Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
O
OpenXG-AUSF
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
OpenXG
OpenXG-AUSF
Commits
39a15212
Commit
39a15212
authored
Jan 29, 2021
by
HFJ
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
response fixed
parent
94ce9678
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
65 additions
and
35 deletions
+65
-35
src/5gaka/authentication_algorithms_with_5gaka.cpp
src/5gaka/authentication_algorithms_with_5gaka.cpp
+30
-1
src/5gaka/authentication_algorithms_with_5gaka.hpp
src/5gaka/authentication_algorithms_with_5gaka.hpp
+4
-1
src/impl/DefaultApiImpl.cpp
src/impl/DefaultApiImpl.cpp
+31
-33
No files found.
src/5gaka/authentication_algorithms_with_5gaka.cpp
View file @
39a15212
...
...
@@ -649,7 +649,7 @@ void Authentication_5gaka::sha256(unsigned char *message, int msg_len, unsigned
}
//
//
hxres
void
Authentication_5gaka
::
generate_Hxres
(
uint8_t
rand
[
16
],
uint8_t
xresStar
[
16
],
uint8_t
*
hxresStar
)
{
uint8_t
inputString
[
40
];
...
...
@@ -670,4 +670,33 @@ void Authentication_5gaka::generate_Hxres(uint8_t rand[16],uint8_t xresStar[16],
// for (int i = 0; i < 16; i++)printf("%x ", hxresStar[i]);
// cout << endl;
}
//may not be appropriate
// void Authentication_5gaka::generate_authCtxId(uint8_t autn[16],
// uint8_t *authCtxId) {
// unsigned char sha256Out[Sha256::DIGEST_SIZE];
// Authentication_5gaka::sha256((unsigned char *)autn, 32, sha256Out); //note risk in type change
// for (int j = 0; j < 16; j++)
// authCtxId[j] = (uint8_t)sha256Out[j];
// cout << "authCtxId" << std::endl;
// for (int i = 0; i < 16; i++)printf("%x ", authCtxId[i]);
// cout << endl;
// }
bool
Authentication_5gaka
::
equal_uint8
(
uint8_t
*
oldVal
,
uint8_t
*
newVal
,
int
msg_len
)
{
for
(
int
i
=
0
;
i
<
msg_len
;
i
++
)
{
if
(
oldVal
[
i
]
!=
newVal
[
i
])
return
false
;
};
return
true
;
}
\ No newline at end of file
src/5gaka/authentication_algorithms_with_5gaka.hpp
View file @
39a15212
...
...
@@ -138,7 +138,10 @@ public:
static
void
sha256
(
unsigned
char
*
message
,
int
msg_len
,
unsigned
char
*
output
);
static
void
generate_Hxres
(
uint8_t
rand
[
16
],
uint8_t
xresStar
[
16
],
uint8_t
*
hxresStar
);
// static void generate_authCtxId(uint8_t autn[16],
// uint8_t *authCtxId);
static
bool
equal_uint8
(
uint8_t
*
oldVal
,
uint8_t
*
newVal
,
int
msg_len
);
public:
/****** Rijndael ********/
...
...
src/impl/DefaultApiImpl.cpp
View file @
39a15212
...
...
@@ -43,8 +43,10 @@ using namespace org::openapitools::server::model;
//stored temporarily
uint8_t
XRES_STAR
[
16
];
//store xres*
// uint8_t KSEAF[32];
uint8_t
kAUSF
[
32
];
// uint8_t KAUSF[32];
std
::
string
SUPI_AUSF
;
//store supi
std
::
string
KAUSF_TMP
;
//store Kausf(string)
typedef
struct
{
uint8_t
rand
[
16
];
...
...
@@ -87,32 +89,31 @@ void DefaultApiImpl::ue_authentications_auth_ctx_id5g_aka_confirmation_put(
/*---------------------认证确认-amf--------------------------------*/
ConfirmationDataResponse
confirmResponse
;
//1.验证AV是否过期: 认证成功后,AUSF将存储 KAUSF ?
bool
is_auth_vectors_present
=
true
;
uint8_t
authCtxId_seaf
[
16
];
conv
::
hex_str_to_uint8
(
authCtxId
.
c_str
(),
authCtxId_seaf
);
//authCtxId in seaf
//av up to date?
Logger
::
ausf_server
().
debug
(
"authCtxId in ausf:
\n
%s"
,
(
conv
::
uint8_to_hex_string
(
ausf_av_s
.
autn
,
16
)).
c_str
());
bool
is_auth_vectors_present
=
Authentication_5gaka
::
equal_uint8
(
ausf_av_s
.
autn
,
authCtxId_seaf
,
16
);
if
(
!
is_auth_vectors_present
)
//AV expired
{
Logger
::
ausf_server
().
error
(
"Authentication failure by home network with authCtxId %s: AV expired"
,
authCtxId
.
c_str
());
confirmResponse
.
setAuthResult
(
is_auth_vectors_present
);
//向SEAF指示,从本地网络角度认证否成功
confirmResponse
.
setAuthResult
(
is_auth_vectors_present
);
//向SEAF指示,从本地网络角度认证not成功
KAUSF_TMP
=
"invalid"
;
}
else
//AV valid
{
Logger
::
ausf_server
().
info
(
"AV is up to date, handling received res*..."
