From 046016fab5c9b0de1932b6a4a60ec020ce2a0d91 Mon Sep 17 00:00:00 2001
From: Neels Hofmeyr <nhofmeyr@sysmocom.de>
Date: Tue, 11 Oct 2016 01:05:22 +0200
Subject: IuCS: detect whether a conn is already secure

If a CM Service Request is received on an already secure IuCS connection,
we so far didn't notice and started to authenticate again. The UE would
readily renew its authentication, but then our state got stuck since
ciphering was already established. Instead, don't authenticate again when
integrity protection is already established.

Change-Id: I3c01fe58276ba0ad918f2cd30cc3dca7c6663e68
---
 openbsc/src/libmsc/gsm_04_08.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index 4b60ab32a..ae43e372a 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -207,6 +207,10 @@ int gsm48_secure_channel(struct gsm_subscriber_connection *conn, int key_seq,
 		status = GSM_SECURITY_NOAVAIL;
 	}
 
+	if (status < 0 && conn->via_iface == IFACE_IU
+	    && conn->iu.integrity_protection != INTEGRITY_PROTECTION_NONE)
+		status = GSM_SECURITY_ALREADY;
+
 	/* If not done yet, try to get info for this user */
 	if (status < 0) {
 		/* DEV HACK: hardcode keys for Iu */
-- 
cgit v1.2.3