sysmocom
/
open5gs
forked from acouzens/open5gs
11
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
4,342 Commits 7 Branches 1 Tag 80 MiB
C 97.5%
Mustache 0.9%
JavaScript 0.5%
Meson 0.5%
Python 0.4%
Other 0.2%
Go to file
Sukchan Lee 7c14073533 [UDM] Added validation for pubkey 
a cryptographic vulnerability in the SUCI decryption routines
of Open5GS 5G—specifically Profile B, which uses P-256 (secp256r1)
for its elliptic curve routines.

If a mobile device user passes a public key within its SUCI
that does not correspond to a valid point on the P-256 elliptic curve,
the Open5GS UDM will not check the point
before running elliptic curve operations with it and returning a response
to the mobile device user.

If the public key is not checked to be a valid point, an attacker can leverage
this behavior to extract the Profile B private key from the UDM,
as has been done in other domains
(https://owasp.org/www-pdf-archive/Practical_Invalid_Curve_Attacks_on_TLS-ECDH_-_Juraj_Somorovsky.pdf).

Note that Profile A is not similarly vulnerable to this, as it is impossible
to construct an invalid point on a curve25519 elliptic curve.

There was some work that went into developing a practical proof of concept
of this kind of attack against free5gc last year; it can be found here:

https://www.gsma.com/security/wp-content/uploads/2023/10/0073-invalid_curve.pdf

And here is the free5gc security advisory:

https://github.com/advisories/GHSA-cqvv-r3g3-26rf

To mitigate this issue in Open5GS, the public key of the UE must be validated
by the UDM prior to use. Adding a validation function such as the following
should work:

I designed this code based on information from https://crypto.stackexchange.com/questions/90151/verify-that-a-point-belongs-to-secp256r1.
 		2024-03-24 14:09:10 +09:00
.github Add CIFuzz workflow 2023-07-12 22:34:05 +09:00
configs Added open5gs-sepp in debian package 2023-12-17 10:22:39 +09:00
debian Added SEPP debian package (#2861) 2024-01-09 22:12:16 +09:00
docker [ASN1C] Fixed asn1c library on 32bit (#2934) 2024-02-12 14:00:06 +09:00
docs Fixed docs for changing WebUI port 3000 => 9999 2024-03-02 16:57:45 +09:00
lib [UDM] Added validation for pubkey 2024-03-24 14:09:10 +09:00
misc [SEPP] Initial Update for 5G Roaming (#2739) 2023-11-19 19:34:51 +09:00
src [PFCP] Session removal while waiting PFCP reply (#3040) 2024-03-24 09:50:23 +09:00
subprojects Fixed prometheus-client-c branch next to open5gs 2022-11-21 22:09:18 +09:00
tests [GTP/PFCP]] incorrect dst TEI=0/SEID=0 (#3043) 2024-03-23 10:06:16 +09:00
vagrant [WebUI] Update NodeJS installation Guide 2023-09-03 20:03:47 +09:00
webui Release v2.7.0 2023-12-04 21:14:37 +09:00
.clang-tidy [MISC] Add support for static code analysis 2022-07-01 21:38:47 +09:00
.dockerignore [build] Use local sources to build applications (#1583) 2022-06-19 18:18:09 +09:00
.editorconfig editorconfig: new file (#2746) 2023-11-27 22:21:35 +09:00
.gitignore .gitignore: Add install/ dir 2023-10-10 08:03:25 +09:00
LICENSE Change LICENSE to GNU AGPL v3.0 2017-12-18 10:35:54 +09:00
README.md Add special sponsors mobi 2024-03-18 06:49:28 +09:00
meson.build Release v2.7.0 2023-12-04 21:14:37 +09:00
meson_options.txt [Fuzzing] oss-fuzz support for fuzzing (#2283) 2023-05-05 17:20:11 +09:00

README.md

Open5GS logo

Getting Started

Please follow the documentation at open5gs.org!

Sponsors

If you find Open5GS useful for work, please consider supporting this Open Source project by Becoming a sponsor. To manage the funding transactions transparently, you can donate through OpenCollective.

Special Sponsor

special sponsor mobi

sponsors

Community

  • Problem with Open5GS can be filed as issues in this repository.
  • Other topics related to this project are happening on the discussions.
  • Voice and text chat are available in Open5GS's Discord workspace. Use this link to get started.

Contributing

If you're contributing through a pull request to Open5GS project on GitHub, please read the Contributor License Agreement in advance.

License