forked from acouzens/open5gs
SIDF only required in UDM, not AUSF (#1779)
This commit is contained in:
parent
0d2c31fe06
commit
8373d0e331
|
@ -59,61 +59,6 @@ tls:
|
|||
key: @sysconfdir@/open5gs/tls/ausf.key
|
||||
cert: @sysconfdir@/open5gs/tls/ausf.crt
|
||||
|
||||
#
|
||||
# o Generate the private key as below.
|
||||
# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
|
||||
# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
|
||||
#
|
||||
# o The private and public keys can be viewed with the command.
|
||||
# The public key is used when creating the SIM.
|
||||
# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
|
||||
# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
|
||||
#
|
||||
# hnet:
|
||||
# o Home network public key identifier(PKI) value : 1
|
||||
# Protection scheme identifier : ECIES scheme profile A
|
||||
# - id: 1
|
||||
# scheme: 1
|
||||
# key: /etc/open5gs/hnet/curve25519-1.key
|
||||
#
|
||||
# o Home network public key identifier(PKI) value : 2
|
||||
# Protection scheme identifier : ECIES scheme profile B
|
||||
# - id: 2
|
||||
# scheme: 2
|
||||
# key: /etc/open5gs/hnet/secp256r1-2.key
|
||||
#
|
||||
# o Home network public key identifier(PKI) value : 3
|
||||
# Protection scheme identifier : ECIES scheme profile A
|
||||
# - id: 3
|
||||
# scheme: 1
|
||||
# key: /etc/open5gs/hnet/curve25519-1.key
|
||||
#
|
||||
# o Home network public key identifier(PKI) value : 4
|
||||
# Protection scheme identifier : ECIES scheme profile B
|
||||
# - id: 4
|
||||
# scheme: 2
|
||||
# key: /etc/open5gs/hnet/secp256r1-2.key
|
||||
#
|
||||
hnet:
|
||||
- id: 1
|
||||
scheme: 1
|
||||
key: @sysconfdir@/open5gs/hnet/curve25519-1.key
|
||||
- id: 2
|
||||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-2.key
|
||||
- id: 3
|
||||
scheme: 1
|
||||
key: @sysconfdir@/open5gs/hnet/curve25519-3.key
|
||||
- id: 4
|
||||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-4.key
|
||||
- id: 5
|
||||
scheme: 1
|
||||
key: @sysconfdir@/open5gs/hnet/curve25519-5.key
|
||||
- id: 6
|
||||
scheme: 2
|
||||
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
|
||||
|
||||
#
|
||||
# ausf:
|
||||
#
|
||||
|
|
|
@ -2,6 +2,4 @@ usr/lib/*/libogs*.so*
|
|||
usr/lib/*/libfd*.so*
|
||||
usr/lib/*/freeDiameter/*.fdx
|
||||
configs/open5gs/tls/ca.crt /etc/open5gs/tls
|
||||
configs/open5gs/hnet/curve25519-*.key /etc/open5gs/hnet
|
||||
configs/open5gs/hnet/secp256r1-*.key /etc/open5gs/hnet
|
||||
configs/logrotate/open5gs /etc/logrotate.d
|
||||
|
|
|
@ -2,4 +2,6 @@ usr/bin/open5gs-udmd
|
|||
configs/open5gs/udm.yaml etc/open5gs
|
||||
configs/open5gs/tls/udm.key etc/open5gs/tls
|
||||
configs/open5gs/tls/udm.crt etc/open5gs/tls
|
||||
configs/open5gs/hnet/curve25519-*.key /etc/open5gs/hnet
|
||||
configs/open5gs/hnet/secp256r1-*.key /etc/open5gs/hnet
|
||||
configs/systemd/open5gs-udmd.service lib/systemd/system
|
||||
|
|
|
@ -137,10 +137,6 @@ ausf_ue_t *ausf_ue_add(char *suci)
|
|||
ogs_assert(ausf_ue->suci);
|
||||
ogs_hash_set(self.suci_hash, ausf_ue->suci, strlen(ausf_ue->suci), ausf_ue);
|
||||
|
||||
ausf_ue->supi = ogs_supi_from_supi_or_suci(ausf_ue->suci);
|
||||
ogs_assert(ausf_ue->supi);
|
||||
ogs_hash_set(self.supi_hash, ausf_ue->supi, strlen(ausf_ue->supi), ausf_ue);
|
||||
|
||||
memset(&e, 0, sizeof(e));
|
||||
e.ausf_ue = ausf_ue;
|
||||
ogs_fsm_init(&ausf_ue->sm, ausf_ue_state_initial, ausf_ue_state_final, &e);
|
||||
|
@ -172,9 +168,11 @@ void ausf_ue_remove(ausf_ue_t *ausf_ue)
|
|||
