response fixed

src/5gaka/authentication_algorithms_with_5gaka.cpp

@@ -649,7 +649,7 @@ void Authentication_5gaka::sha256(unsigned char *message, int msg_len, unsigned
   
 }
 
-//
+//hxres
 void Authentication_5gaka::generate_Hxres(uint8_t rand[16],uint8_t xresStar[16],
                                             uint8_t *hxresStar) {
     uint8_t inputString[40];
@@ -670,4 +670,33 @@ void Authentication_5gaka::generate_Hxres(uint8_t rand[16],uint8_t xresStar[16],
     // for (int i = 0; i < 16; i++)printf("%x ", hxresStar[i]);
     // cout << endl;
   
+}
+
+//may not be appropriate
+// void Authentication_5gaka::generate_authCtxId(uint8_t autn[16],
+//                                             uint8_t *authCtxId) {
+
+//     unsigned char sha256Out[Sha256::DIGEST_SIZE];
+
+//     Authentication_5gaka::sha256((unsigned char *)autn, 32, sha256Out);  //note risk in type change
+//     for (int j = 0; j < 16; j++)
+//       authCtxId[j] = (uint8_t)sha256Out[j];
+
+//     cout << "authCtxId" << std::endl;
+//     for (int i = 0; i < 16; i++)printf("%x ", authCtxId[i]);
+//     cout << endl;
+  
+// }
+
+bool Authentication_5gaka::equal_uint8(uint8_t *oldVal,uint8_t *newVal,
+                                            int msg_len) {
+
+  for (int i = 0; i < msg_len; i++)  
+    {
+      if (oldVal[i] != newVal[i])
+        return false;
+    };
+
+  return true;
+  
 }
\ No newline at end of file

src/5gaka/authentication_algorithms_with_5gaka.hpp

@@ -138,7 +138,10 @@ public:
   static void sha256(unsigned char *message, int msg_len, unsigned char *output);
   static void generate_Hxres(uint8_t rand[16],uint8_t xresStar[16],
                                             uint8_t *hxresStar);
-                           
+  // static void generate_authCtxId(uint8_t autn[16],
+  //                                           uint8_t *authCtxId);                         
+  static bool equal_uint8(uint8_t *oldVal,uint8_t *newVal,
+                                            int msg_len);
 
 public:
   /****** Rijndael ********/

src/impl/DefaultApiImpl.cpp

@@ -43,8 +43,10 @@ using namespace org::openapitools::server::model;
 
 //stored temporarily
 uint8_t XRES_STAR[16];  //store xres*
-// uint8_t KSEAF[32];
-uint8_t kAUSF[32];
+// uint8_t KAUSF[32];      
+std::string SUPI_AUSF;  //store supi
+
+std:: string KAUSF_TMP; //store Kausf(string)
 
 typedef struct {
   uint8_t rand[16];
@@ -87,32 +89,31 @@ void DefaultApiImpl::ue_authentications_auth_ctx_id5g_aka_confirmation_put(
   /*---------------------认证确认-amf--------------------------------*/ 
   ConfirmationDataResponse confirmResponse;
   //1.验证AV是否过期: 认证成功后，AUSF将存储 KAUSF  ?
-  bool is_auth_vectors_present = true;
+  uint8_t authCtxId_seaf[16];
+  conv::hex_str_to_uint8(authCtxId.c_str(), authCtxId_seaf); //authCtxId in seaf
 
-  //av up to date?
+  Logger::ausf_server().debug("authCtxId in ausf:\n %s", (conv::uint8_to_hex_string(ausf_av_s.autn, 16)).c_str());
 
+  bool is_auth_vectors_present = Authentication_5gaka::equal_uint8(ausf_av_s.autn,authCtxId_seaf,16);
   if(!is_auth_vectors_present)  //AV expired
   {
     Logger::ausf_server().error("Authentication failure by home network with authCtxId %s: AV expired",authCtxId.c_str());
-    confirmResponse.setAuthResult(is_auth_vectors_present);  //向SEAF指示，从本地网络角度认证否成功
+    confirmResponse.setAuthResult(is_auth_vectors_present);  //向SEAF指示，从本地网络角度认证not成功
+    KAUSF_TMP = "invalid";
   }
   else  //AV valid
   {
     Logger::ausf_server().info("AV is up to date, handling received res*...");
 
+    //store Kausf
+
     //2.将接收到的RES*与存储的XRES*进行比较:RES*与XRES*相等，AUSF将从家庭网络角度认为认证成功
     //get stored xres* -----
     uint8_t xresStar[16] = {0}; 
     memcpy(xresStar,XRES_STAR,16);  //xres* stored for 5g-aka-confirmation
     Logger::ausf_server().debug("xres* in ausf:\n %s", (conv::uint8_to_hex_string(xresStar, 16)).c_str());
 
