aboutsummaryrefslogtreecommitdiffstats
path: root/openbsc/src
diff options
context:
space:
mode:
authorJacob Erlbeck <jerlbeck@sysmocom.de>2014-12-08 15:52:00 +0100
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2014-12-24 16:50:16 +0100
commit7921ab1593f45f12588e074ad1280472416ae930 (patch)
tree4eaed783c52f5a24d07c1521886469b3282d08bf /openbsc/src
parent7dba11fe32615fb5e49fae0a3bbd787ce4abc9b7 (diff)
sgsn: Add support for authentication triplets
This commit add data structures, functions, initialization, and VTY commands for per subscriber authentication triplets. The following VTY command is added: - update-subscriber imsi IMSI \ insert auth-triplet <1-5> sres SRES rand RAND kc KC Note that the triplets are not really used by the SGSN yet. Sponsored-by: On-Waves ehf
Diffstat (limited to 'openbsc/src')
-rw-r--r--openbsc/src/gprs/gprs_subscriber.c4
-rw-r--r--openbsc/src/gprs/sgsn_auth.c37
-rw-r--r--openbsc/src/gprs/sgsn_vty.c79
3 files changed, 119 insertions, 1 deletions
diff --git a/openbsc/src/gprs/gprs_subscriber.c b/openbsc/src/gprs/gprs_subscriber.c
index cf0af9083..16753315c 100644
--- a/openbsc/src/gprs/gprs_subscriber.c
+++ b/openbsc/src/gprs/gprs_subscriber.c
@@ -36,9 +36,13 @@ void gprs_subscr_init(struct sgsn_instance *sgi)
static struct sgsn_subscriber_data *sgsn_subscriber_data_alloc(void *ctx)
{
struct sgsn_subscriber_data *sdata;
+ int idx;
sdata = talloc_zero(ctx, struct sgsn_subscriber_data);
+ for (idx = 0; idx < ARRAY_SIZE(sdata->auth_triplets); idx++)
+ sdata->auth_triplets[idx].key_seq = GSM_KEY_SEQ_INVAL;
+
return sdata;
}
diff --git a/openbsc/src/gprs/sgsn_auth.c b/openbsc/src/gprs/sgsn_auth.c
index 5f90f5cbd..b065c061a 100644
--- a/openbsc/src/gprs/sgsn_auth.c
+++ b/openbsc/src/gprs/sgsn_auth.c
@@ -203,3 +203,40 @@ void sgsn_auth_update(struct sgsn_mm_ctx *mmctx)
break;
}
}
+
+struct gsm_auth_tuple *sgsn_auth_get_tuple(struct sgsn_mm_ctx *mmctx,
+ unsigned key_seq)
+{
+ unsigned count;
+ unsigned idx;
+ struct gsm_auth_tuple *at = NULL;
+
+ struct sgsn_subscriber_data *sdata;
+
+ if (!mmctx->subscr)
+ return NULL;
+
+ if (key_seq == GSM_KEY_SEQ_INVAL)
+ /* Start with 0 after increment module array size */
+ idx = ARRAY_SIZE(sdata->auth_triplets) - 1;
+ else
+ idx = key_seq;
+
+ sdata = mmctx->subscr->sgsn_data;
+
+ /* Find next tuple */
+ for (count = ARRAY_SIZE(sdata->auth_triplets); count > 0; count--) {
+ idx = (idx + 1) % ARRAY_SIZE(sdata->auth_triplets);
+
+ if (sdata->auth_triplets[idx].key_seq == GSM_KEY_SEQ_INVAL)
+ continue;
+
+ if (sdata->auth_triplets[idx].use_count == 0) {
+ at = &sdata->auth_triplets[idx];
+ at->use_count = 1;
+ return at;
+ }
+ }
+
+ return NULL;
+}
diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c
index 4bb6a86a4..99c59853b 100644
--- a/openbsc/src/gprs/sgsn_vty.c
+++ b/openbsc/src/gprs/sgsn_vty.c
@@ -380,6 +380,8 @@ DEFUN(cfg_auth_policy, cfg_auth_policy_cmd,
static void subscr_dump_full_vty(struct vty *vty, struct gsm_subscriber *subscr, int pending)
{
char expire_time[200];
+ struct gsm_auth_tuple *at;
+ int at_idx;
vty_out(vty, " ID: %llu, Authorized: %d%s", subscr->id,
subscr->authorized, VTY_NEWLINE);
@@ -398,6 +400,25 @@ static void subscr_dump_full_vty(struct vty *vty, struct gsm_subscriber *subscr,
