<p>neels has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.osmocom.org/c/osmo-msc/+/15175">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">add separate vty cfg for Iu encryption / fix ttcn3 iu tests<br><br>Recently, the ability to run Iu without encryption was added, but the config<br>for it was tied to the A5 GERAN encryption configuration. This affected<br>osmo-msc's default behavior of Iu, breaking osmo-msc ttcn3 Iu tests: the ttcn3<br>test suite sets A5 to 0 (no encryption) but still expects Iu encryption. Fix<br>this "regression".<br><br>Add a separate vty config option for Iu encryption, even if it does not provide<br>full granularity to select individual UEA algorithms yet.<br><br>As a result, Iu default behavior remains to use encryption regardless of the A5<br>config. Iu encryption can be disabled by the new cfg option "no encryption iu"<br>alone.<br><br>Revert most changes to the msc_vlr test suite in commit "do not force<br>encryption on UTRAN" (I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7): use new<br>net->iu_encryption instead of net->a5_encryption_mask.<br><br>Adjust/add test_nodes.vty transcript tests.<br><br>Related: OS#4144<br>Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b<br>---<br>M doc/manuals/chapters/net.adoc<br>M include/osmocom/msc/gsm_data.h<br>M src/libmsc/gsm_04_08.c<br>M src/libmsc/msc_net_init.c<br>M src/libmsc/msc_vty.c<br>M tests/msc_vlr/msc_vlr_test_authen_reuse.c<br>M tests/msc_vlr/msc_vlr_test_call.c<br>M tests/msc_vlr/msc_vlr_test_umts_authen.c<br>M tests/msc_vlr/msc_vlr_tests.h<br>M tests/test_nodes.vty<br>10 files changed, 129 insertions(+), 62 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/75/15175/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/doc/manuals/chapters/net.adoc b/doc/manuals/chapters/net.adoc</span><br><span>index 4bf34a3..6cb31d1 100644</span><br><span>--- a/doc/manuals/chapters/net.adoc</span><br><span>+++ b/doc/manuals/chapters/net.adoc</span><br><span>@@ -188,11 +188,22 @@</span><br><span> </span><br><span> While authentication is always required on 3G, ciphering is optional.</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim</span><br><span style="color: hsl(0, 100%, 40%);">-solution, ciphering is enabled on 3G exactly when ciphering is enabled on 2G,</span><br><span style="color: hsl(0, 100%, 40%);">-i.e. when any cipher other than A5/0 is enabled in the configuration. If only</span><br><span style="color: hsl(0, 100%, 40%);">-A5/0 is configured, ciphering will be disabled on both 2G and 3G. The future</span><br><span style="color: hsl(0, 100%, 40%);">-aim is to add comprehensive configuration for 3G ciphering that is independent</span><br><span style="color: hsl(0, 100%, 40%);">-from the 2G setting.</span><br><span style="color: hsl(120, 100%, 40%);">+So far OsmoMSC allows switching ciphering on 3G either on or off -- the default</span><br><span style="color: hsl(120, 100%, 40%);">+behavior is to enable ciphering. (Individual choice of algorithms may be added</span><br><span style="color: hsl(120, 100%, 40%);">+in the future.)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+Disable 3G ciphering:</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+----</span><br><span style="color: hsl(120, 100%, 40%);">+network</span><br><span style="color: hsl(120, 100%, 40%);">+ no encryption iu</span><br><span style="color: hsl(120, 100%, 40%);">+----</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+Enable 3G ciphering (default):</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+----</span><br><span style="color: hsl(120, 100%, 40%);">+network</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption iu</span><br><span style="color: hsl(120, 100%, 40%);">+----</span><br><span> </span><br><span> OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G.</span><br><span>diff --git a/include/osmocom/msc/gsm_data.h b/include/osmocom/msc/gsm_data.h</span><br><span>index e926b3f..b2b9e70 100644</span><br><span>--- a/include/osmocom/msc/gsm_data.h</span><br><span>+++ b/include/osmocom/msc/gsm_data.h</span><br><span>@@ -149,6 +149,11 @@</span><br><span> bool authentication_required;</span><br><span> int send_mm_info;</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ /* Whether to use encryption on Iu.