[PATCH 6/7] Fix MM Auth: disallow key_seq mismatch

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Neels Hofmeyr nhofmeyr at sysmocom.de
Wed Mar 30 09:22:29 UTC 2016


In auth_get_tuple_for_subscr(), add missing condition to match incoming
key_seq with stored key_seq, so that re-authentication is requested for
mismatching key_seqs.

Add test for this issue.
---
 openbsc/src/libmsc/auth.c             |  1 +
 openbsc/tests/mm_auth/mm_auth_test.c  | 32 ++++++++++++++++++++++++++++++++
 openbsc/tests/mm_auth/mm_auth_test.ok |  6 ++++++
 3 files changed, 39 insertions(+)

diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
index 4ce1839..ca39d01 100644
--- a/openbsc/src/libmsc/auth.c
+++ b/openbsc/src/libmsc/auth.c
@@ -100,6 +100,7 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
 	rc = db_get_lastauthtuple_for_subscr(atuple, subscr);
 	if ((rc == 0) &&
 	    (key_seq != GSM_KEY_SEQ_INVAL) &&
+	    (key_seq == atuple->key_seq) &&
 	    (atuple->use_count < 3))
 	{
 		atuple->use_count++;
diff --git a/openbsc/tests/mm_auth/mm_auth_test.c b/openbsc/tests/mm_auth/mm_auth_test.c
index 1d65984..2b45861 100644
--- a/openbsc/tests/mm_auth/mm_auth_test.c
+++ b/openbsc/tests/mm_auth/mm_auth_test.c
@@ -272,6 +272,37 @@ static void test_auth_reuse()
 		));
 }
 
+static void test_auth_reuse_key_seq_mismatch()
+{
+	int auth_action;
+	struct gsm_auth_tuple atuple = {0};
+	struct gsm_subscriber subscr = {0};
+	int key_seq;
+
+	printf("\n* test_auth_reuse_key_seq_mismatch()\n");
+
+	/* Ki entry, auth tuple negotiated, valid+matching incoming key_seq */
+	test_auth_info = default_auth_info;
+	test_last_auth_tuple = default_auth_tuple;
+	test_last_auth_tuple.key_seq = 3;
+	key_seq = 4;
+	test_last_auth_tuple.use_count = 1;
+	test_get_authinfo_rc = 0;
+	test_get_lastauthtuple_rc = 0;
+	auth_action = auth_get_tuple_for_subscr_verbose(&atuple, &subscr,
+							key_seq);
+	OSMO_ASSERT(auth_action == AUTH_DO_AUTH_THEN_CIPH);
+	OSMO_ASSERT(auth_tuple_is(&atuple,
+		"gsm_auth_tuple {\n"
+		"  .use_count = 1\n"
+		"  .key_seq = 4\n"
+		"  .rand = 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 \n"
+		"  .sres = a1 ab c6 90 \n"
+		"  .kc = 0f 27 ed f3 ac 97 ac 00 \n"
+		"}\n"
+		));
+}
+
 int main(void)
 {
 	osmo_init_logging(&log_info);
@@ -282,5 +313,6 @@ int main(void)
 	test_auth_then_ciph1();
 	test_auth_then_ciph2();
 	test_auth_reuse();
+	test_auth_reuse_key_seq_mismatch();
 	return 0;
 }
diff --git a/openbsc/tests/mm_auth/mm_auth_test.ok b/openbsc/tests/mm_auth/mm_auth_test.ok
index 7dedadc..9d89bfb 100644
--- a/openbsc/tests/mm_auth/mm_auth_test.ok
+++ b/openbsc/tests/mm_auth/mm_auth_test.ok
@@ -28,3 +28,9 @@ wrapped: db_get_authinfo_for_subscr(): rc = 0
 wrapped: db_get_lastauthtuple_for_subscr(): rc = 0
 wrapped: db_sync_lastauthtuple_for_subscr(): rc = 0
 auth_get_tuple_for_subscr(key_seq=3) --> auth_action == AUTH_DO_CIPH
+
+* test_auth_reuse_key_seq_mismatch()
+wrapped: db_get_authinfo_for_subscr(): rc = 0
+wrapped: db_get_lastauthtuple_for_subscr(): rc = 0
+wrapped: db_sync_lastauthtuple_for_subscr(): rc = 0
+auth_get_tuple_for_subscr(key_seq=4) --> auth_action == AUTH_DO_AUTH_THEN_CIPH
-- 
2.1.4




More information about the OpenBSC mailing list