From 8373d0e331e8f816f5c059c6aa7b420f487fd828 Mon Sep 17 00:00:00 2001 From: Sukchan Lee Date: Sun, 25 Dec 2022 20:12:26 +0900 Subject: [PATCH] SIDF only required in UDM, not AUSF (#1779) --- configs/open5gs/ausf.yaml.in | 55 ----------------------------------- debian/open5gs-common.install | 2 -- debian/open5gs-udm.install | 2 ++ src/ausf/context.c | 12 ++++---- src/ausf/nausf-handler.c | 8 ++--- src/ausf/nudm-build.c | 2 ++ src/ausf/nudm-handler.c | 32 ++++++++++++++++---- src/ausf/ue-sm.c | 20 +++++++++++++ src/udm/nudr-handler.c | 1 + 9 files changed, 60 insertions(+), 74 deletions(-) diff --git a/configs/open5gs/ausf.yaml.in b/configs/open5gs/ausf.yaml.in index 6241b4293..54e314a33 100644 --- a/configs/open5gs/ausf.yaml.in +++ b/configs/open5gs/ausf.yaml.in @@ -59,61 +59,6 @@ tls: key: @sysconfdir@/open5gs/tls/ausf.key cert: @sysconfdir@/open5gs/tls/ausf.crt -# -# o Generate the private key as below. -# $ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key -# $ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key -# -# o The private and public keys can be viewed with the command. -# The public key is used when creating the SIM. -# $ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text -# $ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text -# -# hnet: -# o Home network public key identifier(PKI) value : 1 -# Protection scheme identifier : ECIES scheme profile A -# - id: 1 -# scheme: 1 -# key: /etc/open5gs/hnet/curve25519-1.key -# -# o Home network public key identifier(PKI) value : 2 -# Protection scheme identifier : ECIES scheme profile B -# - id: 2 -# scheme: 2 -# key: /etc/open5gs/hnet/secp256r1-2.key -# -# o Home network public key identifier(PKI) value : 3 -# Protection scheme identifier : ECIES scheme profile A -# - id: 3 -# scheme: 1 -# key: /etc/open5gs/hnet/curve25519-1.key -# -# o Home network public key identifier(PKI) value : 4 -# Protection scheme identifier : ECIES scheme profile B -# - id: 4 -# scheme: 2 -# key: /etc/open5gs/hnet/secp256r1-2.key -# -hnet: - - id: 1 - scheme: 1 - key: @sysconfdir@/open5gs/hnet/curve25519-1.key - - id: 2 - scheme: 2 - key: @sysconfdir@/open5gs/hnet/secp256r1-2.key - - id: 3 - scheme: 1 - key: @sysconfdir@/open5gs/hnet/curve25519-3.key - - id: 4 - scheme: 2 - key: @sysconfdir@/open5gs/hnet/secp256r1-4.key - - id: 5 - scheme: 1 - key: @sysconfdir@/open5gs/hnet/curve25519-5.key - - id: 6 - scheme: 2 - key: @sysconfdir@/open5gs/hnet/secp256r1-6.key - # # ausf: # diff --git a/debian/open5gs-common.install b/debian/open5gs-common.install index 5881490f1..b2464d717 100644 --- a/debian/open5gs-common.install +++ b/debian/open5gs-common.install @@ -2,6 +2,4 @@ usr/lib/*/libogs*.so* usr/lib/*/libfd*.so* usr/lib/*/freeDiameter/*.fdx configs/open5gs/tls/ca.crt /etc/open5gs/tls -configs/open5gs/hnet/curve25519-*.key /etc/open5gs/hnet -configs/open5gs/hnet/secp256r1-*.key /etc/open5gs/hnet configs/logrotate/open5gs /etc/logrotate.d diff --git a/debian/open5gs-udm.install b/debian/open5gs-udm.install index 9f615885b..895f099b0 100644 --- a/debian/open5gs-udm.install +++ b/debian/open5gs-udm.install @@ -2,4 +2,6 @@ usr/bin/open5gs-udmd configs/open5gs/udm.yaml etc/open5gs configs/open5gs/tls/udm.key etc/open5gs/tls configs/open5gs/tls/udm.crt etc/open5gs/tls +configs/open5gs/hnet/curve25519-*.key /etc/open5gs/hnet +configs/open5gs/hnet/secp256r1-*.key /etc/open5gs/hnet configs/systemd/open5gs-udmd.service lib/systemd/system diff --git a/src/ausf/context.c b/src/ausf/context.c index c925d0fc0..5dff5df3f 100644 --- a/src/ausf/context.c +++ b/src/ausf/context.c @@ -137,10 +137,6 @@ ausf_ue_t *ausf_ue_add(char *suci) ogs_assert(ausf_ue->suci); ogs_hash_set(self.suci_hash, ausf_ue->suci, strlen(ausf_ue->suci), ausf_ue); - ausf_ue->supi = ogs_supi_from_supi_or_suci(ausf_ue->suci); - ogs_assert(ausf_ue->supi); - ogs_hash_set(self.supi_hash, ausf_ue->supi, strlen(ausf_ue->supi), ausf_ue); - memset(&e, 0, sizeof(e)); e.ausf_ue = ausf_ue; ogs_fsm_init(&ausf_ue->sm, ausf_ue_state_initial, ausf_ue_state_final, &e); @@ -172,9 +168,11 @@ void ausf_ue_remove(ausf_ue_t *ausf_ue) ogs_hash_set(self.suci_hash, ausf_ue->suci, strlen(ausf_ue->suci), NULL); ogs_free(ausf_ue->suci); - ogs_assert(ausf_ue->supi); - ogs_hash_set(self.supi_hash, ausf_ue->supi, strlen(ausf_ue->supi), NULL); - ogs_free(ausf_ue->supi); + if (ausf_ue->supi) { + ogs_hash_set(self.supi_hash, + ausf_ue->supi, strlen(ausf_ue->supi), NULL); + ogs_free(ausf_ue->supi); + } if (ausf_ue->auth_events_url) ogs_free(ausf_ue->auth_events_url); diff --git a/src/ausf/nausf-handler.c b/src/ausf/nausf-handler.c index 21ee58982..2b5341d2d 100644 --- a/src/ausf/nausf-handler.c +++ b/src/ausf/nausf-handler.c @@ -36,7 +36,7 @@ bool ausf_nausf_auth_handle_authenticate(ausf_ue_t *ausf_ue, ogs_error("[%s] No AuthenticationInfo", ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST, - recvmsg, "[%s] No AuthenticationInfo", ausf_ue->suci)); + recvmsg, "No AuthenticationInfo", ausf_ue->suci)); return false; } @@ -45,7 +45,7 @@ bool ausf_nausf_auth_handle_authenticate(ausf_ue_t *ausf_ue, ogs_error("[%s] No servingNetworkName", ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST, - recvmsg, "[%s] No servingNetworkName", ausf_ue->suci)); + recvmsg, "No servingNetworkName", ausf_ue->suci)); return false; } @@ -79,7 +79,7 @@ bool ausf_nausf_auth_handle_authenticate_confirmation(ausf_ue_t *ausf_ue, ogs_error("[%s] No ConfirmationData", ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST, - recvmsg, "[%s] No ConfirmationData", ausf_ue->suci)); + recvmsg, "No ConfirmationData", ausf_ue->suci)); return false; } @@ -88,7 +88,7 @@ bool ausf_nausf_auth_handle_authenticate_confirmation(ausf_ue_t *ausf_ue, ogs_error("[%s] No ConfirmationData.resStar", ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, OGS_SBI_HTTP_STATUS_BAD_REQUEST, - recvmsg, "[%s] No ConfirmationData.resStar", ausf_ue->suci)); + recvmsg, "No ConfirmationData.resStar", ausf_ue->suci)); return false; } diff --git a/src/ausf/nudm-build.c b/src/ausf/nudm-build.c index 4d5b1f529..62749bb88 100644 --- a/src/ausf/nudm-build.c +++ b/src/ausf/nudm-build.c @@ -74,6 +74,7 @@ ogs_sbi_request_t *ausf_nudm_ueau_build_result_confirmation_inform( OpenAPI_auth_event_t *AuthEvent = NULL; ogs_assert(ausf_ue); + ogs_assert(ausf_ue->supi); memset(&message, 0, sizeof(message)); message.h.method = (char *)OGS_SBI_HTTP_METHOD_POST; @@ -127,6 +128,7 @@ ogs_sbi_request_t *ausf_nudm_ueau_build_auth_removal_ind( OpenAPI_auth_event_t *AuthEvent = NULL; ogs_assert(ausf_ue); + ogs_assert(ausf_ue->supi); memset(&message, 0, sizeof(message)); message.h.method = (char *)OGS_SBI_HTTP_METHOD_PUT; diff --git a/src/ausf/nudm-handler.c b/src/ausf/nudm-handler.c index 4e17a9dc9..086948ca4 100644 --- a/src/ausf/nudm-handler.c +++ b/src/ausf/nudm-handler.c @@ -62,7 +62,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue, ogs_error("[%s] No AuthenticationInfoResult", ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, - OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR, + OGS_SBI_HTTP_STATUS_BAD_REQUEST, recvmsg, "No AuthenticationInfoResult", ausf_ue->suci)); return false; } @@ -85,7 +85,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue, ogs_error("[%s] No AuthenticationVector", ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, - OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR, + OGS_SBI_HTTP_STATUS_BAD_REQUEST, recvmsg, "No AuthenticationVector", ausf_ue->suci)); return false; } @@ -104,7 +104,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue, ogs_error("[%s] No AuthenticationVector.rand", ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, - OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR, + OGS_SBI_HTTP_STATUS_BAD_REQUEST, recvmsg, "No AuthenticationVector.rand", ausf_ue->suci)); return false; } @@ -114,7 +114,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue, ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, - OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR, + OGS_SBI_HTTP_STATUS_BAD_REQUEST, recvmsg, "No AuthenticationVector.xresStar", ausf_ue->suci)); return false; } @@ -123,7 +123,7 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue, ogs_error("[%s] No AuthenticationVector.autn", ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, - OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR, + OGS_SBI_HTTP_STATUS_BAD_REQUEST, recvmsg, "No AuthenticationVector.autn", ausf_ue->suci)); return false; } @@ -132,11 +132,31 @@ bool ausf_nudm_ueau_handle_get(ausf_ue_t *ausf_ue, ogs_error("[%s] No AuthenticationVector.kausf", ausf_ue->suci); ogs_assert(true == ogs_sbi_server_send_error(stream, - OGS_SBI_HTTP_STATUS_INTERNAL_SERVER_ERROR, + OGS_SBI_HTTP_STATUS_BAD_REQUEST, recvmsg, "No AuthenticationVector.kausf", ausf_ue->suci)); return false; } + if (!AuthenticationInfoResult->supi) { + ogs_error("[%s] No AuthenticationVector.supi", ausf_ue->suci); + ogs_assert(true == + ogs_sbi_server_send_error(stream, + OGS_SBI_HTTP_STATUS_BAD_REQUEST, + recvmsg, "No AuthenticationVector.supi", ausf_ue->suci)); + return false; + } + + /* SUPI */ + if (ausf_ue->supi) { + ogs_hash_set(ausf_self()->supi_hash, + ausf_ue->supi, strlen(ausf_ue->supi), NULL); + ogs_free(ausf_ue->supi); + } + ausf_ue->supi = ogs_strdup(AuthenticationInfoResult->supi); + ogs_assert(ausf_ue->supi); + ogs_hash_set(ausf_self()->supi_hash, + ausf_ue->supi, strlen(ausf_ue->supi), ausf_ue); + ausf_ue->auth_type = AuthenticationInfoResult->auth_type; ogs_ascii_to_hex( diff --git a/src/ausf/ue-sm.c b/src/ausf/ue-sm.c index b78bde22e..3c2b0c169 100644 --- a/src/ausf/ue-sm.c +++ b/src/ausf/ue-sm.c @@ -90,6 +90,16 @@ void ausf_ue_state_operational(ogs_fsm_t *s, ausf_event_t *e) } break; CASE(OGS_SBI_HTTP_METHOD_PUT) + if (!ausf_ue->supi) { + ogs_error("[%s] No SUPI", ausf_ue->suci); + ogs_assert(true == + ogs_sbi_server_send_error(stream, + OGS_SBI_HTTP_STATUS_BAD_REQUEST, + message, "[%s] No SUPI", ausf_ue->suci)); + OGS_FSM_TRAN(s, ausf_ue_state_exception); + break; + } + handled = ausf_nausf_auth_handle_authenticate_confirmation( ausf_ue, stream, message); if (!handled) { @@ -99,6 +109,16 @@ void ausf_ue_state_operational(ogs_fsm_t *s, ausf_event_t *e) } break; CASE(OGS_SBI_HTTP_METHOD_DELETE) + if (!ausf_ue->supi) { + ogs_error("[%s] No SUPI", ausf_ue->suci); + ogs_assert(true == + ogs_sbi_server_send_error(stream, + OGS_SBI_HTTP_STATUS_BAD_REQUEST, + message, "[%s] No SUPI", ausf_ue->suci)); + OGS_FSM_TRAN(s, ausf_ue_state_exception); + break; + } + handled = ausf_nausf_auth_handle_authenticate_delete( ausf_ue, stream, message); if (!handled) { diff --git a/src/udm/nudr-handler.c b/src/udm/nudr-handler.c index 47bd4536c..466ea0b6e 100644 --- a/src/udm/nudr-handler.c +++ b/src/udm/nudr-handler.c @@ -197,6 +197,7 @@ bool udm_nudr_dr_handle_subscription_authentication( memset(&AuthenticationInfoResult, 0, sizeof(AuthenticationInfoResult)); + AuthenticationInfoResult.supi = udm_ue->supi; AuthenticationInfoResult.auth_type = udm_ue->auth_type; ogs_random(udm_ue->rand, OGS_RAND_LEN);