<p>neels <strong>merged</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-msc/+/15175">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins Builder: Verified
pespin: Looks good to me, but someone else must approve
fixeria: Looks good to me, but someone else must approve
laforge: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">add 'encryption uea 1 2' cfg / fix ttcn3 iu tests<br><br>Recently, the ability to run UTRAN without encryption was added, but the config<br>for it was tied to the A5 GERAN encryption configuration. This affected<br>osmo-msc's default behavior of Iu, breaking osmo-msc ttcn3 Iu tests: the ttcn3<br>test suite sets A5 to 0 (no encryption) but still expects Iu to enable air<br>encryption. Fix this "regression".<br><br>Add a separate vty config option for UEA encryption, even if it does not<br>provide full granularity to select individual UEA algorithms yet.<br><br>As a result, Iu default behavior remains to enable encryption regardless of the<br>A5 config. UTRAN encryption can be disabled by the new cfg option<br>"encryption uea 0" alone.<br><br>Even though the new vty command already allows passing various combinations of<br>the UEA algorithm numbers, only '0' and '1 2' are accepted as valid<br>combinations, to reflect current osmo-msc capabilities.<br><br>Revert most changes to the msc_vlr test suite in commit "do not force<br>encryption on UTRAN" (I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7): use new<br>net->iu_encryption instead of net->a5_encryption_mask.<br><br>Adjust/add to test_nodes.vty transcript tests.<br><br>Related: OS#4144<br>Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b<br>---<br>M doc/manuals/chapters/net.adoc<br>M include/osmocom/msc/gsm_data.h<br>M src/libmsc/gsm_04_08.c<br>M src/libmsc/msc_net_init.c<br>M src/libmsc/msc_vty.c<br>M tests/msc_vlr/msc_vlr_test_authen_reuse.c<br>M tests/msc_vlr/msc_vlr_test_call.c<br>M tests/msc_vlr/msc_vlr_test_umts_authen.c<br>M tests/msc_vlr/msc_vlr_tests.h<br>M tests/test_nodes.vty<br>10 files changed, 153 insertions(+), 62 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/doc/manuals/chapters/net.adoc b/doc/manuals/chapters/net.adoc</span><br><span>index 4bf34a3..6edb9ee 100644</span><br><span>--- a/doc/manuals/chapters/net.adoc</span><br><span>+++ b/doc/manuals/chapters/net.adoc</span><br><span>@@ -188,11 +188,22 @@</span><br><span> </span><br><span> While authentication is always required on 3G, ciphering is optional.</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim</span><br><span style="color: hsl(0, 100%, 40%);">-solution, ciphering is enabled on 3G exactly when ciphering is enabled on 2G,</span><br><span style="color: hsl(0, 100%, 40%);">-i.e. when any cipher other than A5/0 is enabled in the configuration. If only</span><br><span style="color: hsl(0, 100%, 40%);">-A5/0 is configured, ciphering will be disabled on both 2G and 3G. The future</span><br><span style="color: hsl(0, 100%, 40%);">-aim is to add comprehensive configuration for 3G ciphering that is independent</span><br><span style="color: hsl(0, 100%, 40%);">-from the 2G setting.</span><br><span style="color: hsl(120, 100%, 40%);">+So far OsmoMSC allows switching ciphering on 3G either on or off -- the default</span><br><span style="color: hsl(120, 100%, 40%);">+behavior is to enable ciphering. (Individual choice of algorithms may be added</span><br><span style="color: hsl(120, 100%, 40%);">+in the future.)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+Disable 3G ciphering:</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+----</span><br><span style="color: hsl(120, 100%, 40%);">+network</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea 0</span><br><span style="color: hsl(120, 100%, 40%);">+----</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+Enable 3G ciphering (default):</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+----</span><br><span style="color: hsl(120, 100%, 40%);">+network</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea 1 2</span><br><span style="color: hsl(120, 100%, 40%);">+----</span><br><span> </span><br><span> OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G.</span><br><span>diff --git a/include/osmocom/msc/gsm_data.h b/include/osmocom/msc/gsm_data.h</span><br><span>index e926b3f..a90b732 100644</span><br><span>--- a/include/osmocom/msc/gsm_data.h</span><br><span>+++ b/include/osmocom/msc/gsm_data.h</span><br><span>@@ -149,6 +149,11 @@</span><br><span> bool authentication_required;</span><br><span> int send_mm_info;</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+ /* Whether to use encryption on UTRAN.