Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 5e19b9a0bf5846af427df76ce737e2949333a594 / . / tests / msc_vlr / msc_vlr_test_gsm_authen.c
blob: ee5af1ecbd8a06b75621a91f1e8d99d898d63814 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]26static void test_gsm_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]29 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]30
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]31 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]32
33 net->authentication_required = true;
34
35 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
36 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]37 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]38 ms_sends_msg("0508020081680001"
39 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
40 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]41 OSMO_ASSERT(gsup_tx_confirmed);
42 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
43
44 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
45 auth_request_sent = false;
46 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
47 auth_request_expect_autn = NULL;
48 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
49 gsup_rx("0a"
50 /* imsi */
51 "0108" "09710000004026f0"
52 /* 5 auth vectors... */
53 /* TL TL rand */
54 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
55 /* TL sres TL kc */
56 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
57 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
58 "2104" "20bde240" "2208" "07fa7502e07e1c00"
59 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
60 "2104" "a29514ae" "2208" "e2b234f807886400"
61 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
62 "2104" "5afc8d72" "2208" "2392f14f709ae000"
63 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]64 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000"
65 HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]66 NULL);
67 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
68 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
69
70 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]71 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]72 EXPECT_ACCEPTED(false);
73
74 thwart_rx_non_initial_requests();
75
76 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
77
78 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]79 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]80 ms_sends_msg("05542d8b2c3e");
81 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
82
83 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]84 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
85 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]86 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
87
88 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]89 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]90 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]91 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]92
93 btw("LU was successful, and the conn has already been closed");
94 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]95 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]96 EXPECT_CONN_COUNT(0);
97
98 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
99 auth_request_sent = false;
100 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
101 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]102 ms_sends_msg("05247403305886089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]103 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
104 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
105
106 btw("needs auth, not yet accepted");
107 EXPECT_ACCEPTED(false);
108 thwart_rx_non_initial_requests();
109
110 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
111 gsup_expect_tx(NULL);
112 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
113 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
114
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]115 /* Release connection */
Vadim Yanitskiy188dd5f2019-06-19 02:05:08 +0700[diff] [blame]116 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]117 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]118
119 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]120 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]121 EXPECT_CONN_COUNT(0);
122
123 BTW("an SMS is sent, MS is paged");
124 paging_expect_imsi(imsi);
125 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]126 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]127 OSMO_ASSERT(vsub);
128 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
129
130 send_sms(vsub, vsub,
131 "Privacy in residential applications is a desirable"
132 " marketing option.");
133
134 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]135 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]136 vsub = NULL;
137 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]138
139 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]140 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]141 OSMO_ASSERT(vsub);
142 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]143 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]144
145 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
146 auth_request_sent = false;
147 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
148 ms_sends_msg("06270703305882089910070000006402");
149 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
150
151 btw("needs auth, not yet accepted");
152 EXPECT_ACCEPTED(false);
153 thwart_rx_non_initial_requests();
154
155 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
156 dtap_expect_tx("09" /* SMS messages */
157 "01" /* CP-DATA */
158 "58" /* length */
159 "01" /* Network to MS */
160 "00" /* reference */
161 /* originator (gsm411_send_sms() hardcodes this weird nr) */
162 "0791" "447758100650" /* 447785016005 */
163 "00" /* dest */
164 /* SMS TPDU */
165 "4c" /* len */
166 "00" /* SMS deliver */
167 "05806470f1" /* originating address 46071 */
168 "00" /* TP-PID */
169 "00" /* GSM default alphabet */
170 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
171 "000000" /* H-M-S */
172 "00" /* GMT+0 */
173 "44" /* data length */
174 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
175 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
176 "0c7ac3e9e9b7db05");
177 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
178 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]179
180 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]181 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]182 OSMO_ASSERT(vsub);
183 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]184 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]185
186 btw("conn is still open to wait for SMS ack dance");
187 EXPECT_CONN_COUNT(1);
188
189 btw("MS replies with CP-ACK for received SMS");
190 ms_sends_msg("8904");
191 EXPECT_CONN_COUNT(1);
192
193 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
194 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]195 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]196 ms_sends_msg("890106020041020000");
197 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]198 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]199
200 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]201 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]202 EXPECT_CONN_COUNT(0);
203
204 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]205 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]206 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]207 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]208
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]209 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]210 EXPECT_CONN_COUNT(0);
211 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]212 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]213}
214
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]215static void test_gsm_authen_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]216{
217 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]218 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]219
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]220 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]221
222 net->authentication_required = true;
