diff options
author | Neels Hofmeyr <neels@hofmeyr.de> | 2019-08-13 16:00:37 +0200 |
---|---|---|
committer | Neels Hofmeyr <neels@hofmeyr.de> | 2019-08-13 23:52:31 +0200 |
commit | 4dfb2babf213f679ee93ea16e000f228f2b766b4 (patch) | |
tree | 71d56c475d7cfdf396bf99c2e3e1a75a9c074882 /src | |
parent | cd64af7cd4e6b0a6b1123a0e8a01fa1633bc234b (diff) |
add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
Recently, the ability to run UTRAN without encryption was added, but the config
for it was tied to the A5 GERAN encryption configuration. This affected
osmo-msc's default behavior of Iu, breaking osmo-msc ttcn3 Iu tests: the ttcn3
test suite sets A5 to 0 (no encryption) but still expects Iu to enable air
encryption. Fix this "regression".
Add a separate vty config option for UEA encryption, even if it does not
provide full granularity to select individual UEA algorithms yet.
As a result, Iu default behavior remains to enable encryption regardless of the
A5 config. UTRAN encryption can be disabled by the new cfg option
"encryption uea 0" alone.
Even though the new vty command already allows passing various combinations of
the UEA algorithm numbers, only '0' and '1 2' are accepted as valid
combinations, to reflect current osmo-msc capabilities.
Revert most changes to the msc_vlr test suite in commit "do not force
encryption on UTRAN" (I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7): use new
net->iu_encryption instead of net->a5_encryption_mask.
Adjust/add to test_nodes.vty transcript tests.
Related: OS#4144
Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b
Diffstat (limited to 'src')
-rw-r--r-- | src/libmsc/gsm_04_08.c | 6 | ||||
-rw-r--r-- | src/libmsc/msc_net_init.c | 1 | ||||
-rw-r--r-- | src/libmsc/msc_vty.c | 54 |
3 files changed, 53 insertions, 8 deletions
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c index cd37cff05..086116fd5 100644 --- a/src/libmsc/gsm_04_08.c +++ b/src/libmsc/gsm_04_08.c @@ -375,7 +375,7 @@ static int mm_rx_loc_upd_req(struct msc_a *msc_a, struct msgb *msg) net->vlr, msc_a, vlr_lu_type, tmsi, imsi, &old_lai, &msc_a->via_cell.lai, is_utran || net->authentication_required, - net->a5_encryption_mask > 0x01, + is_utran ? net->uea_encryption : net->a5_encryption_mask > 0x01, lu->key_seq, osmo_gsm48_classmark1_is_r99(&lu->classmark1), is_utran, @@ -780,7 +780,7 @@ int gsm48_rx_mm_serv_req(struct msc_a *msc_a, struct msgb *msg) req->cm_service_type, mi-1, &msc_a->via_cell.lai, is_utran || net->authentication_required, - net->a5_encryption_mask > 0x01, + is_utran ? net->uea_encryption : net->a5_encryption_mask > 0x01, req->cipher_key_seq, osmo_gsm48_classmark2_is_r99(cm2, cm2_len), is_utran); @@ -1152,7 +1152,7 @@ static int gsm48_rx_rr_pag_resp(struct msc_a *msc_a, struct msgb *msg) net->vlr, msc_a, VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai, is_utran || net->authentication_required, - net->a5_encryption_mask > 0x01, + is_utran ? net->uea_encryption : net->a5_encryption_mask > 0x01, pr->key_seq, osmo_gsm48_classmark2_is_r99(cm2, classmark2_len), is_utran); diff --git a/src/libmsc/msc_net_init.c b/src/libmsc/msc_net_init.c index 11920f377..91b6165bd 100644 --- a/src/libmsc/msc_net_init.c +++ b/src/libmsc/msc_net_init.c @@ -49,6 +49,7 @@ struct gsm_network *gsm_network_init(void *ctx, mncc_recv_cb_t mncc_recv) /* Permit a