Change in osmo-ttcn3-hacks[master]: msc: add first a5/4 tests

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Hoernchen gerrit-no-reply at lists.osmocom.org
Mon May 17 13:30:55 UTC 2021 

Hoernchen has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/24247 )


Change subject: msc: add first a5/4 tests
......................................................................

msc: add first a5/4 tests

All msc tests involving classmarks suffer from the same problem: if a
existing subscriber is reused the old classmarks will stick, since the
msc only overwrites updated parts of the cm when receiving a new cm, so
"downgrading" the existing classmark information is not possible.

Change-Id: Idc055a006b325f58a5eafa88bc4415181b3500a2
---
M library/BSSMAP_Templates.ttcn
M msc/BSC_ConnectionHandler.ttcn
M msc/MSC_Tests.ttcn
M msc/expected-results.xml
M msc/gen_links.sh
M msc/regen_makefile.sh
6 files changed, 165 insertions(+), 6 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/47/24247/1

diff --git a/library/BSSMAP_Templates.ttcn b/library/BSSMAP_Templates.ttcn
index 2b99a5b..06aa351 100644
--- a/library/BSSMAP_Templates.ttcn
+++ b/library/BSSMAP_Templates.ttcn
@@ -1474,6 +1474,13 @@
 	}
 }
 
+
+template BSSMAP_IE_ClassmarkInformationType3 ts_CM3_default := {
+	elementIdentifier := '13'O,
+	lengthIndicator := 0,	/* overwritten */
+	classmark3ValuePart := '01'O /* A5/4 supported */
+}
+
 template PDU_BSSAP ts_BSSMAP_ClassmarkUpd(template BSSMAP_IE_ClassmarkInformationType2 cm2 := ts_CM2_default,
 					  template BSSMAP_IE_ClassmarkInformationType3 cm3 := omit)
 modifies ts_BSSAP_BSSMAP := {
@@ -1516,6 +1523,18 @@
 	}
 }
 
+template PDU_BSSAP tr_BSSMAP_ClassmarkRequest
+modifies tr_BSSAP_BSSMAP := {
+	pdu := {
+		bssmap := {
+			classmarkRequest := {
+				messageType := '58'O,
+				talkerPriority := *
+			}
+		}
+	}
+}
+
 /* return Layer3 octetstring inside BSSAP PDU */
 function f_bssap_extract_l3(PDU_BSSAP bssap) return template octetstring {
 	if (ischosen(bssap.pdu.bssmap)) {
diff --git a/msc/BSC_ConnectionHandler.ttcn b/msc/BSC_ConnectionHandler.ttcn
index 30adb03..70f2b14 100644
--- a/msc/BSC_ConnectionHandler.ttcn
+++ b/msc/BSC_ConnectionHandler.ttcn
@@ -12,6 +12,7 @@
 
 module BSC_ConnectionHandler {
 
+import from TCCOpenSecurity_Functions all;
 import from General_Types all;
 import from Osmocom_Types all;
 import from Native_Functions all;
@@ -110,7 +111,7 @@
 };
 
 /* get a one-octet bitmaks of supported algorithms based on Classmark information */
-function f_alg_mask_from_cm(BSSMAP_IE_ClassmarkInformationType2 cm2) return OCT1 {
+function f_alg_mask_from_cm(BSSMAP_IE_ClassmarkInformationType2 cm2, template (omit) BSSMAP_IE_ClassmarkInformationType3 cm3 := omit) return OCT1 {
 	var BIT8 res := '00000001'B;	/* A5/0 always supported */
 
 	if (cm2.a5_1 == '0'B) {
@@ -122,7 +123,12 @@
 	if (cm2.classmarkInformationType2_oct5.a5_3 == '1'B) {
 		res := res or4b '00001000'B;
 	}
-	/* TODO: CM3 for A5/4 and beyond */
+	if (not istemplatekind(cm3, "omit")) {
+		var BSSMAP_IE_ClassmarkInformationType3 v := valueof(cm3);
+		var BIT8 tmp := oct2bit(v.classmark3ValuePart[0]) and4b '00001111'B;
+		res := res or4b (tmp << 4);
+	}
+
 	return bit2oct(res);
 }
 
