Project

General

Profile

Bug #1794

support random IV for GEA (via XID)

Added by msuraev over 4 years ago. Updated about 3 years ago.

Status:
Stalled
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
08/09/2016
Due date:
% Done:

10%

Spec Reference:

Description

Current implementation of GPRS encryption uses hardcoded IV = 0 while according to spec it should be random. This random value is communicated to client as part of XID negotiation.


Related issues

Related to libosmocore - Feature #1910: add v4 encryption supportResolved01/11/2017

Related to OsmocomBB - Feature #1672: add gprs decoding utilityClosed03/24/2016

Related to OsmoGGSN (former OpenGGSN) - Bug #2843: crash by icmpv6 messageResolved01/19/2018

Blocked by OsmoSGSN - Feature #1580: IP header compressionClosed02/23/2016

Blocks OsmoSGSN - Bug #1582: GEA Encryption is missingResolved02/23/2016

Associated revisions

Revision 549ebc7d (diff)
Added by max over 4 years ago

Improve GPRS logging

  • log xid type as string instead of int
  • log packet encryption status, algorithm and IOV-UI in debug mode
  • print encryption parameters when dumping llme via vty
  • log key propagation from MM to LLC

Related: OS#1794
Change-Id: I30c38fdeb0b88bb39bdb9928851300bc79e6aec6

Revision df9fb383 (diff)
Added by max over 4 years ago

Improve GPRS logging

  • log xid type as string instead of int
  • log packet encryption status, algorithm and IOV-UI in debug mode
  • print encryption parameters when dumping llme via vty
  • log key propagation from MM to LLC

Related: OS#1794
Change-Id: I30c38fdeb0b88bb39bdb9928851300bc79e6aec6

Revision db142dc5 (diff)
Added by dexter over 4 years ago

sndcp: Allow empty SNDCP-XID indications

In some rare cases the modem might send a xid indication that does
not contain anything except the version number field. The sgsn
ignors such SNDCP-XID indications by stripping the entire field
from the response. We found a modem in the wild that started to
act problematic when the empty SNDCP-XID was missing in the
response. This patch changes the XID negotiation behaviour in
a way that if a modem should send empty SNDCP-XID indications,
the reply will also contain an empty SNDCP-XID indication. Apart
from that the SNDCP-XID version number is now parsed and echoed
in the response. This ensures that we always reply with the version
number that the modem expects. (The version was 0 in all cases we
observed so far)

Change-Id: I097a770cb4907418f53e620a051ebb8cd110c5f2
Related: OS#1794

Revision 9bf7dcba (diff)
Added by dexter over 4 years ago

sndcp: Allow empty SNDCP-XID indications

In some rare cases the modem might send a xid indication that does
not contain anything except the version number field. The sgsn
ignors such SNDCP-XID indications by stripping the entire field
from the response. We found a modem in the wild that started to
act problematic when the empty SNDCP-XID was missing in the
response. This patch changes the XID negotiation behaviour in
a way that if a modem should send empty SNDCP-XID indications,
the reply will also contain an empty SNDCP-XID indication. Apart
from that the SNDCP-XID version number is now parsed and echoed
in the response. This ensures that we always reply with the version
number that the modem expects. (The version was 0 in all cases we
observed so far)

Change-Id: I097a770cb4907418f53e620a051ebb8cd110c5f2
Related: OS#1794

History

#1 Updated by msuraev over 4 years ago

#2 Updated by msuraev over 4 years ago

  • Blocks Bug #1582: GEA Encryption is missing added

#3 Updated by laforge over 4 years ago

The LLC XID related patch was just merged, so this should be possible to
implement now.
--
- Harald Welte <> http://laforge.gnumonks.org/ ============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)

#4 Updated by laforge over 4 years ago

  • Assignee set to msuraev

#5 Updated by laforge over 4 years ago

  • Priority changed from Low to High

#6 Updated by msuraev over 4 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10

#7 Updated by msuraev over 4 years ago

  • Status changed from In Progress to Stalled

#8 Updated by laforge about 4 years ago

  • Priority changed from High to Normal

#9 Updated by laforge almost 4 years ago

ping?

#10 Updated by laforge over 3 years ago

another ping, 5 months later. This is not acceptable.

#11 Updated by msuraev over 3 years ago

Sorry, completely slipped of my mind - I was sure I've updated it. There's incomplete implementation in gerrit 1462 which is not working unfortunately: we send IV to the phone, we got encrypted traffic back but we fail to decrypt it (using IV we've sent or IV=0). Which means that the phone interprets it somehow differently. To debug this we've got to somehow get phone's baseband logs. Unfortunately xgoldmon and osmocom-bb do not support gprs yet. Not sure if there's better way to see what goes wrong.

#12 Updated by msuraev about 3 years ago

  • Status changed from Stalled to In Progress

The patch is ported to OsmoSGSN and available in gerrit 5788. It still requires further testing and adjustements before in can be merged though.

#13 Updated by msuraev about 3 years ago

#14 Updated by msuraev about 3 years ago

#15 Updated by msuraev about 3 years ago

  • Related to Bug #2843: crash by icmpv6 message added

#16 Updated by msuraev about 3 years ago

  • Status changed from In Progress to Stalled

#17 Updated by laforge about 3 years ago

  • Assignee deleted (msuraev)

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)