Fix: Handle CM service request on already secured channel correctly

A CM service request must be acknowledged also, when encryption is already
enabled.

Without encryption enabled, the security status is GSM_SECURITY_NOTAVAIL,
which causes a CM service acknowledge. On initial CM service request, the
security status is GSM_SECURITY_SUCCEED, if encryption is enabled. This
will not lead to an acknowledge, because the cyphering command implies an
acknowlege. An additional CM service request requires an acknowledge, so
I added a new security status: GSM_SECURITY_ALREADY

2 files changed, 3 insertions, 1 deletions

diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h
index d7db887ea..05e04906e 100644
--- a/openbsc/include/openbsc/gsm_data.h
+++ b/openbsc/include/openbsc/gsm_data.h
@@ -21,6 +21,7 @@ enum gsm_security_event {
 	GSM_SECURITY_NOAVAIL,
 	GSM_SECURITY_AUTH_FAILED,
 	GSM_SECURITY_SUCCEEDED,
+	GSM_SECURITY_ALREADY,
 };
 
 struct msgb;
diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c
index b69ab953c..7f38be28e 100644
--- a/openbsc/src/libmsc/gsm_04_08.c
+++ b/openbsc/src/libmsc/gsm_04_08.c
@@ -173,7 +173,7 @@ int gsm48_secure_channel(struct gsm_subscriber_connection *conn, int key_seq,
 		status = GSM_SECURITY_NOAVAIL;
 	} else if (conn->lchan->encr.alg_id > RSL_ENC_ALG_A5(0)) {
 		DEBUGP(DMM, "Requesting to secure an already secure channel");
-		status = GSM_SECURITY_SUCCEEDED;
+		status = GSM_SECURITY_ALREADY;
 	} else if (!ms_cm2_a5n_support(subscr->equipment.classmark2,
 	                               net->a5_encryption)) {
 		DEBUGP(DMM, "Subscriber equipment doesn't support requested encryption");
@@ -835,6 +835,7 @@ static int _gsm48_rx_mm_serv_req_sec_cb(
 			break;
 
 		case GSM_SECURITY_NOAVAIL:
+		case GSM_SECURITY_ALREADY:
 			rc = gsm48_tx_mm_serv_ack(conn);
 			break;