Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 0df904dea9106587f40ec379e9cc05ea251beb7e / . / tests / msc_vlr / msc_vlr_test_gsm_authen.c
blob: 8dca655e6de027e02a97bdb2996f4893db574db5 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame^]25#include "stubs.h"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]26
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]27static void test_gsm_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]28{
29 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]30 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]31
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]32 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]33
34 net->authentication_required = true;
35
36 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
37 lu_result_sent = RES_NONE;
38 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]39 ms_sends_msg("0508020081680001"
40 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
41 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]42 OSMO_ASSERT(gsup_tx_confirmed);
43 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
44
45 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
46 auth_request_sent = false;
47 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
48 auth_request_expect_autn = NULL;
49 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
50 gsup_rx("0a"
51 /* imsi */
52 "0108" "09710000004026f0"
53 /* 5 auth vectors... */
54 /* TL TL rand */
55 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
56 /* TL sres TL kc */
57 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
58 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
59 "2104" "20bde240" "2208" "07fa7502e07e1c00"
60 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
61 "2104" "a29514ae" "2208" "e2b234f807886400"
62 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
63 "2104" "5afc8d72" "2208" "2392f14f709ae000"
64 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
65 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
66 NULL);
67 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
68 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
69
70 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
71 gsup_rx("06010809710000004026f0", NULL);
72 EXPECT_ACCEPTED(false);
73
74 thwart_rx_non_initial_requests();
75
76 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
77
78 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]79 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]80 ms_sends_msg("05542d8b2c3e");
81 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
82
83 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
84 gsup_rx("10010809710000004026f00804036470f1",
85 "12010809710000004026f0");
86 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
87
88 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]89 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]90 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]91 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]92
93 btw("LU was successful, and the conn has already been closed");
94 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]95 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]96 EXPECT_CONN_COUNT(0);
97
98 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
99 auth_request_sent = false;
100 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
101 cm_service_result_sent = RES_NONE;
102 ms_sends_msg("05247803305886089910070000006402");
103 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]104 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]105 OSMO_ASSERT(g_conn->vsub);
106 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
107 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
108
109 btw("needs auth, not yet accepted");
110 EXPECT_ACCEPTED(false);
111 thwart_rx_non_initial_requests();
112
113 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
114 gsup_expect_tx(NULL);
115 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
116 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
117
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]118 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]119 expect_bssap_clear(OSMO_RAT_GERAN_A);
120 conn_conclude_cm_service_req(g_conn, OSMO_RAT_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]121
122 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]123 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]124 EXPECT_CONN_COUNT(0);
125
126 BTW("an SMS is sent, MS is paged");
127 paging_expect_imsi(imsi);
128 paging_sent = false;
129 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
130 OSMO_ASSERT(vsub);
131 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
132
133 send_sms(vsub, vsub,
134 "Privacy in residential applications is a desirable"
135 " marketing option.");
136
137 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
138 vlr_subscr_put(vsub);
139 vsub = NULL;
140 VERBOSE_ASSERT(paging_sent, == true, "%d");
141 VERBOSE_ASSERT(paging_stopped, == false, "%d");
142
143 btw("the subscriber and its pending request should remain");
144 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
145 OSMO_ASSERT(vsub);
146 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
147 vlr_subscr_put(vsub);
148
149 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
150 auth_request_sent = false;
151 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
152 ms_sends_msg("06270703305882089910070000006402");
153 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
154
155 btw("needs auth, not yet accepted");
156 EXPECT_ACCEPTED(false);
157 thwart_rx_non_initial_requests();
158
159 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
160 dtap_expect_tx("09" /* SMS messages */
161 "01" /* CP-DATA */
162 "58" /* length */
163 "01" /* Network to MS */
164 "00" /* reference */
165 /* originator (gsm411_send_sms() hardcodes this weird nr) */
166 "0791" "447758100650" /* 447785016005 */
167 "00" /* dest */
168 /* SMS TPDU */
169 "4c" /* len */
