<p>Stefan Sperling has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.osmocom.org/12347">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">add three tests for CIPHER MODE COMPLETE without algo<br><br>Add three tests which exercise MSC behaviour when a CIPHER MODE<br>COMPLETE command lacks the optional chosenEncryptionAlgorithm IE.<br>Check for behaviour with A5/1, A5/3, and A5/1 + A5/3 configured<br>in the network, and expect the location update to succeed.<br><br>These tests pass on master, but they should somehow verify the<br>cipher the MSC ends up using. I am not quite sure how to do that.<br>Would inspecting the MSC's VTY be a reasonable approach? How<br>could his be done by code which runs on BSC_ConnectionHandler?<br><br>Change-Id: I1a2a126795c544613a7a87e238e1fc8c4e943885<br>Related: OS#2872<br>---<br>M library/BSSMAP_Templates.ttcn<br>M msc/BSC_ConnectionHandler.ttcn<br>M msc/MSC_Tests.cfg<br>M msc/MSC_Tests.ttcn<br>M msc/expected-results.xml<br>5 files changed, 142 insertions(+), 18 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/47/12347/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/library/BSSMAP_Templates.ttcn b/library/BSSMAP_Templates.ttcn</span><br><span>index ff151f0..0db61b2 100644</span><br><span>--- a/library/BSSMAP_Templates.ttcn</span><br><span>+++ b/library/BSSMAP_Templates.ttcn</span><br><span>@@ -1032,6 +1032,19 @@</span><br><span> }</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+template PDU_BSSAP ts_BSSMAP_CipherModeComplAlg(template BSSMAP_IE_ChosenEncryptionAlgorithm chosenEncryptionAlgorithm := ?)</span><br><span style="color: hsl(120, 100%, 40%);">+modifies ts_BSSAP_BSSMAP := {</span><br><span style="color: hsl(120, 100%, 40%);">+ pdu := {</span><br><span style="color: hsl(120, 100%, 40%);">+ bssmap := {</span><br><span style="color: hsl(120, 100%, 40%);">+ cipherModeComplete := {</span><br><span style="color: hsl(120, 100%, 40%);">+ messageType := '55'O,</span><br><span style="color: hsl(120, 100%, 40%);">+ layer3MessageContents := omit,</span><br><span style="color: hsl(120, 100%, 40%);">+ chosenEncryptionAlgorithm := chosenEncryptionAlgorithm</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> template PDU_BSSAP tr_BSSMAP_CipherModeCompl(template OCT1 alg := ?) modifies tr_BSSAP_BSSMAP := {</span><br><span> pdu := {</span><br><span> bssmap := {</span><br><span>diff --git a/msc/BSC_ConnectionHandler.ttcn b/msc/BSC_ConnectionHandler.ttcn</span><br><span>index f005e02..c6029b7 100644</span><br><span>--- a/msc/BSC_ConnectionHandler.ttcn</span><br><span>+++ b/msc/BSC_ConnectionHandler.ttcn</span><br><span>@@ -295,28 +295,17 @@</span><br><span> }</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-function f_perform_lu()</span><br><span style="color: hsl(0, 100%, 40%);">-runs on BSC_ConnHdlr {</span><br><span style="color: hsl(0, 100%, 40%);">- var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)</span><br><span style="color: hsl(0, 100%, 40%);">- var PDU_DTAP_MT dtap_mt;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- /* tell GSUP dispatcher to send this IMSI to us */</span><br><span style="color: hsl(0, 100%, 40%);">- f_create_gsup_expect(hex2str(g_pars.imsi));</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- /* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */</span><br><span style="color: hsl(0, 100%, 40%);">- f_bssap_compl_l3(l3_lu);</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (g_pars.send_early_cm) {</span><br><span style="color: hsl(0, 100%, 40%);">- BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- f_mm_common();</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(120, 100%, 40%);">+function f_msc_lu_hlr() runs on BSC_ConnHdlr</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span> /* Expect MSC to perform LU with HLR */</span><br><span> GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));</span><br><span> GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn));</span><br><span> GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi));</span><br><span> GSUP.send(ts_GSUP_UL_RES(g_pars.imsi));</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+function f_accept_reject_lu() runs on BSC_ConnHdlr {</span><br><span style="color: hsl(120, 100%, 40%);">+ var PDU_DTAP_MT dtap_mt;</span><br><span> </span><br><span> alt {</span><br><span> [] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) -> value dtap_mt {</span><br><span>@@ -343,10 +332,34 @@</span><br><span> mtc.stop;</span><br><span> }</span><br><span> }</span><br><span style="color: hsl(0, 100%, 40%);">- /* FIXME: there could be pending SMS or other common procedures by the MSC, let's ignore them */</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+function f_bssap_clear() runs on BSC_ConnHdlr {</span><br><span> BSSAP.receive(tr_BSSMAP_ClearCommand);</span><br><span> BSSAP.send(ts_BSSMAP_ClearComplete);</span><br><span> BSSAP.receive(BSSAP_Conn_Prim:MSC_CONN_PRIM_DISC_IND);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+function f_perform_lu()</span><br><span style="color: hsl(120, 100%, 40%);">+runs on BSC_ConnHdlr {</span><br><span style="color: hsl(120, 100%, 40%);">+ var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* tell GSUP dispatcher to send this IMSI to us */</span><br><span style="color: hsl(120, 100%, 40%);">+ f_create_gsup_expect(hex2str(g_pars.imsi));</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */</span><br><span style="color: hsl(120, 100%, 40%);">+ f_bssap_compl_l3(l3_lu);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (g_pars.send_early_cm) {</span><br><span style="color: hsl(120, 100%, 40%);">+ BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ f_mm_common();</span><br><span style="color: hsl(120, 100%, 40%);">+ f_msc_lu_hlr();</span><br><span style="color: hsl(120, 100%, 40%);">+ f_accept_reject_lu();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* FIXME: there could be pending SMS or other common procedures by the MSC, let's ignore them */</span><br><span style="color: hsl(120, 100%, 40%);">+ f_bssap_clear();</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> setverdict(pass);</span><br><span> }</span><br><span> </span><br><span>diff --git a/msc/MSC_Tests.cfg b/msc/MSC_Tests.cfg</span><br><span>index b412889..b852bac 100644</span><br><span>--- a/msc/MSC_Tests.cfg</span><br><span>+++ b/msc/MSC_Tests.cfg</span><br><span>@@ -61,3 +61,6 @@</span><br><span> #MSC_Tests.TC_reset_two</span><br><span> #MSC_Tests.TC_lu_and_mt_call</span><br><span> #MSC_Tests.TC_cipher_complete_with_invalid_cipher</span><br><span style="color: hsl(120, 100%, 40%);">+#MSC_Tests.TC_cipher_complete_1_without_cipher</span><br><span style="color: hsl(120, 100%, 40%);">+#MSC_Tests.TC_cipher_complete_3_without_cipher</span><br><span style="color: hsl(120, 100%, 40%);">+#MSC_Tests.TC_cipher_complete_13_without_cipher</span><br><span>diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn</span><br><span>index adaeea3..3b40f50 100644</span><br><span>--- a/msc/MSC_Tests.ttcn</span><br><span>+++ b/msc/MSC_Tests.ttcn</span><br><span>@@ -2814,6 +2814,68 @@</span><br><span> }</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+private function f_tc_cipher_complete_without_alg(charstring id, BSC_ConnHdlrPars pars, octetstring kc_support) runs on BSC_ConnHdlr {</span><br><span style="color: hsl(120, 100%, 40%);">+ pars.net.expect_auth := true;</span><br><span style="color: hsl(120, 100%, 40%);">+ pars.net.expect_ciph := true;</span><br><span style="color: hsl(120, 100%, 40%);">+ pars.net.kc_support := kc_support;</span><br><span style="color: hsl(120, 100%, 40%);">+ f_init_handler(pars);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ g_pars.vec := f_gen_auth_vec_2g();</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Can't use f_perform_lu() directly. Code below is based on it. */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* tell