aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2019-08-21 20:01:31 +0200
committerHarald Welte <laforge@osmocom.org>2019-12-01 16:09:16 +0100
commit06f5af22c8421a2557e3681028fac64ca4f3c975 (patch)
treeba103bc672ba72bfd7969e80371431f2d8c7f8e1
parent07e1602d2dd13d0884ccd623d9f7955b921fa702 (diff)
AUC: Add support for setting the AMF separation bit to '1' for EUTRAN
Despite LTE/EUTRAN using the same authentication procedure (UMTS AKA) as 3G, there's one difference: The "operator defined" 16bit AMF field is reduced to 15 bits, with the first bit now being used as 'separation bit'. That bit should be '0' for 2G/3G (as it is right now) and '1' for authentication vectores generated for authentication over EUTRAN/EPS. Depends: libosmocore I93850710ab55a605bf61b95063a69682a2899bb1 (OSMO_GSUP_RAT_TYPES_IE) Change-Id: Ic766bc40f6126bb479bd0a05b0e96bec3e240008
Diffstat
-rw-r--r--include/osmocom/hlr/db.h2
-rw-r--r--src/db_auc.c8
-rw-r--r--src/hlr.c6
-rw-r--r--tests/db/db_test.c2
-rw-r--r--tests/db/db_test.err24
5 files changed, 26 insertions, 16 deletions
diff --git a/include/osmocom/hlr/db.h b/include/osmocom/hlr/db.h
index eacc78e..c927099 100644
--- a/include/osmocom/hlr/db.h
+++ b/include/osmocom/hlr/db.h
@@ -66,7 +66,7 @@ int db_update_sqn(struct db_context *dbc, int64_t id,
int db_get_auc(struct db_context *dbc, const char *imsi,
unsigned int auc_3g_ind, struct osmo_auth_vector *vec,
unsigned int num_vec, const uint8_t *rand_auts,
- const uint8_t *auts);
+ const uint8_t *auts, bool separation_bit);
#include <osmocom/core/linuxlist.h>
#include <osmocom/gsm/protocol/gsm_23_003.h>
diff --git a/src/db_auc.c b/src/db_auc.c
index e3a840e..ecb9f58 100644
--- a/src/db_auc.c
+++ b/src/db_auc.c
@@ -189,7 +189,7 @@ out:
int db_get_auc(struct db_context *dbc, const char *imsi,
unsigned int auc_3g_ind, struct osmo_auth_vector *vec,
unsigned int num_vec, const uint8_t *rand_auts,
- const uint8_t *auts)
+ const uint8_t *auts, bool separation_bit)
{
struct osmo_sub_auth_data aud2g, aud3g;
int64_t subscr_id;
@@ -209,6 +209,12 @@ int db_get_auc(struct db_context *dbc, const char *imsi,
aud3g.u.umts.ind_bitlen, aud3g.u.umts.ind);
aud3g.u.umts.ind &= (1U << aud3g.u.umts.ind_bitlen) - 1;
}
+ /* the first bit (bit0) cannot be used as AMF anymore, but has been
+ * re-appropriated as the separation bit. See 3GPP TS 33.102 Annex H
+ * together with 3GPP TS 33.401 / 33.402 / 33.501 */
+ aud3g.u.umts.amf[0] = aud3g.u.umts.amf[0] & 0x7f;
+ if (separation_bit)
+ aud3g.u.umts.amf[0] |= 0x80;
LOGAUC(imsi, LOGL_DEBUG, "Calling to generate %u vectors\n", num_vec);
rc = auc_compute_vectors(vec, num_vec, &aud2g, &aud3g, rand_auts, auts);
diff --git a/src/hlr.c b/src/hlr.c
index 1638e67..a71b7e1 100644
--- a/src/hlr.c
+++ b/src/hlr.c
@@ -233,6 +233,7 @@ static int rx_send_auth_info(struct osmo_gsup_conn *conn,
{
struct osmo_gsup_message gsup_out;
struct msgb *msg_out;
+ bool separation_bit = false;
int rc;
subscr_create_on_demand(gsup->imsi);
@@ -241,10 +242,13 @@ static int rx_send_auth_info(struct osmo_gsup_conn *conn,
memset(&gsup_out, 0, sizeof(gsup_out));
memcpy(&gsup_out.imsi, &gsup->imsi, sizeof(gsup_out.imsi));
+ if (gsup->current_rat_type == OSMO_RAT_EUTRAN_SGS)
+ separation_bit = true;
+
rc = db_get_auc(dbc, gsup->imsi, conn->auc_3g_ind,
gsup_out.auth_vectors,
ARRAY_SIZE(gsup_out.auth_vectors),
- gsup->rand, gsup->auts);
+ gsup->rand, gsup->auts, separation_bit);
if (rc <= 0) {
gsup_out.message_type = OSMO_GSUP_MSGT_SEND_AUTH_INFO_ERROR;
switch (rc) {
diff --git a/tests/db/db_test.c b/tests/db/db_test.c
index d6060dd..b9b263d 100644