@@ -154,6 +160,15 @@
 	return -1;
 }
 
+/* return true for A5/x supported by OCT1 bitmask */
+function f_alg_supported_by_mask(OCT1 mask_in, integer whicha5) return boolean {
+	var BIT8 mask := oct2bit(mask_in);
+	if (mask and4b ('00000001'B << whicha5) != '00000000'B) {
+		return true;
+	}
+	return false;
+}
+
 /* altstep for the global guard timer */
 private altstep as_Tguard() runs on BSC_ConnHdlr {
 	[] g_Tguard.timeout {
@@ -419,6 +434,7 @@
 								g_pars.vec.autn,
 								g_pars.vec.res));
 		GSUP.send(ts_GSUP_SAI_RES(g_pars.imsi, auth_tuple));
+		g_pars.vec.kc := f_auth3g_kc();
 	} else {
 		g_pars.vec := f_gen_auth_vec_2g();
 		auth_tuple := valueof(ts_GSUP_IE_AuthTuple2G(g_pars.vec.rand,
@@ -530,15 +546,49 @@
 	}
 }
 
+function f_auth3g_kc() runs on BSC_ConnHdlr return OCT8 {
+	var integer i;
+	var octetstring res := g_pars.vec.ck[0] xor4b g_pars.vec.ck[0 + 8] xor4b g_pars.vec.ik[0] xor4b g_pars.vec.ik[0 + 8];
+	for (i := 1; i < 8; i := i + 1) {
+		var octetstring a := g_pars.vec.ck[i] xor4b g_pars.vec.ck[i + 8] xor4b g_pars.vec.ik[i] xor4b g_pars.vec.ik[i + 8];
+		res := res & a;
+	}
+
+	return res;
+}
+
+
 function f_mm_common() runs on BSC_ConnHdlr
 {
 	f_mm_auth();
 	if (g_pars.ran_is_geran) {
 		if (g_pars.net.expect_ciph) {
-			var OCT1 a5_net := f_alg_mask_from_cm(g_pars.cm2);
+			var OCT1 a5_net := f_alg_mask_from_cm(g_pars.cm2, g_pars.cm3);
 			var OCT1 a5_intersect := g_pars.net.kc_support and4b a5_net;
+			var boolean has_a54 := f_alg_supported_by_mask(a5_intersect, 4);
+
+			var PDU_BSSAP pdu;
 			alt {
-			[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(a5_intersect, g_pars.vec.kc)) {
+				[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(a5_intersect, g_pars.vec.kc)) -> value pdu {
+				var PDU_BSSMAP_CipherModeCommand ciphmodcmd := pdu.pdu.bssmap.cipherModeCommand;
+				if (g_pars.use_umts_aka and has_a54) {
+					var OCT32 fulloutput := f_calculate_HMAC_SHA256(g_pars.vec.ck & g_pars.vec.ik, '32'O, 32);
+					var OCT16 kc128 := substr(fulloutput, 0, 16);
+					if (not ispresent(ciphmodcmd.kC128)) {
+						setverdict(fail, "kc128 missing in CiphModCmd");
+						mtc.stop;
+					}
+					if (ciphmodcmd.kC128.kC128_Value != kc128) {
+						setverdict(fail, "kc128 wrong in CiphModCmd?!", kc128);
+						mtc.stop;
+					}
+				} else {
+					if (ispresent(ciphmodcmd.kC128)) {
+						setverdict(fail, "kc128 present in CiphModCmd, but should not exist!");
+						mtc.stop;
+					}
+				}
+
 				var OCT1 a5_chosen := f_best_alg_from_mask(a5_intersect);
 				var integer a5_nr := f_alg_from_mask(a5_chosen);
 				BSSAP.send(ts_BSSMAP_CipherModeCompl(int2oct(a5_nr+1, 1)));
@@ -547,6 +597,10 @@
 				setverdict(fail, "Wrong ciphering algorithm mask in CiphModCmd");
 				mtc.stop;
 				}
+			[] BSSAP.receive(tr_BSSMAP_ClassmarkRequest) {
+				BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3))
+				repeat;
+				}
 			}
 			/* FIXME: Send the best available algorithm */
 		}
diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn
index 8325625..3ab1745 100644
--- a/msc/MSC_Tests.ttcn
+++ b/msc/MSC_Tests.ttcn
@@ -2007,6 +2007,84 @@
 	vc_conn.done;
 }
 