170 "00" /* SMS deliver */
171 "05806470f1" /* originating address 46071 */
172 "00" /* TP-PID */
173 "00" /* GSM default alphabet */
174 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
175 "000000" /* H-M-S */
176 "00" /* GMT+0 */
177 "44" /* data length */
178 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
179 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
180 "0c7ac3e9e9b7db05");
181 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
182 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
183 VERBOSE_ASSERT(paging_stopped, == true, "%d");
184
185 btw("SMS was delivered, no requests pending for subscr");
186 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
187 OSMO_ASSERT(vsub);
188 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
189 vlr_subscr_put(vsub);
190
191 btw("conn is still open to wait for SMS ack dance");
192 EXPECT_CONN_COUNT(1);
193
194 btw("MS replies with CP-ACK for received SMS");
195 ms_sends_msg("8904");
196 EXPECT_CONN_COUNT(1);
197
198 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
199 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]200 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]201 ms_sends_msg("890106020041020000");
202 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]203 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]204
205 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]206 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]207 EXPECT_CONN_COUNT(0);
208
209 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]210 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]211 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]212 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]213
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]214 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]215 EXPECT_CONN_COUNT(0);
216 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]217 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]218}
219
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]220static void test_gsm_authen_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]221{
222 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]223 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]224
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]225 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]226
227 net->authentication_required = true;
228 net->vlr->cfg.assign_tmsi = true;
229
230 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
231 lu_result_sent = RES_NONE;
232 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]233 ms_sends_msg("0508020081680001"
234 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
235 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]236 OSMO_ASSERT(gsup_tx_confirmed);
237 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
238
239 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
240 auth_request_sent = false;
241 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
242 auth_request_expect_autn = NULL;
243 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
244 gsup_rx("0a"
245 /* imsi */
246 "0108" "09710000004026f0"
247 /* 5 auth vectors... */
248 /* TL TL rand */
249 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
250 /* TL sres TL kc */
251 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
252 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
253 "2104" "20bde240" "2208" "07fa7502e07e1c00"
254 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
255 "2104" "a29514ae" "2208" "e2b234f807886400"
256 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
257 "2104" "5afc8d72" "2208" "2392f14f709ae000"
258 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
259 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
260 NULL);
261 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
262 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
263
264 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
265 gsup_rx("06010809710000004026f0", NULL);
266 EXPECT_ACCEPTED(false);
267
268 thwart_rx_non_initial_requests();
269
270 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
271
272 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]273 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]274 ms_sends_msg("05542d8b2c3e");
275 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
276
277 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
278 gsup_rx("10010809710000004026f00804036470f1",
279 "12010809710000004026f0");
280 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
281
282 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
283 gsup_rx("06010809710000004026f0", NULL);
284
285 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
286 EXPECT_CONN_COUNT(1);
287 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
288 EXPECT_ACCEPTED(false);
289 thwart_rx_non_initial_requests();
290
291 btw("even though the TMSI is not acked, we can already find the subscr with it");
292 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
293 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
294 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
295 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
296 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
297 vlr_subscr_put(vsub);
298
299 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]300 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]301 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]302 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]303
304 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]305 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]306 EXPECT_CONN_COUNT(0);
307
308 btw("Subscriber has the new TMSI");
309 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
310 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
311 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
312 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
313 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
314 vlr_subscr_put(vsub);