223 net->vlr->cfg.assign_tmsi = true;
224
225 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
226 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]227 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]228 ms_sends_msg("0508020081680001"
229 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
230 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]231 OSMO_ASSERT(gsup_tx_confirmed);
232 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
233
234 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
235 auth_request_sent = false;
236 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
237 auth_request_expect_autn = NULL;
238 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
239 gsup_rx("0a"
240 /* imsi */
241 "0108" "09710000004026f0"
242 /* 5 auth vectors... */
243 /* TL TL rand */
244 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
245 /* TL sres TL kc */
246 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
247 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
248 "2104" "20bde240" "2208" "07fa7502e07e1c00"
249 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
250 "2104" "a29514ae" "2208" "e2b234f807886400"
251 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
252 "2104" "5afc8d72" "2208" "2392f14f709ae000"
253 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]254 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000"
255 HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]256 NULL);
257 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
258 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
259
260 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]261 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]262 EXPECT_ACCEPTED(false);
263
264 thwart_rx_non_initial_requests();
265
266 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
267
268 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]269 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]270 ms_sends_msg("05542d8b2c3e");
271 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
272
273 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]274 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
275 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]276 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
277
278 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]279 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]280
281 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
282 EXPECT_CONN_COUNT(1);
283 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
284 EXPECT_ACCEPTED(false);
285 thwart_rx_non_initial_requests();
286
287 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]288 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]289 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
290 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
291 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
292 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]293 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]294
295 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]296 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]297 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]298 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]299
300 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]301 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]302 EXPECT_CONN_COUNT(0);
303
304 btw("Subscriber has the new TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]305 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]306 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
307 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
308 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
309 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]310 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]311
312 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
313 auth_request_sent = false;
314 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
315 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]316 ms_sends_msg("05247403305886" "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]317 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
318 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
319
320 btw("needs auth, not yet accepted");
321 EXPECT_ACCEPTED(false);
322 thwart_rx_non_initial_requests();
323
324 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
325 gsup_expect_tx(NULL);
326 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
327 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
328
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]329 /* Release connection */
Vadim Yanitskiy188dd5f2019-06-19 02:05:08 +0700[diff] [blame]330 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]331 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]332
333 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]334 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]335 EXPECT_CONN_COUNT(0);
336
337 BTW("an SMS is sent, MS is paged");
338 paging_expect_tmsi(0x03020100);
339 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]340 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]341 OSMO_ASSERT(vsub);
342 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
343
344 send_sms(vsub, vsub,
345 "Privacy in residential applications is a desirable"
346 " marketing option.");
347
348 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]349 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]350 vsub = NULL;
351 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]352
353 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]354 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]355 OSMO_ASSERT(vsub);
356 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]357 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]358
359 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
360 auth_request_sent = false;
361 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
362 ms_sends_msg("06270703305882" "05f4" "03020100");
363 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
364
365 btw("needs auth, not yet accepted");
366 EXPECT_ACCEPTED(false);
367 thwart_rx_non_initial_requests();
368
369 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
370 dtap_expect_tx("09" /* SMS messages */
371 "01" /* CP-DATA */
372 "58" /* length */
373 "01" /* Network to MS */
374 "00" /* reference */
375 /* originator (gsm411_send_sms() hardcodes this weird nr) */
376 "0791" "447758100650" /* 447785016005 */
377 "00" /* dest */
378 /* SMS TPDU */
379 "4c" /* len */
380 "00" /* SMS deliver */
381 "05806470f1" /* originating address 46071 */
382 "00" /* TP-PID */
383 "00" /* GSM default alphabet */
384 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
385 "000000" /* H-M-S */
386 "00" /* GMT+0 */
387 "44" /* data length */
388 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
389 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
390 "0c7ac3e9e9b7db05");
391 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
392 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]393
394 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]395 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]396 OSMO_ASSERT(vsub);
397 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]398 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]399
400 btw("conn is still open to wait for SMS ack dance");
401 EXPECT_CONN_COUNT(1);
402
403 btw("MS replies with CP-ACK for received SMS");
404 ms_sends_msg("8904");
405 EXPECT_CONN_COUNT(1);
406
407 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
408 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]409 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]410 ms_sends_msg("890106020041020000");
411 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]412 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]413
414 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]415 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]416 EXPECT_CONN_COUNT(0);
417
418 /* TODO: when the subscriber detaches, the vlr_subscr gets
419 * deallocated and we no longer know the TMSI. This case is covered by
420 * test_lu_unknown_tmsi(), so here I'd like to still have the TMSI.
