magma · emakeev · May 20, 2022 · May 19, 2022
@@ -36,6 +36,7 @@ require (
 	github.com/go-redis/redis v6.15.5+incompatible
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/golang/protobuf v1.5.2
+	github.com/magma/milenage v1.0.2
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.11.0
 	github.com/shirou/gopsutil/v3 v3.21.5

diff --git a/cwf/gateway/go.sum b/cwf/gateway/go.sum
@@ -328,6 +328,8 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhR
 github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw=
 github.com/lib/pq v1.2.0 h1:LXpIM/LZ5xGFhOpXAQUIMM1HdyqzVYM13zNdjCEEcA0=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/magma/milenage v1.0.2 h1:qR4CjLDKVUH2mEr21L5n2cyXv/uvBA18mbP1yB7qoI0=
+github.com/magma/milenage v1.0.2/go.mod h1:8Q+1ClXcdcXqrH87rd+piZoNxj406YTTTmXG+Fn22dM=
 github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=

@@ -21,17 +21,17 @@ import (
 	"testing"
 	"time"
 
+	"github.com/golang/protobuf/ptypes/wrappers"
+	"github.com/magma/milenage"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/assert"
+
 	"fbc/lib/go/radius"
 	cwfprotos "magma/cwf/cloud/go/protos"
 	"magma/cwf/gateway/registry"
 	"magma/cwf/gateway/services/uesim"
 	fegprotos "magma/feg/cloud/go/protos"
-	"magma/lte/cloud/go/crypto"
 	lteprotos "magma/lte/cloud/go/protos"
-
-	"github.com/golang/protobuf/ptypes/wrappers"
-	"github.com/pkg/errors"
-	"github.com/stretchr/testify/assert"
 )
 
 // todo make Op configurable, or export it in the UESimServer.
@@ -80,7 +80,7 @@ const (
 	GyValidityTime  = 60   // in second
 )
 
-//TestRunner helps setting up all associated services
+// TestRunner helps setting up all associated services
 type TestRunner struct {
 	t           *testing.T
 	imsis       map[string]bool
@@ -506,7 +506,7 @@ func (tr *TestRunner) WaitForEnforcementStatsForRuleGreaterThanOrDoesNotExistFun
 	return record, true
 }
 
-//WaitForPolicyReAuthToProcess returns a method which checks for reauth answer and
+// WaitForPolicyReAuthToProcess returns a method which checks for reauth answer and
 // if it has sessionID which contains the IMSI
 func (tr *TestRunner) WaitForPolicyReAuthToProcess(raa *fegprotos.PolicyReAuthAnswer, imsi string) func() bool {
 	// Todo figure out the best way to figure out when RAR is processed
@@ -518,7 +518,7 @@ func (tr *TestRunner) WaitForPolicyReAuthToProcess(raa *fegprotos.PolicyReAuthAn
 	}
 }
 
-//WaitForChargingReAuthToProcess returns a method which checks for reauth answer and
+// WaitForChargingReAuthToProcess returns a method which checks for reauth answer and
 // if it has sessionID which contains the IMSI
 func (tr *TestRunner) WaitForChargingReAuthToProcess(raa *fegprotos.ChargingReAuthAnswer, imsi string) func() bool {
 	// Todo figure out the best way to figure out when RAR is processed
@@ -573,7 +573,7 @@ func getRandKeyOpcFromOp(op []byte) (key, opc []byte, err error) {
 	key = make([]byte, 16)
 	rand.Read(key)
 
-	tempOpc, err := crypto.GenerateOpc(key, op)
+	tempOpc, err := milenage.GenerateOpc(key, op)
 	if err != nil {
 		return nil, nil, err
 	}

@@ -34,7 +34,7 @@ func TestGetHealthStatus(t *testing.T) {
 	req := &orc8rprotos.Void{}
 	hc := &mconfig.CwfGatewayHealthConfig{
 		GrePeers: []*mconfig.CwfGatewayHealthConfigGrePeer{
-			&mconfig.CwfGatewayHealthConfigGrePeer{Ip: "127.0.0.1"},
+			{Ip: "127.0.0.1"},
 		},
 		CpuUtilThresholdPct: 0.75,
 		MemUtilThresholdPct: 0.75,

@@ -16,12 +16,12 @@ package uesim_test
 import (
 	"testing"
 
+	"github.com/magma/milenage"
+	"github.com/stretchr/testify/assert"
+
 	cwfprotos "magma/cwf/cloud/go/protos"
 	"magma/cwf/gateway/services/uesim"
 	"magma/cwf/gateway/services/uesim/test_init"
-	"magma/lte/cloud/go/crypto"
-
-	"github.com/stretchr/testify/assert"
 )
 