</span><br><span style="color: hsl(120, 100%, 40%);">+ * TODO: we should offer a choice of UEA1 and/or UEA2, and probably replace this bool with a bit-mask of</span><br><span style="color: hsl(120, 100%, 40%);">+ * permitted Iu encryption algorithms. See also OS#4143 and the 'encryption uea' vty command. */</span><br><span style="color: hsl(120, 100%, 40%);">+ bool uea_encryption;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> struct rate_ctr_group *msc_ctrs;</span><br><span> struct osmo_stat_item_group *statg;</span><br><span> </span><br><span>diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c</span><br><span>index cd37cff..086116f 100644</span><br><span>--- a/src/libmsc/gsm_04_08.c</span><br><span>+++ b/src/libmsc/gsm_04_08.c</span><br><span>@@ -375,7 +375,7 @@</span><br><span> net->vlr, msc_a, vlr_lu_type, tmsi, imsi,</span><br><span> &old_lai, &msc_a->via_cell.lai,</span><br><span> is_utran || net->authentication_required,</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ is_utran ? net->uea_encryption : net->a5_encryption_mask > 0x01,</span><br><span> lu->key_seq,</span><br><span> osmo_gsm48_classmark1_is_r99(&lu->classmark1),</span><br><span> is_utran,</span><br><span>@@ -780,7 +780,7 @@</span><br><span> req->cm_service_type,</span><br><span> mi-1, &msc_a->via_cell.lai,</span><br><span> is_utran || net->authentication_required,</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ is_utran ? net->uea_encryption : net->a5_encryption_mask > 0x01,</span><br><span> req->cipher_key_seq,</span><br><span> osmo_gsm48_classmark2_is_r99(cm2, cm2_len),</span><br><span> is_utran);</span><br><span>@@ -1152,7 +1152,7 @@</span><br><span> net->vlr, msc_a,</span><br><span> VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai,</span><br><span> is_utran || net->authentication_required,</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask > 0x01,</span><br><span style="color: hsl(120, 100%, 40%);">+ is_utran ? net->uea_encryption : net->a5_encryption_mask > 0x01,</span><br><span> pr->key_seq,</span><br><span> osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),</span><br><span> is_utran);</span><br><span>diff --git a/src/libmsc/msc_net_init.c b/src/libmsc/msc_net_init.c</span><br><span>index 11920f3..91b6165 100644</span><br><span>--- a/src/libmsc/msc_net_init.c</span><br><span>+++ b/src/libmsc/msc_net_init.c</span><br><span>@@ -49,6 +49,7 @@</span><br><span> </span><br><span> /* Permit a compile-time default of A5/3 and A5/1 */</span><br><span> net->a5_encryption_mask = (1 << 3) | (1 << 1);</span><br><span style="color: hsl(120, 100%, 40%);">+ net->uea_encryption = true;</span><br><span> </span><br><span> /* Use 30 min periodic update interval as sane default */</span><br><span> net->t3212 = 5;</span><br><span>diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c</span><br><span>index 5bf9701..4674e2e 100644</span><br><span>--- a/src/libmsc/msc_vty.c</span><br><span>+++ b/src/libmsc/msc_vty.c</span><br><span>@@ -144,14 +144,13 @@</span><br><span> return CMD_SUCCESS;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+#define ENCRYPTION_STR "Encryption options\n"</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> DEFUN(cfg_net_encryption,</span><br><span> cfg_net_encryption_cmd,</span><br><span> "encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]",</span><br><span style="color: hsl(0, 100%, 40%);">- "Encryption options\n"</span><br><span style="color: hsl(0, 100%, 40%);">- "GSM A5 Air Interface Encryption."</span><br><span style="color: hsl(0, 100%, 40%);">- " NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption,"</span><br><span style="color: hsl(0, 100%, 40%);">- " 3G encryption is enabled exactly when any 2G encryption is enabled."</span><br><span style="color: hsl(0, 100%, 40%);">- " Hence configuring only A5/0 here switches off 3G encryption.\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ ENCRYPTION_STR</span><br><span style="color: hsl(120, 100%, 40%);">+ "GSM A5 Air Interface Encryption.\n"</span><br><span> "A5/n Algorithm Number\n"</span><br><span> "A5/n Algorithm Number\n"</span><br><span> "A5/n Algorithm Number\n"</span><br><span>@@ -166,6 +165,45 @@</span><br><span> return CMD_SUCCESS;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/* So far just a boolean switch, a future patch might add individual config for UEA1 and UEA2, see OS#4143 */</span><br><span style="color: hsl(120, 100%, 40%);">+DEFUN(cfg_net_encryption_uea,</span><br><span style="color: hsl(120, 100%, 40%);">+ cfg_net_encryption_uea_cmd,</span><br><span style="color: hsl(120, 100%, 40%);">+ "encryption uea <0-2> [<0-2>] [<0-2>]",</span><br><span style="color: hsl(120, 100%, 40%);">+ ENCRYPTION_STR</span><br><span style="color: hsl(120, 100%, 40%);">+ "UTRAN (3G) encryption algorithms to allow: 0 = UEA0 (no encryption), 1 = UEA1, 2 = UEA2."