This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Stefan Sperling gerrit-no-reply at lists.osmocom.orgStefan Sperling has uploaded this change for review. ( https://gerrit.osmocom.org/12347 Change subject: add three tests for CIPHER MODE COMPLETE without algo ...................................................................... add three tests for CIPHER MODE COMPLETE without algo Add three tests which exercise MSC behaviour when a CIPHER MODE COMPLETE command lacks the optional chosenEncryptionAlgorithm IE. Check for behaviour with A5/1, A5/3, and A5/1 + A5/3 configured in the network, and expect the location update to succeed. These tests pass on master, but they should somehow verify the cipher the MSC ends up using. I am not quite sure how to do that. Would inspecting the MSC's VTY be a reasonable approach? How could his be done by code which runs on BSC_ConnectionHandler? Change-Id: I1a2a126795c544613a7a87e238e1fc8c4e943885 Related: OS#2872 --- M library/BSSMAP_Templates.ttcn M msc/BSC_ConnectionHandler.ttcn M msc/MSC_Tests.cfg M msc/MSC_Tests.ttcn M msc/expected-results.xml 5 files changed, 142 insertions(+), 18 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/47/12347/1 diff --git a/library/BSSMAP_Templates.ttcn b/library/BSSMAP_Templates.ttcn index ff151f0..0db61b2 100644 --- a/library/BSSMAP_Templates.ttcn +++ b/library/BSSMAP_Templates.ttcn @@ -1032,6 +1032,19 @@ } } +template PDU_BSSAP ts_BSSMAP_CipherModeComplAlg(template BSSMAP_IE_ChosenEncryptionAlgorithm chosenEncryptionAlgorithm := ?) +modifies ts_BSSAP_BSSMAP := { + pdu := { + bssmap := { + cipherModeComplete := { + messageType := '55'O, + layer3MessageContents := omit, + chosenEncryptionAlgorithm := chosenEncryptionAlgorithm + } + } + } +} + template PDU_BSSAP tr_BSSMAP_CipherModeCompl(template OCT1 alg := ?) modifies tr_BSSAP_BSSMAP := { pdu := { bssmap := { diff --git a/msc/BSC_ConnectionHandler.ttcn b/msc/BSC_ConnectionHandler.ttcn index f005e02..c6029b7 100644 --- a/msc/BSC_ConnectionHandler.ttcn +++ b/msc/BSC_ConnectionHandler.ttcn @@ -295,28 +295,17 @@ } } -function f_perform_lu() -runs on BSC_ConnHdlr { - var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi) - var PDU_DTAP_MT dtap_mt; - - /* tell GSUP dispatcher to send this IMSI to us */ - f_create_gsup_expect(hex2str(g_pars.imsi)); - - /* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */ - f_bssap_compl_l3(l3_lu); - - if (g_pars.send_early_cm) { - BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3)); - } - - f_mm_common(); - +function f_msc_lu_hlr() runs on BSC_ConnHdlr +{ /* Expect MSC to perform LU with HLR */ GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi)); GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn)); GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi)); GSUP.send(ts_GSUP_UL_RES(g_pars.imsi)); +} + +function f_accept_reject_lu() runs on BSC_ConnHdlr { + var PDU_DTAP_MT dtap_mt; alt { [] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) -> value dtap_mt { @@ -343,10 +332,34 @@ mtc.stop; } } - /* FIXME: there could be pending SMS or other common procedures by the MSC, let's ignore them */ +} + +function f_bssap_clear() runs on BSC_ConnHdlr { BSSAP.receive(tr_BSSMAP_ClearCommand); BSSAP.send(ts_BSSMAP_ClearComplete); BSSAP.receive(BSSAP_Conn_Prim:MSC_CONN_PRIM_DISC_IND); +} + +function f_perform_lu() +runs on BSC_ConnHdlr { + var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi) + + /* tell GSUP dispatcher to send this IMSI to us */ + f_create_gsup_expect(hex2str(g_pars.imsi)); + + /* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */ + f_bssap_compl_l3(l3_lu); + + if (g_pars.send_early_cm) { + BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3)); + } + + f_mm_common(); + f_msc_lu_hlr(); + f_accept_reject_lu(); + /* FIXME: there could be pending SMS or other common procedures by the MSC, let's ignore them */ + f_bssap_clear(); + setverdict(pass); } diff --git a/msc/MSC_Tests.cfg b/msc/MSC_Tests.cfg index b412889..b852bac 100644 --- a/msc/MSC_Tests.cfg +++ b/msc/MSC_Tests.cfg @@ -61,3 +61,6 @@ #MSC_Tests.TC_reset_two #MSC_Tests.TC_lu_and_mt_call #MSC_Tests.TC_cipher_complete_with_invalid_cipher +#MSC_Tests.TC_cipher_complete_1_without_cipher +#MSC_Tests.TC_cipher_complete_3_without_cipher +#MSC_Tests.TC_cipher_complete_13_without_cipher diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn index adaeea3..3b40f50 100644 --- a/msc/MSC_Tests.ttcn +++ b/msc/MSC_Tests.ttcn @@ -2814,6 +2814,68 @@ } } +private function f_tc_cipher_complete_without_alg(charstring id, BSC_ConnHdlrPars pars, octetstring kc_support) runs on BSC_ConnHdlr { + pars.net.expect_auth := true; + pars.net.expect_ciph := true; + pars.net.kc_support := kc_support; + f_init_handler(pars); + + g_pars.vec := f_gen_auth_vec_2g(); + + /* Can't use f_perform_lu() directly. Code below is based on it. */ + + /* tell GSUP dispatcher to send this IMSI to us */ + f_create_gsup_expect(hex2str(g_pars.imsi)); + + /* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */ + var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi) + f_bssap_compl_l3(l3_lu); + + f_mm_auth(); + + var OCT1 a5_net := f_alg_mask_from_cm(g_pars.cm2); + var OCT1 a5_intersect := g_pars.net.kc_support and4b a5_net; + alt { + [] BSSAP.receive(tr_BSSMAP_CipherModeCmd(a5_intersect, g_pars.vec.kc)) { + BSSAP.send(ts_BSSMAP_CipherModeComplAlg(omit)); + } + [] BSSAP.receive(tr_BSSMAP_ClassmarkReq) { + BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3)); + repeat; + } + [] BSSAP.receive(tr_BSSMAP_CipherModeCmd(?, g_pars.vec.kc)) { + setverdict(fail, "Wrong ciphering algorithm mask in CiphModCmd"); + mtc.stop; + } + [] BSSAP.receive { + setverdict(fail, "Unknown/unexpected BSSAP received"); + mtc.stop; + } + } + + /* TODO: Verify MSC is using the best cipher available! How? */ + + f_msc_lu_hlr(); + f_accept_reject_lu(); + f_bssap_clear(); + setverdict(pass); +} + +/* A5/1 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */ +private function f_tc_cipher_complete_1_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr { + f_tc_cipher_complete_without_alg(id, pars, '02'O /* A5/1 only */); +} + +/* A5/3 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */ +private function f_tc_cipher_complete_3_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr { + f_tc_cipher_complete_without_alg(id, pars, '08'O /* A5/3 only */); +} + +/* A5/1 + A5/3 permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */ +private function f_tc_cipher_complete_13_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr { + f_tc_cipher_complete_without_alg(id, pars, '0A'O /* A5/1 and A5/3 enabled */); +} + testcase TC_cipher_complete_with_invalid_cipher() runs on MTC_CT { var BSC_ConnHdlr vc_conn; f_init(); @@ -2823,6 +2885,33 @@ vc_conn.done; } +testcase TC_cipher_complete_1_without_cipher() runs on MTC_CT { + var BSC_ConnHdlr vc_conn; + f_init(); + f_vty_config(MSCVTY, "network", "encryption a5 1"); + + vc_conn := f_start_handler(refers(f_tc_cipher_complete_1_without_cipher), 53); + vc_conn.done; +} + +testcase TC_cipher_complete_3_without_cipher() runs on MTC_CT { + var BSC_ConnHdlr vc_conn; + f_init(); + f_vty_config(MSCVTY, "network", "encryption a5 3"); + + vc_conn := f_start_handler(refers(f_tc_cipher_complete_3_without_cipher), 54); + vc_conn.done; +} + +testcase TC_cipher_complete_13_without_cipher() runs on MTC_CT { + var BSC_ConnHdlr vc_conn; + f_init(); + f_vty_config(MSCVTY, "network", "encryption a5 1 3"); + + vc_conn := f_start_handler(refers(f_tc_cipher_complete_13_without_cipher), 55); + vc_conn.done; +} + /* TODO (SMS): * different user data lengths * SMPP transaction mode with unsuccessful delivery @@ -2912,6 +3001,9 @@ execute( TC_lu_and_ss_session_timeout() ); execute( TC_cipher_complete_with_invalid_cipher() ); + execute( TC_cipher_complete_1_without_cipher() ); + execute( TC_cipher_complete_3_without_cipher() ); + execute( TC_cipher_complete_13_without_cipher() ); /* Run this last: at the time of writing this test crashes the MSC */ execute( TC_lu_imsi_auth_tmsi_encr_3_1_log_msc_debug() ); diff --git a/msc/expected-results.xml b/msc/expected-results.xml index 83c8010..1a9d68a 100644 --- a/msc/expected-results.xml +++ b/msc/expected-results.xml @@ -70,6 +70,9 @@ <testcase classname='MSC_Tests' name='TC_lu_and_mo_ussd_mo_release' time='MASKED'/> <testcase classname='MSC_Tests' name='TC_lu_and_ss_session_timeout' time='MASKED'/> <testcase classname='MSC_Tests' name='TC_cipher_complete_with_invalid_cipher' time='MASKED'/> + <testcase classname='MSC_Tests' name='TC_cipher_complete_1_without_cipher' time='MASKED'/> + <testcase classname='MSC_Tests' name='TC_cipher_complete_3_without_cipher' time='MASKED'/> + <testcase classname='MSC_Tests' name='TC_cipher_complete_13_without_cipher' time='MASKED'/> <testcase classname='MSC_Tests' name='TC_lu_imsi_auth_tmsi_encr_3_1_log_msc_debug' time='MASKED'/> <testcase classname='MSC_Tests' name='TC_mo_cc_bssmap_clear' time='MASKED'/> </testsuite> -- To view, visit https://gerrit.osmocom.org/12347 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I1a2a126795c544613a7a87e238e1fc8c4e943885 Gerrit-Change-Number: 12347 Gerrit-PatchSet: 1 Gerrit-Owner: Stefan Sperling <stsp at stsp.name> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20181218/8326e9de/attachment.htm>