This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
neels gerrit-no-reply at lists.osmocom.orgneels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-msc/+/24764 ) Change subject: support A5/4 in Cipher Mode Command ...................................................................... support A5/4 in Cipher Mode Command Related: SYS#5324 Change-Id: I780a739b9bfbefd4f58be051794fe1a491823e67 --- M include/osmocom/msc/msc_common.h M src/libmsc/msc_a.c M src/libmsc/ran_msg_a.c 3 files changed, 35 insertions(+), 3 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/64/24764/1 diff --git a/include/osmocom/msc/msc_common.h b/include/osmocom/msc/msc_common.h index 8a43e69..e7ac559 100644 --- a/include/osmocom/msc/msc_common.h +++ b/include/osmocom/msc/msc_common.h @@ -32,6 +32,8 @@ uint8_t alg_id; uint8_t key_len; uint8_t key[MAX_A5_KEY_LEN]; + bool kc128_present; + uint8_t kc128[MAX_A5_KEY_LEN]; }; enum complete_layer3_type { diff --git a/src/libmsc/msc_a.c b/src/libmsc/msc_a.c index 05030d3..4c38c56 100644 --- a/src/libmsc/msc_a.c +++ b/src/libmsc/msc_a.c @@ -292,6 +292,14 @@ return msc_a_ran_enc_ciphering(msc_a, umts_aka, retrieve_imeisv); } +static uint8_t filter_a5(uint8_t a5_mask, bool umts_aka) +{ + /* With GSM AKA: allow A5/0, 1, 3 = 0b00001011 = 0xb. + * UMTS aka: allow A5/0, 1, 3, 4 = 0b00011011 = 0x1b. + */ + return a5_mask & (umts_aka ? 0x1b : 0x0b); +} + static int msc_a_ran_enc_ciphering(struct msc_a *msc_a, bool umts_aka, bool retrieve_imeisv) { struct gsm_network *net; @@ -321,7 +329,7 @@ .geran = { .umts_aka = umts_aka, .retrieve_imeisv = retrieve_imeisv, - .a5_encryption_mask = net->a5_encryption_mask, + .a5_encryption_mask = filter_a5(net->a5_encryption_mask, umts_aka), /* for ran_a.c to store the GERAN key that is actually used */ .chosen_key = &msc_a->geran_encr, diff --git a/src/libmsc/ran_msg_a.c b/src/libmsc/ran_msg_a.c index 61e5024..106c2df 100644 --- a/src/libmsc/ran_msg_a.c +++ b/src/libmsc/ran_msg_a.c @@ -25,6 +25,7 @@ #include <osmocom/core/byteswap.h> #include <osmocom/crypt/auth.h> +#include <osmocom/crypt/kdf.h> #include <osmocom/gsm/tlv.h> #include <osmocom/gsm/gsm0808.h> @@ -1019,6 +1020,9 @@ case 3: *dst = GSM0808_ALG_ID_A5_3; return 0; + case 4: + *dst = GSM0808_ALG_ID_A5_4; + return 0; default: return -ENOTSUP; } @@ -1078,21 +1082,39 @@ /* In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth * tokens. vec->kc was calculated from the GSM algorithm and is not * necessarily a match for the UMTS AKA tokens. */ - if (cm->geran.umts_aka) + if (cm->geran.umts_aka) { + int i; osmo_auth_c3(ei->key, cm->vec->ck, cm->vec->ik); - else + + for (i = 0; i < ei->perm_algo_len; i++) { + if (ei->perm_algo[i] != GSM0808_ALG_ID_A5_4) + continue; + /* A5/4 is included, so need to generate Kc128 */ + osmo_kdf_kc128(cm->vec->ck, cm->vec->ik, cmc.kc128); + cmc.kc128_present = true; + break; + } + } else { memcpy(ei->key, cm->vec->kc, sizeof(cm->vec->kc)); + } ei->key_len = sizeof(cm->vec->kc); /* Store chosen GERAN key where the caller asked it to be stored. * alg_id remains unknown until we receive a Cipher Mode Complete from the BSC */ if (cm->geran.chosen_key) { + *cm->geran.chosen_key = (struct geran_encr){0}; + if (ei->key_len > sizeof(cm->geran.chosen_key->key)) { LOG_RAN_A_ENC(fi, LOGL_ERROR, "Chosen key is larger than I can store\n"); return NULL; } memcpy(cm->geran.chosen_key->key, ei->key, ei->key_len); cm->geran.chosen_key->key_len = ei->key_len; + + if (cmc.kc128_present) { + memcpy(cm->geran.chosen_key->kc128, cmc.kc128, 16); + cm->geran.chosen_key->kc128_present = true; + } } LOG_RAN_A_ENC(fi, LOGL_DEBUG, "Tx BSSMAP CIPHER MODE COMMAND to BSC, %u ciphers (%s) key %s\n", -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/24764 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: I780a739b9bfbefd4f58be051794fe1a491823e67 Gerrit-Change-Number: 24764 Gerrit-PatchSet: 1 Gerrit-Owner: neels <nhofmeyr at sysmocom.de> Gerrit-MessageType: newchange -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210623/32738604/attachment.htm>