[TOC]
:::info
* Add the reminder in the modified code place.
:::
# AUSF improvement 2
* Before
* After
## Reason
## 1st req & resp
### Method
* Use the function call in AMF, instead of call AUSF's API.
* In **ue_authentication.go**(AMF)
* Call by **func SendUEAuthenticationAuthenticateRequest**
- [x] Need to check whether creating another new file for function calling is needed or not.
* **No, all modification is done in ue_authentication.go**
:::warning
* Reserve parts :
* RAND, AUTN pass in AUSF
* In **ue_authentication.go**(AUSF)
* Call by **func UeAuthPostRequestProcedure**
* RAND, AUTN gen in UDM
* In **generate_auth_data.go**(UDM)
* **func GenerateAuthDataProcedure**
* **func strictHex**
* **func aucSQN**
* MongoDB API in UDR
* In **data_repository.go**(UDR)
* **func QueryAuthSubsDataProcedure**
* **func getDataFromDB**
* **func ModifyAuthenticationProcedure**
* **func patchDataToDBAndNotify**
* Reduction
* API -> function calling (Some functions, URI creating, parameters passing, http interaction)
* AUSF selection
* AUSF context create.
* EAP-AKA'
* Service network authorization
* Simplfy resyncronization, SUCI checking
* SUCI to SUPI
:::
### Modification
#### Prerequisite
* Move the file from the VM in server room to computer in lab because of storage problem.
* OS changed from **ubuntu 20.04 to 18.04**, and kernel version is still on **5.4.0**, so it is OK for **gtp module**.
* Move the **reserved parts** to AMF, and put them **above func SendUEAuthenticationAuthenticateRequest**.
#### Implementation
:::warning
**The parts need to check after modification :**
(They are in the folded area below, here just for **final confirmation** and not for check list)
- [ ] func SendUEAuthenticationAuthenticateRequest
- [ ] func UeAuthPostRequestProcedure
- [ ] func GenerateAuthDataProcedure
:::
:::spoiler **func SendUEAuthenticationAuthenticateRequest**
1. Why I dont call func UeAuthPostRequestProcedure of AUSF directly from func AuthenticationProcedure of AMF.
* In modification before, it has a transformation of the format **authInfo**.
* The parameters passed from AuthenticationProcedure are 
* The received side is 
* And it use them to make the parameters will be passed to AUSF.
- [ ] So I reserved them first and to see if I need to move them to AuthenticationProcedure or remove them.
2. Change the receive parameters to ignore the API part and match the return. 
* The locationURI in UeAuthPostRequestProcedure also needs to modify.
- [ ] The return parameters remain three to match AuthenticationProcedure's calling, or modify to another err reporting format.
- [ ] Not sure if the format of ueAuthenticationCtx is matched or not.
3. Remove part
:::
:::spoiler **func UeAuthPostRequestProcedure**
1. Comment out the service network authorization.
2. Reduce EAP-AKA'
3. Reduce the return parameters to two(rep & err).
- [ ] Need to check the pointer format when test.
4. Comment out the locationURI processing.
- [ ] Because it is used in one of the return parameter(responseBody), so reserve it first, and see if I can remove it latter.([Code explanation](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?both#API-link))
5. Resynchronization
* Originally it will not be used at UE's first attach in func AuthenticationProcedure, it passes a nil to func SendUEAuthenticationAuthenticateRequest.
* In func HandleAuthenticationFailure, it will call again and give it resynchronizationInfo.
- [ ] Comment out here and need to prepare how to deal with resyncronization.
6. Call UDM -> Call function
* Original API server parameters passing to UDM is like this.
* Ignore the original API calling, and modify the parameters to call function.
* The UDM function side.
* The return parameters in UDM function are matched with original API.
* Format in UDM function
- [ ] So remove the API parameter rsp, and Im not sure if the format of err is matched with problemDetails, because it's originally passed to API function.
7. Reduce the ausf context process part, and reserve ueid access, print it to add a pause and see the result.
* I dont know which one can print on terminal so I use two of them.
* The other part below.
8. Kseaf & Kausf
- [ ] I reserved the Kseaf derive part first, although, because Kseaf will be used in 2nd req & rep to generate Kamf, I dont know if that will be reduced or not.
* Kausf will be gen in UDM function, and it is included in AV , so it will beb reserved.
:::warning
* **Modules need to be added**
* "encoding/hex"
* "crypto/sha256"
* "net/http"
* Upper part also has the same place need it.
* "github.com/free5gc/util/ueauth"
* **logger function**
* Original in AMF
- [x] The logger file may not has the function of AUSF print function, need to add or change to AMF print function.
:::
:::spoiler **func GenerateAuthDataProcedure**
1. Reduce EAP-AKA'
2. Call ToSupi -> Call function
- [x] Need to check whether to pass supi directly.
