From 8f7a9ea8a5932610102065d19688989799a3cc15 Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <zecke@selfish.org>
Date: Mon, 3 Dec 2012 17:58:21 +0100
Subject: [PATCH] auth: Make the authenticator more strict and check the
 initial message.

The initial message needs to be one that is specified in GSM 08.08. We
do not support all of the messages yet but it is a start. On top of that
we also support to start with a CC Setup message.
---
 src/GSMAuthenticator.st | 32 ++++++++++++++++++++++++++----
 tests/AuthTest.st       | 44 +++++++++++++++++++++++++++++++++++++----
 2 files changed, 68 insertions(+), 8 deletions(-)

diff --git a/src/GSMAuthenticator.st b/src/GSMAuthenticator.st
index 7b839ab..c368879 100644
--- a/src/GSMAuthenticator.st
+++ b/src/GSMAuthenticator.st
@@ -25,6 +25,19 @@ Object subclass: GSMAuthenticatorBase [
     for an authentication tuple.
     When calling the callbacks make sure to go through the
     connection>>#takeLocks: selector to take the required locks.'>
+    <import: OsmoGSM>
+
+    LegalMessages := {OsmoGSM.GSM48CMServiceReq.
+                      OsmoGSM.GSM48RRPagingResponse.
+                      OsmoGSM.GSM48LURequest.
+                      "As part of Local-Call-Routing deal with CC Setup"
+                      OsmoGSM.GSM48CCSetup.
+                        }.
+
+    appropriateInitialMessage: aMsg [
+        "Check if the message is one of the allowed initial messages."
+        ^ LegalMessages includes: aMsg class
+    ]
 
     connection: aCon [
         <category: 'creation'>
@@ -67,7 +80,7 @@ Object subclass: GSMAuthenticatorBase [
     ]
 
     nextPut: aMsg [
-        connection nextPutData: (OsmoGSM.BSSAPDTAP initWith: aMsg
+        connection nextPutData: (BSSAPDTAP initWith: aMsg
                                     linkIdentifier: 0).
     ]
 ]
@@ -77,7 +90,9 @@ GSMAuthenticatorBase subclass: GSMNullAuthenticator [
     <comment: 'I accept everything...'>
 
     start: aMsg [
-        onAccept value: self.
+        (self appropriateInitialMessage: aMsg)
+            ifTrue:  [onAccept value: self]
+            ifFalse: [onReject value: self].
     ]
 
     onData: aMsg [
@@ -91,7 +106,6 @@ GSMAuthenticatorBase subclass: GSMNullAuthenticator [
 
 GSMAuthenticatorBase subclass: GSMIdentityAuthenticator [
     | state timeout |
-    <import: OsmoGSM>
     <category: 'OsmoMSC-GSM-Authentication'>
     <comment: 'I query for the IMSI and IMEI but do this in an insecure
     way and will never switch on the crypto. I will ask for the IMSI and
@@ -102,10 +116,20 @@ GSMAuthenticatorBase subclass: GSMIdentityAuthenticator [
         timeout ifNotNil: [timeout cancel. timeout := nil].
     ]
 
+    reject: aMsg [
+        <category: 'reject'>
+        self logError: 'GSMIdentityAuthenticator(srcref:%1) rejecting type %2'
+            % {connection srcRef. aMsg class} area: #bsc.
+        state := #rejected:.
+        onReject value: self.
+    ]
+
     start: aMsg [
         "TODO we could take the IMSI from the first message but this
         is mostly for educational purpose."
-        self askForIMSI.
+        (self appropriateInitialMessage: aMsg)
+            ifTrue: [self askForIMSI]
+            ifFalse: [self reject: aMsg].
     ]
 
     askForIMSI [
diff --git a/tests/AuthTest.st b/tests/AuthTest.st
index b173a93..4b56b62 100644
--- a/tests/AuthTest.st
+++ b/tests/AuthTest.st
@@ -26,9 +26,27 @@ TestCase subclass: AuthTestNull [
                     onAccept: [:a| self assert: a = auth. accepted := true];
                     onReject: [:a| self shouldNotImplement];
                     yourself.
-        auth start: nil.
+        auth start: OsmoGSM.GSM48CMServiceReq new.
         self assert: accepted.
     ]
+
+    testWrongInitialMessage [
+        | auth rejected wait |
+
+        Transcript nextPutAll: 'Going to send an initial message'; nl.
+
+        wait := Semaphore new.
+        auth := GSMNullAuthenticator new
+                    onAccept: [:a | ^self error: 'This should not be accepted'];
+                    onReject: [:a | self assert: a = auth. rejected := true. wait signal];
+                    yourself.
+        auth
+            connection: nil;
+            start: OsmoGSM.GSM48IdentityReq new.
+
+        wait wait.
+        self assert: rejected.
+    ]
 ]
 
 Object subclass: GSMProcessorMockBase [
@@ -109,7 +127,7 @@ TestCase subclass: AuthTestIdentity [
                     yourself.
         auth
             connection: (GSMProcessorMockForAuthCheat initWith: auth);
-            start: nil.
+            start: OsmoGSM.GSM48CMServiceReq new.
 
         wait wait.
         self assert: rejected.
@@ -124,7 +142,7 @@ TestCase subclass: AuthTestIdentity [
                     yourself.
         auth
             connection: (GSMProcessorMockForAuthTimeout initWith: auth);
-            start: nil.
+            start: OsmoGSM.GSM48CMServiceReq new.
 
         wait wait.
         self assert: rejected.
@@ -139,10 +157,28 @@ TestCase subclass: AuthTestIdentity [
                     yourself.
         auth
             connection: (GSMProcessorMockForAuthIMSI initWith: auth);
-            start: nil.
+            start: OsmoGSM.GSM48CMServiceReq new.
 
         wait wait.
         self assert: accept.
         self assert: (auth connection getInfo: 'IMSI') = auth connection usedIMSI.
     ]
+
+    testWrongInitialMessage [
+        | auth rejected wait |
+
+        Transcript nextPutAll: 'Going to send an initial message'; nl.
+
+        wait := Semaphore new.
+        auth := GSMIdentityAuthenticator new
+                    onAccept: [:a | ^self error: 'This should not be accepted'];
+                    onReject: [:a | self assert: a = auth. rejected := true. wait signal];
+                    yourself.
+        auth
+            connection: (GSMProcessorMockBase initWith: auth);
+            start: OsmoGSM.GSM48IdentityReq new.
+
+        wait wait.
+        self assert: rejected.
+    ]
 ]