sysmocom
/
open5gs
forked from acouzens/open5gs
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

SIDF only required in UDM, not AUSF (#1779)

This commit is contained in:
Sukchan Lee 2022-12-25 20:12:26 +09:00
parent 0d2c31fe06
commit 8373d0e331
9 changed files with 60 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
configs/open5gs/ausf.yaml.in
View File

@ -59,61 +59,6 @@ tls:
key: @sysconfdir@/open5gs/tls/ausf.key
cert: @sysconfdir@/open5gs/tls/ausf.crt
#
# o Generate the private key as below.
# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
#
# o The private and public keys can be viewed with the command.
# The public key is used when creating the SIM.
# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
#
# hnet:
# o Home network public key identifier(PKI) value : 1
# Protection scheme identifier : ECIES scheme profile A
# - id: 1
# scheme: 1
# key: /etc/open5gs/hnet/curve25519-1.key
#
# o Home network public key identifier(PKI) value : 2
# Protection scheme identifier : ECIES scheme profile B
# - id: 2
# scheme: 2
# key: /etc/open5gs/hnet/secp256r1-2.key
#
# o Home network public key identifier(PKI) value : 3
# Protection scheme identifier : ECIES scheme profile A
# - id: 3
# scheme: 1
# key: /etc/open5gs/hnet/curve25519-1.key
#
# o Home network public key identifier(PKI) value : 4
# Protection scheme identifier : ECIES scheme profile B
# - id: 4
# scheme: 2
# key: /etc/open5gs/hnet/secp256r1-2.key
#
hnet:
- id: 1
scheme: 1
key: @sysconfdir@/open5gs/hnet/curve25519-1.key
- id: 2
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-2.key
- id: 3
scheme: 1
key: @sysconfdir@/open5gs/hnet/curve25519-3.key
- id: 4
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-4.key
- id: 5
scheme: 1
key: @sysconfdir@/open5gs/hnet/curve25519-5.key
- id: 6
scheme: 2
key: @sysconfdir@/open5gs/hnet/secp256r1-6.key
#
# ausf:
#

2
debian/open5gs-common.install vendored
View File

@ -2,6 +2,4 @@ usr/lib/*/libogs*.so*
usr/lib/*/libfd*.so*
usr/lib/*/freeDiameter/*.fdx
configs/open5gs/tls/ca.crt /etc/open5gs/tls
configs/open5gs/hnet/curve25519-*.key /etc/open5gs/hnet
configs/open5gs/hnet/secp256r1-*.key /etc/open5gs/hnet
configs/logrotate/open5gs /etc/logrotate.d

2
debian/open5gs-udm.install vendored
View File

@ -2,4 +2,6 @@ usr/bin/open5gs-udmd
configs/open5gs/udm.yaml etc/open5gs
configs/open5gs/tls/udm.key etc/open5gs/tls
configs/open5gs/tls/udm.crt etc/open5gs/tls
configs/open5gs/hnet/curve25519-*.key /etc/open5gs/hnet
configs/open5gs/hnet/secp256r1-*.key /etc/open5gs/hnet
configs/systemd/open5gs-udmd.service lib/systemd/system

12
src/ausf/context.c
View File

@ -137,10 +137,6 @@ ausf_ue_t *ausf_ue_add(char *suci)
ogs_assert(ausf_ue->suci);
ogs_hash_set(self.suci_hash, ausf_ue->suci, strlen(ausf_ue->suci), ausf_ue);
ausf_ue->supi = ogs_supi_from_supi_or_suci(ausf_ue->suci);
ogs_assert(ausf_ue->supi);
ogs_hash_set(self.supi_hash, ausf_ue->supi, strlen(ausf_ue->supi), ausf_ue);
memset(&e, 0, sizeof(e));
e.ausf_ue = ausf_ue;
ogs_fsm_init(&ausf_ue->sm, ausf_ue_state_initial, ausf_ue_state_final, &e);
@ -172,9 +168,11 @@ void ausf_ue_remove(ausf_ue_t *ausf_ue)
ogs_hash_set(self.suci_hash, ausf_ue->suci, strlen(ausf_ue->suci), NULL);
ogs_free(ausf_ue->suci);
ogs_assert(ausf_ue->supi);
ogs_hash_set(self.supi_hash, ausf_ue->supi, strlen(ausf_ue->supi), NULL);
ogs_free(ausf_ue->supi);
if (ausf_ue->supi) {
ogs_hash_set(self.supi_hash,
ausf_ue->supi, strlen(ausf_ue->supi), NULL);
ogs_free(ausf_ue->supi);
}
if (ausf_ue->auth_events_url)
ogs_free(ausf_ue->auth_events_url);

