do not force encryption on UTRAN
Remove the conditions that always enable encryption on UTRAN. We so far lack an explicit configuration for UTRAN encryption, and this patch does not add any either. Instead, whether UTRAN encryption is enabled is simply triggered on whether GERAN has A5 encryption enabled (A5/n with n > 0). Though GERAN and UTRAN encryption are not technically related at all, this makes UTRAN behave like GERAN for now, until we implement a proper separate configuration for UTRAN encryption. Adjust the msc_vlr_test_* configuration by setting the net->a5_encryption_mask such that the expected output remains unchanged. A subsequent patch (I54227f1f08c38c0bf69b9c48924669c4829b04b9) will add more tests, particularly cases of UTRAN without encryption. Adjust manual and vty doc. Related: OS#2783 Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7
This commit is contained in:
parent
75bdbbf45d
commit
a4d7a76816
|
@ -189,6 +189,10 @@ network
|
||||||
While authentication is always required on 3G, ciphering is optional.
|
While authentication is always required on 3G, ciphering is optional.
|
||||||
|
|
||||||
So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim
|
So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim
|
||||||
solution, ciphering is always enabled on 3G.
|
solution, ciphering is enabled on 3G exactly when ciphering is enabled on 2G,
|
||||||
|
i.e. when any cipher other than A5/0 is enabled in the configuration. If only
|
||||||
|
A5/0 is configured, ciphering will be disabled on both 2G and 3G. The future
|
||||||
|
aim is to add comprehensive configuration for 3G ciphering that is independent
|
||||||
|
from the 2G setting.
|
||||||
|
|
||||||
OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G.
|
OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G.
|
||||||
|
|
|
@ -375,7 +375,7 @@ static int mm_rx_loc_upd_req(struct msc_a *msc_a, struct msgb *msg)
|
||||||
net->vlr, msc_a, vlr_lu_type, tmsi, imsi,
|
net->vlr, msc_a, vlr_lu_type, tmsi, imsi,
|
||||||
&old_lai, &msc_a->via_cell.lai,
|
&old_lai, &msc_a->via_cell.lai,
|
||||||
is_utran || net->authentication_required,
|
is_utran || net->authentication_required,
|
||||||
is_utran || net->a5_encryption_mask > 0x01,
|
net->a5_encryption_mask > 0x01,
|
||||||
lu->key_seq,
|
lu->key_seq,
|
||||||
osmo_gsm48_classmark1_is_r99(&lu->classmark1),
|
osmo_gsm48_classmark1_is_r99(&lu->classmark1),
|
||||||
is_utran,
|
is_utran,
|
||||||
|
@ -780,7 +780,7 @@ int gsm48_rx_mm_serv_req(struct msc_a *msc_a, struct msgb *msg)
|
||||||
req->cm_service_type,
|
req->cm_service_type,
|
||||||
mi-1, &msc_a->via_cell.lai,
|
mi-1, &msc_a->via_cell.lai,
|
||||||
is_utran || net->authentication_required,
|
is_utran || net->authentication_required,
|
||||||
is_utran || net->a5_encryption_mask > 0x01,
|
net->a5_encryption_mask > 0x01,
|
||||||
req->cipher_key_seq,
|
req->cipher_key_seq,
|
||||||
osmo_gsm48_classmark2_is_r99(cm2, cm2_len),
|
osmo_gsm48_classmark2_is_r99(cm2, cm2_len),
|
||||||
is_utran);
|
is_utran);
|
||||||
|
@ -1152,7 +1152,7 @@ static int gsm48_rx_rr_pag_resp(struct msc_a *msc_a, struct msgb *msg)
|
||||||
net->vlr, msc_a,
|
net->vlr, msc_a,
|
||||||
VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai,
|
VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai,
|
||||||
is_utran || net->authentication_required,
|
is_utran || net->authentication_required,
|
||||||
is_utran || net->a5_encryption_mask > 0x01,
|
net->a5_encryption_mask > 0x01,
|
||||||
pr->key_seq,
|
pr->key_seq,
|
||||||
osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),
|
osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),
|
||||||
is_utran);
|
is_utran);
|
||||||
|
|
|
@ -148,7 +148,10 @@ DEFUN(cfg_net_encryption,
|
||||||
cfg_net_encryption_cmd,
|
cfg_net_encryption_cmd,
|
||||||
"encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]",
|
"encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]",
|
||||||
"Encryption options\n"
|
"Encryption options\n"
|
||||||
"GSM A5 Air Interface Encryption\n"
|
"GSM A5 Air Interface Encryption."
