Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-mgw / f817814c686791c24092980657bec3732d17ae23 / . / tests / msc_vlr / msc_vlr_test_gsm_authen.c
blob: 22e549b2f8f644346ed328930495f7a51375aec4 [file] [log] [blame]
Neels Hofmeyrf8178142017-01-25 15:04:16 +0100[diff] [blame^]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
26void test_gsm_authen()
27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000004620";
30
31 comment_start();
32
33 net->authentication_required = true;
34
35 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
36 lu_result_sent = RES_NONE;
37 gsup_expect_tx("08010809710000004026f0");
38 ms_sends_msg("050802008168000130089910070000006402");
39 OSMO_ASSERT(gsup_tx_confirmed);
40 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
41
42 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
43 auth_request_sent = false;
44 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
45 auth_request_expect_autn = NULL;
46 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
47 gsup_rx("0a"
48 /* imsi */
49 "0108" "09710000004026f0"
50 /* 5 auth vectors... */
51 /* TL TL rand */
52 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
53 /* TL sres TL kc */
54 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
55 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
56 "2104" "20bde240" "2208" "07fa7502e07e1c00"
57 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
58 "2104" "a29514ae" "2208" "e2b234f807886400"
59 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
60 "2104" "5afc8d72" "2208" "2392f14f709ae000"
61 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
62 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
63 NULL);
64 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
65 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
66
67 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
68 gsup_rx("06010809710000004026f0", NULL);
69 EXPECT_ACCEPTED(false);
70
71 thwart_rx_non_initial_requests();
72
73 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
74
75 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
76 gsup_expect_tx("04010809710000004026f0");
77 ms_sends_msg("05542d8b2c3e");
78 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
79
80 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
81 gsup_rx("10010809710000004026f00804036470f1",
82 "12010809710000004026f0");
83 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
84
85 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
86 gsup_rx("06010809710000004026f0", NULL);
87
88 btw("LU was successful, and the conn has already been closed");
89 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
90 EXPECT_CONN_COUNT(0);
91
92 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
93 auth_request_sent = false;
94 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
95 cm_service_result_sent = RES_NONE;
96 ms_sends_msg("05247803305886089910070000006402");
97 OSMO_ASSERT(g_conn);
98 OSMO_ASSERT(g_conn->conn_fsm);
99 OSMO_ASSERT(g_conn->vsub);
100 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
101 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
102
103 btw("needs auth, not yet accepted");
104 EXPECT_ACCEPTED(false);
105 thwart_rx_non_initial_requests();
106
107 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
108 gsup_expect_tx(NULL);
109 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
110 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
111
112 btw("a USSD request is serviced");
113 dtap_expect_tx_ussd("Your extension is 46071\r");
114 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
115 OSMO_ASSERT(dtap_tx_confirmed);
116
117 btw("all requests serviced, conn has been released");
118 EXPECT_CONN_COUNT(0);
119
120 BTW("an SMS is sent, MS is paged");
121 paging_expect_imsi(imsi);
122 paging_sent = false;
123 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
124 OSMO_ASSERT(vsub);
125 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
126
127 send_sms(vsub, vsub,
128 "Privacy in residential applications is a desirable"
129 " marketing option.");
130
131 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
132 vlr_subscr_put(vsub);
133 vsub = NULL;
134 VERBOSE_ASSERT(paging_sent, == true, "%d");
135 VERBOSE_ASSERT(paging_stopped, == false, "%d");
136
137 btw("the subscriber and its pending request should remain");
138 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
139 OSMO_ASSERT(vsub);
140 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
141 vlr_subscr_put(vsub);
142
143 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
144 auth_request_sent = false;
145 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
146 ms_sends_msg("06270703305882089910070000006402");
147 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
148
149 btw("needs auth, not yet accepted");
150 EXPECT_ACCEPTED(false);
151 thwart_rx_non_initial_requests();
152
153 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
154 dtap_expect_tx("09" /* SMS messages */
155 "01" /* CP-DATA */
156 "58" /* length */
157 "01" /* Network to MS */
158 "00" /* reference */
159 /* originator (gsm411_send_sms() hardcodes this weird nr) */
160 "0791" "447758100650" /* 447785016005 */
