cosmetic prep: tell vlr_ops.set_ciph_mode() whether UMTS AKA is used
In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
tokens. tuple->vec.kc was calculated from the GSM algorithm and is not
necessarily a match for the UMTS AKA tokens.
To decide (in an upcoming patch) whether to use UMTS AKA derived Kc or the Kc
from the auth vector, the set_ciph_mode() from vlr_ops needs to know whether
UMTS AKA is being used. This could possibly derived from the msc_conn_ref, but
all flags are already available in the vlr_lu_fsm and vlr_access_req_fsm. Hence
add a umts_aka flag to the set_ciph_mode() callback invocation. The VLR FSMs
thus decide whether UMTS AKA or GSM AKA is to be used during Ciphering Mode
Command, which makes more sense than re-implementing the same decision process
in the MSC.
I considered placing the Kc derivation in vlr_set_ciph_mode() and only tell the
MSC's set_ciph_mode() implementation the precise keys it should use, but the
RAN particulars, and whether a Kc is used at all, rather belong with the MSC.
Related: OS#2745
Prepares: If04e405426c55a81341747a9b450a69188525d5c
Change-Id: I983c48347faf4ee1b405d8174b4e006c904157cf
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index d2c56c5..472acf0 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -3388,6 +3388,7 @@
/* VLR asks us to start using ciphering */
static int msc_vlr_set_ciph_mode(void *msc_conn_ref,
enum vlr_ciph ciph,
+ bool umts_aka,
bool retrieve_imeisv)
{
struct gsm_subscriber_connection *conn = msc_conn_ref;
diff --git a/src/libvlr/vlr.c b/src/libvlr/vlr.c
index 55b8de0..670ff83 100644
--- a/src/libvlr/vlr.c
+++ b/src/libvlr/vlr.c
@@ -1096,6 +1096,7 @@
struct osmo_fsm_inst *fi,
void *msc_conn_ref,
enum vlr_ciph ciph_mode,
+ bool umts_aka,
bool retrieve_imeisv)
{
switch (ciph_mode) {
@@ -1108,6 +1109,7 @@
ciph_mode, vlr_ciph_name(ciph_mode));
return vlr->ops.set_ciph_mode(msc_conn_ref,
ciph_mode,
+ umts_aka,
retrieve_imeisv);
case VLR_CIPH_A5_2:
diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c
index e90d8de..41e629e 100644
--- a/src/libvlr/vlr_access_req_fsm.c
+++ b/src/libvlr/vlr_access_req_fsm.c
@@ -294,6 +294,7 @@
if (vlr_set_ciph_mode(vsub->vlr, fi, par->msc_conn_ref,
par->ciphering_required,
+ vlr_use_umts_aka(&vsub->last_tuple->vec, par->is_r99),
vsub->vlr->cfg.retrieve_imeisv_ciphered)) {
LOGPFSML(fi, LOGL_ERROR,
"Failed to send Ciphering Mode Command\n");
diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c
index a3a68ed..e540e2a 100644
--- a/src/libvlr/vlr_lu_fsm.c
+++ b/src/libvlr/vlr_lu_fsm.c
@@ -826,8 +826,15 @@
return;
}
+ if (!vsub->last_tuple) {
+ LOGPFSML(fi, LOGL_ERROR, "No auth tuple available\n");
+ vlr_lu_compl_fsm_failure(fi, GSM48_REJECT_NETWORK_FAILURE);
+ return;
+ }
+
if (vlr_set_ciph_mode(vsub->vlr, fi, lfp->msc_conn_ref,
lfp->ciphering_required,
+ vlr_use_umts_aka(&vsub->last_tuple->vec, lfp->is_r99),
vsub->vlr->cfg.retrieve_imeisv_ciphered)) {
LOGPFSML(fi, LOGL_ERROR,
"Failed to send Ciphering Mode Command\n");