summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--library/BSSMAP_Templates.ttcn13
-rw-r--r--msc/BSC_ConnectionHandler.ttcn16
-rw-r--r--msc/MSC_Tests.cfg3
-rw-r--r--msc/MSC_Tests.ttcn91
4 files changed, 120 insertions, 3 deletions
diff --git a/library/BSSMAP_Templates.ttcn b/library/BSSMAP_Templates.ttcn
index b7230cd..02c84e2 100644
--- a/library/BSSMAP_Templates.ttcn
+++ b/library/BSSMAP_Templates.ttcn
@@ -1174,6 +1174,19 @@ modifies ts_BSSAP_BSSMAP := {
}
}
+template PDU_BSSAP ts_BSSMAP_CipherModeComplAlg(template BSSMAP_IE_ChosenEncryptionAlgorithm chosenEncryptionAlgorithm := ?)
+modifies ts_BSSAP_BSSMAP := {
+ pdu := {
+ bssmap := {
+ cipherModeComplete := {
+ messageType := '55'O,
+ layer3MessageContents := omit,
+ chosenEncryptionAlgorithm := chosenEncryptionAlgorithm
+ }
+ }
+ }
+}
+
template PDU_BSSAP tr_BSSMAP_CipherModeCompl(template OCT1 alg := ?) modifies tr_BSSAP_BSSMAP := {
pdu := {
bssmap := {
diff --git a/msc/BSC_ConnectionHandler.ttcn b/msc/BSC_ConnectionHandler.ttcn
index 93a311e..796b0ce 100644
--- a/msc/BSC_ConnectionHandler.ttcn
+++ b/msc/BSC_ConnectionHandler.ttcn
@@ -494,12 +494,25 @@ runs on BSC_ConnHdlr {
}
f_mm_common();
+ f_msc_lu_hlr();
+ f_accept_reject_lu();
+ /* FIXME: there could be pending SMS or other common procedures by the MSC, let's ignore them */
+ f_expect_clear();
+
+ setverdict(pass);
+}
+function f_msc_lu_hlr() runs on BSC_ConnHdlr
+{
/* Expect MSC to perform LU with HLR */
GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn));
GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi));
GSUP.send(ts_GSUP_UL_RES(g_pars.imsi));
+}
+
+function f_accept_reject_lu() runs on BSC_ConnHdlr {
+ var PDU_DTAP_MT dtap_mt;
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) -> value dtap_mt {
@@ -529,9 +542,6 @@ runs on BSC_ConnHdlr {
/* Wait for MM-Information (if enabled) */
f_expect_mm_info();
-
- /* FIXME: there could be pending SMS or other common procedures by the MSC, let's ignore them */
- f_expect_clear();
setverdict(pass);
}
diff --git a/msc/MSC_Tests.cfg b/msc/MSC_Tests.cfg
index b412889..b852bac 100644
--- a/msc/MSC_Tests.cfg
+++ b/msc/MSC_Tests.cfg
@@ -61,3 +61,6 @@ MSC_Tests.control
#MSC_Tests.TC_reset_two
#MSC_Tests.TC_lu_and_mt_call
#MSC_Tests.TC_cipher_complete_with_invalid_cipher
+#MSC_Tests.TC_cipher_complete_1_without_cipher
+#MSC_Tests.TC_cipher_complete_3_without_cipher
+#MSC_Tests.TC_cipher_complete_13_without_cipher
diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn
index 9524afb..f6ab439 100644
--- a/msc/MSC_Tests.ttcn
+++ b/msc/MSC_Tests.ttcn
@@ -3647,6 +3647,94 @@ testcase TC_lu_with_invalid_mcc_mnc() runs on MTC_CT {
vc_conn.done;
}
+private function f_tc_cipher_complete_without_alg(charstring id, BSC_ConnHdlrPars pars, octetstring kc_support) runs on BSC_ConnHdlr {
+ pars.net.expect_auth := true;
+ pars.net.expect_ciph := true;
+ pars.net.kc_support := kc_support;
+ f_init_handler(pars);
+
+ g_pars.vec := f_gen_auth_vec_2g();
+
+ /* Can't use f_perform_lu() directly. Code below is based on it. */
+
+ /* tell GSUP dispatcher to send this IMSI to us */
+ f_create_gsup_expect(hex2str(g_pars.imsi));
+
+ /* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
+ var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
+ f_cl3_or_initial_ue(l3_lu);
+
+ f_mm_auth();
+
+ var OCT1 a5_net := f_alg_mask_from_cm(g_pars.cm2);
+ var OCT1 a5_intersect := g_pars.net.kc_support and4b a5_net;
+ alt {
+ [] BSSAP.receive(tr_BSSMAP_CipherModeCmd(a5_intersect, g_pars.vec.kc)) {
+ BSSAP.send(ts_BSSMAP_CipherModeComplAlg(omit));
+ }
+ [] BSSAP.receive(tr_BSSMAP_ClassmarkReq) {
+ BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
+ repeat;
+ }
+ [] BSSAP.receive(tr_BSSMAP_CipherModeCmd(?, g_pars.vec.kc)) {
+ setverdict(fail, "Wrong ciphering algorithm mask in CiphModCmd");
+ mtc.stop;
+ }
+ [] BSSAP.receive {
+ setverdict(fail, "Unknown/unexpected BSSAP received");
+ mtc.stop;
+ }
+ }
+
+ /* TODO: Verify MSC is using the best cipher available! How? */
+
+ f_msc_lu_hlr();
+ f_accept_reject_lu();
+ f_expect_clear();
+ setverdict(pass);
+}
+
+/* A5/1 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
+private function f_tc_cipher_complete_1_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+ f_tc_cipher_complete_without_alg(id, pars, '02'O /* A5/1 only */);
+}
+
+/* A5/3 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
+private function f_tc_cipher_complete_3_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+ f_tc_cipher_complete_without_alg(id, pars, '08'O /* A5/3 only */);
+}
+
+/* A5/1 + A5/3 permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
+private function f_tc_cipher_complete_13_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+ f_tc_cipher_complete_without_alg(id, pars, '0A'O /* A5/1 and A5/3 enabled */);
+}
+
+testcase TC_cipher_complete_1_without_cipher() runs on MTC_CT {
+ var BSC_ConnHdlr vc_conn;
+ f_init();
+ f_vty_config(MSCVTY, "network", "encryption a5 1");
+
+ vc_conn := f_start_handler(refers(f_tc_cipher_complete_1_without_cipher), 53);
+ vc_conn.done;
+}
+
+testcase TC_cipher_complete_3_without_cipher() runs on MTC_CT {
+ var BSC_ConnHdlr vc_conn;
+ f_init();
+ f_vty_config(MSCVTY, "network", "encryption a5 3");
+
+ vc_conn := f_start_handler(refers(f_tc_cipher_complete_3_without_cipher), 54);
+ vc_conn.done;
+}
+
+testcase TC_cipher_complete_13_without_cipher() runs on MTC_CT {
+ var BSC_ConnHdlr vc_conn;
+ f_init();
+ f_vty_config(MSCVTY, "network", "encryption a5 1 3");
+
+ vc_conn := f_start_handler(refers(f_tc_cipher_complete_13_without_cipher), 55);
+ vc_conn.done;
+}
/* TODO (SMS):
* different user data lengths
@@ -5316,6 +5404,9 @@ control {
execute( TC_lu_and_ss_session_timeout() );
execute( TC_cipher_complete_with_invalid_cipher() );
+ execute( TC_cipher_complete_1_without_cipher() );
+ execute( TC_cipher_complete_3_without_cipher() );
+ execute( TC_cipher_complete_13_without_cipher() );
execute( TC_lu_with_invalid_mcc_mnc() );
execute( TC_sgsap_reset() );