1. Original source in UDM
* ToSupi function is in suci.go, and it calls other key transform functions above it, so if I move all of them, I need to modify a lot, then I take a see of Terry's method.
2. [Terry's solution](https://hackmd.io/AMzUH2F7TzOxIo5o3H3CyA?both#SUCI-to-SUPI)
* [Example test link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#Run-go-in-VScode)
* Im not sure if it can transform or not, so I print the SUCI in AMF and SUPI in UDM.
* This solu **assumes that the UE use IMSI SUPI type**, and **mcc/mnc parts are fixed**, so if the mcc/mnc are changed, it turns out error.
3. So here I'm concerning to move suci.go.
* Move to here and change the packge name.
* The logger imported print function should be modified.
* Here I found a problem is that it has a passing parameter called **suciProfiles**, which is **used in home nework key & SUCI to SUPI transfrom**, like the below description.
* And **the several functions above ToSupi are all for the profileA & profileB**.
4. So here I decide to combine the [mcc/mnc extract method](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?both#const) in ToSupi and Terry's method.
* Create the const
* Original other guys' method
* Terry
* ToSupi
* My final method
* Remove the supi.go which I wanted to move to here, and this part.
3. Call UDR -> Call function
* The API part from UDM side to UDR side, maybe I have to **put the selected part into the UDM's calling side(it's moved now)**.
* In the main part, UDR side passes two parameters to get UE data from mongoDB, and in the getDataFromDB, it imports something.
* 
* 
* **About how it imports, go [here](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?both#import-githubcom%E2%80%A6-) for more info**.
* When I was checking Terry's approach of here(connect and get data from mongoDB), I have more problem about the difference with my past import methods, **go [here](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?both#Go-module) for more info about what I has discovered**.
* Pint the ueId which will be use in the API process of UDM-UDR, so it is SUPI.
* Remove UDR client creating, and move the parameters creating from UDR.
* Pint the return value of API and the function I want to move.
* Im not sure if authSubs can directly receive the return of this format(map[string]interface{}), without the trasformation of API(response->authSubs), the usage of authSubs below are all **in the content of the return** from func QueryAuthSubsDataProcedure in UDR.
* Sort up the **output of return map** of func QueryAuthSubsDataProcedure, so **they are matched** and can indeed call the parameters.
* Reduce the receive parameters to two, an comment out the API process.
* Delete the redundent of API part, because it has directly calls the **func QueryAuthSubsDataProcedure**.
* But keep the printing line in
4. strictHex
* Add one more function from UDM, [here](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#strictHex) is what it does.
5. make -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#API-link)
6. Resynchronization
Here I just checked the modification before :
* So in **func AuthenticationProcedure**, the resync info passed to **func SendUEAuthenticationAuthenticateRequest** will be set to nil.
But it will be set in **func HandleAuthenticationFailure** if there is a sync failure happened.
* In **func SendUEAuthenticationAuthenticateRequest**, it just passes the parameter if it receives it, and doesn't do more process.
* In past modification, I commented out the resync process in **func UeAuthPostRequestProcedure** because it includes ausf context edit, but I want to keep the resync info passing, so I do this modificaiton.
* Then if the resync info exists, the info will not be lost, and will be received by **func GenerateAuthDataProcedure**.
- [ ] But here I'm not sure commenting out this Rand parameter filling will affect or not (There will not have Rand parameter ?).
* In **func GenerateAuthDataProcedure**.
* It **decodes Auts/Rand** from ResynchronizationInfo, and use aucSQN to **generate SQN & mac**.
* **aucSQN** 
* It is a function in original UDM, so copy it to AMF.
* Then it uses some imported function to do computation in if/else -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?both#Some-computation)
* In else part, comment out the suci checking, only keep the logger printing and return.
7. increment sqn(**call UDR -> call function**)
* Do some computation for SQN. -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#Some-computation)
* Save the computaion results into DB
* Here is the API operation in UDR, need to combine it into AMF.
* **Modification 1** : Move the API calling/parameter passing to here.
* Modify the error process.
* **Modification 2** : Attach the parts (1&2) forgot in the UDR function calling last time (get data from DB), the http calling has been imported when doing AUSF funciton moving.
And the **util calling** need to be modified because it is originally from UDR.
* **Modification 3** : util function
* Originally, UDR import this folder "github.com/free5gc/udr/internal/util" and call the function in this file.
* But only these two functions(get, modify) I import from UDR call that file, so I decide to move the called functions directly.
* The http and model need to add have been imported in my files, so just move and modify.
* About the variable declaration -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#Declaration-amp---)
* **Modification 4** : func patchDataToDBAndNotify
* Add one import ("encoding/json").
