Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 3117b701c8d4645215896c459d6c608358a0a51b / . / tests / msc_vlr / msc_vlr_test_gsm_ciph.c
blob: 425406616540f7ffb4c674317de3e6861e97905c [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]26static void test_ciph()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]29 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]30
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]31 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]32
33 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]34 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]35
36 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
37 lu_result_sent = RES_NONE;
38 gsup_expect_tx("08010809710000004026f0");
39 ms_sends_msg("050802008168000130089910070000006402");
40 OSMO_ASSERT(gsup_tx_confirmed);
41 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
42
43 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
44 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
45 auth_request_sent = false;
46 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
47 auth_request_expect_autn = NULL;
48 gsup_rx("0a"
49 /* imsi */
50 "0108" "09710000004026f0"
51 /* 5 auth vectors... */
52 /* TL TL rand */
53 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
54 /* TL sres TL kc */
55 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
56 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
57 "2104" "20bde240" "2208" "07fa7502e07e1c00"
58 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
59 "2104" "a29514ae" "2208" "e2b234f807886400"
60 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
61 "2104" "5afc8d72" "2208" "2392f14f709ae000"
62 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
63 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
64 NULL);
65 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
66 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
67
68 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]69 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]70 ms_sends_msg("05542d8b2c3e");
71 OSMO_ASSERT(cipher_mode_cmd_sent);
72 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
73
74 btw("needs ciph, not yet accepted");
75 EXPECT_ACCEPTED(false);
76 thwart_rx_non_initial_requests();
77 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
78
79 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
80 gsup_expect_tx("04010809710000004026f0");
81 ms_sends_msg("0632");
82 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
83
84 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
85 gsup_rx("10010809710000004026f00804036470f1",
86 "12010809710000004026f0");
87 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
88
89 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]90 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]91 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]92 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]93
94 btw("LU was successful, and the conn has already been closed");
95 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]96 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]97 EXPECT_CONN_COUNT(0);
98
99 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
100 cm_service_result_sent = RES_NONE;
101 auth_request_sent = false;
102 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
103 ms_sends_msg("05247803305886089910070000006402");
104 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]105 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]106 OSMO_ASSERT(g_conn->vsub);
107 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
108 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
109
110 btw("needs auth, not yet accepted");
111 EXPECT_ACCEPTED(false);
112 thwart_rx_non_initial_requests();
113
114 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]115 expect_cipher_mode_cmd("07fa7502e07e1c00");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]116 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
117 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
118 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
119
120 btw("needs ciph, not yet accepted");
121 EXPECT_ACCEPTED(false);
122 thwart_rx_non_initial_requests();
123
124 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
125 ms_sends_msg("0632");
126 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
127
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]128 /* Release connection */
129 expect_bssap_clear(RAN_GERAN_A);
130 conn_conclude_cm_service_req(g_conn, RAN_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]131
132 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]133 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]134 EXPECT_CONN_COUNT(0);
135
136 BTW("an SMS is sent, MS is paged");
137 paging_expect_imsi(imsi);
138 paging_sent = false;
139 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
140 OSMO_ASSERT(vsub);
141 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
142
143 send_sms(vsub, vsub,
144 "Privacy in residential applications is a desirable"
145 " marketing option.");
146
147 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
148 vlr_subscr_put(vsub);
149 vsub = NULL;
150 VERBOSE_ASSERT(paging_sent, == true, "%d");
151 VERBOSE_ASSERT(paging_stopped, == false, "%d");
152
153 btw("the subscriber and its pending request should remain");
154 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
155 OSMO_ASSERT(vsub);
156 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
157 vlr_subscr_put(vsub);
158
159 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
160 auth_request_sent = false;
161 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
162 ms_sends_msg("06270703305882089910070000006402");
163 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
164
165 btw("needs auth, not yet accepted");
166 EXPECT_ACCEPTED(false);
167 thwart_rx_non_initial_requests();
168
169 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]170 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]171 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
172 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
173
174 btw("needs ciph, not yet accepted");
175 EXPECT_ACCEPTED(false);
176 thwart_rx_non_initial_requests();
177
178 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
179 dtap_expect_tx("09" /* SMS messages */
180 "01" /* CP-DATA */
181 "58" /* length */
182 "01" /* Network to MS */
183 "00" /* reference */
184 /* originator (gsm411_send_sms() hardcodes this weird nr) */
185 "0791" "447758100650" /* 447785016005 */
186 "00" /* dest */
187 /* SMS TPDU */
188 "4c" /* len */
189 "00" /* SMS deliver */
190 "05806470f1" /* originating address 46071 */
191 "00" /* TP-PID */
192 "00" /* GSM default alphabet */
193 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
194 "000000" /* H-M-S */
195 "00" /* GMT+0 */
196 "44" /* data length */
197 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
198 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
199 "0c7ac3e9e9b7db05");
200 ms_sends_msg("0632");
201 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
202 VERBOSE_ASSERT(paging_stopped, == true, "%d");
203
204 btw("SMS was delivered, no requests pending for subscr");
205 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
206 OSMO_ASSERT(vsub);
207 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
208 vlr_subscr_put(vsub);
209
210 btw("conn is still open to wait for SMS ack dance");
211 EXPECT_CONN_COUNT(1);
212
213 btw("MS replies with CP-ACK for received SMS");
214 ms_sends_msg("8904");
215 EXPECT_CONN_COUNT(1);
216
217 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
218 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]219 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]220 ms_sends_msg("890106020041020000");
221 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]222 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]223
224 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]225 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]226 EXPECT_CONN_COUNT(0);
227
228 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]229 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]230 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]231 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]232
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]233 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]234 EXPECT_CONN_COUNT(0);
235 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]236 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]237}
238
