Change in osmo-msc[master]: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
laforge has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-msc/+/15175 ) Change subject: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests .. Patch Set 4: I don't actually think that this patch works. It never passses the ck to ranap_new_msg_sec_mod_cmd() and hence the air interface will always only use integrity protection and no encryption at all. -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b Gerrit-Change-Number: 15175 Gerrit-PatchSet: 4 Gerrit-Owner: neels Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria Gerrit-Reviewer: laforge Gerrit-Reviewer: neels Gerrit-Reviewer: pespin Gerrit-Comment-Date: Sat, 06 Feb 2021 15:10:34 + Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment
Change in ...osmo-msc[master]: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
neels has submitted this change and it was merged. ( https://gerrit.osmocom.org/c/osmo-msc/+/15175 ) Change subject: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests .. add 'encryption uea 1 2' cfg / fix ttcn3 iu tests Recently, the ability to run UTRAN without encryption was added, but the config for it was tied to the A5 GERAN encryption configuration. This affected osmo-msc's default behavior of Iu, breaking osmo-msc ttcn3 Iu tests: the ttcn3 test suite sets A5 to 0 (no encryption) but still expects Iu to enable air encryption. Fix this "regression". Add a separate vty config option for UEA encryption, even if it does not provide full granularity to select individual UEA algorithms yet. As a result, Iu default behavior remains to enable encryption regardless of the A5 config. UTRAN encryption can be disabled by the new cfg option "encryption uea 0" alone. Even though the new vty command already allows passing various combinations of the UEA algorithm numbers, only '0' and '1 2' are accepted as valid combinations, to reflect current osmo-msc capabilities. Revert most changes to the msc_vlr test suite in commit "do not force encryption on UTRAN" (I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7): use new net->iu_encryption instead of net->a5_encryption_mask. Adjust/add to test_nodes.vty transcript tests. Related: OS#4144 Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b --- M doc/manuals/chapters/net.adoc M include/osmocom/msc/gsm_data.h M src/libmsc/gsm_04_08.c M src/libmsc/msc_net_init.c M src/libmsc/msc_vty.c M tests/msc_vlr/msc_vlr_test_authen_reuse.c M tests/msc_vlr/msc_vlr_test_call.c M tests/msc_vlr/msc_vlr_test_umts_authen.c M tests/msc_vlr/msc_vlr_tests.h M tests/test_nodes.vty 10 files changed, 153 insertions(+), 62 deletions(-) Approvals: Jenkins Builder: Verified pespin: Looks good to me, but someone else must approve fixeria: Looks good to me, but someone else must approve laforge: Looks good to me, approved diff --git a/doc/manuals/chapters/net.adoc b/doc/manuals/chapters/net.adoc index 4bf34a3..6edb9ee 100644 --- a/doc/manuals/chapters/net.adoc +++ b/doc/manuals/chapters/net.adoc @@ -188,11 +188,22 @@ While authentication is always required on 3G, ciphering is optional. -So far OsmoMSC lacks explicit configuration for ciphering on 3G. As an interim -solution, ciphering is enabled on 3G exactly when ciphering is enabled on 2G, -i.e. when any cipher other than A5/0 is enabled in the configuration. If only -A5/0 is configured, ciphering will be disabled on both 2G and 3G. The future -aim is to add comprehensive configuration for 3G ciphering that is independent -from the 2G setting. +So far OsmoMSC allows switching ciphering on 3G either on or off -- the default +behavior is to enable ciphering. (Individual choice of algorithms may be added +in the future.) + +Disable 3G ciphering: + + +network + encryption uea 0 + + +Enable 3G ciphering (default): + + +network + encryption uea 1 2 + OsmoMSC indicates UEA1 and UEA2 as permitted encryption algorithms on 3G. diff --git a/include/osmocom/msc/gsm_data.h b/include/osmocom/msc/gsm_data.h index e926b3f..a90b732 100644 --- a/include/osmocom/msc/gsm_data.h +++ b/include/osmocom/msc/gsm_data.h @@ -149,6 +149,11 @@ bool authentication_required; int send_mm_info; + /* Whether to use encryption on UTRAN. +* TODO: we should offer a choice of UEA1 and/or UEA2, and probably replace this bool with a bit-mask of +* permitted Iu encryption algorithms. See also OS#4143 and the 'encryption uea' vty command. */ + bool uea_encryption; + struct rate_ctr_group *msc_ctrs; struct osmo_stat_item_group *statg; diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c index cd37cff..086116f 100644 --- a/src/libmsc/gsm_04_08.c +++ b/src/libmsc/gsm_04_08.c @@ -375,7 +375,7 @@ net->vlr, msc_a, vlr_lu_type, tmsi, imsi, &old_lai, &msc_a->via_cell.lai, is_utran || net->authentication_required, - net->a5_encryption_mask > 0x01, + is_utran ? net->uea_encryption : net->a5_encryption_mask > 0x01, lu->key_seq, osmo_gsm48_classmark1_is_r99(&lu->classmark1), is_utran, @@ -780,7 +780,7 @@ req->cm_service_type, mi-1, &msc_a->via_cell.lai, is_utran || net->authentication_required, -net->a5_encryption_mask > 0x01, +is_utran ? net->uea_encryption : net->a5_encryption_mask > 0x01, req->cipher_key_seq, osmo_gsm48_classmark2_is_r99(cm2, cm2_len), is_utran); @@ -1152,7 +1152,7 @@
Change in ...osmo-msc[master]: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
neels has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-msc/+/15175 ) Change subject: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests .. Patch Set 4: (1 comment) https://gerrit.osmocom.org/#/c/15175/4/src/libmsc/msc_vty.c File src/libmsc/msc_vty.c: https://gerrit.osmocom.org/#/c/15175/4/src/libmsc/msc_vty.c@152 PS4, Line 152: > Cosmetic: alignment. yes I know. Am keeping the previous alignment, decided to not fix it here. -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b Gerrit-Change-Number: 15175 Gerrit-PatchSet: 4 Gerrit-Owner: neels Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria Gerrit-Reviewer: laforge Gerrit-Reviewer: neels Gerrit-Reviewer: pespin Gerrit-Comment-Date: Wed, 14 Aug 2019 14:35:23 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: fixeria Gerrit-MessageType: comment
Change in ...osmo-msc[master]: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
laforge has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-msc/+/15175 ) Change subject: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests .. Patch Set 4: Code-Review+2 -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b Gerrit-Change-Number: 15175 Gerrit-PatchSet: 4 Gerrit-Owner: neels Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria Gerrit-Reviewer: laforge Gerrit-Reviewer: neels Gerrit-Reviewer: pespin Gerrit-Comment-Date: Wed, 14 Aug 2019 11:11:27 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
Change in ...osmo-msc[master]: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
fixeria has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-msc/+/15175 ) Change subject: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests .. Patch Set 4: Code-Review+1 (1 comment) https://gerrit.osmocom.org/#/c/15175/4/src/libmsc/msc_vty.c File src/libmsc/msc_vty.c: https://gerrit.osmocom.org/#/c/15175/4/src/libmsc/msc_vty.c@152 PS4, Line 152: Cosmetic: alignment. -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b Gerrit-Change-Number: 15175 Gerrit-PatchSet: 4 Gerrit-Owner: neels Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria Gerrit-Reviewer: neels Gerrit-Reviewer: pespin Gerrit-Comment-Date: Wed, 14 Aug 2019 10:01:51 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
Change in ...osmo-msc[master]: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
pespin has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-msc/+/15175 ) Change subject: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests .. Patch Set 4: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b Gerrit-Change-Number: 15175 Gerrit-PatchSet: 4 Gerrit-Owner: neels Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: neels Gerrit-Reviewer: pespin Gerrit-Comment-Date: Wed, 14 Aug 2019 09:06:38 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
Change in ...osmo-msc[master]: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
Hello Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 to look at the new patch set (#4). Change subject: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests .. add 'encryption uea 1 2' cfg / fix ttcn3 iu tests Recently, the ability to run UTRAN without encryption was added, but the config for it was tied to the A5 GERAN encryption configuration. This affected osmo-msc's default behavior of Iu, breaking osmo-msc ttcn3 Iu tests: the ttcn3 test suite sets A5 to 0 (no encryption) but still expects Iu to enable air encryption. Fix this "regression". Add a separate vty config option for UEA encryption, even if it does not provide full granularity to select individual UEA algorithms yet. As a result, Iu default behavior remains to enable encryption regardless of the A5 config. UTRAN encryption can be disabled by the new cfg option "encryption uea 0" alone. Even though the new vty command already allows passing various combinations of the UEA algorithm numbers, only '0' and '1 2' are accepted as valid combinations, to reflect current osmo-msc capabilities. Revert most changes to the msc_vlr test suite in commit "do not force encryption on UTRAN" (I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7): use new net->iu_encryption instead of net->a5_encryption_mask. Adjust/add to test_nodes.vty transcript tests. Related: OS#4144 Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b --- M doc/manuals/chapters/net.adoc M include/osmocom/msc/gsm_data.h M src/libmsc/gsm_04_08.c M src/libmsc/msc_net_init.c M src/libmsc/msc_vty.c M tests/msc_vlr/msc_vlr_test_authen_reuse.c M tests/msc_vlr/msc_vlr_test_call.c M tests/msc_vlr/msc_vlr_test_umts_authen.c M tests/msc_vlr/msc_vlr_tests.h M tests/test_nodes.vty 10 files changed, 153 insertions(+), 62 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/75/15175/4 -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b Gerrit-Change-Number: 15175 Gerrit-PatchSet: 4 Gerrit-Owner: neels Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: neels Gerrit-MessageType: newpatchset
Change in ...osmo-msc[master]: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
Hello Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 to look at the new patch set (#3). Change subject: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests .. add 'encryption uea 1 2' cfg / fix ttcn3 iu tests Recently, the ability to run UTRAN without encryption was added, but the config for it was tied to the A5 GERAN encryption configuration. This affected osmo-msc's default behavior of Iu, breaking osmo-msc ttcn3 Iu tests: the ttcn3 test suite sets A5 to 0 (no encryption) but still expects Iu to enable air encryption. Fix this "regression". Add a separate vty config option for UEA encryption, even if it does not provide full granularity to select individual UEA algorithms yet. As a result, Iu default behavior remains to enable encryption regardless of the A5 config. UTRAN encryption can be disabled by the new cfg option "encryption uea 0" alone. Even though the new vty command already allows passing various combinations of the UEA algorithm numbers, only '0' and '1 2' are accepted as valid combinations, to reflect current osmo-msc capabilities. Revert most changes to the msc_vlr test suite in commit "do not force encryption on UTRAN" (I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7): use new net->iu_encryption instead of net->a5_encryption_mask. Adjust/add to test_nodes.vty transcript tests. Related: OS#4144 Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b --- M doc/manuals/chapters/net.adoc M include/osmocom/msc/gsm_data.h M src/libmsc/gsm_04_08.c M src/libmsc/msc_net_init.c M src/libmsc/msc_vty.c M tests/msc_vlr/msc_vlr_test_authen_reuse.c M tests/msc_vlr/msc_vlr_test_call.c M tests/msc_vlr/msc_vlr_test_umts_authen.c M tests/msc_vlr/msc_vlr_tests.h M tests/test_nodes.vty 10 files changed, 141 insertions(+), 62 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/75/15175/3 -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b Gerrit-Change-Number: 15175 Gerrit-PatchSet: 3 Gerrit-Owner: neels Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: neels Gerrit-MessageType: newpatchset
Change in ...osmo-msc[master]: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests
neels has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-msc/+/15175 ) Change subject: add 'encryption uea 1 2' cfg / fix ttcn3 iu tests .. Patch Set 2: This change is ready for review. -- To view, visit https://gerrit.osmocom.org/c/osmo-msc/+/15175 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b Gerrit-Change-Number: 15175 Gerrit-PatchSet: 2 Gerrit-Owner: neels Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: neels Gerrit-Comment-Date: Tue, 13 Aug 2019 21:28:35 + Gerrit-HasComments: No Gerrit-Has-Labels: No Gerrit-MessageType: comment