Change in osmo-ttcn3-hacks[master]: add three tests for CIPHER MODE COMPLETE without algo

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Stefan Sperling gerrit-no-reply at lists.osmocom.org
Tue Dec 18 16:30:27 UTC 2018 

Stefan Sperling has uploaded this change for review. ( https://gerrit.osmocom.org/12347


Change subject: add three tests for CIPHER MODE COMPLETE without algo
......................................................................

add three tests for CIPHER MODE COMPLETE without algo

Add three tests which exercise MSC behaviour when a CIPHER MODE
COMPLETE command lacks the optional chosenEncryptionAlgorithm IE.
Check for behaviour with A5/1, A5/3, and A5/1 + A5/3 configured
in the network, and expect the location update to succeed.

These tests pass on master, but they should somehow verify the
cipher the MSC ends up using. I am not quite sure how to do that.
Would inspecting the MSC's VTY be a reasonable approach? How
could his be done by code which runs on BSC_ConnectionHandler?

Change-Id: I1a2a126795c544613a7a87e238e1fc8c4e943885
Related: OS#2872
---
M library/BSSMAP_Templates.ttcn
M msc/BSC_ConnectionHandler.ttcn
M msc/MSC_Tests.cfg
M msc/MSC_Tests.ttcn
M msc/expected-results.xml
5 files changed, 142 insertions(+), 18 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/47/12347/1

diff --git a/library/BSSMAP_Templates.ttcn b/library/BSSMAP_Templates.ttcn
index ff151f0..0db61b2 100644
--- a/library/BSSMAP_Templates.ttcn
+++ b/library/BSSMAP_Templates.ttcn
@@ -1032,6 +1032,19 @@
 	}
 }
 
+template PDU_BSSAP ts_BSSMAP_CipherModeComplAlg(template BSSMAP_IE_ChosenEncryptionAlgorithm chosenEncryptionAlgorithm := ?)
+modifies ts_BSSAP_BSSMAP := {
+	pdu := {
+		bssmap := {
+			cipherModeComplete := {
+				messageType := '55'O,
+				layer3MessageContents := omit,
+				chosenEncryptionAlgorithm := chosenEncryptionAlgorithm
+			}
+		}
+	}
+}
+
 template PDU_BSSAP tr_BSSMAP_CipherModeCompl(template OCT1 alg := ?) modifies tr_BSSAP_BSSMAP := {
 	pdu := {
 		bssmap := {
diff --git a/msc/BSC_ConnectionHandler.ttcn b/msc/BSC_ConnectionHandler.ttcn
index f005e02..c6029b7 100644
--- a/msc/BSC_ConnectionHandler.ttcn
+++ b/msc/BSC_ConnectionHandler.ttcn
@@ -295,28 +295,17 @@
 	}
 }
 
-function f_perform_lu()
-runs on BSC_ConnHdlr {
-	var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
-	var PDU_DTAP_MT dtap_mt;
-
-	/* tell GSUP dispatcher to send this IMSI to us */
-	f_create_gsup_expect(hex2str(g_pars.imsi));
-
-	/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
-	f_bssap_compl_l3(l3_lu);
-
-	if (g_pars.send_early_cm) {
-		BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
-	}
-
-	f_mm_common();
-
+function f_msc_lu_hlr() runs on BSC_ConnHdlr
+{
 	/* Expect MSC to perform LU with HLR */
 	GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
 	GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn));
 	GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi));
 	GSUP.send(ts_GSUP_UL_RES(g_pars.imsi));
+}
+
+function f_accept_reject_lu() runs on BSC_ConnHdlr {
+	var PDU_DTAP_MT dtap_mt;
 
 	alt {
 	[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) -> value dtap_mt {
@@ -343,10 +332,34 @@
 		mtc.stop;
 		}
 	}
-	/* FIXME: there could be pending SMS or other common procedures by the MSC, let's ignore them */
+}
+
+function f_bssap_clear() runs on BSC_ConnHdlr {
 	BSSAP.receive(tr_BSSMAP_ClearCommand);
 	BSSAP.send(ts_BSSMAP_ClearComplete);
 	BSSAP.receive(BSSAP_Conn_Prim:MSC_CONN_PRIM_DISC_IND);
+}
+
+function f_perform_lu()
+runs on BSC_ConnHdlr {
+	var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
+
+	/* tell GSUP dispatcher to send this IMSI to us */
+	f_create_gsup_expect(hex2str(g_pars.imsi));
+
+	/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
+	f_bssap_compl_l3(l3_lu);
+
+	if (g_pars.send_early_cm) {
+		BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
+	}
+
+	f_mm_common();
+	f_msc_lu_hlr();
+	f_accept_reject_lu();
+	/* FIXME: there could be pending SMS or other common procedures by the MSC, let's ignore them */
+	f_bssap_clear();
+
 	setverdict(pass);
 }
 
diff --git a/msc/MSC_Tests.cfg b/msc/MSC_Tests.cfg
index b412889..b852bac 100644
--- a/msc/MSC_Tests.cfg
+++ b/msc/MSC_Tests.cfg
@@ -61,3 +61,6 @@
 #MSC_Tests.TC_reset_two
 #MSC_Tests.TC_lu_and_mt_call
 #MSC_Tests.TC_cipher_complete_with_invalid_cipher
+#MSC_Tests.TC_cipher_complete_1_without_cipher
+#MSC_Tests.TC_cipher_complete_3_without_cipher
+#MSC_Tests.TC_cipher_complete_13_without_cipher
diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn
index adaeea3..3b40f50 100644
--- a/msc/MSC_Tests.ttcn
+++ b/msc/MSC_Tests.ttcn
@@ -2814,6 +2814,68 @@
 	}
 }
 