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]239static void test_ciph_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]240{
241 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]242 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]243
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]244 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]245
246 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]247 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]248 net->vlr->cfg.assign_tmsi = true;
249
250 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
251 lu_result_sent = RES_NONE;
252 gsup_expect_tx("08010809710000004026f0");
253 ms_sends_msg("050802008168000130089910070000006402");
254 OSMO_ASSERT(gsup_tx_confirmed);
255 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
256
257 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
258 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
259 auth_request_sent = false;
260 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
261 auth_request_expect_autn = NULL;
262 gsup_rx("0a"
263 /* imsi */
264 "0108" "09710000004026f0"
265 /* 5 auth vectors... */
266 /* TL TL rand */
267 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
268 /* TL sres TL kc */
269 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
270 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
271 "2104" "20bde240" "2208" "07fa7502e07e1c00"
272 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
273 "2104" "a29514ae" "2208" "e2b234f807886400"
274 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
275 "2104" "5afc8d72" "2208" "2392f14f709ae000"
276 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
277 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
278 NULL);
279 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
280 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
281
282 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]283 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]284 ms_sends_msg("05542d8b2c3e");
285 OSMO_ASSERT(cipher_mode_cmd_sent);
286 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
287 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
288
289 btw("needs ciph, not yet accepted");
290 EXPECT_ACCEPTED(false);
291 thwart_rx_non_initial_requests();
292 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
293
294 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
295 gsup_expect_tx("04010809710000004026f0");
296 ms_sends_msg("0632");
297 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
298
299 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
300 gsup_rx("10010809710000004026f00804036470f1",
301 "12010809710000004026f0");
302 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
303
304 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
305 gsup_rx("06010809710000004026f0", NULL);
306
307 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
308 EXPECT_CONN_COUNT(1);
309 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
310 EXPECT_ACCEPTED(false);
311 thwart_rx_non_initial_requests();
312
313 btw("even though the TMSI is not acked, we can already find the subscr with it");
314 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
315 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
316 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
317 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
318 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
319 vlr_subscr_put(vsub);
320
321 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]322 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]323 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]324 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]325
326 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]327 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]328 EXPECT_CONN_COUNT(0);
329
330 btw("Subscriber has the new TMSI");
331 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
332 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
333 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
334 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
335 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
336 vlr_subscr_put(vsub);
337
338 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
339 cm_service_result_sent = RES_NONE;
340 auth_request_sent = false;
341 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
342 auth_request_expect_autn = NULL;
343 ms_sends_msg("05247803305886" "05f4" "03020100");
344 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]345 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]346 OSMO_ASSERT(g_conn->vsub);
347 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
348 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
349
350 btw("needs auth, not yet accepted");
351 EXPECT_ACCEPTED(false);
352 thwart_rx_non_initial_requests();
353
354 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]355 expect_cipher_mode_cmd("07fa7502e07e1c00");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]356 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
357 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
358 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
359
360 btw("needs ciph, not yet accepted");
361 EXPECT_ACCEPTED(false);
362 thwart_rx_non_initial_requests();
363
364 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
365 ms_sends_msg("0632");
366 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
367
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]368 /* Release connection */
369 expect_bssap_clear(RAN_GERAN_A);
370 conn_conclude_cm_service_req(g_conn, RAN_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]371
372 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]373 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]374 EXPECT_CONN_COUNT(0);
375
376 BTW("an SMS is sent, MS is paged");
377 paging_expect_tmsi(0x03020100);
378 paging_sent = false;
379 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
380 OSMO_ASSERT(vsub);
381 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
382
383 send_sms(vsub, vsub,
384 "Privacy in residential applications is a desirable"
385 " marketing option.");
386
387 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
388 vlr_subscr_put(vsub);
389 vsub = NULL;
390 VERBOSE_ASSERT(paging_sent, == true, "%d");
391 VERBOSE_ASSERT(paging_stopped, == false, "%d");
392
393 btw("the subscriber and its pending request should remain");
394 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
395 OSMO_ASSERT(vsub);
396 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
397 vlr_subscr_put(vsub);
398
399 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
400 auth_request_sent = false;
401 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
402 ms_sends_msg("06270703305882" "05f4" "03020100");
403 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
404
405 btw("needs auth, not yet accepted");
406 EXPECT_ACCEPTED(false);
407 thwart_rx_non_initial_requests();
408
409 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]410 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]411 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
412 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
413
414 btw("needs ciph, not yet accepted");
415 EXPECT_ACCEPTED(false);
416 thwart_rx_non_initial_requests();
417
418 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
419 dtap_expect_tx("09" /* SMS messages */
420 "01" /* CP-DATA */
421 "58" /* length */
422 "01" /* Network to MS */
423 "00" /* reference */
424 /* originator (gsm411_send_sms() hardcodes this weird nr) */
425 "0791" "447758100650" /* 447785016005 */
426 "00" /* dest */
427 /* SMS TPDU */
428 "4c" /* len */
429 "00" /* SMS deliver */
430 "05806470f1" /* originating address 46071 */
431 "00" /* TP-PID */
432 "00" /* GSM default alphabet */
433 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
434 "000000" /* H-M-S */
435 "00" /* GMT+0 */
436 "44" /* data length */
437 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
438 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
439 "0c7ac3e9e9b7db05");
440 ms_sends_msg("0632");
441 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
442 VERBOSE_ASSERT(paging_stopped, == true, "%d");
443
444 btw("SMS was delivered, no requests pending for subscr");
445 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
446 OSMO_ASSERT(vsub);
447 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
448 vlr_subscr_put(vsub);
449
450 btw("conn is still open to wait for SMS ack dance");
451 EXPECT_CONN_COUNT(1);
452
453 btw("MS replies with CP-ACK for received SMS");
454 ms_sends_msg("8904");
455 EXPECT_CONN_COUNT(1);
456
457 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
458 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]459 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]460 ms_sends_msg("890106020041020000");
461 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]462 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]463
464 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]465 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]466 EXPECT_CONN_COUNT(0);
467
468 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]469 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]470 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]471 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]472
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]473 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]474 EXPECT_CONN_COUNT(0);
475 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]476 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]477}
478
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]479static void test_ciph_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]480{
481 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]482 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]483
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]484 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]485
486 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]487 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]488 net->vlr->cfg.check_imei_rqd = true;
489
490 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
491 lu_result_sent = RES_NONE;
492 gsup_expect_tx("08010809710000004026f0");
493 ms_sends_msg("050802008168000130089910070000006402");
494 OSMO_ASSERT(gsup_tx_confirmed);
495 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
496
497 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
498 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
499 auth_request_sent = false;
500 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
501 auth_request_expect_autn = NULL;
502 gsup_rx("0a"
503 /* imsi */
504 "0108" "09710000004026f0"
505 /* 5 auth vectors... */
506 /* TL TL rand */
507 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
508 /* TL sres TL kc */
509 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
510 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
511 "2104" "20bde240" "2208" "07fa7502e07e1c00"
512 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
513 "2104" "a29514ae" "2208" "e2b234f807886400"
514 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
515 "2104" "5afc8d72" "2208" "2392f14f709ae000"
516 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
517 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
518 NULL);
519 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
520 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
521
522 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]523 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]524 ms_sends_msg("05542d8b2c3e");
525 OSMO_ASSERT(cipher_mode_cmd_sent);
526 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
527
528 btw("needs ciph, not yet accepted");
529 EXPECT_ACCEPTED(false);
530 thwart_rx_non_initial_requests();
531 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
532
533 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
534 gsup_expect_tx("04010809710000004026f0");
535 ms_sends_msg("0632");
536 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
537
538 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
539 gsup_rx("10010809710000004026f00804036470f1",
540 "12010809710000004026f0");
541 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
542
543 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
544 dtap_expect_tx("051802");
545 gsup_rx("06010809710000004026f0", NULL);
546
547 btw("We will only do business when the IMEI is known");
548 EXPECT_CONN_COUNT(1);
549 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
550 OSMO_ASSERT(vsub);
551 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
552 vlr_subscr_put(vsub);
553 EXPECT_ACCEPTED(false);
554 thwart_rx_non_initial_requests();
555
556 btw("MS replies with an Identity Response");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]557 expect_bssap_clear();
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]558 ms_sends_msg("0559084a32244332244302");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]559 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]560
561 btw("LU was successful, and the conn has already been closed");
562 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]563 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]564 EXPECT_CONN_COUNT(0);
565
566 btw("Subscriber has the IMEI");
567 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
568 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]569 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]570 vlr_subscr_put(vsub);
571
572 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]573 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]574 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]575 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]576
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]577 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]578 EXPECT_CONN_COUNT(0);
579 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]580 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]581}
582
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]583static void test_ciph_imeisv()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]584{
585 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]586 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]587
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]588 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]589
590 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]591 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr54a706c2017-07-18 15:39:27 +0200[diff] [blame]592 net->vlr->cfg.retrieve_imeisv_ciphered = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]593
594 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
595 lu_result_sent = RES_NONE;
596 gsup_expect_tx("08010809710000004026f0");
597 ms_sends_msg("050802008168000130089910070000006402");
598 OSMO_ASSERT(gsup_tx_confirmed);
599 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
600
601 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
602 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
603 auth_request_sent = false;
604 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
605 auth_request_expect_autn = NULL;
606 gsup_rx("0a"
607 /* imsi */
608 "0108" "09710000004026f0"
609 /* 5 auth vectors... */
610 /* TL TL rand */
611 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
612 /* TL sres TL kc */
613 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
614 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
615 "2104" "20bde240" "2208" "07fa7502e07e1c00"
616 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
617 "2104" "a29514ae" "2208" "e2b234f807886400"
618 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
619 "2104" "5afc8d72" "2208" "2392f14f709ae000"
620 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
621 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
622 NULL);
623 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
624 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
625
626 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]627 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]628 ms_sends_msg("05542d8b2c3e");
629 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
630 VERBOSE_ASSERT(cipher_mode_cmd_sent_with_imeisv, == true, "%d");
631 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
632
633 btw("needs ciph, not yet accepted");
634 EXPECT_ACCEPTED(false);
635 thwart_rx_non_initial_requests();
636 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
637
638 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
639 OSMO_ASSERT(vsub);
640 VERBOSE_ASSERT(vsub->imeisv[0], == 0, "%d");
641 vlr_subscr_put(vsub);
642
643 btw("MS sends Ciphering Mode Complete with IMEISV, VLR accepts and sends GSUP LU Req to HLR");
644 gsup_expect_tx("04010809710000004026f0");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]645 ms_sends_msg("063217094b32244332244372f5");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]646 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
647
648 btw("Subscriber has the IMEISV");
649 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
650 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]651 VERBOSE_ASSERT(strcmp(vsub->imeisv, "4234234234234275"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]652 vlr_subscr_put(vsub);
653
654 EXPECT_ACCEPTED(false);
655 thwart_rx_non_initial_requests();
656
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]657 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
658 gsup_rx("10010809710000004026f00804036470f1",
659 "12010809710000004026f0");
660 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
661
662 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]663 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]664 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]665 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]666
667 btw("LU was successful, and the conn has already been closed");
668 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]669 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]670 EXPECT_CONN_COUNT(0);
671
672 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]673 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]674 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]675 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]676
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]677 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]678 EXPECT_CONN_COUNT(0);
679 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]680 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]681}
682
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]683static void test_ciph_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]684{
685 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]686 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]687
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]688 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]689
690 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]691 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]692 net->vlr->cfg.assign_tmsi = true;
693 net->vlr->cfg.check_imei_rqd = true;
694
695 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
696 lu_result_sent = RES_NONE;
697 gsup_expect_tx("08010809710000004026f0");
698 ms_sends_msg("050802008168000130089910070000006402");
699 OSMO_ASSERT(gsup_tx_confirmed);
700 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
701
702 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
703 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
704 auth_request_sent = false;
705 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
706 auth_request_expect_autn = NULL;
707 gsup_rx("0a"
708 /* imsi */
709 "0108" "09710000004026f0"
710 /* 5 auth vectors... */
711 /* TL TL rand */
712 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
713 /* TL sres TL kc */
714 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
715 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
716 "2104" "20bde240" "2208" "07fa7502e07e1c00"
717 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
718 "2104" "a29514ae" "2208" "e2b234f807886400"
719 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
720 "2104" "5afc8d72" "2208" "2392f14f709ae000"
721 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
722 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
723 NULL);
724 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
725 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
726
727 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]728 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]729 ms_sends_msg("05542d8b2c3e");
730 OSMO_ASSERT(cipher_mode_cmd_sent);
731 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
732
733 btw("needs ciph, not yet accepted");
734 EXPECT_ACCEPTED(false);
735 thwart_rx_non_initial_requests();
736 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
737
738 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
739 gsup_expect_tx("04010809710000004026f0");
740 ms_sends_msg("0632");
741 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
742
743 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
744 gsup_rx("10010809710000004026f00804036470f1",
745 "12010809710000004026f0");
746 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
747
748 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
749 dtap_expect_tx("051802");
750 gsup_rx("06010809710000004026f0", NULL);
751
752 btw("We will only do business when the IMEI is known");
753 EXPECT_CONN_COUNT(1);
754 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
755 OSMO_ASSERT(vsub);
756 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
757 vlr_subscr_put(vsub);
758 EXPECT_ACCEPTED(false);
759 thwart_rx_non_initial_requests();
760
761 btw("MS replies with an Identity Response");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]762 ms_sends_msg("0559084a32244332244302");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]763
764 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
765 EXPECT_CONN_COUNT(1);
766 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
767 EXPECT_ACCEPTED(false);
768 thwart_rx_non_initial_requests();
769
770 btw("even though the TMSI is not acked, we can already find the subscr with it");
771 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
772 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
773 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
774 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
775 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
776 vlr_subscr_put(vsub);
777
778 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]779 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]780 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]781 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]782
783 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]784 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]785 EXPECT_CONN_COUNT(0);
786
787 btw("Subscriber has the IMEI and TMSI");
788 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
789 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]790 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]791 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
792 vlr_subscr_put(vsub);
793
794 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]795 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]796 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]797 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]798
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]799 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]800 EXPECT_CONN_COUNT(0);
801 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]802 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]803}
804
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]805static void test_gsm_ciph_in_umts_env()
806{
807 struct vlr_subscr *vsub;
808 const char *imsi = "901700000010650";
809 const char *sms =
810 "09" /* SMS messages */
811 "01" /* CP-DATA */
812 "58" /* length */
813 "01" /* Network to MS */
814 "00" /* reference */
815 /* originator (gsm411_send_sms() hardcodes this weird nr) */
816 "0791" "447758100650" /* 447785016005 */
817 "00" /* dest */
818 /* SMS TPDU */
819 "4c" /* len */
820 "00" /* SMS deliver */
821 "05802443f2" /* originating address 42342 */
822 "00" /* TP-PID */
823 "00" /* GSM default alphabet */
824 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
825 "000000" /* H-M-S */
826 "00" /* GMT+0 */
827 "44" /* data length */
828 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
829 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
830 "0c7ac3e9e9b7db05";
831
832 comment_start();
833
834 /* implicit: net->authentication_required = true; */
835 net->a5_encryption_mask = (1 << 1);
836 rx_from_ran = RAN_GERAN_A;
837
838 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
839 lu_result_sent = RES_NONE;
840 gsup_expect_tx("080108" "09710000000156f0");
841 ms_sends_msg("0508" /* MM LU */
842 "7" /* ciph key seq: no key available */
843 "0" /* LU type: normal */
844 "ffffff" "0000" /* LAI, LAC */
845 "57" /* classmark 1: R99, early classmark, no power lvl */
846 "089910070000106005" /* IMSI */
847 "3303575886" /* classmark 2 */
848 );
849 OSMO_ASSERT(gsup_tx_confirmed);
850 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
851
852 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends *UMTS AKA* Auth Req to MS");
853 /* based on
854 * 2G auth: COMP128v1
855 * KI=7bcd108be4c3d551ee6c67faaf52bd68
856 * 3G auth: MILENAGE
857 * K=7bcd108be4c3d551ee6c67faaf52bd68
858 * OPC=6e23f641ce724679b73d933515a8589d
859 * IND-bitlen=5 last-SQN=641
860 * Note that the SRES will be calculated by COMP128v1, separately from 3G tokens;
861 * the resulting Kc to use for ciphering returned by the HLR is also calculated from COMP128v1.
862 */
863 auth_request_sent = false;
864 auth_request_expect_rand = "4ac8d1cd1a51937597ca1016fe69a0fa";
865 auth_request_expect_autn = "2d837d2b0d6f00004b282d5acf23428d";
866 gsup_rx("0a"
867 /* imsi */
868 "0108" "09710000000156f0"
869 /* 5 auth vectors... */
870 /* TL TL rand */
871 "0362" "2010" "4ac8d1cd1a51937597ca1016fe69a0fa"
872 /* TL sres TL kc */
873 "2104" "dacc4b26" "2208" "7a75f0ac9b844400"
874 /* TL 3G IK */
875 "2310" "3747da4e31545baa2db59e500bdae047"
876 /* TL 3G CK */
877 "2410" "8544d35b945ccba01a7f1293575291c3"
878 /* TL AUTN */
879 "2510" "2d837d2b0d6f00004b282d5acf23428d"
880 /* TL RES */
881 "2708" "37527064741f8ddb"
882 /* TL TL rand */
883 "0362" "2010" "b2661531b97b12c5a2edc21a0ed16fc5"
884 "2104" "2fb4cfad" "2208" "da149b11d473f400"
885 "2310" "3fe013b1a428ea737c37f8f0288c8edf"
886 "2410" "f275438c02b97e4d6f639dddda3d10b9"
887 "2510" "78cdd96c60840000322f421b3bb778b1"
888 "2708" "ed3ebf9cb6ea48ed"
889 "0362" "2010" "54d8f19778056666b41c8c25e52eb60c"
890 "2104" "0ff61e0f" "2208" "26ec67fad3073000"
891 "2310" "2868b0922c652616f1c975e3eaf7943a"
892 "2410" "6a84a20b1bc13ec9840466406d2dd91e"
893 "2510" "53f3e5632b3d00008865dd54d49663f2"
894 "2708" "86e848a9e7ad8cd5"
895 "0362" "2010" "1f05607ff9c8984f46ad97f8c9a94982"
896 "2104" "91a36e3d" "2208" "5d84421884fdcc00"
897 "2310" "2171fef54b81e30c83a598a5e44f634c"
898 "2410" "f02d088697509827565b46938fece211"
899 "2510" "1b43bbf9815e00001cb9b2a9f6b8a77c"
900 "2708" "373e67d62e719c51"
901 "0362" "2010" "80d89a58a2a41050918caf68a4e93c64"
902 "2104" "a319f5f1" "2208" "883df2b867293000"
903 "2310" "fa5d70f929ff298efb160413698dc107"
904 "2410" "ae9a3d8ce70ce13bac297bdb91cd6c68"
905 "2510" "5c0dc2eeaefa0000396882a1fe2cf80b"
906 "2708" "65ab1cad216bfe87",
907 NULL);
908 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
909 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
910
911 btw("MS sends *GSM AKA* Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]912 expect_cipher_mode_cmd("7a75f0ac9b844400");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]913 ms_sends_msg("0554" "dacc4b26");
914 OSMO_ASSERT(cipher_mode_cmd_sent);
915 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
916
917 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
918 gsup_expect_tx("04010809710000000156f0");
919 ms_sends_msg("0632");
920 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
921
922 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
923 gsup_rx("10010809710000000156f00804032443f2",
924 "12010809710000000156f0");
925 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
926
927 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
928 expect_bssap_clear();
929 gsup_rx("06010809710000000156f0", NULL);
930 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
931
932 btw("LU was successful, and the conn has already been closed");
933 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]934 bss_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]935 EXPECT_CONN_COUNT(0);
936
937 BTW("after a while, a new conn sends a CM Service Request. VLR responds with *UMTS AKA* Auth Req, 2nd auth vector");
938 auth_request_sent = false;
939 auth_request_expect_rand = "b2661531b97b12c5a2edc21a0ed16fc5";
940 auth_request_expect_autn = "78cdd96c60840000322f421b3bb778b1";
941 cm_service_result_sent = RES_NONE;
942 ms_sends_msg("052478"
943 "03575886" /* classmark 2 */
944 "089910070000106005" /* IMSI */);
945 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]946 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]947 OSMO_ASSERT(g_conn->vsub);
948 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
949 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
950
951 btw("needs auth, not yet accepted");
952 EXPECT_ACCEPTED(false);
953 thwart_rx_non_initial_requests();
954
955 btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]956 expect_cipher_mode_cmd("da149b11d473f400");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]957 ms_sends_msg("0554" "2fb4cfad");
958 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
959 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
960
961 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
962 ms_sends_msg("0632");
963 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
964
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]965 /* Release connection */
966 expect_bssap_clear(RAN_GERAN_A);
967 conn_conclude_cm_service_req(g_conn, RAN_GERAN_A);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]968
969 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]970 bss_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]971 EXPECT_CONN_COUNT(0);
972
973 BTW("an SMS is sent, MS is paged");
974 paging_expect_imsi(imsi);
975 paging_sent = false;
976 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
977 OSMO_ASSERT(vsub);
978 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
979
980 send_sms(vsub, vsub,
981 "Privacy in residential applications is a desirable"
982 " marketing option.");
983
984 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
985 vlr_subscr_put(vsub);
986 vsub = NULL;
987 VERBOSE_ASSERT(paging_sent, == true, "%d");
988 VERBOSE_ASSERT(paging_stopped, == false, "%d");
989
990 btw("the subscriber and its pending request should remain");
991 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
992 OSMO_ASSERT(vsub);
993 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
994 vlr_subscr_put(vsub);
995
996 btw("MS replies with Paging Response, and VLR sends *UMTS AKA* Auth Request with third key");
997 auth_request_sent = false;
998 auth_request_expect_rand = "54d8f19778056666b41c8c25e52eb60c";
999 auth_request_expect_autn = "53f3e5632b3d00008865dd54d49663f2";
1000 ms_sends_msg("062707"
1001 "03575886" /* classmark 2 */
1002 "089910070000106005" /* IMSI */);
1003 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1004
1005 btw("needs auth, not yet accepted");
1006 EXPECT_ACCEPTED(false);
1007 thwart_rx_non_initial_requests();
1008
1009 btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1010 expect_cipher_mode_cmd("26ec67fad3073000");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1011 ms_sends_msg("0554" "0ff61e0f");
1012 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1013
1014 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1015 dtap_expect_tx(sms);
1016 ms_sends_msg("0632");
1017 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1018 VERBOSE_ASSERT(paging_stopped, == true, "%d");
1019
1020 btw("SMS was delivered, no requests pending for subscr");
1021 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1022 OSMO_ASSERT(vsub);
1023 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1024 vlr_subscr_put(vsub);
1025
1026 btw("conn is still open to wait for SMS ack dance");
1027 EXPECT_CONN_COUNT(1);
1028
1029 btw("MS replies with CP-ACK for received SMS");
1030 ms_sends_msg("8904");
1031 EXPECT_CONN_COUNT(1);
1032
1033 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1034 dtap_expect_tx("0904");
1035 expect_bssap_clear();
1036 ms_sends_msg("890106020041020000");
1037 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1038 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1039
1040 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1041 bss_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1042 EXPECT_CONN_COUNT(0);
1043
1044 BTW("subscriber detaches");
1045 expect_bssap_clear();
1046 ms_sends_msg("050130"
1047 "089910070000106005" /* IMSI */);
1048 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1049
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1050 bss_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1051 EXPECT_CONN_COUNT(0);
1052 clear_vlr();
1053 comment_end();
1054}
1055
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame^]1056static void test_a5_3_supported()
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1057{
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame^]1058 struct vlr_subscr *vsub;
1059 const char *imsi = "901700000004620";
1060
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1061 comment_start();
1062
1063 /* implicit: net->authentication_required = true; */
1064 net->a5_encryption_mask = (1 << 3); /* A5/3 */
1065
1066 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1067 lu_result_sent = RES_NONE;
1068 gsup_expect_tx("08010809710000004026f0");
1069 ms_sends_msg("050802008168000130089910070000006402");
1070 OSMO_ASSERT(gsup_tx_confirmed);
1071 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1072
1073 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1074 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1075 auth_request_sent = false;
1076 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1077 auth_request_expect_autn = NULL;
1078 gsup_rx("0a"
1079 /* imsi */
1080 "0108" "09710000004026f0"
1081 /* 5 auth vectors... */
1082 /* TL TL rand */
1083 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1084 /* TL sres TL kc */
1085 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1086 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1087 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1088 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1089 "2104" "a29514ae" "2208" "e2b234f807886400"
1090 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1091 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1092 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
1093 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
1094 NULL);
1095 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1096 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1097
1098 BTW("MS sends Authen Response, VLR accepts and wants to send Ciphering Mode Command to MS"
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame^]1099 " -- but needs Classmark 2 to determine whether A5/3 is supported");
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1100 cipher_mode_cmd_sent = false;
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1101 ms_sends_msg("05542d8b2c3e");
1102 OSMO_ASSERT(!cipher_mode_cmd_sent);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame^]1103 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1104
1105 btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
1106 expect_cipher_mode_cmd("61855fb81fc2a800");
1107 bss_sends_bssap_mgmt("541203505886130b6014042f6503b8800d2100");
1108 OSMO_ASSERT(cipher_mode_cmd_sent);
1109 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1110
1111 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
1112 gsup_expect_tx("04010809710000004026f0");
1113 ms_sends_msg("0632");
1114 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1115
1116 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
1117 gsup_rx("10010809710000004026f00804032443f2",
1118 "12010809710000004026f0");
1119 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1120
1121 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
1122 expect_bssap_clear();
1123 gsup_rx("06010809710000004026f0", NULL);
1124 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1125
1126 btw("LU was successful, and the conn has already been closed");
1127 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
1128 bss_sends_clear_complete();
1129 EXPECT_CONN_COUNT(0);
1130
1131 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1132 cm_service_result_sent = RES_NONE;
1133 auth_request_sent = false;
1134 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
1135 ms_sends_msg("05247803305886089910070000006402");
1136 OSMO_ASSERT(g_conn);
1137 OSMO_ASSERT(g_conn->fi);
1138 OSMO_ASSERT(g_conn->vsub);
1139 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1140 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1141
1142 btw("needs auth, not yet accepted");
1143 EXPECT_ACCEPTED(false);
1144 thwart_rx_non_initial_requests();
1145
1146 btw("MS sends Authen Response, VLR accepts and requests Ciphering. We already know Classmark 3,"
1147 " so no need to request Classmark Update.");
1148 expect_cipher_mode_cmd("07fa7502e07e1c00");
1149 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
1150 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1151 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1152
1153 btw("needs ciph, not yet accepted");
1154 EXPECT_ACCEPTED(false);
1155 thwart_rx_non_initial_requests();
1156
1157 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
1158 ms_sends_msg("0632");
1159 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1160
1161 /* Release connection */
1162 expect_bssap_clear(RAN_GERAN_A);
1163 conn_conclude_cm_service_req(g_conn, RAN_GERAN_A);
1164
1165 btw("all requests serviced, conn has been released");
1166 bss_sends_clear_complete();
1167 EXPECT_CONN_COUNT(0);
1168
1169 BTW("an SMS is sent, MS is paged");
1170 paging_expect_imsi(imsi);
1171 paging_sent = false;
1172 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1173 OSMO_ASSERT(vsub);
1174 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1175
1176 send_sms(vsub, vsub,
1177 "Privacy in residential applications is a desirable"
1178 " marketing option.");
1179
1180 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
1181 vlr_subscr_put(vsub);
1182 vsub = NULL;
1183 VERBOSE_ASSERT(paging_sent, == true, "%d");
1184 VERBOSE_ASSERT(paging_stopped, == false, "%d");
1185
1186 btw("the subscriber and its pending request should remain");
1187 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1188 OSMO_ASSERT(vsub);
1189 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
1190 vlr_subscr_put(vsub);
1191
1192 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1193 auth_request_sent = false;
1194 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
1195 ms_sends_msg("06270703305882089910070000006402");
1196 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1197
1198 btw("needs auth, not yet accepted");
1199 EXPECT_ACCEPTED(false);
1200 thwart_rx_non_initial_requests();
1201
1202 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
1203 expect_cipher_mode_cmd("e2b234f807886400");
1204 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
1205 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1206
1207 btw("needs ciph, not yet accepted");
1208 EXPECT_ACCEPTED(false);
1209 thwart_rx_non_initial_requests();
1210
1211 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1212 dtap_expect_tx("09" /* SMS messages */
1213 "01" /* CP-DATA */
1214 "58" /* length */
1215 "01" /* Network to MS */
1216 "00" /* reference */
1217 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1218 "0791" "447758100650" /* 447785016005 */
1219 "00" /* dest */
1220 /* SMS TPDU */
1221 "4c" /* len */
1222 "00" /* SMS deliver */
1223 "05802443f2" /* originating address 42342 */
1224 "00" /* TP-PID */
1225 "00" /* GSM default alphabet */
1226 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1227 "000000" /* H-M-S */
1228 "00" /* GMT+0 */
1229 "44" /* data length */
1230 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1231 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1232 "0c7ac3e9e9b7db05");
1233 ms_sends_msg("0632");
1234 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1235 VERBOSE_ASSERT(paging_stopped, == true, "%d");
1236
1237 btw("SMS was delivered, no requests pending for subscr");
1238 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1239 OSMO_ASSERT(vsub);
1240 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1241 vlr_subscr_put(vsub);
1242
1243 btw("conn is still open to wait for SMS ack dance");
1244 EXPECT_CONN_COUNT(1);
1245
1246 btw("MS replies with CP-ACK for received SMS");
1247 ms_sends_msg("8904");
1248 EXPECT_CONN_COUNT(1);
1249
1250 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1251 dtap_expect_tx("0904");
1252 expect_bssap_clear();
1253 ms_sends_msg("890106020041020000");
1254 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1255 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1256
1257 btw("SMS is done, conn is gone");
1258 bss_sends_clear_complete();
1259 EXPECT_CONN_COUNT(0);
1260
1261 BTW("subscriber detaches");
1262 expect_bssap_clear();
1263 ms_sends_msg("050130089910070000006402");
1264 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1265
1266 bss_sends_clear_complete();
1267 EXPECT_CONN_COUNT(0);
1268 clear_vlr();
1269 comment_end();
1270}
1271
1272/* During CM Service Request or Paging Response we already have Classmark 2 that indicates A5/3
1273 * availablity. Here, in a hacky way remove the knowledge of Classmark 2 to tickle a code path where
1274 * proc_arq_fsm needs a Classmark Update during Ciphering. Shouldn't happen in reality though. */
1275static void test_cm_service_needs_classmark_update()
1276{
1277 struct vlr_subscr *vsub;
1278 const char *imsi = "901700000004620";
1279
1280 comment_start();
1281
1282 /* A5/3 support is indicated in Classmark 3. By configuring A5/3, trigger the code paths that
1283 * send a Classmark Request. */
1284 net->a5_encryption_mask = (1 << 3); /* A5/3 */
1285 /* implicit: net->authentication_required = true; */
1286
1287 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1288 lu_result_sent = RES_NONE;
1289 gsup_expect_tx("08010809710000004026f0");
1290 ms_sends_msg("050802008168000130089910070000006402");
1291 OSMO_ASSERT(gsup_tx_confirmed);
1292 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1293
1294 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1295 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1296 auth_request_sent = false;
1297 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1298 auth_request_expect_autn = NULL;
1299 gsup_rx("0a"
1300 /* imsi */
1301 "0108" "09710000004026f0"
1302 /* 5 auth vectors... */
1303 /* TL TL rand */
1304 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1305 /* TL sres TL kc */
1306 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1307 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1308 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1309 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1310 "2104" "a29514ae" "2208" "e2b234f807886400"
1311 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1312 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1313 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
1314 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
1315 NULL);
1316 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1317 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1318
1319 BTW("MS sends Authen Response, VLR accepts and wants to send Ciphering Mode Command to MS"
1320 " -- but needs Classmark 2 to determine whether A5/3 is supported");
1321 cipher_mode_cmd_sent = false;
1322 ms_sends_msg("05542d8b2c3e");
1323 OSMO_ASSERT(!cipher_mode_cmd_sent);
1324 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1325
1326 btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
1327 expect_cipher_mode_cmd("61855fb81fc2a800");
1328 bss_sends_bssap_mgmt("541203505886130b6014042f6503b8800d2100");
1329 OSMO_ASSERT(cipher_mode_cmd_sent);
1330 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1331
1332 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
1333 gsup_expect_tx("04010809710000004026f0");
1334 ms_sends_msg("0632");
1335 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1336
1337 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
1338 gsup_rx("10010809710000004026f00804032443f2",
1339 "12010809710000004026f0");
1340 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1341
1342 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