);
//store Kausf
//2.将接收到的RES*与存储的XRES*进行比较:RES*与XRES*相等,AUSF将从家庭网络角度认为认证成功
//get stored xres* -----
uint8_t
xresStar
[
16
]
=
{
0
};
memcpy
(
xresStar
,
XRES_STAR
,
16
);
//xres* stored for 5g-aka-confirmation
Logger
::
ausf_server
().
debug
(
"xres* in ausf:
\n
%s"
,
(
conv
::
uint8_to_hex_string
(
xresStar
,
16
)).
c_str
());
//res* verification
bool
authResult
=
true
;
for
(
int
i
=
0
;
i
<
16
;
i
++
)
{
if
(
xresStar
[
i
]
!=
resStar
[
i
])
authResult
=
false
;
}
bool
authResult
=
Authentication_5gaka
::
equal_uint8
(
xresStar
,
resStar
,
16
);
confirmResponse
.
setAuthResult
(
authResult
);
//3.向SEAF指示,从本地网络角度认证是否成功
if
(
!
authResult
)
//fail
...
...
@@ -128,7 +129,11 @@ void DefaultApiImpl::ue_authentications_auth_ctx_id5g_aka_confirmation_put(
kseaf_s
=
conv
::
uint8_to_hex_string
(
ausf_av_s
.
kseaf
,
32
);
// convert uint8_t to string
confirmResponse
.
setKseaf
(
kseaf_s
);
//supi ignored
//send supi when supi_ausf exists
if
(
!
SUPI_AUSF
.
empty
())
{
confirmResponse
.
setSupi
(
SUPI_AUSF
);
}
}
}
...
...
@@ -229,6 +234,12 @@ void DefaultApiImpl::ue_authentications_post(
memcpy
(
ausf_av_s
.
hxresStar
,
hxresStar
,
16
);
memcpy
(
ausf_av_s
.
kseaf
,
kseaf
,
32
);
//store supi in ausf
SUPI_AUSF
=
authenticationInfo
.
getSupiOrSuci
();
//store kausf_tmp in ausf
KAUSF_TMP
=
conv
::
uint8_to_hex_string
(
kausf_ausf
,
32
);
/*----------------ausf --> seaf-----------*/
//---forming response
// convert uint8_t to string
...
...
@@ -239,19 +250,6 @@ void DefaultApiImpl::ue_authentications_post(
string
hxresStar_s
;
hxresStar_s
=
conv
::
uint8_to_hex_string
(
hxresStar
,
16
);
// convert to json
// nlohmann::json AuthInfoResult = {};
// AuthInfoResult["authType"] = "5G_AKA";
// AuthInfoResult["_links"] = "5G_AKA";
// AuthInfoResult["5gAuthData"]["avType"] = "5G_SE_AKA";
// AuthInfoResult["5gAuthData"]["rand"] = rand_s;
// AuthInfoResult["5gAuthData"]["autn"] = autn_s;
// AuthInfoResult["5gAuthData"]["hxresStar"] = hxresStar_s;
// Logger::ausf_server().debug("auth response:\n %s",AuthInfoResult.dump().c_str());
// Logger::ausf_server().info("Send response to seaf");
// response.send(Pistache::Http::Code::Created, AuthInfoResult.dump());
UEAuthenticationCtx
UEAuthCtx
;
//-------authType(string)
UEAuthCtx
.
setAuthType
(
"5G_AKA"
);
...
...
@@ -259,18 +257,18 @@ void DefaultApiImpl::ue_authentications_post(
//-------_links(std::map)
std
::
map
<
std
::
string
,
LinksValueSchema
>
ausf_links
;
LinksValueSchema
ausf_Href
;
std
::
string
resourceURI
;
std
::
string
authCtxId
;
std
::
string
ausf_ip
=
std
::
string
(
inet_ntoa
(
*
((
struct
in_addr
*
)
&
ausf_cfg
.
nudr
.
addr4
)));
std
::
string
ausf_port
=
std
::
to_string
(
ausf_cfg
.
sbi
.
port
);
authCtxId
=
supi
;
//unsecure, supi leaked
std
::
string
authCtxId_s
;
authCtxId_s
=
autn_s
;
// authCtxId = autn
resourceURI
=
"http://"
+
ausf_ip
+
":"
+
ausf_port
+
"/nausf-auth/v1/ue-authentications/"
+
authCtxId
+
"/5g-aka-confirmation"
;
std
::
string
ausf_ip
=
std
::
string
(
inet_ntoa
(
*
((
struct
in_addr
*
)
&
ausf_cfg
.
nudr
.
addr4
)));
std
::
string
ausf_port
=
std
::
to_string
(
ausf_cfg
.
sbi
.
port
);
resourceURI
=
"http://"
+
ausf_ip
+
":"
+
ausf_port
+
"/nausf-auth/v1/ue-authentications/"
+
authCtxId_s
+
"/5g-aka-confirmation"
;
ausf_Href
.
setHref
(
resourceURI
);
//"/nausf-auth/v1/ue-authentications/640110987654321/5g-aka-confirmation"
cout
<<
ausf_Href
.
getHref
().
c_str
()
<<
endl
;
// cout << ausf_Href.getHref().c_str() << endl;
ausf_links
[
"5g_aka_confirmation_put"
]
=
ausf_Href
;
UEAuthCtx
.
setLinks
(
ausf_links
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment