[PATCH] osmo-msc[master]: cosmetic prep: tell vlr_ops.set_ciph_mode() whether UMTS AKA...

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Mon Dec 18 02:27:28 UTC 2017


Review at  https://gerrit.osmocom.org/5469

cosmetic prep: tell vlr_ops.set_ciph_mode() whether UMTS AKA is used

In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
tokens. tuple->vec.kc was calculated from the GSM algorithm and is not
necessarily a match for the UMTS AKA tokens.

To decide (in an upcoming patch) whether to use UMTS AKA derived Kc or the Kc
from the auth vector, the set_ciph_mode() from vlr_ops needs to know whether
UMTS AKA is being used. This could possibly derived from the msc_conn_ref, but
all flags are already available in the vlr_lu_fsm and vlr_access_req_fsm. Hence
add a umts_aka flag to the set_ciph_mode() callback invocation. The VLR FSMs
thus decide whether UMTS AKA or GSM AKA is to be used during Ciphering Mode
Command, which makes more sense than re-implementing the same decision process
in the MSC.

I considered placing the Kc derivation in vlr_set_ciph_mode() and only tell the
MSC's set_ciph_mode() implementation the precise keys it should use, but the
RAN particulars, and whether a Kc is used at all, rather belong with the MSC.

Related: OS#2745
Prepares: If04e405426c55a81341747a9b450a69188525d5c
Change-Id: I983c48347faf4ee1b405d8174b4e006c904157cf
---
M include/osmocom/msc/vlr.h
M src/libmsc/gsm_04_08.c
M src/libvlr/vlr.c
M src/libvlr/vlr_access_req_fsm.c
M src/libvlr/vlr_lu_fsm.c
M tests/msc_vlr/msc_vlr_tests.c
6 files changed, 14 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/69/5469/1

diff --git a/include/osmocom/msc/vlr.h b/include/osmocom/msc/vlr.h
index df7d354..b625608 100644
--- a/include/osmocom/msc/vlr.h
+++ b/include/osmocom/msc/vlr.h
@@ -207,7 +207,7 @@
 	int (*tx_cm_serv_rej)(void *msc_conn_ref, enum vlr_proc_arq_result result);
 
 	int (*set_ciph_mode)(void *msc_conn_ref, enum vlr_ciph ciph_mode,
-			     bool retrieve_imeisv);
+			     bool umts_aka, bool retrieve_imeisv);
 
 	/* UTRAN: send Common Id (when auth+ciph are complete) */
 	int (*tx_common_id)(void *msc_conn_ref);
@@ -433,6 +433,7 @@
 		      struct osmo_fsm_inst *fi,
 		      void *msc_conn_ref,
 		      enum vlr_ciph ciph_mode,
+		      bool umts_aka,
 		      bool retrieve_imeisv);
 
 bool vlr_use_umts_aka(struct osmo_auth_vector *vec, bool is_r99);
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index f9dffac..a4fdfa2 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -3384,6 +3384,7 @@
 /* VLR asks us to start using ciphering */
 static int msc_vlr_set_ciph_mode(void *msc_conn_ref,
 				 enum vlr_ciph ciph,
+				 bool umts_aka,
 				 bool retrieve_imeisv)
 {
 	struct gsm_subscriber_connection *conn = msc_conn_ref;
diff --git a/src/libvlr/vlr.c b/src/libvlr/vlr.c
index 55b8de0..670ff83 100644
--- a/src/libvlr/vlr.c
+++ b/src/libvlr/vlr.c
@@ -1096,6 +1096,7 @@
 		      struct osmo_fsm_inst *fi,
 		      void *msc_conn_ref,
 		      enum vlr_ciph ciph_mode,
+		      bool umts_aka,
 		      bool retrieve_imeisv)
 {
 	switch (ciph_mode) {
@@ -1108,6 +1109,7 @@
 			 ciph_mode, vlr_ciph_name(ciph_mode));
 		return vlr->ops.set_ciph_mode(msc_conn_ref,
 					      ciph_mode,
+					      umts_aka,
 					      retrieve_imeisv);
 
 	case VLR_CIPH_A5_2:
diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c
index e90d8de..41e629e 100644
--- a/src/libvlr/vlr_access_req_fsm.c
+++ b/src/libvlr/vlr_access_req_fsm.c
@@ -294,6 +294,7 @@
 
 	if (vlr_set_ciph_mode(vsub->vlr, fi, par->msc_conn_ref,
 			      par->ciphering_required,
+			      vlr_use_umts_aka(&vsub->last_tuple->vec, par->is_r99),
 			      vsub->vlr->cfg.retrieve_imeisv_ciphered)) {
 		LOGPFSML(fi, LOGL_ERROR,
 			 "Failed to send Ciphering Mode Command\n");
diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c
index a3a68ed..e540e2a 100644
--- a/src/libvlr/vlr_lu_fsm.c
+++ b/src/libvlr/vlr_lu_fsm.c
@@ -826,8 +826,15 @@
 		return;
 	}
 
+	if (!vsub->last_tuple) {
+		LOGPFSML(fi, LOGL_ERROR, "No auth tuple available\n");
+		vlr_lu_compl_fsm_failure(fi, GSM48_REJECT_NETWORK_FAILURE);
+		return;
+	}
+
 	if (vlr_set_ciph_mode(vsub->vlr, fi, lfp->msc_conn_ref,
 			      lfp->ciphering_required,
+			      vlr_use_umts_aka(&vsub->last_tuple->vec, lfp->is_r99),
 			      vsub->vlr->cfg.retrieve_imeisv_ciphered)) {
 		LOGPFSML(fi, LOGL_ERROR,
 			 "Failed to send Ciphering Mode Command\n");
diff --git a/tests/msc_vlr/msc_vlr_tests.c b/tests/msc_vlr/msc_vlr_tests.c
index f0a112b..9cc61b1 100644
--- a/tests/msc_vlr/msc_vlr_tests.c
+++ b/tests/msc_vlr/msc_vlr_tests.c
@@ -665,7 +665,7 @@
 }
 
 static int fake_vlr_tx_ciph_mode_cmd(void *msc_conn_ref, enum vlr_ciph ciph,
-				     bool retrieve_imeisv)
+				     bool umts_aka, bool retrieve_imeisv)
 {
 	/* FIXME: we actually would like to see the message bytes checked here,
 	 * not possible while msc_vlr_set_ciph_mode() calls

-- 
To view, visit https://gerrit.osmocom.org/5469
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I983c48347faf4ee1b405d8174b4e006c904157cf
Gerrit-PatchSet: 1
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>



More information about the gerrit-log mailing list