161 "00" /* dest */
162 /* SMS TPDU */
163 "4c" /* len */
164 "00" /* SMS deliver */
165 "05806470f1" /* originating address 46071 */
166 "00" /* TP-PID */
167 "00" /* GSM default alphabet */
168 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
169 "000000" /* H-M-S */
170 "00" /* GMT+0 */
171 "44" /* data length */
172 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
173 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
174 "0c7ac3e9e9b7db05");
175 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
176 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
177 VERBOSE_ASSERT(paging_stopped, == true, "%d");
178
179 btw("SMS was delivered, no requests pending for subscr");
180 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
181 OSMO_ASSERT(vsub);
182 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
183 vlr_subscr_put(vsub);
184
185 btw("conn is still open to wait for SMS ack dance");
186 EXPECT_CONN_COUNT(1);
187
188 btw("MS replies with CP-ACK for received SMS");
189 ms_sends_msg("8904");
190 EXPECT_CONN_COUNT(1);
191
192 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
193 dtap_expect_tx("0904");
194 ms_sends_msg("890106020041020000");
195 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
196
197 btw("SMS is done, conn is gone");
198 EXPECT_CONN_COUNT(0);
199
200 BTW("subscriber detaches");
201 ms_sends_msg("050130089910070000006402");
202
203 EXPECT_CONN_COUNT(0);
204 clear_vlr();
205 comment_end();
206}
207
208void test_gsm_authen_tmsi()
209{
210 struct vlr_subscr *vsub;
211 const char *imsi = "901700000004620";
212
213 comment_start();
214
215 net->authentication_required = true;
216 net->vlr->cfg.assign_tmsi = true;
217
218 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
219 lu_result_sent = RES_NONE;
220 gsup_expect_tx("08010809710000004026f0");
221 ms_sends_msg("050802008168000130089910070000006402");
222 OSMO_ASSERT(gsup_tx_confirmed);
223 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
224
225 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
226 auth_request_sent = false;
227 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
228 auth_request_expect_autn = NULL;
229 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
230 gsup_rx("0a"
231 /* imsi */
232 "0108" "09710000004026f0"
233 /* 5 auth vectors... */
234 /* TL TL rand */
235 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
236 /* TL sres TL kc */
237 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
238 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
239 "2104" "20bde240" "2208" "07fa7502e07e1c00"
240 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
241 "2104" "a29514ae" "2208" "e2b234f807886400"
242 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
243 "2104" "5afc8d72" "2208" "2392f14f709ae000"
244 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
245 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
246 NULL);
247 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
248 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
249
250 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
251 gsup_rx("06010809710000004026f0", NULL);
252 EXPECT_ACCEPTED(false);
253
254 thwart_rx_non_initial_requests();
255
256 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
257
258 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
259 gsup_expect_tx("04010809710000004026f0");
260 ms_sends_msg("05542d8b2c3e");
261 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
262
263 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
264 gsup_rx("10010809710000004026f00804036470f1",
265 "12010809710000004026f0");
266 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
267
268 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
269 gsup_rx("06010809710000004026f0", NULL);
270
271 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
272 EXPECT_CONN_COUNT(1);
273 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
274 EXPECT_ACCEPTED(false);
275 thwart_rx_non_initial_requests();
276
277 btw("even though the TMSI is not acked, we can already find the subscr with it");
278 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
279 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
280 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
281 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
282 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
283 vlr_subscr_put(vsub);
284
285 btw("MS sends TMSI Realloc Complete");
286 ms_sends_msg("055b");
287
288 btw("LU was successful, and the conn has already been closed");
289 EXPECT_CONN_COUNT(0);
290
291 btw("Subscriber has the new TMSI");
292 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
293 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
294 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
295 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
296 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
297 vlr_subscr_put(vsub);
298
299 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
300 auth_request_sent = false;
301 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
302 cm_service_result_sent = RES_NONE;
303 ms_sends_msg("05247803305886" "05f4" "03020100");
304 OSMO_ASSERT(g_conn);
