neels has submitted this change. (
https://gerrit.osmocom.org/c/osmo-msc/+/29695 )
Change subject: msc_a,vlr: add is_ciphering_required (accurately named)
......................................................................
msc_a,vlr: add is_ciphering_required (accurately named)
For establishing Layer 3, pass a flag from msc_a to VLR that indicates
to fail if encryption is not possible.
An earlier patch [1] renamed a previously existing flag
require_ciphering to is_ciphering_to_be_attempted, because the naming
was not accurate. This new flag now indicates what its name suggests.
This new flag is needed for upcoming patch [2] to distinguish between
optional and mandatory encryption.
[1] Ia55085e3b36feb275bcf92fc91a4be7d1c24a6b9
[2] I5feda196fa481dd8a46b0e4721c64b7c6600f0d1
Related: OS#4830
Change-Id: I52090c5f5db997030da7c2ed9beca9c51f55f4cf
---
M include/osmocom/msc/msc_a.h
M include/osmocom/msc/vlr.h
M src/libmsc/gsm_04_08.c
M src/libmsc/msc_a.c
M src/libvlr/vlr_access_req_fsm.c
M src/libvlr/vlr_lu_fsm.c
6 files changed, 39 insertions(+), 0 deletions(-)
Approvals:
neels: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/include/osmocom/msc/msc_a.h b/include/osmocom/msc/msc_a.h
index fd0aa08..e56ea52 100644
--- a/include/osmocom/msc/msc_a.h
+++ b/include/osmocom/msc/msc_a.h
@@ -181,6 +181,7 @@
unsigned int msc_a_pending_cm_service_req_count(struct msc_a *msc_a, enum
osmo_cm_service_type type);
void msc_a_pending_cm_service_req_del(struct msc_a *msc_a, enum
osmo_cm_service_type type);
bool msc_a_is_ciphering_to_be_attempted(const struct msc_a *msc_a);
+bool msc_a_is_ciphering_required(const struct msc_a *msc_a);
#define msc_a_ran_down(A,B,C) \
_msc_a_ran_down(A,B,C, __FILE__, __LINE__)
diff --git a/include/osmocom/msc/vlr.h b/include/osmocom/msc/vlr.h
index d3a1e92..dd0af7b 100644
--- a/include/osmocom/msc/vlr.h
+++ b/include/osmocom/msc/vlr.h
@@ -300,6 +300,7 @@
const struct osmo_location_area_id *new_lai,
bool authentication_required,
bool is_ciphering_to_be_attempted,
+ bool is_ciphering_required,
uint8_t key_seq,
bool is_r99, bool is_utran,
bool assign_tmsi);
@@ -464,6 +465,7 @@
const struct osmo_location_area_id *lai,
bool authentication_required,
bool is_ciphering_to_be_attempted,
+ bool is_ciphering_required,
uint8_t key_seq,
bool is_r99, bool is_utran);
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index 53cafa4..bd7cfe0 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -418,6 +418,7 @@
&old_lai, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
msc_a_is_ciphering_to_be_attempted(msc_a),
+ msc_a_is_ciphering_required(msc_a),
lu->key_seq,
osmo_gsm48_classmark1_is_r99(&lu->classmark1),
is_utran,
@@ -819,6 +820,7 @@
&mi, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
msc_a_is_ciphering_to_be_attempted(msc_a),
+ msc_a_is_ciphering_required(msc_a),
req->cipher_key_seq,
osmo_gsm48_classmark2_is_r99(cm2, cm2_len),
is_utran);
@@ -945,6 +947,7 @@
&mi, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
msc_a_is_ciphering_to_be_attempted(msc_a),
+ msc_a_is_ciphering_required(msc_a),
req->cipher_key_seq,
osmo_gsm48_classmark2_is_r99(cm2, cm2_len),
is_utran);
@@ -1307,6 +1310,7 @@
VLR_PR_ARQ_T_PAGING_RESP, 0, &mi, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
msc_a_is_ciphering_to_be_attempted(msc_a),
+ msc_a_is_ciphering_required(msc_a),
pr->key_seq,
osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),
is_utran);
diff --git a/src/libmsc/msc_a.c b/src/libmsc/msc_a.c
index 5d44686..d7e97cd 100644
--- a/src/libmsc/msc_a.c
+++ b/src/libmsc/msc_a.c
@@ -116,6 +116,18 @@
return net->a5_encryption_mask > 0x1;
}
+bool msc_a_is_ciphering_required(const struct msc_a *msc_a)
+{
+ struct gsm_network *net = msc_a_net(msc_a);
+ bool is_utran = (msc_a->c.ran->type == OSMO_RAT_UTRAN_IU);
+ if (is_utran)
+ return net->uea_encryption_mask
+ && ((net->uea_encryption_mask & (1 << OSMO_UTRAN_UEA0))
== 0);
+ else
+ return net->a5_encryption_mask
+ && ((net->a5_encryption_mask & 0x1) == 0);
+}
+
static void update_counters(struct osmo_fsm_inst *fi, bool conn_accepted)
{
struct msc_a *msc_a = fi->priv;
diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c
index ce7c2af..af7ec74 100644
--- a/src/libvlr/vlr_access_req_fsm.c
+++ b/src/libvlr/vlr_access_req_fsm.c
@@ -67,7 +67,12 @@
uint32_t tmsi;
struct osmo_location_area_id lai;
bool authentication_required;
+ /* is_ciphering_to_be_attempted: true when any A5/n > 0 are enabled.
