Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 54a706cf920d1b5dcfbd5a4697538d16ea18aa98 / . / tests / msc_vlr / msc_vlr_test_gsm_ciph.c
blob: 589f7da94d48726d98cd9826141799027925587a [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
26void test_ciph()
27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000004620";
30
31 comment_start();
32
33 /* implicit: net->authentication_required = true; */
34 net->a5_encryption = VLR_CIPH_A5_1;
35
36 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
37 lu_result_sent = RES_NONE;
38 gsup_expect_tx("08010809710000004026f0");
39 ms_sends_msg("050802008168000130089910070000006402");
40 OSMO_ASSERT(gsup_tx_confirmed);
41 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
42
43 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
44 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
45 auth_request_sent = false;
46 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
47 auth_request_expect_autn = NULL;
48 gsup_rx("0a"
49 /* imsi */
50 "0108" "09710000004026f0"
51 /* 5 auth vectors... */
52 /* TL TL rand */
53 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
54 /* TL sres TL kc */
55 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
56 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
57 "2104" "20bde240" "2208" "07fa7502e07e1c00"
58 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
59 "2104" "a29514ae" "2208" "e2b234f807886400"
60 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
61 "2104" "5afc8d72" "2208" "2392f14f709ae000"
62 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
63 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
64 NULL);
65 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
66 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
67
68 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
69 cipher_mode_cmd_sent = false;
70 ms_sends_msg("05542d8b2c3e");
71 OSMO_ASSERT(cipher_mode_cmd_sent);
72 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
73
74 btw("needs ciph, not yet accepted");
75 EXPECT_ACCEPTED(false);
76 thwart_rx_non_initial_requests();
77 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
78
79 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
80 gsup_expect_tx("04010809710000004026f0");
81 ms_sends_msg("0632");
82 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
83
84 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
85 gsup_rx("10010809710000004026f00804036470f1",
86 "12010809710000004026f0");
87 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
88
89 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
90 gsup_rx("06010809710000004026f0", NULL);
91
92 btw("LU was successful, and the conn has already been closed");
93 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
94 EXPECT_CONN_COUNT(0);
95
96 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
97 cm_service_result_sent = RES_NONE;
98 auth_request_sent = false;
99 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
100 ms_sends_msg("05247803305886089910070000006402");
101 OSMO_ASSERT(g_conn);
102 OSMO_ASSERT(g_conn->conn_fsm);
103 OSMO_ASSERT(g_conn->vsub);
104 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
105 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
106
107 btw("needs auth, not yet accepted");
108 EXPECT_ACCEPTED(false);
109 thwart_rx_non_initial_requests();
110
111 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
112 cipher_mode_cmd_sent = false;
113 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
114 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
115 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
116
117 btw("needs ciph, not yet accepted");
118 EXPECT_ACCEPTED(false);
119 thwart_rx_non_initial_requests();
120
121 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
122 ms_sends_msg("0632");
123 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
124
125 btw("a USSD request is serviced");
126 dtap_expect_tx_ussd("Your extension is 46071\r");
127 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
128 OSMO_ASSERT(dtap_tx_confirmed);
129
130 btw("all requests serviced, conn has been released");
131 EXPECT_CONN_COUNT(0);
132
133 BTW("an SMS is sent, MS is paged");
134 paging_expect_imsi(imsi);
135 paging_sent = false;
136 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
137 OSMO_ASSERT(vsub);
138 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
139
140 send_sms(vsub, vsub,
141 "Privacy in residential applications is a desirable"
142 " marketing option.");
143
144 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
145 vlr_subscr_put(vsub);
146 vsub = NULL;
147 VERBOSE_ASSERT(paging_sent, == true, "%d");
148 VERBOSE_ASSERT(paging_stopped, == false, "%d");
149
150 btw("the subscriber and its pending request should remain");
