Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-gbproxy / 3dc2c6438e28829db6437a9016e750d682b90cde / . / tests / msc_vlr / msc_vlr_test_no_authen.c
blob: fdafe3e4b5e911a70ea360775bb4e80cc00f0a39 [file] [log] [blame]
Neels Hofmeyr3dc2c642017-01-25 15:04:16 +0100[diff] [blame^]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
26void test_no_authen()
27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000004620";
30
31 comment_start();
32
33 btw("Location Update request causes a GSUP LU request to HLR");
34 lu_result_sent = RES_NONE;
35 gsup_expect_tx("04010809710000004026f0");
36 ms_sends_msg("050802008168000130089910070000006402");
37 OSMO_ASSERT(gsup_tx_confirmed);
38 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
39
40 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
41 gsup_rx("10010809710000004026f00804036470f1",
42 "12010809710000004026f0");
43 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
44
45 btw("having received subscriber data does not mean acceptance");
46 EXPECT_ACCEPTED(false);
47
48 thwart_rx_non_initial_requests();
49
50 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
51
52 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
53 gsup_rx("06010809710000004026f0", NULL);
54
55 btw("LU was successful, and the conn has already been closed");
56 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
57 EXPECT_CONN_COUNT(0);
58
59 BTW("after a while, a new conn sends a CM Service Request");
60 cm_service_result_sent = RES_NONE;
61 ms_sends_msg("05247803305886089910070000006402");
62 OSMO_ASSERT(g_conn);
63 OSMO_ASSERT(g_conn->conn_fsm);
64 OSMO_ASSERT(g_conn->vsub);
65 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
66 EXPECT_ACCEPTED(true);
67
68 btw("a USSD request is serviced");
69 dtap_expect_tx_ussd("Your extension is 46071\r");
70 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
71
72 btw("all requests serviced, conn has been released");
73 EXPECT_CONN_COUNT(0);
74
75 BTW("an SMS is sent, MS is paged");
76 paging_expect_imsi(imsi);
77 paging_sent = false;
78 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
79 OSMO_ASSERT(vsub);
80 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
81
82 send_sms(vsub, vsub,
83 "Privacy in residential applications is a desirable"
84 " marketing option.");
85
86 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
87 vlr_subscr_put(vsub);
88 vsub = NULL;
89 VERBOSE_ASSERT(paging_sent, == true, "%d");
90 VERBOSE_ASSERT(paging_stopped, == false, "%d");
91
92 btw("the subscriber and its pending request should remain");
93 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
94 OSMO_ASSERT(vsub);
95 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
96 vlr_subscr_put(vsub);
97
98 btw("MS replies with Paging Response, we deliver the SMS");
99 dtap_expect_tx("09" /* SMS messages */
100 "01" /* CP-DATA */
101 "58" /* length */
102 "01" /* Network to MS */
103 "00" /* reference */
104 /* originator (gsm411_send_sms() hardcodes this weird nr) */
105 "0791" "447758100650" /* 447785016005 */
106 "00" /* dest */
107 /* SMS TPDU */
108 "4c" /* len */
109 "00" /* SMS deliver */
110 "05806470f1" /* originating address 46071 */
111 "00" /* TP-PID */
112 "00" /* GSM default alphabet */
113 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
114 "000000" /* H-M-S */
115 "00" /* GMT+0 */
116 "44" /* data length */
117 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
118 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
119 "0c7ac3e9e9b7db05");
120 ms_sends_msg("06270703305882089910070000006402");
121 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
122 VERBOSE_ASSERT(paging_stopped, == true, "%d");
123
124 btw("SMS was delivered, no requests pending for subscr");
125 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
126 OSMO_ASSERT(vsub);
127 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
128 vlr_subscr_put(vsub);
129
130 btw("conn is still open to wait for SMS ack dance");
131 EXPECT_CONN_COUNT(1);
132
133 btw("MS replies with CP-ACK for received SMS");
134 ms_sends_msg("8904");
135 EXPECT_CONN_COUNT(1);
136
137 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
138 dtap_expect_tx("0904");