- [ ] Comment out the notify function calling, because it is not nessesiry to send a notification from UDR in future, just modify the DB. But Im not sure whether this notification will affect other module or not.
* About the recover() function -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#recover)
:::warning
* **Modules need to be added**
* "math/rand"
"time"
* "github.com/free5gc/util/milenage"
* "strings"
* "cryptoRand "crypto/rand"
* "reflect"
* "math/big"
* "github.com/free5gc/util/mongoapi"
* "go.mongodb.org/mongo-driver/bson"
* "encoding/json"
* **logger function**
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* 
* **logger function (UDR)**
* 
* 
* 
* 
:::
### Compilation
#### Problem 1
:::danger
* Need to go get some imported module
:::
:::success
* About tha fatal lines info -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#make)
* Type these commands :
```shell=
cd NFs/amf
go get github.com/free5gc/util/mongoapi@v1.0.5-0.20230306071612-a52909216bd2
go get github.com/free5gc/amf/internal/sbi/consumer
```
* I don't know if it is right to go get in the root folder.
:::
:::danger
:::
:::success
* Need to go get in the folder which has go.mod
:::
:::danger
* I don't know why make command say that I need to go get amf/comsumer, maybe because I did the modification in comsumer folder.
* And if I ignore the errors above and make directly, I will get the same errors.
:::
:::success
* So I just ignore it and keep debugging.
:::
#### Problem 2
:::danger
:::
:::success
1. 
-> 
2. The logger problem : logger printing functions used in UDR/UDM/AUSF are not in AMF.
* When you check the logger.go it imports in AMF and UDR, you will find they has very similar structure.
* So I think we can just add the logger variable that AMF does not have, but UDR has.
* 
* 
3. This variable is definded in orignal file, by a const function, so add it.
V
4. Add variables
* 
* 
5. Plus M to prevent the repeat error.
* 
:::
#### Problem 3
:::danger
:::
:::success
1. This error is that I didnt deal with the parameters in the function calling which I have commented out.
* For checking whther this action will affect the DB modifiction or not, I print out these two variables in original free5gc, so the modification is the SQN number, and we can make sure that the modification is made between these two **RestfulAPIGetOne**.
* And if you check the content of the notify functions, you can find that they only use these got values for sending http message, not for computing or something, so we can peacefully ignore them.
* So this check item is finished.
* And the method is adding two print line so the variables will be used.
2. Need to difine it using :=, or the compiler can not verify it in return line.
-> 
3. 
* In error place, it use the received err to give to Detail.
* In the called function, the pd is returned as err.
* As you can see, the pd is also created from problemDetails.
* So there is no one item called err.Error() for us to use, I think it is because it is originally call API, not function, there will has some funciton we can call.
* Here I change it to one of the item in the **models.ProblemDetails** that can be called, and to represent the Detail(DATA NOT FOUND).
* Change the function name.
-> 
4. 
* The compiler can not find the PermanentKey item, I guess it is because the passing format problem or naming problem.
* I print the passing value in three places
* 
* 
* 
* The results are like below, we can see that the value turn to memory address after API process.
* So based on the error message, we need to transform the map[string]interface format.
* About the explanation, disadvantage and reason of this format -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#mapstringinterface-) .
* The other reason that I don't use this fromat directly as below, is that there are too many palce need to modify, so it's more efficient by creating a structure.
* First do the definition.
* Compared to the content of map format.
* Then do the transformation of the data received from MongoDB in this function.
* The original calling of authSubs should be done successfully, notice that the return format defining should be changed correctlly, or the compiler will report the same error.
V 
* Compared to Terry's MongoDB client -> [Link](https://hackmd.io/AMzUH2F7TzOxIo5o3H3CyA?view#MongoDB) .
5. 
* This is also defined as const in original funciton, so add it.
:::
:::danger
:::
:::success
1. The AuthSubs declaration is in the same file with calling function, so don't need to add model. to import.
V 
2. Just delete the redundent returned variable, I forgot why I put one more variable here.
V 
:::
#### Problem 4
:::danger
:::
:::success
1. 
* I think the problem here is the previous declaration assign err as ***model.ProblemDetails**, because the called function is from UDR, the return format is not the same as here(**hex.DecodeString** originally from UDM).
* So I change the parameter name which will be used only for hex function,
2. 
* The problem is the checking action here can not match the structure(Milenage.Op) with nil.
* Here we can reserver the OpValue only, because the error report here is just to know whther the OpValue exists or not.
3. The remaining errors are all the same with 1.
* So I just change their names.
* Here is another function calling(milenage), so I change to another nameing.
* The 411 line is still hex function.
* Need to change to :=, or there will have this problem
* Or like this.
:::
#### Problem 5
:::danger
:::
:::success
* The same so keep changing.
:::
#### Problem 6
:::danger
:::
:::success
1. 
