oap: implement initial OAP API.

Add oap.[hc] and oap_messages.[hc].

Sponsored-by: On-Waves ehf

openbsc/include/openbsc/Makefile.am

@@ -16,7 +16,8 @@ noinst_HEADERS = abis_nm.h abis_rsl.h db.h gsm_04_08.h gsm_data.h \
 		arfcn_range_encode.h nat_rewrite_trie.h bsc_nat_callstats.h \
 		osmux.h mgcp_transcode.h gprs_utils.h utils.h \
 		 gprs_gb_parse.h smpp.h meas_feed.h gprs_gsup_messages.h \
-		 gprs_gsup_client.h bsc_msg_filter.h
+		 gprs_gsup_client.h bsc_msg_filter.h \
+		 oap.h oap_messages.h
 
 openbsc_HEADERS = gsm_04_08.h meas_rep.h bsc_api.h
 openbscdir = $(includedir)/openbsc

openbsc/include/openbsc/oap.h

@@ -0,0 +1,78 @@
+/* Osmocom Authentication Protocol API */
+
+/* (C) 2015 by Sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Neels Hofmeyr
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#pragma once
+
+#include <stdint.h>
+
+struct msgb;
+struct oap_message;
+
+/* This is the config part for vty. It is essentially copied in oap_state,
+ * where values are copied over once the config is considered valid. */
+struct oap_config {
+	uint16_t client_id;
+	int secret_k_present;
+	uint8_t secret_k[16];
+	int secret_opc_present;
+	uint8_t secret_opc[16];
+};
+
+/* The runtime state of the OAP client. client_id and the secrets are in fact
+ * duplicated from oap_config, so that a separate validation of the config data
+ * is possible, and so that only a struct oap_state* is passed around. */
+struct oap_state {
+	enum {
+		OAP_UNINITIALIZED = 0,	/* just allocated. */
+		OAP_DISABLED,		/* disabled by config. */
+		OAP_INITIALIZED,	/* enabled, config is valid. */
+		OAP_REQUESTED_CHALLENGE,
+		OAP_SENT_CHALLENGE_RESULT,
+		OAP_REGISTERED
+	} state;
+	uint16_t client_id;
+	uint8_t secret_k[16];
+	uint8_t secret_opc[16];
+	int registration_failures;
+};
+
+/* From config, initialize state. Return 0 on success. */
+int oap_init(struct oap_config *config, struct oap_state *state);
+
+/* Construct an OAP registration message and return in *msg_tx. Use
+ * state->client_id and update state->state.
+ * Return 0 on success, or a negative value on error.
+ * If an error is returned, *msg_tx is guaranteed to be NULL. */
+int oap_register(struct oap_state *state, struct msgb **msg_tx);
+
+/* Decode and act on a received OAP message msg_rx. Update state->state.  If a
+ * non-NULL pointer is returned in *msg_tx, that msgb should be sent to the OAP
+ * server (and freed) by the caller. The received msg_rx is not freed.
+ * Return 0 on success, or a negative value on error.
+ * If an error is returned, *msg_tx is guaranteed to be NULL. */
+int oap_handle(struct oap_state *state, const struct msgb *msg_rx, struct msgb **msg_tx);
+
+/* Allocate a msgb and in it, return the encoded oap_msg. Return NULL on
+ * error. (Like oap_encode(), but also allocates a msgb.)
+ * About the name: the idea is do_something(oap_encoded(my_struct)) */
+struct msgb *oap_encoded(const struct oap_message *oap_msg);
+