compile-time default of A5/3 and A5/1 */ net->a5_encryption_mask = (1 << 3) | (1 << 1); + net->uea_encryption = true; /* Use 30 min periodic update interval as sane default */ net->t3212 = 5; diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c index 5bf970163..4674e2e68 100644 --- a/src/libmsc/msc_vty.c +++ b/src/libmsc/msc_vty.c @@ -144,14 +144,13 @@ DEFUN(cfg_net_name_long, return CMD_SUCCESS; } +#define ENCRYPTION_STR "Encryption options\n" + DEFUN(cfg_net_encryption, cfg_net_encryption_cmd, "encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]", - "Encryption options\n" - "GSM A5 Air Interface Encryption." - " NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption," - " 3G encryption is enabled exactly when any 2G encryption is enabled." - " Hence configuring only A5/0 here switches off 3G encryption.\n" + ENCRYPTION_STR + "GSM A5 Air Interface Encryption.\n" "A5/n Algorithm Number\n" "A5/n Algorithm Number\n" "A5/n Algorithm Number\n" @@ -166,6 +165,45 @@ DEFUN(cfg_net_encryption, return CMD_SUCCESS; } +/* So far just a boolean switch, a future patch might add individual config for UEA1 and UEA2, see OS#4143 */ +DEFUN(cfg_net_encryption_uea, + cfg_net_encryption_uea_cmd, + "encryption uea <0-2> [<0-2>] [<0-2>]", + ENCRYPTION_STR + "UTRAN (3G) encryption algorithms to allow: 0 = UEA0 (no encryption), 1 = UEA1, 2 = UEA2." + " NOTE: the current implementation does not allow free choice of combining encryption algorithms yet." + " The only valid settings are either 'encryption uea 0' or 'encryption uea 1 2'.\n" + "UEAn Algorithm Number\n" + "UEAn Algorithm Number\n" + "UEAn Algorithm Number\n" + ) +{ + unsigned int i; + uint8_t mask = 0; + + for (i = 0; i < argc; i++) + mask |= (1 << atoi(argv[i])); + + if (mask == (1 << 0)) { + /* UEA0. Disable encryption. */ + gsmnet->uea_encryption = false; + } else if (mask == ((1 << 1) | (1 << 2))) { + /* UEA1 and UEA2. Enable encryption. */ + gsmnet->uea_encryption = true; + } else { + vty_out(vty, + "%% Error: the current implementation does not allow free choice of combining%s" + "%% encryption algorithms yet. The only valid settings are either%s" + "%% encryption uea 0%s" + "%% or%s" + "%% encryption uea 1 2%s", + VTY_NEWLINE, VTY_NEWLINE, VTY_NEWLINE, VTY_NEWLINE, VTY_NEWLINE); + return CMD_WARNING; + } + + return CMD_SUCCESS; +} + DEFUN(cfg_net_authentication, cfg_net_authentication_cmd, "authentication (optional|required)", @@ -308,6 +346,11 @@ static int config_write_net(struct vty *vty) vty_out(vty, " %u", i); } vty_out(vty, "%s", VTY_NEWLINE); + + if (!gsmnet->uea_encryption) + vty_out(vty, " encryption uea 0%s", VTY_NEWLINE); + else + vty_out(vty, " encryption uea 1 2%s", VTY_NEWLINE); vty_out(vty, " authentication %s%s", gsmnet->authentication_required ? "required" : "optional", VTY_NEWLINE); vty_out(vty, " rrlp mode %s%s", msc_rrlp_mode_name(gsmnet->rrlp.mode), @@ -1894,6 +1937,7 @@ void msc_vty_init(struct gsm_network *msc_network) install_element(GSMNET_NODE, &cfg_net_name_short_cmd); install_element(GSMNET_NODE, &cfg_net_name_long_cmd); install_element(GSMNET_NODE, &cfg_net_encryption_cmd); + install_element(GSMNET_NODE, &cfg_net_encryption_uea_cmd); install_element(GSMNET_NODE, &cfg_net_authentication_cmd); install_element(GSMNET_NODE, &cfg_net_rrlp_mode_cmd); install_element(GSMNET_NODE, &cfg_net_mm_info_cmd); |