</span><br><span style="color: hsl(120, 100%, 40%);">+ " NOTE: the current implementation does not allow free choice of combining encryption algorithms yet."</span><br><span style="color: hsl(120, 100%, 40%);">+ " The only valid settings are either 'encryption uea 0' or 'encryption uea 1 2'.\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ "UEAn Algorithm Number\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ "UEAn Algorithm Number\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ "UEAn Algorithm Number\n"</span><br><span style="color: hsl(120, 100%, 40%);">+ )</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ unsigned int i;</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t mask = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ for (i = 0; i < argc; i++)</span><br><span style="color: hsl(120, 100%, 40%);">+ mask |= (1 << atoi(argv[i]));</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (mask == (1 << 0)) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* UEA0. Disable encryption. */</span><br><span style="color: hsl(120, 100%, 40%);">+ gsmnet->uea_encryption = false;</span><br><span style="color: hsl(120, 100%, 40%);">+ } else if (mask == ((1 << 1) | (1 << 2))) {</span><br><span style="color: hsl(120, 100%, 40%);">+ /* UEA1 and UEA2. Enable encryption. */</span><br><span style="color: hsl(120, 100%, 40%);">+ gsmnet->uea_encryption = true;</span><br><span style="color: hsl(120, 100%, 40%);">+ } else {</span><br><span style="color: hsl(120, 100%, 40%);">+ vty_out(vty,</span><br><span style="color: hsl(120, 100%, 40%);">+ "%% Error: the current implementation does not allow free choice of combining%s"</span><br><span style="color: hsl(120, 100%, 40%);">+ "%% encryption algorithms yet. The only valid settings are either%s"</span><br><span style="color: hsl(120, 100%, 40%);">+ "%% encryption uea 0%s"</span><br><span style="color: hsl(120, 100%, 40%);">+ "%% or%s"</span><br><span style="color: hsl(120, 100%, 40%);">+ "%% encryption uea 1 2%s",</span><br><span style="color: hsl(120, 100%, 40%);">+ VTY_NEWLINE, VTY_NEWLINE, VTY_NEWLINE, VTY_NEWLINE, VTY_NEWLINE);</span><br><span style="color: hsl(120, 100%, 40%);">+ return CMD_WARNING;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ return CMD_SUCCESS;</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> DEFUN(cfg_net_authentication,</span><br><span> cfg_net_authentication_cmd,</span><br><span> "authentication (optional|required)",</span><br><span>@@ -308,6 +346,11 @@</span><br><span> vty_out(vty, " %u", i);</span><br><span> }</span><br><span> vty_out(vty, "%s", VTY_NEWLINE);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!gsmnet->uea_encryption)</span><br><span style="color: hsl(120, 100%, 40%);">+ vty_out(vty, " encryption uea 0%s", VTY_NEWLINE);</span><br><span style="color: hsl(120, 100%, 40%);">+ else</span><br><span style="color: hsl(120, 100%, 40%);">+ vty_out(vty, " encryption uea 1 2%s", VTY_NEWLINE);</span><br><span> vty_out(vty, " authentication %s%s",</span><br><span> gsmnet->authentication_required ? "required" : "optional", VTY_NEWLINE);</span><br><span> vty_out(vty, " rrlp mode %s%s", msc_rrlp_mode_name(gsmnet->rrlp.mode),</span><br><span>@@ -1894,6 +1937,7 @@</span><br><span> install_element(GSMNET_NODE, &cfg_net_name_short_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_name_long_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_encryption_cmd);</span><br><span style="color: hsl(120, 100%, 40%);">+ install_element(GSMNET_NODE, &cfg_net_encryption_uea_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_authentication_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_rrlp_mode_cmd);</span><br><span> install_element(GSMNET_NODE, &cfg_net_mm_info_cmd);</span><br><span>diff --git a/tests/msc_vlr/msc_vlr_test_authen_reuse.c b/tests/msc_vlr/msc_vlr_test_authen_reuse.c</span><br><span>index 62ea6c7..d73a5f8 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_test_authen_reuse.c</span><br><span>+++ b/tests/msc_vlr/msc_vlr_test_authen_reuse.c</span><br><span>@@ -266,8 +266,6 @@</span><br><span> static void test_auth_use_twice_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_auth_reuse(OSMO_RAT_GERAN_A, 1, 1, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -275,8 +273,6 @@</span><br><span> static void