Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 535f110d0971c93991e36cad42c9cfb330b2ed0e / . / tests / msc_vlr / msc_vlr_test_gsm_authen.c
blob: 81297815dc1821b67c8b9794a8cc154f3b948375 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]26static void test_gsm_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]29 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]30
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]31 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]32
33 net->authentication_required = true;
34
35 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
36 lu_result_sent = RES_NONE;
37 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]38 ms_sends_msg("0508020081680001"
39 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
40 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]41 OSMO_ASSERT(gsup_tx_confirmed);
42 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
43
44 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
45 auth_request_sent = false;
46 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
47 auth_request_expect_autn = NULL;
48 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
49 gsup_rx("0a"
50 /* imsi */
51 "0108" "09710000004026f0"
52 /* 5 auth vectors... */
53 /* TL TL rand */
54 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
55 /* TL sres TL kc */
56 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
57 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
58 "2104" "20bde240" "2208" "07fa7502e07e1c00"
59 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
60 "2104" "a29514ae" "2208" "e2b234f807886400"
61 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
62 "2104" "5afc8d72" "2208" "2392f14f709ae000"
63 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
64 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
65 NULL);
66 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
67 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
68
69 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
70 gsup_rx("06010809710000004026f0", NULL);
71 EXPECT_ACCEPTED(false);
72
73 thwart_rx_non_initial_requests();
74
75 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
76
77 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]78 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]79 ms_sends_msg("05542d8b2c3e");
80 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
81
82 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
83 gsup_rx("10010809710000004026f00804036470f1",
84 "12010809710000004026f0");
85 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
86
87 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]88 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]89 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]90 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]91
92 btw("LU was successful, and the conn has already been closed");
93 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]94 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]95 EXPECT_CONN_COUNT(0);
96
97 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
98 auth_request_sent = false;
99 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
100 cm_service_result_sent = RES_NONE;
101 ms_sends_msg("05247803305886089910070000006402");
102 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]103 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]104 OSMO_ASSERT(g_conn->vsub);
105 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
106 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
107
108 btw("needs auth, not yet accepted");
109 EXPECT_ACCEPTED(false);
110 thwart_rx_non_initial_requests();
111
112 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
113 gsup_expect_tx(NULL);
114 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
115 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
116
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]117 /* Release connection */
118 expect_bssap_clear(RAN_GERAN_A);
119 conn_conclude_cm_service_req(g_conn, RAN_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]120
121 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]122 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]123 EXPECT_CONN_COUNT(0);
124
125 BTW("an SMS is sent, MS is paged");
126 paging_expect_imsi(imsi);
127 paging_sent = false;
128 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
129 OSMO_ASSERT(vsub);
130 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
131
132 send_sms(vsub, vsub,
133 "Privacy in residential applications is a desirable"
134 " marketing option.");
135
136 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
137 vlr_subscr_put(vsub);
138 vsub = NULL;
139 VERBOSE_ASSERT(paging_sent, == true, "%d");
140 VERBOSE_ASSERT(paging_stopped, == false, "%d");
141
142 btw("the subscriber and its pending request should remain");
143 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
144 OSMO_ASSERT(vsub);
145 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
146 vlr_subscr_put(vsub);
147
148 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
149 auth_request_sent = false;
150 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
151 ms_sends_msg("06270703305882089910070000006402");
152 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
153
154 btw("needs auth, not yet accepted");
155 EXPECT_ACCEPTED(false);
156 thwart_rx_non_initial_requests();
157
158 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
159 dtap_expect_tx("09" /* SMS messages */
160 "01" /* CP-DATA */
161 "58" /* length */
162 "01" /* Network to MS */
163 "00" /* reference */
164 /* originator (gsm411_send_sms() hardcodes this weird nr) */
165 "0791" "447758100650" /* 447785016005 */
166 "00" /* dest */
167 /* SMS TPDU */
168 "4c" /* len */
169 "00" /* SMS deliver */
170 "05806470f1" /* originating address 46071 */
171 "00" /* TP-PID */
172 "00" /* GSM default alphabet */
173 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
174 "000000" /* H-M-S */
175 "00" /* GMT+0 */
176 "44" /* data length */
177 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
178 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
179 "0c7ac3e9e9b7db05");
180 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
181 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
182 VERBOSE_ASSERT(paging_stopped, == true, "%d");
183
184 btw("SMS was delivered, no requests pending for subscr");
185 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
186 OSMO_ASSERT(vsub);
187 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
188 vlr_subscr_put(vsub);
189
190 btw("conn is still open to wait for SMS ack dance");
191 EXPECT_CONN_COUNT(1);
192
193 btw("MS replies with CP-ACK for received SMS");