</span><br><span style="color: hsl(120, 100%, 40%);">+ * TODO: we should offer a choice of UEA1 and/or UEA2, and probably replace this bool with a bit-mask of</span><br><span style="color: hsl(120, 100%, 40%);">+ * permitted Iu encryption algorithms. See also OS#4143 */</span><br><span style="color: hsl(120, 100%, 40%);">+ bool iu_encryption;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> struct rate_ctr_group *msc_ctrs;</span><br><span> struct osmo_stat_item_group *statg;</span><br><span> </span><br><span>diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c</span><br><span>index cd37cff..f3e3d92 100644</span><br><span>--- a/src/libmsc/gsm_04_08.c</span><br><span>+++ b/src/libmsc/gsm_04_08.c</span><br><span>@@ -375,7 +375,7 @@</span><br><span> net->vlr, msc_a, vlr_lu_type, tmsi, imsi,</span><br><span> &old_lai, &msc_a->via_cell.lai,</span><br><span> is_utran || net->authentication_required,</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ is_utran ? net->iu_encryption : net->a5_encryption_mask > 0x01,</span><br><span> lu->key_seq,</span><br><span> osmo_gsm48_classmark1_is_r99(&lu->classmark1),</span><br><span> is_utran,</span><br><span>@@ -780,7 +780,7 @@</span><br><span> req->cm_service_type,</span><br><span> mi-1, &msc_a->via_cell.lai,</span><br><span> is_utran || net->authentication_required,</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ is_utran ? net->iu_encryption : net->a5_encryption_mask > 0x01,</span><br><span> req->cipher_key_seq,</span><br><span> osmo_gsm48_classmark2_is_r99(cm2, cm2_len),</span><br><span> is_utran);</span><br><span>@@ -1152,7 +1152,7 @@</span><br><span> net->vlr, msc_a,</span><br><span> VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai,</span><br><span> is_utran || net->authentication_required,</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ is_utran ? net->iu_encryption : net->a5_encryption_mask > 0x01,</span><br><span> pr->key_seq,</span><br><span> osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),</span><br><span> is_utran);</span><br><span>diff --git a/src/libmsc/msc_net_init.c b/src/libmsc/msc_net_init.c</span><br><span>index 11920f3..305de15 100644</span><br><span>--- a/src/libmsc/msc_net_init.c</span><br><span>+++ b/src/libmsc/msc_net_init.c</span><br><span>@@ -49,6 +49,7 @@</span><br><span> </span><br><span> /* Permit a compile-time default of A5/3 and A5/1 */</span><br><span> net->a5_encryption_mask = (1 << 3) | (1 << 1);</span><br><span style="color: hsl(120, 100%, 40%);">+ net->iu_encryption = true;</span><br><span> </span><br><span> /* Use 30 min periodic update interval as sane default */</span><br><span> net->t3212 = 5;</span><br><span>diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c</span><br><span>index 5bf9701..d448f45 100644</span><br><span>--- a/src/libmsc/msc_vty.c</span><br><span>+++ b/src/libmsc/msc_vty.c</span><br><span>@@ -144,14 +144,13 @@</span><br><span> return CMD_SUCCESS;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#define ENCRYPTION_STR "Encryption options\n"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> DEFUN(cfg_net_encryption,</span><br><span> cfg_net_encryption_cmd,</span><br><span> "encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]",</span><br><span style="color: hsl(0, 100%, 40%);">- "Encryption options\n"</span><br><span style="color: hsl(0, 100%, 40%);">- "GSM A5 Air Interface Encryption."</span><br><span style="color: hsl(0, 100%, 40%);">- " NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption,"</span><br><span style="color: hsl(0, 100%, 40%);">- " 3G encryption is enabled exactly when any 2G encryption is enabled."</span><br><span style="color: hsl(0, 100%, 40%);">- " Hence configuring only A5/0 here switches off 3G encryption.\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ ENCRYPTION_STR</span><br><span style="color: hsl(120, 100%, 40%);">+ "GSM A5 Air Interface Encryption.