 // todo use a config
@@ -33,7 +33,7 @@ func TestUESimClient(t *testing.T) {
 	test_init.StartTestService(t)
 	imsi := "001010000000001"
 	key := make([]byte, 16)
-	opc, err := crypto.GenerateOpc(key, []byte(Op))
+	opc, err := milenage.GenerateOpc(key, []byte(Op))
 	assert.NoError(t, err)
 	seq := uint64(0)
 

@@ -18,16 +18,16 @@ import (
 	"encoding/binary"
 	"fmt"
 	"io"
-	"magma/feg/gateway/services/testcore/hss/servicers"
 	"reflect"
 
+	"github.com/golang/glog"
+	"github.com/magma/milenage"
+	"github.com/pkg/errors"
+
 	"magma/cwf/cloud/go/protos"
 	"magma/feg/gateway/services/eap"
 	"magma/feg/gateway/services/eap/providers/aka"
-	"magma/lte/cloud/go/crypto"
-
-	"github.com/golang/glog"
-	"github.com/pkg/errors"
+	"magma/feg/gateway/services/testcore/hss/servicers"
 )
 
 // todo Replace constants with configurable fields
@@ -128,7 +128,7 @@ func (srv *UESimServer) eapAkaChallengeRequest(ue *protos.UEConfig, req eap.Pack
 	sqn := servicers.SeqToSqn(ue.Seq, defaultInd)
 
 	// Calculate Opc using key and Op, and verify that it matches the UE's Opc
-	opc, err := crypto.GenerateOpc(key, srv.cfg.op)
+	opc, err := milenage.GenerateOpc(key, srv.cfg.op)
 	if err != nil {
 		return nil, fmt.Errorf("Error while calculating Opc")
 	}
@@ -137,7 +137,7 @@ func (srv *UESimServer) eapAkaChallengeRequest(ue *protos.UEConfig, req eap.Pack
 	}
 
 	// Calculate RES and other keys.
-	milenage, err := crypto.NewMilenageCipher(srv.cfg.amf)
+	milenage, err := milenage.NewCipher(srv.cfg.amf)
 	if err != nil {
 		return nil, errors.Wrap(err, "Error creating milenage cipher")
 	}

@@ -28,15 +28,15 @@ import (
 	"fbc/lib/go/radius"
 	"fbc/lib/go/radius/rfc2869"
 
+	"github.com/golang/glog"
+	"github.com/magma/milenage"
+
 	"magma/cwf/cloud/go/protos"
 	"magma/cwf/gateway/registry"
 	"magma/cwf/gateway/services/uesim"
 	"magma/feg/gateway/services/eap"
-	"magma/lte/cloud/go/crypto"
 	"magma/orc8r/cloud/go/tools/commands"
 	"magma/orc8r/lib/go/service/config"
-
-	"github.com/golang/glog"
 )
 
 const (
@@ -312,7 +312,7 @@ func createUeConfig(imsi string, seq_num uint64, configMap *config.Map) (*protos
 	if err != nil {
 		return nil, fmt.Errorf("Could not add subscriber due to incorrect auth key format: %s", err)
 	}
-	opc, err := crypto.GenerateOpc(authKeyBytes, []byte(op))
+	opc, err := milenage.GenerateOpc(authKeyBytes, []byte(op))
 	if err != nil {
 		return nil, fmt.Errorf("could not generate OPc for subscriber: %s: %s", imsi, err)
 	}

@@ -35,6 +35,7 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07
 	github.com/labstack/echo/v4 v4.2.1
+	github.com/magma/milenage v1.0.2
 	github.com/mennanov/fieldmask-utils v0.5.0
 	github.com/ory/go-acc v0.2.8
 	github.com/pkg/errors v0.9.1

diff --git a/feg/gateway/go.sum b/feg/gateway/go.sum
@@ -561,6 +561,8 @@ github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP
 github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
 github.com/magiconair/properties v1.8.5 h1:b6kJs+EmPFMYGkow9GiUyCyOvIwYetYJ3fSaWak/Gls=
 github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
+github.com/magma/milenage v1.0.2 h1:qR4CjLDKVUH2mEr21L5n2cyXv/uvBA18mbP1yB7qoI0=
+github.com/magma/milenage v1.0.2/go.mod h1:8Q+1ClXcdcXqrH87rd+piZoNxj406YTTTmXG+Fn22dM=
 github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=

@@ -17,14 +17,14 @@ import (
 	"context"
 	"testing"
 
+	"github.com/magma/milenage"
 	"github.com/stretchr/testify/assert"
 
