Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-sgsn / 69d271376cce7d26a0469bbb948f272c399ac6c7 / . / openbsc / src / gprs / gprs_gsup_messages.c
blob: 8996fe2bf0fedd4caad6249750aaed14e93324ac [file] [log] [blame]
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]1/* GPRS Subscriber Update Protocol message encoder/decoder */
2
3/*
4 * (C) 2014 by Sysmocom s.f.m.c. GmbH
5 * All Rights Reserved
6 *
7 * Author: Jacob Erlbeck
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include <openbsc/gprs_gsup_messages.h>
25
26#include <openbsc/debug.h>
27#include <openbsc/gprs_utils.h>
28
29#include <osmocom/gsm/tlv.h>
30#include <osmocom/core/msgb.h>
31
32#include <stdint.h>
33
34
35static uint64_t decode_big_endian(const uint8_t *data, size_t data_len)
36{
37 uint64_t value = 0;
38
39 while (data_len > 0) {
40 value = (value << 8) + *data;
41 data += 1;
42 data_len -= 1;
43 }
44
45 return value;
46}
47
48static uint8_t *encode_big_endian(uint64_t value, size_t data_len)
49{
50 static uint8_t buf[sizeof(uint64_t)];
51 int idx;
52
53 OSMO_ASSERT(data_len <= ARRAY_SIZE(buf));
54
55 for (idx = data_len - 1; idx >= 0; idx--) {
56 buf[idx] = (uint8_t)value;
57 value = value >> 8;
58 }
59
60 return buf;
61}
62
63static int decode_pdp_info(uint8_t *data, size_t data_len,
64 struct gprs_gsup_pdp_info *pdp_info)
65{
66 int rc;
67 uint8_t tag;
68 uint8_t *value;
69 size_t value_len;
70
71 /* specific parts */
72 while (data_len > 0) {
73 enum gprs_gsup_iei iei;
74
75 rc = gprs_shift_tlv(&data, &data_len, &tag, &value, &value_len);
76 if (rc < 0)
Jacob Erlbeckbce20612015-01-05 18:57:32 +0100[diff] [blame]77 return -GMM_CAUSE_PROTO_ERR_UNSPEC;
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]78
79 iei = tag;
80
81 switch (iei) {
82 case GPRS_GSUP_PDP_CONTEXT_ID_IE:
83 pdp_info->context_id = decode_big_endian(value, value_len);
84 break;
85
86 case GPRS_GSUP_PDP_TYPE_IE:
87 pdp_info->pdp_type =
88 decode_big_endian(value, value_len) & 0x0fff;
89 break;
90
91 case GPRS_GSUP_ACCESS_POINT_NAME_IE:
92 pdp_info->apn_enc = value;
93 pdp_info->apn_enc_len = value_len;
94 break;
95
96 default:
97 LOGP(DGPRS, LOGL_ERROR,
98 "GSUP IE type %d not expected in PDP info\n", iei);
99 continue;
100 }
101 }
102
103 return 0;
104}
105
106static int decode_auth_info(uint8_t *data, size_t data_len,
107 struct gsm_auth_tuple *auth_tuple)
108{
109 int rc;
110 uint8_t tag;
111 uint8_t *value;
112 size_t value_len;
113 enum gprs_gsup_iei iei;
114
115 /* specific parts */
116 while (data_len > 0) {
117 rc = gprs_shift_tlv(&data, &data_len, &tag, &value, &value_len);
118 if (rc < 0)
Jacob Erlbeckbce20612015-01-05 18:57:32 +0100[diff] [blame]119 return -GMM_CAUSE_PROTO_ERR_UNSPEC;
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]120
121 iei = tag;
122
123 switch (iei) {
124 case GPRS_GSUP_RAND_IE:
125 if (value_len != sizeof(auth_tuple->rand))
126 goto parse_error;