8
src/ausf/nausf-handler.c
View File

@ -36,7 +36,7 @@ bool ausf_nausf_auth_handle_authenticate(ausf_ue_t *ausf_ue,
ogs_error("[%s] No AuthenticationInfo", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "[%s] No AuthenticationInfo", ausf_ue->suci));
recvmsg, "No AuthenticationInfo", ausf_ue->suci));
return false;
}
@ -45,7 +45,7 @@ bool ausf_nausf_auth_handle_authenticate(ausf_ue_t *ausf_ue,
ogs_error("[%s] No servingNetworkName", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "[%s] No servingNetworkName", ausf_ue->suci));
recvmsg, "No servingNetworkName", ausf_ue->suci));
return false;
}
@ -79,7 +79,7 @@ bool ausf_nausf_auth_handle_authenticate_confirmation(ausf_ue_t *ausf_ue,
ogs_error("[%s] No ConfirmationData", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "[%s] No ConfirmationData", ausf_ue->suci));
recvmsg, "No ConfirmationData", ausf_ue->suci));
return false;
}
@ -88,7 +88,7 @@ bool ausf_nausf_auth_handle_authenticate_confirmation(ausf_ue_t *ausf_ue,
ogs_error("[%s] No ConfirmationData.resStar", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "[%s] No ConfirmationData.resStar", ausf_ue->suci));
recvmsg, "No ConfirmationData.resStar", ausf_ue->suci));
return false;
}

2
src/ausf/nudm-build.c
View File

@ -74,6 +74,7 @@ ogs_sbi_request_t *ausf_nudm_ueau_build_result_confirmation_inform(
OpenAPI_auth_event_t *AuthEvent = NULL;
ogs_assert(ausf_ue);
ogs_assert(ausf_ue->supi);
memset(&message, 0, sizeof(message));
message.h.method = (char *)OGS_SBI_HTTP_METHOD_POST;
@ -127,6 +128,7 @@ ogs_sbi_request_t *ausf_nudm_ueau_build_auth_removal_ind(
OpenAPI_auth_event_t *AuthEvent = NULL;
ogs_assert(ausf_ue);
ogs_assert(ausf_ue->supi);
memset(&message, 0, sizeof(message));
message.h.method = (char *)OGS_SBI_HTTP_METHOD_PUT;

32
src/ausf/nudm-handler.c
View File

@ -62,7 +62,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
ogs_error("[%s] No AuthenticationInfoResult", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream,
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "No AuthenticationInfoResult", ausf_ue->suci));
return false;
}
@ -85,7 +85,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
ogs_error("[%s] No AuthenticationVector", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream,
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "No AuthenticationVector", ausf_ue->suci));
return false;
}
@ -104,7 +104,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
ogs_error("[%s] No AuthenticationVector.rand", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream,
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "No AuthenticationVector.rand", ausf_ue->suci));
return false;
}
@ -114,7 +114,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream,
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "No AuthenticationVector.xresStar", ausf_ue->suci));
return false;
}
@ -123,7 +123,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
ogs_error("[%s] No AuthenticationVector.autn", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream,
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "No AuthenticationVector.autn", ausf_ue->suci));
return false;
}
@ -132,11 +132,31 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue,
ogs_error("[%s] No AuthenticationVector.kausf", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream,
OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR,
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "No AuthenticationVector.kausf", ausf_ue->suci));
return false;
}
if (!AuthenticationInfoResult->supi) {
ogs_error("[%s] No AuthenticationVector.supi", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream,
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
recvmsg, "No AuthenticationVector.supi", ausf_ue->suci));
return false;
}
/* SUPI */
if (ausf_ue->supi) {
ogs_hash_set(ausf_self()->supi_hash,
ausf_ue->supi, strlen(ausf_ue->supi), NULL);
ogs_free(ausf_ue->supi);
}
ausf_ue->supi = ogs_strdup(AuthenticationInfoResult->supi);
ogs_assert(ausf_ue->supi);
ogs_hash_set(ausf_self()->supi_hash,
ausf_ue->supi, strlen(ausf_ue->supi), ausf_ue);
ausf_ue->auth_type = AuthenticationInfoResult->auth_type;
ogs_ascii_to_hex(

20
src/ausf/ue-sm.c
View File

@ -90,6 +90,16 @@ void ausf_ue_state_operational(ogs_fsm_t *s, ausf_event_t *e)
}
break;
CASE(OGS_SBI_HTTP_METHOD_PUT)
if (!ausf_ue->supi) {
ogs_error("[%s] No SUPI", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream,
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
message, "[%s] No SUPI", ausf_ue->suci));
OGS_FSM_TRAN(s, ausf_ue_state_exception);
break;
}
handled = ausf_nausf_auth_handle_authenticate_confirmation(
ausf_ue, stream, message);
if (!handled) {
@ -99,6 +109,16 @@ void ausf_ue_state_operational(ogs_fsm_t *s, ausf_event_t *e)
}
break;
CASE(OGS_SBI_HTTP_METHOD_DELETE)
if (!ausf_ue->supi) {
ogs_error("[%s] No SUPI", ausf_ue->suci);
ogs_assert(true ==
ogs_sbi_server_send_error(stream,
OGS_SBI_HTTP_STATUS_BAD_REQUEST,
message, "[%s] No SUPI", ausf_ue->suci));
OGS_FSM_TRAN(s, ausf_ue_state_exception);
break;
}
handled = ausf_nausf_auth_handle_authenticate_delete(
ausf_ue, stream, message);
if (!handled) {

1
src/udm/nudr-handler.c
View File

@ -197,6 +197,7 @@ bool udm_nudr_dr_handle_subscription_authentication(
memset(&AuthenticationInfoResult,
0, sizeof(AuthenticationInfoResult));
AuthenticationInfoResult.supi = udm_ue->supi;
AuthenticationInfoResult.auth_type = udm_ue->auth_type;
ogs_random(udm_ue->rand, OGS_RAND_LEN);