\n"</span><br><span> "A5/n Algorithm Number\n"</span><br><span> "A5/n Algorithm Number\n"</span><br><span> "A5/n Algorithm Number\n"</span><br><span>@@ -166,6 +165,30 @@</span><br><span> return CMD_SUCCESS;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/* So far just a boolean switch, a future patch might add individual config for UEA1 and UEA2, see OS#4143 */</span><br><span style="color: hsl(120, 100%, 40%);">+DEFUN(cfg_net_encryption_iu,</span><br><span style="color: hsl(120, 100%, 40%);">+ cfg_net_encryption_iu_cmd,</span><br><span style="color: hsl(120, 100%, 40%);">+ "encryption iu", /* " [(uea1|uea2)] [(uea1|uea2)]" */</span><br><span style="color: hsl(120, 100%, 40%);">+ ENCRYPTION_STR</span><br><span style="color: hsl(120, 100%, 40%);">+ "Iu (UTRAN, 3G): " /* "without arguments, " */ "enable all supported encryption algorithms on Iu (UEA1, UEA2).\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ )</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ gsmnet->iu_encryption = true;</span><br><span style="color: hsl(120, 100%, 40%);">+ return CMD_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+DEFUN(cfg_net_no_encryption_iu,</span><br><span style="color: hsl(120, 100%, 40%);">+ cfg_net_no_encryption_iu_cmd,</span><br><span style="color: hsl(120, 100%, 40%);">+ "no encryption iu",</span><br><span style="color: hsl(120, 100%, 40%);">+ NO_STR</span><br><span style="color: hsl(120, 100%, 40%);">+ "Disable encryption\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ "Disable encryption on Iu (UTRAN, 3G)\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ )</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ gsmnet->iu_encryption = false;</span><br><span style="color: hsl(120, 100%, 40%);">+ return CMD_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> DEFUN(cfg_net_authentication,</span><br><span> cfg_net_authentication_cmd,</span><br><span> "authentication (optional|required)",</span><br><span>@@ -308,6 +331,9 @@</span><br><span> vty_out(vty, " %u", i);</span><br><span> }</span><br><span> vty_out(vty, "%s", VTY_NEWLINE);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!gsmnet->iu_encryption)</span><br><span style="color: hsl(120, 100%, 40%);">+ vty_out(vty, " no encryption iu%s", VTY_NEWLINE);</span><br><span> vty_out(vty, " authentication %s%s",</span><br><span> gsmnet->authentication_required ? "required" : "optional", VTY_NEWLINE);</span><br><span> vty_out(vty, " rrlp mode %s%s", msc_rrlp_mode_name(gsmnet->rrlp.mode),</span><br><span>@@ -1894,6 +1920,8 @@</span><br><span> install_element(GSMNET_NODE, &cfg_net_name_short_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_name_long_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_encryption_cmd);</span><br><span style="color: hsl(120, 100%, 40%);">+ install_element(GSMNET_NODE, &cfg_net_encryption_iu_cmd);</span><br><span style="color: hsl(120, 100%, 40%);">+ install_element(GSMNET_NODE, &cfg_net_no_encryption_iu_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_authentication_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_rrlp_mode_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_mm_info_cmd);</span><br><span>diff --git a/tests/msc_vlr/msc_vlr_test_authen_reuse.c b/tests/msc_vlr/msc_vlr_test_authen_reuse.c</span><br><span>index 62ea6c7..d73a5f8 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_test_authen_reuse.c</span><br><span>+++ b/tests/msc_vlr/msc_vlr_test_authen_reuse.c</span><br><span>@@ -266,8 +266,6 @@</span><br><span> static void test_auth_use_twice_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_auth_reuse(OSMO_RAT_GERAN_A, 1, 1, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -275,8 +273,6 @@</span><br><span> static void test_auth_use_twice_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_auth_reuse(OSMO_RAT_UTRAN_IU, 1, 1, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -284,8 +280,6 @@</span><br><span> static void test_auth_use_infinitely_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_auth_reuse(OSMO_RAT_GERAN_A, -1, 3, false);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -293,8 +287,6 @@</span><br><span> static void test_auth_use_infinitely_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_auth_reuse(OSMO_RAT_UTRAN_IU, -1, 3, false);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -302,8 +294,6 @@</span><br><span> static void test_no_auth_reuse_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_auth_reuse(OSMO_RAT_GERAN_A, 0, 0, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -311,8 +301,6 @@</span><br><span> static void test_no_auth_reuse_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_auth_reuse(OSMO_RAT_UTRAN_IU, 0, 0, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>diff --git a/tests/msc_vlr/msc_vlr_test_call.c b/tests/msc_vlr/msc_vlr_test_call.c</span><br><span>index cec2f8d..065af25 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_test_call.c</span><br><span>+++ b/tests/msc_vlr/msc_vlr_test_call.c</span><br><span>@@ -46,7 +46,6 @@</span><br><span> struct vlr_subscr *vsub;</span><br><span> </span><br><span> net->authentication_required = true;</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> net->vlr->cfg.assign_tmsi = true;</span><br><span> rx_from_ran = OSMO_RAT_UTRAN_IU;</span><br><span> </span><br><span>diff --git a/tests/msc_vlr/msc_vlr_test_umts_authen.c b/tests/msc_vlr/msc_vlr_test_umts_authen.c</span><br><span>index 1bf6cd2..4e28f05 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_test_umts_authen.c</span><br><span>+++ b/tests/msc_vlr/msc_vlr_test_umts_authen.c</span><br><span>@@ -49,6 +49,8 @@</span><br><span> "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"</span><br><span> "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"</span><br><span> "0c7ac3e9e9b7db05";</span><br><span style="color: hsl(120, 100%, 40%);">+ bool encryption = (via_ran == OSMO_RAT_GERAN_A && net->a5_encryption_mask > 0x1)</span><br><span style="color: hsl(120, 100%, 40%);">+ || (via_ran == OSMO_RAT_UTRAN_IU && net->iu_encryption);</span><br><span> </span><br><span> net->authentication_required = true;</span><br><span> net->vlr->cfg.assign_tmsi = true;</span><br><span>@@ -122,8 +124,7 @@</span><br><span> VERBOSE_ASSERT(auth_request_sent, == true, "%d");</span><br><span> VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (net->a5_encryption_mask > 0x1) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* Encryption enabled */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (encryption) {</span><br><span> if (via_ran == OSMO_RAT_GERAN_A) {</span><br><span> btw("Test code not implemented");</span><br><span> OSMO_ASSERT(false);</span><br><span>@@ -197,8 +198,7 @@</span><br><span> EXPECT_ACCEPTED(false);</span><br><span> thwart_rx_non_initial_requests();</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (net->a5_encryption_mask > 0x1) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* Encryption enabled */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (encryption) {</span><br><span> if (via_ran == OSMO_RAT_GERAN_A) {</span><br><span> btw("Test code not implemented");</span><br><span> OSMO_ASSERT(false);</span><br><span>@@ -265,8 +265,7 @@</span><br><span> EXPECT_ACCEPTED(false);</span><br><span> thwart_rx_non_initial_requests();</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (net->a5_encryption_mask > 0x1) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* Encryption enabled */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (encryption) {</span><br><span> if (via_ran == OSMO_RAT_GERAN_A) {</span><br><span> btw("Test code not implemented");</span><br><span> OSMO_ASSERT(false);</span><br><span>@@ -327,8 +326,6 @@</span><br><span> static void test_umts_authen_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -336,8 +333,7 @@</span><br><span> static void test_umts_authen_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span style="color: hsl(120, 100%, 40%);">+ net->iu_encryption = false;</span><br><span> _test_umts_authen(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -345,8 +341,7 @@</span><br><span> static void test_umts_auth_ciph_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span style="color: hsl(120, 100%, 40%);">+ net->iu_encryption = true;</span><br><span> _test_umts_authen(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -365,6 +360,8 @@</span><br><span> {</span><br><span> struct vlr_subscr *vsub;</span><br><span> const char *imsi = "901700000010650";</span><br><span style="color: hsl(120, 100%, 40%);">+ bool encryption = (via_ran == OSMO_RAT_GERAN_A && net->a5_encryption_mask > 0x1)</span><br><span style="color: hsl(120, 100%, 40%);">+ || (via_ran == OSMO_RAT_UTRAN_IU && net->iu_encryption);</span><br><span> </span><br><span> net->authentication_required = true;</span><br><span> net->vlr->cfg.assign_tmsi = true;</span><br><span>@@ -519,8 +516,7 @@</span><br><span> VERBOSE_ASSERT(auth_request_sent, == true, "%d");</span><br><span> VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (net->a5_encryption_mask > 0x1) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* Encryption enabled */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (encryption) {</span><br><span> if (via_ran == OSMO_RAT_GERAN_A) {</span><br><span> btw("Test code not implemented");</span><br><span> OSMO_ASSERT(false);</span><br><span>@@ -585,8 +581,6 @@</span><br><span> static void test_umts_authen_resync_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_resync(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -594,8 +588,7 @@</span><br><span> static void test_umts_authen_resync_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span style="color: hsl(120, 100%, 40%);">+ net->iu_encryption = false;</span><br><span> _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -603,8 +596,7 @@</span><br><span> static void test_umts_auth_ciph_resync_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span style="color: hsl(120, 100%, 40%);">+ net->iu_encryption = true;</span><br><span> _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -698,8 +690,6 @@</span><br><span> static void test_umts_authen_too_short_res_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -707,8 +697,6 @@</span><br><span> static void test_umts_authen_too_short_res_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -802,8 +790,6 @@</span><br><span> static void test_umts_authen_too_long_res_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -811,8 +797,6 @@</span><br><span> static void test_umts_authen_too_long_res_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -911,8 +895,6 @@</span><br><span> static void test_umts_authen_only_sres_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_only_sres(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -920,8 +902,6 @@</span><br><span> static void test_umts_authen_only_sres_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>diff --git a/tests/msc_vlr/msc_vlr_tests.h b/tests/msc_vlr/msc_vlr_tests.h</span><br><span>index 4330ea8..9df9cf0 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_tests.h</span><br><span>+++ b/tests/msc_vlr/msc_vlr_tests.h</span><br><span>@@ -32,9 +32,6 @@</span><br><span> #include <osmocom/msc/msc_a.h></span><br><span> #include <osmocom/msc/mncc.h></span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-#define A5_0 (1 << 0)</span><br><span style="color: hsl(0, 100%, 40%);">-#define A5_0_3 ((1 << 0) | (1 << 3))</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> extern bool _log_lines;</span><br><span> #define _log(fmt, args...) do { \</span><br><span> if (_log_lines) \</span><br><span>diff --git a/tests/test_nodes.vty b/tests/test_nodes.vty</span><br><span>index fb7b1c5..6d97658 100644</span><br><span>--- a/tests/test_nodes.vty</span><br><span>+++ b/tests/test_nodes.vty</span><br><span>@@ -17,6 +17,8 @@</span><br><span> short name NAME</span><br><span> long name NAME</span><br><span> encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption iu</span><br><span style="color: hsl(120, 100%, 40%);">+ no encryption iu</span><br><span> authentication (optional|required)</span><br><span> rrlp mode (none|ms-based|ms-preferred|ass-preferred)</span><br><span> mm info (0|1)</span><br><span>@@ -26,6 +28,22 @@</span><br><span> periodic location update <6-1530></span><br><span> no periodic location update</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption?</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption Encryption options</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption ?</span><br><span style="color: hsl(120, 100%, 40%);">+ a5 GSM A5 Air Interface Encryption.</span><br><span style="color: hsl(120, 100%, 40%);">+ iu Iu (UTRAN, 3G): enable all supported encryption algorithms on Iu (UEA1, UEA2).