194 ms_sends_msg("8904");
195 EXPECT_CONN_COUNT(1);
196
197 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
198 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]199 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]200 ms_sends_msg("890106020041020000");
201 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]202 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]203
204 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]205 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]206 EXPECT_CONN_COUNT(0);
207
208 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]209 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]210 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]211 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]212
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]213 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]214 EXPECT_CONN_COUNT(0);
215 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]216 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]217}
218
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]219static void test_gsm_authen_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]220{
221 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]222 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]223
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]224 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]225
226 net->authentication_required = true;
227 net->vlr->cfg.assign_tmsi = true;
228
229 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
230 lu_result_sent = RES_NONE;
231 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]232 ms_sends_msg("0508020081680001"
233 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
234 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]235 OSMO_ASSERT(gsup_tx_confirmed);
236 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
237
238 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
239 auth_request_sent = false;
240 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
241 auth_request_expect_autn = NULL;
242 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
243 gsup_rx("0a"
244 /* imsi */
245 "0108" "09710000004026f0"
246 /* 5 auth vectors... */
247 /* TL TL rand */
248 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
249 /* TL sres TL kc */
250 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
251 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
252 "2104" "20bde240" "2208" "07fa7502e07e1c00"
253 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
254 "2104" "a29514ae" "2208" "e2b234f807886400"
255 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
256 "2104" "5afc8d72" "2208" "2392f14f709ae000"
257 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
258 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
259 NULL);
260 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
261 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
262
263 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
264 gsup_rx("06010809710000004026f0", NULL);
265 EXPECT_ACCEPTED(false);
266
267 thwart_rx_non_initial_requests();
268
269 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
270
271 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]272 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]273 ms_sends_msg("05542d8b2c3e");
274 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
275
276 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
277 gsup_rx("10010809710000004026f00804036470f1",
278 "12010809710000004026f0");
279 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
280
281 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
282 gsup_rx("06010809710000004026f0", NULL);
283
284 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
285 EXPECT_CONN_COUNT(1);
286 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
287 EXPECT_ACCEPTED(false);
288 thwart_rx_non_initial_requests();
289
290 btw("even though the TMSI is not acked, we can already find the subscr with it");
291 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
292 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
293 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
294 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
295 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
296 vlr_subscr_put(vsub);
297
298 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]299 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]300 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]301 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]302
303 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]304 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]305 EXPECT_CONN_COUNT(0);
306
307 btw("Subscriber has the new TMSI");
308 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
309 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
310 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
311 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
312 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
313 vlr_subscr_put(vsub);
314
315 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
316 auth_request_sent = false;
317 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
318 cm_service_result_sent = RES_NONE;
319 ms_sends_msg("05247803305886" "05f4" "03020100");
320 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]321 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]322 OSMO_ASSERT(g_conn->vsub);
323 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
324 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
325
326 btw("needs auth, not yet accepted");
327 EXPECT_ACCEPTED(false);
328 thwart_rx_non_initial_requests();
329
330 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
331 gsup_expect_tx(NULL);
332 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
333 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
334
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]335 /* Release connection */
336 expect_bssap_clear(RAN_GERAN_A);
337 conn_conclude_cm_service_req(g_conn, RAN_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]338
339 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]340 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]341 EXPECT_CONN_COUNT(0);
342
343 BTW("an SMS is sent, MS is paged");
344 paging_expect_tmsi(0x03020100);
345 paging_sent = false;
346 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
347 OSMO_ASSERT(vsub);
348 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
349
350 send_sms(vsub, vsub,
351 "Privacy in residential applications is a desirable"
352 " marketing option.");
353
354 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