421 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]422 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]423 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]424 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]425 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]426 EXPECT_CONN_COUNT(0);
427 */
428
429 BTW("subscriber sends LU Request, this time with the TMSI");
430 btw("Location Update request causes an Auth Req to MS");
431 lu_result_sent = RES_NONE;
432 auth_request_sent = false;
433 auth_request_expect_rand = "fa8f20b781b5881329d4fea26b1a3c51";
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]434 ms_sends_msg("0508020081680001"
435 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
436 "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]437 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
438 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
439
440 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]441 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]442 ms_sends_msg("05545afc8d72");
443 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
444
445 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]446 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
447 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]448 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
449
450 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]451 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]452
453 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
454 EXPECT_CONN_COUNT(1);
455 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
456 EXPECT_ACCEPTED(false);
457 thwart_rx_non_initial_requests();
458
459 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]460 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]461 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
462 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
463 VERBOSE_ASSERT(vsub->tmsi_new, == 0x07060504, "0x%08x");
464 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]465 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]466
467 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]468 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]469 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]470 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]471
472 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]473 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]474 EXPECT_CONN_COUNT(0);
475
476 btw("subscriber has the new TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]477 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]478 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
479 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
480 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
481 VERBOSE_ASSERT(vsub->tmsi, == 0x07060504, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]482 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]483
484 BTW("subscriber detaches, using new TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]485 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]486 ms_sends_msg("050130" "05f4" "07060504");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]487 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]488
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]489 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]490 EXPECT_CONN_COUNT(0);
491 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]492 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]493}
494
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]495static void test_gsm_authen_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]496{
497 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]498 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]499
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]500 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]501
502 net->authentication_required = true;
503 net->vlr->cfg.check_imei_rqd = true;
504
505 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
506 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]507 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]508 ms_sends_msg("0508020081680001"
509 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
510 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]511 OSMO_ASSERT(gsup_tx_confirmed);
512 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
513
514 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
515 auth_request_sent = false;
516 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
517 auth_request_expect_autn = NULL;
518 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
519 gsup_rx("0a"
520 /* imsi */
521 "0108" "09710000004026f0"
522 /* 5 auth vectors... */
523 /* TL TL rand */
524 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
525 /* TL sres TL kc */
526 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
527 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
528 "2104" "20bde240" "2208" "07fa7502e07e1c00"
529 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
530 "2104" "a29514ae" "2208" "e2b234f807886400"
531 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
532 "2104" "5afc8d72" "2208" "2392f14f709ae000"
533 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]534 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000"
535 HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]536 NULL);
537 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
538 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
539
540 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]541 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]542 EXPECT_ACCEPTED(false);
543 thwart_rx_non_initial_requests();
544 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
545
546 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]547 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]548 ms_sends_msg("05542d8b2c3e");
549 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
550
551 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]552 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
553 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]554 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
555
556 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
557 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]558 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]559
560 btw("We will only do business when the IMEI is known");
561 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]562 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]563 OSMO_ASSERT(vsub);