139 ms_sends_msg("890106020041020000");
140 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
141
142 btw("SMS is done, conn is gone");
143 EXPECT_CONN_COUNT(0);
144
145 BTW("subscriber detaches");
146 ms_sends_msg("050130089910070000006402");
147
148 EXPECT_CONN_COUNT(0);
149 clear_vlr();
150 comment_end();
151}
152
153void test_no_authen_tmsi()
154{
155 struct vlr_subscr *vsub;
156 const char *imsi = "901700000004620";
157
158 comment_start();
159
160 net->vlr->cfg.assign_tmsi = true;
161
162 btw("Location Update request causes a GSUP LU request to HLR");
163 lu_result_sent = RES_NONE;
164 gsup_expect_tx("04010809710000004026f0");
165 ms_sends_msg("050802008168000130089910070000006402");
166 OSMO_ASSERT(gsup_tx_confirmed);
167 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
168
169 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
170 gsup_rx("10010809710000004026f00804036470f1",
171 "12010809710000004026f0");
172 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
173
174 btw("having received subscriber data does not mean acceptance");
175 EXPECT_ACCEPTED(false);
176 thwart_rx_non_initial_requests();
177 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
178
179 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
180 gsup_rx("06010809710000004026f0", NULL);
181
182 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
183 EXPECT_CONN_COUNT(1);
184 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
185 EXPECT_ACCEPTED(false);
186 thwart_rx_non_initial_requests();
187
188 btw("even though the TMSI is not acked, we can already find the subscr with it");
189 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
190 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
191 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
192 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
193 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
194 vlr_subscr_put(vsub);
195
196 btw("MS sends TMSI Realloc Complete");
197 ms_sends_msg("055b");
198
199 btw("LU was successful, and the conn has already been closed");
200 EXPECT_CONN_COUNT(0);
201
202 btw("Subscriber has the new TMSI");
203 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
204 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
205 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
206 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
207 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
208 vlr_subscr_put(vsub);
209
210 BTW("after a while, a new conn sends a CM Service Request using above TMSI");
211 cm_service_result_sent = RES_NONE;
212 ms_sends_msg("05247803305886" "05f4" "03020100");
213 OSMO_ASSERT(g_conn);
214 OSMO_ASSERT(g_conn->conn_fsm);
215 OSMO_ASSERT(g_conn->vsub);
216 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
217 EXPECT_ACCEPTED(true);
218
219 btw("a USSD request is serviced");
220 dtap_expect_tx_ussd("Your extension is 46071\r");
221 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
222
223 btw("all requests serviced, conn has been released");
224 EXPECT_CONN_COUNT(0);
225
226 BTW("an SMS is sent, MS is paged using above TMSI");
227 paging_expect_tmsi(0x03020100);
228 paging_sent = false;
229 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
230 OSMO_ASSERT(vsub);
231 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
232
233 send_sms(vsub, vsub,
234 "Privacy in residential applications is a desirable"
235 " marketing option.");
236
237 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
238 vlr_subscr_put(vsub);
239 vsub = NULL;
240 VERBOSE_ASSERT(paging_sent, == true, "%d");
241 VERBOSE_ASSERT(paging_stopped, == false, "%d");
242
243 btw("the subscriber and its pending request should remain");
244 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
245 OSMO_ASSERT(vsub);
246 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
247 vlr_subscr_put(vsub);
248
249 btw("MS replies with Paging Response using TMSI, we deliver the SMS");
250 dtap_expect_tx("09" /* SMS messages */
251 "01" /* CP-DATA */
252 "58" /* length */
253 "01" /* Network to MS */
254 "00" /* reference */
255 /* originator (gsm411_send_sms() hardcodes this weird nr) */
