Change in osmo-bsc[master]: [WIP] a5/4 support

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Hoernchen gerrit-no-reply at lists.osmocom.org
Wed Jun 9 02:08:03 UTC 2021 

Hoernchen has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bsc/+/24635 )


Change subject: [WIP] a5/4 support
......................................................................

[WIP] a5/4 support

Change-Id: I7c458c8a7350f34ff79531b3c891e1b367614469
Related: SYS#5324
---
M include/osmocom/bsc/gsm_data.h
M src/osmo-bsc/abis_rsl.c
M src/osmo-bsc/handover_fsm.c
M src/osmo-bsc/osmo_bsc_bssap.c
4 files changed, 41 insertions(+), 3 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/35/24635/1

diff --git a/include/osmocom/bsc/gsm_data.h b/include/osmocom/bsc/gsm_data.h
index 2515d7e..cc0bbe5 100644
--- a/include/osmocom/bsc/gsm_data.h
+++ b/include/osmocom/bsc/gsm_data.h
@@ -234,6 +234,7 @@
 	struct gsm0808_channel_type ct;
 	struct gsm0808_speech_codec_list scl;
 	struct gsm0808_encrypt_info ei;
+    uint8_t kc128[16];
 	struct gsm_classmark classmark;
 	/* chosen_encr_alg reflects the encoded value as in RSL_ENC_ALG_A5(a5_numer):
 	 * chosen_encr_alg == 1 means A5/0 i.e. no encryption, chosen_encr_alg == 4 means A5/3.
@@ -544,6 +545,7 @@
 	uint8_t alg_id;
 	uint8_t key_len;
 	uint8_t key[MAX_A5_KEY_LEN];
+	uint8_t kc128[16];
 };
 
 #define LOGPLCHAN(lchan, ss, level, fmt, args...) \
diff --git a/src/osmo-bsc/abis_rsl.c b/src/osmo-bsc/abis_rsl.c
index 69052ee..3e3d92e 100644
--- a/src/osmo-bsc/abis_rsl.c
+++ b/src/osmo-bsc/abis_rsl.c
@@ -156,8 +156,11 @@
 static int build_encr_info(uint8_t *out, struct gsm_lchan *lchan)
 {
 	*out++ = lchan->encr.alg_id & 0xff;
-	if (lchan->encr.key_len)
+	if (lchan->encr.alg_id == GSM0808_ALG_ID_A5_4)
+		memcpy(out, lchan->encr.kc128, 16);
+	else if (lchan->encr.key_len)
 		memcpy(out, lchan->encr.key, lchan->encr.key_len);
+!!! only one key
 	return lchan->encr.key_len + 1;
 }
 
diff --git a/src/osmo-bsc/handover_fsm.c b/src/osmo-bsc/handover_fsm.c
index 8141a5d..e18504e 100644
--- a/src/osmo-bsc/handover_fsm.c
+++ b/src/osmo-bsc/handover_fsm.c
@@ -454,6 +454,8 @@
 	int payload_length;
 	bool aoip = gscon_is_aoip(conn);
 	bool sccplite = gscon_is_sccplite(conn);
+	bool has_a54 = false;
+	int i;
 
 	if ((aoip && sccplite) || !(aoip || sccplite)) {
 		LOG_HO(conn, LOGL_ERROR, "Received BSSMAP Handover Request, but conn is not"
@@ -485,6 +487,22 @@
 		return false;
 	}
 
+	for( i= 0; i < req->ei.perm_algo_len; i++) {
+		has_a54 = req->ei.perm_algo[i] == GSM0808_ALG_ID_A5_4;
+		if (has_a54)
+			break;
+	}
+
+	/* kc128 mandatory for a5/4 */
+	if (has_a54) {
+        if (!(e = TLVP_GET(tp, GSM0808_IE_KC_128)) || e->len != 16) {
+            LOG_HO(conn, LOGL_ERROR, "Missing kc128 IE\n");
+            return false;
+        }
+        memcpy(req->kc128, e->val, 16);
+    }
+
+
 	if ((e = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_TYPE_1))) {
 		if (e->len != sizeof(req->classmark.classmark1)) {
 			LOG_HO(conn, LOGL_ERROR, "Classmark Information 1 has wrong size\n");
@@ -513,9 +531,9 @@
 			       req->chosen_encr_alg);
 	}
 
-	LOG_HO(conn, LOGL_DEBUG, "Handover Request encryption info: chosen=A5/%u key=%s\n",
+	LOG_HO(conn, LOGL_DEBUG, "Handover Request encryption info: chosen=A5/%u key=%s kc128=%s\n",
 	       (req->chosen_encr_alg ? : 1) - 1, req->ei.key_len?
-	       osmo_hexdump_nospc(req->ei.key, req->ei.key_len) : "none");
+		   osmo_hexdump_nospc(req->ei.key, req->ei.key_len) : "none", has_a54 ? osmo_hexdump_nospc(req->kc128, 16) : "none");
 
 	if (TLVP_PRESENT(tp, GSM0808_IE_AOIP_TRASP_ADDR)) {
 		int rc;
@@ -718,6 +736,7 @@
 		}
 		memcpy(info.encr.key, req->ei.key, req->ei.key_len);
 		info.encr.key_len = req->ei.key_len;
+		memcpy(info.encr.kc128, req->kc128, 16);
 	}
 
 	if (req->last_eutran_plmn_valid) {
diff --git a/src/osmo-bsc/osmo_bsc_bssap.c b/src/osmo-bsc/osmo_bsc_bssap.c
index da0429b..1b7e537 100644
--- a/src/osmo-bsc/osmo_bsc_bssap.c
+++ b/src/osmo-bsc/osmo_bsc_bssap.c
@@ -542,6 +542,14 @@
 	 * a5_encryption == 2 --> 0x04 ... */
 	enc_bits_msc = data[0];
 
+
+    /* kc128 mandatory for a5/4 */
+	if (enc_bits_msc & 0xf0 && !TLVP_PRESENT(&tp, GSM0808_IE_KC_128)) {
+		LOGP(DMSC, LOGL_ERROR, "IE kc128 missing.\n");
+		reject_cause = GSM0808_CAUSE_INFORMATION_ELEMENT_OR_FIELD_MISSING;
+		goto reject;
+	}
+
 	/* The bit-mask of permitted ciphers from the MSC (sent in ASSIGNMENT COMMAND) is intersected
 	 * with the vty-configured mask a the BSC.  Finally, the best (highest) possible cipher is
 	 * chosen. */
@@ -553,6 +561,12 @@
 		goto reject;
 	}
 
+	if(chosen_cipher == 4) {
+		data = TLVP_VAL(&tp, GSM0808_IE_KC_128);
+		enc_key = &data[0];
+		enc_key_len = 16;
+	}
+
 	/* To complete the confusion, gsm0808_cipher_mode again expects the encryption as a number
 	 * from 0 to 7. */
 	if (gsm0808_cipher_mode(conn, chosen_cipher, enc_key, enc_key_len,

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-bsc/+/24635
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-bsc
Gerrit-Branch: master
Gerrit-Change-Id: I7c458c8a7350f34ff79531b3c891e1b367614469
Gerrit-Change-Number: 24635
Gerrit-PatchSet: 1
Gerrit-Owner: Hoernchen <ewild at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210609/b3b87107/attachment.htm>

More information about the gerrit-log mailing list