315
316 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
317 auth_request_sent = false;
318 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
319 cm_service_result_sent = RES_NONE;
320 ms_sends_msg("05247803305886" "05f4" "03020100");
321 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]322 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]323 OSMO_ASSERT(g_conn->vsub);
324 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
325 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
326
327 btw("needs auth, not yet accepted");
328 EXPECT_ACCEPTED(false);
329 thwart_rx_non_initial_requests();
330
331 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
332 gsup_expect_tx(NULL);
333 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
334 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
335
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]336 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]337 expect_bssap_clear(OSMO_RAT_GERAN_A);
338 conn_conclude_cm_service_req(g_conn, OSMO_RAT_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]339
340 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]341 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]342 EXPECT_CONN_COUNT(0);
343
344 BTW("an SMS is sent, MS is paged");
345 paging_expect_tmsi(0x03020100);
346 paging_sent = false;
347 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
348 OSMO_ASSERT(vsub);
349 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
350
351 send_sms(vsub, vsub,
352 "Privacy in residential applications is a desirable"
353 " marketing option.");
354
355 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
356 vlr_subscr_put(vsub);
357 vsub = NULL;
358 VERBOSE_ASSERT(paging_sent, == true, "%d");
359 VERBOSE_ASSERT(paging_stopped, == false, "%d");
360
361 btw("the subscriber and its pending request should remain");
362 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
363 OSMO_ASSERT(vsub);
364 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
365 vlr_subscr_put(vsub);
366
367 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
368 auth_request_sent = false;
369 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
370 ms_sends_msg("06270703305882" "05f4" "03020100");
371 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
372
373 btw("needs auth, not yet accepted");
374 EXPECT_ACCEPTED(false);
375 thwart_rx_non_initial_requests();
376
377 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
378 dtap_expect_tx("09" /* SMS messages */
379 "01" /* CP-DATA */
380 "58" /* length */
381 "01" /* Network to MS */
382 "00" /* reference */
383 /* originator (gsm411_send_sms() hardcodes this weird nr) */
384 "0791" "447758100650" /* 447785016005 */
385 "00" /* dest */
386 /* SMS TPDU */
387 "4c" /* len */
388 "00" /* SMS deliver */
389 "05806470f1" /* originating address 46071 */
390 "00" /* TP-PID */
391 "00" /* GSM default alphabet */
392 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
393 "000000" /* H-M-S */
394 "00" /* GMT+0 */
395 "44" /* data length */
396 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
397 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
398 "0c7ac3e9e9b7db05");
399 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
400 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
401 VERBOSE_ASSERT(paging_stopped, == true, "%d");
402
403 btw("SMS was delivered, no requests pending for subscr");
404 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
405 OSMO_ASSERT(vsub);
406 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
407 vlr_subscr_put(vsub);
408
409 btw("conn is still open to wait for SMS ack dance");
410 EXPECT_CONN_COUNT(1);
411
412 btw("MS replies with CP-ACK for received SMS");
413 ms_sends_msg("8904");
414 EXPECT_CONN_COUNT(1);
415
416 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
417 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]418 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]419 ms_sends_msg("890106020041020000");
420 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]421 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]422
423 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]424 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]425 EXPECT_CONN_COUNT(0);
426
427 /* TODO: when the subscriber detaches, the vlr_subscr gets
428 * deallocated and we no longer know the TMSI. This case is covered by
429 * test_lu_unknown_tmsi(), so here I'd like to still have the TMSI.
430 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]431 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]432 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]433 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]434 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]435 EXPECT_CONN_COUNT(0);
436 */
437
438 BTW("subscriber sends LU Request, this time with the TMSI");
439 btw("Location Update request causes an Auth Req to MS");
440 lu_result_sent = RES_NONE;
441 auth_request_sent = false;
442 auth_request_expect_rand = "fa8f20b781b5881329d4fea26b1a3c51";
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]443 ms_sends_msg("0508020081680001"
444 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
445 "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]446 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
447 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
448
449 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]450 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]451 ms_sends_msg("05545afc8d72");
452 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
453
454 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
455 gsup_rx("10010809710000004026f00804036470f1",
456 "12010809710000004026f0");
457 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
458
459 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
460 gsup_rx("06010809710000004026f0", NULL);
461
462 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
463 EXPECT_CONN_COUNT(1);
