From 7795a19ced9380f38c4e689742a3ae59a1fef453 Mon Sep 17 00:00:00 2001
From: Neels Hofmeyr <neels@hofmeyr.de>
Date: Sat, 10 Mar 2018 00:26:36 +0100
Subject: vlr: fix GSM AKA in a UMTS AKA capable environment

Switch by vsub->sec_ctx to use the proper Kc for ciphering.

Even on an R99 capable MS with a UMTS AKA capable USIM, the MS may still choose
to only perform GSM AKA, as long as the bearer is GERAN. The VLR already stores
whether the MS replied with a GSM AKA SRES or a UMTS AKA RES in vsub->sec_ctx.
So far, though, we were always using the UMTS AKA Kc just because the USIM and
core net are capable of it, ignoring the choice the MS might have made in the
Authentication Response.

In msc_vlr_test_gsm_ciph, fix the test expectations to the correct GSM AKA Kc
keys, showing that all of LU, CM Service Request and Paging Response now
support MS choosing GSM AKA in a UMTS capable environment.

Related: OS#2793
Change-Id: I42ce51ae979f42d173a45ae69273071c426bf97c
---
 tests/msc_vlr/msc_vlr_test_gsm_ciph.c   | 9 ---------
 tests/msc_vlr/msc_vlr_test_gsm_ciph.err | 6 +++---
 2 files changed, 3 insertions(+), 12 deletions(-)

(limited to 'tests')

diff --git a/tests/msc_vlr/msc_vlr_test_gsm_ciph.c b/tests/msc_vlr/msc_vlr_test_gsm_ciph.c
index d8c044180..57284a3bb 100644
--- a/tests/msc_vlr/msc_vlr_test_gsm_ciph.c
+++ b/tests/msc_vlr/msc_vlr_test_gsm_ciph.c
@@ -901,10 +901,7 @@ static void test_gsm_ciph_in_umts_env()
 	VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
 
 	btw("MS sends *GSM AKA* Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
-	/* EXPECTING ERROR: should be the GSM AKA kc:
 	expect_cipher_mode_cmd("7a75f0ac9b844400");
-	 * but instead is the UMTS AKA derived kc: */
-	expect_cipher_mode_cmd("85c985d6f980e18e");
 	ms_sends_msg("0554" "dacc4b26");
 	OSMO_ASSERT(cipher_mode_cmd_sent);
 	VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
@@ -947,10 +944,7 @@ static void test_gsm_ciph_in_umts_env()
 	thwart_rx_non_initial_requests();
 
 	btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
-	/* EXPECTING ERROR: should be the GSM AKA kc:
 	expect_cipher_mode_cmd("da149b11d473f400");
-	 * but instead is the UMTS AKA derived kc: */
-	expect_cipher_mode_cmd("dec1351054200a58");
 	ms_sends_msg("0554" "2fb4cfad");
 	VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
 	VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
@@ -1006,10 +1000,7 @@ static void test_gsm_ciph_in_umts_env()
 	thwart_rx_non_initial_requests();
 
 	btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
-	/* EXPECTING ERROR: should be the GSM AKA kc:
 	expect_cipher_mode_cmd("26ec67fad3073000");
-	 * but instead is the UMTS AKA derived kc: */
-	expect_cipher_mode_cmd("3721013ab07e55fb");
 	ms_sends_msg("0554" "0ff61e0f");
 	VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
 
diff --git a/tests/msc_vlr/msc_vlr_test_gsm_ciph.err b/tests/msc_vlr/msc_vlr_test_gsm_ciph.err
index 196da8c9e..9ebb7813d 100644
--- a/tests/msc_vlr/msc_vlr_test_gsm_ciph.err
+++ b/tests/msc_vlr/msc_vlr_test_gsm_ciph.err
@@ -1787,7 +1787,7 @@ DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_WAIT_AUTH}: Set Ciphering Mode
 DMM -> CIPHER MODE COMMAND IMSI:901700000010650
 - sending Ciphering Mode Command for IMSI:901700000010650: include_imeisv=0
 - ...perm algo: 2
-- ...key: 85c985d6f980e18e
+- ...key: 7a75f0ac9b844400
 DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_WAIT_AUTH}: state_chg to VLR_ULA_S_WAIT_CIPH
 DMM IMSI:901700000010650: bump: conn still being established (SUBSCR_CONN_S_NEW)
 DREF IMSI:901700000010650: MSC conn use - dtap == 1 (0x4)
@@ -1943,7 +1943,7 @@ DMM -> CIPHER MODE COMMAND MSISDN:42342
 DMSC CLASSMARK 1 unknown, assuming MS supports A5/1
 - sending Ciphering Mode Command for MSISDN:42342: include_imeisv=0
 - ...perm algo: 2
-- ...key: dec1351054200a58
+- ...key: da149b11d473f400
 DVLR Process_Access_Request_VLR(901700000010650){PR_ARQ_S_WAIT_AUTH}: state_chg to PR_ARQ_S_WAIT_CIPH
 DMM MSISDN:42342: bump: conn still being established (SUBSCR_CONN_S_NEW)
 DREF MSISDN:42342: MSC conn use - dtap == 1 (0x4)
@@ -2082,7 +2082,7 @@ DMM -> CIPHER MODE COMMAND MSISDN:42342
 DMSC CLASSMARK 1 unknown, assuming MS supports A5/1
 - sending Ciphering Mode Command for MSISDN:42342: include_imeisv=0
 - ...perm algo: 2
-- ...key: 3721013ab07e55fb
+- ...key: 26ec67fad3073000
 DVLR Process_Access_Request_VLR(901700000010650){PR_ARQ_S_WAIT_AUTH}: state_chg to PR_ARQ_S_WAIT_CIPH
 DMM MSISDN:42342: bump: conn still being established (SUBSCR_CONN_S_NEW)
 DREF MSISDN:42342: MSC conn use - dtap == 1 (0x4)
-- 
cgit v1.2.3