osmo_hlr.py: fix auth algo mapping, properly indicate COMP128v1

So far the resources.conf says we're using XOR, but we wrongly map 'xor' to 1, which is actually comp128v1 in enum osmo_auth_algo from libosmocore (which osmo-hlr uses to interpret the numbers from the hlr.db). This explains why our "xor" tests are succeeding even though libosmocore doesn't support XOR at all: we were using comp128v1 all the while. Fix the auth algo mapping: - define correct mappings, copying enum osmo_auth_algo, in util.py - add a function to get the enum value from name, in util.py - use this in osmo_hlr.py Change subscriber_add() API to take the algorithm string instead of a number. The number is libosmocore internal and we should not expose it within our API beyond above dict. There are no callers using this parameter yet anyway. Adjust resources.conf to indicate COMP128v1 which we are actually using and which means we're still using algorithm number 1 after this change. BTW, osmo-nitb uses the ctrl interface which interprets the names, so is not vulnerable to mapping wrong numbers and needs no fix. (If osmo-hlr featured similar CTRL, which it doesn't yet, this code could be more robust.) Related: OS#2758 Change-Id: I7a6ce92468a6ae46136ad4f62381da261fd196c8
2017-12-14 15:18:05 +01:00 · 2017-12-14 15:18:05 +01:00 · 0af893c79d
parent b05e36aa38
commit 0af893c79d
4 changed files with 26 additions and 24 deletions
--- a/example/resources.conf
+++ b/example/resources.conf
@ -71,7 +71,7 @@ modem:
  path: '/sierra_1'
  imsi: '901700000009031'
  ki: '80A37E6FDEA931EAC92FFA5F671EFEAD'
-  auth_algo: 'xor'
+  auth_algo: 'comp128v1'
  ciphers: [a5_0, a5_1]
  features: ['sms', 'voice', 'ussd', 'gprs']

@ -79,7 +79,7 @@ modem:
  path: '/sierra_2'
  imsi: '901700000009029'
  ki: '00969E283349D354A8239E877F2E0866'
-  auth_algo: 'xor'
+  auth_algo: 'comp128v1'
  ciphers: [a5_0, a5_1]
  features: ['sms', 'voice', 'ussd', 'gprs']

@ -87,7 +87,7 @@ modem:
  path: '/gobi_0'
  imsi: '901700000009030'
  ki: 'BB70807226393CDBAC8DD3439FF54252'
-  auth_algo: 'xor'
+  auth_algo: 'comp128v1'
  ciphers: [a5_0, a5_1]
  features: ['sms', 'ussd', 'gprs']

@ -95,6 +95,6 @@ modem:
  path: '/gobi_3'
  imsi: '901700000009032'
  ki: '2F70DCA43C45ACB97E947FDD0C7CA30A'
-  auth_algo: 'xor'
+  auth_algo: 'comp128v1'
  ciphers: [a5_0, a5_1]
  features: ['gprs']
--- a/src/osmo_gsm_tester/osmo_hlr.py
+++ b/src/osmo_gsm_tester/osmo_hlr.py
@ -32,10 +32,6 @@ class OsmoHlr(log.Origin):
    process = None
    next_subscriber_id = 1

-    AUTH_ALGO_NONE = 0
-    AUTH_ALGO_XOR = 1
-    AUTH_ALGO_COMP128v1 = 2
-
    def __init__(self, suite_run, ip_address):
        super().__init__(log.C_RUN, 'osmo-hlr_%s' % ip_address.get('addr'))
        self.suite_run = suite_run
@ -107,25 +103,23 @@ class OsmoHlr(log.Origin):
            log.ctx(proc)
            raise log.Error('Exited in error')

-    def subscriber_add(self, modem, msisdn=None, algo=None):
+    def subscriber_add(self, modem, msisdn=None, algo_str=None):
        if msisdn is None:
            msisdn = self.suite_run.resources_pool.next_msisdn(modem)
        modem.set_msisdn(msisdn)
        subscriber_id = self.next_subscriber_id
        self.next_subscriber_id += 1

-        if not algo:
-            alg_str = modem.auth_algo()
-            if alg_str is None or alg_str == 'none':
-                algo = self.AUTH_ALGO_NONE
-            elif alg_str == 'comp128v1':
-                algo = self.AUTH_ALGO_COMP128v1
-            elif alg_str == 'xor':
-                algo = self.AUTH_ALGO_XOR
-        if algo != self.AUTH_ALGO_NONE and not modem.ki():
-            raise log.Error("Auth algo %r selected and no KI specified" % algo)
+        if algo_str is None:
+            algo_str = modem.auth_algo() or util.OSMO_AUTH_ALGO_NONE

-        self.log('Add subscriber', msisdn=msisdn, imsi=modem.imsi(), subscriber_id=subscriber_id, algo=algo)
+        if algo_str != util.OSMO_AUTH_ALGO_NONE and not modem.ki():
+            raise log.Error("Auth algo %r selected but no KI specified" % algo_str)
+
+        algo = util.osmo_auth_algo_by_name(algo_str)
+
+        self.log('Add subscriber', msisdn=msisdn, imsi=modem.imsi(), subscriber_id=subscriber_id,
+                 algo_str=algo_str, algo=algo)
        conn = sqlite3.connect(self.db_file)
        try:
            c = conn.cursor()
--- a/src/osmo_gsm_tester/schema.py
+++ b/src/osmo_gsm_tester/schema.py
@ -20,7 +20,7 @@
 import re

 from . import log
-from .util import is_dict, is_list, str2bool
+from .util import is_dict, is_list, str2bool, ENUM_OSMO_AUTH_ALGO

 KEY_RE = re.compile('[a-zA-Z][a-zA-Z0-9_]*')
 IPV4_RE = re.compile('([0-9]{1,3}.){3}[0-9]{1,3}')
@ -62,9 +62,8 @@ def msisdn(val):
    match_re('MSISDN', MSISDN_RE, val)

 def auth_algo(val):
-    if val in ('none', 'xor', 'comp128v1'):
-        return
-    raise ValueError('Unknown Authentication Algorithm: %r' % val)
+    if val not in ENUM_OSMO_AUTH_ALGO:
+        raise ValueError('Unknown Authentication Algorithm: %r' % val)

 def uint(val):
    n = int(val)
--- a/src/osmo_gsm_tester/util.py
+++ b/src/osmo_gsm_tester/util.py
@ -32,6 +32,15 @@ import tty
 import readline
 import subprocess

+# This mirrors enum osmo_auth_algo in libosmocore/include/osmocom/crypt/auth.h
+# so that the index within the tuple matches the enum value.
+OSMO_AUTH_ALGO_NONE = 'none'
+ENUM_OSMO_AUTH_ALGO = (OSMO_AUTH_ALGO_NONE, 'comp128v1', 'comp128v2', 'comp128v3', 'xor', 'milenage')
+
+def osmo_auth_algo_by_name(algo_str):
+    'Return enum osmo_auth_algo numeric value as from libosmocore, raise ValueError if not defined.'
+    return ENUM_OSMO_AUTH_ALGO.index(algo_str.lower())
+
 def prepend_library_path(path):
    lp = os.getenv('LD_LIBRARY_PATH')
    if not lp: