diff options
author | Neels Hofmeyr <neels@hofmeyr.de> | 2017-12-18 01:23:42 +0100 |
---|---|---|
committer | Neels Hofmeyr <neels@hofmeyr.de> | 2017-12-18 05:18:11 +0100 |
commit | 2ef2da54abd537cc131aa9815a0d1bb91d0987e0 (patch) | |
tree | 2b0b0d0e071ac5a918522adf00abe2353c78292f /src | |
parent | e3d72d782799700a0544b4fdd7b0bcb3d4a210cd (diff) |
cosmetic prep: tell vlr_ops.set_ciph_mode() whether UMTS AKA is used
In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
tokens. tuple->vec.kc was calculated from the GSM algorithm and is not
necessarily a match for the UMTS AKA tokens.
To decide (in an upcoming patch) whether to use UMTS AKA derived Kc or the Kc
from the auth vector, the set_ciph_mode() from vlr_ops needs to know whether
UMTS AKA is being used. This could possibly derived from the msc_conn_ref, but
all flags are already available in the vlr_lu_fsm and vlr_access_req_fsm. Hence
add a umts_aka flag to the set_ciph_mode() callback invocation. The VLR FSMs
thus decide whether UMTS AKA or GSM AKA is to be used during Ciphering Mode
Command, which makes more sense than re-implementing the same decision process
in the MSC.
I considered placing the Kc derivation in vlr_set_ciph_mode() and only tell the
MSC's set_ciph_mode() implementation the precise keys it should use, but the
RAN particulars, and whether a Kc is used at all, rather belong with the MSC.
Related: OS#2745
Prepares: If04e405426c55a81341747a9b450a69188525d5c
Change-Id: I983c48347faf4ee1b405d8174b4e006c904157cf
Diffstat (limited to 'src')
-rw-r--r-- | src/libmsc/gsm_04_08.c | 1 | ||||
-rw-r--r-- | src/libvlr/vlr.c | 2 | ||||
-rw-r--r-- | src/libvlr/vlr_access_req_fsm.c | 1 | ||||
-rw-r--r-- | src/libvlr/vlr_lu_fsm.c | 7 |
4 files changed, 11 insertions, 0 deletions
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c index d2c56c5a8..472acf00d 100644 --- a/src/libmsc/gsm_04_08.c +++ b/src/libmsc/gsm_04_08.c @@ -3388,6 +3388,7 @@ osmo_static_assert(sizeof(((struct gsm0808_encrypt_info*)0)->key) >= sizeof(((st /* VLR asks us to start using ciphering */ static int msc_vlr_set_ciph_mode(void *msc_conn_ref, enum vlr_ciph ciph, + bool umts_aka, bool retrieve_imeisv) { struct gsm_subscriber_connection *conn = msc_conn_ref; diff --git a/src/libvlr/vlr.c b/src/libvlr/vlr.c index 55b8de006..670ff839d 100644 --- a/src/libvlr/vlr.c +++ b/src/libvlr/vlr.c @@ -1096,6 +1096,7 @@ int vlr_set_ciph_mode(struct vlr_instance *vlr, struct osmo_fsm_inst *fi, void *msc_conn_ref, enum vlr_ciph ciph_mode, + bool umts_aka, bool retrieve_imeisv) { switch (ciph_mode) { @@ -1108,6 +1109,7 @@ int vlr_set_ciph_mode(struct vlr_instance *vlr, ciph_mode, vlr_ciph_name(ciph_mode)); return vlr->ops.set_ciph_mode(msc_conn_ref, ciph_mode, + umts_aka, retrieve_imeisv); case VLR_CIPH_A5_2: diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c index e90d8de9f..41e629ed2 100644 --- a/src/libvlr/vlr_access_req_fsm.c +++ b/src/libvlr/vlr_access_req_fsm.c @@ -294,6 +294,7 @@ static void _proc_arq_vlr_node2(struct osmo_fsm_inst *fi) if (vlr_set_ciph_mode(vsub->vlr, fi, par->msc_conn_ref, par->ciphering_required, + vlr_use_umts_aka(&vsub->last_tuple->vec, par->is_r99), vsub->vlr->cfg.retrieve_imeisv_ciphered)) { LOGPFSML(fi, LOGL_ERROR, "Failed to send Ciphering Mode Command\n"); diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c index a3a68ed98..e540e2ae9 100644 --- a/src/libvlr/vlr_lu_fsm.c +++ b/src/libvlr/vlr_lu_fsm.c @@ -826,8 +826,15 @@ static void vlr_loc_upd_post_auth(struct osmo_fsm_inst *fi) return; } + if (!vsub->last_tuple) { + LOGPFSML(fi, LOGL_ERROR, "No auth tuple available\n"); + vlr_lu_compl_fsm_failure(fi, GSM48_REJECT_NETWORK_FAILURE); + return; + } + if (vlr_set_ciph_mode(vsub->vlr, fi, lfp->msc_conn_ref, lfp->ciphering_required, + vlr_use_umts_aka(&vsub->last_tuple->vec, lfp->is_r99), vsub->vlr->cfg.retrieve_imeisv_ciphered)) { LOGPFSML(fi, LOGL_ERROR, "Failed to send Ciphering Mode Command\n"); |