+/* A5/0 + A5/1 + A5/3 + a5/4 only permitted on network side, and MS with only A5/1 support */
+private function f_tc_lu_imsi_auth_tmsi_encr_0134_1(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	pars.net.expect_auth := true;
+	pars.net.expect_ciph := true;
+	pars.net.kc_support := '03'O;	/*  A5/0 + A5/1 */
+	pars.cm1.a5_1 := '0'B;
+	pars.cm2.a5_1 := '0'B;
+	pars.cm2.classmarkInformationType2_oct5.a5_3 := '0'B;
+	pars.cm2.classmarkInformationType2_oct5.a5_2 := '0'B;
+	pars.cm2.classmarkInformationType2_oct5.cm3 := '0'B;
+	pars.cm3 := omit;
+	pars.use_umts_aka := true;
+
+	f_init_handler(pars, 15.0);
+	f_perform_lu();
+}
+testcase TC_lu_imsi_auth_tmsi_encr_0134_1() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	f_vty_config(MSCVTY, "network", "authentication required");
+	f_vty_config(MSCVTY, "network", "encryption a5 0 1 3 4");
+
+	vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_0134_1), 39);
+	vc_conn.done;
+}
+
+/* A5/0 + A5/1 + A5/3 + a5/4 only permitted on network side, and MS with A5/3 + A5/4 support */
+private function f_tc_lu_imsi_auth_tmsi_encr_0134_34(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	pars.net.expect_auth := true;
+	pars.net.expect_ciph := true;
+	pars.net.kc_support := '19'O;	/* A5/3 + A5/4 */
+	pars.cm1.a5_1 := '1'B;
+	pars.cm2.a5_1 := '1'B;
+	pars.cm2.classmarkInformationType2_oct5.a5_3 := '1'B;
+	pars.cm2.classmarkInformationType2_oct5.a5_2 := '0'B;
+	pars.cm2.classmarkInformationType2_oct5.cm3 := '1'B;
+	pars.cm3 := valueof(ts_CM3_default);
+	pars.use_umts_aka := true;
+
+	f_init_handler(pars, 15.0);
+	f_perform_lu();
+}
+testcase TC_lu_imsi_auth_tmsi_encr_0134_34() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	f_vty_config(MSCVTY, "network", "authentication required");
+	f_vty_config(MSCVTY, "network", "encryption a5 0 1 3 4");
+
+	vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_0134_34), 40);
+	vc_conn.done;
+}
+
+/* A5/0 + A5/1 + A5/3 + a5/4 only permitted on network side, and MS with A5/3 support but no CM3 */
+private function f_tc_lu_imsi_auth_tmsi_encr_0134_34_no_cm3(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	pars.net.expect_auth := true;
+	pars.net.expect_ciph := true;
+	pars.net.kc_support := '19'O;	/* A5/3 + A5/4 */
+	pars.cm1.a5_1 := '1'B;
+	pars.cm2.a5_1 := '1'B;
+	pars.cm2.classmarkInformationType2_oct5.a5_3 := '1'B;
+	pars.cm2.classmarkInformationType2_oct5.a5_2 := '0'B;
+	pars.cm2.classmarkInformationType2_oct5.cm3 := '0'B;
+	pars.cm3 := omit;
+	pars.use_umts_aka := true;
+
+	f_init_handler(pars, 15.0);
+	f_perform_lu();
+}
+testcase TC_lu_imsi_auth_tmsi_encr_0134_34_no_cm3() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	f_vty_config(MSCVTY, "network", "authentication required");
+	f_vty_config(MSCVTY, "network", "encryption a5 0 1 3 4");
+
+	vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_0134_34_no_cm3), 41);
+	vc_conn.done;
+}
+
 /* A5/0 + A5/1 + A5/3 only permitted on network side, and MS with only A5/2 support */
 private function f_tc_lu_imsi_auth_tmsi_encr_013_2(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
 	pars.net.expect_auth := true;
@@ -6435,6 +6513,10 @@
 	execute( TC_lu_imsi_auth_tmsi_encr_3_1_no_cm() );
 	execute( TC_lu_imsi_auth_tmsi_encr_13_2() );
 	execute( TC_lu_imsi_auth_tmsi_encr_013_2() );
+	execute( TC_lu_imsi_auth_tmsi_encr_0134_1() );
+	execute( TC_lu_imsi_auth_tmsi_encr_0134_34() );
+	execute( TC_lu_imsi_auth_tmsi_encr_0134_34_no_cm3() );
+
 	execute( TC_mo_release_timeout() );
 	execute( TC_lu_and_mt_call_no_dlcx_resp() );
 	execute( TC_reset_two() );
diff --git a/msc/expected-results.xml b/msc/expected-results.xml
index a01cd22..4e2eeba 100644
--- a/msc/expected-results.xml
+++ b/msc/expected-results.xml
@@ -56,6 +56,9 @@
   <testcase classname='MSC_Tests' name='TC_lu_imsi_auth_tmsi_encr_3_1_no_cm' time='MASKED'/>
   <testcase classname='MSC_Tests' name='TC_lu_imsi_auth_tmsi_encr_13_2' time='MASKED'/>
   <testcase classname='MSC_Tests' name='TC_lu_imsi_auth_tmsi_encr_013_2' time='MASKED'/>
+  <testcase classname='MSC_Tests' name='TC_lu_imsi_auth_tmsi_encr_0134_1' time='MASKED'/>
+  <testcase classname='MSC_Tests' name='TC_lu_imsi_auth_tmsi_encr_0134_34' time='MASKED'/>
+  <testcase classname='MSC_Tests' name='TC_lu_imsi_auth_tmsi_encr_0134_34_no_cm3' time='MASKED'/>
   <testcase classname='MSC_Tests' name='TC_mo_release_timeout' time='MASKED'/>
   <testcase classname='MSC_Tests' name='TC_lu_and_mt_call_no_dlcx_resp' time='MASKED'/>
   <testcase classname='MSC_Tests' name='TC_reset_two' time='MASKED'/>
diff --git a/msc/gen_links.sh b/msc/gen_links.sh
index 221110e..b112a67 100755
--- a/msc/gen_links.sh
+++ b/msc/gen_links.sh
@@ -11,6 +11,7 @@
 DIR=$BASEDIR/titan.Libraries.TCCUsefulFunctions/src
 FILES="TCCInterface_Functions.ttcn TCCConversion_Functions.ttcn TCCConversion.cc TCCInterface.cc TCCInterface_ip.h"
 FILES+=" TCCEncoding_Functions.ttcn TCCEncoding.cc " # GSM 7-bit coding
+FILES+=" TCCOpenSecurity_Functions.ttcn TCCOpenSecurity.cc TCCOpenSecurity_Functions.hh"
 gen_links $DIR $FILES
 