openbsc/include/openbsc/oap_messages.h

@@ -0,0 +1,70 @@
+/* Osmocom Authentication Protocol message encoder/decoder */
+
+/* (C) 2015 by Sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Neels Hofmeyr
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+#pragma once
+
+#include <stdint.h>
+#include <openbsc/gsm_04_08_gprs.h>
+#include <openbsc/gsm_data.h>
+
+/* Some numbers are out of sequence because (so far) they match gprs_gsup_iei.
+ */
+enum oap_iei {
+	OAP_CAUSE_IE			= 0x02,
+	OAP_RAND_IE			= 0x20,
+	OAP_AUTN_IE			= 0x23,
+	OAP_XRES_IE			= 0x24,
+	OAP_AUTS_IE			= 0x25,
+	OAP_CLIENT_ID_IE		= 0x30,
+};
+
+enum oap_message_type {
+	OAP_MSGT_REGISTER_REQUEST	= 0b00000100,
+	OAP_MSGT_REGISTER_ERROR		= 0b00000101,
+	OAP_MSGT_REGISTER_RESULT	= 0b00000110,
+
+	OAP_MSGT_CHALLENGE_REQUEST	= 0b00001000,
+	OAP_MSGT_CHALLENGE_ERROR	= 0b00001001,
+	OAP_MSGT_CHALLENGE_RESULT	= 0b00001010,
+
+	OAP_MSGT_SYNC_REQUEST		= 0b00001100,
+	OAP_MSGT_SYNC_ERROR		= 0b00001101,
+	OAP_MSGT_SYNC_RESULT		= 0b00001110,
+};
+
+struct oap_message {
+	enum oap_message_type	message_type;
+	enum gsm48_gmm_cause	cause;
+	uint16_t		client_id;
+	int			rand_present;
+	uint8_t			rand[16];
+	int			autn_present;
+	uint8_t			autn[16];
+	int			xres_present;
+	uint8_t			xres[8];
+	int			auts_present;
+	uint8_t			auts[16];
+};
+
+int oap_decode(const uint8_t *data, size_t data_len,
+	       struct oap_message *oap_msg);
+void oap_encode(struct msgb *msg, const struct oap_message *oap_msg);
+

openbsc/src/gprs/Makefile.am

@@ -27,7 +27,8 @@ osmo_sgsn_SOURCES =	gprs_gmm.c gprs_sgsn.c gprs_sndcp.c gprs_sndcp_vty.c \
 			gprs_llc.c gprs_llc_parse.c gprs_llc_vty.c crc24.c \
 			sgsn_ctrl.c sgsn_auth.c gprs_subscriber.c \
 			gprs_gsup_messages.c gprs_utils.c gprs_gsup_client.c \
-			gsm_04_08_gprs.c sgsn_cdr.c sgsn_ares.c
+			gsm_04_08_gprs.c sgsn_cdr.c sgsn_ares.c \
+			oap.c oap_messages.c
 osmo_sgsn_LDADD = 	\
 			$(top_builddir)/src/libcommon/libcommon.a \
 			-lgtp $(OSMO_LIBS) $(LIBOSMOABIS_LIBS) $(LIBCARES_LIBS) \

openbsc/src/gprs/oap.c

@@ -0,0 +1,256 @@
+/* Osmocom Authentication Protocol API */
+
+/* (C) 2015 by Sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Neels Hofmeyr
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <osmocom/crypt/auth.h>
+
+#include <openbsc/oap.h>
+#include <openbsc/utils.h>
+#include <openbsc/debug.h>
+#include <openbsc/oap_messages.h>
+
+int oap_init(struct oap_config *config, struct oap_state *state)
+{
+	OSMO_ASSERT(state->state == OAP_UNINITIALIZED);
+
+	if (config->client_id == 0)
+		goto disable;
+
+	if (config->secret_k_present == 0) {
+		LOGP(DGPRS, LOGL_NOTICE, "OAP: client ID set, but secret K missing.\n");
+		goto disable;
+	}
+
+	if (config->secret_opc_present == 0) {
+		LOGP(DGPRS, LOGL_NOTICE, "OAP: client ID set, but secret OPC missing.\n");
+		goto disable;
+	}
+
+	state->client_id = config->client_id;
+	memcpy(state->secret_k, config->secret_k, sizeof(state->secret_k));
+	memcpy(state->secret_opc, config->secret_opc, sizeof(state->secret_opc));
+	state->state = OAP_INITIALIZED;
+	return 0;
+
+disable:
+	state->state = OAP_DISABLED;
+	return 0;
+}
+
+/* From the given state and received RAND and AUTN octets, validate the
+ * server's authenticity and formulate the matching milenage reply octets in
+ * *tx_xres. The state is not modified.
+ * On success, and if tx_res is not NULL, exactly 8 octets will be written to
+ * *tx_res. If not NULL, tx_res must point at allocated memory of at least 8
+ * octets. The caller will want to send XRES back to the server in a challenge
+ * response message and update the state.
+ * Return 0 on success; -1 if OAP is disabled; -2 if rx_random and rx_autn fail
+ * the authentication check; -3 for any other errors. */
+static int oap_evaluate_challenge(const struct oap_state *state,
+				  const uint8_t *rx_random,
+				  const uint8_t *rx_autn,
+				  uint8_t *tx_xres)
+{
+	osmo_static_assert(sizeof(((struct osmo_sub_auth_data*)0)->u.umts.k)
+			   == sizeof(state->secret_k), _secret_k_size_match);
+	osmo_static_assert(sizeof(((struct osmo_sub_auth_data*)0)->u.umts.opc)
+			   == sizeof(state->secret_opc), _secret_opc_size_match);
+
+	switch(state->state) {
+	case OAP_UNINITIALIZED:
+	case OAP_DISABLED:
+		return -1;
+	default:
+		break;
+	}
+
+	struct osmo_auth_vector vec;
+
+	struct osmo_sub_auth_data auth = {
+		.type		= OSMO_AUTH_TYPE_UMTS,
+		.algo		= OSMO_AUTH_ALG_MILENAGE,
+	};
+
+	memcpy(auth.u.umts.k, state->secret_k, sizeof(auth.u.umts.k));
+	memcpy(auth.u.umts.opc, state->secret_opc, sizeof(auth.u.umts.opc));
+	memset(auth.u.umts.amf, '\0', sizeof(auth.u.umts.amf));
+	auth.u.umts.sqn = 42; /* TODO use incrementing sequence nr */
+
+	memset(&vec, 0, sizeof(vec));
+	osmo_auth_gen_vec(&vec, &auth, rx_random);
+
+	if (vec.res_len != 8) {
+		LOGP(DGPRS, LOGL_ERROR, "OAP: Expected XRES to be 8 octets, got %d\n",
+		     vec.res_len);
+		return -3;
+	}
+
+	if (constant_time_cmp(vec.autn, rx_autn, sizeof(vec.autn)) != 0) {
+		LOGP(DGPRS, LOGL_ERROR, "OAP: AUTN mismatch!\n");
+		LOGP(DGPRS, LOGL_INFO, "OAP: AUTN from server: %s\n",
+		     osmo_hexdump_nospc(rx_autn, sizeof(vec.autn)));
+		LOGP(DGPRS, LOGL_INFO, "OAP: AUTN expected:    %s\n",
+		     osmo_hexdump_nospc(vec.autn, sizeof(vec.autn)));
+		return -2;
+	}
+
+	if (tx_xres != NULL)
+		memcpy(tx_xres, vec.res, 8);
+	return 0;
+}
+
+struct msgb *oap_encoded(const struct oap_message *oap_msg)
