diff options
author | Neels Hofmeyr <neels@hofmeyr.de> | 2019-07-31 15:21:19 +0200 |
---|---|---|
committer | Neels Hofmeyr <neels@hofmeyr.de> | 2019-08-05 23:24:47 +0200 |
commit | a4d7a7681696723ce8128bc0f039a354d1f001ab (patch) | |
tree | a4a2f8da9da28ab6b272d8e398e0cba1fbfc9950 | |
parent | 75bdbbf45d549183eb4c87a84d5600aca178ca03 (diff) |
do not force encryption on UTRAN
Remove the conditions that always enable encryption on UTRAN.
We so far lack an explicit configuration for UTRAN encryption, and this patch
does not add any either. Instead, whether UTRAN encryption is enabled is simply
triggered on whether GERAN has A5 encryption enabled (A5/n with n > 0). Though
GERAN and UTRAN encryption are not technically related at all, this makes UTRAN
behave like GERAN for now, until we implement a proper separate configuration
for UTRAN encryption.
Adjust the msc_vlr_test_* configuration by setting the net->a5_encryption_mask
such that the expected output remains unchanged. A subsequent patch
(I54227f1f08c38c0bf69b9c48924669c4829b04b9) will add more tests, particularly
cases of UTRAN without encryption.
Adjust manual and vty doc.
Related: OS#2783
Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7
-rw-r--r-- | doc/manuals/chapters/net.adoc | 6 | ||||
-rw-r--r-- | src/libmsc/gsm_04_08.c | 6 | ||||
-rw-r--r-- | src/libmsc/msc_vty.c | 5 | ||||
-rw-r--r-- | tests/msc_vlr/msc_vlr_test_authen_reuse.c | 12 | ||||
-rw-r--r-- | tests/msc_vlr/msc_vlr_test_call.c | 1 | ||||
-rw-r--r-- | tests/msc_vlr/msc_vlr_test_umts_authen.c | 20 | ||||
-rw-r--r-- | tests/msc_vlr/msc_vlr_tests.h | 3 |
7 files changed, 48 insertions, 5 deletions
diff --git a/doc/manuals/chapters/net.adoc b/doc/manuals/chapters/net.adoc index 431455d15..4bf34a33f 100644 --- a/doc/manuals/chapters/net.adoc +++ b/doc/manuals/chapters/net.adoc @@ -189,6 +189,10 @@ network While authentication is always required on 3G, ciphering is optional. So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim -solution, ciphering is always enabled on 3G. +solution, ciphering is enabled on 3G exactly when ciphering is enabled on 2G, +i.e. when any cipher other than A5/0 is enabled in the configuration. If only +A5/0 is configured, ciphering will be disabled on both 2G and 3G. The future +aim is to add comprehensive configuration for 3G ciphering that is independent +from the 2G setting. OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G. diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c index ee317476c..cd37cff05 100644 --- a/src/libmsc/gsm_04_08.c +++ b/src/libmsc/gsm_04_08.c @@ -375,7 +375,7 @@ static int mm_rx_loc_upd_req(struct msc_a *msc_a, struct msgb *msg) net->vlr, msc_a, vlr_lu_type, tmsi, imsi, &old_lai, &msc_a->via_cell.lai, is_utran || net->authentication_required, - is_utran || net->a5_encryption_mask > 0x01, + net->a5_encryption_mask > 0x01, lu->key_seq, osmo_gsm48_classmark1_is_r99(&lu->classmark1), is_utran, @@ -780,7 +780,7 @@ int gsm48_rx_mm_serv_req(struct msc_a *msc_a, struct msgb *msg) req->cm_service_type, mi-1, &msc_a->via_cell.lai, is_utran || net->authentication_required, - is_utran || net->a5_encryption_mask > 0x01, + net->a5_encryption_mask > 0x01, req->cipher_key_seq, osmo_gsm48_classmark2_is_r99(cm2, cm2_len), is_utran); @@ -1152,7 +1152,7 @@ static int gsm48_rx_rr_pag_resp(struct msc_a *msc_a, struct