 DIR=$BASEDIR/titan.TestPorts.Common_Components.Socket-API/src
diff --git a/msc/regen_makefile.sh b/msc/regen_makefile.sh
index 6ee3ef5..cbb491d 100755
--- a/msc/regen_makefile.sh
+++ b/msc/regen_makefile.sh
@@ -1,9 +1,9 @@
 #!/bin/sh
 
-FILES="*.ttcn *.ttcnpp SCCP_EncDec.cc  SCTPasp_PT.cc  TCCConversion.cc TCCInterface.cc UD_PT.cc MNCC_EncDec.cc IPL4asp_PT.cc IPL4asp_discovery.cc SDP_EncDec.cc RTP_EncDec.cc IPA_CodecPort_CtrlFunctDef.cc RTP_CodecPort_CtrlFunctDef.cc MGCP_CodecPort_CtrlFunctDef.cc TELNETasp_PT.cc Native_FunctionDefs.cc SMPP_EncDec.cc SMPP_CodecPort_CtrlFunctDef.cc MAP_EncDec.cc SS_EncDec.cc TCCEncoding.cc SGsAP_CodecPort_CtrlFunctDef.cc RANAP_EncDec.cc *.c *.asn"
+FILES="*.ttcn *.ttcnpp SCCP_EncDec.cc  SCTPasp_PT.cc  TCCConversion.cc TCCInterface.cc UD_PT.cc MNCC_EncDec.cc IPL4asp_PT.cc IPL4asp_discovery.cc SDP_EncDec.cc RTP_EncDec.cc IPA_CodecPort_CtrlFunctDef.cc RTP_CodecPort_CtrlFunctDef.cc MGCP_CodecPort_CtrlFunctDef.cc TELNETasp_PT.cc Native_FunctionDefs.cc SMPP_EncDec.cc SMPP_CodecPort_CtrlFunctDef.cc MAP_EncDec.cc SS_EncDec.cc TCCEncoding.cc SGsAP_CodecPort_CtrlFunctDef.cc RANAP_EncDec.cc TCCOpenSecurity.cc *.c *.asn"
 
 export CPPFLAGS_TTCN3="-DIPA_EMULATION_MGCP -DIPA_EMULATION_CTRL -DIPA_EMULATION_GSUP -DIPA_EMULATION_SCCP -DRAN_EMULATION_BSSAP -DRAN_EMULATION_MGCP -DRAN_EMULATION_CTRL -DRAN_EMULATION_RANAP -DUSE_MTP3_DISTRIBUTOR"
 
 ../regen-makefile.sh MSC_Tests.ttcn $FILES
 
-sed -i -e 's/^LINUX_LIBS = -lxml2 -lsctp/LINUX_LIBS = -lxml2 -lsctp -lfftranscode/' Makefile
+sed -i -e 's/^LINUX_LIBS = -lxml2 -lsctp/LINUX_LIBS = -lxml2 -lsctp -lfftranscode -lssl/' Makefile

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/24247
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: Idc055a006b325f58a5eafa88bc4415181b3500a2
Gerrit-Change-Number: 24247
Gerrit-PatchSet: 1
Gerrit-Owner: Hoernchen <ewild at sysmocom.de>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20210517/bba2c7b9/attachment.htm>

More information about the gerrit-log mailing list