[MME] Fix GUTI <-> RAI/PTMSI derivation functions

The algorithms described in 3GPP TS 23.003 Ch. 2.8.2.1.2 an 2.8.2.2.2
are not directly the inverse of each other.

To send a SGSN Context Request (in 2G -> 4G mobility) the algorithm in
2.8.2.2.2 has to be done in reverse (like mentioned in 2.8.2.2.3 -
Mapping in the new MME).

When parsing an SGSN Context Request (for 4G -> 2G mobility) the reverse
of 2.8.2.1.2 (as described in 2.8.2.1.3) has to be used.
PTMSI signature handling is added in a separate commit.

src/mme/emm-sm.c

@@ -504,7 +504,7 @@ static void common_register_state(ogs_fsm_t *s, mme_event_t *e,
 
             if (emm_tau_request_ue_comes_from_gb_or_iu(&message->emm.tracking_area_update_request)) {
                 ogs_info("TAU request : UE comes from SGSN, attempt retrieving context");
-                guti_to_rai_ptmsi(&mme_ue->next.guti, &rai, NULL, NULL);
+                guti_to_rai_ptmsi(&mme_ue->next.guti, &rai, NULL);
                 sgsn = mme_sgsn_find_by_routing_address(&rai, 0xffff);
                 if (!sgsn) {
                     ogs_plmn_id_t plmn_id;

src/mme/mme-gn-build.c

@@ -194,7 +194,6 @@ ogs_pkbuf_t *mme_gn_build_sgsn_context_request(
     ogs_gtp1_sgsn_context_request_t *req = NULL;
     ogs_nas_rai_t rai;
     mme_p_tmsi_t ptmsi;
-    uint32_t ptmsi_sig;
     ogs_gtp1_gsn_addr_t mme_gnc_gsnaddr, mme_gnc_alt_gsnaddr;
     int gsn_len;
     int rv;
@@ -206,11 +205,13 @@ ogs_pkbuf_t *mme_gn_build_sgsn_context_request(
     req = &gtp1_message.sgsn_context_request;
     memset(&gtp1_message, 0, sizeof(ogs_gtp1_message_t));
 
-    guti_to_rai_ptmsi(&mme_ue->next.guti, &rai, &ptmsi, &ptmsi_sig);
+    guti_to_rai_ptmsi(&mme_ue->next.guti, &rai, &ptmsi);
 
     req->imsi.presence = 0;
 
     req->routeing_area_identity.presence = 1;
+    /* Needs to be big-endian */
+    rai.lai.lac = htons(rai.lai.lac);
     req->routeing_area_identity.data = &rai;
     req->routeing_area_identity.len = sizeof(ogs_nas_rai_t);
 
@@ -219,9 +220,6 @@ ogs_pkbuf_t *mme_gn_build_sgsn_context_request(
     req->packet_tmsi.presence = 1;
     req->packet_tmsi.u32 = be32toh(ptmsi);
 
-    req->p_tmsi_signature.presence = 1;
-    req->p_tmsi_signature.u24 = ptmsi_sig;
-
     req->ms_validated.presence = 0;
 
     req->tunnel_endpoint_identifier_control_plane.presence = 1;

src/mme/mme-gn-handler.c

@@ -69,22 +69,20 @@ static int decode_global_enb_id(S1AP_Global_ENB_ID_t *glob_enb_id, const uint8_t
     return OGS_OK;
 }
 
-/* 3GPP TS 23.003 2.8.2.1 Mapping from GUTI to RAI, P-TMSI and P-TMSI signature */
-void guti_to_rai_ptmsi(const ogs_nas_eps_guti_t *nas_guti, ogs_nas_rai_t *rai, mme_p_tmsi_t *ptmsi, uint32_t *ptmsi_sig)
+/* 3GPP TS 23.003 2.8.2.2 Mapping RAI and P-TMSI from GUTI (in the MME) */
+void guti_to_rai_ptmsi(const ogs_nas_eps_guti_t *nas_guti, ogs_nas_rai_t *rai, mme_p_tmsi_t *ptmsi)
 {
     rai->lai.nas_plmn_id = nas_guti->nas_plmn_id;
     rai->lai.lac = nas_guti->mme_gid;
-    rai->rac = nas_guti->mme_code;
+    rai->rac = (nas_guti->m_tmsi >> 16) & 0xff;
     if (ptmsi)
         *ptmsi = 0xC0000000 |
                 (nas_guti->m_tmsi & 0x3f000000) |
                 (nas_guti->mme_code & 0x0ff) << 16 |
                 (nas_guti->m_tmsi & 0x0000ffff);
-    if (ptmsi_sig)
-        *ptmsi_sig = (nas_guti->m_tmsi & 0x00ff0000);
 }
 
-/* 3GPP TS 23.003 2.8.2.2 Mapping from RAI and P-TMSI to GUTI */
+/* 3GPP TS 23.003 2.8.2.1 Mapping GUTI from RAI, P-TMSI and P-TMSI signature (in the MME) */
 static void rai_ptmsi_to_guti(const ogs_nas_rai_t *rai, mme_p_tmsi_t ptmsi, uint32_t ptmsi_sig, ogs_nas_eps_guti_t *nas_guti)
 {
     nas_guti->nas_plmn_id = rai->lai.nas_plmn_id;

src/mme/mme-gn-handler.h

@@ -45,7 +45,7 @@ void mme_gn_handle_ran_information_relay(
         ogs_gtp_xact_t *xact, ogs_gtp1_ran_information_relay_t *req);
 
 void guti_to_rai_ptmsi(const ogs_nas_eps_guti_t *nas_guti, ogs_nas_rai_t *rai,
-        mme_p_tmsi_t *ptmsi, uint32_t *ptmsi_sig);
+        mme_p_tmsi_t *ptmsi);
 
 #ifdef __cplusplus
 }