Fix MM Auth: zero-initialize auth tuple before first use
Make sure a new auth tuple is initialized after db_get_lastauthtuple_for_subscr() returns an error, i.e. if no tuple is present for the subscriber yet. Before this patch, the first key_seq depended on the typically uninitialized value that was present in auth tuple's key_seq upon calling auth_get_tuple_for_subscr(). The very first key_seq used for a new subscriber will now always be 0. Before, it used to be mostly 1 ("(0 + 1) % 7"), but depended on whether the key_seq was indeed initialized with 0, actually by random.
This commit is contained in:
parent
0d929be826
commit
cf1302e4cb
|
@ -110,8 +110,17 @@ int auth_get_tuple_for_subscr(struct gsm_auth_tuple *atuple,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Generate a new one */
|
/* Generate a new one */
|
||||||
|
if (rc != 0) {
|
||||||
|
/* If db_get_lastauthtuple_for_subscr() returned nothing, make
|
||||||
|
* sure the atuple memory is initialized to zero and thus start
|
||||||
|
* off with key_seq = 0. */
|
||||||
|
memset(atuple, 0, sizeof(*atuple));
|
||||||
|
} else {
|
||||||
|
/* If db_get_lastauthtuple_for_subscr() returned a previous
|
||||||
|
* tuple, use the next key_seq. */
|
||||||
|
atuple->key_seq = (atuple->key_seq + 1) % 7;
|
||||||
|
}
|
||||||
atuple->use_count = 1;
|
atuple->use_count = 1;
|
||||||
atuple->key_seq = (atuple->key_seq + 1) % 7;
|
|
||||||
|
|
||||||
if (RAND_bytes(atuple->rand, sizeof(atuple->rand)) != 1) {
|
if (RAND_bytes(atuple->rand, sizeof(atuple->rand)) != 1) {
|
||||||
LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed, can't generate new auth tuple\n");
|
LOGP(DMM, LOGL_NOTICE, "RAND_bytes failed, can't generate new auth tuple\n");
|
||||||
|
|
|
@ -183,7 +183,29 @@ static void test_auth_then_ciph1()
|
||||||
OSMO_ASSERT(auth_tuple_is(&atuple,
|
OSMO_ASSERT(auth_tuple_is(&atuple,
|
||||||
"gsm_auth_tuple {\n"
|
"gsm_auth_tuple {\n"
|
||||||
" .use_count = 1\n"
|
" .use_count = 1\n"
|
||||||
" .key_seq = 1\n"
|
" .key_seq = 0\n"
|
||||||
|
" .rand = 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 \n"
|
||||||
|
" .sres = a1 ab c6 90 \n"
|
||||||
|
" .kc = 0f 27 ed f3 ac 97 ac 00 \n"
|
||||||
|
"}\n"
|
||||||
|
));
|
||||||
|
|
||||||
|
/* With a different last saved key_seq stored in the out-arg of
|
||||||
|
* db_get_lastauthtuple_for_subscr() by coincidence, expect absolutely
|
||||||
|
* the same as above. */
|
||||||
|
test_auth_info = default_auth_info;
|
||||||
|
test_last_auth_tuple = default_auth_tuple;
|
||||||
|
test_last_auth_tuple.key_seq = 3;
|
||||||
|
test_get_authinfo_rc = 0;
|
||||||
|
test_get_lastauthtuple_rc = -ENOENT;
|
||||||
|
key_seq = 0;
|
||||||
|
auth_action = auth_get_tuple_for_subscr_verbose(&atuple, &subscr,
|
||||||
|
key_seq);
|
||||||
|
OSMO_ASSERT(auth_action == AUTH_DO_AUTH_THEN_CIPH);
|
||||||
|
OSMO_ASSERT(auth_tuple_is(&atuple,
|
||||||
|
"gsm_auth_tuple {\n"
|
||||||
|
" .use_count = 1\n"
|
||||||
|
" .key_seq = 0\n"
|
||||||
" .rand = 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 \n"
|
" .rand = 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 \n"
|
||||||
" .sres = a1 ab c6 90 \n"
|
" .sres = a1 ab c6 90 \n"
|
||||||
" .kc = 0f 27 ed f3 ac 97 ac 00 \n"
|
" .kc = 0f 27 ed f3 ac 97 ac 00 \n"
|
||||||
|
|
|
@ -12,6 +12,10 @@ wrapped: db_get_authinfo_for_subscr(): rc = 0
|
||||||
wrapped: db_get_lastauthtuple_for_subscr(): rc = -2
|
wrapped: db_get_lastauthtuple_for_subscr(): rc = -2
|
||||||
wrapped: db_sync_lastauthtuple_for_subscr(): rc = 0
|
wrapped: db_sync_lastauthtuple_for_subscr(): rc = 0
|
||||||
auth_get_tuple_for_subscr(key_seq=0) --> auth_action == AUTH_DO_AUTH_THEN_CIPH
|
auth_get_tuple_for_subscr(key_seq=0) --> auth_action == AUTH_DO_AUTH_THEN_CIPH
|
||||||
|
wrapped: db_get_authinfo_for_subscr(): rc = 0
|
||||||
|
wrapped: db_get_lastauthtuple_for_subscr(): rc = -2
|
||||||
|
wrapped: db_sync_lastauthtuple_for_subscr(): rc = 0
|
||||||
|
auth_get_tuple_for_subscr(key_seq=0) --> auth_action == AUTH_DO_AUTH_THEN_CIPH
|
||||||
|
|
||||||
* test_auth_then_ciph2()
|
* test_auth_then_ciph2()
|
||||||
wrapped: db_get_authinfo_for_subscr(): rc = 0
|
wrapped: db_get_authinfo_for_subscr(): rc = 0
|
||||||
|
|
Loading…
Reference in New Issue