|
||||||
|
" NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption,"
|
||||||
|
" 3G encryption is enabled exactly when any 2G encryption is enabled."
|
||||||
|
" Hence configuring only A5/0 here switches off 3G encryption.\n"
|
||||||
"A5/n Algorithm Number\n"
|
"A5/n Algorithm Number\n"
|
||||||
"A5/n Algorithm Number\n"
|
"A5/n Algorithm Number\n"
|
||||||
"A5/n Algorithm Number\n"
|
"A5/n Algorithm Number\n"
|
||||||
|
|
|
@ -266,6 +266,8 @@ static void _test_auth_reuse(enum osmo_rat_type via_ran,
|
||||||
static void test_auth_use_twice_geran()
|
static void test_auth_use_twice_geran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 = no encryption */
|
||||||
|
net->a5_encryption_mask = A5_0;
|
||||||
_test_auth_reuse(OSMO_RAT_GERAN_A, 1, 1, true);
|
_test_auth_reuse(OSMO_RAT_GERAN_A, 1, 1, true);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -273,6 +275,8 @@ static void test_auth_use_twice_geran()
|
||||||
static void test_auth_use_twice_utran()
|
static void test_auth_use_twice_utran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
|
||||||
|
net->a5_encryption_mask = A5_0_3;
|
||||||
_test_auth_reuse(OSMO_RAT_UTRAN_IU, 1, 1, true);
|
_test_auth_reuse(OSMO_RAT_UTRAN_IU, 1, 1, true);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -280,6 +284,8 @@ static void test_auth_use_twice_utran()
|
||||||
static void test_auth_use_infinitely_geran()
|
static void test_auth_use_infinitely_geran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 = no encryption */
|
||||||
|
net->a5_encryption_mask = A5_0;
|
||||||
_test_auth_reuse(OSMO_RAT_GERAN_A, -1, 3, false);
|
_test_auth_reuse(OSMO_RAT_GERAN_A, -1, 3, false);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -287,6 +293,8 @@ static void test_auth_use_infinitely_geran()
|
||||||
static void test_auth_use_infinitely_utran()
|
static void test_auth_use_infinitely_utran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
|
||||||
|
net->a5_encryption_mask = A5_0_3;
|
||||||
_test_auth_reuse(OSMO_RAT_UTRAN_IU, -1, 3, false);
|
_test_auth_reuse(OSMO_RAT_UTRAN_IU, -1, 3, false);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -294,6 +302,8 @@ static void test_auth_use_infinitely_utran()
|
||||||
static void test_no_auth_reuse_geran()
|
static void test_no_auth_reuse_geran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 = no encryption */
|
||||||
|
net->a5_encryption_mask = A5_0;
|
||||||
_test_auth_reuse(OSMO_RAT_GERAN_A, 0, 0, true);
|
_test_auth_reuse(OSMO_RAT_GERAN_A, 0, 0, true);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -301,6 +311,8 @@ static void test_no_auth_reuse_geran()
|
||||||
static void test_no_auth_reuse_utran()
|
static void test_no_auth_reuse_utran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
|
||||||
|
net->a5_encryption_mask = A5_0_3;
|
||||||
_test_auth_reuse(OSMO_RAT_UTRAN_IU, 0, 0, true);
|
_test_auth_reuse(OSMO_RAT_UTRAN_IU, 0, 0, true);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,6 +46,7 @@ static void standard_lu()
|
||||||
struct vlr_subscr *vsub;
|
struct vlr_subscr *vsub;
|
||||||
|
|
||||||
net->authentication_required = true;
|
net->authentication_required = true;
|
||||||
|
net->a5_encryption_mask = A5_0_3;
|
||||||
net->vlr->cfg.assign_tmsi = true;
|
net->vlr->cfg.assign_tmsi = true;
|
||||||
rx_from_ran = OSMO_RAT_UTRAN_IU;
|
rx_from_ran = OSMO_RAT_UTRAN_IU;
|
||||||
|
|
||||||
|
|
|
@ -306,6 +306,8 @@ static void _test_umts_authen(enum osmo_rat_type via_ran)
|
||||||
static void test_umts_authen_geran()
|
static void test_umts_authen_geran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 = no encryption */
|
||||||
|
net->a5_encryption_mask = A5_0;
|
||||||
_test_umts_authen(OSMO_RAT_GERAN_A);
|
_test_umts_authen(OSMO_RAT_GERAN_A);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -313,6 +315,8 @@ static void test_umts_authen_geran()
|
||||||
static void test_umts_authen_utran()
|
static void test_umts_authen_utran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
|
||||||
|
net->a5_encryption_mask = A5_0_3;
|
||||||
_test_umts_authen(OSMO_RAT_UTRAN_IU);
|
