[PATCH] libosmocore[master]: GSUP, OAP, osmo-gen-vec: fix AUTS length to 14, not 16

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Thu Feb 2 19:34:22 UTC 2017


Hello Jenkins Builder,

I'd like you to reexamine a change.  Please visit

    https://gerrit.osmocom.org/1731

to look at the new patch set (#2).

GSUP, OAP, osmo-gen-vec: fix AUTS length to 14, not 16

GSUP transmits AUTS for UMTS authentication procedures, and OAP uses the same
procedures to authenticate. osmo-gen-vec is a utility program that passes AUTS
to our osmo_auth_gen_vec_auts() API.

According to 3GPP 33.102 6.3.3, AUTS = SQN^AK || MAC-S, which are 6 || 8 == 14
bytes. This is confirmed by 24.008 9.2.3a where the TLV has 16 bytes, TL = 2
and AUTS being the V = 14.

It is not harmful for milenage_gen_vec_auts() to pass two more AUTS bytes. But
writing 16 bytes to a GSUP struct is a potential problem when passing in a 14
byte long AUTS buffer to the GSUP API, which then reads past the AUTS buffer.
The API implies the length, so far to be 16, so passing in a 14 byte buffer to
GSUP would require copying to a larger buffer first.

Fix this by using a length of 14 for AUTS everywhere instead.

This constitues an ABI breakage, we may handle it as a "fix before an official
release", otherwise we need a version bump.

The OAP protocol document has also been updated, needs an update in the
osmo-gsm-manuals as well.

Change-Id: If25b173d9ec57ea4c504d860954912b7d82af455
---
M TODO-RELEASE
M doc/osmocom-authn-protocol.txt
M include/osmocom/gsm/oap.h
M src/gsm/gsup.c
M tests/oap/oap_test.c
M tests/oap/oap_test.ok
M utils/osmo-auc-gen.c
7 files changed, 10 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/31/1731/2

diff --git a/TODO-RELEASE b/TODO-RELEASE
index 5c6bfa3..a23fcea 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -8,3 +8,6 @@
 # If any interfaces have been removed or changed since the last public release: c:r:0.
 #library	what			description / commit summary line
 libosmocore	new function		osmo_sock_get_name()
+libosmogsm/gsup	ABI change		fix AUTS length to 14, not 16 (length is implicit)
+libosmogsm/oap	ABI change		fix AUTS length to 14, not 16 (length is implicit)
+osmo-auc-gen	UI change		fix AUTS length to 14, not 16 (length is implicit)
diff --git a/doc/osmocom-authn-protocol.txt b/doc/osmocom-authn-protocol.txt
index 6d057be..ad4fba0 100644
--- a/doc/osmocom-authn-protocol.txt
+++ b/doc/osmocom-authn-protocol.txt
@@ -181,7 +181,7 @@
 
   IEI	Info Element		Type			Pres.	Format	Length
 	Message type		4.2.1			M	V	1
-  20	AUTS			octet string (16)	M	TLV	18
+  20	AUTS			octet string (14)	M	TLV	16
 
 3.2.8. Sync Error
 
diff --git a/include/osmocom/gsm/oap.h b/include/osmocom/gsm/oap.h
index d973013..ff561bf 100644
--- a/include/osmocom/gsm/oap.h
+++ b/include/osmocom/gsm/oap.h
@@ -64,7 +64,7 @@
 	int xres_present;
 	uint8_t xres[8];
 	int auts_present;
-	uint8_t auts[16];
+	uint8_t auts[14];
 };
 
 int osmo_oap_decode(struct osmo_oap_message *oap_msg, const uint8_t *data,
diff --git a/src/gsm/gsup.c b/src/gsm/gsup.c
index 22f57ab..b1b97ca 100644
--- a/src/gsm/gsup.c
+++ b/src/gsm/gsup.c
@@ -497,7 +497,7 @@
 	}
 
 	if (gsup_msg->auts)
-		msgb_tlv_put(msg, OSMO_GSUP_AUTS_IE, 16, gsup_msg->auts);
+		msgb_tlv_put(msg, OSMO_GSUP_AUTS_IE, 14, gsup_msg->auts);
 
 	if (gsup_msg->rand)
 		msgb_tlv_put(msg, OSMO_GSUP_RAND_IE, 16, gsup_msg->rand);
diff --git a/tests/oap/oap_test.c b/tests/oap/oap_test.c
index ccf4906..0c4c16e 100644
--- a/tests/oap/oap_test.c
+++ b/tests/oap/oap_test.c
@@ -155,8 +155,8 @@
 	printf("- Sync Request\n");
 	CLEAR();
 	oap_msg.message_type = OAP_MSGT_SYNC_REQUEST;
-	osmo_hexparse("102030405060708090a0b0c0d0e0f001",
-		      oap_msg.auts, 16);
+	osmo_hexparse("102030405060708090a0b0c0d0e0",
+		      oap_msg.auts, 14);
 	oap_msg.auts_present = 1;
 	CHECK();
 
diff --git a/tests/oap/oap_test.ok b/tests/oap/oap_test.ok
index 9260d44..4c09929 100644
--- a/tests/oap/oap_test.ok
+++ b/tests/oap/oap_test.ok
@@ -37,6 +37,6 @@
 ok
 - Sync Request
 encoded message:
-0c 25 10 10 20 30 40 50 60 70 80 90 a0 b0 c0 d0 e0 f0 01 
+0c 25 0e 10 20 30 40 50 60 70 80 90 a0 b0 c0 d0 e0 
 ok
 Done.
diff --git a/utils/osmo-auc-gen.c b/utils/osmo-auc-gen.c
index 3b3e557..4c3e891 100644
--- a/utils/osmo-auc-gen.c
+++ b/utils/osmo-auc-gen.c
@@ -87,7 +87,7 @@
 {
 	struct osmo_auth_vector _vec;
 	struct osmo_auth_vector *vec = &_vec;
-	uint8_t _rand[16], _auts[16];
+	uint8_t _rand[16], _auts[14];
 	int rc, option_index;
 	int rand_is_set = 0;
 	int auts_is_set = 0;

-- 
To view, visit https://gerrit.osmocom.org/1731
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: If25b173d9ec57ea4c504d860954912b7d82af455
Gerrit-PatchSet: 2
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder


More information about the gerrit-log mailing list