<p>lynxis lazus <strong>merged</strong> this change.</p><p><a href="https://gerrit.osmocom.org/11150">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins Builder: Verified
Harald Welte: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">gprs_gmm: Fix missing Security Command for 3G when attaching<br><br>Introduce a new FSM step in GMM Attach to send the<br>Security Command to the RNC after completing the<br>Authentication.<br><br>Fixes: f7198d7dbb84 ("gprs_gmm: introduce a GMM Attach Request FSM")<br>Change-Id: I1e12b0a32e58c6f78dba7b548f7d7016567229db<br>---<br>M include/osmocom/sgsn/gprs_gmm_attach.h<br>M src/gprs/gprs_gmm.c<br>M src/gprs/gprs_gmm_attach.c<br>3 files changed, 44 insertions(+), 3 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/osmocom/sgsn/gprs_gmm_attach.h b/include/osmocom/sgsn/gprs_gmm_attach.h</span><br><span>index 22fbd6f..0aa2123 100644</span><br><span>--- a/include/osmocom/sgsn/gprs_gmm_attach.h</span><br><span>+++ b/include/osmocom/sgsn/gprs_gmm_attach.h</span><br><span>@@ -11,6 +11,7 @@</span><br><span> ST_RETRIEVE_AUTH,</span><br><span> ST_AUTH,</span><br><span> ST_ASK_VLR,</span><br><span style="color: hsl(120, 100%, 40%);">+ ST_IU_SECURITY_CMD,</span><br><span> ST_ACCEPT,</span><br><span> ST_REJECT</span><br><span> };</span><br><span>@@ -20,6 +21,7 @@</span><br><span> E_IDEN_RESP_RECV,</span><br><span> E_AUTH_RESP_RECV_SUCCESS,</span><br><span> E_AUTH_RESP_RECV_RESYNC,</span><br><span style="color: hsl(120, 100%, 40%);">+ E_IU_SECURITY_CMD_COMPLETE,</span><br><span> E_ATTACH_ACCEPTED,</span><br><span> E_ATTACH_ACCEPT_SENT,</span><br><span> E_ATTACH_COMPLETE_RECV,</span><br><span>diff --git a/src/gprs/gprs_gmm.c b/src/gprs/gprs_gmm.c</span><br><span>index a86fe2b..a0221ea 100644</span><br><span>--- a/src/gprs/gprs_gmm.c</span><br><span>+++ b/src/gprs/gprs_gmm.c</span><br><span>@@ -205,7 +205,7 @@</span><br><span> REQUIRE_MM</span><br><span> /* Continue authentication here */</span><br><span> mm->iu.ue_ctx->integrity_active = 1;</span><br><span style="color: hsl(0, 100%, 40%);">- rc = gsm48_gmm_authorize(mm);</span><br><span style="color: hsl(120, 100%, 40%);">+ osmo_fsm_inst_dispatch(mm->gmm_att_req.fsm, E_IU_SECURITY_CMD_COMPLETE, NULL);</span><br><span> break;</span><br><span> default:</span><br><span> LOGP(DRANAP, LOGL_NOTICE, "Unknown event received: %i\n", type);</span><br><span>diff --git a/src/gprs/gprs_gmm_attach.c b/src/gprs/gprs_gmm_attach.c</span><br><span>index 272fec7..60c4398 100644</span><br><span>--- a/src/gprs/gprs_gmm_attach.c</span><br><span>+++ b/src/gprs/gprs_gmm_attach.c</span><br><span>@@ -157,7 +157,12 @@</span><br><span> switch (event) {</span><br><span> case E_AUTH_RESP_RECV_SUCCESS:</span><br><span> sgsn_auth_request(ctx);</span><br><span style="color: hsl(0, 100%, 40%);">- osmo_fsm_inst_state_chg(fi, ST_ACCEPT, sgsn->cfg.timers.T3350, 3350);</span><br><span style="color: hsl(120, 100%, 40%);">+#ifdef BUILD_IU</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ctx->ran_type == MM_CTX_T_UTRAN_Iu && !ctx->iu.ue_ctx->integrity_active)</span><br><span style="color: hsl(120, 100%, 40%);">+ osmo_fsm_inst_state_chg(fi, ST_IU_SECURITY_CMD, sgsn->cfg.timers.T3350, 3350);</span><br><span style="color: hsl(120, 100%, 40%);">+ else</span><br><span style="color: hsl(120, 100%, 40%);">+#endif /* BUILD_IU */</span><br><span style="color: hsl(120, 100%, 40%);">+ osmo_fsm_inst_state_chg(fi, ST_ACCEPT, sgsn->cfg.timers.T3350, 3350);</span><br><span> break;</span><br><span> case E_AUTH_RESP_RECV_RESYNC:</span><br><span> if (ctx->gmm_att_req.auth_reattempt <= 1)</span><br><span>@@ -228,6 +233,32 @@</span><br><span> }</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+static void st_iu_security_cmd_on_enter(struct osmo_fsm_inst *fi, uint32_t prev_state)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+#ifdef BUILD_IU</span><br><span style="color: hsl(120, 100%, 40%);">+ struct sgsn_mm_ctx *ctx = fi->priv;</span><br><span style="color: hsl(120, 