diff options
author | Sylvain Munaut <tnt@246tNt.com> | 2019-03-14 11:02:36 +0100 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2019-03-19 15:24:01 +0000 |
commit | da9f37ed201be1fc12f6bbf8621fe489056d9012 (patch) | |
tree | b205ef5712583a53ddcded15bf153ac0082680c7 /src/libvlr/vlr_access_req_fsm.c | |
parent | 31f4c1f927352a5e50348b80bb61f3c8b4cdc799 (diff) |
libvlr: Allow 2G auth tuples to be re-used without going through AUTH
If the key_seq we get in the first messages matches the last_tuple, then
both we and the MS already know the key to use and we don't need the
AUTH REQUEST/RESPONSE cycle.
Security wise ... not so good, and so IMHO the 'auth required' option
in the MSC should always be set. But this allows to turn on ciphering on
a channel without doing any MM transaction, and so the MS doesn't turn
on the T3240 timer which allows to have a ciphered silent-call channel
that won't timeout.
Change-Id: Ief840a2ae7a0ffd2bf0bf726f209a79e3f787646
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Diffstat (limited to 'src/libvlr/vlr_access_req_fsm.c')
-rw-r--r-- | src/libvlr/vlr_access_req_fsm.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c index 3b4028524..26db42cb3 100644 --- a/src/libvlr/vlr_access_req_fsm.c +++ b/src/libvlr/vlr_access_req_fsm.c @@ -67,6 +67,7 @@ struct proc_arq_priv { struct osmo_location_area_id lai; bool authentication_required; bool ciphering_required; + uint8_t key_seq; bool is_r99; bool is_utran; bool implicitly_accepted_parq_by_ciphering_cmd; @@ -316,7 +317,8 @@ static bool is_auth_required(struct proc_arq_priv *par) /* The cases where the authentication procedure should be used * are defined in 3GPP TS 33.102 */ /* For now we use a default value passed in to vlr_lu_fsm(). */ - return par->authentication_required || par->ciphering_required; + return par->authentication_required || + (par->ciphering_required && !auth_try_reuse_tuple(par->vsub, par->key_seq)); } /* after the IMSI is known */ @@ -528,6 +530,7 @@ static const struct osmo_fsm_state proc_arq_vlr_states[] = { .out_state_mask = S(PR_ARQ_S_DONE) | S(PR_ARQ_S_WAIT_OBTAIN_IMSI) | S(PR_ARQ_S_WAIT_AUTH) | + S(PR_ARQ_S_WAIT_CIPH) | S(PR_ARQ_S_WAIT_UPD_LOC_CHILD) | S(PR_ARQ_S_WAIT_SUB_PRES) | S(PR_ARQ_S_WAIT_TRACE_SUB) | @@ -540,6 +543,7 @@ static const struct osmo_fsm_state proc_arq_vlr_states[] = { .in_event_mask = S(PR_ARQ_E_ID_IMSI), .out_state_mask = S(PR_ARQ_S_DONE) | S(PR_ARQ_S_WAIT_AUTH) | + S(PR_ARQ_S_WAIT_CIPH) | S(PR_ARQ_S_WAIT_UPD_LOC_CHILD) | S(PR_ARQ_S_WAIT_SUB_PRES) | S(PR_ARQ_S_WAIT_TRACE_SUB) | @@ -637,6 +641,7 @@ vlr_proc_acc_req(struct osmo_fsm_inst *parent, const struct osmo_location_area_id *lai, bool authentication_required, bool ciphering_required, + uint8_t key_seq, bool is_r99, bool is_utran) { struct osmo_fsm_inst *fi; @@ -660,6 +665,7 @@ vlr_proc_acc_req(struct osmo_fsm_inst *parent, par->parent_event_data = parent_event_data; par->authentication_required = authentication_required; par->ciphering_required = ciphering_required; + par->key_seq = key_seq; par->is_r99 = is_r99; par->is_utran = is_utran; |