Feature #2460
closedChange "encryption" VTY parameter to allow more than one cipher
100%
Description
Currently the "encryption" parameter lets define which cipher is allowed by MSC, but only one can be allowed at a given time: "encryption a5 (0|1|2|3)"
In AoIP protocol, however, the cipher is negotiated between MSC<->BSC (BSC interesected with BTS and MS capabilities). Once "Authentication Response" reaches MSC with correct challenge response, the MSC sends a "Cipher Mode Command" to the BSC with a bitmask stating the allowed ciphers.
As we currently only set 1 cipher in config, only 1 bit can be enabled at a time in the bitmask, and if that mode doesn't match the one required by BSC/BTS/MS, then BSC will send a Reject and the modem will fail to connect.
We should be able to specify "encryption" parameter either as a bitmask or a list instead of a plain integer, eg:
encryption a5 <0..7> [<0..7>] [<0..7>] [<0..7>] [<0..7>] [<0..7>] [<0..7>]
allowing
encryption a5 0 1 3
Files
Related issues
Updated by pespin over 6 years ago
- Related to Feature #2457: osmo-gsm-tester: add test case: validate "encryption" & "authentication" vty parameter added
Updated by pespin over 6 years ago
- Related to Feature #2461: Improve "encryption" VTY parameter added
Updated by laforge over 6 years ago
- Assignee set to 4368
makes a lot of sense to me.
At the same time, we also have to take into consideration the capabilities of the BTS.
So there is basically:- capability of the phone in classmark (interpreted by the MSC, I suppose?)
- capability of the BTS (BSC should know based on BTS atttributes [new] or implicitly by BTS model / version)
- policy on the BSC (which ones are administratively permitted or not)
- policy on the MSC (which ones are administratively permitted or not)
All in all, it's a bit like codec support/negotiation, but luckily only with one leg/phone at a time.
In terms of defaults, we should probably have 1+3 as "administratively permitted" unless the config file/vty states something else.
Updated by laforge over 6 years ago
- Status changed from New to In Progress
- Assignee changed from 4368 to laforge
Updated by laforge over 6 years ago
- Category changed from A interface (AoIP) to A interface (general)
Updated by laforge over 6 years ago
- File encryption.diff encryption.diff added
- Assignee changed from laforge to neels
- % Done changed from 0 to 80
Implemented in https://gerrit.osmocom.org/5559 and https://gerrit.osmocom.org/5560
Unit test still should be expanded to cover the new features.
Updated by neels over 6 years ago
added minor comments to the patches ... but I see that we might not want to merge before we have tests for it
Updated by laforge over 6 years ago
- Status changed from In Progress to Resolved
- Assignee changed from neels to laforge
- % Done changed from 80 to 100
patches merged, as they have been tested against the new test cases of https://gerrit.osmocom.org/6145