Blame - openbsc/src/gprs/oap.c - osmo-sgsn

blob: 0b8f482605a62ee38caede8740b2f7a5b084aae0 [file] [log] [blame]

Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	1	/* Osmocom Authentication Protocol API */
				2
				3	/* (C) 2015 by Sysmocom s.f.m.c. GmbH
				4	* All Rights Reserved
				5	*
				6	* Author: Neels Hofmeyr
				7	*
				8	* This program is free software; you can redistribute it and/or modify
				9	* it under the terms of the GNU Affero General Public License as published by
				10	* the Free Software Foundation; either version 3 of the License, or
				11	* (at your option) any later version.
				12	*
				13	* This program is distributed in the hope that it will be useful,
				14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				16	* GNU Affero General Public License for more details.
				17	*
				18	* You should have received a copy of the GNU Affero General Public License
				19	* along with this program. If not, see <http://www.gnu.org/licenses/>.
				20	*
				21	*/
				22
Harald Welte	31760a1	2016-04-27 15:17:14 +0200	[diff] [blame]	23	#include <string.h>
				24
Harald Welte	50f1c0a	2016-04-25 19:01:26 +0200	[diff] [blame]	25	#include <osmocom/core/utils.h>
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	26	#include <osmocom/crypt/auth.h>
				27
				28	#include <openbsc/oap.h>
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	29	#include <openbsc/debug.h>
				30	#include <openbsc/oap_messages.h>
				31
				32	int oap_init(struct oap_config config, struct oap_state state)
				33	{
				34	OSMO_ASSERT(state->state == OAP_UNINITIALIZED);
				35
				36	if (config->client_id == 0)
				37	goto disable;
				38
				39	if (config->secret_k_present == 0) {
				40	LOGP(DGPRS, LOGL_NOTICE, "OAP: client ID set, but secret K missing.\n");
				41	goto disable;
				42	}
				43
				44	if (config->secret_opc_present == 0) {
				45	LOGP(DGPRS, LOGL_NOTICE, "OAP: client ID set, but secret OPC missing.\n");
				46	goto disable;
				47	}
				48
				49	state->client_id = config->client_id;
				50	memcpy(state->secret_k, config->secret_k, sizeof(state->secret_k));
				51	memcpy(state->secret_opc, config->secret_opc, sizeof(state->secret_opc));
				52	state->state = OAP_INITIALIZED;
				53	return 0;
				54
				55	disable:
				56	state->state = OAP_DISABLED;
				57	return 0;
				58	}
				59
				60	/* From the given state and received RAND and AUTN octets, validate the
				61	* server's authenticity and formulate the matching milenage reply octets in
				62	* *tx_xres. The state is not modified.
				63	* On success, and if tx_res is not NULL, exactly 8 octets will be written to
				64	* *tx_res. If not NULL, tx_res must point at allocated memory of at least 8
				65	* octets. The caller will want to send XRES back to the server in a challenge
				66	* response message and update the state.