 	"magma/feg/cloud/go/protos"
 	"magma/feg/gateway/diameter"
 	"magma/feg/gateway/plmn_filter"
 	"magma/feg/gateway/services/s6a_proxy/servicers"
 	"magma/feg/gateway/services/testcore/hss/servicers/test_utils"
-	"magma/lte/cloud/go/crypto"
 )
 
 func TestAIR_Successful(t *testing.T) {
@@ -40,10 +40,10 @@ func TestAIR_Successful(t *testing.T) {
 
 	assert.Equal(t, 1, len(aia.EutranVectors))
 	vector := aia.EutranVectors[0]
-	assert.Equal(t, crypto.RandChallengeBytes, len(vector.Rand))
-	assert.Equal(t, crypto.XresBytes, len(vector.Xres))
-	assert.Equal(t, crypto.AutnBytes, len(vector.Autn))
-	assert.Equal(t, crypto.KasmeBytes, len(vector.Kasme))
+	assert.Equal(t, milenage.RandChallengeBytes, len(vector.Rand))
+	assert.Equal(t, milenage.XresBytes, len(vector.Xres))
+	assert.Equal(t, milenage.AutnBytes, len(vector.Autn))
+	assert.Equal(t, milenage.KasmeBytes, len(vector.Kasme))
 	assert.Equal(t, 0, len(aia.UtranVectors))
 
 	air = &protos.AuthenticationInformationRequest{
@@ -57,11 +57,11 @@ func TestAIR_Successful(t *testing.T) {
 	assert.Equal(t, 1, len(aia.UtranVectors))
 	assert.Equal(t, 0, len(aia.EutranVectors))
 	uvector := aia.UtranVectors[0]
-	assert.Equal(t, crypto.RandChallengeBytes, len(uvector.Rand))
-	assert.Equal(t, crypto.XresBytes, len(uvector.Xres))
-	assert.Equal(t, crypto.AutnBytes, len(uvector.Autn))
-	assert.Equal(t, crypto.ConfidentialityKeyBytes, len(uvector.ConfidentialityKey))
-	assert.Equal(t, crypto.IntegrityKeyBytes, len(uvector.IntegrityKey))
+	assert.Equal(t, milenage.RandChallengeBytes, len(uvector.Rand))
+	assert.Equal(t, milenage.XresBytes, len(uvector.Xres))
+	assert.Equal(t, milenage.AutnBytes, len(uvector.Autn))
+	assert.Equal(t, milenage.ConfidentialityKeyBytes, len(uvector.ConfidentialityKey))
+	assert.Equal(t, milenage.IntegrityKeyBytes, len(uvector.IntegrityKey))
 
 	air = &protos.AuthenticationInformationRequest{
 		UserName:                      "sub1",
@@ -75,16 +75,16 @@ func TestAIR_Successful(t *testing.T) {
 	assert.Equal(t, 1, len(aia.UtranVectors))
 	assert.Equal(t, 1, len(aia.EutranVectors))
 	vector = aia.EutranVectors[0]
-	assert.Equal(t, crypto.RandChallengeBytes, len(vector.Rand))
-	assert.Equal(t, crypto.XresBytes, len(vector.Xres))
-	assert.Equal(t, crypto.AutnBytes, len(vector.Autn))
-	assert.Equal(t, crypto.KasmeBytes, len(vector.Kasme))
+	assert.Equal(t, milenage.RandChallengeBytes, len(vector.Rand))
+	assert.Equal(t, milenage.XresBytes, len(vector.Xres))
+	assert.Equal(t, milenage.AutnBytes, len(vector.Autn))
+	assert.Equal(t, milenage.KasmeBytes, len(vector.Kasme))
 	uvector = aia.UtranVectors[0]
-	assert.Equal(t, crypto.RandChallengeBytes, len(uvector.Rand))
-	assert.Equal(t, crypto.XresBytes, len(uvector.Xres))
-	assert.Equal(t, crypto.AutnBytes, len(uvector.Autn))
-	assert.Equal(t, crypto.ConfidentialityKeyBytes, len(uvector.ConfidentialityKey))
-	assert.Equal(t, crypto.IntegrityKeyBytes, len(uvector.IntegrityKey))
+	assert.Equal(t, milenage.RandChallengeBytes, len(uvector.Rand))
+	assert.Equal(t, milenage.XresBytes, len(uvector.Xres))
+	assert.Equal(t, milenage.AutnBytes, len(uvector.Autn))
+	assert.Equal(t, milenage.ConfidentialityKeyBytes, len(uvector.ConfidentialityKey))
+	assert.Equal(t, milenage.IntegrityKeyBytes, len(uvector.IntegrityKey))
 }
 
 func TestAIR_Authentication_Rejection_WithPLMNList(t *testing.T) {
@@ -103,10 +103,10 @@ func TestAIR_Authentication_Rejection_WithPLMNList(t *testing.T) {
 