+{
+	struct msgb *msg = msgb_alloc_headroom(1000, 64, __func__);
+	OSMO_ASSERT(msg);
+	oap_encode(msg, oap_msg);
+	return msg;
+}
+
+/* Create a new msgb containing an OAP registration message.
+ * On error, return NULL. */
+static struct msgb* oap_msg_register(uint16_t client_id)
+{
+	if (client_id < 1) {
+		LOGP(DGPRS, LOGL_ERROR, "OAP: Invalid client ID: %d\n", client_id);
+		return NULL;
+	}
+
+	struct oap_message oap_msg = {0};
+	oap_msg.message_type = OAP_MSGT_REGISTER_REQUEST;
+	oap_msg.client_id = client_id;
+	return oap_encoded(&oap_msg);
+}
+
+int oap_register(struct oap_state *state, struct msgb **msg_tx)
+{
+	*msg_tx = oap_msg_register(state->client_id);
+	if (!(*msg_tx))
+		return -1;
+
+	state->state = OAP_REQUESTED_CHALLENGE;
+	return 0;
+}
+
+/* Create a new msgb containing an OAP challenge response message.
+ * xres must point at 8 octets to return as challenge response.
+ * On error, return NULL. */
+static struct msgb* oap_msg_challenge_response(uint8_t *xres)
+{
+	struct oap_message oap_reply = {0};
+
+	oap_reply.message_type = OAP_MSGT_CHALLENGE_RESULT;
+	memcpy(oap_reply.xres, xres, sizeof(oap_reply.xres));
+	oap_reply.xres_present = 1;
+	return oap_encoded(&oap_reply);
+}
+
+static int handle_challenge(struct oap_state *state,
+			    struct oap_message *oap_rx,
+			    struct msgb **msg_tx)
+{
+	int rc;
+	if (!(oap_rx->rand_present && oap_rx->autn_present)) {
+		LOGP(DGPRS, LOGL_ERROR,
+		     "OAP challenge incomplete (rand_present: %d, autn_present: %d)\n",
+		     oap_rx->rand_present, oap_rx->autn_present);
+		rc = -2;
+		goto failure;
+	}
+
+	uint8_t xres[8];
+	rc = oap_evaluate_challenge(state,
+				    oap_rx->rand,
+				    oap_rx->autn,
+				    xres);
+	if (rc < 0)
+		goto failure;
+
+	*msg_tx = oap_msg_challenge_response(xres);
+	if ((*msg_tx) == NULL) {
+		rc = -1;
+		goto failure;
+	}
+
+	state->state = OAP_SENT_CHALLENGE_RESULT;
+	return 0;
+
+failure:
+	OSMO_ASSERT(rc < 0);
+	state->state = OAP_INITIALIZED;
+	return rc;
+}
+
+int oap_handle(struct oap_state *state, const struct msgb *msg_rx, struct msgb **msg_tx)
+{
+	*msg_tx = NULL;
+
+	uint8_t *data = msgb_l2(msg_rx);
+	size_t data_len = msgb_l2len(msg_rx);
+	int rc = 0;
+
+	struct oap_message oap_msg = {0};
+
+	OSMO_ASSERT(data);
+
+	rc = oap_decode(data, data_len, &oap_msg);
+	if (rc < 0) {
+		LOGP(DGPRS, LOGL_ERROR,
+		     "Decoding OAP message failed with error '%s' (%d)\n",
+		     get_value_string(gsm48_gmm_cause_names, -rc), -rc);
+		return -10;
+	}
+
+	switch (oap_msg.message_type) {
+	case OAP_MSGT_CHALLENGE_REQUEST:
+		return handle_challenge(state, &oap_msg, msg_tx);
+
+	case OAP_MSGT_REGISTER_RESULT:
+		/* successfully registered */
+		state->state = OAP_REGISTERED;
+		break;
+
+	case OAP_MSGT_REGISTER_ERROR:
+		LOGP(DGPRS, LOGL_ERROR,
+		     "OAP registration failed\n");
+		state->state = OAP_INITIALIZED;
+		if (state->registration_failures < 3) {
+			state->registration_failures ++;
+			return oap_register(state, msg_tx);
+		}
+		return -11;
+
+	case OAP_MSGT_REGISTER_REQUEST:
+	case OAP_MSGT_CHALLENGE_RESULT:
+		LOGP(DGPRS, LOGL_ERROR,
+		     "Received invalid OAP message type for OAP client side: %d\n",
+		     (int)oap_msg.message_type);
+		return -12;
+
+	default:
+		LOGP(DGPRS, LOGL_ERROR,
+		     "Unknown OAP message type: %d\n",
+		     (int)oap_msg.message_type);
+		return -13;
+	}
+
+	return 0;
+}