100%, 40%);">+ int rc = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* TODO: shouldn't this set always? not only when the integrity_active? */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (ctx->iu.ue_ctx->integrity_active) {</span><br><span style="color: hsl(120, 100%, 40%);">+ osmo_fsm_inst_state_chg(fi, ST_ACCEPT, sgsn->cfg.timers.T3350, 3350);</span><br><span style="color: hsl(120, 100%, 40%);">+ return;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ranap_iu_tx_sec_mode_cmd(ctx->iu.ue_ctx, &ctx->auth_triplet.vec, 0, ctx->iu.new_key);</span><br><span style="color: hsl(120, 100%, 40%);">+ ctx->iu.new_key = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+#endif</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+static void st_iu_security_cmd(struct osmo_fsm_inst *fi, uint32_t event, void *data)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ switch(event) {</span><br><span style="color: hsl(120, 100%, 40%);">+ case E_IU_SECURITY_CMD_COMPLETE:</span><br><span style="color: hsl(120, 100%, 40%);">+ osmo_fsm_inst_state_chg(fi, ST_ACCEPT, sgsn->cfg.timers.T3350, 3350);</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> static struct osmo_fsm_state gmm_attach_req_fsm_states[] = {</span><br><span> /* default state for non-DTX and DTX when SPEECH is in progress */</span><br><span> [ST_INIT] = {</span><br><span>@@ -252,11 +283,18 @@</span><br><span> },</span><br><span> [ST_AUTH] = {</span><br><span> .in_event_mask = X(E_AUTH_RESP_RECV_SUCCESS) | X(E_AUTH_RESP_RECV_RESYNC),</span><br><span style="color: hsl(0, 100%, 40%);">- .out_state_mask = X(ST_INIT) | X(ST_AUTH) | X(ST_ACCEPT) | X(ST_ASK_VLR) | X(ST_REJECT),</span><br><span style="color: hsl(120, 100%, 40%);">+ .out_state_mask = X(ST_INIT) | X(ST_AUTH) | X(ST_IU_SECURITY_CMD) | X(ST_ACCEPT) | X(ST_ASK_VLR) | X(ST_REJECT),</span><br><span> .name = "Authenticate",</span><br><span> .onenter = st_auth_on_enter,</span><br><span> .action = st_auth,</span><br><span> },</span><br><span style="color: hsl(120, 100%, 40%);">+ [ST_IU_SECURITY_CMD] = {</span><br><span style="color: hsl(120, 100%, 40%);">+ .in_event_mask = X(E_IU_SECURITY_CMD_COMPLETE),</span><br><span style="color: hsl(120, 100%, 40%);">+ .out_state_mask = X(ST_INIT) | X(ST_AUTH) | X(ST_ACCEPT) | X(ST_REJECT),</span><br><span style="color: hsl(120, 100%, 40%);">+ .name = "IuSecurityCommand",</span><br><span style="color: hsl(120, 100%, 40%);">+ .onenter = st_iu_security_cmd_on_enter,</span><br><span style="color: hsl(120, 100%, 40%);">+ .action = st_iu_security_cmd,</span><br><span style="color: hsl(120, 100%, 40%);">+ },</span><br><span> [ST_ACCEPT] = {</span><br><span> .in_event_mask = X(E_ATTACH_COMPLETE_RECV),</span><br><span> .out_state_mask = X(ST_INIT) | X(ST_REJECT),</span><br><span>@@ -280,6 +318,7 @@</span><br><span> { E_ATTACH_ACCEPTED, "Attach accepted" },</span><br><span> { E_ATTACH_ACCEPT_SENT, "Attach accept sent" },</span><br><span> { E_ATTACH_COMPLETE_RECV, "Attach complete received." },</span><br><span style="color: hsl(120, 100%, 40%);">+ { E_IU_SECURITY_CMD_COMPLETE, "IU Security Command Complete received." },</span><br><span> { E_REJECT, "Reject the MS"},</span><br><span> { E_VLR_ANSWERED, "VLR answered"},</span><br><span> { 0, NULL }</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/11150">change 11150</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/11150"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-sgsn </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: I1e12b0a32e58c6f78dba7b548f7d7016567229db </div>
<div style="display:none"> Gerrit-Change-Number: 11150 </div>
<div style="display:none"> Gerrit-PatchSet: 3 </div>
<div style="display:none"> Gerrit-Owner: lynxis lazus <lynxis@fe80.eu> </div>
<div style="display:none"> Gerrit-Reviewer: Harald Welte <laforge@gnumonks.org> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder (1000002) </div>
<div style="display:none"> Gerrit-Reviewer: lynxis lazus <lynxis@fe80.eu> </div>