paulmataruso/osmo-mgw
1
0
Fork 0
mirror of https://gitea.osmocom.org/cellular-infrastructure/osmo-mgw.git synced 2025-11-01 20:43:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

sgsn: Do authentication based on SRES values

Browse Source 
Currently the SRES value in the Auth & Ciph Response is ignored.

This patch checks the SRES value in response against the value stored
in mm->auth_triplet.sres. If they don't match, an Auth & Ciph Reject
message is sent to the MS. If they match, the mm->is_authenticated
flag is set.

Note that the procedure will not be started yet.

Sponsored-by: On-Waves ehf
This commit is contained in:
Jacob Erlbeck
2014-12-01 12:44:24 +01:00
committed by Holger Hans Peter Freyther
parent bd0cf1190a
commit 8ff3fb04f2
2 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
openbsc/include/openbsc/gprs_sgsn.h
View File

@@ -130,6 +130,7 @@ struct sgsn_mm_ctx {
* whether one of them can be dropped. */ * whether one of them can be dropped. */
enum sgsn_auth_state auth_state; enum sgsn_auth_state auth_state;
int is_authenticated;
struct gsm_subscriber *subscr; struct gsm_subscriber *subscr;
}; };

34
openbsc/src/gprs/gprs_gmm.c
View File

@@ -600,6 +600,16 @@ static int gsm48_rx_gmm_auth_ciph_resp(struct sgsn_mm_ctx *ctx,
struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg); struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg);
struct gsm48_auth_ciph_resp *acr = (struct gsm48_auth_ciph_resp *)gh->data; struct gsm48_auth_ciph_resp *acr = (struct gsm48_auth_ciph_resp *)gh->data;
struct tlv_parsed tp; struct tlv_parsed tp;
struct gsm_auth_tuple *at;
int rc;
LOGMMCTXP(LOGL_INFO, ctx, "-> GPRS AUTH AND CIPH RESPONSE\n");
if (ctx->auth_triplet.key_seq == GSM_KEY_SEQ_INVAL) {
LOGMMCTXP(LOGL_NOTICE, ctx,
"Unexpected Auth & Ciph Response (ignored)\n");
return 0;
}
/* Stop T3360 */ /* Stop T3360 */
mmctx_timer_stop(ctx, 3360); mmctx_timer_stop(ctx, 3360);
@@ -611,10 +621,30 @@ static int gsm48_rx_gmm_auth_ciph_resp(struct sgsn_mm_ctx *ctx,
if (!TLVP_PRESENT(&tp, GSM48_IE_GMM_AUTH_SRES) || if (!TLVP_PRESENT(&tp, GSM48_IE_GMM_AUTH_SRES) ||
!TLVP_PRESENT(&tp, GSM48_IE_GMM_IMEISV)) { !TLVP_PRESENT(&tp, GSM48_IE_GMM_IMEISV)) {
/* FIXME: missing mandatory IE */ /* TODO: missing mandatory IE, return STATUS or REJ? */
LOGMMCTXP(LOGL_ERROR, ctx, "Missing mandantory IE\n");
return -EINVAL;
} }
/* FIXME: compare SRES with what we expected */ /* Compare SRES with what we expected */
LOGMMCTXP(LOGL_DEBUG, ctx, "checking received auth info, SRES = %s\n",
osmo_hexdump(TLVP_VAL(&tp, GSM48_IE_GMM_AUTH_SRES),
TLVP_LEN(&tp, GSM48_IE_GMM_AUTH_SRES)));
at = &ctx->auth_triplet;
if (TLVP_LEN(&tp, GSM48_IE_GMM_AUTH_SRES) != sizeof(at->sres) ||
memcmp(TLVP_VAL(&tp, GSM48_IE_GMM_AUTH_SRES), at->sres,
sizeof(at->sres)) != 0) {
LOGMMCTXP(LOGL_NOTICE, ctx, "Received SRES doesn't match\n");
rc = gsm48_tx_gmm_auth_ciph_rej(ctx);
mm_ctx_cleanup_free(ctx, "GPRS AUTH AND CIPH REJECT");
return rc;
}
ctx->is_authenticated = 1;
/* FIXME: enable LLC cipheirng */ /* FIXME: enable LLC cipheirng */
return 0; return 0;
} }