osmo_hlr.py: fix auth algo mapping, properly indicate COMP128v1
So far the resources.conf says we're using XOR, but we wrongly map 'xor' to 1, which is actually comp128v1 in enum osmo_auth_algo from libosmocore (which osmo-hlr uses to interpret the numbers from the hlr.db). This explains why our "xor" tests are succeeding even though libosmocore doesn't support XOR at all: we were using comp128v1 all the while. Fix the auth algo mapping: - define correct mappings, copying enum osmo_auth_algo, in util.py - add a function to get the enum value from name, in util.py - use this in osmo_hlr.py Change subscriber_add() API to take the algorithm string instead of a number. The number is libosmocore internal and we should not expose it within our API beyond above dict. There are no callers using this parameter yet anyway. Adjust resources.conf to indicate COMP128v1 which we are actually using and which means we're still using algorithm number 1 after this change. BTW, osmo-nitb uses the ctrl interface which interprets the names, so is not vulnerable to mapping wrong numbers and needs no fix. (If osmo-hlr featured similar CTRL, which it doesn't yet, this code could be more robust.) Related: OS#2758 Change-Id: I7a6ce92468a6ae46136ad4f62381da261fd196c8
This commit is contained in:
parent
b05e36aa38
commit
0af893c79d
|
@ -71,7 +71,7 @@ modem:
|
|||
path: '/sierra_1'
|
||||
imsi: '901700000009031'
|
||||
ki: '80A37E6FDEA931EAC92FFA5F671EFEAD'
|
||||
auth_algo: 'xor'
|
||||
auth_algo: 'comp128v1'
|
||||
ciphers: [a5_0, a5_1]
|
||||
features: ['sms', 'voice', 'ussd', 'gprs']
|
||||
|
||||
|
@ -79,7 +79,7 @@ modem:
|
|||
path: '/sierra_2'
|
||||
imsi: '901700000009029'
|
||||
ki: '00969E283349D354A8239E877F2E0866'
|
||||
auth_algo: 'xor'
|
||||
auth_algo: 'comp128v1'
|
||||
ciphers: [a5_0, a5_1]
|
||||
features: ['sms', 'voice', 'ussd', 'gprs']
|
||||
|
||||
|
@ -87,7 +87,7 @@ modem:
|
|||
path: '/gobi_0'
|
||||
imsi: '901700000009030'
|
||||
ki: 'BB70807226393CDBAC8DD3439FF54252'
|
||||
auth_algo: 'xor'
|
||||
auth_algo: 'comp128v1'
|
||||
ciphers: [a5_0, a5_1]
|
||||
features: ['sms', 'ussd', 'gprs']
|
||||
|
||||
|
@ -95,6 +95,6 @@ modem:
|
|||
path: '/gobi_3'
|
||||
imsi: '901700000009032'
|
||||
ki: '2F70DCA43C45ACB97E947FDD0C7CA30A'
|
||||
auth_algo: 'xor'
|
||||
auth_algo: 'comp128v1'
|
||||
ciphers: [a5_0, a5_1]
|
||||
features: ['gprs']
|
||||
|
|
|
@ -32,10 +32,6 @@ class OsmoHlr(log.Origin):
|
|||
process = None
|
||||
next_subscriber_id = 1
|
||||
|
||||
AUTH_ALGO_NONE = 0
|
||||
AUTH_ALGO_XOR = 1
|
||||
AUTH_ALGO_COMP128v1 = 2
|
||||
|
||||
def __init__(self, suite_run, ip_address):
|
||||
super().__init__(log.C_RUN, 'osmo-hlr_%s' % ip_address.get('addr'))
|
||||
self.suite_run = suite_run
|
||||
|
@ -107,25 +103,23 @@ class OsmoHlr(log.Origin):
|
|||
log.ctx(proc)
|
||||
raise log.Error('Exited in error')
|
||||
|
||||
