diff options
author | Harald Welte <laforge@gnumonks.org> | 2016-06-19 18:06:02 +0200 |
---|---|---|
committer | Neels Hofmeyr <nhofmeyr@sysmocom.de> | 2017-05-08 13:43:55 +0200 |
commit | 4bf2bef8cb260e07be5be755b63223d300a2e45b (patch) | |
tree | f15b44fb755854aff941cebdb3ba07d14250a423 /openbsc/src/libmsc/auth.c | |
parent | 925cabe78cf7d76ec38e0c349e4ee11d63d12762 (diff) |
Use libvlr in libmsc (large refactoring)
Original libvlr code is by Harald Welte <laforge@gnumonks.org>,
polished and tweaked by Neels Hofmeyr <nhofmeyr@sysmocom.de>.
This is a long series of development collapsed in one patch. The original
history may still be available as branch neels/vlr_orig.
TODO: This commit may be split in several smaller changes before merging to
master.
SMS:
The SQL based lookup of SMS for attached subscribers no longer works since the
SQL database no longer has the subscriber data. Replace with a round-robin on
the SMS recipient MSISDNs paired with a VLR subscriber RAM lookup whether the
subscriber is currently attached.
If there are many SMS for not-attached subscribers in the SMS database, this
will become inefficient: a DB hit returns a pending SMS, the RAM lookup will
reveal that the subscriber is not attached, after which the DB is hit for the
next SMS. It would become more efficient e.g. by having an MSISDN based hash
list for the VLR subscribers and by marking non-attached SMS recipients in the
SMS database so that they can be excluded with the SQL query already.
There is a sanity limit to do at most 100 db hits per attempt to find a pending
SMS. So if there are more than 100 stored SMS waiting for their recipients to
actually attach to the MSC, it may take more than one SMS queue trigger to
deliver SMS for subscribers that are actually attached.
This is not very beautiful, but is merely intended to carry us over to a time
when we have a proper separate SMSC entity.
Introduce gsm_subscriber_connection ref-counting in libmsc.
Related: OS#1592
Change-Id: I702ba504ce2de93507312c28eca8d11f09f4ee8b
Diffstat (limited to 'openbsc/src/libmsc/auth.c')
-rw-r--r-- | openbsc/src/libmsc/auth.c | 115 |
1 files changed, 0 insertions, 115 deletions
diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c index 19def1ec1..9064ce6c4 100644 --- a/openbsc/src/libmsc/auth.c +++ b/openbsc/src/libmsc/auth.c @@ -40,118 +40,3 @@ const struct value_string auth_action_names[] = { OSMO_VALUE_STRING(AUTH_DO_AUTH), { 0, NULL } }; - -static int -_use_xor(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple) -{ - int i, l = ainfo->a3a8_ki_len; - - if ((l > A38_XOR_MAX_KEY_LEN) || (l < A38_XOR_MIN_KEY_LEN)) { - LOGP(DMM, LOGL_ERROR, "Invalid XOR key (len=%d) %s\n", - ainfo->a3a8_ki_len, - osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len)); - return -1; - } - - for (i=0; i<4; i++) - atuple->vec.sres[i] = atuple->vec.rand[i] ^ ainfo->a3a8_ki[i]; - for (i=4; i<12; i++) - atuple->vec.kc[i-4] = atuple->vec.rand[i] ^ ainfo->a3a8_ki[i]; - - return 0; -} - -static int -_use_comp128_v1(struct gsm_auth_info *ainfo, struct gsm_auth_tuple *atuple) -{ - if (ainfo->a3a8_ki_len != A38_COMP128_KEY_LEN) { - LOGP(DMM, LOGL_ERROR, "Invalid COMP128v1 key (len=%d) %s\n", - ainfo->a3a8_ki_len, - osmo_hexdump(ainfo->a3a8_ki, ainfo->a3a8_ki_len)); - return -1; - } - - comp128(ainfo->a3a8_ki, atuple->vec.rand, atuple->vec.sres, atuple->vec.kc); - - return 0; -} - -/* Return values - * -1 -> Internal error - * 0 -> Not available - * 1 -> Tuple returned, need to do auth, then enable cipher - * 2 -> Tuple returned, need to enable cipher - */ -int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple, - struct gsm_subscriber *subscr, int key_seq) -{ - struct gsm_auth_info ainfo; - int rc; - - /* Get subscriber info (if any) */ - rc = db_get_authinfo_for_subscr(&ainfo, subscr); - if (rc < 0) { - LOGP(DMM, LOGL_NOTICE, - "No retrievable Ki for subscriber %s, skipping auth\n", - subscr_name(subscr)); - return rc == -ENOENT ? AUTH_NOT_AVAIL : AUTH_ERROR; - } - - /* If possible, re-use the last tuple and skip auth */ - rc = db_get_lastauthtuple_for_subscr(atuple, subscr); - if ((rc == 0) && - (key_seq != GSM_KEY_SEQ_INVAL) && - (key_seq == atuple->key_seq) && - (atuple->use_count < 3)) - { - atuple->use_count++; - db_sync_lastauthtuple_for_subscr(atuple, subscr); - DEBUGP(DMM, "Auth tuple use < 3, just doing ciphering\n"); - return AUTH_DO_CIPH; - } - - /* Generate a new one */ - if (rc != 0) { - /* If db_get_lastauthtuple_for_subscr() returned nothing, make - * sure the atuple memory is initialized to zero and thus start - * off with key_seq = 0. */ - memset(atuple, 0, sizeof(*atuple)); - } else { - /* If db_get_lastauthtuple_for_subscr() returned a previous - * tuple, use the next key_seq. */ - atuple->key_seq = (atuple->key_seq + 1) % 7; - } - atuple->use_count = 1; - - if (RAND_bytes(atuple->vec.rand, sizeof(atuple->vec.rand)) != 1) { - LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed, can't generate new auth tuple\n"); - return AUTH_ERROR; - } - - switch (ainfo.auth_algo) { - case AUTH_ALGO_NONE: - DEBUGP(DMM, "No authentication for subscriber\n"); - return AUTH_NOT_AVAIL; - - case AUTH_ALGO_XOR: - if (_use_xor(&ainfo, atuple)) - return AUTH_NOT_AVAIL; - break; - - case AUTH_ALGO_COMP128v1: - if (_use_comp128_v1(&ainfo, atuple)) - return AUTH_NOT_AVAIL; - break; - - default: - DEBUGP(DMM, "Unsupported auth type algo_id=%d\n", - ainfo.auth_algo); - return AUTH_NOT_AVAIL; - } - - db_sync_lastauthtuple_for_subscr(atuple, subscr); - - DEBUGP(DMM, "Need to do authentication and ciphering\n"); - return AUTH_DO_AUTH_THEN_CIPH; -} - |