564 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]565 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]566 EXPECT_ACCEPTED(false);
567 thwart_rx_non_initial_requests();
568
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]569 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]570 gsup_expect_tx("30010809710000004026f050080724433224433224" VLR_TO_HLR);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]571 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]572 EXPECT_ACCEPTED(false);
573 thwart_rx_non_initial_requests();
574
575 btw("HLR accepts the IMEI");
576 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]577 gsup_rx("32010809710000004026f0510100" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]578 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]579
580 btw("LU was successful, and the conn has already been closed");
581 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]582 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]583 EXPECT_CONN_COUNT(0);
584
585 btw("Subscriber has the IMEI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]586 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]587 OSMO_ASSERT(vsub);
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]588 VERBOSE_ASSERT(strcmp(vsub->imei, "42342342342342"), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]589 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]590
591 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]592 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]593 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]594 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]595
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]596 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]597 EXPECT_CONN_COUNT(0);
598 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]599 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]600}
601
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]602static void test_gsm_authen_imei_nack()
603{
604 struct vlr_subscr *vsub;
605 const char *imsi = "901700000004620";
606
607 comment_start();
608
609 net->authentication_required = true;
610 net->vlr->cfg.check_imei_rqd = true;
611
612 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
613 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]614 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]615 ms_sends_msg("0508020081680001"
616 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
617 "089910070000006402");
618 OSMO_ASSERT(gsup_tx_confirmed);
619 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
620
621 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
622 auth_request_sent = false;
623 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
624 auth_request_expect_autn = NULL;
625 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
626 gsup_rx("0a"
627 /* imsi */
628 "0108" "09710000004026f0"
629 /* 5 auth vectors... */
630 /* TL TL rand */
631 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
632 /* TL sres TL kc */
633 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
634 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
635 "2104" "20bde240" "2208" "07fa7502e07e1c00"
636 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
637 "2104" "a29514ae" "2208" "e2b234f807886400"
638 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
639 "2104" "5afc8d72" "2208" "2392f14f709ae000"
640 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]641 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000"
642 HLR_TO_VLR,
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]643 NULL);
644 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
645 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
646
647 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]648 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]649 EXPECT_ACCEPTED(false);
650
651 thwart_rx_non_initial_requests();
652
653 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
654
655 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]656 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]657 ms_sends_msg("05542d8b2c3e");
658 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
659
660 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]661 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
662 "12010809710000004026f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]663 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
664
665 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
666 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]667 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]668
669 btw("We will only do business when the IMEI is known");
670 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]671 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]672 OSMO_ASSERT(vsub);
673 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]674 vlr_subscr_put(vsub, __func__);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]675 EXPECT_ACCEPTED(false);
676 thwart_rx_non_initial_requests();
677
678 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]679 gsup_expect_tx("30010809710000004026f050080724433224433224" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]680 ms_sends_msg("0559084a32244332244302");
681 EXPECT_ACCEPTED(false);
682 thwart_rx_non_initial_requests();
683
684 expect_bssap_clear();
685 btw("HLR does not like the IMEI and sends NACK");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]686 gsup_rx("32010809710000004026f0510101" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]687 EXPECT_ACCEPTED(false);
688 thwart_rx_non_initial_requests();
689
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]690 ran_sends_clear_complete();
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]691 EXPECT_CONN_COUNT(0);
692 clear_vlr();
693 comment_end();
694}
695
696static void test_gsm_authen_imei_err()
697{
698 struct vlr_subscr *vsub;
699 const char *imsi = "901700000004620";
700
701 comment_start();
702
703 net->authentication_required = true;
704 net->vlr->cfg.check_imei_rqd = true;
705
706 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
707 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]708 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]709 ms_sends_msg("0508020081680001"
710 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
711 "089910070000006402");
712 OSMO_ASSERT(gsup_tx_confirmed);
713 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
714
715 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
716 auth_request_sent = false;
717 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
718 auth_request_expect_autn = NULL;
719 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
720 gsup_rx("0a"
721 /* imsi */
