Change in ...osmo-msc[master]: do not force encryption on UTRAN

laforge gerrit-no-reply at lists.osmocom.org
Wed Aug 7 15:57:27 UTC 2019


laforge has submitted this change and it was merged. ( https://gerrit.osmocom.org/c/osmo-msc/+/15022 )

Change subject: do not force encryption on UTRAN
......................................................................

do not force encryption on UTRAN

Remove the conditions that always enable encryption on UTRAN.

We so far lack an explicit configuration for UTRAN encryption, and this patch
does not add any either. Instead, whether UTRAN encryption is enabled is simply
triggered on whether GERAN has A5 encryption enabled (A5/n with n > 0). Though
GERAN and UTRAN encryption are not technically related at all, this makes UTRAN
behave like GERAN for now, until we implement a proper separate configuration
for UTRAN encryption.

Adjust the msc_vlr_test_* configuration by setting the net->a5_encryption_mask
such that the expected output remains unchanged. A subsequent patch
(I54227f1f08c38c0bf69b9c48924669c4829b04b9) will add more tests, particularly
cases of UTRAN without encryption.

Adjust manual and vty doc.

Related: OS#2783
Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7
---
M doc/manuals/chapters/net.adoc
M src/libmsc/gsm_04_08.c
M src/libmsc/msc_vty.c
M tests/msc_vlr/msc_vlr_test_authen_reuse.c
M tests/msc_vlr/msc_vlr_test_call.c
M tests/msc_vlr/msc_vlr_test_umts_authen.c
M tests/msc_vlr/msc_vlr_tests.h
7 files changed, 48 insertions(+), 5 deletions(-)

Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, approved



diff --git a/doc/manuals/chapters/net.adoc b/doc/manuals/chapters/net.adoc
index 431455d..4bf34a3 100644
--- a/doc/manuals/chapters/net.adoc
+++ b/doc/manuals/chapters/net.adoc
@@ -189,6 +189,10 @@
 While authentication is always required on 3G, ciphering is optional.
 
 So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim
-solution, ciphering is always enabled on 3G.
+solution, ciphering is enabled on 3G exactly when ciphering is enabled on 2G,
+i.e. when any cipher other than A5/0 is enabled in the configuration. If only
+A5/0 is configured, ciphering will be disabled on both 2G and 3G. The future
+aim is to add comprehensive configuration for 3G ciphering that is independent
+from the 2G setting.
 
 OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G.
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index ee31747..cd37cff 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -375,7 +375,7 @@
 				net->vlr, msc_a, vlr_lu_type, tmsi, imsi,
 				&old_lai, &msc_a->via_cell.lai,
 				is_utran || net->authentication_required,
-				is_utran || net->a5_encryption_mask > 0x01,
+				net->a5_encryption_mask > 0x01,
 				lu->key_seq,
 				osmo_gsm48_classmark1_is_r99(&lu->classmark1),
 				is_utran,
@@ -780,7 +780,7 @@
 			 req->cm_service_type,
 			 mi-1, &msc_a->via_cell.lai,
 			 is_utran || net->authentication_required,
-			 is_utran || net->a5_encryption_mask > 0x01,
+			 net->a5_encryption_mask > 0x01,
 			 req->cipher_key_seq,
 			 osmo_gsm48_classmark2_is_r99(cm2, cm2_len),
 			 is_utran);
@@ -1152,7 +1152,7 @@
 			 net->vlr, msc_a,
 			 VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai,
 			 is_utran || net->authentication_required,
-			 is_utran || net->a5_encryption_mask > 0x01,
+			 net->a5_encryption_mask > 0x01,
 			 pr->key_seq,
 			 osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),
 			 is_utran);
diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c
index 8ef48ff..5bf9701 100644
--- a/src/libmsc/msc_vty.c
+++ b/src/libmsc/msc_vty.c
@@ -148,7 +148,10 @@
       cfg_net_encryption_cmd,
       "encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]",
 	"Encryption options\n"
-	"GSM A5 Air Interface Encryption\n"
+	"GSM A5 Air Interface Encryption."
+	  " NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption,"
+	  " 3G encryption is enabled exactly when any 2G encryption is enabled."
+	  " Hence configuring only A5/0 here switches off 3G encryption.\n"
 	"A5/n Algorithm Number\n"
 	"A5/n Algorithm Number\n"
 	"A5/n Algorithm Number\n"
diff --git a/tests/msc_vlr/msc_vlr_test_authen_reuse.c b/tests/msc_vlr/msc_vlr_test_authen_reuse.c
index d73a5f8..62ea6c7 100644
--- a/tests/msc_vlr/msc_vlr_test_authen_reuse.c
+++ b/tests/msc_vlr/msc_vlr_test_authen_reuse.c
@@ -266,6 +266,8 @@
 static void test_auth_use_twice_geran()
 {
 	comment_start();
+	/* A5/0 = no encryption */
+	net->a5_encryption_mask = A5_0;
 	_test_auth_reuse(OSMO_RAT_GERAN_A, 1, 1, true);
 	comment_end();
 }
@@ -273,6 +275,8 @@
 static void test_auth_use_twice_utran()
 {
 	comment_start();
+	/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+	net->a5_encryption_mask = A5_0_3;
 	_test_auth_reuse(OSMO_RAT_UTRAN_IU, 1, 1, true);
 	comment_end();
 }
@@ -280,6 +284,8 @@
 static void test_auth_use_infinitely_geran()
 {
 	comment_start();
+	/* A5/0 = no encryption */
+	net->a5_encryption_mask = A5_0;
 	_test_auth_reuse(OSMO_RAT_GERAN_A, -1, 3, false);
 	comment_end();
 }
@@ -287,6 +293,8 @@
 static void test_auth_use_infinitely_utran()
 {
 	comment_start();
+	/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+	net->a5_encryption_mask = A5_0_3;
 	_test_auth_reuse(OSMO_RAT_UTRAN_IU, -1, 3, false);
 	comment_end();
 }
@@ -294,6 +302,8 @@
 static void test_no_auth_reuse_geran()
 {
 	comment_start();
+	/* A5/0 = no encryption */
+	net->a5_encryption_mask = A5_0;
 	_test_auth_reuse(OSMO_RAT_GERAN_A, 0, 0, true);
 	comment_end();
 }
@@ -301,6 +311,8 @@
 static void test_no_auth_reuse_utran()
 {
 	comment_start();
+	/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+	net->a5_encryption_mask = A5_0_3;
 	_test_auth_reuse(OSMO_RAT_UTRAN_IU, 0, 0, true);
 	comment_end();
 }
diff --git a/tests/msc_vlr/msc_vlr_test_call.c b/tests/msc_vlr/msc_vlr_test_call.c
index 065af25..cec2f8d 100644
--- a/tests/msc_vlr/msc_vlr_test_call.c
+++ b/tests/msc_vlr/msc_vlr_test_call.c
@@ -46,6 +46,7 @@
 	struct vlr_subscr *vsub;
 