305 OSMO_ASSERT(g_conn->conn_fsm);
306 OSMO_ASSERT(g_conn->vsub);
307 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
308 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
309
310 btw("needs auth, not yet accepted");
311 EXPECT_ACCEPTED(false);
312 thwart_rx_non_initial_requests();
313
314 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
315 gsup_expect_tx(NULL);
316 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
317 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
318
319 btw("a USSD request is serviced");
320 dtap_expect_tx_ussd("Your extension is 46071\r");
321 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
322 OSMO_ASSERT(dtap_tx_confirmed);
323
324 btw("all requests serviced, conn has been released");
325 EXPECT_CONN_COUNT(0);
326
327 BTW("an SMS is sent, MS is paged");
328 paging_expect_tmsi(0x03020100);
329 paging_sent = false;
330 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
331 OSMO_ASSERT(vsub);
332 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
333
334 send_sms(vsub, vsub,
335 "Privacy in residential applications is a desirable"
336 " marketing option.");
337
338 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
339 vlr_subscr_put(vsub);
340 vsub = NULL;
341 VERBOSE_ASSERT(paging_sent, == true, "%d");
342 VERBOSE_ASSERT(paging_stopped, == false, "%d");
343
344 btw("the subscriber and its pending request should remain");
345 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
346 OSMO_ASSERT(vsub);
347 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
348 vlr_subscr_put(vsub);
349
350 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
351 auth_request_sent = false;
352 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
353 ms_sends_msg("06270703305882" "05f4" "03020100");
354 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
355
356 btw("needs auth, not yet accepted");
357 EXPECT_ACCEPTED(false);
358 thwart_rx_non_initial_requests();
359
360 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
361 dtap_expect_tx("09" /* SMS messages */
362 "01" /* CP-DATA */
363 "58" /* length */
364 "01" /* Network to MS */
365 "00" /* reference */
366 /* originator (gsm411_send_sms() hardcodes this weird nr) */
367 "0791" "447758100650" /* 447785016005 */
368 "00" /* dest */
369 /* SMS TPDU */
370 "4c" /* len */
371 "00" /* SMS deliver */
372 "05806470f1" /* originating address 46071 */
373 "00" /* TP-PID */
374 "00" /* GSM default alphabet */
375 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
376 "000000" /* H-M-S */
377 "00" /* GMT+0 */
378 "44" /* data length */
379 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
380 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
381 "0c7ac3e9e9b7db05");
382 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
383 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
384 VERBOSE_ASSERT(paging_stopped, == true, "%d");
385
386 btw("SMS was delivered, no requests pending for subscr");
387 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
388 OSMO_ASSERT(vsub);
389 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
390 vlr_subscr_put(vsub);
391
392 btw("conn is still open to wait for SMS ack dance");
393 EXPECT_CONN_COUNT(1);
394
395 btw("MS replies with CP-ACK for received SMS");
396 ms_sends_msg("8904");
397 EXPECT_CONN_COUNT(1);
398
399 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
400 dtap_expect_tx("0904");
401 ms_sends_msg("890106020041020000");
402 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
403
404 btw("SMS is done, conn is gone");
405 EXPECT_CONN_COUNT(0);
406
407 /* TODO: when the subscriber detaches, the vlr_subscr gets
408 * deallocated and we no longer know the TMSI. This case is covered by
409 * test_lu_unknown_tmsi(), so here I'd like to still have the TMSI.
410 BTW("subscriber detaches, using TMSI");
411 ms_sends_msg("050130" "05f4" "03020100");
412 EXPECT_CONN_COUNT(0);
413 */
414
415 BTW("subscriber sends LU Request, this time with the TMSI");
416 btw("Location Update request causes an Auth Req to MS");
417 lu_result_sent = RES_NONE;
418 auth_request_sent = false;
419 auth_request_expect_rand = "fa8f20b781b5881329d4fea26b1a3c51";
420 ms_sends_msg("050802008168000130" "05f4" "03020100");
421 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
422 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
423
424 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
425 gsup_expect_tx("04010809710000004026f0");
426 ms_sends_msg("05545afc8d72");
427 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
428
429 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
430 gsup_rx("10010809710000004026f00804036470f1",
431 "12010809710000004026f0");
432 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
433
434 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
435 gsup_rx("06010809710000004026f0", NULL);
436
437 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
438 EXPECT_CONN_COUNT(1);
439 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
440 EXPECT_ACCEPTED(false);
441 thwart_rx_non_initial_requests();
442
443 btw("even though the TMSI is not acked, we can already find the subscr with it");
444 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
