gsm48_tx_mm_auth_req(): support UMTS AUTN

To be able to do R99 UMTS authentication, we need to send along AUTN bytes in
the Authentication Request. Add autn parameter to gsm48_tx_mm_auth_req() and
conditionally append the R99 AUTN TLV to the Authentication Request message.

Change-Id: I0d644559088706aa06b42b9bfe1f8c21ca6fa4da

openbsc/include/openbsc/gsm_04_08.h

@@ -53,7 +53,8 @@ int get_reason_by_chreq(uint8_t ra, int neci);
 void gsm_net_update_ctype(struct gsm_network *net);
 
 int gsm48_tx_mm_info(struct gsm_subscriber_connection *conn);
-int gsm48_tx_mm_auth_req(struct gsm_subscriber_connection *conn, uint8_t *rand, int key_seq);
+int gsm48_tx_mm_auth_req(struct gsm_subscriber_connection *conn, uint8_t *rand,
+			 uint8_t *autn, int key_seq);
 int gsm48_tx_mm_auth_rej(struct gsm_subscriber_connection *conn);
 int gsm48_tx_mm_serv_ack(struct gsm_subscriber_connection *conn);
 int gsm48_tx_mm_serv_rej(struct gsm_subscriber_connection *conn,

openbsc/src/libmsc/gsm_04_08.c

@@ -238,7 +238,8 @@ int gsm48_secure_channel(struct gsm_subscriber_connection *conn, int key_seq,
 	/* Then do whatever is needed ... */
 	if (rc == AUTH_DO_AUTH_THEN_CIPH) {
 		/* Start authentication */
-		return gsm48_tx_mm_auth_req(conn, op->atuple.vec.rand, op->atuple.key_seq);
+		return gsm48_tx_mm_auth_req(conn, op->atuple.vec.rand, NULL,
+					    op->atuple.key_seq);
 	} else if (rc == AUTH_DO_CIPH) {
 		/* Start ciphering directly */
 		return gsm0808_cipher_mode(conn, net->a5_encryption,
@@ -875,14 +876,24 @@ int gsm48_tx_mm_info(struct gsm_subscriber_connection *conn)
 	return gsm48_conn_sendmsg(msg, conn, NULL);
 }
 
-/* Section 9.2.2 */
-int gsm48_tx_mm_auth_req(struct gsm_subscriber_connection *conn, uint8_t *rand, int key_seq)
+/*! Send an Authentication Request to MS on the given subscriber connection
+ * according to 3GPP/ETSI TS 24.008, Section 9.2.2.
+ * \param[in] conn  Subscriber connection to send on.
+ * \param[in] rand  Random challenge token to send, must be 16 bytes long.
+ * \param[in] autn  r99: In case of UMTS mutual authentication, AUTN token to
+ * 	send; must be 16 bytes long, or pass NULL for plain GSM auth.
+ * \param[in] key_seq  auth tuple's sequence number.
+ */
+int gsm48_tx_mm_auth_req(struct gsm_subscriber_connection *conn, uint8_t *rand,
+			 uint8_t *autn, int key_seq)
 {
 	struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 AUTH REQ");
 	struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
 	struct gsm48_auth_req *ar = (struct gsm48_auth_req *) msgb_put(msg, sizeof(*ar));
 
 	DEBUGP(DMM, "-> AUTH REQ (rand = %s)\n", osmo_hexdump(rand, 16));
+	if (autn)
+		DEBUGP(DMM, "   AUTH REQ (autn = %s)\n", osmo_hexdump(autn, 16));
 
 	msg->lchan = conn->lchan;
 	gh->proto_discr = GSM48_PDISC_MM;
@@ -891,9 +902,15 @@ int gsm48_tx_mm_auth_req(struct gsm_subscriber_connection *conn, uint8_t *rand,
 	ar->key_seq = key_seq;
 
 	/* 16 bytes RAND parameters */
+	osmo_static_assert(sizeof(ar->rand) == 16, sizeof_auth_req_r99_rand);
 	if (rand)
 		memcpy(ar->rand, rand, 16);
 
+
+	/* 16 bytes AUTN */
+	if (autn)
+		msgb_tlv_put(msg, GSM48_IE_AUTN, 16, autn);
+
 	return gsm48_conn_sendmsg(msg, conn, NULL);
 }
 

openbsc/src/libmsc/token_auth.c

@@ -106,7 +106,7 @@ unauth:
 			if (conn) {
 				uint8_t auth_rand[16];
 				/* kick the subscriber off the network */
-				gsm48_tx_mm_auth_req(conn, auth_rand, 0);
+				gsm48_tx_mm_auth_req(conn, auth_rand, NULL, 0);
 				gsm48_tx_mm_auth_rej(conn);
 				/* FIXME: close the channel early ?*/
 				//gsm48_send_rr_Release(lchan);
@@ -143,7 +143,7 @@ static int token_sms_cb(unsigned int subsys, unsigned int signal,
 	conn = connection_for_subscr(sms->receiver);
 	if (conn) {
 		/* kick the subscriber off the network */
-		gsm48_tx_mm_auth_req(conn, auth_rand, 0);
+		gsm48_tx_mm_auth_req(conn, auth_rand, NULL, 0);
 		gsm48_tx_mm_auth_rej(conn);
 		/* FIXME: close the channel early ?*/
 		//gsm48_send_rr_Release(lchan);