This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Eric Wild gerrit-no-reply at lists.osmocom.orgEric Wild has uploaded this change for review. ( https://gerrit.osmocom.org/14224 Change subject: Extend BTS_Tests.ttcn with test for RSL MODE MODIFY with encryption IE ...................................................................... Extend BTS_Tests.ttcn with test for RSL MODE MODIFY with encryption IE This test will currently fail due to a MODE MODIFY NACK, even though the channel mode is not modified. Related: OS##3750 Change-Id: I4cbea499bb6a331d314e6573548a4540945208b5 --- M bts/BTS_Tests.ttcn M library/RSL_Types.ttcn 2 files changed, 89 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/24/14224/1 diff --git a/bts/BTS_Tests.ttcn b/bts/BTS_Tests.ttcn index 968ed6c..429c784 100644 --- a/bts/BTS_Tests.ttcn +++ b/bts/BTS_Tests.ttcn @@ -4834,6 +4834,71 @@ f_testmatrix_each_chan(pars, refers(f_TC_chan_act_encr)); } +/* Test channel activation with A5/n right from the beginning and RSL MODE MODIFY + which should break the en/decryption on purpose by supplying a new key that is unknown to the MS*/ +function f_TC_rsl_modify_encr(charstring id) runs on ConnHdlr { + f_l1_tune(L1CTL); + f_est_dchan(true); + + /* now we actually need to transmit some data both ways to check if the encryption works */ + var L1ctlDlMessage dl; + + var octetstring l3 := f_rnd_octstring(20); + var RslLinkId link_id := valueof(ts_RslLinkID_DCCH(0)); + + /* send UNITDATA_REQ from BTS to MS and expect it to arrive */ + f_unitdata_mt(link_id, l3); + + /* Send UI frame from MS and expect it to arrive as RLL UNITDATA IND on Abis */ + f_unitdata_mo(link_id, l3); + + var RSL_Message rsl; + rsl := valueof(ts_RSL_MODE_MODIFY_REQ(g_chan_nr, valueof(ts_RSL_ChanMode_SIGN(false)))); + + /* modify key to break proper encryption */ + g_pars.encr.key := f_rnd_octstring(8); + var RSL_IE ei := valueof(t_RSL_IE(RSL_IE_ENCR_INFO, RSL_IE_Body:{encr_info := g_pars.encr})); + rsl.ies := rsl.ies & { ei }; + RSL.send(rsl); + + timer T0 := 1.0; + T0.start; + /* Expect RSL MODIFY ACK */ + alt { + [] RSL.receive(tr_RSL_MODE_MODIFY_ACK(g_chan_nr)) {} + [] RSL.receive(tr_RSL_MODE_MODIFY_NACK(g_chan_nr, ?)) { + Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,"MODE MODIFY NACK"); + } + [] T0.timeout { + Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "MODE MODIFY NACK"); + } + } + + var octetstring l3msg := f_rnd_octstring(15); + timer T1 := 3.0; + /* Send UI frame from MS, do not expect it to arrive as RLL UNITDATA IND on Abis + due to broken encryption */ + f_tx_lapdm(ts_LAPDm_UI(link_id.sapi, cr_MO_CMD, l3msg), link_id); + T1.start; + alt { + [] RSL.receive(tr_RSL_UNITDATA_IND(g_chan_nr, link_id, l3msg)) { + setverdict(fail); + } + [] T1.timeout { + setverdict(pass); + } + } + + /* release the channel */ + f_rsl_chan_deact(); + f_L1CTL_DM_REL_REQ(L1CTL, g_chan_nr); + f_rslem_unregister(0, g_chan_nr); +} +testcase TC_rsl_modify_encr() runs on test_CT { + var ConnHdlrPars pars := valueof(t_Pars(t_RslChanNr_Bm(1), ts_RSL_ChanMode_SIGN)); + pars.encr := valueof(ts_RSL_IE_EncrInfo(RSL_ALG_ID_A5_1, f_rnd_octstring(8))); + f_testmatrix_each_chan(pars, refers(f_TC_rsl_modify_encr)); +} /* Test unencrypted channel activation followed by explicit ENCR CMD later */ function f_TC_encr_cmd(charstring id) runs on ConnHdlr { @@ -5201,6 +5266,7 @@ execute( TC_meas_res_sign_tchh_toa256() ); execute( TC_rsl_ms_pwr_ctrl() ); execute( TC_rsl_chan_initial_ta() ); + execute( TC_rsl_modify_encr() ); execute( TC_conn_fail_crit() ); execute( TC_paging_imsi_80percent() ); execute( TC_paging_tmsi_80percent() ); diff --git a/library/RSL_Types.ttcn b/library/RSL_Types.ttcn index 4d23c3f..ef3f45b 100644 --- a/library/RSL_Types.ttcn +++ b/library/RSL_Types.ttcn @@ -1353,7 +1353,29 @@ } } - + /* 8.4.9 BSC -> BTS */ + template (value) RSL_Message ts_RSL_MODE_MODIFY_REQ(template (value) RslChannelNr chan_nr, + template (value) RSL_IE_ChannelMode mode) := { + msg_disc := ts_RSL_MsgDisc(RSL_MDISC_DCHAN, false), + msg_type := RSL_MT_MODE_MODIFY_REQ, + ies :={ + t_RSL_IE(RSL_IE_CHAN_NR, RSL_IE_Body:{chan_nr := chan_nr}), + t_RSL_IE(RSL_IE_CHAN_MODE, RSL_IE_Body:{chan_mode := mode}) + /* lots of optional IEs */ + } + } + template RSL_Message tr_RSL_MODE_MODIFY_REQ(template RslChannelNr chan_nr, + template RSL_IE_ChannelMode mode) := { + msg_disc := tr_RSL_MsgDisc(RSL_MDISC_DCHAN, false), + msg_type := RSL_MT_MODE_MODIFY_REQ, + ies :={ + tr_RSL_IE(RSL_IE_Body:{chan_nr := chan_nr}), + tr_RSL_IE(RSL_IE_Body:{chan_mode := mode}), + /* lots of optional IEs */ + * + } + } + /* 8.4.10 BTS -> BSC */ template (value) RSL_Message ts_RSL_MODE_MODIFY_ACK(template (value) RslChannelNr chan_nr) := { msg_disc := ts_RSL_MsgDisc(RSL_MDISC_DCHAN, false), -- To view, visit https://gerrit.osmocom.org/14224 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I4cbea499bb6a331d314e6573548a4540945208b5 Gerrit-Change-Number: 14224 Gerrit-PatchSet: 1 Gerrit-Owner: Eric Wild <ewild at sysmocom.de> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190528/eb9ee090/attachment.htm>