<p>laforge <strong>merged</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-msc/+/15022">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins Builder: Verified
laforge: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">do not force encryption on UTRAN<br><br>Remove the conditions that always enable encryption on UTRAN.<br><br>We so far lack an explicit configuration for UTRAN encryption, and this patch<br>does not add any either. Instead, whether UTRAN encryption is enabled is simply<br>triggered on whether GERAN has A5 encryption enabled (A5/n with n > 0). Though<br>GERAN and UTRAN encryption are not technically related at all, this makes UTRAN<br>behave like GERAN for now, until we implement a proper separate configuration<br>for UTRAN encryption.<br><br>Adjust the msc_vlr_test_* configuration by setting the net->a5_encryption_mask<br>such that the expected output remains unchanged. A subsequent patch<br>(I54227f1f08c38c0bf69b9c48924669c4829b04b9) will add more tests, particularly<br>cases of UTRAN without encryption.<br><br>Adjust manual and vty doc.<br><br>Related: OS#2783<br>Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7<br>---<br>M doc/manuals/chapters/net.adoc<br>M src/libmsc/gsm_04_08.c<br>M src/libmsc/msc_vty.c<br>M tests/msc_vlr/msc_vlr_test_authen_reuse.c<br>M tests/msc_vlr/msc_vlr_test_call.c<br>M tests/msc_vlr/msc_vlr_test_umts_authen.c<br>M tests/msc_vlr/msc_vlr_tests.h<br>7 files changed, 48 insertions(+), 5 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/doc/manuals/chapters/net.adoc b/doc/manuals/chapters/net.adoc</span><br><span>index 431455d..4bf34a3 100644</span><br><span>--- a/doc/manuals/chapters/net.adoc</span><br><span>+++ b/doc/manuals/chapters/net.adoc</span><br><span>@@ -189,6 +189,10 @@</span><br><span> While authentication is always required on 3G, ciphering is optional.</span><br><span> </span><br><span> So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim</span><br><span style="color: hsl(0, 100%, 40%);">-solution, ciphering is always enabled on 3G.</span><br><span style="color: hsl(120, 100%, 40%);">+solution, ciphering is enabled on 3G exactly when ciphering is enabled on 2G,</span><br><span style="color: hsl(120, 100%, 40%);">+i.e. when any cipher other than A5/0 is enabled in the configuration. If only</span><br><span style="color: hsl(120, 100%, 40%);">+A5/0 is configured, ciphering will be disabled on both 2G and 3G. The future</span><br><span style="color: hsl(120, 100%, 40%);">+aim is to add comprehensive configuration for 3G ciphering that is independent</span><br><span style="color: hsl(120, 100%, 40%);">+from the 2G setting.</span><br><span> </span><br><span> OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G.</span><br><span>diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c</span><br><span>index ee31747..cd37cff 100644</span><br><span>--- a/src/libmsc/gsm_04_08.c</span><br><span>+++ b/src/libmsc/gsm_04_08.c</span><br><span>@@ -375,7 +375,7 @@</span><br><span> net->vlr, msc_a, vlr_lu_type, tmsi, imsi,</span><br><span> &old_lai, &msc_a->via_cell.lai,</span><br><span> is_utran || net->authentication_required,</span><br><span style="color: hsl(0, 100%, 40%);">- is_utran || net->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask > 0x01,</span><br><span> lu->key_seq,</span><br><span> osmo_gsm48_classmark1_is_r99(&lu->classmark1),</span><br><span> is_utran,</span><br><span>@@ -780,7 +780,7 @@</span><br><span> req->cm_service_type,</span><br><span> mi-1, &msc_a->via_cell.lai,</span><br><span> is_utran || net->authentication_required,</span><br><span style="color: hsl(0, 100%, 40%);">- is_utran || net->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask > 0x01,</span><br><span> req->cipher_key_seq,</span><br><span> osmo_gsm48_classmark2_is_r99(cm2, cm2_len),</span><br><span> is_utran);</span><br><span>@@ -1152,7 +1152,7 @@</span><br><span> net->vlr, msc_a,</span><br><span> VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai,</span><br><span> is_utran || net->authentication_required,</span><br><span style="color: hsl(0, 100%, 40%);">- is_utran || net->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask > 0x01,</span><br><span> pr->key_seq,</span><br><span> osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),</span><br><span> is_utran);</span><br><span>diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c</span><br><span>index 8ef48ff..5bf9701 100644</span><br><span>--- a/src/libmsc/msc_vty.c</span><br><span>+++ b/src/libmsc/msc_vty.c</span><br><span>@@ -148,7 +148,10 @@</span><br><span> cfg_net_encryption_cmd,</span><br><span> "encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]",</span><br><span> "Encryption options\n"</span><br><span style="color: hsl(0, 100%, 40%);">- "GSM A5 Air Interface Encryption\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ "GSM A5 Air Interface Encryption."</span><br><span style="color: hsl(120, 100%, 40%);">+ " NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption,"</span><br><span style="color: hsl(120, 100%, 40%);">+ " 3G encryption is enabled exactly when any 2G encryption is enabled."</span><br><span style="color: hsl(120, 100%, 40%);">+ " Hence configuring only A5/0 here switches off 3G encryption.