Ciphering is allowed, always attempt to get Auth Info from
+ * the HLR. */
bool is_ciphering_to_be_attempted;
+ /* is_ciphering_required: true when A5/0 is disabled. If we cannot get
Auth Info from the HLR, reject the
+ * subscriber. */
+ bool is_ciphering_required;
uint8_t key_seq;
bool is_r99;
bool is_utran;
@@ -635,12 +640,16 @@
const struct osmo_location_area_id *lai,
bool authentication_required,
bool is_ciphering_to_be_attempted,
+ bool is_ciphering_required,
uint8_t key_seq,
bool is_r99, bool is_utran)
{
struct osmo_fsm_inst *fi;
struct proc_arq_priv *par;
+ if (is_ciphering_required)
+ OSMO_ASSERT(is_ciphering_to_be_attempted);
+
fi = osmo_fsm_inst_alloc_child(&proc_arq_vlr_fsm, parent,
parent_event_failure);
if (!fi)
@@ -658,6 +667,7 @@
par->parent_event_data = parent_event_data;
par->authentication_required = authentication_required;
par->is_ciphering_to_be_attempted = is_ciphering_to_be_attempted;
+ par->is_ciphering_required = is_ciphering_required;
par->key_seq = key_seq;
par->is_r99 = is_r99;
par->is_utran = is_utran;
diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c
index e8ceefd..22875cf 100644
--- a/src/libvlr/vlr_lu_fsm.c
+++ b/src/libvlr/vlr_lu_fsm.c
@@ -676,7 +676,12 @@
struct osmo_location_area_id old_lai;
struct osmo_location_area_id new_lai;
bool authentication_required;
+ /* is_ciphering_to_be_attempted: true when any A5/n > 0 are enabled.
Ciphering is allowed, always attempt to get Auth Info from
+ * the HLR. */
bool is_ciphering_to_be_attempted;
+ /* is_ciphering_required: true when A5/0 is disabled. If we cannot get
Auth Info from the HLR, reject the
+ * subscriber. */
+ bool is_ciphering_required;
uint8_t key_seq;
bool is_r99;
bool is_utran;
@@ -1476,6 +1481,7 @@
const struct osmo_location_area_id *new_lai,
bool authentication_required,
bool is_ciphering_to_be_attempted,
+ bool is_ciphering_required,
uint8_t key_seq,
bool is_r99, bool is_utran,
bool assign_tmsi)
@@ -1483,6 +1489,9 @@
struct osmo_fsm_inst *fi;
struct lu_fsm_priv *lfp;
+ if (is_ciphering_required)
+ OSMO_ASSERT(is_ciphering_to_be_attempted);
+
fi = osmo_fsm_inst_alloc_child(&vlr_lu_fsm, parent,
parent_event_failure);
if (!fi)
return NULL;
@@ -1500,6 +1509,7 @@
lfp->parent_event_data = parent_event_data;
lfp->authentication_required = authentication_required;
lfp->is_ciphering_to_be_attempted = is_ciphering_to_be_attempted;
+ lfp->is_ciphering_required = is_ciphering_required;
lfp->key_seq = key_seq;
lfp->is_r99 = is_r99;
lfp->is_utran = is_utran;
--
To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/29695
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Change-Id: I52090c5f5db997030da7c2ed9beca9c51f55f4cf
Gerrit-Change-Number: 29695
Gerrit-PatchSet: 3
Gerrit-Owner: neels <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <[email protected]>
Gerrit-Reviewer: neels <[email protected]>
Gerrit-Reviewer: pespin <[email protected]>
Gerrit-CC: msuraev <[email protected]>
Gerrit-MessageType: merged
