Change in osmo-msc[master]: improve handling of BSC-chosen algo in CIPHER MODE COMPLETE

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Stefan Sperling gerrit-no-reply at lists.osmocom.org
Tue Dec 18 16:31:29 UTC 2018 

Stefan Sperling has uploaded this change for review. ( https://gerrit.osmocom.org/12349


Change subject: improve handling of BSC-chosen algo in CIPHER MODE COMPLETE
......................................................................

improve handling of BSC-chosen algo in CIPHER MODE COMPLETE

The BSC may choose to omit the chosenEntryptionAlgorithm IE in
the CIPHER MODE COMPLETE command. When this happens, we used to
default to A5/1 and disregarded the list of ciphers which we
requested in the CIPHER MODE CMD. Fall back to the best cipher
instead of hard-coding a fallback to A5/1.

If the BSC does specify an algorithm, ensure that the chosen value
falls within the range allowed by GSM 04.08, and ensure that the
chosen value matches one of the values we sent in CIPHER MODE CMD.

Change-Id: I3260bee43cfe135ebfc33c13aee3c4ba43466c81
Related: OS#2872
---
M include/osmocom/msc/gsm_04_08.h
M src/libmsc/a_iface_bssap.c
M src/libmsc/gsm_04_08.c
3 files changed, 53 insertions(+), 5 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/49/12349/1

diff --git a/include/osmocom/msc/gsm_04_08.h b/include/osmocom/msc/gsm_04_08.h
index 5ff16de..79f7e0f 100644
--- a/include/osmocom/msc/gsm_04_08.h
+++ b/include/osmocom/msc/gsm_04_08.h
@@ -77,5 +77,7 @@
 
 int gsm48_tch_rtp_create(struct gsm_trans *trans);
 int gsm48_conn_sendmsg(struct msgb *msg, struct ran_conn *conn, struct gsm_trans *trans);
+struct gsm_classmark;
+int gsm48_classmark_supports_a5(const struct gsm_classmark *cm, uint8_t a5);
 
 #endif
diff --git a/src/libmsc/a_iface_bssap.c b/src/libmsc/a_iface_bssap.c
index d84a234..69824c7 100644
--- a/src/libmsc/a_iface_bssap.c
+++ b/src/libmsc/a_iface_bssap.c
@@ -35,6 +35,7 @@
 #include <osmocom/msc/a_reset.h>
 #include <osmocom/msc/transaction.h>
 #include <osmocom/msc/msc_mgcp.h>
+#include <osmocom/msc/gsm_04_08.h>
 
 #include <errno.h>
 
@@ -386,14 +387,59 @@
 	 * is not able to deal with msg = NULL and apperently
 	 * ran_conn_cipher_mode_compl() was never meant to be used without L3 data.
 	 * This needs to be discussed further! */
-
-	uint8_t alg_id = 1;
+	struct gsm_network *net = conn->network;
+	int alg_id = -1;
 	struct rate_ctr_group *msc = conn->network->msc_ctrs;
+	struct gsm0808_encrypt_info ei = { 0 };
+	int i, j = 0;
 
 	LOGPCONN(conn, LOGL_DEBUG, "Rx BSSMAP CIPHER MODE COMPLETE\n");
 
 	if (TLVP_PRESENT(tp, GSM0808_IE_CHOSEN_ENCR_ALG)) {
-		alg_id = TLVP_VAL(tp, GSM0808_IE_CHOSEN_ENCR_ALG)[0] - 1;
+		uint8_t val = TLVP_VAL(tp, GSM0808_IE_CHOSEN_ENCR_ALG)[0];
+		if (val < GSM0808_ALG_ID_A5_0 || val > GSM0808_ALG_ID_A5_7) {
+			LOGPCONN(conn, LOGL_ERROR, "Invalid encryption algorithm in CIPHER MODE COMPLETE: 0x%x\n", val);
+			return -EINVAL;
+		}
+		alg_id = val - 1;
+	} else {
+		/* The BSC did not choose an algorithm. We sort this out below. */
+	}
+
+	/* Recompute the ENCRYPTION INFORMATION IE we sent in CIPHER MODE CMD. */
+	for (i = 0; i < 8; i++) {
+		int supported;
+
+		/* A5/n permitted by osmo-msc.cfg? */
+		if (!(net->a5_encryption_mask & (1 << i)))
+			continue;
+
+		/* A5/n supported by MS? */
+		supported = gsm48_classmark_supports_a5(&conn->vsub->classmark, i);
+		if (supported == 1)
+			ei.perm_algo[j++] = vlr_ciph_to_gsm0808_alg_id(i);
+	}
+	ei.perm_algo_len = j;
+
+	if (alg_id == -1) {
+		if (ei.perm_algo_len > 0) {
+			/* Pick the best available algorithm. */
+			alg_id = ei.perm_algo[ei.perm_algo_len - 1] - 1;
+		} else
+			alg_id = VLR_CIPH_NONE;
+		LOGPCONN(conn, LOGL_NOTICE, "BSC didn't specify algorithm in CIHPER MODE COMPLETE; falling back to A5/%d\n", alg_id);
+	} else {
+		int chosen = -1;
+		for (j = 0; j < ei.perm_algo_len; j++) {
+			if (ei.perm_algo[j] == alg_id) {
+				chosen = j;
+				break;
+			}
+		}
+		if (chosen == -1) {
+			LOGPCONN(conn, LOGL_ERROR, "Unsupported encryption algorithm in CIHPER MODE COMPLETE: A5/%d\n", alg_id);
+			return -EINVAL;
+		}
 	}
 
 	if (TLVP_PRESENT(tp, GSM0808_IE_LAYER_3_MESSAGE_CONTENTS)) {
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index dc0476b..bfad853 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -122,7 +122,7 @@
  * Return 1 when the given A5/n is permitted, 0 when not, and negative if the respective MS CLASSMARK is
  * not known, where the negative number indicates the classmark type: -2 means Classmark 2 is not
  * available. */
-static int classmark_supports_a5(const struct gsm_classmark *cm, uint8_t a5)
+int gsm48_classmark_supports_a5(const struct gsm_classmark *cm, uint8_t a5)
 {
 	switch (a5) {
 	case 0:
@@ -1618,7 +1618,7 @@
 			continue;
 
 		/* A5/n supported by MS? */
-		supported = classmark_supports_a5(&conn->vsub->classmark, i);
+		supported = gsm48_classmark_supports_a5(&conn->vsub->classmark, i);
 		if (supported == 1) {
 			ei.perm_algo[j++] = vlr_ciph_to_gsm0808_alg_id(i);
 			/* A higher A5/n is supported, so no need to request a Classmark

-- 
To view, visit https://gerrit.osmocom.org/12349
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3260bee43cfe135ebfc33c13aee3c4ba43466c81
Gerrit-Change-Number: 12349
Gerrit-PatchSet: 1
Gerrit-Owner: Stefan Sperling <stsp at stsp.name>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181218/d71ab90e/attachment.htm>

More information about the gerrit-log mailing list