def subscriber_add(self, modem, msisdn=None, algo=None):
|
||||
def subscriber_add(self, modem, msisdn=None, algo_str=None):
|
||||
if msisdn is None:
|
||||
msisdn = self.suite_run.resources_pool.next_msisdn(modem)
|
||||
modem.set_msisdn(msisdn)
|
||||
subscriber_id = self.next_subscriber_id
|
||||
self.next_subscriber_id += 1
|
||||
|
||||
if not algo:
|
||||
alg_str = modem.auth_algo()
|
||||
if alg_str is None or alg_str == 'none':
|
||||
algo = self.AUTH_ALGO_NONE
|
||||
elif alg_str == 'comp128v1':
|
||||
algo = self.AUTH_ALGO_COMP128v1
|
||||
elif alg_str == 'xor':
|
||||
algo = self.AUTH_ALGO_XOR
|
||||
if algo != self.AUTH_ALGO_NONE and not modem.ki():
|
||||
raise log.Error("Auth algo %r selected and no KI specified" % algo)
|
||||
if algo_str is None:
|
||||
algo_str = modem.auth_algo() or util.OSMO_AUTH_ALGO_NONE
|
||||
|
||||
self.log('Add subscriber', msisdn=msisdn, imsi=modem.imsi(), subscriber_id=subscriber_id, algo=algo)
|
||||
if algo_str != util.OSMO_AUTH_ALGO_NONE and not modem.ki():
|
||||
raise log.Error("Auth algo %r selected but no KI specified" % algo_str)
|
||||
|
||||
algo = util.osmo_auth_algo_by_name(algo_str)
|
||||
|
||||
self.log('Add subscriber', msisdn=msisdn, imsi=modem.imsi(), subscriber_id=subscriber_id,
|
||||
algo_str=algo_str, algo=algo)
|
||||
conn = sqlite3.connect(self.db_file)
|
||||
try:
|
||||
c = conn.cursor()
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
import re
|
||||
|
||||
from . import log
|
||||
from .util import is_dict, is_list, str2bool
|
||||
from .util import is_dict, is_list, str2bool, ENUM_OSMO_AUTH_ALGO
|
||||
|
||||
KEY_RE = re.compile('[a-zA-Z][a-zA-Z0-9_]*')
|
||||
IPV4_RE = re.compile('([0-9]{1,3}.){3}[0-9]{1,3}')
|
||||
|
@ -62,9 +62,8 @@ def msisdn(val):
|
|||
match_re('MSISDN', MSISDN_RE, val)
|
||||
|
||||
def auth_algo(val):
|
||||
if val in ('none', 'xor', 'comp128v1'):
|
||||
return
|
||||
raise ValueError('Unknown Authentication Algorithm: %r' % val)
|
||||
if val not in ENUM_OSMO_AUTH_ALGO:
|
||||
raise ValueError('Unknown Authentication Algorithm: %r' % val)
|
||||
|
||||
def uint(val):
|
||||
n = int(val)
|
||||
|
|
|
@ -32,6 +32,15 @@ import tty
|
|||
import readline
|
||||
import subprocess
|
||||
|
||||
# This mirrors enum osmo_auth_algo in libosmocore/include/osmocom/crypt/auth.h
|
||||
# so that the index within the tuple matches the enum value.
|
||||
OSMO_AUTH_ALGO_NONE = 'none'
|
||||
ENUM_OSMO_AUTH_ALGO = (OSMO_AUTH_ALGO_NONE, 'comp128v1', 'comp128v2', 'comp128v3', 'xor', 'milenage')
|
||||
|
||||
def osmo_auth_algo_by_name(algo_str):
|
||||
'Return enum osmo_auth_algo numeric value as from libosmocore, raise ValueError if not defined.'
|
||||
return ENUM_OSMO_AUTH_ALGO.index(algo_str.lower())
|
||||
|
||||
def prepend_library_path(path):
|
||||
lp = os.getenv('LD_LIBRARY_PATH')
|
||||
if not lp:
|
||||
|
|
Loading…
Reference in New Issue