1343 expect_bssap_clear();
1344 gsup_rx("06010809710000004026f0", NULL);
1345 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1346
1347 btw("LU was successful, and the conn has already been closed");
1348 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
1349 bss_sends_clear_complete();
1350 EXPECT_CONN_COUNT(0);
1351
1352
1353 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1354 cm_service_result_sent = RES_NONE;
1355 auth_request_sent = false;
1356 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
1357 ms_sends_msg("05247803305886089910070000006402");
1358 OSMO_ASSERT(g_conn);
1359 OSMO_ASSERT(g_conn->fi);
1360 OSMO_ASSERT(g_conn->vsub);
1361 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1362 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1363
1364 btw("needs auth, not yet accepted");
1365 EXPECT_ACCEPTED(false);
1366 thwart_rx_non_initial_requests();
1367
1368 btw("MS sends Authen Response, VLR accepts and requests Ciphering. We already know Classmark 3,"
1369 " so no need to request Classmark Update.");
1370 expect_cipher_mode_cmd("07fa7502e07e1c00");
1371 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
1372 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1373 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1374
1375 btw("needs ciph, not yet accepted");
1376 EXPECT_ACCEPTED(false);
1377 thwart_rx_non_initial_requests();
1378
1379 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
1380 ms_sends_msg("0632");
1381 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1382
1383 /* Release connection */
1384 expect_bssap_clear(RAN_GERAN_A);
1385 conn_conclude_cm_service_req(g_conn, RAN_GERAN_A);
1386
1387 btw("all requests serviced, conn has been released");
1388 bss_sends_clear_complete();
1389 EXPECT_CONN_COUNT(0);
1390
1391 BTW("an SMS is sent, MS is paged");
1392 paging_expect_imsi(imsi);
1393 paging_sent = false;
1394 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1395 OSMO_ASSERT(vsub);
1396 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1397
1398 send_sms(vsub, vsub, "Privacy in residential applications is a desirable marketing option.");
1399
1400 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
1401 vlr_subscr_put(vsub);
1402 vsub = NULL;
1403 VERBOSE_ASSERT(paging_sent, == true, "%d");
1404 VERBOSE_ASSERT(paging_stopped, == false, "%d");
1405
1406 btw("the subscriber and its pending request should remain");
1407 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1408 OSMO_ASSERT(vsub);
1409 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
1410 vlr_subscr_put(vsub);
1411
1412 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1413 auth_request_sent = false;
1414 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
1415 ms_sends_msg("06270703305882089910070000006402");
1416 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1417
1418 BTW("Fake a situation where Classmark 2 is unknown during proc_arq_fsm");
1419 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1420 OSMO_ASSERT(vsub);
1421 vsub->classmark.classmark2_len = 0;
1422 vsub->classmark.classmark3_len = 0;
1423 vlr_subscr_put(vsub);
1424
1425
1426 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
1427 btw("MS sends Authen Response, VLR accepts and requests Ciphering."
1428 " Normally, we'd know Classmark 3, but this test removed it."
1429 " Hence a Classmark Request is generated.");
1430 cipher_mode_cmd_sent = false;
1431 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
1432 OSMO_ASSERT(!cipher_mode_cmd_sent);
1433
1434 btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
1435 expect_cipher_mode_cmd("e2b234f807886400");
1436 bss_sends_bssap_mgmt("541203505886130b6014042f6503b8800d2100");
1437 OSMO_ASSERT(cipher_mode_cmd_sent);
1438
1439 btw("needs ciph, not yet accepted");
1440 EXPECT_ACCEPTED(false);
1441
1442 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1443 dtap_expect_tx("09" /* SMS messages */
1444 "01" /* CP-DATA */
1445 "58" /* length */
1446 "01" /* Network to MS */
1447 "00" /* reference */
1448 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1449 "0791" "447758100650" /* 447785016005 */
1450 "00" /* dest */
1451 /* SMS TPDU */
1452 "4c" /* len */
1453 "00" /* SMS deliver */
1454 "05802443f2" /* originating address 42342 */
1455 "00" /* TP-PID */
1456 "00" /* GSM default alphabet */
1457 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1458 "000000" /* H-M-S */
1459 "00" /* GMT+0 */
1460 "44" /* data length */
1461 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1462 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1463 "0c7ac3e9e9b7db05");
1464 ms_sends_msg("0632");
1465 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1466 VERBOSE_ASSERT(paging_stopped, == true, "%d");
1467
1468 btw("SMS was delivered, no requests pending for subscr");
1469 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1470 OSMO_ASSERT(vsub);
1471 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1472 vlr_subscr_put(vsub);
1473
1474 btw("conn is still open to wait for SMS ack dance");
1475 EXPECT_CONN_COUNT(1);
1476
1477 btw("MS replies with CP-ACK for received SMS");
1478 ms_sends_msg("8904");
1479 EXPECT_CONN_COUNT(1);
1480
1481 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1482 dtap_expect_tx("0904");
1483 expect_bssap_clear();
1484 ms_sends_msg("890106020041020000");
1485 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1486 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1487
1488 btw("SMS is done, conn is gone");
1489 bss_sends_clear_complete();
1490 EXPECT_CONN_COUNT(0);
1491
1492 BTW("subscriber detaches");
1493 expect_bssap_clear();
1494 ms_sends_msg("050130089910070000006402");
1495 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1496
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1497 bss_sends_clear_complete();
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1498 EXPECT_CONN_COUNT(0);
1499 clear_vlr();
1500 comment_end();
1501}
1502
1503
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1504msc_vlr_test_func_t msc_vlr_tests[] = {
1505 test_ciph,
1506 test_ciph_tmsi,
1507 test_ciph_imei,
1508 test_ciph_imeisv,
1509 test_ciph_tmsi_imei,
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1510 test_gsm_ciph_in_umts_env,
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame^]1511 test_a5_3_supported,
1512 test_cm_service_needs_classmark_update,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1513 NULL
1514};