From 4adb136da63a1d3ed523ad85e12fd99fc62f5701 Mon Sep 17 00:00:00 2001 From: Jacob Erlbeck Date: Tue, 2 Dec 2014 09:47:26 +0100 Subject: sgsn: Integrate Auth & Ciph into gsm48_gmm_authorize Currently the Authentication and Ciphering procedure is not yet invoked by the GMM layer. This patch starts this procedure from within gsm48_gmm_authorize when the mm->auth_state has been set to SGSN_AUTH_AUTHENTICATE and a call to gsm0408_gprs_authenticate has been issued directly or indirectly by the call to sgsn_auth_request. Sponsored-by: On-Waves ehf --- openbsc/include/openbsc/gprs_gmm.h | 1 + openbsc/include/openbsc/gprs_sgsn.h | 1 + openbsc/src/gprs/gprs_gmm.c | 28 +++++++++++++++++++++++++++- 3 files changed, 29 insertions(+), 1 deletion(-) (limited to 'openbsc') diff --git a/openbsc/include/openbsc/gprs_gmm.h b/openbsc/include/openbsc/gprs_gmm.h index 02030b075..6e0b67b7b 100644 --- a/openbsc/include/openbsc/gprs_gmm.h +++ b/openbsc/include/openbsc/gprs_gmm.h @@ -16,6 +16,7 @@ int gsm0408_gprs_force_reattach_oldmsg(struct msgb *msg); void gsm0408_gprs_access_granted(struct sgsn_mm_ctx *mmctx); void gsm0408_gprs_access_denied(struct sgsn_mm_ctx *mmctx); void gsm0408_gprs_access_cancelled(struct sgsn_mm_ctx *mmctx); +void gsm0408_gprs_authenticate(struct sgsn_mm_ctx *mmctx); int gprs_gmm_rx_suspend(struct gprs_ra_id *raid, uint32_t tlli); int gprs_gmm_rx_resume(struct gprs_ra_id *raid, uint32_t tlli, diff --git a/openbsc/include/openbsc/gprs_sgsn.h b/openbsc/include/openbsc/gprs_sgsn.h index 464982e2b..1b6338998 100644 --- a/openbsc/include/openbsc/gprs_sgsn.h +++ b/openbsc/include/openbsc/gprs_sgsn.h @@ -60,6 +60,7 @@ enum gprs_t3350_mode { /* Authorization/ACL handling */ enum sgsn_auth_state { SGSN_AUTH_UNKNOWN, + SGSN_AUTH_AUTHENTICATE, SGSN_AUTH_ACCEPTED, SGSN_AUTH_REJECTED }; diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c index 4f19454a6..e59e1f056 100644 --- a/openbsc/src/gprs/gprs_gmm.c +++ b/openbsc/src/gprs/gprs_gmm.c @@ -209,6 +209,8 @@ static const struct tlv_definition gsm48_sm_att_tlvdef = { }, }; +static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx); + /* Our implementation, should be kept in SGSN */ static void mmctx_timer_cb(void *_mm); @@ -646,7 +648,9 @@ static int gsm48_rx_gmm_auth_ciph_resp(struct sgsn_mm_ctx *ctx, ctx->is_authenticated = 1; /* FIXME: enable LLC cipheirng */ - return 0; + + /* Check if we can let the mobile station enter */ + return gsm48_gmm_authorize(ctx); } /* Check if we can already authorize a subscriber */ @@ -679,6 +683,21 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx) return 0; } + if (ctx->auth_state == SGSN_AUTH_AUTHENTICATE && !ctx->is_authenticated) { + struct gsm_auth_tuple *at = &ctx->auth_triplet; + + mmctx_timer_start(ctx, 3360, GSM0408_T3360_SECS); + return gsm48_tx_gmm_auth_ciph_req(ctx, at->rand, at->key_seq, + GPRS_ALGO_GEA0); + } + + if (ctx->auth_state == SGSN_AUTH_AUTHENTICATE && ctx->is_authenticated && + ctx->auth_triplet.key_seq != GSM_KEY_SEQ_INVAL) { + /* Check again for authorization */ + sgsn_auth_request(ctx); + return 0; + } + if (ctx->auth_state != SGSN_AUTH_ACCEPTED) { LOGMMCTXP(LOGL_NOTICE, ctx, "authorization is denied, aborting procedure\n"); @@ -712,6 +731,13 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx) return 0; } +void gsm0408_gprs_authenticate(struct sgsn_mm_ctx *ctx) +{ + ctx->is_authenticated = 0; + + gsm48_gmm_authorize(ctx); +} + void gsm0408_gprs_access_granted(struct sgsn_mm_ctx *ctx) { switch (ctx->mm_state) { -- cgit v1.2.3