\n"</span><br><span> "A5/n Algorithm Number\n"</span><br><span> "A5/n Algorithm Number\n"</span><br><span> "A5/n Algorithm Number\n"</span><br><span>diff --git a/tests/msc_vlr/msc_vlr_test_authen_reuse.c b/tests/msc_vlr/msc_vlr_test_authen_reuse.c</span><br><span>index d73a5f8..62ea6c7 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_test_authen_reuse.c</span><br><span>+++ b/tests/msc_vlr/msc_vlr_test_authen_reuse.c</span><br><span>@@ -266,6 +266,8 @@</span><br><span> static void test_auth_use_twice_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 = no encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0;</span><br><span> _test_auth_reuse(OSMO_RAT_GERAN_A, 1, 1, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -273,6 +275,8 @@</span><br><span> static void test_auth_use_twice_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0_3;</span><br><span> _test_auth_reuse(OSMO_RAT_UTRAN_IU, 1, 1, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -280,6 +284,8 @@</span><br><span> static void test_auth_use_infinitely_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 = no encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0;</span><br><span> _test_auth_reuse(OSMO_RAT_GERAN_A, -1, 3, false);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -287,6 +293,8 @@</span><br><span> static void test_auth_use_infinitely_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0_3;</span><br><span> _test_auth_reuse(OSMO_RAT_UTRAN_IU, -1, 3, false);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -294,6 +302,8 @@</span><br><span> static void test_no_auth_reuse_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 = no encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0;</span><br><span> _test_auth_reuse(OSMO_RAT_GERAN_A, 0, 0, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -301,6 +311,8 @@</span><br><span> static void test_no_auth_reuse_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0_3;</span><br><span> _test_auth_reuse(OSMO_RAT_UTRAN_IU, 0, 0, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>diff --git a/tests/msc_vlr/msc_vlr_test_call.c b/tests/msc_vlr/msc_vlr_test_call.c</span><br><span>index 065af25..cec2f8d 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_test_call.c</span><br><span>+++ b/tests/msc_vlr/msc_vlr_test_call.c</span><br><span>@@ -46,6 +46,7 @@</span><br><span> struct vlr_subscr *vsub;</span><br><span> </span><br><span> net->authentication_required = true;</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0_3;</span><br><span> net->vlr->cfg.assign_tmsi = true;</span><br><span> rx_from_ran = OSMO_RAT_UTRAN_IU;</span><br><span> </span><br><span>diff --git a/tests/msc_vlr/msc_vlr_test_umts_authen.c b/tests/msc_vlr/msc_vlr_test_umts_authen.c</span><br><span>index a89b0d1..6f8fa01 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_test_umts_authen.c</span><br><span>+++ b/tests/msc_vlr/msc_vlr_test_umts_authen.c</span><br><span>@@ -306,6 +306,8 @@</span><br><span> static void test_umts_authen_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 = no encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -313,6 +315,8 @@</span><br><span> static void test_umts_authen_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -544,6 +548,8 @@</span><br><span> static void test_umts_authen_resync_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 = no encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_resync(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -551,6 +557,8 @@</span><br><span> static void test_umts_authen_resync_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -644,6 +652,8 @@</span><br><span> static void test_umts_authen_too_short_res_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 = no encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -651,6 +661,8 @@</span><br><span> static void test_umts_authen_too_short_res_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -744,6 +756,8 @@</span><br><span> static void test_umts_authen_too_long_res_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 = no encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -751,6 +765,8 @@</span><br><span> static void test_umts_authen_too_long_res_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -849,6 +865,8 @@</span><br><span> static void test_umts_authen_only_sres_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 = no encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_only_sres(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -856,6 +874,8 @@</span><br><span> static void test_umts_authen_only_sres_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(120, 100%, 40%);">+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(120, 100%, 40%);">+ net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>diff --git a/tests/msc_vlr/msc_vlr_tests.h b/tests/msc_vlr/msc_vlr_tests.h</span><br><span>index 9df9cf0..4330ea8 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_tests.h</span><br><span>+++ b/tests/msc_vlr/msc_vlr_tests.h</span><br><span>@@ -32,6 +32,9 @@</span><br><span> #include <osmocom/msc/msc_a.h></span><br><span> #include <osmocom/msc/mncc.h></span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#define A5_0 (1 << 0)</span><br><span style="color: hsl(120, 100%, 40%);">+#define A5_0_3 ((1 << 0) | (1 << 3))</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> extern bool _log_lines;</span><br><span> #define _log(fmt, args...) do { \</span><br><span> if (_log_lines) \</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-msc/+/15022">change 15022</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-msc/+/15022"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-msc </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7 </div>
<div style="display:none"> Gerrit-Change-Number: 15022 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: neels <nhofmeyr@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@gnumonks.org> </div>
<div style="display:none"> Gerrit-Reviewer: neels <nhofmeyr@sysmocom.de> </div>
<div style="display:none"> Gerrit-CC: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>