[MERGED] osmo-msc[master]: fix GSM-Milenage in presence of 2G keys

Mon, 18 Dec 2017 15:15:06 -0800 

Harald Welte has submitted this change and it was merged.

Change subject: fix GSM-Milenage in presence of 2G keys
......................................................................


fix GSM-Milenage in presence of 2G keys

In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
tokens. tuple->vec.kc was calculated from the GSM algorithm and is not
necessarily a match for the UMTS AKA tokens.

So far we were always sending the Kc retrieved from osmo-hlr. If the 2G auth
algo is set to milenage, the 2G Kc coincides with the one derived from 3G
tokens, but if 2G is set to a different algorithm, the Kc received from the
osmo-hlr is not usable for ciphering when UMTS AKA was used for authentication
(on R99 capable GERAN and MS).

Implementation: To decide whether to use UMTS AKA derived Kc or the Kc from the
auth vector, use the umts_aka flag added to set_ciph_mode() in a previous
patch. Use osmo_auth_c3() to derive the GSM AKA Kc from the UMTS AKA CK and KI.

Related: OS#2745
Requires: I85a1d6ae95ad9e5ce9524ef7fc06414848afc2aa (libosmocore)
Change-Id: If04e405426c55a81341747a9b450a69188525d5c
---
M src/libmsc/gsm_04_08.c
1 file changed, 7 insertions(+), 1 deletion(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index 472acf0..e370962 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -3421,7 +3421,13 @@
                        ei.perm_algo[0] = vlr_ciph_to_gsm0808_alg_id(ciph);
                        ei.perm_algo_len = 1;
 
-                       memcpy(ei.key, tuple->vec.kc, sizeof(tuple->vec.kc));
+                       /* In case of UMTS AKA, the Kc for ciphering must be 
derived from the 3G auth
+                        * tokens.  tuple->vec.kc was calculated from the GSM 
algorithm and is not
+                        * necessarily a match for the UMTS AKA tokens. */
+                       if (umts_aka)
+                               osmo_auth_c3(ei.key, tuple->vec.ck, 
tuple->vec.ik);
+                       else
+                               memcpy(ei.key, tuple->vec.kc, 
sizeof(tuple->vec.kc));
                        ei.key_len = sizeof(tuple->vec.kc);
 
                        return a_iface_tx_cipher_mode(conn, &ei, 
retrieve_imeisv);

-- 
To view, visit https://gerrit.osmocom.org/5470
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: If04e405426c55a81341747a9b450a69188525d5c
Gerrit-PatchSet: 5
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <[email protected]>
Gerrit-Reviewer: Harald Welte <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Neels Hofmeyr <[email protected]>

Reply via email to