key);
|
||||
}
|
||||
|
||||
if (id >= OGS_HOME_NETWORK_PKI_VALUE_MIN &&
|
||||
id <= OGS_HOME_NETWORK_PKI_VALUE_MAX &&
|
||||
filename) {
|
||||
if (scheme == OGS_PROTECTION_SCHEME_PROFILE_A) {
|
||||
rv = ogs_pem_decode_curve25519_key(
|
||||
filename, self.hnet[id].key);
|
||||
if (rv == OGS_OK) {
|
||||
self.hnet[id].avail = true;
|
||||
self.hnet[id].scheme = scheme;
|
||||
} else {
|
||||
ogs_error("ogs_pem_decode_curve25519_key"
|
||||
"[%s] failed", filename);
|
||||
}
|
||||
} else if (scheme == OGS_PROTECTION_SCHEME_PROFILE_B) {
|
||||
rv = ogs_pem_decode_secp256r1_key(
|
||||
filename, self.hnet[id].key);
|
||||
if (rv == OGS_OK) {
|
||||
self.hnet[id].avail = true;
|
||||
self.hnet[id].scheme = scheme;
|
||||
} else {
|
||||
ogs_error("ogs_pem_decode_secp256r1_key[%s]"
|
||||
" failed", filename);
|
||||
}
|
||||
} else
|
||||
ogs_error("Invalid scheme [%d]", scheme);
|
||||
} else
|
||||
ogs_error("Invalid home network configuration "
|
||||
"[id:%d, filename:%s]", id, filename);
|
||||
} while (ogs_yaml_iter_type(&hnet_array) == YAML_SEQUENCE_NODE);
|
||||
|
||||
return OGS_OK;
|
||||
}
|
||||
|
||||
bool ogs_sbi_nf_service_is_available(const char *name)
|
||||
{
|
||||
int i;
|
||||
|
|
|
@ -334,6 +334,7 @@ void ogs_sbi_context_final(void);
|
|||
ogs_sbi_context_t *ogs_sbi_self(void);
|
||||
int ogs_sbi_context_parse_config(
|
||||
const char *local, const char *nrf, const char *scp);
|
||||
int ogs_sbi_context_parse_hnet_config(ogs_yaml_iter_t *root_iter);
|
||||
|
||||
bool ogs_sbi_nf_service_is_available(const char *name);
|
||||
|
||||
|
|
|
@ -106,6 +106,9 @@ int udm_context_parse_config(void)
|
|||
/* handle config in sbi library */
|
||||
} else if (!strcmp(udm_key, "discovery")) {
|
||||
/* handle config in sbi library */
|
||||
} else if (!strcmp(udm_key, "hnet")) {
|
||||
rv = ogs_sbi_context_parse_hnet_config(&udm_iter);
|
||||
if (rv != OGS_OK) return rv;
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", udm_key);
|
||||
}
|
||||
|
|
|
@ -61,12 +61,48 @@ static void terminate(void)
|
|||
test_child_terminate();
|
||||
app_terminate();
|
||||
|
||||
ogs_sbi_context_final();
|
||||
test_5gc_final();
|
||||
|
||||
ogs_app_terminate();
|
||||
}
|
||||
|
||||
static int test_udm_context_parse_config(void)
|
||||
{
|
||||
int rv;
|
||||
yaml_document_t *document = NULL;
|
||||
ogs_yaml_iter_t root_iter;
|
||||
|
||||
document = ogs_app()->document;
|
||||
ogs_assert(document);
|
||||
|
||||
ogs_yaml_iter_init(&root_iter, document);
|
||||
while (ogs_yaml_iter_next(&root_iter)) {
|
||||
const char *root_key = ogs_yaml_iter_key(&root_iter);
|
||||
ogs_assert(root_key);
|
||||
if (!strcmp(root_key, "udm")) {
|
||||
ogs_yaml_iter_t udm_iter;
|
||||
ogs_yaml_iter_recurse(&root_iter, &udm_iter);
|
||||
while (ogs_yaml_iter_next(&udm_iter)) {
|
||||
const char *udm_key = ogs_yaml_iter_key(&udm_iter);
|
||||
ogs_assert(udm_key);
|
||||
if (!strcmp(udm_key, "sbi")) {
|
||||
/* handle config in sbi library */
|
||||
} else if (!strcmp(udm_key, "service_name")) {
|
||||
/* handle config in sbi library */
|
||||
} else if (!strcmp(udm_key, "discovery")) {
|
||||
/* handle config in sbi library */
|
||||
} else if (!strcmp(udm_key, "hnet")) {
|
||||
rv = ogs_sbi_context_parse_hnet_config(&udm_iter);
|
||||
if (rv != OGS_OK) return rv;
|
||||
} else
|
||||
ogs_warn("unknown key `%s`", udm_key);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return OGS_OK;
|
||||
}
|
||||
|
||||
static void initialize(const char *const argv[])
|
||||
{
|
||||
int rv;
|
||||
|
@ -76,8 +112,7 @@ static void initialize(const char *const argv[])
|
|||
|
||||
test_5gc_init();
|
||||
|
||||
ogs_sbi_context_init(OpenAPI_nf_type_AMF);
|
||||
ogs_assert(ogs_sbi_context_parse_config(NULL, "nrf", "scp") == OGS_OK);
|
||||
ogs_assert(OGS_OK == test_udm_context_parse_config());
|
||||
|
||||
rv = app_initialize(argv);
|
||||
ogs_assert(rv == OGS_OK);
|
||||
|
|
Loading…
Reference in New Issue