From 86b630cfe1403d8145e5744e907af0f1328a40c1 Mon Sep 17 00:00:00 2001 From: Pau Espin Pedrol Date: Mon, 9 Jan 2023 18:29:21 +0100 Subject: [PATCH] vty: Introduce encryption cipher-plugin-path command The load of plugins will eventually be moved to libosmo-gprs implementation, and path will be passed as a parameter. Once it's moved inside libosmo-gprs, it will be more strict on load failures, which can cause internally if the path doesn't exist (unless NULL is passed). Hence, add a VTY config to allow configuring the right path, and have it disabled by default. Change-Id: I4f965c7afafa193f4d7486750dd3e43cca22bb65 --- include/osmocom/sgsn/sgsn.h | 1 + src/sgsn/sgsn_main.c | 4 ++-- src/sgsn/sgsn_vty.c | 25 +++++++++++++++++++++++++ tests/osmo-sgsn_test-nodes.vty | 2 ++ 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/include/osmocom/sgsn/sgsn.h b/include/osmocom/sgsn/sgsn.h index 441a614c0..6e93178af 100644 --- a/include/osmocom/sgsn/sgsn.h +++ b/include/osmocom/sgsn/sgsn.h @@ -77,6 +77,7 @@ struct sgsn_config { /* misc */ struct gprs_ns2_inst *nsi; + char *crypt_cipher_plugin_path; enum sgsn_auth_policy auth_policy; uint8_t gea_encryption_mask; uint8_t uea_encryption_mask; diff --git a/src/sgsn/sgsn_main.c b/src/sgsn/sgsn_main.c index d9d454c3a..04de6a26f 100644 --- a/src/sgsn/sgsn_main.c +++ b/src/sgsn/sgsn_main.c @@ -413,8 +413,6 @@ int main(int argc, char **argv) sgsn->cfg.nsi = sgsn_nsi; bssgp_set_bssgp_callback(sgsn_bssgp_dispatch_ns_unitdata_req_cb, sgsn_nsi); - gprs_llc_init("/usr/local/lib/osmocom/crypt/"); - gprs_ns2_vty_init(sgsn_nsi); bssgp_vty_init(); gprs_llc_vty_init(); @@ -449,6 +447,8 @@ int main(int argc, char **argv) if (rc < 0) exit(1); + gprs_llc_init(sgsn->cfg.crypt_cipher_plugin_path); + rc = sgsn_gtp_init(sgsn); if (rc) { LOGP(DGPRS, LOGL_FATAL, "Cannot bind/listen on GTP socket\n"); diff --git a/src/sgsn/sgsn_vty.c b/src/sgsn/sgsn_vty.c index 79764f190..b31fb5968 100644 --- a/src/sgsn/sgsn_vty.c +++ b/src/sgsn/sgsn_vty.c @@ -282,6 +282,8 @@ static int config_write_sgsn(struct vty *vty) vty_out(vty, "%s", VTY_NEWLINE); } + if (g_cfg->crypt_cipher_plugin_path) + vty_out(vty, "encryption cipher-plugin-path %s%s", g_cfg->crypt_cipher_plugin_path, VTY_NEWLINE); if (g_cfg->sgsn_ipa_name) vty_out(vty, " gsup ipa-name %s%s", g_cfg->sgsn_ipa_name, VTY_NEWLINE); if (g_cfg->gsup_server_addr.sin_addr.s_addr) @@ -839,6 +841,27 @@ DEFUN(cfg_encrypt2, cfg_encrypt2_cmd, return CMD_SUCCESS; } +DEFUN(cfg_encrypt_cipher_plugin_path, cfg_encrypt_cipher_plugin_path_cmd, + "encryption cipher-plugin-path PATH", + ENCRYPTION_STR + "Path to gprs encryption cipher plugin directory\n" + "Plugin path\n") +{ + osmo_talloc_replace_string(sgsn, &sgsn->cfg.crypt_cipher_plugin_path, argv[0]); + + return CMD_SUCCESS; +} + +DEFUN(cfg_no_encrypt_cipher_plugin_path, cfg_no_encrypt_cipher_plugin_path_cmd, + "no encryption cipher-plugin-path PATH", + NO_STR ENCRYPTION_STR + "Path to gprs encryption cipher plugin directory\n" + "Plugin path\n") +{ + TALLOC_FREE(sgsn->cfg.crypt_cipher_plugin_path); + return CMD_SUCCESS; +} + DEFUN(cfg_authentication, cfg_authentication_cmd, "authentication (optional|required)", "Whether to enforce MS authentication in GERAN (only with auth-policy remote)\n" @@ -1773,6 +1796,8 @@ int sgsn_vty_init(struct sgsn_config *cfg) install_element(SGSN_NODE, &cfg_encrypt2_cmd); install_element(SGSN_NODE, &cfg_encrypt_cmd); install_element(SGSN_NODE, &cfg_encryption_uea_cmd); + install_element(SGSN_NODE, &cfg_encrypt_cipher_plugin_path_cmd); + install_element(SGSN_NODE, &cfg_no_encrypt_cipher_plugin_path_cmd); install_element(SGSN_NODE, &cfg_gsup_ipa_name_cmd); install_element(SGSN_NODE, &cfg_gsup_remote_ip_cmd); diff --git a/tests/osmo-sgsn_test-nodes.vty b/tests/osmo-sgsn_test-nodes.vty index 22d81d2ae..4c6541597 100644 --- a/tests/osmo-sgsn_test-nodes.vty +++ b/tests/osmo-sgsn_test-nodes.vty @@ -37,6 +37,8 @@ OsmoSGSN(config-sgsn)# list authentication (optional|required) encryption gea <0-4> [<0-4>] [<0-4>] [<0-4>] [<0-4>] encryption uea <0-2> [<0-2>] [<0-2>] + encryption cipher-plugin-path PATH + no encryption cipher-plugin-path PATH gsup ipa-name NAME gsup remote-ip A.B.C.D gsup remote-port <0-65535>