Hi everyone,
I've just pushed a branch sylvain/encryption on the OpenBSC git that contains my current patches to support encryption. Even if you don't have programmable SIMs, test it still works :) If a subscriber doesn't have a Ki set in the HLR or encryption isn't enabled in the config, the executed code path should be the exact same as before.
It uses COMP128 as a3/a8 so you can use common programmable SIMs. Currently a secure channel is established for - LOCATION UPDATEs - CM SERVICE REQUEST. Support for PAGING RESPONSE is a little trickier and I haven't looked deeply into it.
To enable :
- Either recreate your HLR sqlite3, or update it like this (do a backup before hand !) :
bash# sqlite3 hlr.sqlite3 sqlite> ALTER TABLE Subscriber ADD COLUMN ki BLOB; sqlite> UPDATE Meta SET value = '3' WHERE key='revision';
- Add a "a5 encryption 1" line to your openbsc.cfg to enable encryption using A5/1
- Set the Ki of the subscriber. Using the vty interface is the simplest : bash# telnet 127.0.0.1 4242 openbsc> enable openbsc# conf t openbsc# subscriber YOURIMSI openbsc# ki 0123456789abcdef0123456789abcdef
Sylvain