464 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
465 EXPECT_ACCEPTED(false);
466 thwart_rx_non_initial_requests();
467
468 btw("even though the TMSI is not acked, we can already find the subscr with it");
469 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
470 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
471 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
472 VERBOSE_ASSERT(vsub->tmsi_new, == 0x07060504, "0x%08x");
473 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
474 vlr_subscr_put(vsub);
475
476 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]477 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]478 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]479 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]480
481 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]482 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]483 EXPECT_CONN_COUNT(0);
484
485 btw("subscriber has the new TMSI");
486 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
487 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
488 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
489 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
490 VERBOSE_ASSERT(vsub->tmsi, == 0x07060504, "0x%08x");
491 vlr_subscr_put(vsub);
492
493 BTW("subscriber detaches, using new TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]494 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]495 ms_sends_msg("050130" "05f4" "07060504");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]496 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]497
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]498 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]499 EXPECT_CONN_COUNT(0);
500 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]501 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]502}
503
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]504static void test_gsm_authen_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]505{
506 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]507 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]508
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]509 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]510
511 net->authentication_required = true;
512 net->vlr->cfg.check_imei_rqd = true;
513
514 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
515 lu_result_sent = RES_NONE;
516 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]517 ms_sends_msg("0508020081680001"
518 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
519 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]520 OSMO_ASSERT(gsup_tx_confirmed);
521 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
522
523 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
524 auth_request_sent = false;
525 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
526 auth_request_expect_autn = NULL;
527 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
528 gsup_rx("0a"
529 /* imsi */
530 "0108" "09710000004026f0"
531 /* 5 auth vectors... */
532 /* TL TL rand */
533 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
534 /* TL sres TL kc */
535 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
536 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
537 "2104" "20bde240" "2208" "07fa7502e07e1c00"
538 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
539 "2104" "a29514ae" "2208" "e2b234f807886400"
540 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
541 "2104" "5afc8d72" "2208" "2392f14f709ae000"
542 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
543 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
544 NULL);
545 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
546 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
547
548 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
549 gsup_rx("06010809710000004026f0", NULL);
550 EXPECT_ACCEPTED(false);
551 thwart_rx_non_initial_requests();
552 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
553
554 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]555 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]556 ms_sends_msg("05542d8b2c3e");
557 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
558
559 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
560 gsup_rx("10010809710000004026f00804036470f1",
561 "12010809710000004026f0");
562 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
563
564 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
565 dtap_expect_tx("051802");
566 gsup_rx("06010809710000004026f0", NULL);
567
568 btw("We will only do business when the IMEI is known");
569 EXPECT_CONN_COUNT(1);
570 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
571 OSMO_ASSERT(vsub);
572 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
573 vlr_subscr_put(vsub);
574 EXPECT_ACCEPTED(false);
575 thwart_rx_non_initial_requests();
576
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]577 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
578 gsup_expect_tx("30010809710000004026f050090824433224433224f0");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]579 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]580 EXPECT_ACCEPTED(false);
581 thwart_rx_non_initial_requests();
582
583 btw("HLR accepts the IMEI");
584 expect_bssap_clear();
585 gsup_rx("32010809710000004026f0510100", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]586 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]587
588 btw("LU was successful, and the conn has already been closed");
589 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]590 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]591 EXPECT_CONN_COUNT(0);
592
593 btw("Subscriber has the IMEI");
594 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
595 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]596 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]597 vlr_subscr_put(vsub);
598
