<p>laforge has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.osmocom.org/c/osmo-hlr/+/15364">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AUC: Add support for setting the AMF separation bit to '1' for EUTRAN<br><br>Despite LTE/EUTRAN using the same authentication procedure (UMTS AKA)<br>as 3G, there's one difference: The "operator defined" 16bit AMF field<br>is reduced to 15 bits, with the first bit now being used as 'separation<br>bit'. That bit should be '0' for 2G/3G (as it is right now) and '1'<br>for authentication vectores generated for authentication over<br>EUTRAN/EPS.<br><br>Depends: libosmocore I93850710ab55a605bf61b95063a69682a2899bb1 (OSMO_GSUP_RAT_TYPES_IE)<br>Change-Id: Ic766bc40f6126bb479bd0a05b0e96bec3e240008<br>---<br>M src/db.h<br>M src/db_auc.c<br>M src/hlr.c<br>M tests/db/db_test.c<br>M tests/db/db_test.err<br>5 files changed, 26 insertions(+), 16 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/osmo-hlr refs/changes/64/15364/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/db.h b/src/db.h</span><br><span>index 15d83de..3735834 100644</span><br><span>--- a/src/db.h</span><br><span>+++ b/src/db.h</span><br><span>@@ -65,7 +65,7 @@</span><br><span> int db_get_auc(struct db_context *dbc, const char *imsi,</span><br><span> unsigned int auc_3g_ind, struct osmo_auth_vector *vec,</span><br><span> unsigned int num_vec, const uint8_t *rand_auts,</span><br><span style="color: hsl(0, 100%, 40%);">- const uint8_t *auts);</span><br><span style="color: hsl(120, 100%, 40%);">+ const uint8_t *auts, bool separation_bit);</span><br><span> </span><br><span> #include <osmocom/core/linuxlist.h></span><br><span> #include <osmocom/gsm/protocol/gsm_23_003.h></span><br><span>diff --git a/src/db_auc.c b/src/db_auc.c</span><br><span>index 2cf7143..6eaee9d 100644</span><br><span>--- a/src/db_auc.c</span><br><span>+++ b/src/db_auc.c</span><br><span>@@ -189,7 +189,7 @@</span><br><span> int db_get_auc(struct db_context *dbc, const char *imsi,</span><br><span> unsigned int auc_3g_ind, struct osmo_auth_vector *vec,</span><br><span> unsigned int num_vec, const uint8_t *rand_auts,</span><br><span style="color: hsl(0, 100%, 40%);">- const uint8_t *auts)</span><br><span style="color: hsl(120, 100%, 40%);">+ const uint8_t *auts, bool separation_bit)</span><br><span> {</span><br><span> struct osmo_sub_auth_data aud2g, aud3g;</span><br><span> int64_t subscr_id;</span><br><span>@@ -209,6 +209,12 @@</span><br><span> aud3g.u.umts.ind_bitlen, aud3g.u.umts.ind);</span><br><span> aud3g.u.umts.ind &= (1U << aud3g.u.umts.ind_bitlen) - 1;</span><br><span> }</span><br><span style="color: hsl(120, 100%, 40%);">+ /* the first bit (bit0) cannot be used as AMF anymore, but has been</span><br><span style="color: hsl(120, 100%, 40%);">+ * re-appropriated as the separation bit. See 3GPP TS 33.102 Annex H</span><br><span style="color: hsl(120, 100%, 40%);">+ * together with 3GPP TS 33.401 / 33.402 / 33.501 */</span><br><span style="color: hsl(120, 100%, 40%);">+ aud3g.u.umts.amf[0] = aud3g.u.umts.amf[0] & 0x7f;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (separation_bit)</span><br><span style="color: hsl(120, 100%, 40%);">+ aud3g.u.umts.amf[0] |= 0x80;</span><br><span> </span><br><span> LOGAUC(imsi, LOGL_DEBUG, "Calling to generate %u vectors\n", num_vec);</span><br><span> rc = auc_compute_vectors(vec, num_vec, &aud2g, &aud3g, rand_auts, auts);</span><br><span>diff --git a/src/hlr.c b/src/hlr.c</span><br><span>index 8b9dff1..4a9ef89 100644</span><br><span>--- a/src/hlr.c</span><br><span>+++ b/src/hlr.c</span><br><span>@@ -233,6 +233,7 @@</span><br><span> {</span><br><span> struct osmo_gsup_message gsup_out;</span><br><span> struct msgb *msg_out;</span><br><span style="color: hsl(120, 100%, 40%);">+ bool separation_bit = false;</span><br><span> int rc;</span><br><span> </span><br><span> subscr_create_on_demand(gsup->imsi);</span><br><span>@@ -241,10 +242,13 @@</span><br><span> memset(&gsup_out, 0, sizeof(gsup_out));</span><br><span> memcpy(&gsup_out.imsi, &gsup->imsi, sizeof(gsup_out.imsi));</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ if (gsup->rat_types_len >= 1 && gsup->rat_types[0] == OSMO_RAT_EUTRAN_SGS)</span><br><span style="color: hsl(120, 100%, 40%);">+ separation_bit = true;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> rc = db_get_auc(dbc, gsup->imsi, conn->auc_3g_ind,</span><br><span> gsup_out.auth_vectors,</span><br><span> ARRAY_SIZE(gsup_out.auth_vectors),</span><br><span style="color: hsl(0, 100%, 40%);">- gsup->rand, gsup->auts);</span><br><span style="color: hsl(120, 100%, 40%);">+ gsup->rand, gsup->auts, separation_bit);</span><br><span> if (rc <= 0) {</span><br><span> gsup_out.message_type = OSMO_GSUP_MSGT_SEND_AUTH_INFO_ERROR;</span><br><span> switch (rc) {</span><br><span>diff --git a/tests/db/db_test.c b/tests/db/db_test.c</span><br><span>index 1da2752..7c31da6 100644</span><br><span>--- a/tests/db/db_test.c</span><br><span>+++ b/tests/db/db_test.c</span><br><span>@@ -115,7 +115,7 @@</span><br><span> #define ASSERT_DB_GET_AUC(imsi, expect_rc) \</span><br><span> do { \</span><br><span> struct osmo_auth_vector vec[N_VECTORS]; \</span><br><span style="color: hsl(0, 100%, 40%);">- ASSERT_RC(db_get_auc(dbc, imsi, 3, vec, N_VECTORS, NULL, NULL), expect_rc); \</span><br><span style="color: hsl(120, 100%, 40%);">+ ASSERT_RC(db_get_auc(dbc, imsi, 3, vec, N_VECTORS, NULL, NULL, false), expect_rc); \</span><br><span> } while (0)</span><br><span> </span><br><span> /* Not linking the real auc_compute_vectors(), just returning num_vec.