151 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
152 OSMO_ASSERT(vsub);
153 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
154 vlr_subscr_put(vsub);
155
156 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
157 auth_request_sent = false;
158 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
159 ms_sends_msg("06270703305882089910070000006402");
160 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
161
162 btw("needs auth, not yet accepted");
163 EXPECT_ACCEPTED(false);
164 thwart_rx_non_initial_requests();
165
166 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
167 cipher_mode_cmd_sent = false;
168 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
169 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
170
171 btw("needs ciph, not yet accepted");
172 EXPECT_ACCEPTED(false);
173 thwart_rx_non_initial_requests();
174
175 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
176 dtap_expect_tx("09" /* SMS messages */
177 "01" /* CP-DATA */
178 "58" /* length */
179 "01" /* Network to MS */
180 "00" /* reference */
181 /* originator (gsm411_send_sms() hardcodes this weird nr) */
182 "0791" "447758100650" /* 447785016005 */
183 "00" /* dest */
184 /* SMS TPDU */
185 "4c" /* len */
186 "00" /* SMS deliver */
187 "05806470f1" /* originating address 46071 */
188 "00" /* TP-PID */
189 "00" /* GSM default alphabet */
190 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
191 "000000" /* H-M-S */
192 "00" /* GMT+0 */
193 "44" /* data length */
194 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
195 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
196 "0c7ac3e9e9b7db05");
197 ms_sends_msg("0632");
198 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
199 VERBOSE_ASSERT(paging_stopped, == true, "%d");
200
201 btw("SMS was delivered, no requests pending for subscr");
202 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
203 OSMO_ASSERT(vsub);
204 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
205 vlr_subscr_put(vsub);
206
207 btw("conn is still open to wait for SMS ack dance");
208 EXPECT_CONN_COUNT(1);
209
210 btw("MS replies with CP-ACK for received SMS");
211 ms_sends_msg("8904");
212 EXPECT_CONN_COUNT(1);
213
214 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
215 dtap_expect_tx("0904");
216 ms_sends_msg("890106020041020000");
217 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
218
219 btw("SMS is done, conn is gone");
220 EXPECT_CONN_COUNT(0);
221
222 BTW("subscriber detaches");
223 ms_sends_msg("050130089910070000006402");
224
225 EXPECT_CONN_COUNT(0);
226 clear_vlr();
227 comment_end();
228}
229
230void test_ciph_tmsi()
231{
232 struct vlr_subscr *vsub;
233 const char *imsi = "901700000004620";
234
235 comment_start();
236
237 /* implicit: net->authentication_required = true; */
238 net->a5_encryption = VLR_CIPH_A5_1;
239 net->vlr->cfg.assign_tmsi = true;
240
241 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
242 lu_result_sent = RES_NONE;
243 gsup_expect_tx("08010809710000004026f0");
244 ms_sends_msg("050802008168000130089910070000006402");
245 OSMO_ASSERT(gsup_tx_confirmed);
246 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
247
248 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
249 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
250 auth_request_sent = false;
251 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
252 auth_request_expect_autn = NULL;
253 gsup_rx("0a"
254 /* imsi */
255 "0108" "09710000004026f0"
256 /* 5 auth vectors... */
257 /* TL TL rand */
258 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
259 /* TL sres TL kc */
260 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
261 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
262 "2104" "20bde240" "2208" "07fa7502e07e1c00"
263 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
264 "2104" "a29514ae" "2208" "e2b234f807886400"
265 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
266 "2104" "5afc8d72" "2208" "2392f14f709ae000"
267 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
268 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
269 NULL);
270 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
271 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
272
273 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
274 cipher_mode_cmd_sent = false;
275 ms_sends_msg("05542d8b2c3e");
276 OSMO_ASSERT(cipher_mode_cmd_sent);
277 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
278 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
279
280 btw("needs ciph, not yet accepted");
281 EXPECT_ACCEPTED(false);
282 thwart_rx_non_initial_requests();
283 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
284
285 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
286 gsup_expect_tx("04010809710000004026f0");