256 "0791" "447758100650" /* 447785016005 */
257 "00" /* dest */
258 /* SMS TPDU */
259 "4c" /* len */
260 "00" /* SMS deliver */
261 "05806470f1" /* originating address 46071 */
262 "00" /* TP-PID */
263 "00" /* GSM default alphabet */
264 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
265 "000000" /* H-M-S */
266 "00" /* GMT+0 */
267 "44" /* data length */
268 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
269 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
270 "0c7ac3e9e9b7db05");
271 ms_sends_msg("06270703305882" "05f4" "03020100");
272 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
273 VERBOSE_ASSERT(paging_stopped, == true, "%d");
274
275 btw("SMS was delivered, no requests pending for subscr");
276 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
277 OSMO_ASSERT(vsub);
278 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
279 vlr_subscr_put(vsub);
280
281 btw("conn is still open to wait for SMS ack dance");
282 EXPECT_CONN_COUNT(1);
283
284 btw("MS replies with CP-ACK for received SMS");
285 ms_sends_msg("8904");
286 EXPECT_CONN_COUNT(1);
287
288 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
289 dtap_expect_tx("0904");
290 ms_sends_msg("890106020041020000");
291 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
292
293 btw("SMS is done, conn is gone");
294 EXPECT_CONN_COUNT(0);
295
296 /* TODO: when the subscriber detaches, the vlr_subscr gets
297 * deallocated and we no longer know the TMSI. This case is covered by
298 * test_lu_unknown_tmsi(), so here I'd like to still have the TMSI.
299 BTW("subscriber detaches, using TMSI");
300 ms_sends_msg("050130" "05f4" "03020100");
301 EXPECT_CONN_COUNT(0);
302 */
303
304 BTW("subscriber sends LU Request, this time with the TMSI");
305 btw("Location Update request causes a GSUP LU request to HLR");
306 lu_result_sent = RES_NONE;
307 gsup_expect_tx("04010809710000004026f0");
308 ms_sends_msg("050802008168000130" "05f4" "03020100");
309 OSMO_ASSERT(gsup_tx_confirmed);
310 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
311
312 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
313 gsup_rx("10010809710000004026f00804036470f1",
314 "12010809710000004026f0");
315 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
316
317 btw("having received subscriber data does not mean acceptance");
318 EXPECT_ACCEPTED(false);
319 thwart_rx_non_initial_requests();
320 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
321
322 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
323 gsup_rx("06010809710000004026f0", NULL);
324
325 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
326 EXPECT_CONN_COUNT(1);
327 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
328 EXPECT_ACCEPTED(false);
329 thwart_rx_non_initial_requests();
330
331 btw("even though the TMSI is not acked, we can already find the subscr with it");
332 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
333 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
334 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
335 VERBOSE_ASSERT(vsub->tmsi_new, == 0x07060504, "0x%08x");
336 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
337 vlr_subscr_put(vsub);
338
339 btw("MS sends TMSI Realloc Complete");
340 ms_sends_msg("055b");
341
342 btw("LU was successful, and the conn has already been closed");
343 EXPECT_CONN_COUNT(0);
344
345 btw("subscriber has the new TMSI");
346 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
347 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
348 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
349 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
350 VERBOSE_ASSERT(vsub->tmsi, == 0x07060504, "0x%08x");
351 vlr_subscr_put(vsub);
352
353 BTW("subscriber detaches, using new TMSI");
354 ms_sends_msg("050130" "05f4" "07060504");
355
356 EXPECT_CONN_COUNT(0);
357 clear_vlr();
358 comment_end();
359}
360
361void test_no_authen_imei()
362{
363 struct vlr_subscr *vsub;
364 const char *imsi = "901700000004620";
365
366 comment_start();
367
368 net->vlr->cfg.check_imei_rqd = true;
369
370 btw("Location Update request causes a GSUP LU request to HLR");
371 lu_result_sent = RES_NONE;
372 gsup_expect_tx("04010809710000004026f0");