+private function f_tc_cipher_complete_without_alg(charstring id, BSC_ConnHdlrPars pars, octetstring kc_support) runs on BSC_ConnHdlr {
+	pars.net.expect_auth := true;
+	pars.net.expect_ciph := true;
+	pars.net.kc_support := kc_support;
+	f_init_handler(pars);
+
+	g_pars.vec := f_gen_auth_vec_2g();
+
+	/* Can't use f_perform_lu() directly. Code below is based on it. */
+
+	/* tell GSUP dispatcher to send this IMSI to us */
+	f_create_gsup_expect(hex2str(g_pars.imsi));
+
+	/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
+	var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
+	f_bssap_compl_l3(l3_lu);
+
+	f_mm_auth();
+
+	var OCT1 a5_net := f_alg_mask_from_cm(g_pars.cm2);
+	var OCT1 a5_intersect := g_pars.net.kc_support and4b a5_net;
+	alt {
+	[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(a5_intersect, g_pars.vec.kc)) {
+		BSSAP.send(ts_BSSMAP_CipherModeComplAlg(omit));
+		}
+	[] BSSAP.receive(tr_BSSMAP_ClassmarkReq) {
+		BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
+		repeat;
+		}
+	[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(?, g_pars.vec.kc)) {
+		setverdict(fail, "Wrong ciphering algorithm mask in CiphModCmd");
+		mtc.stop;
+		}
+	[] BSSAP.receive {
+		setverdict(fail, "Unknown/unexpected BSSAP received");
+		mtc.stop;
+		}
+	}
+
+	/* TODO: Verify MSC is using the best cipher available! How? */
+
+	f_msc_lu_hlr();
+	f_accept_reject_lu();
+	f_bssap_clear();
+	setverdict(pass);
+}
+
+/* A5/1 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
+private function f_tc_cipher_complete_1_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	f_tc_cipher_complete_without_alg(id, pars, '02'O /* A5/1 only */);
+}
+
+/* A5/3 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
+private function f_tc_cipher_complete_3_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	f_tc_cipher_complete_without_alg(id, pars, '08'O /* A5/3 only */);
+}
+
+/* A5/1 + A5/3 permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
+private function f_tc_cipher_complete_13_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	f_tc_cipher_complete_without_alg(id, pars, '0A'O /* A5/1 and A5/3 enabled */);
+}
+
 testcase TC_cipher_complete_with_invalid_cipher() runs on MTC_CT {
 	var BSC_ConnHdlr vc_conn;
 	f_init();
@@ -2823,6 +2885,33 @@
 	vc_conn.done;
 }
 
+testcase TC_cipher_complete_1_without_cipher() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	f_vty_config(MSCVTY, "network", "encryption a5 1");
+
+	vc_conn := f_start_handler(refers(f_tc_cipher_complete_1_without_cipher), 53);
+	vc_conn.done;
+}
+
+testcase TC_cipher_complete_3_without_cipher() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	f_vty_config(MSCVTY, "network", "encryption a5 3");
+
+	vc_conn := f_start_handler(refers(f_tc_cipher_complete_3_without_cipher), 54);
+	vc_conn.done;
+}
+
+testcase TC_cipher_complete_13_without_cipher() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	f_vty_config(MSCVTY, "network", "encryption a5 1 3");
+
+	vc_conn := f_start_handler(refers(f_tc_cipher_complete_13_without_cipher), 55);
+	vc_conn.done;
+}
+
 /* TODO (SMS):
    * different user data lengths
    * SMPP transaction mode with unsuccessful delivery
@@ -2912,6 +3001,9 @@
 	execute( TC_lu_and_ss_session_timeout() );
 
 	execute( TC_cipher_complete_with_invalid_cipher() );
+	execute( TC_cipher_complete_1_without_cipher() );
+	execute( TC_cipher_complete_3_without_cipher() );
+	execute( TC_cipher_complete_13_without_cipher() );
 
 	/* Run this last: at the time of writing this test crashes the MSC */
 	execute( TC_lu_imsi_auth_tmsi_encr_3_1_log_msc_debug() );
diff --git a/msc/expected-results.xml b/msc/expected-results.xml
index 83c8010..1a9d68a 100644
--- a/msc/expected-results.xml
+++ b/msc/expected-results.xml
@@ -70,6 +70,9 @@
   <testcase classname='MSC_Tests' name='TC_lu_and_mo_ussd_mo_release' time='MASKED'/>
   <testcase classname='MSC_Tests' name='TC_lu_and_ss_session_timeout' time='MASKED'/>
   <testcase classname='MSC_Tests' name='TC_cipher_complete_with_invalid_cipher' time='MASKED'/>
+  <testcase classname='MSC_Tests' name='TC_cipher_complete_1_without_cipher' time='MASKED'/>
+  <testcase classname='MSC_Tests' name='TC_cipher_complete_3_without_cipher' time='MASKED'/>
+  <testcase classname='MSC_Tests' name='TC_cipher_complete_13_without_cipher' time='MASKED'/>
   <testcase classname='MSC_Tests' name='TC_lu_imsi_auth_tmsi_encr_3_1_log_msc_debug' time='MASKED'/>
   <testcase classname='MSC_Tests' name='TC_mo_cc_bssmap_clear' time='MASKED'/>
 </testsuite>

-- 
To view, visit https://gerrit.osmocom.org/12347
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I1a2a126795c544613a7a87e238e1fc8c4e943885
Gerrit-Change-Number: 12347
Gerrit-PatchSet: 1
Gerrit-Owner: Stefan Sperling <stsp at stsp.name>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181218/8326e9de/attachment.htm>

More information about the gerrit-log mailing list