				67	* Return 0 on success; -1 if OAP is disabled; -2 if rx_random and rx_autn fail
				68	* the authentication check; -3 for any other errors. */
				69	static int oap_evaluate_challenge(const struct oap_state *state,
				70	const uint8_t *rx_random,
				71	const uint8_t *rx_autn,
				72	uint8_t *tx_xres)
				73	{
				74	osmo_static_assert(sizeof(((struct osmo_sub_auth_data*)0)->u.umts.k)
				75	== sizeof(state->secret_k), _secret_k_size_match);
				76	osmo_static_assert(sizeof(((struct osmo_sub_auth_data*)0)->u.umts.opc)
				77	== sizeof(state->secret_opc), _secret_opc_size_match);
				78
				79	switch(state->state) {
				80	case OAP_UNINITIALIZED:
				81	case OAP_DISABLED:
				82	return -1;
				83	default:
				84	break;
				85	}
				86
				87	struct osmo_auth_vector vec;
				88
				89	struct osmo_sub_auth_data auth = {
				90	.type = OSMO_AUTH_TYPE_UMTS,
				91	.algo = OSMO_AUTH_ALG_MILENAGE,
				92	};
				93
				94	memcpy(auth.u.umts.k, state->secret_k, sizeof(auth.u.umts.k));
				95	memcpy(auth.u.umts.opc, state->secret_opc, sizeof(auth.u.umts.opc));
				96	memset(auth.u.umts.amf, '\0', sizeof(auth.u.umts.amf));
				97	auth.u.umts.sqn = 42; /* TODO use incrementing sequence nr */
				98
				99	memset(&vec, 0, sizeof(vec));
				100	osmo_auth_gen_vec(&vec, &auth, rx_random);
				101
				102	if (vec.res_len != 8) {
				103	LOGP(DGPRS, LOGL_ERROR, "OAP: Expected XRES to be 8 octets, got %d\n",
				104	vec.res_len);
				105	return -3;
				106	}
				107
Harald Welte	50f1c0a	2016-04-25 19:01:26 +0200	[diff] [blame]	108	if (osmo_constant_time_cmp(vec.autn, rx_autn, sizeof(vec.autn)) != 0) {
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	109	LOGP(DGPRS, LOGL_ERROR, "OAP: AUTN mismatch!\n");
				110	LOGP(DGPRS, LOGL_INFO, "OAP: AUTN from server: %s\n",
				111	osmo_hexdump_nospc(rx_autn, sizeof(vec.autn)));
				112	LOGP(DGPRS, LOGL_INFO, "OAP: AUTN expected: %s\n",
				113	osmo_hexdump_nospc(vec.autn, sizeof(vec.autn)));
				114	return -2;
				115	}
				116
				117	if (tx_xres != NULL)
				118	memcpy(tx_xres, vec.res, 8);
				119	return 0;
				120	}
				121
Harald Welte	564c065	2016-04-27 18:14:14 +0200	[diff] [blame^]	122	struct msgb oap_encoded(const struct osmo_oap_message oap_msg)
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	123	{
				124	struct msgb *msg = msgb_alloc_headroom(1000, 64, __func__);
				125	OSMO_ASSERT(msg);
Harald Welte	564c065	2016-04-27 18:14:14 +0200	[diff] [blame^]	126	osmo_oap_encode(msg, oap_msg);
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	127	return msg;
				128	}
				129
				130	/* Create a new msgb containing an OAP registration message.
				131	* On error, return NULL. */
				132	static struct msgb* oap_msg_register(uint16_t client_id)
				133	{
				134	if (client_id < 1) {
				135	LOGP(DGPRS, LOGL_ERROR, "OAP: Invalid client ID: %d\n", client_id);
				136	return NULL;
				137	}
				138
Harald Welte	564c065	2016-04-27 18:14:14 +0200	[diff] [blame^]	139	struct osmo_oap_message oap_msg = {0};
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	140	oap_msg.message_type = OAP_MSGT_REGISTER_REQUEST;
				141	oap_msg.client_id = client_id;
				142	return oap_encoded(&oap_msg);
				143	}
				144
				145	int oap_register(struct oap_state state, struct msgb *msg_tx)
				146	{
				147	*msg_tx = oap_msg_register(state->client_id);
				148	if (!(*msg_tx))
				149	return -1;
				150
				151	state->state = OAP_REQUESTED_CHALLENGE;
				152	return 0;
				153	}
				154
				155	/* Create a new msgb containing an OAP challenge response message.
				156	* xres must point at 8 octets to return as challenge response.