355 vlr_subscr_put(vsub);
356 vsub = NULL;
357 VERBOSE_ASSERT(paging_sent, == true, "%d");
358 VERBOSE_ASSERT(paging_stopped, == false, "%d");
359
360 btw("the subscriber and its pending request should remain");
361 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
362 OSMO_ASSERT(vsub);
363 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
364 vlr_subscr_put(vsub);
365
366 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
367 auth_request_sent = false;
368 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
369 ms_sends_msg("06270703305882" "05f4" "03020100");
370 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
371
372 btw("needs auth, not yet accepted");
373 EXPECT_ACCEPTED(false);
374 thwart_rx_non_initial_requests();
375
376 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
377 dtap_expect_tx("09" /* SMS messages */
378 "01" /* CP-DATA */
379 "58" /* length */
380 "01" /* Network to MS */
381 "00" /* reference */
382 /* originator (gsm411_send_sms() hardcodes this weird nr) */
383 "0791" "447758100650" /* 447785016005 */
384 "00" /* dest */
385 /* SMS TPDU */
386 "4c" /* len */
387 "00" /* SMS deliver */
388 "05806470f1" /* originating address 46071 */
389 "00" /* TP-PID */
390 "00" /* GSM default alphabet */
391 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
392 "000000" /* H-M-S */
393 "00" /* GMT+0 */
394 "44" /* data length */
395 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
396 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
397 "0c7ac3e9e9b7db05");
398 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
399 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
400 VERBOSE_ASSERT(paging_stopped, == true, "%d");
401
402 btw("SMS was delivered, no requests pending for subscr");
403 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
404 OSMO_ASSERT(vsub);
405 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
406 vlr_subscr_put(vsub);
407
408 btw("conn is still open to wait for SMS ack dance");
409 EXPECT_CONN_COUNT(1);
410
411 btw("MS replies with CP-ACK for received SMS");
412 ms_sends_msg("8904");
413 EXPECT_CONN_COUNT(1);
414
415 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
416 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]417 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]418 ms_sends_msg("890106020041020000");
419 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]420 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]421
422 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]423 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]424 EXPECT_CONN_COUNT(0);
425
426 /* TODO: when the subscriber detaches, the vlr_subscr gets
427 * deallocated and we no longer know the TMSI. This case is covered by
428 * test_lu_unknown_tmsi(), so here I'd like to still have the TMSI.
429 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]430 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]431 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]432 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]433 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]434 EXPECT_CONN_COUNT(0);
435 */
436
437 BTW("subscriber sends LU Request, this time with the TMSI");
438 btw("Location Update request causes an Auth Req to MS");
439 lu_result_sent = RES_NONE;
440 auth_request_sent = false;
441 auth_request_expect_rand = "fa8f20b781b5881329d4fea26b1a3c51";
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]442 ms_sends_msg("0508020081680001"
443 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
444 "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]445 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
446 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
447
448 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]449 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]450 ms_sends_msg("05545afc8d72");
451 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
452
453 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
454 gsup_rx("10010809710000004026f00804036470f1",
455 "12010809710000004026f0");
456 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
457
458 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
459 gsup_rx("06010809710000004026f0", NULL);
460
461 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
462 EXPECT_CONN_COUNT(1);
463 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
464 EXPECT_ACCEPTED(false);
465 thwart_rx_non_initial_requests();
466
467 btw("even though the TMSI is not acked, we can already find the subscr with it");
468 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
469 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
470 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
471 VERBOSE_ASSERT(vsub->tmsi_new, == 0x07060504, "0x%08x");
472 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
473 vlr_subscr_put(vsub);
474
475 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]476 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]477 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]478 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]479
480 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]481 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]482 EXPECT_CONN_COUNT(0);
483
484 btw("subscriber has the new TMSI");
485 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
486 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
487 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
488 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
489 VERBOSE_ASSERT(vsub->tmsi, == 0x07060504, "0x%08x");
490 vlr_subscr_put(vsub);
491
492 BTW("subscriber detaches, using new TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]493 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]494 ms_sends_msg("050130" "05f4" "07060504");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]495 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]496
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]497 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]498 EXPECT_CONN_COUNT(0);
499 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]500 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]501}
502
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]503static void test_gsm_authen_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]504{
505 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]506 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]507
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]508 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]509
510 net->authentication_required = true;
511 net->vlr->cfg.check_imei_rqd = true;
512