373 ms_sends_msg("050802008168000130089910070000006402");
374 OSMO_ASSERT(gsup_tx_confirmed);
375 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
376
377 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
378 gsup_rx("10010809710000004026f00804036470f1",
379 "12010809710000004026f0");
380 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
381
382 btw("having received subscriber data does not mean acceptance");
383 EXPECT_ACCEPTED(false);
384 thwart_rx_non_initial_requests();
385 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
386
387 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
388 dtap_expect_tx("051802");
389 gsup_rx("06010809710000004026f0", NULL);
390
391 btw("We will only do business when the IMEI is known");
392 EXPECT_CONN_COUNT(1);
393 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
394 OSMO_ASSERT(vsub);
395 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
396 vlr_subscr_put(vsub);
397 EXPECT_ACCEPTED(false);
398 thwart_rx_non_initial_requests();
399
400 btw("MS replies with an Identity Response");
401 ms_sends_msg("0559084a32244332244332");
402
403 btw("LU was successful, and the conn has already been closed");
404 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
405 EXPECT_CONN_COUNT(0);
406
407 btw("Subscriber has the IMEI");
408 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
409 OSMO_ASSERT(vsub);
410 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423423"), == 0, "%d");
411 vlr_subscr_put(vsub);
412
413 BTW("subscriber detaches");
414 ms_sends_msg("050130089910070000006402");
415
416 EXPECT_CONN_COUNT(0);
417 clear_vlr();
418 comment_end();
419}
420
421void test_no_authen_tmsi_imei()
422{
423 struct vlr_subscr *vsub;
424 const char *imsi = "901700000004620";
425
426 comment_start();
427
428 net->vlr->cfg.assign_tmsi = true;
429 net->vlr->cfg.check_imei_rqd = true;
430
431 btw("Location Update request causes a GSUP LU request to HLR");
432 lu_result_sent = RES_NONE;
433 gsup_expect_tx("04010809710000004026f0");
434 ms_sends_msg("050802008168000130089910070000006402");
435 OSMO_ASSERT(gsup_tx_confirmed);
436 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
437
438 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
439 gsup_rx("10010809710000004026f00804036470f1",
440 "12010809710000004026f0");
441 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
442
443 btw("having received subscriber data does not mean acceptance");
444 EXPECT_ACCEPTED(false);
445 thwart_rx_non_initial_requests();
446 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
447
448 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
449 dtap_expect_tx("051802");
450 gsup_rx("06010809710000004026f0", NULL);
451
452 btw("We will only do business when the IMEI is known");
453 EXPECT_CONN_COUNT(1);
454 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
455 OSMO_ASSERT(vsub);
456 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
457 vlr_subscr_put(vsub);
458 EXPECT_ACCEPTED(false);
459 thwart_rx_non_initial_requests();
460
461 btw("MS replies with an Identity Response");
462 ms_sends_msg("0559084a32244332244332");
463
464 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
465 EXPECT_CONN_COUNT(1);
466 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
467 EXPECT_ACCEPTED(false);
468 thwart_rx_non_initial_requests();
469
470 btw("MS sends TMSI Realloc Complete");
471 ms_sends_msg("055b");
472
473 btw("LU was successful, and the conn has already been closed");
474 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
475 EXPECT_CONN_COUNT(0);
476
477 btw("Subscriber has the IMEI and TMSI");
478 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
479 OSMO_ASSERT(vsub);
480 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423423"), == 0, "%d");
481 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
482 vlr_subscr_put(vsub);
483
484 BTW("subscriber detaches");
485 ms_sends_msg("050130089910070000006402");
486
487 EXPECT_CONN_COUNT(0);
488 clear_vlr();
489 comment_end();
490}
491
492msc_vlr_test_func_t msc_vlr_tests[] = {
493 test_no_authen,
494 test_no_authen_tmsi,
495 test_no_authen_imei,
496 test_no_authen_tmsi_imei,
497 NULL
498};