722 "0108" "09710000004026f0"
723 /* 5 auth vectors... */
724 /* TL TL rand */
725 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
726 /* TL sres TL kc */
727 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
728 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
729 "2104" "20bde240" "2208" "07fa7502e07e1c00"
730 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
731 "2104" "a29514ae" "2208" "e2b234f807886400"
732 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
733 "2104" "5afc8d72" "2208" "2392f14f709ae000"
734 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]735 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]736 NULL);
737 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
738 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
739
740 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]741 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]742 EXPECT_ACCEPTED(false);
743
744 thwart_rx_non_initial_requests();
745
746 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
747
748 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]749 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]750 ms_sends_msg("05542d8b2c3e");
751 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
752
753 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]754 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
755 "12010809710000004026f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]756 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
757
758 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
759 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]760 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]761
762 btw("We will only do business when the IMEI is known");
763 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]764 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]765 OSMO_ASSERT(vsub);
766 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]767 vlr_subscr_put(vsub, __func__);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]768 EXPECT_ACCEPTED(false);
769 thwart_rx_non_initial_requests();
770
771 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]772 gsup_expect_tx("30010809710000004026f050080724433224433224" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]773 ms_sends_msg("0559084a32244332244302");
774 EXPECT_ACCEPTED(false);
775 thwart_rx_non_initial_requests();
776
777 expect_bssap_clear();
778 btw("HLR can't parse the message and returns ERR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]779 gsup_rx("31010809710000004026f0020160" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]780 EXPECT_ACCEPTED(false);
781 thwart_rx_non_initial_requests();
782
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]783 ran_sends_clear_complete();
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]784 EXPECT_CONN_COUNT(0);
785 clear_vlr();
786 comment_end();
787}
788
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]789static void test_gsm_authen_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]790{
791 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]792 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]793
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]794 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]795
796 net->authentication_required = true;
797 net->vlr->cfg.assign_tmsi = true;
798 net->vlr->cfg.check_imei_rqd = true;
799
800 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
801 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]802 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]803 ms_sends_msg("0508020081680001"
804 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
805 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]806 OSMO_ASSERT(gsup_tx_confirmed);
807 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
808
809 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
810 auth_request_sent = false;
811 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
812 auth_request_expect_autn = NULL;
813 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
814 gsup_rx("0a"
815 /* imsi */
816 "0108" "09710000004026f0"
817 /* 5 auth vectors... */
818 /* TL TL rand */
819 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
820 /* TL sres TL kc */
821 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
822 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
823 "2104" "20bde240" "2208" "07fa7502e07e1c00"
824 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
825 "2104" "a29514ae" "2208" "e2b234f807886400"
826 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
827 "2104" "5afc8d72" "2208" "2392f14f709ae000"
828 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]829 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]830 NULL);
831 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
832 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
833
834 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]835 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]836 EXPECT_ACCEPTED(false);
837
838 thwart_rx_non_initial_requests();
839
840 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
841
842 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]843 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]844 ms_sends_msg("05542d8b2c3e");
845 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
846
847 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]848 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
849 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]850 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
851
852 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
853 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]854 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]855
856 btw("We will only do business when the IMEI is known");
857 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]858 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]859 OSMO_ASSERT(vsub);
860 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]861 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]862 EXPECT_ACCEPTED(false);
863 thwart_rx_non_initial_requests();
864
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]865 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]866 gsup_expect_tx("30010809710000004026f050080724433224433224" VLR_TO_HLR);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]867 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]868 EXPECT_ACCEPTED(false);
869 thwart_rx_non_initial_requests();
870
871 btw("HLR accepts the IMEI");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]872 gsup_rx("32010809710000004026f0510100" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]873
