<p>Harald Welte <strong>merged</strong> this change.</p><p><a href="https://gerrit.osmocom.org/13248">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Harald Welte: Looks good to me, approved
Jenkins Builder: Verified
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">libvlr: Allow 2G auth tuples to be re-used without going through AUTH<br><br>If the key_seq we get in the first messages matches the last_tuple, then<br>both we and the MS already know the key to use and we don't need the<br>AUTH REQUEST/RESPONSE cycle.<br><br>Security wise ... not so good, and so IMHO the 'auth required' option<br>in the MSC should always be set. But this allows to turn on ciphering on<br>a channel without doing any MM transaction, and so the MS doesn't turn<br>on the T3240 timer which allows to have a ciphered silent-call channel<br>that won't timeout.<br><br>Change-Id: Ief840a2ae7a0ffd2bf0bf726f209a79e3f787646<br>Signed-off-by: Sylvain Munaut <tnt@246tNt.com><br>---<br>M include/osmocom/msc/vlr.h<br>M src/libmsc/gsm_04_08.c<br>M src/libvlr/vlr_access_req_fsm.c<br>M src/libvlr/vlr_auth_fsm.c<br>M src/libvlr/vlr_auth_fsm.h<br>M src/libvlr/vlr_lu_fsm.c<br>6 files changed, 40 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/osmocom/msc/vlr.h b/include/osmocom/msc/vlr.h</span><br><span>index 3529640..d2d59c7 100644</span><br><span>--- a/include/osmocom/msc/vlr.h</span><br><span>+++ b/include/osmocom/msc/vlr.h</span><br><span>@@ -303,6 +303,7 @@</span><br><span> const struct osmo_location_area_id *new_lai,</span><br><span> bool authentication_required,</span><br><span> bool ciphering_required,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t key_seq,</span><br><span> bool is_r99, bool is_utran,</span><br><span> bool assign_tmsi);</span><br><span> </span><br><span>@@ -446,6 +447,7 @@</span><br><span> const struct osmo_location_area_id *lai,</span><br><span> bool authentication_required,</span><br><span> bool ciphering_required,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t key_seq,</span><br><span> bool is_r99, bool is_utran);</span><br><span> </span><br><span> void vlr_parq_cancel(struct osmo_fsm_inst *fi,</span><br><span>diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c</span><br><span>index c6e5528..09744db 100644</span><br><span>--- a/src/libmsc/gsm_04_08.c</span><br><span>+++ b/src/libmsc/gsm_04_08.c</span><br><span>@@ -433,6 +433,7 @@</span><br><span> &old_lai, &new_lai,</span><br><span> is_utran || conn->network->authentication_required,</span><br><span> is_utran || conn->network->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ lu->key_seq,</span><br><span> classmark1_is_r99(&lu->classmark1),</span><br><span> is_utran,</span><br><span> net->vlr->cfg.assign_tmsi);</span><br><span>@@ -820,6 +821,7 @@</span><br><span> VLR_PR_ARQ_T_CM_SERV_REQ, mi-1, &lai,</span><br><span> is_utran || conn->network->authentication_required,</span><br><span> is_utran || conn->network->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ req->cipher_key_seq,</span><br><span> classmark2_is_r99(classmark2, classmark2_len),</span><br><span> is_utran);</span><br><span> </span><br><span>@@ -1178,6 +1180,8 @@</span><br><span> {</span><br><span> struct gsm_network *net = conn->network;</span><br><span> struct gsm48_hdr *gh = msgb_l3(msg);</span><br><span style="color: hsl(120, 100%, 40%);">+ struct gsm48_pag_resp *pr =</span><br><span style="color: hsl(120, 100%, 40%);">+ (struct gsm48_pag_resp *)gh->data;</span><br><span> uint8_t classmark2_len = gh->data[1];</span><br><span> uint8_t *classmark2 = gh->data+2;</span><br><span> uint8_t *mi_lv = classmark2 + classmark2_len;</span><br><span>@@ -1209,6 +1213,7 @@</span><br><span> VLR_PR_ARQ_T_PAGING_RESP, mi_lv, &lai,</span><br><span> is_utran || conn->network->authentication_required,</span><br><span> is_utran || conn->network->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ pr->key_seq,</span><br><span> classmark2_is_r99(classmark2, classmark2_len),</span><br><span> is_utran);</span><br><span> </span><br><span>diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c</span><br><span>index 3b40285..26db42c 100644</span><br><span>--- a/src/libvlr/vlr_access_req_fsm.c</span><br><span>+++ b/src/libvlr/vlr_access_req_fsm.c</span><br><span>@@ -67,6 +67,7 @@</span><br><span> struct osmo_location_area_id lai;</span><br><span> bool