openbsc/src/gprs/oap_messages.c

@@ -0,0 +1,178 @@
+/* Osmocom Authentication Protocol message encoder/decoder */
+
+/* (C) 2015 by Sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Neels Hofmeyr
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <openbsc/oap_messages.h>
+
+#include <openbsc/debug.h>
+#include <openbsc/gprs_utils.h>
+#include <openbsc/utils.h>
+
+#include <osmocom/gsm/tlv.h>
+#include <osmocom/core/msgb.h>
+
+#include <stdint.h>
+
+
+int oap_decode(const uint8_t *const_data, size_t data_len,
+	       struct oap_message *oap_msg)
+{
+	int rc;
+	uint8_t tag;
+	/* the shift/match functions expect non-const pointers, but we'll
+	 * either copy the data or cast pointers back to const before returning
+	 * them
+	 */
+	uint8_t *data = (uint8_t *)const_data;
+	uint8_t *value;
+	size_t value_len;
+
+	memset(oap_msg, 0, sizeof(*oap_msg));
+
+	/* message type */
+	rc = gprs_shift_v_fixed(&data, &data_len, 1, &value);
+	if (rc < 0)
+		return -GMM_CAUSE_INV_MAND_INFO;
+	oap_msg->message_type = decode_big_endian(value, 1);
+
+	/* specific parts */
+	while (data_len > 0) {
+		enum oap_iei iei;
+
+		rc = gprs_shift_tlv(&data, &data_len, &tag, &value, &value_len);
+		if (rc < 0)
+			return -GMM_CAUSE_PROTO_ERR_UNSPEC;
+
+		iei = tag;
+
+		switch (iei) {
+		case OAP_CLIENT_ID_IE:
+			if (value_len != 2) {
+				LOGP(DGPRS, LOGL_NOTICE,
+				     "OAP IE type client ID (%d) should be 2 octets, but has %d\n",
+				     (int)iei, (int)value_len);
+				return -GMM_CAUSE_PROTO_ERR_UNSPEC;
+			}
+
+			oap_msg->client_id = decode_big_endian(value, value_len);
+
+			if (oap_msg->client_id == 0) {
+				LOGP(DGPRS, LOGL_NOTICE,
+				     "OAP IE type client ID (%d): client ID must be nonzero.\n",
+				     (int)iei);
+				return -GMM_CAUSE_PROTO_ERR_UNSPEC;
+			}
+			break;
+
+		case OAP_AUTN_IE:
+			if (value_len != sizeof(oap_msg->autn)) {
+				LOGP(DGPRS, LOGL_NOTICE,
+				     "OAP IE type AUTN (%d) should be %d octets, but has %d\n",
+				     (int)iei, (int)sizeof(oap_msg->autn), (int)value_len);
+				return -GMM_CAUSE_PROTO_ERR_UNSPEC;
+			}
+			memcpy(oap_msg->autn, value, value_len);
+			oap_msg->autn_present = value_len;
+			break;
+
+		case OAP_RAND_IE:
+			if (value_len != sizeof(oap_msg->rand)) {
+				LOGP(DGPRS, LOGL_NOTICE,
+				     "OAP IE type RAND (%d) should be %d octets, but has %d\n",
+				     (int)iei, (int)sizeof(oap_msg->rand), (int)value_len);
+				return -GMM_CAUSE_PROTO_ERR_UNSPEC;
+			}
+			memcpy(oap_msg->rand, value, value_len);
+			oap_msg->rand_present = value_len;
+			break;
+
+		case OAP_XRES_IE:
+			if (value_len != sizeof(oap_msg->xres)) {
+				LOGP(DGPRS, LOGL_NOTICE,
+				     "OAP IE type XRES (%d) should be %d octets, but has %d\n",
+				     (int)iei, (int)sizeof(oap_msg->xres), (int)value_len);
+				return -GMM_CAUSE_PROTO_ERR_UNSPEC;
+			}
+			memcpy(oap_msg->xres, value, value_len);
+			oap_msg->xres_present = value_len;
+			break;
+
+		case OAP_AUTS_IE:
+			if (value_len != sizeof(oap_msg->auts)) {
+				LOGP(DGPRS, LOGL_NOTICE,
+				     "OAP IE type AUTS (%d) should be %d octets, but has %d\n",
+				     (int)iei, (int)sizeof(oap_msg->auts), (int)value_len);
+				return -GMM_CAUSE_PROTO_ERR_UNSPEC;
+			}
+			memcpy(oap_msg->auts, value, value_len);
+			oap_msg->auts_present = value_len;
+			break;
+
+		case OAP_CAUSE_IE:
+			if (value_len > 1) {
+				LOGP(DGPRS, LOGL_ERROR,
+				     "OAP cause may not exceed one octet, is %d", (int)value_len);
+				return -GMM_CAUSE_PROTO_ERR_UNSPEC;
+			}
+			oap_msg->cause = *value;
+			break;
+
+		default:
+			LOGP(DGPRS, LOGL_NOTICE,
+			     "OAP IE type %d unknown\n", iei);
+			continue;
+		}
+	}
+
+	return 0;
+}
+
+void oap_encode(struct msgb *msg, const struct oap_message *oap_msg)
+{
+	uint8_t u8;
+
+	/* generic part */
+	OSMO_ASSERT(oap_msg->message_type);
+	msgb_v_put(msg, (uint8_t)oap_msg->message_type);
+
+	/* specific parts */
+	if ((u8 = oap_msg->cause))
+		msgb_tlv_put(msg, OAP_CAUSE_IE, sizeof(u8), &u8);
+
+	if (oap_msg->client_id > 0)
+		msgb_tlv_put(msg, OAP_CLIENT_ID_IE, sizeof(oap_msg->client_id),
+			     encode_big_endian(oap_msg->client_id, sizeof(oap_msg->client_id)));
+
+	if (oap_msg->rand_present)
+		msgb_tlv_put(msg, OAP_RAND_IE, sizeof(oap_msg->rand), oap_msg->rand);
+
+	if (oap_msg->autn_present)
+		msgb_tlv_put(msg, OAP_AUTN_IE, sizeof(oap_msg->autn), oap_msg->autn);
+
+	if (oap_msg->auts_present)
+		msgb_tlv_put(msg, OAP_AUTS_IE, sizeof(oap_msg->auts), oap_msg->auts);
+
+	if (oap_msg->xres_present)
+		msgb_tlv_put(msg, OAP_XRES_IE, sizeof(oap_msg->xres), oap_msg->xres);
+
+	msg->l2h = msg->data;
+}
+