In auth_get_tuple_for_subscr(), add missing condition to match incoming
key_seq with stored key_seq, so that re-authentication is requested for
mismatching key_seqs.
Add test for this issue.
---
openbsc/src/libmsc/auth.c | 1 +
openbsc/tests/mm_auth/mm_auth_test.c | 32 ++++++++++++++++++++++++++++++++
openbsc/tests/mm_auth/mm_auth_test.ok | 6 ++++++
3 files changed, 39 insertions(+)
diff --git a/openbsc/src/libmsc/auth.c b/openbsc/src/libmsc/auth.c
index 0a8fbf4..e4d33f0 100644
--- a/openbsc/src/libmsc/auth.c
+++ b/openbsc/src/libmsc/auth.c
@@ -91,6 +91,7 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
rc = db_get_lastauthtuple_for_subscr(atuple, subscr);
if ((rc == 0) &&
(key_seq != GSM_KEY_SEQ_INVAL) &&
+ (key_seq == atuple->key_seq) &&
(atuple->use_count < 3))
{
atuple->use_count++;
diff --git a/openbsc/tests/mm_auth/mm_auth_test.c
b/openbsc/tests/mm_auth/mm_auth_test.c
index 1d65984..2b45861 100644
--- a/openbsc/tests/mm_auth/mm_auth_test.c
+++ b/openbsc/tests/mm_auth/mm_auth_test.c
@@ -272,6 +272,37 @@ static void test_auth_reuse()
));
}
+static void test_auth_reuse_key_seq_mismatch()
+{
+ int auth_action;
+ struct gsm_auth_tuple atuple = {0};
+ struct gsm_subscriber subscr = {0};
+ int key_seq;
+
+ printf("\n* test_auth_reuse_key_seq_mismatch()\n");
+
+ /* Ki entry, auth tuple negotiated, valid+matching incoming key_seq */
+ test_auth_info = default_auth_info;
+ test_last_auth_tuple = default_auth_tuple;
+ test_last_auth_tuple.key_seq = 3;
+ key_seq = 4;
+ test_last_auth_tuple.use_count = 1;
+ test_get_authinfo_rc = 0;
+ test_get_lastauthtuple_rc = 0;
+ auth_action = auth_get_tuple_for_subscr_verbose(&atuple, &subscr,
+ key_seq);
+ OSMO_ASSERT(auth_action == AUTH_DO_AUTH_THEN_CIPH);
+ OSMO_ASSERT(auth_tuple_is(&atuple,
+ "gsm_auth_tuple {\n"
+ " .use_count = 1\n"
+ " .key_seq = 4\n"
+ " .rand = 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 \n"
+ " .sres = a1 ab c6 90 \n"
+ " .kc = 0f 27 ed f3 ac 97 ac 00 \n"
+ "}\n"
+ ));
+}
+
int main(void)
{
osmo_init_logging(&log_info);
@@ -282,5 +313,6 @@ int main(void)
test_auth_then_ciph1();
test_auth_then_ciph2();
test_auth_reuse();
+ test_auth_reuse_key_seq_mismatch();
return 0;
}
diff --git a/openbsc/tests/mm_auth/mm_auth_test.ok
b/openbsc/tests/mm_auth/mm_auth_test.ok
index 7dedadc..9d89bfb 100644
--- a/openbsc/tests/mm_auth/mm_auth_test.ok
+++ b/openbsc/tests/mm_auth/mm_auth_test.ok
@@ -28,3 +28,9 @@ wrapped: db_get_authinfo_for_subscr(): rc = 0
wrapped: db_get_lastauthtuple_for_subscr(): rc = 0
wrapped: db_sync_lastauthtuple_for_subscr(): rc = 0
auth_get_tuple_for_subscr(key_seq=3) --> auth_action == AUTH_DO_CIPH
+
+* test_auth_reuse_key_seq_mismatch()
+wrapped: db_get_authinfo_for_subscr(): rc = 0
+wrapped: db_get_lastauthtuple_for_subscr(): rc = 0
+wrapped: db_sync_lastauthtuple_for_subscr(): rc = 0
+auth_get_tuple_for_subscr(key_seq=4) --> auth_action == AUTH_DO_AUTH_THEN_CIPH
--
2.1.4