599 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]600 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]601 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]602 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]603
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]604 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]605 EXPECT_CONN_COUNT(0);
606 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]607 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]608}
609
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]610static void test_gsm_authen_imei_nack()
611{
612 struct vlr_subscr *vsub;
613 const char *imsi = "901700000004620";
614
615 comment_start();
616
617 net->authentication_required = true;
618 net->vlr->cfg.check_imei_rqd = true;
619
620 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
621 lu_result_sent = RES_NONE;
622 gsup_expect_tx("08010809710000004026f0");
623 ms_sends_msg("0508020081680001"
624 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
625 "089910070000006402");
626 OSMO_ASSERT(gsup_tx_confirmed);
627 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
628
629 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
630 auth_request_sent = false;
631 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
632 auth_request_expect_autn = NULL;
633 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
634 gsup_rx("0a"
635 /* imsi */
636 "0108" "09710000004026f0"
637 /* 5 auth vectors... */
638 /* TL TL rand */
639 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
640 /* TL sres TL kc */
641 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
642 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
643 "2104" "20bde240" "2208" "07fa7502e07e1c00"
644 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
645 "2104" "a29514ae" "2208" "e2b234f807886400"
646 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
647 "2104" "5afc8d72" "2208" "2392f14f709ae000"
648 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
649 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
650 NULL);
651 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
652 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
653
654 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
655 gsup_rx("06010809710000004026f0", NULL);
656 EXPECT_ACCEPTED(false);
657
658 thwart_rx_non_initial_requests();
659
660 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
661
662 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
663 gsup_expect_tx("04010809710000004026f0280102");
664 ms_sends_msg("05542d8b2c3e");
665 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
666
667 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
668 gsup_rx("10010809710000004026f00804036470f1",
669 "12010809710000004026f0");
670 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
671
672 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
673 dtap_expect_tx("051802");
674 gsup_rx("06010809710000004026f0", NULL);
675
676 btw("We will only do business when the IMEI is known");
677 EXPECT_CONN_COUNT(1);
678 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
679 OSMO_ASSERT(vsub);
680 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
681 vlr_subscr_put(vsub);
682 EXPECT_ACCEPTED(false);
683 thwart_rx_non_initial_requests();
684
685 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
686 gsup_expect_tx("30010809710000004026f050090824433224433224f0");
687 ms_sends_msg("0559084a32244332244302");
688 EXPECT_ACCEPTED(false);
689 thwart_rx_non_initial_requests();
690
691 expect_bssap_clear();
692 btw("HLR does not like the IMEI and sends NACK");
693 gsup_rx("32010809710000004026f0510101", NULL);
694 EXPECT_ACCEPTED(false);
695 thwart_rx_non_initial_requests();
696
697 bss_sends_clear_complete();
698 EXPECT_CONN_COUNT(0);
699 clear_vlr();
700 comment_end();
701}
702
703static void test_gsm_authen_imei_err()
704{
705 struct vlr_subscr *vsub;
706 const char *imsi = "901700000004620";
707
708 comment_start();
709
710 net->authentication_required = true;
711 net->vlr->cfg.check_imei_rqd = true;
712
713 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
714 lu_result_sent = RES_NONE;
715 gsup_expect_tx("08010809710000004026f0");
716 ms_sends_msg("0508020081680001"
717 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
718 "089910070000006402");
719 OSMO_ASSERT(gsup_tx_confirmed);
720 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
721
722 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
723 auth_request_sent = false;
724 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
725 auth_request_expect_autn = NULL;
726 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
727 gsup_rx("0a"
728 /* imsi */
729 "0108" "09710000004026f0"
730 /* 5 auth vectors... */
731 /* TL TL rand */
732 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
733 /* TL sres TL kc */
734 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
735 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
736 "2104" "20bde240" "2208" "07fa7502e07e1c00"
737 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
738 "2104" "a29514ae" "2208" "e2b234f807886400"
739 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
740 "2104" "5afc8d72" "2208" "2392f14f709ae000"
741 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
742 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
743 NULL);
744 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
745 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
746
747 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
748 gsup_rx("06010809710000004026f0", NULL);
749 EXPECT_ACCEPTED(false);
750
751 thwart_rx_non_initial_requests();
752
753 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
754
755 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
756 gsup_expect_tx("04010809710000004026f0280102");
757 ms_sends_msg("05542d8b2c3e");
758 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
759
760 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
761 gsup_rx("10010809710000004026f00804036470f1",
762 "12010809710000004026f0");
763 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
