From a4d7a7681696723ce8128bc0f039a354d1f001ab Mon Sep 17 00:00:00 2001
From: Neels Hofmeyr <neels@hofmeyr.de>
Date: Wed, 31 Jul 2019 15:21:19 +0200
Subject: do not force encryption on UTRAN

Remove the conditions that always enable encryption on UTRAN.

We so far lack an explicit configuration for UTRAN encryption, and this patch
does not add any either. Instead, whether UTRAN encryption is enabled is simply
triggered on whether GERAN has A5 encryption enabled (A5/n with n > 0). Though
GERAN and UTRAN encryption are not technically related at all, this makes UTRAN
behave like GERAN for now, until we implement a proper separate configuration
for UTRAN encryption.

Adjust the msc_vlr_test_* configuration by setting the net->a5_encryption_mask
such that the expected output remains unchanged. A subsequent patch
(I54227f1f08c38c0bf69b9c48924669c4829b04b9) will add more tests, particularly
cases of UTRAN without encryption.

Adjust manual and vty doc.

Related: OS#2783
Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7
---
 src/libmsc/gsm_04_08.c | 6 +++---
 src/libmsc/msc_vty.c   | 5 ++++-
 2 files changed, 7 insertions(+), 4 deletions(-)

(limited to 'src/libmsc')

diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index ee317476c..cd37cff05 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -375,7 +375,7 @@ static int mm_rx_loc_upd_req(struct msc_a *msc_a, struct msgb *msg)
 				net->vlr, msc_a, vlr_lu_type, tmsi, imsi,
 				&old_lai, &msc_a->via_cell.lai,
 				is_utran || net->authentication_required,
-				is_utran || net->a5_encryption_mask > 0x01,
+				net->a5_encryption_mask > 0x01,
 				lu->key_seq,
 				osmo_gsm48_classmark1_is_r99(&lu->classmark1),
 				is_utran,
@@ -780,7 +780,7 @@ int gsm48_rx_mm_serv_req(struct msc_a *msc_a, struct msgb *msg)
 			 req->cm_service_type,
 			 mi-1, &msc_a->via_cell.lai,
 			 is_utran || net->authentication_required,
-			 is_utran || net->a5_encryption_mask > 0x01,
+			 net->a5_encryption_mask > 0x01,
 			 req->cipher_key_seq,
 			 osmo_gsm48_classmark2_is_r99(cm2, cm2_len),
 			 is_utran);
@@ -1152,7 +1152,7 @@ static int gsm48_rx_rr_pag_resp(struct msc_a *msc_a, struct msgb *msg)
 			 net->vlr, msc_a,
 			 VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai,
 			 is_utran || net->authentication_required,
-			 is_utran || net->a5_encryption_mask > 0x01,
+			 net->a5_encryption_mask > 0x01,
 			 pr->key_seq,
 			 osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),
 			 is_utran);
diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c
index 8ef48ff51..5bf970163 100644
--- a/src/libmsc/msc_vty.c
+++ b/src/libmsc/msc_vty.c
@@ -148,7 +148,10 @@ DEFUN(cfg_net_encryption,
       cfg_net_encryption_cmd,
       "encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]",
 	"Encryption options\n"
-	"GSM A5 Air Interface Encryption\n"
+	"GSM A5 Air Interface Encryption."
+	  " NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption,"
+	  " 3G encryption is enabled exactly when any 2G encryption is enabled."
+	  " Hence configuring only A5/0 here switches off 3G encryption.\n"
 	"A5/n Algorithm Number\n"
 	"A5/n Algorithm Number\n"
 	"A5/n Algorithm Number\n"
-- 
cgit v1.2.3