sgsn: Integrate Auth & Ciph into gsm48_gmm_authorize

Currently the Authentication and Ciphering procedure is not yet invoked by the GMM layer. This patch starts this procedure from within gsm48_gmm_authorize when the mm->auth_state has been set to SGSN_AUTH_AUTHENTICATE and a call to gsm0408_gprs_authenticate has been issued directly or indirectly by the call to sgsn_auth_request. Sponsored-by: On-Waves ehf
2014-12-02 09:47:26 +01:00 · 2014-12-02 09:47:26 +01:00 · 4adb136da6
parent 665acd1dbd
commit 4adb136da6
3 changed files with 29 additions and 1 deletions
--- a/openbsc/include/openbsc/gprs_gmm.h
+++ b/openbsc/include/openbsc/gprs_gmm.h
@ -16,6 +16,7 @@ int gsm0408_gprs_force_reattach_oldmsg(struct msgb *msg);
 void gsm0408_gprs_access_granted(struct sgsn_mm_ctx *mmctx);
 void gsm0408_gprs_access_denied(struct sgsn_mm_ctx *mmctx);
 void gsm0408_gprs_access_cancelled(struct sgsn_mm_ctx *mmctx);
+void gsm0408_gprs_authenticate(struct sgsn_mm_ctx *mmctx);

 int gprs_gmm_rx_suspend(struct gprs_ra_id *raid, uint32_t tlli);
 int gprs_gmm_rx_resume(struct gprs_ra_id *raid, uint32_t tlli,
--- a/openbsc/include/openbsc/gprs_sgsn.h
+++ b/openbsc/include/openbsc/gprs_sgsn.h
@ -60,6 +60,7 @@ enum gprs_t3350_mode {
 /* Authorization/ACL handling */
 enum sgsn_auth_state {
 	SGSN_AUTH_UNKNOWN,
+	SGSN_AUTH_AUTHENTICATE,
 	SGSN_AUTH_ACCEPTED,
 	SGSN_AUTH_REJECTED
 };
--- a/openbsc/src/gprs/gprs_gmm.c
+++ b/openbsc/src/gprs/gprs_gmm.c
@ -209,6 +209,8 @@ static const struct tlv_definition gsm48_sm_att_tlvdef = {
 	},
 };

+static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx);
+
 /* Our implementation, should be kept in SGSN */

 static void mmctx_timer_cb(void *_mm);
@ -646,7 +648,9 @@ static int gsm48_rx_gmm_auth_ciph_resp(struct sgsn_mm_ctx *ctx,
 	ctx->is_authenticated = 1;

 	/* FIXME: enable LLC cipheirng */
-	return 0;
+
+	/* Check if we can let the mobile station enter */
+	return gsm48_gmm_authorize(ctx);
 }

 /* Check if we can already authorize a subscriber */
@ -679,6 +683,21 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx)
 		return 0;
 	}

+	if (ctx->auth_state == SGSN_AUTH_AUTHENTICATE && !ctx->is_authenticated) {
+		struct gsm_auth_tuple *at = &ctx->auth_triplet;
+
+		mmctx_timer_start(ctx, 3360, GSM0408_T3360_SECS);
+		return gsm48_tx_gmm_auth_ciph_req(ctx, at->rand, at->key_seq,
+						  GPRS_ALGO_GEA0);
+	}
+
+	if (ctx->auth_state == SGSN_AUTH_AUTHENTICATE && ctx->is_authenticated &&
+	    ctx->auth_triplet.key_seq != GSM_KEY_SEQ_INVAL) {
+		/* Check again for authorization */
+		sgsn_auth_request(ctx);
+		return 0;
+	}
+
 	if (ctx->auth_state != SGSN_AUTH_ACCEPTED) {
 		LOGMMCTXP(LOGL_NOTICE, ctx,
 			  "authorization is denied, aborting procedure\n");
@ -712,6 +731,13 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx)
 	return 0;
 }

+void gsm0408_gprs_authenticate(struct sgsn_mm_ctx *ctx)
+{
+	ctx->is_authenticated = 0;
+
+	gsm48_gmm_authorize(ctx);
+}
+
 void gsm0408_gprs_access_granted(struct sgsn_mm_ctx *ctx)
 {
 	switch (ctx->mm_state) {