764
765 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
766 dtap_expect_tx("051802");
767 gsup_rx("06010809710000004026f0", NULL);
768
769 btw("We will only do business when the IMEI is known");
770 EXPECT_CONN_COUNT(1);
771 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
772 OSMO_ASSERT(vsub);
773 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
774 vlr_subscr_put(vsub);
775 EXPECT_ACCEPTED(false);
776 thwart_rx_non_initial_requests();
777
778 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
779 gsup_expect_tx("30010809710000004026f050090824433224433224f0");
780 ms_sends_msg("0559084a32244332244302");
781 EXPECT_ACCEPTED(false);
782 thwart_rx_non_initial_requests();
783
784 expect_bssap_clear();
785 btw("HLR can't parse the message and returns ERR");
786 gsup_rx("31010809710000004026f0020160", NULL);
787 EXPECT_ACCEPTED(false);
788 thwart_rx_non_initial_requests();
789
790 bss_sends_clear_complete();
791 EXPECT_CONN_COUNT(0);
792 clear_vlr();
793 comment_end();
794}
795
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]796static void test_gsm_authen_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]797{
798 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]799 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]800
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]801 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]802
803 net->authentication_required = true;
804 net->vlr->cfg.assign_tmsi = true;
805 net->vlr->cfg.check_imei_rqd = true;
806
807 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
808 lu_result_sent = RES_NONE;
809 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]810 ms_sends_msg("0508020081680001"
811 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
812 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]813 OSMO_ASSERT(gsup_tx_confirmed);
814 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
815
816 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
817 auth_request_sent = false;
818 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
819 auth_request_expect_autn = NULL;
820 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
821 gsup_rx("0a"
822 /* imsi */
823 "0108" "09710000004026f0"
824 /* 5 auth vectors... */
825 /* TL TL rand */
826 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
827 /* TL sres TL kc */
828 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
829 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
830 "2104" "20bde240" "2208" "07fa7502e07e1c00"
831 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
832 "2104" "a29514ae" "2208" "e2b234f807886400"
833 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
834 "2104" "5afc8d72" "2208" "2392f14f709ae000"
835 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
836 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
837 NULL);
838 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
839 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
840
841 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
842 gsup_rx("06010809710000004026f0", NULL);
843 EXPECT_ACCEPTED(false);
844
845 thwart_rx_non_initial_requests();
846
847 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
848
849 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]850 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]851 ms_sends_msg("05542d8b2c3e");
852 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
853
854 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
855 gsup_rx("10010809710000004026f00804036470f1",
856 "12010809710000004026f0");
857 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
858
859 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
860 dtap_expect_tx("051802");
861 gsup_rx("06010809710000004026f0", NULL);
862
863 btw("We will only do business when the IMEI is known");
864 EXPECT_CONN_COUNT(1);
865 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
866 OSMO_ASSERT(vsub);
867 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
868 vlr_subscr_put(vsub);
869 EXPECT_ACCEPTED(false);
870 thwart_rx_non_initial_requests();
871
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]872 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
873 gsup_expect_tx("30010809710000004026f050090824433224433224f0");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]874 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]875 EXPECT_ACCEPTED(false);
876 thwart_rx_non_initial_requests();
877
878 btw("HLR accepts the IMEI");
879 gsup_rx("32010809710000004026f0510100", NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]880
881 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
882 EXPECT_CONN_COUNT(1);
883 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
884 EXPECT_ACCEPTED(false);
885 thwart_rx_non_initial_requests();
886
887 btw("even though the TMSI is not acked, we can already find the subscr with it");
888 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
889 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
890 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
891 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
892 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
893 vlr_subscr_put(vsub);
894
895 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]896 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]897 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]898 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]899
900 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]901 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]902 EXPECT_CONN_COUNT(0);
903
904 btw("Subscriber has the IMEI and TMSI");
905 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
906 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]907 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]908 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
909 vlr_subscr_put(vsub);
910
