Change in osmo-ttcn3-hacks[master]: Extend BTS_Tests.ttcn with test for RSL MODE MODIFY with encryption IE

Eric Wild gerrit-no-reply at lists.osmocom.org
Tue May 28 15:38:07 UTC 2019


Eric Wild has uploaded this change for review. ( https://gerrit.osmocom.org/14224


Change subject: Extend BTS_Tests.ttcn with test for RSL MODE MODIFY with encryption IE
......................................................................

Extend BTS_Tests.ttcn with test for RSL MODE MODIFY with encryption IE

This test will currently fail due to a MODE MODIFY NACK, even though the
channel mode is not modified.
Related: OS##3750

Change-Id: I4cbea499bb6a331d314e6573548a4540945208b5
---
M bts/BTS_Tests.ttcn
M library/RSL_Types.ttcn
2 files changed, 89 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/24/14224/1

diff --git a/bts/BTS_Tests.ttcn b/bts/BTS_Tests.ttcn
index 968ed6c..429c784 100644
--- a/bts/BTS_Tests.ttcn
+++ b/bts/BTS_Tests.ttcn
@@ -4834,6 +4834,71 @@
 	f_testmatrix_each_chan(pars, refers(f_TC_chan_act_encr));
 }
 
+/* Test channel activation with A5/n right from the beginning and RSL MODE MODIFY
+ which should break the en/decryption on purpose by supplying a new key that is unknown to the MS*/
+function f_TC_rsl_modify_encr(charstring id) runs on ConnHdlr {
+	f_l1_tune(L1CTL);
+	f_est_dchan(true);
+
+	/* now we actually need to transmit some data both ways to check if the encryption works */
+	var L1ctlDlMessage dl;
+
+	var octetstring l3 := f_rnd_octstring(20);
+	var RslLinkId link_id := valueof(ts_RslLinkID_DCCH(0));
+
+	/* send UNITDATA_REQ from BTS to MS and expect it to arrive */
+	f_unitdata_mt(link_id, l3);
+
+	/* Send UI frame from MS and expect it to arrive as RLL UNITDATA IND on Abis */
+	f_unitdata_mo(link_id, l3);
+
+	var RSL_Message rsl;
+	rsl := valueof(ts_RSL_MODE_MODIFY_REQ(g_chan_nr, valueof(ts_RSL_ChanMode_SIGN(false))));
+
+	/* modify key to break proper encryption */
+	g_pars.encr.key :=  f_rnd_octstring(8);
+	var RSL_IE ei := valueof(t_RSL_IE(RSL_IE_ENCR_INFO, RSL_IE_Body:{encr_info := g_pars.encr}));
+	rsl.ies := rsl.ies & { ei };
+	RSL.send(rsl);
+
+	timer T0 := 1.0;
+	T0.start;
+	/* Expect RSL MODIFY ACK */
+	alt {
+	[] RSL.receive(tr_RSL_MODE_MODIFY_ACK(g_chan_nr)) {}
+	[] RSL.receive(tr_RSL_MODE_MODIFY_NACK(g_chan_nr, ?)) {
+		Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,"MODE MODIFY NACK");
+		}
+	[] T0.timeout {
+		Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "MODE MODIFY NACK");
+		}
+	}
+
+	var octetstring l3msg := f_rnd_octstring(15);
+	timer T1 := 3.0;
+	/* Send UI frame from MS, do not expect it to arrive as RLL UNITDATA IND on Abis
+	due to broken encryption  */
+	f_tx_lapdm(ts_LAPDm_UI(link_id.sapi, cr_MO_CMD, l3msg), link_id);
+	T1.start;
+	alt {
+	[] RSL.receive(tr_RSL_UNITDATA_IND(g_chan_nr, link_id, l3msg)) {
+		setverdict(fail);
+		}
+	[] T1.timeout {
+		setverdict(pass);
+		}
+	}
+
+	/* release the channel */
+	f_rsl_chan_deact();
+	f_L1CTL_DM_REL_REQ(L1CTL, g_chan_nr);
+	f_rslem_unregister(0, g_chan_nr);
+}
+testcase TC_rsl_modify_encr() runs on test_CT {
+	var ConnHdlrPars pars := valueof(t_Pars(t_RslChanNr_Bm(1), ts_RSL_ChanMode_SIGN));
+	pars.encr := valueof(ts_RSL_IE_EncrInfo(RSL_ALG_ID_A5_1, f_rnd_octstring(8)));
+	f_testmatrix_each_chan(pars, refers(f_TC_rsl_modify_encr));
+}
 
 /* Test unencrypted channel activation followed by explicit ENCR CMD later */
 function f_TC_encr_cmd(charstring id) runs on ConnHdlr {
@@ -5201,6 +5266,7 @@
 	execute( TC_meas_res_sign_tchh_toa256() );
 	execute( TC_rsl_ms_pwr_ctrl() );
 	execute( TC_rsl_chan_initial_ta() );
+	execute( TC_rsl_modify_encr() );
 	execute( TC_conn_fail_crit() );
 	execute( TC_paging_imsi_80percent() );
 	execute( TC_paging_tmsi_80percent() );
diff --git a/library/RSL_Types.ttcn b/library/RSL_Types.ttcn
index 4d23c3f..ef3f45b 100644
--- a/library/RSL_Types.ttcn
+++ b/library/RSL_Types.ttcn
@@ -1353,7 +1353,29 @@
 		}
 	}
 
-
+	/* 8.4.9 BSC -> BTS */
+	template (value) RSL_Message ts_RSL_MODE_MODIFY_REQ(template (value) RslChannelNr chan_nr,
+						     template (value) RSL_IE_ChannelMode mode) := {
+		msg_disc := ts_RSL_MsgDisc(RSL_MDISC_DCHAN, false),
+		msg_type := RSL_MT_MODE_MODIFY_REQ,
+		ies :={
+			t_RSL_IE(RSL_IE_CHAN_NR, RSL_IE_Body:{chan_nr := chan_nr}),
+			t_RSL_IE(RSL_IE_CHAN_MODE, RSL_IE_Body:{chan_mode := mode})
+			/* lots of optional IEs */
+		}
+	}
+	template RSL_Message tr_RSL_MODE_MODIFY_REQ(template RslChannelNr chan_nr,
+					     template RSL_IE_ChannelMode mode) := {
+		msg_disc := tr_RSL_MsgDisc(RSL_MDISC_DCHAN, false),
+		msg_type := RSL_MT_MODE_MODIFY_REQ,
+		ies :={
+			tr_RSL_IE(RSL_IE_Body:{chan_nr := chan_nr}),
+			tr_RSL_IE(RSL_IE_Body:{chan_mode := mode}),
+			/* lots of optional IEs */
+			*
+		}
+	}
+	
 	/* 8.4.10 BTS -> BSC */
 	template (value) RSL_Message ts_RSL_MODE_MODIFY_ACK(template (value) RslChannelNr chan_nr) := {
 		msg_disc := ts_RSL_MsgDisc(RSL_MDISC_DCHAN, false),

-- 
To view, visit https://gerrit.osmocom.org/14224
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4cbea499bb6a331d314e6573548a4540945208b5
Gerrit-Change-Number: 14224
Gerrit-PatchSet: 1
Gerrit-Owner: Eric Wild <ewild at sysmocom.de>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190528/eb9ee090/attachment.html>


More information about the gerrit-log mailing list