This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHarald Welte has submitted this change and it was merged. Change subject: cosmetic prep: tell vlr_ops.set_ciph_mode() whether UMTS AKA is used ...................................................................... cosmetic prep: tell vlr_ops.set_ciph_mode() whether UMTS AKA is used In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth tokens. tuple->vec.kc was calculated from the GSM algorithm and is not necessarily a match for the UMTS AKA tokens. To decide (in an upcoming patch) whether to use UMTS AKA derived Kc or the Kc from the auth vector, the set_ciph_mode() from vlr_ops needs to know whether UMTS AKA is being used. This could possibly derived from the msc_conn_ref, but all flags are already available in the vlr_lu_fsm and vlr_access_req_fsm. Hence add a umts_aka flag to the set_ciph_mode() callback invocation. The VLR FSMs thus decide whether UMTS AKA or GSM AKA is to be used during Ciphering Mode Command, which makes more sense than re-implementing the same decision process in the MSC. I considered placing the Kc derivation in vlr_set_ciph_mode() and only tell the MSC's set_ciph_mode() implementation the precise keys it should use, but the RAN particulars, and whether a Kc is used at all, rather belong with the MSC. Related: OS#2745 Prepares: If04e405426c55a81341747a9b450a69188525d5c Change-Id: I983c48347faf4ee1b405d8174b4e006c904157cf --- M include/osmocom/msc/vlr.h M src/libmsc/gsm_04_08.c M src/libvlr/vlr.c M src/libvlr/vlr_access_req_fsm.c M src/libvlr/vlr_lu_fsm.c M tests/msc_vlr/msc_vlr_tests.c 6 files changed, 14 insertions(+), 2 deletions(-) Approvals: Harald Welte: Looks good to me, approved Jenkins Builder: Verified diff --git a/include/osmocom/msc/vlr.h b/include/osmocom/msc/vlr.h index df7d354..b625608 100644 --- a/include/osmocom/msc/vlr.h +++ b/include/osmocom/msc/vlr.h @@ -207,7 +207,7 @@ int (*tx_cm_serv_rej)(void *msc_conn_ref, enum vlr_proc_arq_result result); int (*set_ciph_mode)(void *msc_conn_ref, enum vlr_ciph ciph_mode, - bool retrieve_imeisv); + bool umts_aka, bool retrieve_imeisv); /* UTRAN: send Common Id (when auth+ciph are complete) */ int (*tx_common_id)(void *msc_conn_ref); @@ -433,6 +433,7 @@ struct osmo_fsm_inst *fi, void *msc_conn_ref, enum vlr_ciph ciph_mode, + bool umts_aka, bool retrieve_imeisv); bool vlr_use_umts_aka(struct osmo_auth_vector *vec, bool is_r99); diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c index d2c56c5..472acf0 100644 --- a/src/libmsc/gsm_04_08.c +++ b/src/libmsc/gsm_04_08.c @@ -3388,6 +3388,7 @@ /* VLR asks us to start using ciphering */ static int msc_vlr_set_ciph_mode(void *msc_conn_ref, enum vlr_ciph ciph, + bool umts_aka, bool retrieve_imeisv) { struct gsm_subscriber_connection *conn = msc_conn_ref; diff --git a/src/libvlr/vlr.c b/src/libvlr/vlr.c index 55b8de0..670ff83 100644 --- a/src/libvlr/vlr.c +++ b/src/libvlr/vlr.c @@ -1096,6 +1096,7 @@ struct osmo_fsm_inst *fi, void *msc_conn_ref, enum vlr_ciph ciph_mode, + bool umts_aka, bool retrieve_imeisv) { switch (ciph_mode) { @@ -1108,6 +1109,7 @@ ciph_mode, vlr_ciph_name(ciph_mode)); return vlr->ops.set_ciph_mode(msc_conn_ref, ciph_mode, + umts_aka, retrieve_imeisv); case VLR_CIPH_A5_2: diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c index e90d8de..41e629e 100644 --- a/src/libvlr/vlr_access_req_fsm.c +++ b/src/libvlr/vlr_access_req_fsm.c @@ -294,6 +294,7 @@ if (vlr_set_ciph_mode(vsub->vlr, fi, par->msc_conn_ref, par->ciphering_required, + vlr_use_umts_aka(&vsub->last_tuple->vec, par->is_r99), vsub->vlr->cfg.retrieve_imeisv_ciphered)) { LOGPFSML(fi, LOGL_ERROR, "Failed to send Ciphering Mode Command\n"); diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c index a3a68ed..e540e2a 100644 --- a/src/libvlr/vlr_lu_fsm.c +++ b/src/libvlr/vlr_lu_fsm.c @@ -826,8 +826,15 @@ return; } + if (!vsub->last_tuple) { + LOGPFSML(fi, LOGL_ERROR, "No auth tuple available\n"); + vlr_lu_compl_fsm_failure(fi, GSM48_REJECT_NETWORK_FAILURE); + return; + } + if (vlr_set_ciph_mode(vsub->vlr, fi, lfp->msc_conn_ref, lfp->ciphering_required, + vlr_use_umts_aka(&vsub->last_tuple->vec, lfp->is_r99), vsub->vlr->cfg.retrieve_imeisv_ciphered)) { LOGPFSML(fi, LOGL_ERROR, "Failed to send Ciphering Mode Command\n"); diff --git a/tests/msc_vlr/msc_vlr_tests.c b/tests/msc_vlr/msc_vlr_tests.c index f0a112b..9cc61b1 100644 --- a/tests/msc_vlr/msc_vlr_tests.c +++ b/tests/msc_vlr/msc_vlr_tests.c @@ -665,7 +665,7 @@ } static int fake_vlr_tx_ciph_mode_cmd(void *msc_conn_ref, enum vlr_ciph ciph, - bool retrieve_imeisv) + bool umts_aka, bool retrieve_imeisv) { /* FIXME: we actually would like to see the message bytes checked here, * not possible while msc_vlr_set_ciph_mode() calls -- To view, visit https://gerrit.osmocom.org/5469 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I983c48347faf4ee1b405d8174b4e006c904157cf Gerrit-PatchSet: 4 Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Jenkins Builder