 	net->authentication_required = true;
+	net->a5_encryption_mask = A5_0_3;
 	net->vlr->cfg.assign_tmsi = true;
 	rx_from_ran = OSMO_RAT_UTRAN_IU;
 
diff --git a/tests/msc_vlr/msc_vlr_test_umts_authen.c b/tests/msc_vlr/msc_vlr_test_umts_authen.c
index a89b0d1..6f8fa01 100644
--- a/tests/msc_vlr/msc_vlr_test_umts_authen.c
+++ b/tests/msc_vlr/msc_vlr_test_umts_authen.c
@@ -306,6 +306,8 @@
 static void test_umts_authen_geran()
 {
 	comment_start();
+	/* A5/0 = no encryption */
+	net->a5_encryption_mask = A5_0;
 	_test_umts_authen(OSMO_RAT_GERAN_A);
 	comment_end();
 }
@@ -313,6 +315,8 @@
 static void test_umts_authen_utran()
 {
 	comment_start();
+	/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+	net->a5_encryption_mask = A5_0_3;
 	_test_umts_authen(OSMO_RAT_UTRAN_IU);
 	comment_end();
 }
@@ -544,6 +548,8 @@
 static void test_umts_authen_resync_geran()
 {
 	comment_start();
+	/* A5/0 = no encryption */
+	net->a5_encryption_mask = A5_0;
 	_test_umts_authen_resync(OSMO_RAT_GERAN_A);
 	comment_end();
 }
@@ -551,6 +557,8 @@
 static void test_umts_authen_resync_utran()
 {
 	comment_start();
+	/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+	net->a5_encryption_mask = A5_0_3;
 	_test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
 	comment_end();
 }
@@ -644,6 +652,8 @@
 static void test_umts_authen_too_short_res_geran()
 {
 	comment_start();
+	/* A5/0 = no encryption */
+	net->a5_encryption_mask = A5_0;
 	_test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
 	comment_end();
 }
@@ -651,6 +661,8 @@
 static void test_umts_authen_too_short_res_utran()
 {
 	comment_start();
+	/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+	net->a5_encryption_mask = A5_0_3;
 	_test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
 	comment_end();
 }
@@ -744,6 +756,8 @@
 static void test_umts_authen_too_long_res_geran()
 {
 	comment_start();
+	/* A5/0 = no encryption */
+	net->a5_encryption_mask = A5_0;
 	_test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
 	comment_end();
 }
@@ -751,6 +765,8 @@
 static void test_umts_authen_too_long_res_utran()
 {
 	comment_start();
+	/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+	net->a5_encryption_mask = A5_0_3;
 	_test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
 	comment_end();
 }
@@ -849,6 +865,8 @@
 static void test_umts_authen_only_sres_geran()
 {
 	comment_start();
+	/* A5/0 = no encryption */
+	net->a5_encryption_mask = A5_0;
 	_test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
 	comment_end();
 }
@@ -856,6 +874,8 @@
 static void test_umts_authen_only_sres_utran()
 {
 	comment_start();
+	/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+	net->a5_encryption_mask = A5_0_3;
 	_test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
 	comment_end();
 }
diff --git a/tests/msc_vlr/msc_vlr_tests.h b/tests/msc_vlr/msc_vlr_tests.h
index 9df9cf0..4330ea8 100644
--- a/tests/msc_vlr/msc_vlr_tests.h
+++ b/tests/msc_vlr/msc_vlr_tests.h
@@ -32,6 +32,9 @@
 #include <osmocom/msc/msc_a.h>
 #include <osmocom/msc/mncc.h>
 
+#define A5_0 (1 << 0)
+#define A5_0_3 ((1 << 0) | (1 << 3))
+
 extern bool _log_lines;
 #define _log(fmt, args...) do { \
 		if (_log_lines) \

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/15022
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7
Gerrit-Change-Number: 15022
Gerrit-PatchSet: 2
Gerrit-Owner: neels <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge at gnumonks.org>
Gerrit-Reviewer: neels <nhofmeyr at sysmocom.de>
Gerrit-CC: fixeria <axilirator at gmail.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190807/9a2685b1/attachment.html>


More information about the gerrit-log mailing list