911 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]912 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]913 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]914 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]915
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]916 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]917 EXPECT_CONN_COUNT(0);
918 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]919 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]920}
921
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]922static void test_gsm_milenage_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]923{
924 struct vlr_subscr *vsub;
925 const char *imsi = "901700000010650";
926
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]927 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]928
929 net->authentication_required = true;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]930 rx_from_ran = OSMO_RAT_GERAN_A;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]931
932 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
933 lu_result_sent = RES_NONE;
934 gsup_expect_tx("080108" "09710000000156f0");
935 ms_sends_msg("0508" /* MM LU */
936 "7" /* ciph key seq: no key available */
937 "0" /* LU type: normal */
938 "ffffff" "0000" /* LAI, LAC */
939 "30" /* classmark 1: GSM phase 2 */
940 "089910070000106005" /* IMSI */
941 );
942 OSMO_ASSERT(gsup_tx_confirmed);
943 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
944
945 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
946 /* based on auc_3g:
947 * K = 'EB215756028D60E3275E613320AEC880',
948 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
949 * SQN = 0
950 */
951 auth_request_sent = false;
952 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
953 auth_request_expect_autn = NULL;
954 gsup_rx("0a"
955 /* imsi */
956 "0108" "09710000000156f0"
957 /* 5 auth vectors... */
958 /* TL TL rand */
959 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
960 /* TL sres TL kc */
961 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
962 /* TL 3G IK */
963 "2310" "27497388b6cb044648f396aa155b95ef"
964 /* TL 3G CK */
965 "2410" "f64735036e5871319c679f4742a75ea1"
966 /* TL AUTN */
967 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
968 /* TL RES */
969 "2708" "e229c19e791f2e41"
970 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
971 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
972 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
973 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
974 "2510" "1843a645b98d00005b2d666af46c45d9"
975 "2708" "7db47cf7f81e4dc7"
976 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
977 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
978 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
979 "2410" "76542abce5ff9345b0e8947f4c6e019c"
980 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
981 "2708" "706f996719ba609c"
982 ,NULL);
983 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
984 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
985
986 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]987 gsup_expect_tx("04010809710000000156f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]988 ms_sends_msg("0554" "9b36efdf");
989 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
990
991 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
992 gsup_rx("10010809710000000156f00804032443f2",
993 "12010809710000000156f0");
994 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
995
996 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]997 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]998 gsup_rx("06010809710000000156f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]999 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1000
1001 btw("LU was successful, and the conn has already been closed");
1002 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1003 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1004 EXPECT_CONN_COUNT(0);
1005
1006 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1007 auth_request_sent = false;
1008 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
1009 auth_request_expect_autn = NULL;
1010 cm_service_result_sent = RES_NONE;
1011 ms_sends_msg("052478"
1012 "03305886" /* classmark 2: GSM phase 2 */
1013 "089910070000106005" /* IMSI */);
1014 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]1015 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1016 OSMO_ASSERT(g_conn->vsub);
1017 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1018 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1019
1020 btw("needs auth, not yet accepted");
1021 EXPECT_ACCEPTED(false);
1022 thwart_rx_non_initial_requests();
1023
1024 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
1025 gsup_expect_tx(NULL);
1026 ms_sends_msg("0554" "85aa3130"); /* 2nd vector's sres, s.a. */
1027 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
1028
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]1029 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]1030 expect_bssap_clear(OSMO_RAT_GERAN_A);
1031 conn_conclude_cm_service_req(g_conn, OSMO_RAT_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1032
1033 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1034 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1035 EXPECT_CONN_COUNT(0);
1036
1037 BTW("an SMS is sent, MS is paged");
1038 paging_expect_imsi(imsi);
1039 paging_sent = false;
1040 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1041 OSMO_ASSERT(vsub);
1042 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1043
1044 send_sms(vsub, vsub,
1045 "Privacy in residential applications is a desirable"
1046 " marketing option.");
1047
1048 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
1049 vlr_subscr_put(vsub);
1050 vsub = NULL;
1051 VERBOSE_ASSERT(paging_sent, == true, "%d");
1052 VERBOSE_ASSERT(paging_stopped, == false, "%d");
1053
1054 btw("the subscriber and its pending request should remain");
1055 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1056 OSMO_ASSERT(vsub);