* It is continued from problem 2-5, and is same as problem 3-3.
* In **func ModifyAuthenticationProcedure**, the returned structure include Cause and Detail, but Detail is assigned as "", so we can only use Cause to print out what happened("MODIFY_NOT_ALLOWED").
2. At line 602.
V 
3. At line 609.
V 
* I dont know why it doesnt need := here, the error pops up when I add :=.
4. 
* From the model it imports, the type is not string.
* One solution is that transfer the string format to model.AuthMethod.
* ~~But we need to define this model like the github import.~~
* Another solution is that change the declaration in AuthSub.
* Originally I dont want to use model.AuthMethod, but use "5G_AKA" to compare directly.
* But there are some flaws.
* Also below has some other palce using this model format, to compare with the reutrn value from this UDM function.
* So I decide to change the format in AuthSubs, then I don't need to do some change if the model is used in the part after.
:::
#### Problem 7
:::danger
:::
:::success
1. After the resync part is OK, compiler say that we didnt use the parameters k, op, opc.
* So comment out them at here.
V 
* But it will be another problem, because the k declared in if/else will only be seen recognized in if/else.
* So we still need to define them at begining, and need to change := to =, then the errHex and errMil need to be defined too.
* Like here, after uncomment out the parameters defining and change := to =.
* Comfirm te return formats of these function.
* We can see the err returned by them are **type error**.
* So the declaration is like this.
:::
* Until here, we finish the successful compiling of func GenerateAuthDataProcedure of UDM, so next is to keep debug in below part(AUSF, AMF).
#### Problem 8
:::danger
:::
:::success
1. Add variables.
2. 
V 
3. 
* The same as previous problem.
* There are some return inlcuding Detail, some doesnt include, so I print out both cause and detail.
4. 
* It assign status code but parameter rep has been commented out.
* The rep is declared as **http.Response**
* So I go to see the format of status code in this package(net/http).
* About the int32 function : [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#int32)
* Then I want to know the status code value when error happens, so I change the K in webconsole, and add printing lines in original free5gc.
V 
* Here you can see the Forbidden status code is 403.
* And if you check all error return, you can find that their status are all http.StatusForbidden, so change the parameter to 403(int) directly.
* Confirm that the format of problemDetails.Status is int32, so that the value 403 can be assigned directly.
5. 
* In the function definition, the returned variable number need to change.
V 
6. 
* Add variables.
:::
#### Problem 9
:::danger
:::
:::success
1. 
V 
2. 
* Because I commented out here before.
* But now I think it can be reserved before, because **updateAuthenticationInfo.ServingNetworkName** is received from **func SendUEAuthenticationAuthenticateRequest** and it write the SN name here.
* Because it has value, I think we can just store it but not do any authorization.
* So uncomment out it, and assign it to **responseBody** and **authInfoReq**.
3. 
* No need to add &.
V 
4. 
* It is also resulted from the format of err, because of the changing from API to function calling.
* Because there is no API passing between **func SendUEAuthenticationAuthenticateRequest** and **func UeAuthPostRequestProcedure**, the received err has already been **&models.ProblemDetails**, we don't need to extract the problem from err, use err directly(err is address so don't add & before it).
:::
:::danger
:::
:::success
* Derive Kseaf but not used.
* I think it will not be used so just comment out this part.
:::
### Test
#### Problem 1
:::danger
:::
:::success
* The explanation of ChatGPT.
```go=
var client *mongo.Client
var err error
client, err = mongo.Connect(context.TODO(), options.Client().ApplyURI("mongodb://localhost:27017"))
if err != nil {
log.Fatal(err)
}
// 檢查連接
err = client.Ping(context.TODO(), nil)
if err != nil {
log.Fatal(err)
}
```
* It seems that I didn't set a client for MongoDB connection, go to see the line that error tells to me.
V
V
* As you can see, the client is also created in the same file which is called by UDR function, and in this **func SetMongoDB** it will build the connection with DB.
* Terry build the connection by himself, you can see the process -> [Link](https://hackmd.io/AMzUH2F7TzOxIo5o3H3CyA?both#Connection-building)
* And then I'm wondering where the original Free5GC do thhis action -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?both#MongoDB)
* So I copy the connection building process from UDR to AMF in init.go.
* The passing parameters in called function can be find in factory.
* And the parameters creating sequence is like below.
* 
V
V
V
V
V
* I don't know how it fill the mongo name and url from config.yaml to here, but it is confirmed that this two parameters are set in yaml file.
* So we can direcly input these value to set the connection.
:::
#### Problem 2
:::danger
:::
:::success
* For logs' sources.
* I have comfirmed that the setting in free5gc-ue.yaml and webconsole are no problem.
* Then I think maybe the searching keywords have problem, so I printing out supi.
