libvlr: Allow 2G auth tuples to be re-used without going through AUTH

If the key_seq we get in the first messages matches the last_tuple, then both we and the MS already know the key to use and we don't need the AUTH REQUEST/RESPONSE cycle. Security wise ... not so good, and so IMHO the 'auth required' option in the MSC should always be set. But this allows to turn on ciphering on a channel without doing any MM transaction, and so the MS doesn't turn on the T3240 timer which allows to have a ciphered silent-call channel that won't timeout. Change-Id: Ief840a2ae7a0ffd2bf0bf726f209a79e3f787646 Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
author: Sylvain Munaut <tnt@246tNt.com> 2019-03-14 11:02:36 +0100
committer: Harald Welte <laforge@gnumonks.org> 2019-03-19 15:24:01 +0000
commit: da9f37ed201be1fc12f6bbf8621fe489056d9012 (patch)
tree: b205ef5712583a53ddcded15bf153ac0082680c7 /src/libvlr/vlr_auth_fsm.c
parent: 31f4c1f927352a5e50348b80bb61f3c8b4cdc799 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/src/libvlr/vlr_auth_fsm.c b/src/libvlr/vlr_auth_fsm.c
index ccf3660b8..60265104d 100644
--- a/src/libvlr/vlr_auth_fsm.c
+++ b/src/libvlr/vlr_auth_fsm.c
@@ -629,3 +629,18 @@ struct osmo_fsm_inst *auth_fsm_start(struct vlr_subscr *vsub,
 
 	return fi;
 }
+
+bool auth_try_reuse_tuple(struct vlr_subscr *vsub, uint8_t key_seq)
+{
+	int max_reuse_count = vsub->vlr->cfg.auth_tuple_max_reuse_count;
+	struct vlr_auth_tuple *at = vsub->last_tuple;
+
+	if (!at)
+		return false;
+	if ((max_reuse_count >= 0) && (at->use_count > max_reuse_count))
+		return false;
+	if (at->key_seq != key_seq)
+		return false;
+	at->use_count++;
+	return true;
+}
author	Sylvain Munaut <tnt@246tNt.com>	2019-03-14 11:02:36 +0100
committer	Harald Welte <laforge@gnumonks.org>	2019-03-19 15:24:01 +0000
commit	da9f37ed201be1fc12f6bbf8621fe489056d9012 (patch)
tree	b205ef5712583a53ddcded15bf153ac0082680c7 /src/libvlr/vlr_auth_fsm.c
parent	31f4c1f927352a5e50348b80bb61f3c8b4cdc799 (diff)