ogs_hash_set(self.suci_hash, ausf_ue->suci, strlen(ausf_ue->suci), NULL);
|
||||
ogs_free(ausf_ue->suci);
|
||||
|
||||
ogs_assert(ausf_ue->supi);
|
||||
ogs_hash_set(self.supi_hash, ausf_ue->supi, strlen(ausf_ue->supi), NULL);
|
||||
ogs_free(ausf_ue->supi);
|
||||
if (ausf_ue->supi) {
|
||||
ogs_hash_set(self.supi_hash,
|
||||
ausf_ue->supi, strlen(ausf_ue->supi), NULL);
|
||||
ogs_free(ausf_ue->supi);
|
||||
}
|
||||
|
||||
if (ausf_ue->auth_events_url)
|
||||
ogs_free(ausf_ue->auth_events_url);
|
||||
|
|
|
@ -36,7 +36,7 @@ bool ausf_nausf_auth_handle_authenticate(ausf_ue_t *ausf_ue,
|
|||
ogs_error("[%s] No AuthenticationInfo", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "[%s] No AuthenticationInfo", ausf_ue->suci));
|
||||
recvmsg, "No AuthenticationInfo", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -45,7 +45,7 @@ bool ausf_nausf_auth_handle_authenticate(ausf_ue_t *ausf_ue,
|
|||
ogs_error("[%s] No servingNetworkName", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "[%s] No servingNetworkName", ausf_ue->suci));
|
||||
recvmsg, "No servingNetworkName", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -79,7 +79,7 @@ bool ausf_nausf_auth_handle_authenticate_confirmation(ausf_ue_t *ausf_ue,
|
|||
ogs_error("[%s] No ConfirmationData", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "[%s] No ConfirmationData", ausf_ue->suci));
|
||||
recvmsg, "No ConfirmationData", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -88,7 +88,7 @@ bool ausf_nausf_auth_handle_authenticate_confirmation(ausf_ue_t *ausf_ue,
|
|||
ogs_error("[%s] No ConfirmationData.resStar", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "[%s] No ConfirmationData.resStar", ausf_ue->suci));
|
||||
recvmsg, "No ConfirmationData.resStar", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -74,6 +74,7 @@ ogs_sbi_request_t *ausf_nudm_ueau_build_result_confirmation_inform(
|
|||
OpenAPI_auth_event_t *AuthEvent = NULL;
|
||||
|
||||
ogs_assert(ausf_ue);
|
||||
ogs_assert(ausf_ue->supi);
|
||||
|
||||
memset(&message, 0, sizeof(message));
|
||||
message.h.method = (char *)OGS_SBI_HTTP_METHOD_POST;
|
||||
|
@ -127,6 +128,7 @@ ogs_sbi_request_t *ausf_nudm_ueau_build_auth_removal_ind(
|
|||
OpenAPI_auth_event_t *AuthEvent = NULL;
|
||||
|
||||
ogs_assert(ausf_ue);
|
||||
ogs_assert(ausf_ue->supi);
|
||||
|
||||
memset(&message, 0, sizeof(message));
|
||||
message.h.method = (char *)OGS_SBI_HTTP_METHOD_PUT;
|
||||
|
|
|
@ -62,7 +62,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
|
|||
ogs_error("[%s] No AuthenticationInfoResult", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream,
|
||||
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
|
||||
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "No AuthenticationInfoResult", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
@ -85,7 +85,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
|
|||
ogs_error("[%s] No AuthenticationVector", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream,
|
||||
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
|
||||
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "No AuthenticationVector", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
@ -104,7 +104,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
|
|||
ogs_error("[%s] No AuthenticationVector.rand", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream,
|
||||
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
|
||||
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "No AuthenticationVector.rand", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