* As you can see, the collname is matched with the display on mongodb-compass, one hyphen(-, or you can say dash) is missing in ueId.
* So modify here.
V 
:::
#### Problem 3
:::danger
:::
:::success
* For logs' sources, it is right after the getDataFromDB, so data is got, but the transfer is not successful.
* The explanation from ChatGPT.
* So I think we can change the format of which will recieve number into float64 directly.
* And this is also why Terry has some float64 in his structure.
* I also check that these EncryptionAlgorithm and EncryptionKey will not be used in parts after, so this change will not cause error.
:::
### Result
#### Result 1
* CN side
* It has a successful req. generating, but stucks in handling resp. and then keeps receiving the initial messages from UE.
* gnb side
* UE side
* The timer will expired when waiting the ACK, after UE receives the req. and send the resp., so UE stucks on here and then keeps retrying registration.
#### Trace the result 1.
V 
V 
V
V 
V 
:::danger
#### Problem 1
* Normally, if the modification on auth req. is successful, CN should properly process the rep., and have a successful 5G-AKA, so I go to find the source of the **server no response** error, to see which part cause this.
* First I print out the passing variable and received variables, I want to check the content or **resStar** and the **err** which causes the error report.
* The result.
* Then keep tracing where is the final stop point, so I go into **func HandleAuth5gAkaComfirmRequest**, which is call by **client.DefaultApi.UeAuthenticationsAuthCtxId5gAkaConfirmationPut**.
* After the API routing and the function of comparing res* and xres*, print out something to check whether the received values from the called **func Auth5gAkaComfirmRequestProcedure** are matched with previous part.
* The strange thing is that it didnt print out anything, still the same after compiling.
* So I go back to the API routing place who forward the message to **func HandleAuth5gAkaComfirmRequest**.
* Print out some text before and after forwarding, to see where is the stop point.
* The result is still the same, nothing printed out, which means the error happens before the message reaching the **router.go & api_defaut.go** of AUSF.
* I go back to see the printed **err**, it says **missing protocol scheme**, and no return & http response.
* I go to see the format **confirmData** is declared.
V
V
V but I can only find the function about **configuration**.
* Then I notice that the scheme is used in here, and **confirmUri** is declared from parsing **ue.AuthenticationCtx.Links["5g-aka"].Href**, which is matched with the printed **err**.
* So I go to see the content of **ue**.
V
V
V then find that the format of **ue.AuthenticationCtx** is imported here.
* Find on github.
V we can see the **Links** definition
V see back to code, you can see it use **Links.Herf**
V if you check here, you can see the source of **Herf**
* Finally, if you search **Links or Herf** in the file, you can confirm that real reason is that I modify the **putLink** generating process, so there are some missed item.
* Then it is wrapped in **responseBody**, returned to **handler.go** as **ueAuthenticationCtx**, and wrapped into **ue**, so that is why there is an error when parsing **ue.AuthenticationCtx**, causing that **ausfUri** is not complete.
V
* You can also confirm by see that the first %s doesnt print out.
:::
:::success
* I need to reconstruct the URI if I want to have a successful call to AUSF, but it is useless for the 2nd modification, because the client including ausfUri will be commented out after changing to function calling.
* But I want to test whether my change on 1st is OK for UE access, so I will just **assign the locationURI manually** even if it will be commented out.
* **self** is declared here.
V find in original ausf file
V
V
V
* And **factory.AusfAuthResUriPrefix** is here.
* It seems that printing out them in original free5gc is faster
* 
* 
* So they are all string format, can direcly add them together.
:::
#### Result 2
* CN side
* gnb side & UE side
* The same.
:::danger
#### Problem 2
* I comment out here and assign the value manually.
* It will turn out these error in process.
:::
:::success
* After compiling OK, it turns out other errors related to AUSF context.
* It will be too much if I keep modify the AUSF context, so I decide to do 2nd modification directly, and ignore AUSF related part.
:::
#### Github upload version before problem 1
#### Github upload version after problem 2
## 2nd req & resp
### Method
* Same as 1st, use the function call in AMF.
* In **ue_authentication.go**(AMF)
* Call by **func SendAuth5gAkaConfirmRequest**
:::warning
* Reserve parts :
* RES* & XRES* comparison in AUSF
* In ue_authentication.go
* **func HandleAuth5gAkaComfirmRequestProcedure**
* In **function.go**
* **func logConfirmFailureAndInformUDM**
* **func sendAuthResultToUDM**
* Change format and call UDR in UDM
* In generate_auth_data.go
* **func ConfirmAuthDataProcedure**
* In converter.go
* **func ToBsonM**
* MongoDB API in UDR
* In data_repository.go
* **func CreateAuthenticationStatusProcedure**
* Reduction
* API -> function calling (Some functions, URI setting, parameters passing, http interaction)
* Get data from AUSF context.