authentication_required;</span><br><span> bool ciphering_required;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t key_seq;</span><br><span> bool is_r99;</span><br><span> bool is_utran;</span><br><span> bool implicitly_accepted_parq_by_ciphering_cmd;</span><br><span>@@ -316,7 +317,8 @@</span><br><span> /* The cases where the authentication procedure should be used</span><br><span> * are defined in 3GPP TS 33.102 */</span><br><span> /* For now we use a default value passed in to vlr_lu_fsm(). */</span><br><span style="color: hsl(0, 100%, 40%);">- return par->authentication_required || par->ciphering_required;</span><br><span style="color: hsl(120, 100%, 40%);">+ return par->authentication_required ||</span><br><span style="color: hsl(120, 100%, 40%);">+ (par->ciphering_required && !auth_try_reuse_tuple(par->vsub, par->key_seq));</span><br><span> }</span><br><span> </span><br><span> /* after the IMSI is known */</span><br><span>@@ -528,6 +530,7 @@</span><br><span> .out_state_mask = S(PR_ARQ_S_DONE) |</span><br><span> S(PR_ARQ_S_WAIT_OBTAIN_IMSI) |</span><br><span> S(PR_ARQ_S_WAIT_AUTH) |</span><br><span style="color: hsl(120, 100%, 40%);">+ S(PR_ARQ_S_WAIT_CIPH) |</span><br><span> S(PR_ARQ_S_WAIT_UPD_LOC_CHILD) |</span><br><span> S(PR_ARQ_S_WAIT_SUB_PRES) |</span><br><span> S(PR_ARQ_S_WAIT_TRACE_SUB) |</span><br><span>@@ -540,6 +543,7 @@</span><br><span> .in_event_mask = S(PR_ARQ_E_ID_IMSI),</span><br><span> .out_state_mask = S(PR_ARQ_S_DONE) |</span><br><span> S(PR_ARQ_S_WAIT_AUTH) |</span><br><span style="color: hsl(120, 100%, 40%);">+ S(PR_ARQ_S_WAIT_CIPH) |</span><br><span> S(PR_ARQ_S_WAIT_UPD_LOC_CHILD) |</span><br><span> S(PR_ARQ_S_WAIT_SUB_PRES) |</span><br><span> S(PR_ARQ_S_WAIT_TRACE_SUB) |</span><br><span>@@ -637,6 +641,7 @@</span><br><span> const struct osmo_location_area_id *lai,</span><br><span> bool authentication_required,</span><br><span> bool ciphering_required,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t key_seq,</span><br><span> bool is_r99, bool is_utran)</span><br><span> {</span><br><span> struct osmo_fsm_inst *fi;</span><br><span>@@ -660,6 +665,7 @@</span><br><span> par->parent_event_data = parent_event_data;</span><br><span> par->authentication_required = authentication_required;</span><br><span> par->ciphering_required = ciphering_required;</span><br><span style="color: hsl(120, 100%, 40%);">+ par->key_seq = key_seq;</span><br><span> par->is_r99 = is_r99;</span><br><span> par->is_utran = is_utran;</span><br><span> </span><br><span>diff --git a/src/libvlr/vlr_auth_fsm.c b/src/libvlr/vlr_auth_fsm.c</span><br><span>index ccf3660..6026510 100644</span><br><span>--- a/src/libvlr/vlr_auth_fsm.c</span><br><span>+++ b/src/libvlr/vlr_auth_fsm.c</span><br><span>@@ -629,3 +629,18 @@</span><br><span> </span><br><span> return fi;</span><br><span> }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+bool auth_try_reuse_tuple(struct vlr_subscr *vsub, uint8_t key_seq)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ int max_reuse_count = vsub->vlr->cfg.auth_tuple_max_reuse_count;</span><br><span style="color: hsl(120, 100%, 40%);">+ struct vlr_auth_tuple *at = vsub->last_tuple;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!at)</span><br><span style="color: hsl(120, 100%, 40%);">+ return false;</span><br><span style="color: hsl(120, 100%, 40%);">+ if ((max_reuse_count >= 0) && (at->use_count > max_reuse_count))</span><br><span style="color: hsl(120, 100%, 40%);">+ return false;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (at->key_seq != key_seq)</span><br><span style="color: hsl(120, 100%, 40%);">+ return false;</span><br><span style="color: hsl(120, 100%, 40%);">+ at->use_count++;</span><br><span style="color: hsl(120, 100%, 40%);">+ return true;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span>diff --git a/src/libvlr/vlr_auth_fsm.h b/src/libvlr/vlr_auth_fsm.h</span><br><span>index 618462f..1f2cb49 100644</span><br><span>--- a/src/libvlr/vlr_auth_fsm.h</span><br><span>+++ b/src/libvlr/vlr_auth_fsm.h</span><br><span>@@ -35,3 +35,5 @@</span><br><span> uint32_t parent_term_event,</span><br><span> bool is_r99,</span><br><span> bool is_utran);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+bool auth_try_reuse_tuple(struct vlr_subscr *vsub, uint8_t key_seq);</span><br><span>diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c</span><br><span>index 