127
128 memcpy(auth_tuple->rand, value, value_len);
129 break;
130
131 case GPRS_GSUP_SRES_IE:
132 if (value_len != sizeof(auth_tuple->sres))
133 goto parse_error;
134
135 memcpy(auth_tuple->sres, value, value_len);
136 break;
137
138 case GPRS_GSUP_KC_IE:
139 if (value_len != sizeof(auth_tuple->kc))
140 goto parse_error;
141
142 memcpy(auth_tuple->kc, value, value_len);
143 break;
144
145 default:
146 LOGP(DGPRS, LOGL_ERROR,
147 "GSUP IE type %d not expected in PDP info\n", iei);
148 continue;
149 }
150 }
151
152 return 0;
153
154parse_error:
155 LOGP(DGPRS, LOGL_ERROR,
156 "GSUP IE type %d, length %d invalid in PDP info\n", iei, value_len);
157
158 return -1;
159}
160
161int gprs_gsup_decode(const uint8_t *const_data, size_t data_len,
162 struct gprs_gsup_message *gsup_msg)
163{
164 int rc;
165 uint8_t tag;
166 /* the shift/match functions expect non-const pointers, but we'll
167 * either copy the data or cast pointers back to const before returning
168 * them
169 */
170 uint8_t *data = (uint8_t *)const_data;
171 uint8_t *value;
172 size_t value_len;
173 static const struct gprs_gsup_pdp_info empty_pdp_info = {0};
174 static const struct gsm_auth_tuple empty_auth_info = {0};
Jacob Erlbeck16106262015-01-12 13:54:39 +0100[diff] [blame]175 static const struct gprs_gsup_message empty_gsup_message = {0};
176
177 *gsup_msg = empty_gsup_message;
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]178
179 /* generic part */
Jacob Erlbeck424ffa42015-01-12 13:23:05 +0100[diff] [blame]180 rc = gprs_shift_v_fixed(&data, &data_len, 1, &value);
181 if (rc < 0)
182 return -GMM_CAUSE_INV_MAND_INFO;
183
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]184 gsup_msg->message_type = decode_big_endian(value, 1);
185
186 rc = gprs_match_tlv(&data, &data_len, GPRS_GSUP_IMSI_IE,
187 &value, &value_len);
188
189 if (rc <= 0)
190 return -GMM_CAUSE_INV_MAND_INFO;
191
192 if (value_len * 2 + 1 > sizeof(gsup_msg->imsi))
193 return -GMM_CAUSE_INV_MAND_INFO;
194
195 /* Note that gsm48_decode_bcd_number expects the number of encoded IMSI
196 * octets in the first octet. By coincidence (the TLV encoding) the byte
197 * before the value part already contains this length so we can use it
198 * here.
199 */
200 OSMO_ASSERT(value[-1] == value_len);
201 gsm48_decode_bcd_number(gsup_msg->imsi, sizeof(gsup_msg->imsi),
202 value - 1, 0);
203
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]204 /* specific parts */
205 while (data_len > 0) {
206 enum gprs_gsup_iei iei;
207 struct gprs_gsup_pdp_info pdp_info;
208 struct gsm_auth_tuple auth_info;
209
210 rc = gprs_shift_tlv(&data, &data_len, &tag, &value, &value_len);
211 if (rc < 0)
212 return -GMM_CAUSE_PROTO_ERR_UNSPEC;
213
214 iei = tag;
215
216 switch (iei) {
217 case GPRS_GSUP_IMSI_IE:
218 case GPRS_GSUP_PDP_TYPE_IE:
219 case GPRS_GSUP_ACCESS_POINT_NAME_IE:
220 case GPRS_GSUP_RAND_IE:
221 case GPRS_GSUP_SRES_IE:
222 case GPRS_GSUP_KC_IE:
223 LOGP(DGPRS, LOGL_NOTICE,
224 "GSUP IE type %d not expected (ignored)\n", iei);
225 continue;
226
227 case GPRS_GSUP_CAUSE_IE:
228 gsup_msg->cause = decode_big_endian(value, value_len);
229 break;
230
231 case GPRS_GSUP_CANCEL_TYPE_IE:
232 gsup_msg->cancel_type =
233 decode_big_endian(value, value_len) + 1;
234 break;
235
236 case GPRS_GSUP_PDP_INFO_COMPL_IE:
237 gsup_msg->pdp_info_compl = 1;
238 break;
239
Jacob Erlbeck69d27132015-01-15 11:50:08 +0100[diff] [blame^]240 case GPRS_GSUP_FREEZE_PTMSI_IE:
241 gsup_msg->freeze_ptmsi = 1;
242 break;
243
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]244 case GPRS_GSUP_PDP_CONTEXT_ID_IE:
245 /* When these IE appear in the top-level part of the
246 * message, they are used by Delete Subscr Info to delete
247 * single entries. We don't have an extra list for
248 * these but use the PDP info list instead */
249
250 /* fall through */
251
252 case GPRS_GSUP_PDP_INFO_IE:
253 if (gsup_msg->num_pdp_infos >= GPRS_GSUP_MAX_NUM_PDP_INFO) {
254 LOGP(DGPRS, LOGL_ERROR,
255 "GSUP IE type %d (PDP_INFO) max exceeded\n",
256 iei);
257 return -GMM_CAUSE_COND_IE_ERR;
258 }
259
Jacob Erlbeck16106262015-01-12 13:54:39 +0100[diff] [blame]260 pdp_info = empty_pdp_info;
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]261
262 if (iei == GPRS_GSUP_PDP_INFO_IE) {
263 rc = decode_pdp_info(value, value_len, &pdp_info);
264 if (rc < 0)
265 return rc;
266 pdp_info.have_info = 1;
267 } else {
268 pdp_info.context_id =
269 decode_big_endian(value, value_len);
270 }
271
272 gsup_msg->pdp_infos[gsup_msg->num_pdp_infos++] =
273 pdp_info;
274 break;
275
276 case GPRS_GSUP_AUTH_TUPLE_IE:
277 if (gsup_msg->num_auth_tuples >= GPRS_GSUP_MAX_NUM_AUTH_INFO) {
278 LOGP(DGPRS, LOGL_ERROR,
279 "GSUP IE type %d (AUTH_INFO) max exceeded\n",
280 iei);
281 return -GMM_CAUSE_INV_MAND_INFO;
282 }
283
Jacob Erlbeck16106262015-01-12 13:54:39 +0100[diff] [blame]284 auth_info = empty_auth_info;
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]285 auth_info.key_seq = gsup_msg->num_auth_tuples;
286
287 rc = decode_auth_info(value, value_len, &auth_info);
288 if (rc < 0)
289 return rc;
290
291 gsup_msg->auth_tuples[gsup_msg->num_auth_tuples++] =
292 auth_info;
293 break;
294 default:
295 LOGP(DGPRS, LOGL_NOTICE,
296 "GSUP IE type %d unknown\n", iei);
297 continue;
298 }
299 }
300
301 return 0;
302}
303
304static void encode_pdp_info(struct msgb *msg, enum gprs_gsup_iei iei,
305 const struct gprs_gsup_pdp_info *pdp_info)
306{
307 uint8_t *len_field;
308 size_t old_len;
309 uint8_t u8;
310
311 len_field = msgb_tlv_put(msg, iei, 0, NULL) - 1;
312 old_len = msgb_length(msg);
313
314 u8 = pdp_info->context_id;
315 msgb_tlv_put(msg, GPRS_GSUP_PDP_CONTEXT_ID_IE, sizeof(u8), &u8);
316
317 if (pdp_info->pdp_type) {
318 msgb_tlv_put(msg, GPRS_GSUP_PDP_TYPE_IE,
319 GPRS_GSUP_PDP_TYPE_SIZE,
