Project

General

Profile

Bug #3193

auth: on GERAN, must allow GSM SRES response even to UMTS AKA challenge

Added by neels over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
04/21/2018
Due date:
% Done:

100%

Spec Reference:

Description

On OsmoSGSN:

20180421220155513 DMM INFO gprs_gmm.c:731 MM(901700000014702/e2269155) -> GPRS AUTH AND CIPH RESPONSE
20180421220155513 DMM DEBUG gprs_gmm.c:778 MM(901700000014702/e2269155) checking auth: received GSM SRES = f1 4c b4 f2 
20180421220155514 DMM ERROR gprs_gmm.c:714 MM(901700000014702/e2269155) Auth mismatch: expected UMTS RES = e374fa67087f0318
20180421220155514 DMM NOTICE gprs_gmm.c:651 MM(901700000014702/e2269155) <- GPRS AUTH AND CIPH REJECT

On OsmoMSC though it works fine:

20180421220150541 DMM DEBUG gsm_04_08.c:617 -> AUTH REQ (rand = cab3375ae19d30bf1550c3da41e55fd5)
20180421220150541 DMM DEBUG gsm_04_08.c:619    AUTH REQ (autn = 4d6215b4eaa900007b24c3d63bc49787)
...
20180421220151472 DRLL DEBUG gsm_04_08.c:3482 Dispatching 04.08 message GSM48_MT_MM_AUTH_RESP (0x5:0x14)
20180421220151472 DMM DEBUG gsm_04_08.c:996 IMSI:901700000014702: MM GSM AUTHENTICATION RESPONSE (sres = eb713263)
20180421220151472 DVLR DEBUG vlr.c:1205 VLR_Authenticate(LU:2652801335)[0x6120000132a0]{VLR_SUB_AS_WAIT_RESP}: Received Event VLR_AUTH_E_MS_AUTH_RESP
20180421220151472 DVLR DEBUG vlr_auth_fsm.c:136 SUBSCR(IMSI:901700000014702) AUTH on GERAN received SRES/RES: eb713263 (4 bytes)
20180421220151472 DVLR INFO vlr_auth_fsm.c:208 SUBSCR(IMSI:901700000014702) AUTH established GSM security context

Like osmo-msc, we should allow responding with a GSM SRES to a UMTS AKA auth request in OsmoSGSN.

Seen with Ingenico iWL221 (portable electronic payment terminal) on OsmoDevCon 2018.

(This reminds me of osmo-msc #2793 but actually is a bit different -- in osmo-msc, we accepted the SRES but then used the UMTS key for ciphering, here we still need to accept the SRES to begin with)


Related issues

Related to OsmoSGSN - Bug #3224: verify ciphering after UMTS AKANew04/30/2018

History

#1 Updated by neels over 1 year ago

Same behavior observed on Samsung B2100!
Go to menu, select the "globe" symbol and enter a URL, it will then attempt to establish a GMM context.
So fixeria can take the credit card reader back home and we still have a device to reproduce the bug with =)

#2 Updated by neels over 1 year ago

  • Related to Bug #3224: verify ciphering after UMTS AKA added

#3 Updated by neels over 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)