summaryrefslogtreecommitdiffstats
path: root/openbsc
diff options
context:
space:
mode:
authorNeels Hofmeyr <nhofmeyr@sysmocom.de>2016-03-30 11:22:29 +0200
committerHarald Welte <laforge@gnumonks.org>2016-03-31 11:56:48 +0200
commit0d929be8264ba592313f2cdd9bc4bd9b2579df00 (patch)
tree8f55e9bb352089046927fb471c4d24b77b8ec17c /openbsc
parent4e875aec0fda55bc93ea76c6992aaf3d90931d2d (diff)
Fix MM Auth: disallow key_seq mismatch
In auth_get_tuple_for_subscr(), add missing condition to match incoming key_seq with stored key_seq, so that re-authentication is requested for mismatching key_seqs. Add test for this issue.
Diffstat (limited to 'openbsc')
-rw-r--r--openbsc/src/libmsc/auth.c1
-rw-r--r--openbsc/tests/mm_auth/mm_auth_test.c32
-rw-r--r--openbsc/tests/mm_auth/mm_auth_test.ok6
3 files changed, 39 insertions, 0 deletions
diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
index 4ce183935..ca39d0118 100644
--- a/openbsc/src/libmsc/auth.c
+++ b/openbsc/src/libmsc/auth.c
@@ -100,6 +100,7 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
rc = db_get_lastauthtuple_for_subscr(atuple, subscr);
if ((rc == 0) &&
(key_seq != GSM_KEY_SEQ_INVAL) &&
+ (key_seq == atuple->key_seq) &&
(atuple->use_count < 3))
{
atuple->use_count++;
diff --git a/openbsc/tests/mm_auth/mm_auth_test.c b/openbsc/tests/mm_auth/mm_auth_test.c
index 1d65984cb..2b4586101 100644
--- a/openbsc/tests/mm_auth/mm_auth_test.c
+++ b/openbsc/tests/mm_auth/mm_auth_test.c
@@ -272,6 +272,37 @@ static void test_auth_reuse()
));
}
+static void test_auth_reuse_key_seq_mismatch()
+{
+ int auth_action;
+ struct gsm_auth_tuple atuple = {0};
+ struct gsm_subscriber subscr = {0};
+ int key_seq;
+
+ printf("\n* test_auth_reuse_key_seq_mismatch()\n");
+
+ /* Ki entry, auth tuple negotiated, valid+matching incoming key_seq */
+ test_auth_info = default_auth_info;
+ test_last_auth_tuple = default_auth_tuple;
+ test_last_auth_tuple.key_seq = 3;
+ key_seq = 4;
+ test_last_auth_tuple.use_count = 1;
+ test_get_authinfo_rc = 0;
+ test_get_lastauthtuple_rc = 0;
+ auth_action = auth_get_tuple_for_subscr_verbose(&atuple, &subscr,
+ key_seq);
+ OSMO_ASSERT(auth_action == AUTH_DO_AUTH_THEN_CIPH);
+ OSMO_ASSERT(auth_tuple_is(&atuple,
+ "gsm_auth_tuple {\n"
+ " .use_count = 1\n"
+ " .key_seq = 4\n"
+ " .rand = 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 \n"
+ " .sres = a1 ab c6 90 \n"
+ " .kc = 0f 27 ed f3 ac 97 ac 00 \n"
+ "}\n"
+ ));
+}
+
int main(void)
{
osmo_init_logging(&log_info);
@@ -282,5 +313,6 @@ int main(void)
test_auth_then_ciph1();
test_auth_then_ciph2();
test_auth_reuse();
+ test_auth_reuse_key_seq_mismatch();
return 0;
}
diff --git a/openbsc/tests/mm_auth/mm_auth_test.ok b/openbsc/tests/mm_auth/mm_auth_test.ok
index 7dedadc38..9d89bfb84 100644
--- a/openbsc/tests/mm_auth/mm_auth_test.ok
+++ b/openbsc/tests/mm_auth/mm_auth_test.ok
@@ -28,3 +28,9 @@ wrapped: db_get_authinfo_for_subscr(): rc = 0
wrapped: db_get_lastauthtuple_for_subscr(): rc = 0
wrapped: db_sync_lastauthtuple_for_subscr(): rc = 0
auth_get_tuple_for_subscr(key_seq=3) --> auth_action == AUTH_DO_CIPH
+
+* test_auth_reuse_key_seq_mismatch()
+wrapped: db_get_authinfo_for_subscr(): rc = 0
+wrapped: db_get_lastauthtuple_for_subscr(): rc = 0
+wrapped: db_sync_lastauthtuple_for_subscr(): rc = 0
+auth_get_tuple_for_subscr(key_seq=4) --> auth_action == AUTH_DO_AUTH_THEN_CIPH