</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# no?</span><br><span style="color: hsl(120, 100%, 40%);">+ no Negate a command or set its defaults</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# no ?</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption Disable encryption</span><br><span style="color: hsl(120, 100%, 40%);">+ timezone Disable network timezone override, use system tz</span><br><span style="color: hsl(120, 100%, 40%);">+ periodic Periodic Location Updating Interval</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# no encryption?</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption Disable encryption</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# no encryption ?</span><br><span style="color: hsl(120, 100%, 40%);">+ iu Disable encryption on Iu (UTRAN, 3G)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> OsmoMSC(config-net)# exit</span><br><span> OsmoMSC(config)# msc</span><br><span> OsmoMSC(config-msc)# list</span><br><span>@@ -157,3 +175,43 @@</span><br><span> local-ip 0.0.0.0</span><br><span> vlr-name vlr.example.net</span><br><span> end</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC# configure terminal</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config)# network</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# no encryption iu</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# show running-config</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+network</span><br><span style="color: hsl(120, 100%, 40%);">+ network country code 001</span><br><span style="color: hsl(120, 100%, 40%);">+ mobile network code 01</span><br><span style="color: hsl(120, 100%, 40%);">+ short name OsmoMSC</span><br><span style="color: hsl(120, 100%, 40%);">+ long name OsmoMSC</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption a5 0</span><br><span style="color: hsl(120, 100%, 40%);">+ no encryption iu</span><br><span style="color: hsl(120, 100%, 40%);">+ authentication optional</span><br><span style="color: hsl(120, 100%, 40%);">+ rrlp mode none</span><br><span style="color: hsl(120, 100%, 40%);">+ mm info 1</span><br><span style="color: hsl(120, 100%, 40%);">+ periodic location update 30</span><br><span style="color: hsl(120, 100%, 40%);">+msc</span><br><span style="color: hsl(120, 100%, 40%);">+ mncc guard-timeout 180</span><br><span style="color: hsl(120, 100%, 40%);">+ ncss guard-timeout 30</span><br><span style="color: hsl(120, 100%, 40%);">+ assign-tmsi</span><br><span style="color: hsl(120, 100%, 40%);">+ cs7-instance-a 0</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+ auth-tuple-max-reuse-count 3</span><br><span style="color: hsl(120, 100%, 40%);">+ auth-tuple-reuse-on-error 1</span><br><span style="color: hsl(120, 100%, 40%);">+ mgw local-port 2728</span><br><span style="color: hsl(120, 100%, 40%);">+ mgw remote-ip 10.23.24.1</span><br><span style="color: hsl(120, 100%, 40%);">+ mgw remote-port 2427</span><br><span style="color: hsl(120, 100%, 40%);">+mncc-int</span><br><span style="color: hsl(120, 100%, 40%);">+ default-codec tch-f fr</span><br><span style="color: hsl(120, 100%, 40%);">+ default-codec tch-h hr</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+hlr</span><br><span style="color: hsl(120, 100%, 40%);">+ remote-ip 127.0.0.1</span><br><span style="color: hsl(120, 100%, 40%);">+ remote-port 4222</span><br><span style="color: hsl(120, 100%, 40%);">+sgs</span><br><span style="color: hsl(120, 100%, 40%);">+ local-port 29118</span><br><span style="color: hsl(120, 100%, 40%);">+ local-ip 0.0.0.0</span><br><span style="color: hsl(120, 100%, 40%);">+ vlr-name vlr.example.net</span><br><span style="color: hsl(120, 100%, 40%);">+end</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-msc/+/15175">change 15175</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-msc/+/15175"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-msc </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b </div>
<div style="display:none"> Gerrit-Change-Number: 15175 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: neels <nhofmeyr@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>