aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeels Hofmeyr <neels@hofmeyr.de>2019-07-31 15:21:19 +0200
committerNeels Hofmeyr <neels@hofmeyr.de>2019-08-05 23:24:47 +0200
commita4d7a7681696723ce8128bc0f039a354d1f001ab (patch)
treea4a2f8da9da28ab6b272d8e398e0cba1fbfc9950
parent75bdbbf45d549183eb4c87a84d5600aca178ca03 (diff)
do not force encryption on UTRAN
Remove the conditions that always enable encryption on UTRAN. We so far lack an explicit configuration for UTRAN encryption, and this patch does not add any either. Instead, whether UTRAN encryption is enabled is simply triggered on whether GERAN has A5 encryption enabled (A5/n with n > 0). Though GERAN and UTRAN encryption are not technically related at all, this makes UTRAN behave like GERAN for now, until we implement a proper separate configuration for UTRAN encryption. Adjust the msc_vlr_test_* configuration by setting the net->a5_encryption_mask such that the expected output remains unchanged. A subsequent patch (I54227f1f08c38c0bf69b9c48924669c4829b04b9) will add more tests, particularly cases of UTRAN without encryption. Adjust manual and vty doc. Related: OS#2783 Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7
-rw-r--r--doc/manuals/chapters/net.adoc6
-rw-r--r--src/libmsc/gsm_04_08.c6
-rw-r--r--src/libmsc/msc_vty.c5
-rw-r--r--tests/msc_vlr/msc_vlr_test_authen_reuse.c12
-rw-r--r--tests/msc_vlr/msc_vlr_test_call.c1
-rw-r--r--tests/msc_vlr/msc_vlr_test_umts_authen.c20
-rw-r--r--tests/msc_vlr/msc_vlr_tests.h3
7 files changed, 48 insertions, 5 deletions
diff --git a/doc/manuals/chapters/net.adoc b/doc/manuals/chapters/net.adoc
index 431455d15..4bf34a33f 100644
--- a/doc/manuals/chapters/net.adoc
+++ b/doc/manuals/chapters/net.adoc
@@ -189,6 +189,10 @@ network
While authentication is always required on 3G, ciphering is optional.
So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim
-solution, ciphering is always enabled on 3G.
+solution, ciphering is enabled on 3G exactly when ciphering is enabled on 2G,
+i.e. when any cipher other than A5/0 is enabled in the configuration. If only
+A5/0 is configured, ciphering will be disabled on both 2G and 3G. The future
+aim is to add comprehensive configuration for 3G ciphering that is independent
+from the 2G setting.
OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G.
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index ee317476c..cd37cff05 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -375,7 +375,7 @@ static int mm_rx_loc_upd_req(struct msc_a *msc_a, struct msgb *msg)
net->vlr, msc_a, vlr_lu_type, tmsi, imsi,
&old_lai, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
- is_utran || net->a5_encryption_mask > 0x01,
+ net->a5_encryption_mask > 0x01,
lu->key_seq,
osmo_gsm48_classmark1_is_r99(&lu->classmark1),
is_utran,
@@ -780,7 +780,7 @@ int gsm48_rx_mm_serv_req(struct msc_a *msc_a, struct msgb *msg)
req->cm_service_type,
mi-1, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
- is_utran || net->a5_encryption_mask > 0x01,
+ net->a5_encryption_mask > 0x01,
req->cipher_key_seq,
osmo_gsm48_classmark2_is_r99(cm2, cm2_len),
is_utran);
@@ -1152,7 +1152,7 @@ static int gsm48_rx_rr_pag_resp(struct msc_a *msc_a, struct msgb *msg)
net->vlr, msc_a,
VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
- is_utran || net->a5_encryption_mask > 0x01,
+ net->a5_encryption_mask > 0x01,
pr->key_seq,
osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),
is_utran);
diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c
index 8ef48ff51..5bf970163 100644
--- a/src/libmsc/msc_vty.c
+++ b/src/libmsc/msc_vty.c
@@ -148,7 +148,10 @@ DEFUN(cfg_net_encryption,
cfg_net_encryption_cmd,
"encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]",
"Encryption options\n"
- "GSM A5 Air Interface Encryption\n"
+ "GSM A5 Air Interface Encryption."
+ " NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption,"
+ " 3G encryption is enabled exactly when any 2G encryption is enabled."