</span><br><span>diff --git a/tests/db/db_test.err b/tests/db/db_test.err</span><br><span>index a3e4d58..6423550 100644</span><br><span>--- a/tests/db/db_test.err</span><br><span>+++ b/tests/db/db_test.err</span><br><span>@@ -814,7 +814,7 @@</span><br><span> DAUC IMSI='999999999': No such subscriber</span><br><span> </span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -2</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -2</span><br><span> DAUC IMSI='123456789000000': No such subscriber</span><br><span> </span><br><span> </span><br><span>@@ -833,7 +833,7 @@</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY</span><br><span> DAUC IMSI='123456789000000': No 2G Auth Data</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span>@@ -852,7 +852,7 @@</span><br><span> }</span><br><span> 3G: none</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> 3</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> 3</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> DAUC IMSI='123456789000000': Calling to generate 3 vectors</span><br><span> DAUC IMSI='123456789000000': Generated 3 vectors</span><br><span>@@ -915,7 +915,7 @@</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY</span><br><span> DAUC IMSI='123456789000000': No 2G Auth Data</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span>@@ -940,7 +940,7 @@</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY</span><br><span> DAUC IMSI='123456789000000': No 2G Auth Data</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span>@@ -963,7 +963,7 @@</span><br><span> .u.umts.ind_bitlen = 5,</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> 3</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> 3</span><br><span> DAUC IMSI='123456789000000': No 2G Auth Data</span><br><span> DAUC IMSI='123456789000000': Calling to generate 3 vectors</span><br><span> DAUC IMSI='123456789000000': Generated 3 vectors</span><br><span>@@ -1042,7 +1042,7 @@</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY</span><br><span> DAUC IMSI='123456789000000': No 2G Auth Data</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span>@@ -1064,7 +1064,7 @@</span><br><span> .u.umts.ind_bitlen = 5,</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> 3</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> 3</span><br><span> DAUC IMSI='123456789000000': No 2G Auth Data</span><br><span> DAUC IMSI='123456789000000': Calling to generate 3 vectors</span><br><span> DAUC IMSI='123456789000000': Generated 3 vectors</span><br><span>@@ -1077,7 +1077,7 @@</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY</span><br><span> DAUC IMSI='123456789000000': No 2G Auth Data</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span>@@ -1105,7 +1105,7 @@</span><br><span> .u.umts.ind_bitlen = 5,</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> 3</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> 3</span><br><span> DAUC IMSI='123456789000000': Calling to generate 3 vectors</span><br><span> DAUC IMSI='123456789000000': Generated 3 vectors</span><br><span> DAUC IMSI='123456789000000': Updating SQN=0 in DB</span><br><span>@@ -1323,7 +1323,7 @@</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -ENOKEY</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -ENOKEY</span><br><span> DAUC IMSI='123456789000000': No 2G Auth Data</span><br><span> DAUC IMSI='123456789000000': No 3G Auth Data</span><br><span> </span><br><span>@@ -1332,7 +1332,7 @@</span><br><span> db_subscr_get_by_imsi(dbc, imsi0, &g_subscr) --> -ENOENT</span><br><span> DAUC Cannot read subscriber from db: IMSI='123456789000000': No such subscriber</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL) --> -2</span><br><span style="color: hsl(120, 100%, 40%);">+db_get_auc(dbc, imsi0, 3, vec, N_VECTORS, NULL, NULL, false) --> -2</span><br><span> DAUC IMSI='123456789000000': No such subscriber</span><br><span> </span><br><span> ===== test_subscr_aud: SUCCESS</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-hlr/+/15364">change 15364</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-hlr/+/15364"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-hlr </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ic766bc40f6126bb479bd0a05b0e96bec3e240008 </div>
<div style="display:none"> Gerrit-Change-Number: 15364 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: laforge <laforge@gnumonks.org> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>