513 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
514 lu_result_sent = RES_NONE;
515 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]516 ms_sends_msg("0508020081680001"
517 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
518 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]519 OSMO_ASSERT(gsup_tx_confirmed);
520 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
521
522 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
523 auth_request_sent = false;
524 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
525 auth_request_expect_autn = NULL;
526 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
527 gsup_rx("0a"
528 /* imsi */
529 "0108" "09710000004026f0"
530 /* 5 auth vectors... */
531 /* TL TL rand */
532 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
533 /* TL sres TL kc */
534 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
535 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
536 "2104" "20bde240" "2208" "07fa7502e07e1c00"
537 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
538 "2104" "a29514ae" "2208" "e2b234f807886400"
539 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
540 "2104" "5afc8d72" "2208" "2392f14f709ae000"
541 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
542 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
543 NULL);
544 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
545 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
546
547 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
548 gsup_rx("06010809710000004026f0", NULL);
549 EXPECT_ACCEPTED(false);
550 thwart_rx_non_initial_requests();
551 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
552
553 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]554 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]555 ms_sends_msg("05542d8b2c3e");
556 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
557
558 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
559 gsup_rx("10010809710000004026f00804036470f1",
560 "12010809710000004026f0");
561 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
562
563 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
564 dtap_expect_tx("051802");
565 gsup_rx("06010809710000004026f0", NULL);
566
567 btw("We will only do business when the IMEI is known");
568 EXPECT_CONN_COUNT(1);
569 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
570 OSMO_ASSERT(vsub);
571 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
572 vlr_subscr_put(vsub);
573 EXPECT_ACCEPTED(false);
574 thwart_rx_non_initial_requests();
575
576 btw("MS replies with an Identity Response");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]577 expect_bssap_clear();
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]578 ms_sends_msg("0559084a32244332244302");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]579 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]580
581 btw("LU was successful, and the conn has already been closed");
582 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]583 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]584 EXPECT_CONN_COUNT(0);
585
586 btw("Subscriber has the IMEI");
587 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
588 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]589 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]590 vlr_subscr_put(vsub);
591
592 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]593 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]594 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]595 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]596
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]597 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]598 EXPECT_CONN_COUNT(0);
599 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]600 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]601}
602
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]603static void test_gsm_authen_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]604{
605 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]606 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]607
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]608 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]609
610 net->authentication_required = true;
611 net->vlr->cfg.assign_tmsi = true;
612 net->vlr->cfg.check_imei_rqd = true;
613
614 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
615 lu_result_sent = RES_NONE;
616 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]617 ms_sends_msg("0508020081680001"
618 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
619 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]620 OSMO_ASSERT(gsup_tx_confirmed);
621 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
622
623 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
624 auth_request_sent = false;
625 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
626 auth_request_expect_autn = NULL;
627 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
628 gsup_rx("0a"
629 /* imsi */
630 "0108" "09710000004026f0"
631 /* 5 auth vectors... */
632 /* TL TL rand */
633 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
634 /* TL sres TL kc */
635 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
636 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
637 "2104" "20bde240" "2208" "07fa7502e07e1c00"
638 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
639 "2104" "a29514ae" "2208" "e2b234f807886400"
640 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
641 "2104" "5afc8d72" "2208" "2392f14f709ae000"
642 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
643 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
644 NULL);
645 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
646 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
647
648 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
649 gsup_rx("06010809710000004026f0", NULL);
650 EXPECT_ACCEPTED(false);
651
652 thwart_rx_non_initial_requests();
653
654 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
655
656 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]657 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]658 ms_sends_msg("05542d8b2c3e");
659 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
660
661 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
662 gsup_rx("10010809710000004026f00804036470f1",
663 "12010809710000004026f0");
664 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
665
666 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
667 dtap_expect_tx("051802");
668 gsup_rx("06010809710000004026f0", NULL);
669
670 btw("We will only do business when the IMEI is known");
671 EXPECT_CONN_COUNT(1);