* EAP-AKA'
* Simplfy SUCI checking
:::
### Modification
#### Prerequisite
* Move the **reserved parts** to AMF, and put them **above func SendAuth5gAkaConfirmRequest**.
#### Implementation
:::warning
**The parts need to check after modification :**
(They are in the folded area below, here just for **final confirmation** and not for check list)
- [ ] func SendAuth5gAkaConfirmRequest
- [ ] func HandleAuth5gAkaComfirmRequestProcedure
- [ ] func logConfirmFailureAndInformUDM
- [ ] func sendAuthResultToUDM
- [ ] func ConfirmAuthDataProcedure
- [ ] func CreateAuthenticationStatusProcedure
:::
:::spoiler **func SendAuth5gAkaConfirmRequest**
1. Comment out the ausf part.
* I dont know whether it is necessory to use comfirmData's **optional.Interface** format or I can pass resStar directly.
* But it seems like an API working on Nausf, so I think I can ignore it by just pass resStar **string** to function.
2. I want to know the received value in the called function **func HandleAuth5gAkaComfirmRequest**, so I print out these variables.
* The result is restar and suci.
* So that I know I can modify like this.
* Also change the name of called function.
:::
:::spoiler **func HandleAuth5gAkaComfirmRequestProcedure**
1. About the API function between this and previous function, I just move the logger and comment out it.
2. Format
* This variable will receive resStar, so change format to string.
* This format is from model, and includes supi and Kseaf
* supi will be return back to handler.go and save to **ue**, so we can reserve this format.
* There is another format in model for resStar, but here I just pass resStar directly.
* Delete this redudent parameter, because I passed resStar to here directly.
* I find that handler encode resStar before passing it, so I print out some value in original free5gc to confirm if I need to decode it.
* In handler, **resStar, resStar[:]** are the same, so the point is tha value after encoding.
Use text book for conveniently wathing.
* In AMF, the value stay same after the wrap of confirmData.
* In AUSF, there has already a printing function existedd to compare the res* and xres*, but the printing format is Hexadecimal(%x), so I just print out the %+v format to ensure that they are compared in encoded status.
* About the explanation of %x -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?view#x)
* So if two sides are all encoded and then compared, I dont need to do decoding.
3. ausf context
* Comment out the process of checking SUCI and get the SUPI from ausf context, because all ausf context related parts are commented out, and we need to get the SUPI from **ConfirmationDataResponseID**(SUCI).
* Use this transfer again, and change variable name.
* Then manually set the SNname by print out the string in original free5gc
* Because Xres* store in AUSF context originally, and previous modification comments out it and didnt store it in other parameter, so we need to add one to store Xres*.
* Xres* is encoded in **func GenerateAuthDataProcedure**.
* And is stored in ausf context in **func UeAuthPostRequestProcedure**.
* Add a global variable to store it.
* Change the variable.
* HRES* & HXRES* comparison is here, above the calling of **func SendAuth5gAkaConfirmRequest**.
* And **HxresStar** is got from ue.AuthenticationCtx.Var5gAuthData, which receives the hxres* from AUSF function direcly.
* So it will not be affected by ausf context.
* Kseaf process is commented out before, so here just give it zero string for storing in ue context.
* Comment out these two.
* UdmUeauUrl doesnt exist without ausf context, so comment them out too.
:::warning
* **logger function**
* 
* 
* 
* 
:::
:::spoiler **func logConfirmFailureAndInformUDM**
* Before
* After
:::warning
* **logger function**
* 
* 
* 
:::
:::spoiler **func sendAuthResultToUDM**
* Before
* After
* self.GetSelfID() get the Nfid which is string.
* Here change to get the AMF Nfid, but AMF doesnt have **func GetSelfID()**, so directly retrieve it, I dont know it is right or not using pointer to do it.
:::
:::spoiler **func ConfirmAuthDataProcedure**
* Move the logger and comment out UDM API process.
* Before
* After
* Move the DB parameters setting and function calling and then comment out the UDR API process
* The original authEvent wrapping uses **optional.Interface** format , which I think is for API process, so I comment out them, and to see how to pass authEvent to DB.
* Here is the modification of moved parameters setting and function calling in UDR API process.
* The function changing the **authEvent** to Bson is from UDR, so we need to move it to here, make sure if there is any new import mod or not.
V
* Delete the util.
-> 
* Because **func CreateAuthenticationStatusProcedure** doesnt have return, so we can comment the http API error report, and also API calling.
* But this function need to return one err, so just keep it nil.
:::warning
* **logger function**
* 
:::
:::spoiler **func CreateAuthenticationStatusProcedure**
* No need to change.
* About the ueId adding, because originally authEvent doesnt have this item, and the chatGPT explanation.
