This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Neels Hofmeyr gerrit-no-reply at lists.osmocom.orgHello Harald Welte, Jenkins Builder,
I'd like you to reexamine a change. Please visit
https://gerrit.osmocom.org/2048
to look at the new patch set (#2).
osmo_auth_gen_vec: UMTS auth: store last used SQN, not next
Prepare for the implementation of splitting SQN increments in SEQ and an IND
part; particularly to clearly show where the changes in auth/milenage_test's
expectations originate.
Rationale: the source of UMTS auth vectors, for us usually OsmoHLR, typically
stores the last used SQN, not the next one to be used. Particularly with the
upcoming fix of the SQN scheme, this change is important: the next SQN will
depend on which entity asks for it, because each auth consumer may have a
particular slot in the IND part of SQN. It does not make sense to store the
next SQN, because we will not know which consumer that will be for.
The milenage_test has always calculated a tuple for SQN == 34. To account for
the increment now happening before calculating a tuple, lower the test_aud->sqn
by one to 0x21 == 33, so that it is still calculating for SQN == 34.
Because we are no longer incrementing SQN after the tuple is generated,
milenage_test's expected output after doing an AUTS resync to 31 changes to the
next SQN = 32, the SQN used for the generated tuple.
(BTW, a subsequent patch will illustrate AUTS in detail.)
osmo-auc-gen now needs to pass the user requested SQN less one, because the SQN
will be incremented befor generating the auth vector. Also the SQN remains the
same after generating, so SQN output needs less decrementing. Note that the
expected output for osmo-auc-gen_test remains unchanged, hence the same input
arguments (particularly -s <sqn> and -A <auts>) still produce the same results.
Note: osmo-hlr regression tests will require adjustments when this patch is
merged, because it must now pass desired_sqn - 1 instead of just desired_sqn.
See osmo-hlr change-id I4ec5a578537acb1d9e1ebfe00a72417fc3ca5894 .
Related: OS#1968
Change-Id: Iadf43f21e0605e9e85f7e8026c40985f7ceff1a3
---
M src/gsm/auth_milenage.c
M tests/auth/milenage_test.c
M tests/auth/milenage_test.ok
M utils/osmo-auc-gen.c
4 files changed, 18 insertions(+), 10 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/48/2048/2
diff --git a/src/gsm/auth_milenage.c b/src/gsm/auth_milenage.c
index 1635ac6..e180762 100644
--- a/src/gsm/auth_milenage.c
+++ b/src/gsm/auth_milenage.c
@@ -30,10 +30,14 @@
const uint8_t *_rand)
{
size_t res_len = sizeof(vec->res);
+ uint64_t next_sqn;
uint8_t sqn[6];
int rc;
- osmo_store64be_ext(aud->u.umts.sqn, sqn, 6);
+ /* keep the incremented SQN local until gsm_milenage() succeeded. */
+ next_sqn = aud->u.umts.sqn + 1;
+
+ osmo_store64be_ext(next_sqn, sqn, 6);
milenage_generate(aud->u.umts.opc, aud->u.umts.amf, aud->u.umts.k,
sqn, _rand,
vec->autn, vec->ik, vec->ck, vec->res, &res_len);
@@ -43,7 +47,9 @@
return rc;
vec->auth_types = OSMO_AUTH_TYPE_UMTS | OSMO_AUTH_TYPE_GSM;
- aud->u.umts.sqn++;
+
+ /* for storage in the caller's AUC database */
+ aud->u.umts.sqn = next_sqn;
return 0;
}
@@ -72,7 +78,7 @@
if (rc < 0)
return rc;
- aud->u.umts.sqn = 1 + (osmo_load64be_ext(sqn_out, 6) >> 16);
+ aud->u.umts.sqn = osmo_load64be_ext(sqn_out, 6) >> 16;
return milenage_gen_vec(vec, aud, _rand);
}
diff --git a/tests/auth/milenage_test.c b/tests/auth/milenage_test.c
index 187b9ad..405da65 100644
--- a/tests/auth/milenage_test.c
+++ b/tests/auth/milenage_test.c
@@ -36,7 +36,7 @@
.k = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
.amf = { 0x00, 0x00 },
- .sqn = 0x22,
+ .sqn = 0x21,
},
};
diff --git a/tests/auth/milenage_test.ok b/tests/auth/milenage_test.ok
index 20c47c6..b0eb44b 100644
--- a/tests/auth/milenage_test.ok
+++ b/tests/auth/milenage_test.ok
@@ -5,7 +5,7 @@
RES: e9 fc 88 cc c8 a3 53 81
SRES: 21 5f db 4d
Kc: 6d e8 16 a7 59 a4 29 12
-AUTS success: tuple generated with SQN = 33
+AUTS success: tuple generated with SQN = 32
MILENAGE supported: 1
OP: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
OPC: c6 a1 3b 37 87 8f 5b 82 6f 4f 81 62 a1 c8 d8 79
diff --git a/utils/osmo-auc-gen.c b/utils/osmo-auc-gen.c
index 6fa7cec..4e2456a 100644
--- a/utils/osmo-auc-gen.c
+++ b/utils/osmo-auc-gen.c
@@ -198,6 +198,10 @@
}
ul = strtoul(optarg, 0, 10);
test_aud.u.umts.sqn = ul;
+ /* Before calculating the UMTS auth vector,
+ * osmo_auth_gen_vec() increments the SQN. SQN-1 here
+ * to end up with the SQN the user requested. */
+ test_aud.u.umts.sqn--;
break;
case 'r':
rc = osmo_hexparse(optarg, _rand, sizeof(_rand));
@@ -260,16 +264,14 @@
else {
dump_auth_vec(vec);
if (test_aud.type == OSMO_AUTH_TYPE_UMTS)
- /* After generating, SQN is incremented, so -1 */
- printf("SQN:\t%" PRIu64 "\n", test_aud.u.umts.sqn - 1);
+ printf("SQN:\t%" PRIu64 "\n", test_aud.u.umts.sqn);
}
/* After recovering SQN.MS from AUTS, milenage_gen_vec_auts() does
- * aud->u.umts.sqn++, and after vector generation milenage_gen_vec()
- * does another ++, so to show SQN.MS we need to -2 */
+ * aud->u.umts.sqn++, so to show SQN.MS we need to -1 */
if (auts_is_set)
printf("AUTS success: SQN.MS = %" PRIu64 "\n",
- test_aud.u.umts.sqn - 2);
+ test_aud.u.umts.sqn - 1);
exit(0);
}
--
To view, visit https://gerrit.osmocom.org/2048
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Iadf43f21e0605e9e85f7e8026c40985f7ceff1a3
Gerrit-PatchSet: 2
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>