320 encode_big_endian(pdp_info->pdp_type | 0xf000,
321 GPRS_GSUP_PDP_TYPE_SIZE));
322 }
323
324 if (pdp_info->apn_enc) {
325 msgb_tlv_put(msg, GPRS_GSUP_ACCESS_POINT_NAME_IE,
326 pdp_info->apn_enc_len, pdp_info->apn_enc);
327 }
328
329 /* Update length field */
330 *len_field = msgb_length(msg) - old_len;
331}
332
333static void encode_auth_info(struct msgb *msg, enum gprs_gsup_iei iei,
334 const struct gsm_auth_tuple *auth_tuple)
335{
336 uint8_t *len_field;
337 size_t old_len;
338
339 len_field = msgb_tlv_put(msg, iei, 0, NULL) - 1;
340 old_len = msgb_length(msg);
341
342 msgb_tlv_put(msg, GPRS_GSUP_RAND_IE,
343 sizeof(auth_tuple->rand), auth_tuple->rand);
344
345 msgb_tlv_put(msg, GPRS_GSUP_SRES_IE,
346 sizeof(auth_tuple->sres), auth_tuple->sres);
347
348 msgb_tlv_put(msg, GPRS_GSUP_KC_IE,
349 sizeof(auth_tuple->kc), auth_tuple->kc);
350
351 /* Update length field */
352 *len_field = msgb_length(msg) - old_len;
353}
354
355void gprs_gsup_encode(struct msgb *msg, const struct gprs_gsup_message *gsup_msg)
356{
357 uint8_t u8;
358 int idx;
359 uint8_t bcd_buf[GSM48_MI_SIZE] = {0};
360 size_t bcd_len;
361
362 /* generic part */
363 OSMO_ASSERT(gsup_msg->message_type);
364 msgb_v_put(msg, gsup_msg->message_type);
365
366 bcd_len = gsm48_encode_bcd_number(bcd_buf, sizeof(bcd_buf), 0,
367 gsup_msg->imsi);
368
369 OSMO_ASSERT(bcd_len > 1);
370
371 /* Note that gsm48_encode_bcd_number puts the length into the first
372 * octet. Since msgb_tlv_put will add this length byte, we'll have to
373 * skip it */
374 msgb_tlv_put(msg, GPRS_GSUP_IMSI_IE, bcd_len - 1, &bcd_buf[1]);
375
376 /* specific parts */
377 if ((u8 = gsup_msg->cause))
378 msgb_tlv_put(msg, GPRS_GSUP_CAUSE_IE, sizeof(u8), &u8);
379
380 if ((u8 = gsup_msg->cancel_type)) {
381 u8 -= 1;
382 msgb_tlv_put(msg, GPRS_GSUP_CANCEL_TYPE_IE, sizeof(u8), &u8);
383 }
384
385 if (gsup_msg->pdp_info_compl)
386 msgb_tlv_put(msg, GPRS_GSUP_PDP_INFO_COMPL_IE, 0, &u8);
387
Jacob Erlbeck69d27132015-01-15 11:50:08 +0100[diff] [blame^]388 if (gsup_msg->freeze_ptmsi)
389 msgb_tlv_put(msg, GPRS_GSUP_FREEZE_PTMSI_IE, 0, &u8);
390
Jacob Erlbeckf3a271f2014-12-11 16:54:14 +0100[diff] [blame]391 for (idx = 0; idx < gsup_msg->num_pdp_infos; idx++) {
392 const struct gprs_gsup_pdp_info *pdp_info;
393
394 pdp_info = &gsup_msg->pdp_infos[idx];
395
396 if (pdp_info->context_id == 0)
397 continue;
398
399 if (pdp_info->have_info) {
400 encode_pdp_info(msg, GPRS_GSUP_PDP_INFO_IE, pdp_info);
401 } else {
402 u8 = pdp_info->context_id;
403 msgb_tlv_put(msg, GPRS_GSUP_PDP_CONTEXT_ID_IE,
404 sizeof(u8), &u8);
405 }
406 }
407
408 for (idx = 0; idx < gsup_msg->num_auth_tuples; idx++) {
409 const struct gsm_auth_tuple *auth_info;
410
411 auth_info = &gsup_msg->auth_tuples[idx];
412
413 if (auth_info->key_seq == GSM_KEY_SEQ_INVAL)
414 continue;
415
416 encode_auth_info(msg, GPRS_GSUP_AUTH_TUPLE_IE, auth_info);
417 }
418}