neels has uploaded a new patch set (#2). ( https://gerrit.osmocom.org/c/osmo-bsc/+/27249 ) Change subject: fix inter-BSC-in handover encryption ...................................................................... fix inter-BSC-in handover encryption In the field we saw Handover Requests without any Chosen Encryption Algorithm IE, and osmo-bsc completely failed on those. This made me understand my mistake from when I wrote this handover code. So far, from a BSSMAP Handover Request, we (I) used only the Chosen Encryption Algorithm IE to pick the encryption to use on the target lchan. That is very wrong. Instead, figure out the intersection of permitted algorithms MSC & BSC, and pick the best of those. Which means, actually, completely ignore the Chosen Encryption Algorithm IE. In the message, the permitted algorithms are passed as a bitmask. The current code using gsm0808_dec_encrypt_info() passes this on as an array. In order to select_best_cipher(), I could convert that array back to a bitmask. Instead pass the bitmask on from message decoding alongside the struct gsm0808_encrypt_info in req->ei_as_bitmask. Related: SYS#5839 Change-Id: Iffedc981b60d309ed2e5decd5efedee07a757b53 --- M include/osmocom/bsc/gsm_data.h M src/osmo-bsc/handover_fsm.c M src/osmo-bsc/osmo_bsc_bssap.c 3 files changed, 25 insertions(+), 7 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/49/27249/2 -- To view, visit https://gerrit.osmocom.org/c/osmo-bsc/+/27249 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-bsc Gerrit-Branch: master Gerrit-Change-Id: Iffedc981b60d309ed2e5decd5efedee07a757b53 Gerrit-Change-Number: 27249 Gerrit-PatchSet: 2 Gerrit-Owner: neels <nhofmeyr(a)sysmocom.de> Gerrit-CC: Jenkins Builder Gerrit-MessageType: newpatchset