287 ms_sends_msg("0632");
288 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
289
290 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
291 gsup_rx("10010809710000004026f00804036470f1",
292 "12010809710000004026f0");
293 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
294
295 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
296 gsup_rx("06010809710000004026f0", NULL);
297
298 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
299 EXPECT_CONN_COUNT(1);
300 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
301 EXPECT_ACCEPTED(false);
302 thwart_rx_non_initial_requests();
303
304 btw("even though the TMSI is not acked, we can already find the subscr with it");
305 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
306 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
307 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
308 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
309 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
310 vlr_subscr_put(vsub);
311
312 btw("MS sends TMSI Realloc Complete");
313 ms_sends_msg("055b");
314
315 btw("LU was successful, and the conn has already been closed");
316 EXPECT_CONN_COUNT(0);
317
318 btw("Subscriber has the new TMSI");
319 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
320 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
321 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
322 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
323 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
324 vlr_subscr_put(vsub);
325
326 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
327 cm_service_result_sent = RES_NONE;
328 auth_request_sent = false;
329 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
330 auth_request_expect_autn = NULL;
331 ms_sends_msg("05247803305886" "05f4" "03020100");
332 OSMO_ASSERT(g_conn);
333 OSMO_ASSERT(g_conn->conn_fsm);
334 OSMO_ASSERT(g_conn->vsub);
335 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
336 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
337
338 btw("needs auth, not yet accepted");
339 EXPECT_ACCEPTED(false);
340 thwart_rx_non_initial_requests();
341
342 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
343 cipher_mode_cmd_sent = false;
344 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
345 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
346 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
347
348 btw("needs ciph, not yet accepted");
349 EXPECT_ACCEPTED(false);
350 thwart_rx_non_initial_requests();
351
352 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
353 ms_sends_msg("0632");
354 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
355
356 btw("a USSD request is serviced");
357 dtap_expect_tx_ussd("Your extension is 46071\r");
358 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
359 OSMO_ASSERT(dtap_tx_confirmed);
360
361 btw("all requests serviced, conn has been released");
362 EXPECT_CONN_COUNT(0);
363
364 BTW("an SMS is sent, MS is paged");
365 paging_expect_tmsi(0x03020100);
366 paging_sent = false;
367 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
368 OSMO_ASSERT(vsub);
369 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
370
371 send_sms(vsub, vsub,
372 "Privacy in residential applications is a desirable"
373 " marketing option.");
374
375 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
376 vlr_subscr_put(vsub);
377 vsub = NULL;
378 VERBOSE_ASSERT(paging_sent, == true, "%d");
379 VERBOSE_ASSERT(paging_stopped, == false, "%d");
380
381 btw("the subscriber and its pending request should remain");
382 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
383 OSMO_ASSERT(vsub);
384 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
385 vlr_subscr_put(vsub);
386
387 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
388 auth_request_sent = false;
389 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
390 ms_sends_msg("06270703305882" "05f4" "03020100");
391 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
392
393 btw("needs auth, not yet accepted");
394 EXPECT_ACCEPTED(false);
395 thwart_rx_non_initial_requests();
396
397 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
398 cipher_mode_cmd_sent = false;
399 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
400 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
401
402 btw("needs ciph, not yet accepted");
403 EXPECT_ACCEPTED(false);
404 thwart_rx_non_initial_requests();
405
406 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
407 dtap_expect_tx("09" /* SMS messages */
408 "01" /* CP-DATA */
409 "58" /* length */
410 "01" /* Network to MS */
411 "00" /* reference */
412 /* originator (gsm411_send_sms() hardcodes this weird nr) */
413 "0791" "447758100650" /* 447785016005 */
414 "00" /* dest */