445 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
446 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
447 VERBOSE_ASSERT(vsub->tmsi_new, == 0x07060504, "0x%08x");
448 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
449 vlr_subscr_put(vsub);
450
451 btw("MS sends TMSI Realloc Complete");
452 ms_sends_msg("055b");
453
454 btw("LU was successful, and the conn has already been closed");
455 EXPECT_CONN_COUNT(0);
456
457 btw("subscriber has the new TMSI");
458 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
459 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
460 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
461 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
462 VERBOSE_ASSERT(vsub->tmsi, == 0x07060504, "0x%08x");
463 vlr_subscr_put(vsub);
464
465 BTW("subscriber detaches, using new TMSI");
466 ms_sends_msg("050130" "05f4" "07060504");
467
468 EXPECT_CONN_COUNT(0);
469 clear_vlr();
470 comment_end();
471}
472
473void test_gsm_authen_imei()
474{
475 struct vlr_subscr *vsub;
476 const char *imsi = "901700000004620";
477
478 comment_start();
479
480 net->authentication_required = true;
481 net->vlr->cfg.check_imei_rqd = true;
482
483 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
484 lu_result_sent = RES_NONE;
485 gsup_expect_tx("08010809710000004026f0");
486 ms_sends_msg("050802008168000130089910070000006402");
487 OSMO_ASSERT(gsup_tx_confirmed);
488 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
489
490 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
491 auth_request_sent = false;
492 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
493 auth_request_expect_autn = NULL;
494 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
495 gsup_rx("0a"
496 /* imsi */
497 "0108" "09710000004026f0"
498 /* 5 auth vectors... */
499 /* TL TL rand */
500 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
501 /* TL sres TL kc */
502 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
503 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
504 "2104" "20bde240" "2208" "07fa7502e07e1c00"
505 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
506 "2104" "a29514ae" "2208" "e2b234f807886400"
507 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
508 "2104" "5afc8d72" "2208" "2392f14f709ae000"
509 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
510 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
511 NULL);
512 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
513 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
514
515 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
516 gsup_rx("06010809710000004026f0", NULL);
517 EXPECT_ACCEPTED(false);
518 thwart_rx_non_initial_requests();
519 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
520
521 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
522 gsup_expect_tx("04010809710000004026f0");
523 ms_sends_msg("05542d8b2c3e");
524 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
525
526 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
527 gsup_rx("10010809710000004026f00804036470f1",
528 "12010809710000004026f0");
529 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
530
531 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
532 dtap_expect_tx("051802");
533 gsup_rx("06010809710000004026f0", NULL);
534
535 btw("We will only do business when the IMEI is known");
536 EXPECT_CONN_COUNT(1);
537 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
538 OSMO_ASSERT(vsub);
539 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
540 vlr_subscr_put(vsub);
541 EXPECT_ACCEPTED(false);
542 thwart_rx_non_initial_requests();
543
544 btw("MS replies with an Identity Response");
545 ms_sends_msg("0559084a32244332244332");
546
547 btw("LU was successful, and the conn has already been closed");
548 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
549 EXPECT_CONN_COUNT(0);
550
551 btw("Subscriber has the IMEI");
552 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
553 OSMO_ASSERT(vsub);
554 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423423"), == 0, "%d");
555 vlr_subscr_put(vsub);
556
557 BTW("subscriber detaches");
558 ms_sends_msg("050130089910070000006402");
559
560 EXPECT_CONN_COUNT(0);
561 clear_vlr();
562 comment_end();
563}
564
565void test_gsm_authen_tmsi_imei()
566{
567 struct vlr_subscr *vsub;
568 const char *imsi = "901700000004620";
569
570 comment_start();
571
572 net->authentication_required = true;
573 net->vlr->cfg.assign_tmsi = true;
574 net->vlr->cfg.check_imei_rqd = true;
575
576 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
577 lu_result_sent = RES_NONE;
578 gsup_expect_tx("08010809710000004026f0");
579 ms_sends_msg("050802008168000130089910070000006402");
580 OSMO_ASSERT(gsup_tx_confirmed);
581 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
582
583 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
584 auth_request_sent = false;
585 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
586 auth_request_expect_autn = NULL;
587 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
588 gsup_rx("0a"
589 /* imsi */
590 "0108" "09710000004026f0"
591 /* 5 auth vectors... */
592 /* TL TL rand */
593 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
