[PATCH] openbsc[master]: SGSN: use unique AUTH REQ reference

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Max gerrit-no-reply at lists.osmocom.org
Thu Jul 7 13:25:35 UTC 2016 

Hello Harald Welte, Jenkins Builder,

I'd like you to reexamine a change.  Please visit

    https://gerrit.osmocom.org/464

to look at the new patch set (#8).

SGSN: use unique AUTH REQ reference

The A&C reference number specified in 3GPP TS 24.008 § 10.5.5.19
identifies particular request sent by network with the related response
sent by MS. The value transparently copied from request to response by
MS: the spec do not specify what exactly should be in there so we use
rand() to decrease chance for collisions.

Related: OS#1582
Change-Id: I3638821a9b4a0532b28dbbb50faa30c4082579f6
---
M openbsc/include/openbsc/gprs_sgsn.h
M openbsc/src/gprs/gprs_gmm.c
M openbsc/src/gprs/sgsn_main.c
M openbsc/tests/sgsn/sgsn_test.c
4 files changed, 20 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/64/464/8

diff --git a/openbsc/include/openbsc/gprs_sgsn.h b/openbsc/include/openbsc/gprs_sgsn.h
index 0e574d8..3f91fb6 100644
--- a/openbsc/include/openbsc/gprs_sgsn.h
+++ b/openbsc/include/openbsc/gprs_sgsn.h
@@ -158,6 +158,7 @@
 	/* Iu: CK, IK, KSI */
 	/* CKSN */
 	enum gprs_ciph_algo	ciph_algo;
+	uint8_t auth_ref;
 
 	struct {
 		uint8_t	len;
diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c
index 5db69dd..2ffd001 100644
--- a/openbsc/src/gprs/gprs_gmm.c
+++ b/openbsc/src/gprs/gprs_gmm.c
@@ -417,7 +417,7 @@
 }
 
 /* Section 9.4.9: Authentication and Ciphering Request */
-static int gsm48_tx_gmm_auth_ciph_req(struct sgsn_mm_ctx *mm, uint8_t *rand,
+static int gsm48_tx_gmm_auth_ciph_req(struct sgsn_mm_ctx *mm, uint8_t *rnd,
 				      uint8_t key_seq, uint8_t algo)
 {
 	struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 AUTH CIPH REQ");
@@ -426,7 +426,7 @@
 	uint8_t *m_rand, *m_cksn;
 
 	LOGMMCTXP(LOGL_INFO, mm, "<- GPRS AUTH AND CIPHERING REQ (rand = %s)\n",
-		osmo_hexdump(rand, 16));
+		osmo_hexdump(rnd, 16));
 
 	mmctx2msgid(msg, mm);
 
@@ -438,13 +438,15 @@
 	acreq->ciph_alg = algo & 0xf;
 	acreq->imeisv_req = 0x1;
 	acreq->force_stby = 0x0;
-	acreq->ac_ref_nr = 0x0;	/* FIXME: increment this? */
+	/* 3GPP TS 24.008 § 10.5.5.19: */
+	acreq->ac_ref_nr = rand();
+	mm->auth_ref = acreq->ac_ref_nr;
 
 	/* Only if authentication is requested we need to set RAND + CKSN */
-	if (rand) {
+	if (rnd) {
 		m_rand = msgb_put(msg, 16+1);
 		m_rand[0] = GSM48_IE_GMM_AUTH_RAND;
-		memcpy(m_rand+1, rand, 16);
+		memcpy(m_rand + 1, rnd, 16);
 
 		m_cksn = msgb_put(msg, 1);
 		m_cksn[0] = (GSM48_IE_GMM_CIPH_CKSN << 4) | (key_seq & 0x07);
@@ -490,13 +492,18 @@
 		return 0;
 	}
 
+	if (acr->ac_ref_nr != ctx->auth_ref) {
+		LOGMMCTXP(LOGL_NOTICE, ctx, "Reference mismatch for Auth & Ciph"
+			  " Response: %u received, %u expected\n",
+			  acr->ac_ref_nr, ctx->auth_ref);
+		return 0;
+	}
+
 	/* Stop T3360 */
 	mmctx_timer_stop(ctx, 3360);
 
 	tlv_parse(&tp, &gsm48_gmm_att_tlvdef, acr->data,
 			(msg->data + msg->len) - acr->data, 0, 0);
-
-	/* FIXME: compare ac_ref? */
 
 	if (!TLVP_PRESENT(&tp, GSM48_IE_GMM_AUTH_SRES) ||
 	    !TLVP_PRESENT(&tp, GSM48_IE_GMM_IMEISV)) {
diff --git a/openbsc/src/gprs/sgsn_main.c b/openbsc/src/gprs/sgsn_main.c
index c852840..4475136 100644
--- a/openbsc/src/gprs/sgsn_main.c
+++ b/openbsc/src/gprs/sgsn_main.c
@@ -21,6 +21,7 @@
 
 #include <unistd.h>
 #include <stdio.h>
+#include <time.h>
 #include <stdlib.h>
 #include <string.h>
 #include <getopt.h>
@@ -306,6 +307,7 @@
 	struct gsm_network dummy_network;
 	int rc;
 
+	srand(time(NULL));
 	tall_bsc_ctx = talloc_named_const(NULL, 0, "osmo_sgsn");
 	tall_msgb_ctx = talloc_named_const(tall_bsc_ctx, 0, "msgb");
 
diff --git a/openbsc/tests/sgsn/sgsn_test.c b/openbsc/tests/sgsn/sgsn_test.c
index d568807..59e422c 100644
--- a/openbsc/tests/sgsn/sgsn_test.c
+++ b/openbsc/tests/sgsn/sgsn_test.c
@@ -906,6 +906,8 @@
 	uint32_t local_tlli = 0;
 	struct gprs_llc_lle *lle;
 
+	/* make results of A&C ref predictable */
+	srand(666);
 	/* DTAP - Attach Request */
 	/* The P-TMSI is not known by the SGSN */
 	static const unsigned char attach_req[] = {
@@ -930,7 +932,7 @@
 
 	/* DTAP - Authentication and Ciphering Resp */
 	static const unsigned char auth_ciph_resp[] = {
-		0x08, 0x13, 0x00, 0x22, 0x51, 0xe5, 0x51, 0xe5, 0x23, 0x09,
+		0x08, 0x13, 0x09, 0x22, 0x51, 0xe5, 0x51, 0xe5, 0x23, 0x09,
 		0x9a, 0x78, 0x56, 0x34, 0x12, 0x90, 0x78, 0x56, 0x01
 	};
 

-- 
To view, visit https://gerrit.osmocom.org/464
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I3638821a9b4a0532b28dbbb50faa30c4082579f6
Gerrit-PatchSet: 8
Gerrit-Project: openbsc
Gerrit-Branch: master
Gerrit-Owner: Max <msuraev at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder

More information about the gerrit-log mailing list