:::
### Comilation
#### Problem 1
:::danger
:::
:::success
* 
* This problem is that originally the variables in string format are declared together, about the explanation -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?both#Function-declaration).
* So just give them the format.
:::
#### Problem 2
:::danger
:::
:::success
1. I think that is becaues **logger.DataRepoLog.Errorf** needs string to print, but the format of err is error, original print function use **logger.DataRepoLog.Error**.
V
2. 
* Change the return format declaration.
V
* It causes other problem.
* Just print problemDetails itself.
V
3. 
* Remove the redudent &.
V
:::
### Test
#### No problem
### Result
* CN side
* 5G-AKA is successful but security mode has some problem.
* gnb side
* UE side
:::danger
* The original log is like this.
* The SMC explanation -> [Link](https://hackmd.io/DETj57LjQFimKBIOaD6csQ?both#Security-mode)
* Wireshark (Test with UERANSIM in other VM)
* From UE's reject message, it has a cause.
* And **security mode rejected, unspecified (24)** is a keyword to search.
* It is a LTE note about SMC in [here](https://www.sharetechnote.com/html/Handbook_LTE_NasSecurityModeControlProcedure.html)
* From 5GC's DownlinkNAS SMC, we can see the contens of the packet is the same as normal 5GC (Except for message authentication code).
* Modified.
* Normal.
* In logs.
* It is hard to find where is the problem source by tracing the 5GC error message (**wrong security header type : 0x0, message type 95**) in code or googleing the UE error message (**Rejecting Security Mode Command with cause [SEC_MODE_REJECTED_UNSPECIFIED]**).
* Will only find the header of UE's uplinkNAS is wrong, and print the error by call the printing function, and the parameters is from free5gc/nas.
* Or find some [problem discussion]().
:::
:::success
* In the process above, I was doubting that maybe the cause is from the modification in ue_authentication.go, the missing in some parameter resulit in the rejection of UE.
* And I ask Terry that whether the commenting out of **Kseaf generating** affects it or not, the answar is YES.
* But I didnt know which part in security mode will use Kseaf, because I need to know where to put Kseaf value instead of AUSF context if I recover the generating process.
* And Terry say that I can put into **AMF context**, becausee the security mode is working in AMF, and will access the parameter in AMF context.
:::
#### Github upload version
## Security mode
### Method
:::warning
* Uncomment out the **Derive Kseaf from Kausf** in AUSF function (**func UeAuthPostRequestProcedure**) and try to put the value in UE context of AMF : **type AmfUe struct**.
* 
:::
### Modification & Compilation & Test
#### Problem 1 (Preparation)
* The point is that the mutual context of UE is passing in handler.go and **func SendUEAuthenticationAuthenticateRequest** in ue_authentication.go, so we can not direcly put the value in **func UeAuthPostRequestProcedure** because ue.context is not passed to this function (Or we add a new variable, but we need to modify more place).
1. Like this error is that I want to call AmfUe in context folder.
2. Even I change to the right name of import, and compile successfully, the test has error.
3. Or I want to use **GetSelf** in context, but it is wrong, Kseaf is in context for UE, not in the AMFcontext
* The error for this
#### Problem 2 (Preparation)
:::danger
:::
:::success
* We need to use **hex.EncodeToString()**.
:::
#### Problem 3 (1st req & resp : func UeAuthPostRequestProcedure)
:::danger
* Because this function doesnt have the ue context variable, so I decide to put Kseaf into return variable.
* Then receive and put Kseaf into ue context in this function.
* In **handler.go**, it will receive **ue** and the ue variable is the same one (**amfUe**) passed from **func Authentication in sm.go**.
V
V
* In **func Authentication**, it uses the same variable **amfUe** to call this function.
* So if I load Kseaf into **ue**, it will be saved into **amfUe** by pointer passing.
:::
:::success
* My method is put Kseaf into **responseBody**, so we need to change its format.
* Check the format on model repo.
* Then put it above this function, change the **responseBody** declaration, and add Kseaf declaration in structure.
* And assign Kseaf to it after generating.
* And the error in above screenshot is about the format of variables in structure.
* For first one you can find the difined source on repo
V
V
V
* For second one.
V
V
V
:::
#### Problem 3-1
:::danger
* 
V
* 
V
:::
:::success
* The problem is caused by the format in structure, which is not matched with the use below.
* Here I can change two places, in struc or in the use below, I choose to modify in struc directly, it is successful so I didnt try to change the second place.
* 
* The original variables are set as remarks commented out behind the sentence.
:::
#### Problem 3-2
:::danger
1. 
2. 
:::
:::success
* This form is correct one.
:::
#### Problem 4 (Functions calling & func SendUEAuthenticationAuthenticateRequest)
:::danger
:::
:::success
1. 