msgb *msg) net->vlr, msc_a, VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai, is_utran || net->authentication_required, - is_utran || net->a5_encryption_mask > 0x01, + net->a5_encryption_mask > 0x01, pr->key_seq, osmo_gsm48_classmark2_is_r99(cm2, classmark2_len), is_utran); diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c index 8ef48ff51..5bf970163 100644 --- a/src/libmsc/msc_vty.c +++ b/src/libmsc/msc_vty.c @@ -148,7 +148,10 @@ DEFUN(cfg_net_encryption, cfg_net_encryption_cmd, "encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]", "Encryption options\n" - "GSM A5 Air Interface Encryption\n" + "GSM A5 Air Interface Encryption." + " NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption," + " 3G encryption is enabled exactly when any 2G encryption is enabled." + " Hence configuring only A5/0 here switches off 3G encryption.\n" "A5/n Algorithm Number\n" "A5/n Algorithm Number\n" "A5/n Algorithm Number\n" diff --git a/tests/msc_vlr/msc_vlr_test_authen_reuse.c b/tests/msc_vlr/msc_vlr_test_authen_reuse.c index d73a5f8c5..62ea6c7b5 100644 --- a/tests/msc_vlr/msc_vlr_test_authen_reuse.c +++ b/tests/msc_vlr/msc_vlr_test_authen_reuse.c @@ -266,6 +266,8 @@ static void _test_auth_reuse(enum osmo_rat_type via_ran, static void test_auth_use_twice_geran() { comment_start(); + /* A5/0 = no encryption */ + net->a5_encryption_mask = A5_0; _test_auth_reuse(OSMO_RAT_GERAN_A, 1, 1, true); comment_end(); } @@ -273,6 +275,8 @@ static void test_auth_use_twice_geran() static void test_auth_use_twice_utran() { comment_start(); + /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */ + net->a5_encryption_mask = A5_0_3; _test_auth_reuse(OSMO_RAT_UTRAN_IU, 1, 1, true); comment_end(); } @@ -280,6 +284,8 @@ static void test_auth_use_twice_utran() static void test_auth_use_infinitely_geran() { comment_start(); + /* A5/0 = no encryption */ + net->a5_encryption_mask = A5_0; _test_auth_reuse(OSMO_RAT_GERAN_A, -1, 3, false); comment_end(); } @@ -287,6 +293,8 @@ static void test_auth_use_infinitely_geran() static void test_auth_use_infinitely_utran() { comment_start(); + /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */ + net->a5_encryption_mask = A5_0_3; _test_auth_reuse(OSMO_RAT_UTRAN_IU, -1, 3, false); comment_end(); } @@ -294,6 +302,8 @@ static void test_auth_use_infinitely_utran() static void test_no_auth_reuse_geran() { comment_start(); + /* A5/0 = no encryption */ + net->a5_encryption_mask = A5_0; _test_auth_reuse(OSMO_RAT_GERAN_A, 0, 0, true); comment_end(); } @@ -301,6 +311,8 @@ static void test_no_auth_reuse_geran() static void test_no_auth_reuse_utran() { comment_start(); + /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */ + net->a5_encryption_mask = A5_0_3; _test_auth_reuse(OSMO_RAT_UTRAN_IU, 0, 0, true); comment_end(); } diff --git a/tests/msc_vlr/msc_vlr_test_call.c b/tests/msc_vlr/msc_vlr_test_call.c index 065af2555..cec2f8da0 100644 --- a/tests/msc_vlr/msc_vlr_test_call.c +++ b/tests/msc_vlr/msc_vlr_test_call.c @@ -46,6 +46,7 @@ static void standard_lu() struct vlr_subscr *vsub; net->authentication_required = true; + net->a5_encryption_mask = A5_0_3; net->vlr->cfg.assign_tmsi = true; rx_from_ran = OSMO_RAT_UTRAN_IU; diff --git a/tests/msc_vlr/msc_vlr_test_umts_authen.c b/tests/msc_vlr/msc_vlr_test_umts_authen.c index a89b0d1ab..6f8fa01c3 100644 --- a/tests/msc_vlr/msc_vlr_test_umts_authen.c +++ b/tests/msc_vlr/msc_vlr_test_umts_authen.c @@ -306,6 +306,8 @@ static void _test_umts_authen(enum osmo_rat_type via_ran) static void test_umts_authen_geran() { comment_start(); + /* A5/0 = no encryption */ + net->a5_encryption_mask = A5_0; _test_umts_authen(OSMO_RAT_GERAN_A); comment_end(); } @@ -313,6 +315,8 @@ static void test_umts_authen_geran() static void test_umts_authen_utran() { comment_start(); + /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */ + net->a5_encryption_mask = A5_0_3; _test_umts_authen(OSMO_RAT_UTRAN_IU); comment_end(); } @@ -544,6 +548,8 @@ static void _test_umts_authen_resync(enum osmo_rat_type via_ran) static void test_umts_authen_resync_geran() { comment_start(); + /* A5/0 = no encryption */ + net->a5_encryption_mask = A5_0; _test_umts_authen_resync(OSMO_RAT_GERAN_A); comment_end(); } @@ -551,6 +557,8 @@ static void test_umts_authen_resync_geran() static void test_umts_authen_resync_utran() { comment_start(); + /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */ + net->a5_encryption_mask = A5_0_3; _test_umts_authen_resync(OSMO_RAT_UTRAN_IU); comment_end(); } @@ -644,6 +652,8 @@ static void _test_umts_authen_too_short_res(enum osmo_rat_type via_ran) static void test_umts_authen_too_short_res_geran() { comment_start(); + /* A5/0 = no encryption */ + net->a5_encryption_mask = A5_0; _test_umts_authen_too_short_res(OSMO_RAT_GERAN_A); comment_end(); } @@ -651,6 +661,8 @@ static void test_umts_authen_too_short_res_geran() static void test_umts_authen_too_short_res_utran() { comment_start(); + /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */ + net->a5_encryption_mask = A5_0_3; _test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU); comment_end(); } @@ -744,6 +756,8 @@ static void _test_umts_authen_too_long_res(enum osmo_rat_type via_ran) static void test_umts_authen_too_long_res_geran() { comment_start(); + /* A5/0 = no encryption */ + net->a5_encryption_mask = A5_0; _test_umts_authen_too_long_res(OSMO_RAT_GERAN_A); comment_end(); } @@ -751,6 +765,8 @@ static void test_umts_authen_too_long_res_geran() static void test_umts_authen_too_long_res_utran() { comment_start(); + /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */ + net->a5_encryption_mask = A5_0_3; _test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU); comment_end(); } @@ -849,6 +865,8 @@ static void _test_umts_authen_only_sres(enum osmo_rat_type via_ran) static void test_umts_authen_only_sres_geran() { comment_start(); + /* A5/0 = no encryption */ + net->a5_encryption_mask = A5_0; _test_umts_authen_only_sres(OSMO_RAT_GERAN_A); comment_end(); } @@ -856,6 +874,8 @@ static void test_umts_authen_only_sres_geran() static void test_umts_authen_only_sres_utran() { comment_start(); + /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */ + net->a5_encryption_mask = A5_0_3; _test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU); comment_end(); } diff --git a/tests/msc_vlr/msc_vlr_tests.h b/tests/msc_vlr/msc_vlr_tests.h index 9df9cf049..4330ea869 100644 --- a/tests/msc_vlr/msc_vlr_tests.h +++ b/tests/msc_vlr/msc_vlr_tests.h @@ -32,6 +32,9 @@ #include <osmocom/msc/msc_a.h> #include <osmocom/msc/mncc.h> +#define A5_0 (1 << 0) +#define A5_0_3 ((1 << 0) | (1 << 3)) + extern bool _log_lines; #define _log(fmt, args...) do { \ if (_log_lines) \ |