Bugreport Openbsc Authentification

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Robert Ingr ir at mytum.de
Mon May 7 19:53:13 UTC 2012


Hi all,

as we were running openbsc with a nanobts in a nitb configuration at our institute we observed two bugs in the authentification part of openbsc.

First:
In file openbsc/openbsc/src/libmsc/db.c on line 372 there is 

"ainfo->a3a8_ki_len = sizeof(ainfo->a3a8_ki_len);" 

which takes the sizeof of the length value. This always results in a wrong keylength and hence no authentification will ever be executed. This should rather be changed to:

ainfo->a3a8_ki_len = sizeof(ainfo->a3a8_ki);


Secondly:
I haven't found the piece of code which is responsible for this bug particulary but:
Whenever the key for the a3a8_comp128 is being read from the database a shift of one bit occurs.

i.e. when you set the a3a8_key in the hlr.sqlite3 to 01010101010101010101010101010101 the value being processed as key in the a3a8_comp128 algorithm is 02020202020202020202020202020202. 

Best Regards,
Robert Ingr






More information about the OpenBSC mailing list