1057 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
1058 vlr_subscr_put(vsub);
1059
1060 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1061 auth_request_sent = false;
1062 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
1063 auth_request_expect_autn = NULL;
1064 ms_sends_msg("062707"
1065 "03305886" /* classmark 2 */
1066 "089910070000106005" /* IMSI */);
1067 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1068
1069 btw("needs auth, not yet accepted");
1070 EXPECT_ACCEPTED(false);
1071 thwart_rx_non_initial_requests();
1072
1073 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
1074 dtap_expect_tx("09" /* SMS messages */
1075 "01" /* CP-DATA */
1076 "58" /* length */
1077 "01" /* Network to MS */
1078 "00" /* reference */
1079 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1080 "0791" "447758100650" /* 447785016005 */
1081 "00" /* dest */
1082 /* SMS TPDU */
1083 "4c" /* len */
1084 "00" /* SMS deliver */
1085 "05802443f2" /* originating address 42342 */
1086 "00" /* TP-PID */
1087 "00" /* GSM default alphabet */
1088 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1089 "000000" /* H-M-S */
1090 "00" /* GMT+0 */
1091 "44" /* data length */
1092 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1093 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1094 "0c7ac3e9e9b7db05");
1095 ms_sends_msg("0554" "69d5f9fb"); /* 3nd vector's sres, s.a. */
1096 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1097 VERBOSE_ASSERT(paging_stopped, == true, "%d");
1098
1099 btw("SMS was delivered, no requests pending for subscr");
1100 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1101 OSMO_ASSERT(vsub);
1102 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1103 vlr_subscr_put(vsub);
1104
1105 btw("conn is still open to wait for SMS ack dance");
1106 EXPECT_CONN_COUNT(1);
1107
1108 btw("MS replies with CP-ACK for received SMS");
1109 ms_sends_msg("8904");
1110 EXPECT_CONN_COUNT(1);
1111
1112 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1113 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1114 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1115 ms_sends_msg("890106020041020000");
1116 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1117 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1118
1119 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1120 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1121 EXPECT_CONN_COUNT(0);
1122
1123 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1124 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1125 ms_sends_msg("050130"
1126 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1127 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1128
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1129 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1130 EXPECT_CONN_COUNT(0);
1131 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]1132 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1133}
1134
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1135static void test_wrong_sres_length()
1136{
1137 comment_start();
1138 fake_time_start();
1139
1140 net->authentication_required = true;
1141
1142 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1143 lu_result_sent = RES_NONE;
1144 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]1145 ms_sends_msg("0508020081680001"
1146 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
1147 "089910070000006402");
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1148 OSMO_ASSERT(gsup_tx_confirmed);
1149 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1150
1151 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1152 auth_request_sent = false;
1153 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1154 auth_request_expect_autn = NULL;
1155 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1156 gsup_rx("0a"
1157 /* imsi */
1158 "0108" "09710000004026f0"
1159 /* 5 auth vectors... */
1160 /* TL TL rand */
1161 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1162 /* TL sres TL kc */
1163 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1164 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1165 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1166 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1167 "2104" "a29514ae" "2208" "e2b234f807886400"
1168 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1169 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1170 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
1171 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
1172 NULL);
1173 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1174 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1175
1176 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
1177 gsup_rx("06010809710000004026f0", NULL);
1178 EXPECT_ACCEPTED(false);
1179
1180 thwart_rx_non_initial_requests();
1181
1182 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1183
1184 btw("MS sends Authen Response with too short SRES data, auth is thwarted.");
1185 gsup_expect_tx("0b010809710000004026f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
1186 expect_bssap_clear();
1187 ms_sends_msg("05542d8b2c");
1188 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
1189
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1190 bss_sends_clear_complete();
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1191 EXPECT_CONN_COUNT(0);
1192 clear_vlr();
1193 comment_end();
1194}
1195
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1196msc_vlr_test_func_t msc_vlr_tests[] = {
1197 test_gsm_authen,
1198 test_gsm_authen_tmsi,
1199 test_gsm_authen_imei,
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]1200 test_gsm_authen_imei_nack,
1201 test_gsm_authen_imei_err,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1202 test_gsm_authen_tmsi_imei,
1203 test_gsm_milenage_authen,
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1204 test_wrong_sres_length,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1205 NULL
1206};