_test_umts_authen(OSMO_RAT_UTRAN_IU);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -544,6 +548,8 @@ static void _test_umts_authen_resync(enum osmo_rat_type via_ran)
|
||||||
static void test_umts_authen_resync_geran()
|
static void test_umts_authen_resync_geran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 = no encryption */
|
||||||
|
net->a5_encryption_mask = A5_0;
|
||||||
_test_umts_authen_resync(OSMO_RAT_GERAN_A);
|
_test_umts_authen_resync(OSMO_RAT_GERAN_A);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -551,6 +557,8 @@ static void test_umts_authen_resync_geran()
|
||||||
static void test_umts_authen_resync_utran()
|
static void test_umts_authen_resync_utran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
|
||||||
|
net->a5_encryption_mask = A5_0_3;
|
||||||
_test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
|
_test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -644,6 +652,8 @@ static void _test_umts_authen_too_short_res(enum osmo_rat_type via_ran)
|
||||||
static void test_umts_authen_too_short_res_geran()
|
static void test_umts_authen_too_short_res_geran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 = no encryption */
|
||||||
|
net->a5_encryption_mask = A5_0;
|
||||||
_test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
|
_test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -651,6 +661,8 @@ static void test_umts_authen_too_short_res_geran()
|
||||||
static void test_umts_authen_too_short_res_utran()
|
static void test_umts_authen_too_short_res_utran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
|
||||||
|
net->a5_encryption_mask = A5_0_3;
|
||||||
_test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
|
_test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -744,6 +756,8 @@ static void _test_umts_authen_too_long_res(enum osmo_rat_type via_ran)
|
||||||
static void test_umts_authen_too_long_res_geran()
|
static void test_umts_authen_too_long_res_geran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 = no encryption */
|
||||||
|
net->a5_encryption_mask = A5_0;
|
||||||
_test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
|
_test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -751,6 +765,8 @@ static void test_umts_authen_too_long_res_geran()
|
||||||
static void test_umts_authen_too_long_res_utran()
|
static void test_umts_authen_too_long_res_utran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
|
||||||
|
net->a5_encryption_mask = A5_0_3;
|
||||||
_test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
|
_test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -849,6 +865,8 @@ static void _test_umts_authen_only_sres(enum osmo_rat_type via_ran)
|
||||||
static void test_umts_authen_only_sres_geran()
|
static void test_umts_authen_only_sres_geran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 = no encryption */
|
||||||
|
net->a5_encryption_mask = A5_0;
|
||||||
_test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
|
_test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
@ -856,6 +874,8 @@ static void test_umts_authen_only_sres_geran()
|
||||||
static void test_umts_authen_only_sres_utran()
|
static void test_umts_authen_only_sres_utran()
|
||||||
{
|
{
|
||||||
comment_start();
|
comment_start();
|
||||||
|
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
|
||||||
|
net->a5_encryption_mask = A5_0_3;
|
||||||
_test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
|
_test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
|
||||||
comment_end();
|
comment_end();
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,6 +32,9 @@
|
||||||
#include <osmocom/msc/msc_a.h>
|
#include <osmocom/msc/msc_a.h>
|
||||||
#include <osmocom/msc/mncc.h>
|
#include <osmocom/msc/mncc.h>
|
||||||
|
|
||||||
|
#define A5_0 (1 << 0)
|
||||||
|
#define A5_0_3 ((1 << 0) | (1 << 3))
|
||||||
|
|
||||||
extern bool _log_lines;
|
extern bool _log_lines;
|
||||||
#define _log(fmt, args...) do { \
|
#define _log(fmt, args...) do { \
|
||||||
if (_log_lines) \
|
if (_log_lines) \
|
||||||
|
|
Loading…
Reference in New Issue