415 /* SMS TPDU */
416 "4c" /* len */
417 "00" /* SMS deliver */
418 "05806470f1" /* originating address 46071 */
419 "00" /* TP-PID */
420 "00" /* GSM default alphabet */
421 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
422 "000000" /* H-M-S */
423 "00" /* GMT+0 */
424 "44" /* data length */
425 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
426 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
427 "0c7ac3e9e9b7db05");
428 ms_sends_msg("0632");
429 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
430 VERBOSE_ASSERT(paging_stopped, == true, "%d");
431
432 btw("SMS was delivered, no requests pending for subscr");
433 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
434 OSMO_ASSERT(vsub);
435 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
436 vlr_subscr_put(vsub);
437
438 btw("conn is still open to wait for SMS ack dance");
439 EXPECT_CONN_COUNT(1);
440
441 btw("MS replies with CP-ACK for received SMS");
442 ms_sends_msg("8904");
443 EXPECT_CONN_COUNT(1);
444
445 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
446 dtap_expect_tx("0904");
447 ms_sends_msg("890106020041020000");
448 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
449
450 btw("SMS is done, conn is gone");
451 EXPECT_CONN_COUNT(0);
452
453 BTW("subscriber detaches, using TMSI");
454 ms_sends_msg("050130" "05f4" "03020100");
455
456 EXPECT_CONN_COUNT(0);
457 clear_vlr();
458 comment_end();
459}
460
461void test_ciph_imei()
462{
463 struct vlr_subscr *vsub;
464 const char *imsi = "901700000004620";
465
466 comment_start();
467
468 /* implicit: net->authentication_required = true; */
469 net->a5_encryption = VLR_CIPH_A5_1;
470 net->vlr->cfg.check_imei_rqd = true;
471
472 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
473 lu_result_sent = RES_NONE;
474 gsup_expect_tx("08010809710000004026f0");
475 ms_sends_msg("050802008168000130089910070000006402");
476 OSMO_ASSERT(gsup_tx_confirmed);
477 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
478
479 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
480 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
481 auth_request_sent = false;
482 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
483 auth_request_expect_autn = NULL;
484 gsup_rx("0a"
485 /* imsi */
486 "0108" "09710000004026f0"
487 /* 5 auth vectors... */
488 /* TL TL rand */
489 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
490 /* TL sres TL kc */
491 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
492 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
493 "2104" "20bde240" "2208" "07fa7502e07e1c00"
494 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
495 "2104" "a29514ae" "2208" "e2b234f807886400"
496 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
497 "2104" "5afc8d72" "2208" "2392f14f709ae000"
498 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
499 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
500 NULL);
501 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
502 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
503
504 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
505 cipher_mode_cmd_sent = false;
506 ms_sends_msg("05542d8b2c3e");
507 OSMO_ASSERT(cipher_mode_cmd_sent);
508 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
509
510 btw("needs ciph, not yet accepted");
511 EXPECT_ACCEPTED(false);
512 thwart_rx_non_initial_requests();
513 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
514
515 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
516 gsup_expect_tx("04010809710000004026f0");
517 ms_sends_msg("0632");
518 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
519
520 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
521 gsup_rx("10010809710000004026f00804036470f1",
522 "12010809710000004026f0");
523 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
524
525 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
526 dtap_expect_tx("051802");
527 gsup_rx("06010809710000004026f0", NULL);
528
529 btw("We will only do business when the IMEI is known");
530 EXPECT_CONN_COUNT(1);
531 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
532 OSMO_ASSERT(vsub);
533 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
534 vlr_subscr_put(vsub);
535 EXPECT_ACCEPTED(false);
536 thwart_rx_non_initial_requests();
537
538 btw("MS replies with an Identity Response");
539 ms_sends_msg("0559084a32244332244332");
540
541 btw("LU was successful, and the conn has already been closed");
542 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
543 EXPECT_CONN_COUNT(0);
544
545 btw("Subscriber has the IMEI");
546 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
547 OSMO_ASSERT(vsub);
548 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423423"), == 0, "%d");
549 vlr_subscr_put(vsub);
550