594 /* TL sres TL kc */
595 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
596 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
597 "2104" "20bde240" "2208" "07fa7502e07e1c00"
598 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
599 "2104" "a29514ae" "2208" "e2b234f807886400"
600 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
601 "2104" "5afc8d72" "2208" "2392f14f709ae000"
602 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
603 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
604 NULL);
605 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
606 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
607
608 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
609 gsup_rx("06010809710000004026f0", NULL);
610 EXPECT_ACCEPTED(false);
611
612 thwart_rx_non_initial_requests();
613
614 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
615
616 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
617 gsup_expect_tx("04010809710000004026f0");
618 ms_sends_msg("05542d8b2c3e");
619 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
620
621 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
622 gsup_rx("10010809710000004026f00804036470f1",
623 "12010809710000004026f0");
624 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
625
626 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
627 dtap_expect_tx("051802");
628 gsup_rx("06010809710000004026f0", NULL);
629
630 btw("We will only do business when the IMEI is known");
631 EXPECT_CONN_COUNT(1);
632 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
633 OSMO_ASSERT(vsub);
634 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
635 vlr_subscr_put(vsub);
636 EXPECT_ACCEPTED(false);
637 thwart_rx_non_initial_requests();
638
639 btw("MS replies with an Identity Response");
640 ms_sends_msg("0559084a32244332244332");
641
642 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
643 EXPECT_CONN_COUNT(1);
644 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
645 EXPECT_ACCEPTED(false);
646 thwart_rx_non_initial_requests();
647
648 btw("even though the TMSI is not acked, we can already find the subscr with it");
649 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
650 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
651 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
652 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
653 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
654 vlr_subscr_put(vsub);
655
656 btw("MS sends TMSI Realloc Complete");
657 ms_sends_msg("055b");
658
659 btw("LU was successful, and the conn has already been closed");
660 EXPECT_CONN_COUNT(0);
661
662 btw("Subscriber has the IMEI and TMSI");
663 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
664 OSMO_ASSERT(vsub);
665 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423423"), == 0, "%d");
666 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
667 vlr_subscr_put(vsub);
668
669 BTW("subscriber detaches, using TMSI");
670 ms_sends_msg("050130" "05f4" "03020100");
671
672 EXPECT_CONN_COUNT(0);
673 clear_vlr();
674 comment_end();
675}
676
677void test_gsm_milenage_authen()
678{
679 struct vlr_subscr *vsub;
680 const char *imsi = "901700000010650";
681
682 comment_start();
683
684 net->authentication_required = true;
685 rx_from_ran = RAN_GERAN_A;
686
687 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
688 lu_result_sent = RES_NONE;
689 gsup_expect_tx("080108" "09710000000156f0");
690 ms_sends_msg("0508" /* MM LU */
691 "7" /* ciph key seq: no key available */
692 "0" /* LU type: normal */
693 "ffffff" "0000" /* LAI, LAC */
694 "30" /* classmark 1: GSM phase 2 */
695 "089910070000106005" /* IMSI */
696 );
697 OSMO_ASSERT(gsup_tx_confirmed);
698 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
699
700 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
701 /* based on auc_3g:
702 * K = 'EB215756028D60E3275E613320AEC880',
703 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
704 * SQN = 0
705 */
706 auth_request_sent = false;
707 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
708 auth_request_expect_autn = NULL;
709 gsup_rx("0a"
710 /* imsi */
711 "0108" "09710000000156f0"
712 /* 5 auth vectors... */
713 /* TL TL rand */
714 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
715 /* TL sres TL kc */
716 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
717 /* TL 3G IK */
718 "2310" "27497388b6cb044648f396aa155b95ef"
719 /* TL 3G CK */
720 "2410" "f64735036e5871319c679f4742a75ea1"
721 /* TL AUTN */
722 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
723 /* TL RES */
724 "2708" "e229c19e791f2e41"
725 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
726 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
727 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
728 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
729 "2510" "1843a645b98d00005b2d666af46c45d9"
730 "2708" "7db47cf7f81e4dc7"
731 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
732 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
733 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
734 "2410" "76542abce5ff9345b0e8947f4c6e019c"
735 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