test_auth_use_twice_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_auth_reuse(OSMO_RAT_UTRAN_IU, 1, 1, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -284,8 +280,6 @@</span><br><span> static void test_auth_use_infinitely_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_auth_reuse(OSMO_RAT_GERAN_A, -1, 3, false);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -293,8 +287,6 @@</span><br><span> static void test_auth_use_infinitely_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_auth_reuse(OSMO_RAT_UTRAN_IU, -1, 3, false);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -302,8 +294,6 @@</span><br><span> static void test_no_auth_reuse_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_auth_reuse(OSMO_RAT_GERAN_A, 0, 0, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -311,8 +301,6 @@</span><br><span> static void test_no_auth_reuse_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_auth_reuse(OSMO_RAT_UTRAN_IU, 0, 0, true);</span><br><span> comment_end();</span><br><span> }</span><br><span>diff --git a/tests/msc_vlr/msc_vlr_test_call.c b/tests/msc_vlr/msc_vlr_test_call.c</span><br><span>index cec2f8d..065af25 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_test_call.c</span><br><span>+++ b/tests/msc_vlr/msc_vlr_test_call.c</span><br><span>@@ -46,7 +46,6 @@</span><br><span> struct vlr_subscr *vsub;</span><br><span> </span><br><span> net->authentication_required = true;</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> net->vlr->cfg.assign_tmsi = true;</span><br><span> rx_from_ran = OSMO_RAT_UTRAN_IU;</span><br><span> </span><br><span>diff --git a/tests/msc_vlr/msc_vlr_test_umts_authen.c b/tests/msc_vlr/msc_vlr_test_umts_authen.c</span><br><span>index 1bf6cd2..761db55 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_test_umts_authen.c</span><br><span>+++ b/tests/msc_vlr/msc_vlr_test_umts_authen.c</span><br><span>@@ -49,6 +49,8 @@</span><br><span> "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"</span><br><span> "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"</span><br><span> "0c7ac3e9e9b7db05";</span><br><span style="color: hsl(120, 100%, 40%);">+ bool encryption = (via_ran == OSMO_RAT_GERAN_A && net->a5_encryption_mask > 0x1)</span><br><span style="color: hsl(120, 100%, 40%);">+ || (via_ran == OSMO_RAT_UTRAN_IU && net->uea_encryption);</span><br><span> </span><br><span> net->authentication_required = true;</span><br><span> net->vlr->cfg.assign_tmsi = true;</span><br><span>@@ -122,8 +124,7 @@</span><br><span> VERBOSE_ASSERT(auth_request_sent, == true, "%d");</span><br><span> VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (net->a5_encryption_mask > 0x1) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* Encryption enabled */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (encryption) {</span><br><span> if (via_ran == OSMO_RAT_GERAN_A) {</span><br><span> btw("Test code not implemented");</span><br><span> OSMO_ASSERT(false);</span><br><span>@@ -197,8 +198,7 @@</span><br><span> EXPECT_ACCEPTED(false);</span><br><span> thwart_rx_non_initial_requests();</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (net->a5_encryption_mask > 0x1) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* Encryption enabled */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (encryption) {</span><br><span> if (via_ran == OSMO_RAT_GERAN_A) {</span><br><span> btw("Test code not implemented");</span><br><span> OSMO_ASSERT(false);</span><br><span>@@ -265,8 +265,7 @@</span><br><span> EXPECT_ACCEPTED(false);</span><br><span> thwart_rx_non_initial_requests();</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (net->a5_encryption_mask > 0x1) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* Encryption enabled */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (encryption) {</span><br><span> if (via_ran == OSMO_RAT_GERAN_A) {</span><br><span> btw("Test code not implemented");</span><br><span> OSMO_ASSERT(false);</span><br><span>@@ -327,8 +326,6 @@</span><br><span> static void test_umts_authen_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -336,8 +333,7 @@</span><br><span> static void test_umts_authen_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span style="color: hsl(120, 100%, 40%);">+ net->uea_encryption = false;</span><br><span> _test_umts_authen(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -345,8 +341,7 @@</span><br><span> static void test_umts_auth_ciph_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span style="color: hsl(120, 100%, 40%);">+ net->uea_encryption = true;</span><br><span> _test_umts_authen(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -365,6 +360,8 @@</span><br><span> {</span><br><span> struct vlr_subscr *vsub;</span><br><span> const char *imsi = "901700000010650";</span><br><span style="color: hsl(120, 100%, 40%);">+ bool encryption = (via_ran == OSMO_RAT_GERAN_A && net->a5_encryption_mask > 0x1)</span><br><span style="color: hsl(120, 100%, 40%);">+ || (via_ran == OSMO_RAT_UTRAN_IU && net->uea_encryption);</span><br><span> </span><br><span> net->authentication_required = true;</span><br><span> net->vlr->cfg.assign_tmsi = true;</span><br><span>@@ -519,8 +516,7 @@</span><br><span> VERBOSE_ASSERT(auth_request_sent, == true, "%d");</span><br><span> VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (net->a5_encryption_mask > 0x1) {</span><br><span style="color: hsl(0, 100%, 40%);">- /* Encryption enabled */</span><br><span style="color: hsl(120, 100%, 40%);">+ if (encryption) {</span><br><span> if (via_ran == OSMO_RAT_GERAN_A) {</span><br><span> btw("Test code not implemented");</span><br><span> OSMO_ASSERT(false);</span><br><span>@@ -585,8 +581,6 @@</span><br><span> static void test_umts_authen_resync_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_resync(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -594,8 +588,7 @@</span><br><span> static void test_umts_authen_resync_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span style="color: hsl(120, 100%, 40%);">+ net->uea_encryption = false;</span><br><span> _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -603,8 +596,7 @@</span><br><span> static void test_umts_auth_ciph_resync_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span style="color: hsl(120, 100%, 40%);">+ net->uea_encryption = true;</span><br><span> _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -698,8 +690,6 @@</span><br><span> static void test_umts_authen_too_short_res_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -707,8 +697,6 @@</span><br><span> static void test_umts_authen_too_short_res_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -802,8 +790,6 @@</span><br><span> static void test_umts_authen_too_long_res_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -811,8 +797,6 @@</span><br><span> static void test_umts_authen_too_long_res_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -911,8 +895,6 @@</span><br><span> static void test_umts_authen_only_sres_geran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 = no encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0;</span><br><span> _test_umts_authen_only_sres(OSMO_RAT_GERAN_A);</span><br><span> comment_end();</span><br><span> }</span><br><span>@@ -920,8 +902,6 @@</span><br><span> static void test_umts_authen_only_sres_utran()</span><br><span> {</span><br><span> comment_start();</span><br><span style="color: hsl(0, 100%, 40%);">- /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */</span><br><span style="color: hsl(0, 100%, 40%);">- net->a5_encryption_mask = A5_0_3;</span><br><span> _test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);</span><br><span> comment_end();</span><br><span> }</span><br><span>diff --git a/tests/msc_vlr/msc_vlr_tests.h b/tests/msc_vlr/msc_vlr_tests.h</span><br><span>index 4330ea8..9df9cf0 100644</span><br><span>--- a/tests/msc_vlr/msc_vlr_tests.h</span><br><span>+++ b/tests/msc_vlr/msc_vlr_tests.h</span><br><span>@@ -32,9 +32,6 @@</span><br><span> #include <osmocom/msc/msc_a.h></span><br><span> #include <osmocom/msc/mncc.h></span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-#define A5_0 (1 << 0)</span><br><span style="color: hsl(0, 100%, 40%);">-#define A5_0_3 ((1 << 0) | (1 << 3))</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span> extern bool _log_lines;</span><br><span> #define _log(fmt, args...) do { \</span><br><span> if (_log_lines) \</span><br><span>diff --git a/tests/test_nodes.vty b/tests/test_nodes.vty</span><br><span>index fb7b1c5..0ad390f 100644</span><br><span>--- a/tests/test_nodes.vty</span><br><span>+++ b/tests/test_nodes.vty</span><br><span>@@ -17,6 +17,7 @@</span><br><span> short name NAME</span><br><span> long name NAME</span><br><span> encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea <0-2> [<0-2>] [<0-2>]</span><br><span> authentication (optional|required)</span><br><span> rrlp mode (none|ms-based|ms-preferred|ass-preferred)</span><br><span> mm info (0|1)</span><br><span>@@ -26,6 +27,21 @@</span><br><span> periodic location update <6-1530></span><br><span> no periodic location update</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption?</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption Encryption options</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption ?</span><br><span style="color: hsl(120, 100%, 40%);">+ a5 GSM A5 Air Interface Encryption.</span><br><span style="color: hsl(120, 100%, 40%);">+ uea UTRAN (3G) encryption algorithms to allow: 0 = UEA0 (no encryption), 1 = UEA1, 2 = UEA2. NOTE: the current implementation does not allow free choice of combining encryption algorithms yet. The only valid settings are either 'encryption uea 0' or 'encryption uea 1 2'.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea ?</span><br><span style="color: hsl(120, 100%, 40%);">+ <0-2> UEAn Algorithm Number</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea 0 ?</span><br><span style="color: hsl(120, 100%, 40%);">+ [<0-2>] UEAn Algorithm Number</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea 0 1 ?</span><br><span style="color: hsl(120, 100%, 40%);">+ [<0-2>] UEAn Algorithm Number</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea 0 1 2 ?</span><br><span style="color: hsl(120, 100%, 40%);">+ <cr> </span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> OsmoMSC(config-net)# exit</span><br><span> OsmoMSC(config)# msc</span><br><span> OsmoMSC(config-msc)# list</span><br><span>@@ -130,6 +146,7 @@</span><br><span> short name OsmoMSC</span><br><span> long name OsmoMSC</span><br><span> encryption a5 0</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea 1 2</span><br><span> authentication optional</span><br><span> rrlp mode none</span><br><span> mm info 1</span><br><span>@@ -157,3 +174,52 @@</span><br><span> local-ip 0.0.0.0</span><br><span> vlr-name vlr.example.net</span><br><span> end</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC# configure terminal</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config)# network</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea 0</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# show running-config</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea 0</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea 1</span><br><span style="color: hsl(120, 100%, 40%);">+% Error: the current implementation does not allow free choice of combining</span><br><span style="color: hsl(120, 100%, 40%);">+% encryption algorithms yet. The only valid settings are either</span><br><span style="color: hsl(120, 100%, 40%);">+% encryption uea 0</span><br><span style="color: hsl(120, 100%, 40%);">+% or</span><br><span style="color: hsl(120, 100%, 40%);">+% encryption uea 1 2</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# show running-config</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea 0</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea 2</span><br><span style="color: hsl(120, 100%, 40%);">+% Error: the current implementation does not allow free choice of combining</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# show running-config</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea 0</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea 0 1</span><br><span style="color: hsl(120, 100%, 40%);">+% Error: the current implementation does not allow free choice of combining</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# show running-config</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea 0</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea 0 2</span><br><span style="color: hsl(120, 100%, 40%);">+% Error: the current implementation does not allow free choice of combining</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# show running-config</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea 0</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# encryption uea 1 2</span><br><span style="color: hsl(120, 100%, 40%);">+OsmoMSC(config-net)# show running-config</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span style="color: hsl(120, 100%, 40%);">+ encryption uea 1 2</span><br><span style="color: hsl(120, 100%, 40%);">+...</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-msc/+/15175">change 15175</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-msc/+/15175"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-msc </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b </div>
<div style="display:none"> Gerrit-Change-Number: 15175 </div>
<div style="display:none"> Gerrit-PatchSet: 4 </div>
<div style="display:none"> Gerrit-Owner: neels <nhofmeyr@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: fixeria <axilirator@gmail.com> </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@gnumonks.org> </div>
<div style="display:none"> Gerrit-Reviewer: neels <nhofmeyr@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>