8152d20..7ddf455 100644</span><br><span>--- a/src/libvlr/vlr_lu_fsm.c</span><br><span>+++ b/src/libvlr/vlr_lu_fsm.c</span><br><span>@@ -685,6 +685,7 @@</span><br><span> struct osmo_location_area_id new_lai;</span><br><span> bool authentication_required;</span><br><span> bool ciphering_required;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t key_seq;</span><br><span> bool is_r99;</span><br><span> bool is_utran;</span><br><span> bool assign_tmsi;</span><br><span>@@ -705,7 +706,8 @@</span><br><span> /* The cases where the authentication procedure should be used</span><br><span> * are defined in 3GPP TS 33.102 */</span><br><span> /* For now we use a default value passed in to vlr_lu_fsm(). */</span><br><span style="color: hsl(0, 100%, 40%);">- return lfp->authentication_required || lfp->ciphering_required;</span><br><span style="color: hsl(120, 100%, 40%);">+ return lfp->authentication_required ||</span><br><span style="color: hsl(120, 100%, 40%);">+ (lfp->ciphering_required && !auth_try_reuse_tuple(lfp->vsub, lfp->key_seq));</span><br><span> }</span><br><span> </span><br><span> /* Determine if ciphering is required */</span><br><span>@@ -1316,6 +1318,7 @@</span><br><span> S(VLR_ULA_S_WAIT_PVLR) |</span><br><span> S(VLR_ULA_S_WAIT_IMSI) |</span><br><span> S(VLR_ULA_S_WAIT_AUTH) |</span><br><span style="color: hsl(120, 100%, 40%);">+ S(VLR_ULA_S_WAIT_CIPH) |</span><br><span> S(VLR_ULA_S_WAIT_HLR_UPD) |</span><br><span> S(VLR_ULA_S_DONE),</span><br><span> .name = OSMO_STRINGIFY(VLR_ULA_S_IDLE),</span><br><span>@@ -1326,6 +1329,7 @@</span><br><span> .out_state_mask = S(VLR_ULA_S_WAIT_PVLR) |</span><br><span> S(VLR_ULA_S_WAIT_IMSI) |</span><br><span> S(VLR_ULA_S_WAIT_AUTH) |</span><br><span style="color: hsl(120, 100%, 40%);">+ S(VLR_ULA_S_WAIT_CIPH) |</span><br><span> S(VLR_ULA_S_WAIT_HLR_UPD) |</span><br><span> S(VLR_ULA_S_DONE),</span><br><span> .name = OSMO_STRINGIFY(VLR_ULA_S_WAIT_IMEISV),</span><br><span>@@ -1336,6 +1340,7 @@</span><br><span> S(VLR_ULA_E_SEND_ID_NACK),</span><br><span> .out_state_mask = S(VLR_ULA_S_WAIT_IMSI) |</span><br><span> S(VLR_ULA_S_WAIT_AUTH) |</span><br><span style="color: hsl(120, 100%, 40%);">+ S(VLR_ULA_S_WAIT_CIPH) |</span><br><span> S(VLR_ULA_S_DONE),</span><br><span> .name = OSMO_STRINGIFY(VLR_ULA_S_WAIT_PVLR),</span><br><span> .action = lu_fsm_wait_pvlr,</span><br><span>@@ -1360,6 +1365,7 @@</span><br><span> [VLR_ULA_S_WAIT_IMSI] = {</span><br><span> .in_event_mask = S(VLR_ULA_E_ID_IMSI),</span><br><span> .out_state_mask = S(VLR_ULA_S_WAIT_AUTH) |</span><br><span style="color: hsl(120, 100%, 40%);">+ S(VLR_ULA_S_WAIT_CIPH) |</span><br><span> S(VLR_ULA_S_WAIT_HLR_UPD) |</span><br><span> S(VLR_ULA_S_DONE),</span><br><span> .name = OSMO_STRINGIFY(VLR_ULA_S_WAIT_IMSI),</span><br><span>@@ -1439,6 +1445,7 @@</span><br><span> const struct osmo_location_area_id *new_lai,</span><br><span> bool authentication_required,</span><br><span> bool ciphering_required,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t key_seq,</span><br><span> bool is_r99, bool is_utran,</span><br><span> bool assign_tmsi)</span><br><span> {</span><br><span>@@ -1462,6 +1469,7 @@</span><br><span> lfp->parent_event_data = parent_event_data;</span><br><span> lfp->authentication_required = authentication_required;</span><br><span> lfp->ciphering_required = ciphering_required;</span><br><span style="color: hsl(120, 100%, 40%);">+ lfp->key_seq = key_seq;</span><br><span> lfp->is_r99 = is_r99;</span><br><span> lfp->is_utran = is_utran;</span><br><span> lfp->assign_tmsi = assign_tmsi;</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/13248">change 13248</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/13248"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-msc </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: merged </div>
<div style="display:none"> Gerrit-Change-Id: Ief840a2ae7a0ffd2bf0bf726f209a79e3f787646 </div>
<div style="display:none"> Gerrit-Change-Number: 13248 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: tnt <tnt@246tNt.com> </div>
<div style="display:none"> Gerrit-Reviewer: Harald Welte <laforge@gnumonks.org> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder (1000002) </div>
<div style="display:none"> Gerrit-Reviewer: tnt <tnt@246tNt.com> </div>
<div style="display:none"> Gerrit-CC: Neels Hofmeyr <nhofmeyr@sysmocom.de> </div>