+ " Hence configuring only A5/0 here switches off 3G encryption.\n"
"A5/n Algorithm Number\n"
"A5/n Algorithm Number\n"
"A5/n Algorithm Number\n"
diff --git a/tests/msc_vlr/msc_vlr_test_authen_reuse.c b/tests/msc_vlr/msc_vlr_test_authen_reuse.c
index d73a5f8c5..62ea6c7b5 100644
--- a/tests/msc_vlr/msc_vlr_test_authen_reuse.c
+++ b/tests/msc_vlr/msc_vlr_test_authen_reuse.c
@@ -266,6 +266,8 @@ static void _test_auth_reuse(enum osmo_rat_type via_ran,
static void test_auth_use_twice_geran()
{
comment_start();
+ /* A5/0 = no encryption */
+ net->a5_encryption_mask = A5_0;
_test_auth_reuse(OSMO_RAT_GERAN_A, 1, 1, true);
comment_end();
}
@@ -273,6 +275,8 @@ static void test_auth_use_twice_geran()
static void test_auth_use_twice_utran()
{
comment_start();
+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+ net->a5_encryption_mask = A5_0_3;
_test_auth_reuse(OSMO_RAT_UTRAN_IU, 1, 1, true);
comment_end();
}
@@ -280,6 +284,8 @@ static void test_auth_use_twice_utran()
static void test_auth_use_infinitely_geran()
{
comment_start();
+ /* A5/0 = no encryption */
+ net->a5_encryption_mask = A5_0;
_test_auth_reuse(OSMO_RAT_GERAN_A, -1, 3, false);
comment_end();
}
@@ -287,6 +293,8 @@ static void test_auth_use_infinitely_geran()
static void test_auth_use_infinitely_utran()
{
comment_start();
+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+ net->a5_encryption_mask = A5_0_3;
_test_auth_reuse(OSMO_RAT_UTRAN_IU, -1, 3, false);
comment_end();
}
@@ -294,6 +302,8 @@ static void test_auth_use_infinitely_utran()
static void test_no_auth_reuse_geran()
{
comment_start();
+ /* A5/0 = no encryption */
+ net->a5_encryption_mask = A5_0;
_test_auth_reuse(OSMO_RAT_GERAN_A, 0, 0, true);
comment_end();
}
@@ -301,6 +311,8 @@ static void test_no_auth_reuse_geran()
static void test_no_auth_reuse_utran()
{
comment_start();
+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+ net->a5_encryption_mask = A5_0_3;
_test_auth_reuse(OSMO_RAT_UTRAN_IU, 0, 0, true);
comment_end();
}
diff --git a/tests/msc_vlr/msc_vlr_test_call.c b/tests/msc_vlr/msc_vlr_test_call.c
index 065af2555..cec2f8da0 100644
--- a/tests/msc_vlr/msc_vlr_test_call.c
+++ b/tests/msc_vlr/msc_vlr_test_call.c
@@ -46,6 +46,7 @@ static void standard_lu()
struct vlr_subscr *vsub;
net->authentication_required = true;
+ net->a5_encryption_mask = A5_0_3;
net->vlr->cfg.assign_tmsi = true;
rx_from_ran = OSMO_RAT_UTRAN_IU;
diff --git a/tests/msc_vlr/msc_vlr_test_umts_authen.c b/tests/msc_vlr/msc_vlr_test_umts_authen.c
index a89b0d1ab..6f8fa01c3 100644
--- a/tests/msc_vlr/msc_vlr_test_umts_authen.c
+++ b/tests/msc_vlr/msc_vlr_test_umts_authen.c
@@ -306,6 +306,8 @@ static void _test_umts_authen(enum osmo_rat_type via_ran)
static void test_umts_authen_geran()
{
comment_start();
+ /* A5/0 = no encryption */
+ net->a5_encryption_mask = A5_0;
_test_umts_authen(OSMO_RAT_GERAN_A);
comment_end();
}
@@ -313,6 +315,8 @@ static void test_umts_authen_geran()
static void test_umts_authen_utran()
{
comment_start();
+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+ net->a5_encryption_mask = A5_0_3;
_test_umts_authen(OSMO_RAT_UTRAN_IU);
comment_end();
}
@@ -544,6 +548,8 @@ static void _test_umts_authen_resync(enum osmo_rat_type via_ran)
static void test_umts_authen_resync_geran()
{
comment_start();
+ /* A5/0 = no encryption */
+ net->a5_encryption_mask = A5_0;
_test_umts_authen_resync(OSMO_RAT_GERAN_A);
comment_end();
}
@@ -551,6 +557,8 @@ static void test_umts_authen_resync_geran()
static void test_umts_authen_resync_utran()
{
comment_start();
+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+ net->a5_encryption_mask = A5_0_3;
_test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
comment_end();
}
@@ -644,6 +652,8 @@ static void _test_umts_authen_too_short_res(enum osmo_rat_type via_ran)
static void test_umts_authen_too_short_res_geran()
{
comment_start();
+ /* A5/0 = no encryption */
+ net->a5_encryption_mask = A5_0;
_test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
comment_end();
}
@@ -651,6 +661,8 @@ static void test_umts_authen_too_short_res_geran()
static void test_umts_authen_too_short_res_utran()
{
comment_start();
+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+ net->a5_encryption_mask = A5_0_3;
_test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
comment_end();
}
@@ -744,6 +756,8 @@ static void _test_umts_authen_too_long_res(enum osmo_rat_type via_ran)
static void test_umts_authen_too_long_res_geran()
{
comment_start();
+ /* A5/0 = no encryption */
+ net->a5_encryption_mask = A5_0;
_test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
comment_end();
}
@@ -751,6 +765,8 @@ static void test_umts_authen_too_long_res_geran()
static void test_umts_authen_too_long_res_utran()
{
comment_start();
+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+ net->a5_encryption_mask = A5_0_3;
_test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
comment_end();
}
@@ -849,6 +865,8 @@ static void _test_umts_authen_only_sres(enum osmo_rat_type via_ran)
static void test_umts_authen_only_sres_geran()
{
comment_start();
+ /* A5/0 = no encryption */
+ net->a5_encryption_mask = A5_0;
_test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
comment_end();
}
@@ -856,6 +874,8 @@ static void test_umts_authen_only_sres_geran()
static void test_umts_authen_only_sres_utran()
{
comment_start();
+ /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
+ net->a5_encryption_mask = A5_0_3;
_test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
comment_end();
}
diff --git a/tests/msc_vlr/msc_vlr_tests.h b/tests/msc_vlr/msc_vlr_tests.h
index 9df9cf049..4330ea869 100644
--- a/tests/msc_vlr/msc_vlr_tests.h
+++ b/tests/msc_vlr/msc_vlr_tests.h
@@ -32,6 +32,9 @@
#include <osmocom/msc/msc_a.h>
#include <osmocom/msc/mncc.h>
+#define A5_0 (1 << 0)
+#define A5_0_3 ((1 << 0) | (1 << 3))
+
extern bool _log_lines;
#define _log(fmt, args...) do { \
if (_log_lines) \