From 444a516f18a7a2073b26f9d01e754853015c178e Mon Sep 17 00:00:00 2001
From: Daniel Willmann <dwillmann@sysmocom.de>
Date: Tue, 19 Apr 2016 20:04:00 +0200
Subject: gprs: Keep track of key negotiation and set the key status flag in
 sec_mod_cmd

---
 openbsc/src/gprs/gprs_gmm.c  | 36 ++++++------------------------------
 openbsc/src/gprs/gprs_sgsn.c |  1 +
 openbsc/src/libiu/iu.c       |  4 ++--
 3 files changed, 9 insertions(+), 32 deletions(-)

(limited to 'openbsc/src')

diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c
index 5f1024d84..05d66e4d2 100644
--- a/openbsc/src/gprs/gprs_gmm.c
+++ b/openbsc/src/gprs/gprs_gmm.c
@@ -116,35 +116,6 @@ int sgsn_ranap_iu_event(struct ue_conn_ctx *ctx, enum iu_event_type type, void *
 		break;
 	case IU_EVENT_IU_RELEASE:
 		{
-		uint8_t tmp_rand[16];
-		struct osmo_auth_vector vec;
-		/* Ki 000102030405060708090a0b0c0d0e0f */
-		struct osmo_sub_auth_data auth = {
-			.type	= OSMO_AUTH_TYPE_GSM,
-			.algo	= OSMO_AUTH_ALG_COMP128v1,
-			.u.gsm.ki = {
-				0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
-				0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d,
-				0x0e, 0x0f
-			},
-		};
-
-		/* XXX: Hack to make 3G auth work with special SIM card */
-		mm->auth_state = SGSN_AUTH_AUTHENTICATE;
-		mm->is_authenticated = 0;
-
-
-		RAND_bytes(&tmp_rand, 16);
-
-		memset(&vec, 0, sizeof(vec));
-		osmo_auth_gen_vec(&vec, &auth, tmp_rand);
-
-
-
-		mm->auth_triplet.key_seq = 0;
-		memcpy(&mm->auth_triplet.rand, &tmp_rand, sizeof(tmp_rand));
-		memcpy(&mm->auth_triplet.sres, &vec.sres, sizeof(vec.sres));
-		memcpy(&mm->auth_triplet.kc, &vec.kc, sizeof(vec.kc));
 		/* Clean up ue_conn_ctx here */
 		LOGMMCTXP(LOGL_INFO, mm, "IU release\n");
 		rc = 0;
@@ -599,6 +570,9 @@ static int gsm48_rx_gmm_auth_ciph_resp(struct sgsn_mm_ctx *ctx,
 
 	ctx->is_authenticated = 1;
 
+	if (ctx->ran_type == MM_CTX_T_UTRAN_Iu)
+		ctx->iu.new_key = 1;
+
 	/* FIXME: enable LLC cipheirng */
 
 	/* Check if we can let the mobile station enter */
@@ -800,7 +774,9 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx)
 
 	/* The MS is authorized */
 	if (ctx->ran_type == MM_CTX_T_UTRAN_Iu && !ctx->iu.ue_ctx->integrity_active) {
-		return iu_tx_sec_mode_cmd(ctx->iu.ue_ctx, &ctx->auth_triplet, 0);
+		rc = iu_tx_sec_mode_cmd(ctx->iu.ue_ctx, &ctx->auth_triplet, 0, ctx->iu.new_key);
+		ctx->iu.new_key = 0;
+		return rc;
 	}
 
 	switch (ctx->pending_req) {
diff --git a/openbsc/src/gprs/gprs_sgsn.c b/openbsc/src/gprs/gprs_sgsn.c
index 8c188bf59..76ddd9199 100644
--- a/openbsc/src/gprs/gprs_sgsn.c
+++ b/openbsc/src/gprs/gprs_sgsn.c
@@ -209,6 +209,7 @@ struct sgsn_mm_ctx *sgsn_mm_ctx_alloc_iu(void *uectx)
 	ctx->ran_type = MM_CTX_T_UTRAN_Iu;
 	ctx->iu.ue_ctx = uectx;
 	ctx->iu.rab_id = 1;
+	ctx->iu.new_key = 1;
 	ctx->mm_state = GMM_DEREGISTERED;
 	ctx->auth_triplet.key_seq = GSM_KEY_SEQ_INVAL;
 	ctx->ctrg = rate_ctr_group_alloc(ctx, &mmctx_ctrg_desc, 0);
diff --git a/openbsc/src/libiu/iu.c b/openbsc/src/libiu/iu.c
index ea99f172d..20590766a 100644
--- a/openbsc/src/libiu/iu.c
+++ b/openbsc/src/libiu/iu.c
@@ -116,7 +116,7 @@ int iu_rab_deact(struct ue_conn_ctx *ue_ctx, uint8_t rab_id)
 }
 
 int iu_tx_sec_mode_cmd(struct ue_conn_ctx *uectx, struct gsm_auth_tuple *tp,
-		       int send_ck)
+		       int send_ck, int new_key)
 {
 	struct osmo_scu_prim *prim;
 	struct msgb *msg;
@@ -138,7 +138,7 @@ int iu_tx_sec_mode_cmd(struct ue_conn_ctx *uectx, struct gsm_auth_tuple *tp,
 	}
 
 	/* crate RANAP message */
-	msg = ranap_new_msg_sec_mod_cmd(ik, send_ck? ck : NULL);
+	msg = ranap_new_msg_sec_mod_cmd(ik, send_ck? ck : NULL, new_key ? RANAP_KeyStatus_new : RANAP_KeyStatus_old);
 	msg->l2h = msg->data;
 	/* wrap RANAP message in SCCP N-DATA.req */
 	prim = (struct osmo_scu_prim *) msgb_push(msg, sizeof(*prim));
-- 
cgit v1.2.3