551 BTW("subscriber detaches");
552 ms_sends_msg("050130089910070000006402");
553
554 EXPECT_CONN_COUNT(0);
555 clear_vlr();
556 comment_end();
557}
558
559void test_ciph_imeisv()
560{
561 struct vlr_subscr *vsub;
562 const char *imsi = "901700000004620";
563
564 comment_start();
565
566 /* implicit: net->authentication_required = true; */
567 net->a5_encryption = VLR_CIPH_A5_1;
Neels Hofmeyr54a706c2017-07-18 15:39:27 +0200[diff] [blame^]568 net->vlr->cfg.retrieve_imeisv_ciphered = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]569
570 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
571 lu_result_sent = RES_NONE;
572 gsup_expect_tx("08010809710000004026f0");
573 ms_sends_msg("050802008168000130089910070000006402");
574 OSMO_ASSERT(gsup_tx_confirmed);
575 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
576
577 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
578 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
579 auth_request_sent = false;
580 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
581 auth_request_expect_autn = NULL;
582 gsup_rx("0a"
583 /* imsi */
584 "0108" "09710000004026f0"
585 /* 5 auth vectors... */
586 /* TL TL rand */
587 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
588 /* TL sres TL kc */
589 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
590 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
591 "2104" "20bde240" "2208" "07fa7502e07e1c00"
592 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
593 "2104" "a29514ae" "2208" "e2b234f807886400"
594 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
595 "2104" "5afc8d72" "2208" "2392f14f709ae000"
596 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
597 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
598 NULL);
599 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
600 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
601
602 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
603 cipher_mode_cmd_sent = false;
604 ms_sends_msg("05542d8b2c3e");
605 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
606 VERBOSE_ASSERT(cipher_mode_cmd_sent_with_imeisv, == true, "%d");
607 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
608
609 btw("needs ciph, not yet accepted");
610 EXPECT_ACCEPTED(false);
611 thwart_rx_non_initial_requests();
612 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
613
614 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
615 OSMO_ASSERT(vsub);
616 VERBOSE_ASSERT(vsub->imeisv[0], == 0, "%d");
617 vlr_subscr_put(vsub);
618
619 btw("MS sends Ciphering Mode Complete with IMEISV, VLR accepts and sends GSUP LU Req to HLR");
620 gsup_expect_tx("04010809710000004026f0");
621 ms_sends_msg("063217094b32244332244332f5");
622 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
623
624 btw("Subscriber has the IMEISV");
625 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
626 OSMO_ASSERT(vsub);
627 VERBOSE_ASSERT(strcmp(vsub->imeisv, "4234234234234235"), == 0, "%d");
628 vlr_subscr_put(vsub);
629
630 EXPECT_ACCEPTED(false);
631 thwart_rx_non_initial_requests();
632
633 btw("MS replies with an Identity Response");
634 ms_sends_msg("0559084a32244332244332");
635
636 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
637 gsup_rx("10010809710000004026f00804036470f1",
638 "12010809710000004026f0");
639 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
640
641 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
642 gsup_rx("06010809710000004026f0", NULL);
643
644 btw("LU was successful, and the conn has already been closed");
645 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
646 EXPECT_CONN_COUNT(0);
647
648 BTW("subscriber detaches");
649 ms_sends_msg("050130089910070000006402");
650
651 EXPECT_CONN_COUNT(0);
652 clear_vlr();
653 comment_end();
654}
655
656void test_ciph_tmsi_imei()
657{
658 struct vlr_subscr *vsub;
659 const char *imsi = "901700000004620";
660
661 comment_start();
662
663 /* implicit: net->authentication_required = true; */
664 net->a5_encryption = VLR_CIPH_A5_1;
665 net->vlr->cfg.assign_tmsi = true;
666 net->vlr->cfg.check_imei_rqd = true;
667
668 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
669 lu_result_sent = RES_NONE;
670 gsup_expect_tx("08010809710000004026f0");
671 ms_sends_msg("050802008168000130089910070000006402");
672 OSMO_ASSERT(gsup_tx_confirmed);
673 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
674
675 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
676 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
677 auth_request_sent = false;
678 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
679 auth_request_expect_autn = NULL;
680 gsup_rx("0a"
681 /* imsi */
682 "0108" "09710000004026f0"
683 /* 5 auth vectors... */
684 /* TL TL rand */