736 "2708" "706f996719ba609c"
737 ,NULL);
738 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
739 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
740
741 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
742 gsup_expect_tx("04010809710000000156f0");
743 ms_sends_msg("0554" "9b36efdf");
744 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
745
746 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
747 gsup_rx("10010809710000000156f00804032443f2",
748 "12010809710000000156f0");
749 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
750
751 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
752 gsup_rx("06010809710000000156f0", NULL);
753
754 btw("LU was successful, and the conn has already been closed");
755 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
756 EXPECT_CONN_COUNT(0);
757
758 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
759 auth_request_sent = false;
760 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
761 auth_request_expect_autn = NULL;
762 cm_service_result_sent = RES_NONE;
763 ms_sends_msg("052478"
764 "03305886" /* classmark 2: GSM phase 2 */
765 "089910070000106005" /* IMSI */);
766 OSMO_ASSERT(g_conn);
767 OSMO_ASSERT(g_conn->conn_fsm);
768 OSMO_ASSERT(g_conn->vsub);
769 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
770 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
771
772 btw("needs auth, not yet accepted");
773 EXPECT_ACCEPTED(false);
774 thwart_rx_non_initial_requests();
775
776 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
777 gsup_expect_tx(NULL);
778 ms_sends_msg("0554" "85aa3130"); /* 2nd vector's sres, s.a. */
779 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
780
781 btw("a USSD request is serviced");
782 dtap_expect_tx_ussd("Your extension is 42342\r");
783 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
784 OSMO_ASSERT(dtap_tx_confirmed);
785
786 btw("all requests serviced, conn has been released");
787 EXPECT_CONN_COUNT(0);
788
789 BTW("an SMS is sent, MS is paged");
790 paging_expect_imsi(imsi);
791 paging_sent = false;
792 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
793 OSMO_ASSERT(vsub);
794 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
795
796 send_sms(vsub, vsub,
797 "Privacy in residential applications is a desirable"
798 " marketing option.");
799
800 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
801 vlr_subscr_put(vsub);
802 vsub = NULL;
803 VERBOSE_ASSERT(paging_sent, == true, "%d");
804 VERBOSE_ASSERT(paging_stopped, == false, "%d");
805
806 btw("the subscriber and its pending request should remain");
807 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
808 OSMO_ASSERT(vsub);
809 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
810 vlr_subscr_put(vsub);
811
812 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
813 auth_request_sent = false;
814 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
815 auth_request_expect_autn = NULL;
816 ms_sends_msg("062707"
817 "03305886" /* classmark 2 */
818 "089910070000106005" /* IMSI */);
819 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
820
821 btw("needs auth, not yet accepted");
822 EXPECT_ACCEPTED(false);
823 thwart_rx_non_initial_requests();
824
825 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
826 dtap_expect_tx("09" /* SMS messages */
827 "01" /* CP-DATA */
828 "58" /* length */
829 "01" /* Network to MS */
830 "00" /* reference */
831 /* originator (gsm411_send_sms() hardcodes this weird nr) */
832 "0791" "447758100650" /* 447785016005 */
833 "00" /* dest */
834 /* SMS TPDU */
835 "4c" /* len */
836 "00" /* SMS deliver */
837 "05802443f2" /* originating address 42342 */
838 "00" /* TP-PID */
839 "00" /* GSM default alphabet */
840 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
841 "000000" /* H-M-S */
842 "00" /* GMT+0 */
843 "44" /* data length */
844 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
845 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
846 "0c7ac3e9e9b7db05");
847 ms_sends_msg("0554" "69d5f9fb"); /* 3nd vector's sres, s.a. */
848 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
849 VERBOSE_ASSERT(paging_stopped, == true, "%d");
850
851 btw("SMS was delivered, no requests pending for subscr");
852 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
853 OSMO_ASSERT(vsub);
854 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
855 vlr_subscr_put(vsub);
856
857 btw("conn is still open to wait for SMS ack dance");
858 EXPECT_CONN_COUNT(1);
859
860 btw("MS replies with CP-ACK for received SMS");
861 ms_sends_msg("8904");
862 EXPECT_CONN_COUNT(1);
863
864 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
865 dtap_expect_tx("0904");
866 ms_sends_msg("890106020041020000");
867 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
868
869 btw("SMS is done, conn is gone");
870 EXPECT_CONN_COUNT(0);
871
872 BTW("subscriber detaches");
873 ms_sends_msg("050130"
874 "089910070000106005" /* IMSI */);
875
876 EXPECT_CONN_COUNT(0);
877 clear_vlr();
878 comment_end();
879}
880
881msc_vlr_test_func_t msc_vlr_tests[] = {
882 test_gsm_authen,
883 test_gsm_authen_tmsi,
884 test_gsm_authen_imei,
885 test_gsm_authen_tmsi_imei,
886 test_gsm_milenage_authen,
887 NULL
888};