lynxis lazus has submitted this change. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/38397?usp=email )

Change subject: SGSN: BSSGP_ConnHdlr: GMM Service Request: handle PMM IDLE UE correct ......................................................................

SGSN: BSSGP_ConnHdlr: GMM Service Request: handle PMM IDLE UE correct

24.008: 4.7.13.3: explicitly mention the completion of the low layer security to be an implicit Security Command Accept if the UE is in PMM Idle. Extend the as_service_request() to handle both cases when UE is in PMM-IDLE as well in PMM-CONNECTED.

Change-Id: I29237997e414aea80f254247da54f909410a4b36 --- M sgsn/BSSGP_ConnHdlr.ttcn 1 file changed, 30 insertions(+), 6 deletions(-)

Approvals: pespin: Looks good to me, but someone else must approve laforge: Looks good to me, approved Jenkins Builder: Verified

diff --git a/sgsn/BSSGP_ConnHdlr.ttcn b/sgsn/BSSGP_ConnHdlr.ttcn index 2a434aa..82788f5 100644 --- a/sgsn/BSSGP_ConnHdlr.ttcn +++ b/sgsn/BSSGP_ConnHdlr.ttcn @@ -618,24 +618,48 @@ } }

-/* Iu only */ -altstep as_service_request(integer ran_index := 0) runs on BSSGP_ConnHdlr { +/* Iu only + * + * Handle a service request for a UE in PMM_IDLE or PMM_CONNECTED depending on exp_service_acc + * Depending on the PMM state: + * a) PMM_IDLE: The network will do a SecurityModeCommand on Iu, which the UE will treat as an implicit Service Accept + * b) PMM_CONNECTED: The Iu connection is already secured, do an explicit Service Accept + * + * NOTE: The old osmo-sgsn will always respond with a ServiceAccept even when the spec is clear this is not needed. + */ +altstep as_service_request(boolean exp_service_acc := true, integer ran_index := 0) runs on BSSGP_ConnHdlr { var PDU_DTAP_PS_MT mt;

- [] BSSAP.receive(tr_PDU_DTAP_PS_MT(tr_GMM_SERVICE_ACC)) -> value mt { + [exp_service_acc] BSSAP.receive(tr_PDU_DTAP_PS_MT(tr_GMM_SERVICE_ACC)) -> value mt { setverdict(pass); } + [not exp_service_acc] BSSAP.receive(tr_PDU_DTAP_PS_MT(tr_GMM_SERVICE_ACC)) -> value mt { + setverdict(fail, "Unexpected Service Accept"); + mtc.stop; + } [] BSSAP.receive(tr_PDU_DTAP_PS_MT(tr_GMM_SERVICE_REJ)) { setverdict(fail, "Unexpected Service Reject"); mtc.stop; } + /* 24.008 4.7.13.3: a SecurityModeCommand is an implicit Service Accept if UE was in PMM-IDLE */ [] BSSAP.receive(tr_RANAP_SecurityModeCmd(uia_algs := ?, uia_key := oct2bit(g_pars.vec.ik), key_sts := ?)) { var IntegrityProtectionAlgorithm uia_chosen := 0; /* 0 = standard_UMTS_integrity_algorithm_UIA1 */ BSSAP.send(ts_RANAP_SecurityModeComplete(uia_chosen)); - BSSAP.receive(tr_RANAP_CommonId(imsi_hex2oct(g_pars.imsi))) - repeat; + if (not exp_service_acc) { + /* Because we stop processing early, we need to consume the CommonID */ + BSSAP.receive(tr_RANAP_CommonId(imsi_hex2oct(g_pars.imsi))); + setverdict(pass); + } else { + /* This repeat would be wrong if you follow the spec correct. Because: + * a) the UE is in PMM Idle and in this case the exp_service_acc would be true + * b) the UE is in PMM Connected and in this case the Iu Connection should be already secure and this would fail. + * The old osmo-sgsn is doing for UE in PMM Idle both a Security Command and a Service Accept, after the VLR change, the + * osmo-sgsn will follow the spec correct. + */ + repeat; + } } }

@@ -671,7 +695,7 @@ }

alt { - [] as_service_request(ran_index) { setverdict(pass); } + [] as_service_request(exp_service_acc := true, ran_index := ran_index) { setverdict(pass); } [] BSSAP.receive { repeat; } [] T.timeout { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,