 	assert.Equal(t, 1, len(aia.EutranVectors))
 	vector := aia.EutranVectors[0]
-	assert.Equal(t, crypto.RandChallengeBytes, len(vector.Rand))
-	assert.Equal(t, crypto.XresBytes, len(vector.Xres))
-	assert.Equal(t, crypto.AutnBytes, len(vector.Autn))
-	assert.Equal(t, crypto.KasmeBytes, len(vector.Kasme))
+	assert.Equal(t, milenage.RandChallengeBytes, len(vector.Rand))
+	assert.Equal(t, milenage.XresBytes, len(vector.Xres))
+	assert.Equal(t, milenage.AutnBytes, len(vector.Autn))
+	assert.Equal(t, milenage.KasmeBytes, len(vector.Kasme))
 
 	// rejected IMSI because does not mach any PLMN (rejection comes from S6a_proxy, not HSS)
 	air.UserName = "00102000000008"

@@ -17,14 +17,14 @@ import (
 	"context"
 	"testing"
 
+	"github.com/magma/milenage"
 	"github.com/stretchr/testify/assert"
 
 	fegprotos "magma/feg/cloud/go/protos"
 	"magma/feg/gateway/diameter"
 	"magma/feg/gateway/services/swx_proxy/cache"
 	swx "magma/feg/gateway/services/swx_proxy/servicers"
 	hss "magma/feg/gateway/services/testcore/hss/servicers"
-	"magma/lte/cloud/go/crypto"
 	lteprotos "magma/lte/cloud/go/protos"
 )
 
@@ -58,10 +58,10 @@ func testMARSuccessful(t *testing.T, verifyAuthorization bool, clearAAAserver bo
 	assert.Equal(t, 5, len(maa.GetSipAuthVectors()))
 	for _, vector := range maa.GetSipAuthVectors() {
 		assert.Equal(t, fegprotos.AuthenticationScheme_EAP_AKA, vector.AuthenticationScheme)
-		assert.Equal(t, crypto.ConfidentialityKeyBytes, len(vector.ConfidentialityKey))
-		assert.Equal(t, crypto.IntegrityKeyBytes, len(vector.IntegrityKey))
-		assert.Equal(t, crypto.RandChallengeBytes+crypto.AutnBytes, len(vector.RandAutn))
-		assert.Equal(t, crypto.XresBytes, len(vector.Xres))
+		assert.Equal(t, milenage.ConfidentialityKeyBytes, len(vector.ConfidentialityKey))
+		assert.Equal(t, milenage.IntegrityKeyBytes, len(vector.IntegrityKey))
+		assert.Equal(t, milenage.RandChallengeBytes+milenage.AutnBytes, len(vector.RandAutn))
+		assert.Equal(t, milenage.XresBytes, len(vector.Xres))
 	}
 }
 

@@ -21,6 +21,7 @@ import (
 	"github.com/fiorix/go-diameter/v4/diam/avp"
 	"github.com/fiorix/go-diameter/v4/diam/datatype"
 	"github.com/fiorix/go-diameter/v4/diam/dict"
+	"github.com/magma/milenage"
 	"github.com/stretchr/testify/assert"
 
 	fegprotos "magma/feg/cloud/go/protos"
@@ -29,7 +30,6 @@ import (
 	hss "magma/feg/gateway/services/testcore/hss/servicers"
 	"magma/feg/gateway/services/testcore/hss/servicers/test_utils"
 	"magma/feg/gateway/services/testcore/hss/storage"
-	"magma/lte/cloud/go/crypto"
 	lteprotos "magma/lte/cloud/go/protos"
 )
 
@@ -252,10 +252,10 @@ func checkSIPAuthVectors(t *testing.T, maa definitions.MAA, expectedNumVectors u
 
 	for _, vector := range maa.SIPAuthDataItems {
 		assert.Equal(t, definitions.SipAuthScheme_EAP_AKA, vector.AuthScheme)
-		assert.Equal(t, crypto.RandChallengeBytes+crypto.AutnBytes, len(vector.Authenticate))
-		assert.Equal(t, crypto.XresBytes, len(vector.Authorization))
-		assert.Equal(t, crypto.ConfidentialityKeyBytes, len(vector.ConfidentialityKey))
-		assert.Equal(t, crypto.IntegrityKeyBytes, len(vector.IntegrityKey))
+		assert.Equal(t, milenage.RandChallengeBytes+milenage.AutnBytes, len(vector.Authenticate))
+		assert.Equal(t, milenage.XresBytes, len(vector.Authorization))
+		assert.Equal(t, milenage.ConfidentialityKeyBytes, len(vector.ConfidentialityKey))
+		assert.Equal(t, milenage.IntegrityKeyBytes, len(vector.IntegrityKey))
 	}
 }