do not force encryption on UTRAN

Remove the conditions that always enable encryption on UTRAN.

We so far lack an explicit configuration for UTRAN encryption, and this patch
does not add any either. Instead, whether UTRAN encryption is enabled is simply
triggered on whether GERAN has A5 encryption enabled (A5/n with n > 0). Though
GERAN and UTRAN encryption are not technically related at all, this makes UTRAN
behave like GERAN for now, until we implement a proper separate configuration
for UTRAN encryption.

Adjust the msc_vlr_test_* configuration by setting the net->a5_encryption_mask
such that the expected output remains unchanged. A subsequent patch
(I54227f1f08c38c0bf69b9c48924669c4829b04b9) will add more tests, particularly
cases of UTRAN without encryption.

Adjust manual and vty doc.

Related: OS#2783
Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7
This commit is contained in:
Neels Hofmeyr 2019-07-31 15:21:19 +02:00
parent 75bdbbf45d
commit a4d7a76816
7 changed files with 48 additions and 5 deletions

View File

@ -189,6 +189,10 @@ network
While authentication is always required on 3G, ciphering is optional.
So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim
solution, ciphering is always enabled on 3G.
solution, ciphering is enabled on 3G exactly when ciphering is enabled on 2G,
i.e. when any cipher other than A5/0 is enabled in the configuration. If only
A5/0 is configured, ciphering will be disabled on both 2G and 3G. The future
aim is to add comprehensive configuration for 3G ciphering that is independent
from the 2G setting.
OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G.

View File

@ -375,7 +375,7 @@ static int mm_rx_loc_upd_req(struct msc_a *msc_a, struct msgb *msg)
net->vlr, msc_a, vlr_lu_type, tmsi, imsi,
&old_lai, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
is_utran || net->a5_encryption_mask > 0x01,
net->a5_encryption_mask > 0x01,
lu->key_seq,
osmo_gsm48_classmark1_is_r99(&lu->classmark1),
is_utran,
@ -780,7 +780,7 @@ int gsm48_rx_mm_serv_req(struct msc_a *msc_a, struct msgb *msg)
req->cm_service_type,
mi-1, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
is_utran || net->a5_encryption_mask > 0x01,
net->a5_encryption_mask > 0x01,
req->cipher_key_seq,
osmo_gsm48_classmark2_is_r99(cm2, cm2_len),
is_utran);
@ -1152,7 +1152,7 @@ static int gsm48_rx_rr_pag_resp(struct msc_a *msc_a, struct msgb *msg)
net->vlr, msc_a,
VLR_PR_ARQ_T_PAGING_RESP, 0, mi_lv, &msc_a->via_cell.lai,
is_utran || net->authentication_required,
is_utran || net->a5_encryption_mask > 0x01,
net->a5_encryption_mask > 0x01,
pr->key_seq,
osmo_gsm48_classmark2_is_r99(cm2, classmark2_len),
is_utran);

View File

@ -148,7 +148,10 @@ DEFUN(cfg_net_encryption,
cfg_net_encryption_cmd,
"encryption a5 <0-3> [<0-3>] [<0-3>] [<0-3>]",
"Encryption options\n"
"GSM A5 Air Interface Encryption\n"
"GSM A5 Air Interface Encryption."
" NOTE: as long as OsmoMSC lacks distinct configuration for 3G encryption,"
" 3G encryption is enabled exactly when any 2G encryption is enabled."
" Hence configuring only A5/0 here switches off 3G encryption.\n"
"A5/n Algorithm Number\n"
"A5/n Algorithm Number\n"
"A5/n Algorithm Number\n"

View File

@ -266,6 +266,8 @@ static void _test_auth_reuse(enum osmo_rat_type via_ran,
static void test_auth_use_twice_geran()
{
comment_start();
/* A5/0 = no encryption */
net->a5_encryption_mask = A5_0;
_test_auth_reuse(OSMO_RAT_GERAN_A, 1, 1, true);
comment_end();
}
@ -273,6 +275,8 @@ static void test_auth_use_twice_geran()
static void test_auth_use_twice_utran()
{
comment_start();
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
net->a5_encryption_mask = A5_0_3;
_test_auth_reuse(OSMO_RAT_UTRAN_IU, 1, 1, true);
comment_end();
}
@ -280,6 +284,8 @@ static void test_auth_use_twice_utran()
static void test_auth_use_infinitely_geran()
{
comment_start();
/* A5/0 = no encryption */
net->a5_encryption_mask = A5_0;
_test_auth_reuse(OSMO_RAT_GERAN_A, -1, 3, false);
comment_end();
}
@ -287,6 +293,8 @@ static void test_auth_use_infinitely_geran()
static void test_auth_use_infinitely_utran()
{
comment_start();
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
net->a5_encryption_mask = A5_0_3;
_test_auth_reuse(OSMO_RAT_UTRAN_IU, -1, 3, false);
comment_end();
}
@ -294,6 +302,8 @@ static void test_auth_use_infinitely_utran()
static void test_no_auth_reuse_geran()
{
comment_start();
/* A5/0 = no encryption */
net->a5_encryption_mask = A5_0;
_test_auth_reuse(OSMO_RAT_GERAN_A, 0, 0, true);
comment_end();
}
@ -301,6 +311,8 @@ static void test_no_auth_reuse_geran()
static void test_no_auth_reuse_utran()
{
comment_start();
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
net->a5_encryption_mask = A5_0_3;
_test_auth_reuse(OSMO_RAT_UTRAN_IU, 0, 0, true);
comment_end();
}

View File

@ -46,6 +46,7 @@ static void standard_lu()
struct vlr_subscr *vsub;
net->authentication_required = true;
net->a5_encryption_mask = A5_0_3;
net->vlr->cfg.assign_tmsi = true;
rx_from_ran = OSMO_RAT_UTRAN_IU;

View File

@ -306,6 +306,8 @@ static void _test_umts_authen(enum osmo_rat_type via_ran)
static void test_umts_authen_geran()
{
comment_start();
/* A5/0 = no encryption */
net->a5_encryption_mask = A5_0;
_test_umts_authen(OSMO_RAT_GERAN_A);
comment_end();
}
@ -313,6 +315,8 @@ static void test_umts_authen_geran()
static void test_umts_authen_utran()
{
comment_start();
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
net->a5_encryption_mask = A5_0_3;
_test_umts_authen(OSMO_RAT_UTRAN_IU);
comment_end();
}
@ -544,6 +548,8 @@ static void _test_umts_authen_resync(enum osmo_rat_type via_ran)
static void test_umts_authen_resync_geran()
{
comment_start();
/* A5/0 = no encryption */
net->a5_encryption_mask = A5_0;
_test_umts_authen_resync(OSMO_RAT_GERAN_A);
comment_end();
}
@ -551,6 +557,8 @@ static void test_umts_authen_resync_geran()
static void test_umts_authen_resync_utran()
{
comment_start();
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
net->a5_encryption_mask = A5_0_3;
_test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
comment_end();
}
@ -644,6 +652,8 @@ static void _test_umts_authen_too_short_res(enum osmo_rat_type via_ran)
static void test_umts_authen_too_short_res_geran()
{
comment_start();
/* A5/0 = no encryption */
net->a5_encryption_mask = A5_0;
_test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
comment_end();
}
@ -651,6 +661,8 @@ static void test_umts_authen_too_short_res_geran()
static void test_umts_authen_too_short_res_utran()
{
comment_start();
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
net->a5_encryption_mask = A5_0_3;
_test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
comment_end();
}
@ -744,6 +756,8 @@ static void _test_umts_authen_too_long_res(enum osmo_rat_type via_ran)
static void test_umts_authen_too_long_res_geran()
{
comment_start();
/* A5/0 = no encryption */
net->a5_encryption_mask = A5_0;
_test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
comment_end();
}
@ -751,6 +765,8 @@ static void test_umts_authen_too_long_res_geran()
static void test_umts_authen_too_long_res_utran()
{
comment_start();
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
net->a5_encryption_mask = A5_0_3;
_test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
comment_end();
}
@ -849,6 +865,8 @@ static void _test_umts_authen_only_sres(enum osmo_rat_type via_ran)
static void test_umts_authen_only_sres_geran()
{
comment_start();
/* A5/0 = no encryption */
net->a5_encryption_mask = A5_0;
_test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
comment_end();
}
@ -856,6 +874,8 @@ static void test_umts_authen_only_sres_geran()
static void test_umts_authen_only_sres_utran()
{
comment_start();
/* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
net->a5_encryption_mask = A5_0_3;
_test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
comment_end();
}

View File

@ -32,6 +32,9 @@
#include <osmocom/msc/msc_a.h>
#include <osmocom/msc/mncc.h>
#define A5_0 (1 << 0)
#define A5_0_3 ((1 << 0) | (1 << 3))
extern bool _log_lines;
#define _log(fmt, args...) do { \
if (_log_lines) \