-    //res* verification
-    bool authResult = true;
-    for (int i = 0; i < 16; i++)
-    {
-      if (xresStar[i] != resStar[i])
-        authResult = false;
-    }
+    bool authResult = Authentication_5gaka::equal_uint8(xresStar,resStar,16);
     confirmResponse.setAuthResult(authResult);  //3.向SEAF指示，从本地网络角度认证是否成功
 
     if(!authResult) //fail
@@ -128,7 +129,11 @@ void DefaultApiImpl::ue_authentications_auth_ctx_id5g_aka_confirmation_put(
       kseaf_s = conv::uint8_to_hex_string(ausf_av_s.kseaf, 32);  // convert uint8_t to string
       confirmResponse.setKseaf(kseaf_s); 
 
-      //supi ignored
+      //send supi when supi_ausf exists
+      if(!SUPI_AUSF.empty())
+      {
+        confirmResponse.setSupi(SUPI_AUSF);
+      }
     }
   }
 
@@ -229,6 +234,12 @@ void DefaultApiImpl::ue_authentications_post(
     memcpy(ausf_av_s.hxresStar,hxresStar,16); 
     memcpy(ausf_av_s.kseaf,kseaf,32);
 
+    //store supi in ausf
+    SUPI_AUSF = authenticationInfo.getSupiOrSuci();
+
+    //store kausf_tmp in ausf
+    KAUSF_TMP = conv::uint8_to_hex_string(kausf_ausf,32);
+
     /*----------------ausf --> seaf-----------*/
     //---forming response
     // convert uint8_t to string
@@ -239,19 +250,6 @@ void DefaultApiImpl::ue_authentications_post(
     string hxresStar_s;
     hxresStar_s = conv::uint8_to_hex_string(hxresStar, 16);
 
-    // convert to json
-    // nlohmann::json AuthInfoResult = {};
-    // AuthInfoResult["authType"] = "5G_AKA";
-    // AuthInfoResult["_links"] = "5G_AKA";
-    // AuthInfoResult["5gAuthData"]["avType"] = "5G_SE_AKA";
-    // AuthInfoResult["5gAuthData"]["rand"] = rand_s;
-    // AuthInfoResult["5gAuthData"]["autn"] = autn_s;
-    // AuthInfoResult["5gAuthData"]["hxresStar"] = hxresStar_s;
-    // Logger::ausf_server().debug("auth response:\n %s",AuthInfoResult.dump().c_str());
-
-    // Logger::ausf_server().info("Send response to seaf");
-    // response.send(Pistache::Http::Code::Created,  AuthInfoResult.dump());
-
     UEAuthenticationCtx UEAuthCtx;
     //-------authType(string)
     UEAuthCtx.setAuthType("5G_AKA");
@@ -259,18 +257,18 @@ void DefaultApiImpl::ue_authentications_post(
     //-------_links(std::map)
     std::map<std::string, LinksValueSchema> ausf_links;
     LinksValueSchema ausf_Href;
-
     std::string resourceURI;
-    std::string authCtxId;
-    std::string ausf_ip = std::string(inet_ntoa (*((struct in_addr *)&ausf_cfg.nudr.addr4)));
-    std::string ausf_port = std::to_string(ausf_cfg.sbi.port);
 
-    authCtxId = supi; //unsecure, supi leaked
+    std::string authCtxId_s;
+    authCtxId_s = autn_s;   // authCtxId = autn
 
-    resourceURI = "http://" + ausf_ip + ":" + ausf_port + "/nausf-auth/v1/ue-authentications/" + authCtxId + "/5g-aka-confirmation";
+    std::string ausf_ip = std::string(inet_ntoa (*((struct in_addr *)&ausf_cfg.nudr.addr4)));
+    std::string ausf_port = std::to_string(ausf_cfg.sbi.port);
 
+    resourceURI = "http://" + ausf_ip + ":" + ausf_port + "/nausf-auth/v1/ue-authentications/" + authCtxId_s + "/5g-aka-confirmation";
     ausf_Href.setHref(resourceURI);  //"/nausf-auth/v1/ue-authentications/640110987654321/5g-aka-confirmation"
-    cout << ausf_Href.getHref().c_str() << endl;
+
+    // cout << ausf_Href.getHref().c_str() << endl;
     ausf_links["5g_aka_confirmation_put"] = ausf_Href;
     UEAuthCtx.setLinks(ausf_links);