From a2d59c6e6efa1fa979aa5e1cd61a9eb21a775cb6 Mon Sep 17 00:00:00 2001
From: Stefan Sperling <ssperling@sysmocom.de>
Date: Tue, 18 Dec 2018 16:32:44 +0100
Subject: add three tests for CIPHER MODE COMPLETE without algo

Add three tests which exercise MSC behaviour when a CIPHER MODE
COMPLETE command lacks the optional chosenEncryptionAlgorithm IE.
Check for behaviour with A5/1, A5/3, and A5/1 + A5/3 configured
in the network, and expect the location update to succeed.

These tests pass on master, but they should somehow verify the
cipher the MSC ends up using. I am not quite sure how to do that.
Would inspecting the MSC's VTY be a reasonable approach? How
could his be done by code which runs on BSC_ConnectionHandler?

Change-Id: I1a2a126795c544613a7a87e238e1fc8c4e943885
Related: OS#2872
---
 msc/MSC_Tests.ttcn | 91 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 91 insertions(+)

(limited to 'msc/MSC_Tests.ttcn')

diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn
index 9524afbb..f6ab439e 100644
--- a/msc/MSC_Tests.ttcn
+++ b/msc/MSC_Tests.ttcn
@@ -3647,6 +3647,94 @@ testcase TC_lu_with_invalid_mcc_mnc() runs on MTC_CT {
 	vc_conn.done;
 }
 
+private function f_tc_cipher_complete_without_alg(charstring id, BSC_ConnHdlrPars pars, octetstring kc_support) runs on BSC_ConnHdlr {
+	pars.net.expect_auth := true;
+	pars.net.expect_ciph := true;
+	pars.net.kc_support := kc_support;
+	f_init_handler(pars);
+
+	g_pars.vec := f_gen_auth_vec_2g();
+
+	/* Can't use f_perform_lu() directly. Code below is based on it. */
+
+	/* tell GSUP dispatcher to send this IMSI to us */
+	f_create_gsup_expect(hex2str(g_pars.imsi));
+
+	/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
+	var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
+	f_cl3_or_initial_ue(l3_lu);
+
+	f_mm_auth();
+
+	var OCT1 a5_net := f_alg_mask_from_cm(g_pars.cm2);
+	var OCT1 a5_intersect := g_pars.net.kc_support and4b a5_net;
+	alt {
+	[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(a5_intersect, g_pars.vec.kc)) {
+		BSSAP.send(ts_BSSMAP_CipherModeComplAlg(omit));
+		}
+	[] BSSAP.receive(tr_BSSMAP_ClassmarkReq) {
+		BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
+		repeat;
+		}
+	[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(?, g_pars.vec.kc)) {
+		setverdict(fail, "Wrong ciphering algorithm mask in CiphModCmd");
+		mtc.stop;
+		}
+	[] BSSAP.receive {
+		setverdict(fail, "Unknown/unexpected BSSAP received");
+		mtc.stop;
+		}
+	}
+
+	/* TODO: Verify MSC is using the best cipher available! How? */
+
+	f_msc_lu_hlr();
+	f_accept_reject_lu();
+	f_expect_clear();
+	setverdict(pass);
+}
+
+/* A5/1 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
+private function f_tc_cipher_complete_1_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	f_tc_cipher_complete_without_alg(id, pars, '02'O /* A5/1 only */);
+}
+
+/* A5/3 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
+private function f_tc_cipher_complete_3_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	f_tc_cipher_complete_without_alg(id, pars, '08'O /* A5/3 only */);
+}
+
+/* A5/1 + A5/3 permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
+private function f_tc_cipher_complete_13_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	f_tc_cipher_complete_without_alg(id, pars, '0A'O /* A5/1 and A5/3 enabled */);
+}
+
+testcase TC_cipher_complete_1_without_cipher() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	f_vty_config(MSCVTY, "network", "encryption a5 1");
+
+	vc_conn := f_start_handler(refers(f_tc_cipher_complete_1_without_cipher), 53);
+	vc_conn.done;
+}
+
+testcase TC_cipher_complete_3_without_cipher() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	f_vty_config(MSCVTY, "network", "encryption a5 3");
+
+	vc_conn := f_start_handler(refers(f_tc_cipher_complete_3_without_cipher), 54);
+	vc_conn.done;
+}
+
+testcase TC_cipher_complete_13_without_cipher() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+	f_vty_config(MSCVTY, "network", "encryption a5 1 3");
+
+	vc_conn := f_start_handler(refers(f_tc_cipher_complete_13_without_cipher), 55);
+	vc_conn.done;
+}
 
 /* TODO (SMS):
    * different user data lengths
@@ -5316,6 +5404,9 @@ control {
 	execute( TC_lu_and_ss_session_timeout() );
 
 	execute( TC_cipher_complete_with_invalid_cipher() );
+	execute( TC_cipher_complete_1_without_cipher() );
+	execute( TC_cipher_complete_3_without_cipher() );
+	execute( TC_cipher_complete_13_without_cipher() );
 	execute( TC_lu_with_invalid_mcc_mnc() );
 
 	execute( TC_sgsap_reset() );
-- 
cgit v1.2.3