diff options
author | Jacob Erlbeck <jerlbeck@sysmocom.de> | 2014-12-02 09:47:26 +0100 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2014-12-10 12:44:05 +0100 |
commit | 4adb136da63a1d3ed523ad85e12fd99fc62f5701 (patch) | |
tree | 83bc9109cc8dd8e9069d251c4dbc889dad0c75d1 /openbsc | |
parent | 665acd1dbdec2c1e52599f6129ae00c5b5442e72 (diff) |
sgsn: Integrate Auth & Ciph into gsm48_gmm_authorize
Currently the Authentication and Ciphering procedure is not yet
invoked by the GMM layer.
This patch starts this procedure from within gsm48_gmm_authorize when
the mm->auth_state has been set to SGSN_AUTH_AUTHENTICATE and a call
to gsm0408_gprs_authenticate has been issued directly or indirectly
by the call to sgsn_auth_request.
Sponsored-by: On-Waves ehf
Diffstat (limited to 'openbsc')
-rw-r--r-- | openbsc/include/openbsc/gprs_gmm.h | 1 | ||||
-rw-r--r-- | openbsc/include/openbsc/gprs_sgsn.h | 1 | ||||
-rw-r--r-- | openbsc/src/gprs/gprs_gmm.c | 28 |
3 files changed, 29 insertions, 1 deletions
diff --git a/openbsc/include/openbsc/gprs_gmm.h b/openbsc/include/openbsc/gprs_gmm.h index 02030b075..6e0b67b7b 100644 --- a/openbsc/include/openbsc/gprs_gmm.h +++ b/openbsc/include/openbsc/gprs_gmm.h @@ -16,6 +16,7 @@ int gsm0408_gprs_force_reattach_oldmsg(struct msgb *msg); void gsm0408_gprs_access_granted(struct sgsn_mm_ctx *mmctx); void gsm0408_gprs_access_denied(struct sgsn_mm_ctx *mmctx); void gsm0408_gprs_access_cancelled(struct sgsn_mm_ctx *mmctx); +void gsm0408_gprs_authenticate(struct sgsn_mm_ctx *mmctx); int gprs_gmm_rx_suspend(struct gprs_ra_id *raid, uint32_t tlli); int gprs_gmm_rx_resume(struct gprs_ra_id *raid, uint32_t tlli, diff --git a/openbsc/include/openbsc/gprs_sgsn.h b/openbsc/include/openbsc/gprs_sgsn.h index 464982e2b..1b6338998 100644 --- a/openbsc/include/openbsc/gprs_sgsn.h +++ b/openbsc/include/openbsc/gprs_sgsn.h @@ -60,6 +60,7 @@ enum gprs_t3350_mode { /* Authorization/ACL handling */ enum sgsn_auth_state { SGSN_AUTH_UNKNOWN, + SGSN_AUTH_AUTHENTICATE, SGSN_AUTH_ACCEPTED, SGSN_AUTH_REJECTED }; diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c index 4f19454a6..e59e1f056 100644 --- a/openbsc/src/gprs/gprs_gmm.c +++ b/openbsc/src/gprs/gprs_gmm.c @@ -209,6 +209,8 @@ static const struct tlv_definition gsm48_sm_att_tlvdef = { }, }; +static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx); + /* Our implementation, should be kept in SGSN */ static void mmctx_timer_cb(void *_mm); @@ -646,7 +648,9 @@ static int gsm48_rx_gmm_auth_ciph_resp(struct sgsn_mm_ctx *ctx, ctx->is_authenticated = 1; /* FIXME: enable LLC cipheirng */ - return 0; + + /* Check if we can let the mobile station enter */ + return gsm48_gmm_authorize(ctx); } /* Check if we can already authorize a subscriber */ @@ -679,6 +683,21 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx) return 0; } + if (ctx->auth_state == SGSN_AUTH_AUTHENTICATE && !ctx->is_authenticated) { + struct gsm_auth_tuple *at = &ctx->auth_triplet; + + mmctx_timer_start(ctx, 3360, GSM0408_T3360_SECS); + return gsm48_tx_gmm_auth_ciph_req(ctx, at->rand, at->key_seq, + GPRS_ALGO_GEA0); + } + + if (ctx->auth_state == SGSN_AUTH_AUTHENTICATE && ctx->is_authenticated && + ctx->auth_triplet.key_seq != GSM_KEY_SEQ_INVAL) { + /* Check again for authorization */ + sgsn_auth_request(ctx); + return 0; + } + if (ctx->auth_state != SGSN_AUTH_ACCEPTED) { LOGMMCTXP(LOGL_NOTICE, ctx, "authorization is denied, aborting procedure\n"); @@ -712,6 +731,13 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx) return 0; } +void gsm0408_gprs_authenticate(struct sgsn_mm_ctx *ctx) +{ + ctx->is_authenticated = 0; + + gsm48_gmm_authorize(ctx); +} + void gsm0408_gprs_access_granted(struct sgsn_mm_ctx *ctx) { switch (ctx->mm_state) { |