vlr: fix GSM AKA in a UMTS AKA capable environment

Switch by vsub->sec_ctx to use the proper Kc for ciphering.

Even on an R99 capable MS with a UMTS AKA capable USIM, the MS may still choose
to only perform GSM AKA, as long as the bearer is GERAN. The VLR already stores
whether the MS replied with a GSM AKA SRES or a UMTS AKA RES in vsub->sec_ctx.
So far, though, we were always using the UMTS AKA Kc just because the USIM and
core net are capable of it, ignoring the choice the MS might have made in the
Authentication Response.

In msc_vlr_test_gsm_ciph, fix the test expectations to the correct GSM AKA Kc
keys, showing that all of LU, CM Service Request and Paging Response now
support MS choosing GSM AKA in a UMTS capable environment.

Related: OS#2793
Change-Id: I42ce51ae979f42d173a45ae69273071c426bf97c

1 files changed, 15 insertions, 1 deletions

diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c
index 556e69426..95a618da5 100644
--- a/src/libvlr/vlr_access_req_fsm.c
+++ b/src/libvlr/vlr_access_req_fsm.c
@@ -284,6 +284,7 @@ static void _proc_arq_vlr_node2(struct osmo_fsm_inst *fi)
 {
 	struct proc_arq_priv *par = fi->priv;
 	struct vlr_subscr *vsub = par->vsub;
+	bool umts_aka;
 
 	LOGPFSM(fi, "%s()\n", __func__);
 
@@ -292,9 +293,22 @@ static void _proc_arq_vlr_node2(struct osmo_fsm_inst *fi)
 		return;
 	}
 
+	switch (vsub->sec_ctx) {
+	case VLR_SEC_CTX_GSM:
+		umts_aka = false;
+		break;
+	case VLR_SEC_CTX_UMTS:
+		umts_aka = true;
+		break;
+	default:
+		LOGPFSML(fi, LOGL_ERROR, "Cannot start ciphering, security context is not established\n");
+		proc_arq_fsm_done(fi, VLR_PR_ARQ_RES_SYSTEM_FAILURE);
+		return;
+	}
+
 	if (vlr_set_ciph_mode(vsub->vlr, fi, par->msc_conn_ref,
 			      par->ciphering_required,
-			      vlr_use_umts_aka(&vsub->last_tuple->vec, par->is_r99),
+			      umts_aka,
 			      vsub->vlr->cfg.retrieve_imeisv_ciphered)) {
 		LOGPFSML(fi, LOGL_ERROR,
 			 "Failed to send Ciphering Mode Command\n");