@ -114,7 +114,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
|
|||
ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream,
|
||||
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
|
||||
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "No AuthenticationVector.xresStar", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
@ -123,7 +123,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
|
|||
ogs_error("[%s] No AuthenticationVector.autn", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream,
|
||||
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
|
||||
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "No AuthenticationVector.autn", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
@ -132,11 +132,31 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
|
|||
ogs_error("[%s] No AuthenticationVector.kausf", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream,
|
||||
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
|
||||
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "No AuthenticationVector.kausf", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!AuthenticationInfoResult->supi) {
|
||||
ogs_error("[%s] No AuthenticationVector.supi", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream,
|
||||
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
recvmsg, "No AuthenticationVector.supi", ausf_ue->suci));
|
||||
return false;
|
||||
}
|
||||
|
||||
/* SUPI */
|
||||
if (ausf_ue->supi) {
|
||||
ogs_hash_set(ausf_self()->supi_hash,
|
||||
ausf_ue->supi, strlen(ausf_ue->supi), NULL);
|
||||
ogs_free(ausf_ue->supi);
|
||||
}
|
||||
ausf_ue->supi = ogs_strdup(AuthenticationInfoResult->supi);
|
||||
ogs_assert(ausf_ue->supi);
|
||||
ogs_hash_set(ausf_self()->supi_hash,
|
||||
ausf_ue->supi, strlen(ausf_ue->supi), ausf_ue);
|
||||
|
||||
ausf_ue->auth_type = AuthenticationInfoResult->auth_type;
|
||||
|
||||
ogs_ascii_to_hex(
|
||||
|
|
|
@ -90,6 +90,16 @@ void ausf_ue_state_operational(ogs_fsm_t *s, ausf_event_t *e)
|
|||
}
|
||||
break;
|
||||
CASE(OGS_SBI_HTTP_METHOD_PUT)
|
||||
if (!ausf_ue->supi) {
|
||||
ogs_error("[%s] No SUPI", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream,
|
||||
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
message, "[%s] No SUPI", ausf_ue->suci));
|
||||
OGS_FSM_TRAN(s, ausf_ue_state_exception);
|
||||
break;
|
||||
}
|
||||
|
||||
handled = ausf_nausf_auth_handle_authenticate_confirmation(
|
||||
ausf_ue, stream, message);
|
||||
if (!handled) {
|
||||
|
@ -99,6 +109,16 @@ void ausf_ue_state_operational(ogs_fsm_t *s, ausf_event_t *e)
|
|||
}
|
||||
break;
|
||||
CASE(OGS_SBI_HTTP_METHOD_DELETE)
|
||||
if (!ausf_ue->supi) {
|
||||
ogs_error("[%s] No SUPI", ausf_ue->suci);
|
||||
ogs_assert(true ==
|
||||
ogs_sbi_server_send_error(stream,
|
||||
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
|
||||
message, "[%s] No SUPI", ausf_ue->suci));
|
||||
OGS_FSM_TRAN(s, ausf_ue_state_exception);
|
||||
break;
|
||||
}
|
||||
|
||||
handled = ausf_nausf_auth_handle_authenticate_delete(
|
||||
ausf_ue, stream, message);
|
||||
if (!handled) {
|
||||
|
|
|
@ -197,6 +197,7 @@ bool udm_nudr_dr_handle_subscription_authentication(
|
|||
memset(&AuthenticationInfoResult,
|
||||
0, sizeof(AuthenticationInfoResult));
|
||||
|
||||
AuthenticationInfoResult.supi = udm_ue->supi;
|
||||
AuthenticationInfoResult.auth_type = udm_ue->auth_type;
|
||||
|
||||
ogs_random(udm_ue->rand, OGS_RAND_LEN);
|
||||
|
|
Loading…
Reference in New Issue