From ecaf5faa7994379319980313b5ce15d3c12db86e Mon Sep 17 00:00:00 2001
From: Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Date: Mon, 31 Aug 2020 19:10:39 +0700
Subject: gsm0808: fix: do not encode invalid encryption algorithm

According to 3GPP TS 48.008, section 3.2.2.44, the Chosen Encryption
Algorithm IE, which may be included in the following messages:

  - 3.2.1.2   ASSIGNMENT COMPLETE
  - 3.2.1.8   HANDOVER REQUEST
  - 3.2.1.10  HANDOVER REQUEST ACKNOWLEDGE
  - 3.2.1.12  HANDOVER COMPLETE
  - 3.2.1.25  HANDOVER PERFORMED
  - 3.2.1.31  CIPHER MODE COMPLETE

is coded as follows:

  0000 0001   No encryption used
  0000 0010   GSM A5/1
  0000 0011   GSM A5/2
  0000 0100   GSM A5/3
  0000 0101   GSM A5/4
  0000 0110   GSM A5/5
  0000 0111   GSM A5/6
  0000 1000   GSM A5/7

basically A5/X => X + 1.  All other values are Reserved for future
international use.  As can be seen, value 0x00 is RFU.  Passing
this value to some encoding functions would result in a PDU with
this IE omitted.  Although, some functions would still encode
Chosen Encryption Algorithm IE with this RFU value.

Let's ensure that all functions behave consistently.

Change-Id: If10e433a8174eabe6aa6d2c2937bf9cf5d14d7c9
---
 src/gsm/gsm0808.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'src/gsm/gsm0808.c')

diff --git a/src/gsm/gsm0808.c b/src/gsm/gsm0808.c
index 85f5cfc9..53220617 100644
--- a/src/gsm/gsm0808.c
+++ b/src/gsm/gsm0808.c
@@ -283,8 +283,9 @@ struct msgb *gsm0808_create_cipher_complete(struct msgb *layer3, uint8_t alg_id)
 					msgb_l3len(layer3), layer3->l3h);
 	}
 
-	/* and the optional BSS message */
-	msgb_tv_put(msg, GSM0808_IE_CHOSEN_ENCR_ALG, alg_id);
+	/* Optional Chosen Encryption Algorithm IE */
+	if (alg_id > 0)
+		msgb_tv_put(msg, GSM0808_IE_CHOSEN_ENCR_ALG, alg_id);
 
 	/* pre-pend the header */
 	msg->l3h = msgb_tv_push(msg, BSSAP_MSG_BSS_MANAGEMENT, msgb_length(msg));
@@ -603,7 +604,8 @@ struct msgb *gsm0808_create_ass_compl2(uint8_t rr_cause, uint8_t chosen_channel,
 	msgb_tv_put(msg, GSM0808_IE_CHOSEN_CHANNEL, chosen_channel);
 
 	/* write chosen encryption algorithm 3.2.2.44 */
-	msgb_tv_put(msg, GSM0808_IE_CHOSEN_ENCR_ALG, encr_alg_id);
+	if (encr_alg_id > 0)
+		msgb_tv_put(msg, GSM0808_IE_CHOSEN_ENCR_ALG, encr_alg_id);
 
 	/* write circuit pool 3.2.2.45 */
 	/* write speech version chosen: 3.2.2.51 when BTS picked it */
@@ -964,7 +966,7 @@ struct msgb *gsm0808_create_handover_request(const struct gsm0808_handover_reque
 	}
 
 	/* Chosen Encryption Algorithm (Serving) 3.2.2.44 */
-	if (params->chosen_encryption_algorithm_serving)
+	if (params->chosen_encryption_algorithm_serving > 0)
 		msgb_tv_put(msg, GSM0808_IE_CHOSEN_ENCR_ALG, params->chosen_encryption_algorithm_serving);
 
 	/* Old BSS to New BSS Information 3.2.2.58 */
@@ -1027,7 +1029,7 @@ struct msgb *gsm0808_create_handover_request_ack2(const struct gsm0808_handover_
 
 	if (params->chosen_channel_present)
 		msgb_tv_put(msg, GSM0808_IE_CHOSEN_CHANNEL, params->chosen_channel);
-	if (params->chosen_encr_alg)
+	if (params->chosen_encr_alg > 0)
 		msgb_tv_put(msg, GSM0808_IE_CHOSEN_ENCR_ALG, params->chosen_encr_alg);
 
 	if (params->chosen_speech_version != 0)
@@ -1157,7 +1159,7 @@ struct msgb *gsm0808_create_handover_complete(const struct gsm0808_handover_comp
 		gsm0808_enc_speech_codec_list(msg, &params->codec_list_bss_supported);
 
 	/* Chosen Encryption Algorithm 3.2.2.44 */
-	if (params->chosen_encr_alg_present)
+	if (params->chosen_encr_alg_present && params->chosen_encr_alg > 0)
 		msgb_tv_put(msg, GSM0808_IE_CHOSEN_ENCR_ALG, params->chosen_encr_alg);
 
 	/* LCLS-BSS-Status 3.2.2.119 */
@@ -1225,7 +1227,7 @@ struct msgb *gsm0808_create_handover_performed(const struct gsm0808_handover_per
 		msgb_tv_put(msg, GSM0808_IE_CHOSEN_CHANNEL, params->chosen_channel);
 
 	/* Chosen Encryption Algorithm 3.2.2.44 */
-	if (params->chosen_encr_alg_present)
+	if (params->chosen_encr_alg_present && params->chosen_encr_alg > 0)
 		msgb_tv_put(msg, GSM0808_IE_CHOSEN_ENCR_ALG, params->chosen_encr_alg);
 
 	/* Speech Version (chosen) 3.2.2.51 */
-- 
cgit v1.2.3