874 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
875 EXPECT_CONN_COUNT(1);
876 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
877 EXPECT_ACCEPTED(false);
878 thwart_rx_non_initial_requests();
879
880 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]881 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]882 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
883 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
884 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
885 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]886 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]887
888 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]889 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]890 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]891 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]892
893 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]894 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]895 EXPECT_CONN_COUNT(0);
896
897 btw("Subscriber has the IMEI and TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]898 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]899 OSMO_ASSERT(vsub);
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]900 VERBOSE_ASSERT(strcmp(vsub->imei, "42342342342342"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]901 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]902 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]903
904 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]905 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]906 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]907 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]908
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]909 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]910 EXPECT_CONN_COUNT(0);
911 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]912 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]913}
914
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]915static void test_gsm_milenage_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]916{
917 struct vlr_subscr *vsub;
918 const char *imsi = "901700000010650";
919
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]920 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]921
922 net->authentication_required = true;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]923 rx_from_ran = OSMO_RAT_GERAN_A;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]924
925 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
926 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]927 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]928 ms_sends_msg("0508" /* MM LU */
929 "7" /* ciph key seq: no key available */
930 "0" /* LU type: normal */
931 "ffffff" "0000" /* LAI, LAC */
932 "30" /* classmark 1: GSM phase 2 */
933 "089910070000106005" /* IMSI */
934 );
935 OSMO_ASSERT(gsup_tx_confirmed);
936 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
937
938 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
939 /* based on auc_3g:
940 * K = 'EB215756028D60E3275E613320AEC880',
941 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
942 * SQN = 0
943 */
944 auth_request_sent = false;
945 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
946 auth_request_expect_autn = NULL;
947 gsup_rx("0a"
948 /* imsi */
949 "0108" "09710000000156f0"
950 /* 5 auth vectors... */
951 /* TL TL rand */
952 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
953 /* TL sres TL kc */
954 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
955 /* TL 3G IK */
956 "2310" "27497388b6cb044648f396aa155b95ef"
957 /* TL 3G CK */
958 "2410" "f64735036e5871319c679f4742a75ea1"
959 /* TL AUTN */
960 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
961 /* TL RES */
962 "2708" "e229c19e791f2e41"
963 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
964 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
965 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
966 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
967 "2510" "1843a645b98d00005b2d666af46c45d9"
968 "2708" "7db47cf7f81e4dc7"
969 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
970 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
971 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
972 "2410" "76542abce5ff9345b0e8947f4c6e019c"
973 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]974 "2708" "706f996719ba609c" HLR_TO_VLR,
975 NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]976 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
977 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
978
979 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]980 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]981 ms_sends_msg("0554" "9b36efdf");
982 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
983
984 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]985 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
986 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]987 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
988
989 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]990 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]991 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]992 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]993
994 btw("LU was successful, and the conn has already been closed");
995 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]996 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]997 EXPECT_CONN_COUNT(0);
998
999 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1000 auth_request_sent = false;
1001 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
1002 auth_request_expect_autn = NULL;
1003 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1004 ms_sends_msg("052474"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1005 "03305886" /* classmark 2: GSM phase 2 */
1006 "089910070000106005" /* IMSI */);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1007 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1008 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1009
1010 btw("needs auth, not yet accepted");
1011 EXPECT_ACCEPTED(false);
1012 thwart_rx_non_initial_requests();
1013
1014 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
1015 gsup_expect_tx(NULL);
1016 ms_sends_msg("0554" "85aa3130"); /* 2nd vector's sres, s.a. */
1017 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
1018
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]1019 /* Release connection */
Vadim Yanitskiy188dd5f2019-06-19 02:05:08 +0700[diff] [blame]1020 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1021 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1022