685 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
686 /* TL sres TL kc */
687 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
688 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
689 "2104" "20bde240" "2208" "07fa7502e07e1c00"
690 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
691 "2104" "a29514ae" "2208" "e2b234f807886400"
692 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
693 "2104" "5afc8d72" "2208" "2392f14f709ae000"
694 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
695 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
696 NULL);
697 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
698 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
699
700 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
701 cipher_mode_cmd_sent = false;
702 ms_sends_msg("05542d8b2c3e");
703 OSMO_ASSERT(cipher_mode_cmd_sent);
704 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
705
706 btw("needs ciph, not yet accepted");
707 EXPECT_ACCEPTED(false);
708 thwart_rx_non_initial_requests();
709 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
710
711 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
712 gsup_expect_tx("04010809710000004026f0");
713 ms_sends_msg("0632");
714 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
715
716 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
717 gsup_rx("10010809710000004026f00804036470f1",
718 "12010809710000004026f0");
719 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
720
721 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
722 dtap_expect_tx("051802");
723 gsup_rx("06010809710000004026f0", NULL);
724
725 btw("We will only do business when the IMEI is known");
726 EXPECT_CONN_COUNT(1);
727 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
728 OSMO_ASSERT(vsub);
729 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
730 vlr_subscr_put(vsub);
731 EXPECT_ACCEPTED(false);
732 thwart_rx_non_initial_requests();
733
734 btw("MS replies with an Identity Response");
735 ms_sends_msg("0559084a32244332244332");
736
737 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
738 EXPECT_CONN_COUNT(1);
739 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
740 EXPECT_ACCEPTED(false);
741 thwart_rx_non_initial_requests();
742
743 btw("even though the TMSI is not acked, we can already find the subscr with it");
744 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
745 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
746 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
747 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
748 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
749 vlr_subscr_put(vsub);
750
751 btw("MS sends TMSI Realloc Complete");
752 ms_sends_msg("055b");
753
754 btw("LU was successful, and the conn has already been closed");
755 EXPECT_CONN_COUNT(0);
756
757 btw("Subscriber has the IMEI and TMSI");
758 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
759 OSMO_ASSERT(vsub);
760 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423423"), == 0, "%d");
761 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
762 vlr_subscr_put(vsub);
763
764 BTW("subscriber detaches, using TMSI");
765 ms_sends_msg("050130" "05f4" "03020100");
766
767 EXPECT_CONN_COUNT(0);
768 clear_vlr();
769 comment_end();
770}
771
772void test_lu_unknown_tmsi()
773{
774 comment_start();
775
776 btw("Location Update request with unknown TMSI sends ID Request for IMSI");
777 lu_result_sent = RES_NONE;
778 dtap_expect_tx("051801");
779 ms_sends_msg("050802008168000130" "05f4" "23422342");
780 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
781
782 EXPECT_ACCEPTED(false);
783 thwart_rx_non_initial_requests();
784
785 btw("MS tells us the IMSI, causes a GSUP LU request to HLR");
786 gsup_expect_tx("04010809710000004026f0");
787 ms_sends_msg("0559089910070000006402");
788 OSMO_ASSERT(gsup_tx_confirmed);
789 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
790
791 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
792 gsup_rx("10010809710000004026f00804036470f1",
793 "12010809710000004026f0");
794 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
795
796 btw("having received subscriber data does not mean acceptance");
797 EXPECT_ACCEPTED(false);
798 thwart_rx_non_initial_requests();
799 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
800
801 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
802 gsup_rx("06010809710000004026f0", NULL);
803
804 btw("LU was successful, and the conn has already been closed");
805 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
806 EXPECT_CONN_COUNT(0);
807 clear_vlr();
808 comment_end();
809}
810
811msc_vlr_test_func_t msc_vlr_tests[] = {
812 test_ciph,
813 test_ciph_tmsi,
814 test_ciph_imei,
815 test_ciph_imeisv,
816 test_ciph_tmsi_imei,
817 NULL
818};