Project

General

Profile

Actions

Bug #4975

closed

A5/2 is preferrerd over A5/1, despite its lower security!

Added by laforge about 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
01/25/2021
Due date:
% Done:

100%

Spec Reference:

Description

Looking at select_best_cipher() in source:src/osmo-bsc/osmo_bsc_bssap.c it seems that OsmoBSC simlpy assumes that a higher integer number x of A5/x is always superior to a lower number.

This is wrong, as A5/2 is worse then A5/1. So in general, higher value of 'x' is good, with the excception of '1' and '2' being swapped.


Checklist

  • fix C code implementation
  • add test case for cipher selection
Actions #1

Updated by laforge about 3 years ago

  • Subject changed from A5/2 is to A5/2 is preferrerd over A5/1, despite its lower security!
Actions #2

Updated by laforge about 3 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 90
Actions #3

Updated by laforge about 3 years ago

  • Checklist item fix C code implementation added
  • Checklist item add test case for cipher selection added
Actions #4

Updated by laforge about 3 years ago

  • Checklist item fix C code implementation set to Done
  • Status changed from In Progress to Stalled
  • Assignee changed from laforge to osmith
  • Priority changed from High to Normal

osmith, would you think you could take over imlpementing a TTCN3 test case for this? The idea is to have a VTY config permitting at least A5/1 and A5/2, in combination with a simulated MS (classmark bits) that advertises A5/1 + A5/2, and then verify that the actual cipher chosen by OsmoBSC (in the CIPHER MODE COMMAND towards the simulated MS) is A5/1, and not A5/2.

As the patch is merged, I would expect osmo-bsc-master to pass, and osmo-bsc-latest to fail that new test in BSC_Tests.ttcn

If you thin you're too unfamiliar with the BSC_Tests.ttcn, feel free to ask for help, or assign back to me.

Actions #5

Updated by osmith about 3 years ago

laforge wrote:

osmith, would you think you could take over imlpementing a TTCN3 test case for this? The idea is to have a VTY config permitting at least A5/1 and A5/2, in combination with a simulated MS (classmark bits) that advertises A5/1 + A5/2, and then verify that the actual cipher chosen by OsmoBSC (in the CIPHER MODE COMMAND towards the simulated MS) is A5/1, and not A5/2.

As the patch is merged, I would expect osmo-bsc-master to pass, and osmo-bsc-latest to fail that new test in BSC_Tests.ttcn

It sounds feasible, I'll give it a try once some other issues are completed.

If you thin you're too unfamiliar with the BSC_Tests.ttcn, feel free to ask for help, or assign back to me.

Will do.

Actions #6

Updated by laforge over 2 years ago

ping? it's been 5 months

Actions #7

Updated by osmith over 2 years ago

  • Checklist item add test case for cipher selection set to Done
  • Status changed from Stalled to In Progress

Sorry for the delay. Patches submitted: https://gerrit.osmocom.org/q/topic:a5-2-test

Actions #8

Updated by osmith over 2 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100
Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)