if (strlen(subscr->equipment.imei) > 0)
vty_out(vty, " IMEI: %s%s", subscr->equipment.imei, VTY_NEWLINE);
+ for (at_idx = 0; at_idx < ARRAY_SIZE(subscr->sgsn_data->auth_triplets);
+ at_idx++) {
+ at = &subscr->sgsn_data->auth_triplets[at_idx];
+ if (at->key_seq == GSM_KEY_SEQ_INVAL)
+ continue;
+
+ vty_out(vty, " A3A8 tuple (used %d times): ",
+ at->use_count);
+ vty_out(vty, " seq # : %d, ",
+ at->key_seq);
+ vty_out(vty, " RAND : %s, ",
+ osmo_hexdump(at->rand, sizeof(at->rand)));
+ vty_out(vty, " SRES : %s, ",
+ osmo_hexdump(at->sres, sizeof(at->sres)));
+ vty_out(vty, " Kc : %s%s",
+ osmo_hexdump(at->kc, sizeof(at->kc)),
+ VTY_NEWLINE);
+ }
+
/* print the expiration time of a subscriber */
if (subscr->expire_lu) {
strftime(expire_time, sizeof(expire_time),
@@ -440,10 +461,12 @@ DEFUN(show_subscr_cache,
"Use the IMSI to select the subscriber\n" \
"The IMSI\n"
+#define UPDATE_SUBSCR_INSERT_HELP "Insert data into the subscriber record\n"
+
DEFUN(update_subscr_insert, update_subscr_insert_cmd,
UPDATE_SUBSCR_STR "insert (authorized|authenticate) (0|1)",
UPDATE_SUBSCR_HELP
- "Insert data into the subscriber record\n"
+ UPDATE_SUBSCR_INSERT_HELP
"Authorize the subscriber to attach\n"
"New option value\n")
{
@@ -469,6 +492,59 @@ DEFUN(update_subscr_insert, update_subscr_insert_cmd,
return CMD_SUCCESS;
}
+DEFUN(update_subscr_insert_auth_triplet, update_subscr_insert_auth_triplet_cmd,
+ UPDATE_SUBSCR_STR "insert auth-triplet <1-5> sres SRES rand RAND kc KC",
+ UPDATE_SUBSCR_HELP
+ UPDATE_SUBSCR_INSERT_HELP
+ "Update authentication triplet\n"
+ "Triplet index\n"
+ "Set SRES value\nSRES value (4 byte) in hex\n"
+ "Set RAND value\nRAND value (16 byte) in hex\n"
+ "Set Kc value\nKc value (8 byte) in hex\n")
+{
+ const char *imsi = argv[0];
+ const int cksn = atoi(argv[1]) - 1;
+ const char *sres_str = argv[2];
+ const char *rand_str = argv[3];
+ const char *kc_str = argv[4];
+ struct gsm_auth_tuple at = {0,};
+
+ struct gsm_subscriber *subscr;
+
+ subscr = gprs_subscr_get_or_create(imsi);
+ if (!subscr) {
+ vty_out(vty, "%% unable get subscriber record for %s\n", imsi);
+ return CMD_WARNING;
+ }
+
+ OSMO_ASSERT(subscr->sgsn_data);
+
+ if (!osmo_hexparse(sres_str, &at.sres[0], sizeof(at.sres)) < 0) {
+ vty_out(vty, "%% invalid SRES value '%s'\n", sres_str);
+ goto failed;
+ }
+ if (!osmo_hexparse(rand_str, &at.rand[0], sizeof(at.rand)) < 0) {
+ vty_out(vty, "%% invalid RAND value '%s'\n", rand_str);
+ goto failed;
+ }
+ if (!osmo_hexparse(kc_str, &at.kc[0], sizeof(at.kc)) < 0) {
+ vty_out(vty, "%% invalid Kc value '%s'\n", kc_str);
+ goto failed;
+ }
+ at.key_seq = cksn;
+
+ subscr->sgsn_data->auth_triplets[cksn] = at;
+ subscr->sgsn_data->auth_triplets_updated = 1;
+
+ subscr_put(subscr);
+
+ return CMD_SUCCESS;
+
+failed:
+ subscr_put(subscr);
+ return CMD_SUCCESS;
+}
+
DEFUN(update_subscr_cancel, update_subscr_cancel_cmd,
UPDATE_SUBSCR_STR "cancel",
UPDATE_SUBSCR_HELP
@@ -521,6 +597,7 @@ int sgsn_vty_init(void)
install_element_ve(&show_subscr_cache_cmd);
install_element(ENABLE_NODE, &update_subscr_insert_cmd);
+ install_element(ENABLE_NODE, &update_subscr_insert_auth_triplet_cmd);
install_element(ENABLE_NODE, &update_subscr_cancel_cmd);
install_element(ENABLE_NODE, &update_subscr_commit_cmd);