Accelerate3g5 -- neels


Implement Osmocom 3G support integrated with the new libvlr, so that standard USIMs with full UMTS AKA can be used with the 3G OsmoMSC.
This is actually a prerequisite for the accelerate3g5 contestants to be able to use their USIMs with the nano3G (without going into reprogramming it).



For various reasons, the previously integrated HLR functionality is currently being split from OsmoNITB, on the neels/vlr branch. UMTS AKA using the Milenage algorithm already works for 2G using that branch, but the sysmocom/iu branch still lacks this capability.

Rebase the sysmocom/iu branch onto the neels/vlr branch and resolve all conflicts. Test and verify that 3G works with the sysmoUSIM-SJS1 using Milenage authentication.

Related issues are: #1595 #1711 #1593 #1965

Work-in-progress is kept on the openbsc.git:neels/iu branch.
When done, this will become the new sysmocom/iu branch.


A first git rebase resulted in numerous conflicts. Starting to resolve...

Conflicts have been resolved, but of course the result doesn't compile.
Fixing all the errors, and will then need to test+debug, and also review all patches in detail.
Rate counters and the logging context are at least incomplete, probably more details and corner cases.
The merged branch compiled. Now the msc_vlr unit tests fail and there are probably still many other errors to resolve.

Errors fixed, all tests pass, including msc_vlr end-to-end tests.
Next up: actual tests with the nano3G, sysmoUSIMs and Galaxy phones.

The VLR needs to be extended to send CommonID and SecurityModeControl messages.
SecurityModeControl is also called 'integrity protection' ... but is it the same as the Ciphering Mode on GERAN?
If it is not the same, we need new states added to the VLR FSMs.

The rebased branch works!
The openbsc.git:sysmocom/iu branch now contains the libvlr and is capable of full UMTS authentication using OsmoHLR.

Polished (and squashed) up the vlr and 3G branches, and verified again that everything works.
I renamed the branches from neels/vlr to vlr_2G and sysmocom/iu to vlr_3G,
conveying a more official air. They mark the future of the Osmocom core network.


  • I thought that GERAN means exactly A-interface and UTRAN means Iu-interface. But there's also GERAN-over-Iu.
    RAN is the radio technology, so GERAN does mean 2G BTS, but A and Iu are just the interfaces that these can be controlled over.
    An MSC may employ an Iu interface to talk to both GERAN and UTRAN radio technology infrastructure.
    See the new enum ran_type: so far OsmoMSC will support RAN_UTRAN_IU. We hope to add RAN_GERAN_A soon. There are no plans in sight to add RAN_GERAN_IU.
    The traditional OsmoNITB is BSC and MSC welded together, so it's more like GERAN over Abis.
    GSM is the traditional name for 2G, GERAN means "GSM EDGE Radio Access Network", so it bascially is GSM + EDGE.
    UTRAN is the "Universal Terrestrial Radio Access Network" and basically means 3G, while the U lends itself to assuming it means UMTS, which I guess is not far from the truth.
    Wikipedia has nice articles and diagrams on these.
  • And I thought that UMTS means 3G means UTRAN, but UMTS is "just" the R99 (Release 1999) extension of the protocols.
    UMTS is used in 3G/UTRAN, yes, but for example UMTS Authentication can be negotiated over 2G networks. I know now because I implemented it for OsmoNITB.
    As soon as the MSC says it is R99 capable in the SI3 MSCR bit and the MS is operated with a USIM which "replies" that it is R99 capable in the Classmark IEs sent during Location Updating, CM Service Request and Paging requests, both sides can/will authenticate using UMTS mutual authentication -- another prerequisite of course is that the HLR has UMTS authentication keys stored for this USIM.
  • The VLR still contained some faults:
    • The VLR must not send a CM Service Accept when it also sent a SecurityModeControl / Ciphering Mode Command.
      A Ciphering is an implicit CM Service Accept and sending both confuses the MS.
    • The VLR must always do authentication as soon as is_utran == true.
  • sysmoUSIM-SJS1 will work only from SQN=32 onwards. (#1965-13)

This project is basically done.
Further code cleanup may or may not be documented here.

Files (0)

Updated by neels almost 7 years ago · 25 revisions

Add picture from clipboard (Maximum size: 48.8 MB)