Bug #4975
closedA5/2 is preferrerd over A5/1, despite its lower security!
100%
Description
Looking at select_best_cipher() in source:src/osmo-bsc/osmo_bsc_bssap.c it seems that OsmoBSC simlpy assumes that a higher integer number x of A5/x is always superior to a lower number.
This is wrong, as A5/2 is worse then A5/1. So in general, higher value of 'x' is good, with the excception of '1' and '2' being swapped.
Updated by laforge about 3 years ago
- Subject changed from A5/2 is to A5/2 is preferrerd over A5/1, despite its lower security!
Updated by laforge about 3 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 90
Updated by laforge about 3 years ago
- Checklist item fix C code implementation added
- Checklist item add test case for cipher selection added
Updated by laforge about 3 years ago
- Checklist item fix C code implementation set to Done
- Status changed from In Progress to Stalled
- Assignee changed from laforge to osmith
- Priority changed from High to Normal
osmith, would you think you could take over imlpementing a TTCN3 test case for this? The idea is to have a VTY config permitting at least A5/1 and A5/2, in combination with a simulated MS (classmark bits) that advertises A5/1 + A5/2, and then verify that the actual cipher chosen by OsmoBSC (in the CIPHER MODE COMMAND towards the simulated MS) is A5/1, and not A5/2.
As the patch is merged, I would expect osmo-bsc-master to pass, and osmo-bsc-latest to fail that new test in BSC_Tests.ttcn
If you thin you're too unfamiliar with the BSC_Tests.ttcn, feel free to ask for help, or assign back to me.
Updated by osmith about 3 years ago
laforge wrote:
osmith, would you think you could take over imlpementing a TTCN3 test case for this? The idea is to have a VTY config permitting at least A5/1 and A5/2, in combination with a simulated MS (classmark bits) that advertises A5/1 + A5/2, and then verify that the actual cipher chosen by OsmoBSC (in the CIPHER MODE COMMAND towards the simulated MS) is A5/1, and not A5/2.
As the patch is merged, I would expect osmo-bsc-master to pass, and osmo-bsc-latest to fail that new test in BSC_Tests.ttcn
It sounds feasible, I'll give it a try once some other issues are completed.
If you thin you're too unfamiliar with the BSC_Tests.ttcn, feel free to ask for help, or assign back to me.
Will do.
Updated by osmith almost 3 years ago
- Checklist item add test case for cipher selection set to Done
- Status changed from Stalled to In Progress
Sorry for the delay. Patches submitted: https://gerrit.osmocom.org/q/topic:a5-2-test
Updated by osmith almost 3 years ago
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100