This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Max gerrit-no-reply at lists.osmocom.orgHello Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/464 to look at the new patch set (#2). SGSN: use unique AUTH REQ reference The A&C reference number specified in 3GPP TS 24.008 § 10.5.5.19 identifies particular request sent by network with the related response sent by MS. The value transparently copied from request to response by MS: the spec do not specify what exactly should be in there - use rand() to decrease chance for collisions. Change-Id: I3638821a9b4a0532b28dbbb50faa30c4082579f6 Related: OS#1582 --- M openbsc/include/openbsc/gprs_sgsn.h M openbsc/src/gprs/gprs_gmm.c M openbsc/src/gprs/sgsn_main.c 3 files changed, 17 insertions(+), 7 deletions(-) git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/64/464/2 diff --git a/openbsc/include/openbsc/gprs_sgsn.h b/openbsc/include/openbsc/gprs_sgsn.h index 0e574d8..3f91fb6 100644 --- a/openbsc/include/openbsc/gprs_sgsn.h +++ b/openbsc/include/openbsc/gprs_sgsn.h @@ -158,6 +158,7 @@ /* Iu: CK, IK, KSI */ /* CKSN */ enum gprs_ciph_algo ciph_algo; + uint8_t auth_ref; struct { uint8_t len; diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c index 5db69dd..2ffd001 100644 --- a/openbsc/src/gprs/gprs_gmm.c +++ b/openbsc/src/gprs/gprs_gmm.c @@ -417,7 +417,7 @@ } /* Section 9.4.9: Authentication and Ciphering Request */ -static int gsm48_tx_gmm_auth_ciph_req(struct sgsn_mm_ctx *mm, uint8_t *rand, +static int gsm48_tx_gmm_auth_ciph_req(struct sgsn_mm_ctx *mm, uint8_t *rnd, uint8_t key_seq, uint8_t algo) { struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 AUTH CIPH REQ"); @@ -426,7 +426,7 @@ uint8_t *m_rand, *m_cksn; LOGMMCTXP(LOGL_INFO, mm, "<- GPRS AUTH AND CIPHERING REQ (rand = %s)\n", - osmo_hexdump(rand, 16)); + osmo_hexdump(rnd, 16)); mmctx2msgid(msg, mm); @@ -438,13 +438,15 @@ acreq->ciph_alg = algo & 0xf; acreq->imeisv_req = 0x1; acreq->force_stby = 0x0; - acreq->ac_ref_nr = 0x0; /* FIXME: increment this? */ + /* 3GPP TS 24.008 § 10.5.5.19: */ + acreq->ac_ref_nr = rand(); + mm->auth_ref = acreq->ac_ref_nr; /* Only if authentication is requested we need to set RAND + CKSN */ - if (rand) { + if (rnd) { m_rand = msgb_put(msg, 16+1); m_rand[0] = GSM48_IE_GMM_AUTH_RAND; - memcpy(m_rand+1, rand, 16); + memcpy(m_rand + 1, rnd, 16); m_cksn = msgb_put(msg, 1); m_cksn[0] = (GSM48_IE_GMM_CIPH_CKSN << 4) | (key_seq & 0x07); @@ -490,13 +492,18 @@ return 0; } + if (acr->ac_ref_nr != ctx->auth_ref) { + LOGMMCTXP(LOGL_NOTICE, ctx, "Reference mismatch for Auth & Ciph" + " Response: %u received, %u expected\n", + acr->ac_ref_nr, ctx->auth_ref); + return 0; + } + /* Stop T3360 */ mmctx_timer_stop(ctx, 3360); tlv_parse(&tp, &gsm48_gmm_att_tlvdef, acr->data, (msg->data + msg->len) - acr->data, 0, 0); - - /* FIXME: compare ac_ref? */ if (!TLVP_PRESENT(&tp, GSM48_IE_GMM_AUTH_SRES) || !TLVP_PRESENT(&tp, GSM48_IE_GMM_IMEISV)) { diff --git a/openbsc/src/gprs/sgsn_main.c b/openbsc/src/gprs/sgsn_main.c index c852840..4475136 100644 --- a/openbsc/src/gprs/sgsn_main.c +++ b/openbsc/src/gprs/sgsn_main.c @@ -21,6 +21,7 @@ #include <unistd.h> #include <stdio.h> +#include <time.h> #include <stdlib.h> #include <string.h> #include <getopt.h> @@ -306,6 +307,7 @@ struct gsm_network dummy_network; int rc; + srand(time(NULL)); tall_bsc_ctx = talloc_named_const(NULL, 0, "osmo_sgsn"); tall_msgb_ctx = talloc_named_const(tall_bsc_ctx, 0, "msgb"); -- To view, visit https://gerrit.osmocom.org/464 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: I3638821a9b4a0532b28dbbb50faa30c4082579f6 Gerrit-PatchSet: 2 Gerrit-Project: openbsc Gerrit-Branch: master Gerrit-Owner: Max <msuraev at sysmocom.de> Gerrit-Reviewer: Jenkins Builder