--- a/tests/db/db_test.c
+++ b/tests/db/db_test.c
@@ -115,7 +115,7 @@ static void _fill_invalid(void *dest, size_t size)
#define ASSERT_DB_GET_AUC(imsi, expect_rc) \
do { \
struct osmo_auth_vector vec[N_VECTORS]; \
- ASSERT_RC(db_get_auc(dbc, imsi, 3, vec, N_VECTORS, NULL, NULL), expect_rc); \
+ ASSERT_RC(db_get_auc(dbc, imsi, 3, vec, N_VECTORS, NULL, NULL, false), expect_rc); \
} while (0)
/* Not linking the real auc_compute_vectors(), just returning num_vec.
diff --git a/tests/db/db_test.err b/tests/db/db_test.err
index a3e4d58..6423550 100644
--- a/tests/db/db_test.err
+++ b/tests/db/db_test.err
@@ -814,7 +814,7 @@ db_get_auth_data(dbc, unknown_imsi, &g_aud2g, &g_aud3g, &g_id) --> -2
DAUC IMSI='999999999': No such subscriber
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -2
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -2
DAUC IMSI='123456789000000': No such subscriber
@@ -833,7 +833,7 @@ DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY
DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
@@ -852,7 +852,7 @@ DAUC IMSI='123456789000000': No 3G Auth Data
}
3G: none
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> 3
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> 3
DAUC IMSI='123456789000000': No 3G Auth Data
DAUC IMSI='123456789000000': Calling to generate 3 vectors
DAUC IMSI='123456789000000': Generated 3 vectors
@@ -915,7 +915,7 @@ DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY
DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
@@ -940,7 +940,7 @@ DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY
DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
@@ -963,7 +963,7 @@ DAUC IMSI='123456789000000': No 2G Auth Data
.u.umts.ind_bitlen = 5,
}
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> 3
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> 3
DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': Calling to generate 3 vectors
DAUC IMSI='123456789000000': Generated 3 vectors
@@ -1042,7 +1042,7 @@ DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY
DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
@@ -1064,7 +1064,7 @@ DAUC IMSI='123456789000000': No 2G Auth Data
.u.umts.ind_bitlen = 5,
}
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> 3
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> 3
DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': Calling to generate 3 vectors
DAUC IMSI='123456789000000': Generated 3 vectors
@@ -1077,7 +1077,7 @@ DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY
DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
@@ -1105,7 +1105,7 @@ db_get_auth_data(dbc, imsi0, &g_aud2g, &g_aud3g, &g_id) --> 0
.u.umts.ind_bitlen = 5,
}
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> 3
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> 3
DAUC IMSI='123456789000000': Calling to generate 3 vectors
DAUC IMSI='123456789000000': Generated 3 vectors
DAUC IMSI='123456789000000': Updating SQN=0 in DB
@@ -1323,7 +1323,7 @@ DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY
DAUC IMSI='123456789000000': No 2G Auth Data
DAUC IMSI='123456789000000': No 3G Auth Data
@@ -1332,7 +1332,7 @@ db_subscr_delete_by_id(dbc, id) --> 0
db_subscr_get_by_imsi(dbc, imsi0, &g_subscr) --> -ENOENT
DAUC Cannot read subscriber from db: IMSI='123456789000000': No such subscriber
-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -2
+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -2
DAUC IMSI='123456789000000': No such subscriber
===== test_subscr_aud: SUCCESS
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 13:51:03 +0000