* It is caused by the return variable declaration.
2. 
* It is in **func SendUEAuthenticationAuthenticateRequest**, to put the received Kseaf into ue context which is passed from **func AuthenticaionProcedure** to here.
* Dont need to add models.
* After Kseaf is assigned, we need to put the other value into the original passing format, so declar a new variable using model's format and assign the value one by one.
3. 
:::
#### Problem 5 (2nd req & resp : func HandleAuthenticationResponse & func SendAuth5gAkaConfirmRequest & func HandleAuth5gAkaComfirmRequestProcedure)
:::danger
* The compilation is successful but the test is still tha same problem.
:::
:::success
* So I find another place where call Kseaf in UE context for using, and add logger in three places to see whether the Kseaf exists or not.
* In func SendUEAuthenticationAuthenticateRequest.
* In func AuthenticationProcedure
* The results of these two all have the value of Kseaf.
* 
* 
* In func HandleAuthenticationResponse
* But the third place doesnt have.
* 
* Then when you go to :
V
**func SendAuth5gAkaConfirmRequest**
V
**func HandleAuth5gAkaComfirmRequestProcedure**
* You can see if the authentication confirm is successful, it will get Kseaf from susf context, but I have commented out it and give it null value, because I thought Kseaf would not ne used.
* So I comment out here to prevent the null value cover the original value.
:::
### Result
* CN side
* The SMC is successful, and UE get the IP
* PFCP is also builded.
* gnb side
* UE side
:::warning
* Remember to comment out the logger which is used for test.
:::
#### Github upload version
## Removal process
### Prerequisite
* Because the result is successful, meaning that we don't need AUSF for 5G-AKA, now we can remove it to test again.
* In Makefile
* In run.sh
* After that, you can see there is no AUSF initialization when running.
### Modification & Compilation & Test
#### Problem 1
:::danger
:::
:::success
* Comment out AUSF selecting part.
:::
### Result
* After the error is solved, it is successful, then it is the same as above.
#### Github upload version
## Test with muiltiple UE
### Method
:::warning
* Use the commands on the wiki of UERANSIM github -> [Link](https://github.com/aligungr/UERANSIM/wiki/Usage)
* Pre-register the UE in webconsole.
:::
### Problems encountered
* Use 5 UEs to test.
#### Problem 1
:::danger
* CN side
* gnb side
* UE side
:::
:::success
* There is no UE data in 5GC, so add them on webconsole, the SUCI will be from imsi-...3~7.
:::
#### Problem 2
:::danger
:::
:::success
* Only one UE will successfully build the PDU session.
* And you can see some Synch failure for 4 UEs
* Other four will have a confirmation failed
* Find that the **XresStar comparison is not successful**, not the same with res*.
:::
* But if I use original free5gc, it will be successful for muiltiple UE.
* CN side
* gnb side
* UE side
:::success
* So I think the problem is that I use global variable for setting Xres*, then every UE's Xres* will be the same.
* Here you can check the result that tests with 2 UEs.
* And if you scroll up, you can see the final XresStar stored in the global variable is from imsi-...0003, so the imsi-...0004 will not pass the 5G-AKA confirmation.
:::
### Modification & Compilation
#### Pre
* Some differences between the original storing method and global method.
* eed to ensure Xres* is stored independently for each UE. Using global variables in a concurrent environment can lead to race conditions and data corruption.So I need to use **context or mapping** to process it.
* First import "sync", and change the delclaration.
* Then before comparison, get the value using supi from map, and do the error report.
#### Problem 1
:::danger
:::
:::success
* hex.DecodeString() has two return, but encode only one, so dont mess up them.
:::
#### Problem 2
:::danger
:::
:::success
V
:::
#### Problem 3
:::danger
:::
:::success
* Instead of hex.encodestring()
:::
#### Problem 4
:::danger
* The Xres* is in if/else, so outside there can not be used.
:::
:::success
* Put the if/else of map in the most ouside place.
:::
### Test
#### Problem 1
:::danger
:::
:::success
* Because there is no supi transformation in **func UeAuthPostRequestProcedure**
* So here change supi to ConfirmationDataResponseID which is suci, use supci to find in map.
V
:::
### Result
#### 2 UEs
* CN side (Can accept 2 UEs.)
* gnb side
* UE side
#### 5 UEs
* UE side
* Ping internet test
* You can see there are 5 tunnels builded in UE's VM.
* Ping from these tunnels.
:::danger
* Ping from uesimtun0 not successful but ping directly successful.
:::
:::success
* In the VM of free5gc, need to set these network rules.
```shell=
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
sudo iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
sudo systemctl stop ufw
sudo iptables -I FORWARD 1 -j ACCEPT
```
:::
#### Github upload version
Google Drive
Gist
Clipboard
Sign in with Wallet