672 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
673 OSMO_ASSERT(vsub);
674 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
675 vlr_subscr_put(vsub);
676 EXPECT_ACCEPTED(false);
677 thwart_rx_non_initial_requests();
678
679 btw("MS replies with an Identity Response");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]680 ms_sends_msg("0559084a32244332244302");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]681
682 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
683 EXPECT_CONN_COUNT(1);
684 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
685 EXPECT_ACCEPTED(false);
686 thwart_rx_non_initial_requests();
687
688 btw("even though the TMSI is not acked, we can already find the subscr with it");
689 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
690 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
691 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
692 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
693 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
694 vlr_subscr_put(vsub);
695
696 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]697 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]698 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]699 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]700
701 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]702 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]703 EXPECT_CONN_COUNT(0);
704
705 btw("Subscriber has the IMEI and TMSI");
706 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
707 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]708 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]709 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
710 vlr_subscr_put(vsub);
711
712 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]713 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]714 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]715 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]716
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]717 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]718 EXPECT_CONN_COUNT(0);
719 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]720 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]721}
722
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]723static void test_gsm_milenage_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]724{
725 struct vlr_subscr *vsub;
726 const char *imsi = "901700000010650";
727
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]728 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]729
730 net->authentication_required = true;
731 rx_from_ran = RAN_GERAN_A;
732
733 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
734 lu_result_sent = RES_NONE;
735 gsup_expect_tx("080108" "09710000000156f0");
736 ms_sends_msg("0508" /* MM LU */
737 "7" /* ciph key seq: no key available */
738 "0" /* LU type: normal */
739 "ffffff" "0000" /* LAI, LAC */
740 "30" /* classmark 1: GSM phase 2 */
741 "089910070000106005" /* IMSI */
742 );
743 OSMO_ASSERT(gsup_tx_confirmed);
744 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
745
746 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
747 /* based on auc_3g:
748 * K = 'EB215756028D60E3275E613320AEC880',
749 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
750 * SQN = 0
751 */
752 auth_request_sent = false;
753 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
754 auth_request_expect_autn = NULL;
755 gsup_rx("0a"
756 /* imsi */
757 "0108" "09710000000156f0"
758 /* 5 auth vectors... */
759 /* TL TL rand */
760 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
761 /* TL sres TL kc */
762 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
763 /* TL 3G IK */
764 "2310" "27497388b6cb044648f396aa155b95ef"
765 /* TL 3G CK */
766 "2410" "f64735036e5871319c679f4742a75ea1"
767 /* TL AUTN */
768 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
769 /* TL RES */
770 "2708" "e229c19e791f2e41"
771 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
772 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
773 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
774 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
775 "2510" "1843a645b98d00005b2d666af46c45d9"
776 "2708" "7db47cf7f81e4dc7"
777 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
778 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
779 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
780 "2410" "76542abce5ff9345b0e8947f4c6e019c"
781 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
782 "2708" "706f996719ba609c"
783 ,NULL);
784 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
785 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
786
787 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]788 gsup_expect_tx("04010809710000000156f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]789 ms_sends_msg("0554" "9b36efdf");
790 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
791
792 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
793 gsup_rx("10010809710000000156f00804032443f2",
794 "12010809710000000156f0");
795 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
796
797 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]798 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]799 gsup_rx("06010809710000000156f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]800 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]801
802 btw("LU was successful, and the conn has already been closed");
803 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]804 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]805 EXPECT_CONN_COUNT(0);
806
807 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
808 auth_request_sent = false;
809 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
810 auth_request_expect_autn = NULL;
811 cm_service_result_sent = RES_NONE;
812 ms_sends_msg("052478"
813 "03305886" /* classmark 2: GSM phase 2 */
814 "089910070000106005" /* IMSI */);
815 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]816 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]817 OSMO_ASSERT(g_conn->vsub);
818 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
819 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
820
821 btw("needs auth, not yet accepted");
822 EXPECT_ACCEPTED(false);
823 thwart_rx_non_initial_requests();
824
825 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
826 gsup_expect_tx(NULL);
827 ms_sends_msg("0554" "85aa3130"); /* 2nd vector's sres, s.a. */
828 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
829
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]830 /* Release connection */
831 expect_bssap_clear(RAN_GERAN_A);