GSUP dispatcher to send this IMSI to us */</span><br><span style="color: hsl(120, 100%, 40%);">+ f_create_gsup_expect(hex2str(g_pars.imsi));</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */</span><br><span style="color: hsl(120, 100%, 40%);">+ var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)</span><br><span style="color: hsl(120, 100%, 40%);">+ f_bssap_compl_l3(l3_lu);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ f_mm_auth();</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ var OCT1 a5_net := f_alg_mask_from_cm(g_pars.cm2);</span><br><span style="color: hsl(120, 100%, 40%);">+ var OCT1 a5_intersect := g_pars.net.kc_support and4b a5_net;</span><br><span style="color: hsl(120, 100%, 40%);">+ alt {</span><br><span style="color: hsl(120, 100%, 40%);">+ [] BSSAP.receive(tr_BSSMAP_CipherModeCmd(a5_intersect, g_pars.vec.kc)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ BSSAP.send(ts_BSSMAP_CipherModeComplAlg(omit));</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ [] BSSAP.receive(tr_BSSMAP_ClassmarkReq) {</span><br><span style="color: hsl(120, 100%, 40%);">+ BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));</span><br><span style="color: hsl(120, 100%, 40%);">+ repeat;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ [] BSSAP.receive(tr_BSSMAP_CipherModeCmd(?, g_pars.vec.kc)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ setverdict(fail, "Wrong ciphering algorithm mask in CiphModCmd");</span><br><span style="color: hsl(120, 100%, 40%);">+ mtc.stop;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ [] BSSAP.receive {</span><br><span style="color: hsl(120, 100%, 40%);">+ setverdict(fail, "Unknown/unexpected BSSAP received");</span><br><span style="color: hsl(120, 100%, 40%);">+ mtc.stop;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ /* TODO: Verify MSC is using the best cipher available! How? */</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ f_msc_lu_hlr();</span><br><span style="color: hsl(120, 100%, 40%);">+ f_accept_reject_lu();</span><br><span style="color: hsl(120, 100%, 40%);">+ f_bssap_clear();</span><br><span style="color: hsl(120, 100%, 40%);">+ setverdict(pass);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/* A5/1 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */</span><br><span style="color: hsl(120, 100%, 40%);">+private function f_tc_cipher_complete_1_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {</span><br><span style="color: hsl(120, 100%, 40%);">+ f_tc_cipher_complete_without_alg(id, pars, '02'O /* A5/1 only */);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/* A5/3 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */</span><br><span style="color: hsl(120, 100%, 40%);">+private function f_tc_cipher_complete_3_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {</span><br><span style="color: hsl(120, 100%, 40%);">+ f_tc_cipher_complete_without_alg(id, pars, '08'O /* A5/3 only */);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+/* A5/1 + A5/3 permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */</span><br><span style="color: hsl(120, 100%, 40%);">+private function f_tc_cipher_complete_13_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {</span><br><span style="color: hsl(120, 100%, 40%);">+ f_tc_cipher_complete_without_alg(id, pars, '0A'O /* A5/1 and A5/3 enabled */);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> testcase TC_cipher_complete_with_invalid_cipher() runs on MTC_CT {</span><br><span> var BSC_ConnHdlr vc_conn;</span><br><span> f_init();</span><br><span>@@ -2823,6 +2885,33 @@</span><br><span> vc_conn.done;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+testcase TC_cipher_complete_1_without_cipher() runs on MTC_CT {</span><br><span style="color: hsl(120, 100%, 40%);">+ var BSC_ConnHdlr vc_conn;</span><br><span style="color: hsl(120, 100%, 40%);">+ f_init();</span><br><span style="color: hsl(120, 100%, 40%);">+ f_vty_config(MSCVTY, "network", "encryption a5 1");</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ vc_conn := f_start_handler(refers(f_tc_cipher_complete_1_without_cipher), 53);</span><br><span style="color: hsl(120, 100%, 40%);">+ vc_conn.done;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+testcase TC_cipher_complete_3_without_cipher() runs on MTC_CT {</span><br><span style="color: hsl(120, 100%, 40%);">+ var BSC_ConnHdlr vc_conn;</span><br><span style="color: hsl(120, 100%, 40%);">+ f_init();</span><br><span style="color: hsl(120, 100%, 40%);">+ f_vty_config(MSCVTY, "network", "encryption a5 3");</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ vc_conn := f_start_handler(refers(f_tc_cipher_complete_3_without_cipher), 54);</span><br><span style="color: hsl(120, 100%, 40%);">+ vc_conn.done;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+testcase TC_cipher_complete_13_without_cipher() runs on MTC_CT {</span><br><span style="color: hsl(120, 100%, 40%);">+ var BSC_ConnHdlr vc_conn;</span><br><span style="color: hsl(120, 100%, 40%);">+ f_init();</span><br><span style="color: hsl(120, 100%, 40%);">+ f_vty_config(MSCVTY, "network", "encryption a5 1 3");</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ vc_conn := f_start_handler(refers(f_tc_cipher_complete_13_without_cipher), 55);</span><br><span style="color: hsl(120, 100%, 40%);">+ vc_conn.done;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* TODO (SMS):</span><br><span> * different user data lengths</span><br><span> * SMPP transaction mode with unsuccessful delivery</span><br><span>@@ -2912,6 +3001,9 @@</span><br><span> execute( TC_lu_and_ss_session_timeout() );</span><br><span> </span><br><span> execute( TC_cipher_complete_with_invalid_cipher() );</span><br><span style="color: hsl(120, 100%, 40%);">+ execute( TC_cipher_complete_1_without_cipher() );</span><br><span style="color: hsl(120, 100%, 40%);">+ execute( TC_cipher_complete_3_without_cipher() );</span><br><span style="color: hsl(120, 100%, 40%);">+ execute( TC_cipher_complete_13_without_cipher() );</span><br><span> </span><br><span> /* Run this last: at the time of writing this test crashes the MSC */</span><br><span> execute( TC_lu_imsi_auth_tmsi_encr_3_1_log_msc_debug() );</span><br><span>diff --git a/msc/expected-results.xml b/msc/expected-results.xml</span><br><span>index 83c8010..1a9d68a 100644</span><br><span>--- a/msc/expected-results.xml</span><br><span>+++ b/msc/expected-results.xml</span><br><span>@@ -70,6 +70,9 @@</span><br><span> <testcase classname='MSC_Tests' name='TC_lu_and_mo_ussd_mo_release' time='MASKED'/></span><br><span> <testcase classname='MSC_Tests' name='TC_lu_and_ss_session_timeout' time='MASKED'/></span><br><span> <testcase classname='MSC_Tests' name='TC_cipher_complete_with_invalid_cipher' time='MASKED'/></span><br><span style="color: hsl(120, 100%, 40%);">+ <testcase classname='MSC_Tests' name='TC_cipher_complete_1_without_cipher' time='MASKED'/></span><br><span style="color: hsl(120, 100%, 40%);">+ <testcase classname='MSC_Tests' name='TC_cipher_complete_3_without_cipher' time='MASKED'/></span><br><span style="color: hsl(120, 100%, 40%);">+ <testcase classname='MSC_Tests' name='TC_cipher_complete_13_without_cipher' time='MASKED'/></span><br><span> <testcase classname='MSC_Tests' name='TC_lu_imsi_auth_tmsi_encr_3_1_log_msc_debug' time='MASKED'/></span><br><span> <testcase classname='MSC_Tests' name='TC_mo_cc_bssmap_clear' time='MASKED'/></span><br><span> </testsuite></span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/12347">change 12347</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/12347"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-ttcn3-hacks </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I1a2a126795c544613a7a87e238e1fc8c4e943885 </div>
<div style="display:none"> Gerrit-Change-Number: 12347 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Stefan Sperling <stsp@stsp.name> </div>