				157	* On error, return NULL. */
				158	static struct msgb* oap_msg_challenge_response(uint8_t *xres)
				159	{
Harald Welte	564c065	2016-04-27 18:14:14 +0200	[diff] [blame^]	160	struct osmo_oap_message oap_reply = {0};
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	161
				162	oap_reply.message_type = OAP_MSGT_CHALLENGE_RESULT;
				163	memcpy(oap_reply.xres, xres, sizeof(oap_reply.xres));
				164	oap_reply.xres_present = 1;
				165	return oap_encoded(&oap_reply);
				166	}
				167
				168	static int handle_challenge(struct oap_state *state,
Harald Welte	564c065	2016-04-27 18:14:14 +0200	[diff] [blame^]	169	struct osmo_oap_message *oap_rx,
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	170	struct msgb **msg_tx)
				171	{
				172	int rc;
				173	if (!(oap_rx->rand_present && oap_rx->autn_present)) {
				174	LOGP(DGPRS, LOGL_ERROR,
				175	"OAP challenge incomplete (rand_present: %d, autn_present: %d)\n",
				176	oap_rx->rand_present, oap_rx->autn_present);
				177	rc = -2;
				178	goto failure;
				179	}
				180
				181	uint8_t xres[8];
				182	rc = oap_evaluate_challenge(state,
				183	oap_rx->rand,
				184	oap_rx->autn,
				185	xres);
				186	if (rc < 0)
				187	goto failure;
				188
				189	*msg_tx = oap_msg_challenge_response(xres);
				190	if ((*msg_tx) == NULL) {
				191	rc = -1;
				192	goto failure;
				193	}
				194
				195	state->state = OAP_SENT_CHALLENGE_RESULT;
				196	return 0;
				197
				198	failure:
				199	OSMO_ASSERT(rc < 0);
				200	state->state = OAP_INITIALIZED;
				201	return rc;
				202	}
				203
				204	int oap_handle(struct oap_state state, const struct msgb msg_rx, struct msgb **msg_tx)
				205	{
				206	*msg_tx = NULL;
				207
				208	uint8_t *data = msgb_l2(msg_rx);
				209	size_t data_len = msgb_l2len(msg_rx);
				210	int rc = 0;
				211
Harald Welte	564c065	2016-04-27 18:14:14 +0200	[diff] [blame^]	212	struct osmo_oap_message oap_msg = {0};
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	213
				214	OSMO_ASSERT(data);
				215
Harald Welte	564c065	2016-04-27 18:14:14 +0200	[diff] [blame^]	216	rc = osmo_oap_decode(data, data_len, &oap_msg);
Neels Hofmeyr	d739f09	2015-10-12 11:57:34 +0200	[diff] [blame]	217	if (rc < 0) {
				218	LOGP(DGPRS, LOGL_ERROR,
				219	"Decoding OAP message failed with error '%s' (%d)\n",
				220	get_value_string(gsm48_gmm_cause_names, -rc), -rc);
				221	return -10;
				222	}
				223
				224	switch (oap_msg.message_type) {
				225	case OAP_MSGT_CHALLENGE_REQUEST:
				226	return handle_challenge(state, &oap_msg, msg_tx);
				227
				228	case OAP_MSGT_REGISTER_RESULT:
				229	/* successfully registered */
				230	state->state = OAP_REGISTERED;
				231	break;
				232
				233	case OAP_MSGT_REGISTER_ERROR:
				234	LOGP(DGPRS, LOGL_ERROR,
				235	"OAP registration failed\n");
				236	state->state = OAP_INITIALIZED;
				237	if (state->registration_failures < 3) {
				238	state->registration_failures ++;
				239	return oap_register(state, msg_tx);
				240	}
				241	return -11;
				242
				243	case OAP_MSGT_REGISTER_REQUEST:
				244	case OAP_MSGT_CHALLENGE_RESULT:
				245	LOGP(DGPRS, LOGL_ERROR,
				246	"Received invalid OAP message type for OAP client side: %d\n",
				247	(int)oap_msg.message_type);
				248	return -12;
				249
				250	default:
				251	LOGP(DGPRS, LOGL_ERROR,
				252	"Unknown OAP message type: %d\n",
				253	(int)oap_msg.message_type);
				254	return -13;
				255	}
				256
				257	return 0;
				258	}