832 conn_conclude_cm_service_req(g_conn, RAN_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]833
834 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]835 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]836 EXPECT_CONN_COUNT(0);
837
838 BTW("an SMS is sent, MS is paged");
839 paging_expect_imsi(imsi);
840 paging_sent = false;
841 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
842 OSMO_ASSERT(vsub);
843 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
844
845 send_sms(vsub, vsub,
846 "Privacy in residential applications is a desirable"
847 " marketing option.");
848
849 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
850 vlr_subscr_put(vsub);
851 vsub = NULL;
852 VERBOSE_ASSERT(paging_sent, == true, "%d");
853 VERBOSE_ASSERT(paging_stopped, == false, "%d");
854
855 btw("the subscriber and its pending request should remain");
856 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
857 OSMO_ASSERT(vsub);
858 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
859 vlr_subscr_put(vsub);
860
861 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
862 auth_request_sent = false;
863 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
864 auth_request_expect_autn = NULL;
865 ms_sends_msg("062707"
866 "03305886" /* classmark 2 */
867 "089910070000106005" /* IMSI */);
868 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
869
870 btw("needs auth, not yet accepted");
871 EXPECT_ACCEPTED(false);
872 thwart_rx_non_initial_requests();
873
874 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
875 dtap_expect_tx("09" /* SMS messages */
876 "01" /* CP-DATA */
877 "58" /* length */
878 "01" /* Network to MS */
879 "00" /* reference */
880 /* originator (gsm411_send_sms() hardcodes this weird nr) */
881 "0791" "447758100650" /* 447785016005 */
882 "00" /* dest */
883 /* SMS TPDU */
884 "4c" /* len */
885 "00" /* SMS deliver */
886 "05802443f2" /* originating address 42342 */
887 "00" /* TP-PID */
888 "00" /* GSM default alphabet */
889 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
890 "000000" /* H-M-S */
891 "00" /* GMT+0 */
892 "44" /* data length */
893 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
894 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
895 "0c7ac3e9e9b7db05");
896 ms_sends_msg("0554" "69d5f9fb"); /* 3nd vector's sres, s.a. */
897 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
898 VERBOSE_ASSERT(paging_stopped, == true, "%d");
899
900 btw("SMS was delivered, no requests pending for subscr");
901 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
902 OSMO_ASSERT(vsub);
903 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
904 vlr_subscr_put(vsub);
905
906 btw("conn is still open to wait for SMS ack dance");
907 EXPECT_CONN_COUNT(1);
908
909 btw("MS replies with CP-ACK for received SMS");
910 ms_sends_msg("8904");
911 EXPECT_CONN_COUNT(1);
912
913 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
914 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]915 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]916 ms_sends_msg("890106020041020000");
917 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]918 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]919
920 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]921 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]922 EXPECT_CONN_COUNT(0);
923
924 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]925 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]926 ms_sends_msg("050130"
927 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]928 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]929
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]930 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]931 EXPECT_CONN_COUNT(0);
932 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]933 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]934}
935
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]936static void test_wrong_sres_length()
937{
938 comment_start();
939 fake_time_start();
940
941 net->authentication_required = true;
942
943 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
944 lu_result_sent = RES_NONE;
945 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]946 ms_sends_msg("0508020081680001"
947 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
948 "089910070000006402");
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]949 OSMO_ASSERT(gsup_tx_confirmed);
950 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
951
952 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
953 auth_request_sent = false;
954 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
955 auth_request_expect_autn = NULL;
956 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
957 gsup_rx("0a"
958 /* imsi */
959 "0108" "09710000004026f0"
960 /* 5 auth vectors... */
961 /* TL TL rand */
962 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
963 /* TL sres TL kc */
964 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
965 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
966 "2104" "20bde240" "2208" "07fa7502e07e1c00"
967 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
968 "2104" "a29514ae" "2208" "e2b234f807886400"
969 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
970 "2104" "5afc8d72" "2208" "2392f14f709ae000"
971 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
972 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
973 NULL);
974 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
975 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
976
977 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
978 gsup_rx("06010809710000004026f0", NULL);
979 EXPECT_ACCEPTED(false);
980
981 thwart_rx_non_initial_requests();
982
983 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
984
985 btw("MS sends Authen Response with too short SRES data, auth is thwarted.");
986 gsup_expect_tx("0b010809710000004026f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
987 expect_bssap_clear();
988 ms_sends_msg("05542d8b2c");
989 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
990
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]991 bss_sends_clear_complete();
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]992 EXPECT_CONN_COUNT(0);
993 clear_vlr();
994 comment_end();
995}
996
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]997msc_vlr_test_func_t msc_vlr_tests[] = {
998 test_gsm_authen,
999 test_gsm_authen_tmsi,
1000 test_gsm_authen_imei,
1001 test_gsm_authen_tmsi_imei,
1002 test_gsm_milenage_authen,
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1003 test_wrong_sres_length,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1004 NULL
1005};