1023 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1024 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1025 EXPECT_CONN_COUNT(0);
1026
1027 BTW("an SMS is sent, MS is paged");
1028 paging_expect_imsi(imsi);
1029 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1030 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1031 OSMO_ASSERT(vsub);
1032 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1033
1034 send_sms(vsub, vsub,
1035 "Privacy in residential applications is a desirable"
1036 " marketing option.");
1037
1038 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1039 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1040 vsub = NULL;
1041 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1042
1043 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1044 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1045 OSMO_ASSERT(vsub);
1046 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1047 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1048
1049 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1050 auth_request_sent = false;
1051 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
1052 auth_request_expect_autn = NULL;
1053 ms_sends_msg("062707"
1054 "03305886" /* classmark 2 */
1055 "089910070000106005" /* IMSI */);
1056 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1057
1058 btw("needs auth, not yet accepted");
1059 EXPECT_ACCEPTED(false);
1060 thwart_rx_non_initial_requests();
1061
1062 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
1063 dtap_expect_tx("09" /* SMS messages */
1064 "01" /* CP-DATA */
1065 "58" /* length */
1066 "01" /* Network to MS */
1067 "00" /* reference */
1068 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1069 "0791" "447758100650" /* 447785016005 */
1070 "00" /* dest */
1071 /* SMS TPDU */
1072 "4c" /* len */
1073 "00" /* SMS deliver */
1074 "05802443f2" /* originating address 42342 */
1075 "00" /* TP-PID */
1076 "00" /* GSM default alphabet */
1077 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1078 "000000" /* H-M-S */
1079 "00" /* GMT+0 */
1080 "44" /* data length */
1081 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1082 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1083 "0c7ac3e9e9b7db05");
1084 ms_sends_msg("0554" "69d5f9fb"); /* 3nd vector's sres, s.a. */
1085 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1086
1087 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1088 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1089 OSMO_ASSERT(vsub);
1090 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1091 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1092
1093 btw("conn is still open to wait for SMS ack dance");
1094 EXPECT_CONN_COUNT(1);
1095
1096 btw("MS replies with CP-ACK for received SMS");
1097 ms_sends_msg("8904");
1098 EXPECT_CONN_COUNT(1);
1099
1100 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1101 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1102 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1103 ms_sends_msg("890106020041020000");
1104 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1105 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1106
1107 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1108 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1109 EXPECT_CONN_COUNT(0);
1110
1111 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1112 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1113 ms_sends_msg("050130"
1114 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1115 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1116
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1117 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1118 EXPECT_CONN_COUNT(0);
1119 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]1120 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1121}
1122
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1123static void test_wrong_sres_length()
1124{
1125 comment_start();
1126 fake_time_start();
1127
1128 net->authentication_required = true;
1129
1130 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1131 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1132 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]1133 ms_sends_msg("0508020081680001"
1134 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
1135 "089910070000006402");
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1136 OSMO_ASSERT(gsup_tx_confirmed);
1137 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1138
1139 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1140 auth_request_sent = false;
1141 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1142 auth_request_expect_autn = NULL;
1143 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1144 gsup_rx("0a"
1145 /* imsi */
1146 "0108" "09710000004026f0"
1147 /* 5 auth vectors... */
1148 /* TL TL rand */
1149 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1150 /* TL sres TL kc */
1151 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1152 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1153 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1154 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1155 "2104" "a29514ae" "2208" "e2b234f807886400"
1156 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1157 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1158 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1159 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1160 NULL);
1161 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1162 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1163
1164 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1165 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1166 EXPECT_ACCEPTED(false);
1167
1168 thwart_rx_non_initial_requests();
1169
1170 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1171
1172 btw("MS sends Authen Response with too short SRES data, auth is thwarted.");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1173 gsup_expect_tx("0b010809710000004026f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1174 expect_bssap_clear();
1175 ms_sends_msg("05542d8b2c");
1176 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
1177
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1178 ran_sends_clear_complete();
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1179 EXPECT_CONN_COUNT(0);
1180 clear_vlr();
1181 comment_end();
1182}
1183
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1184msc_vlr_test_func_t msc_vlr_tests[] = {
1185 test_gsm_authen,
1186 test_gsm_authen_tmsi,
1187 test_gsm_authen_imei,
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]1188 test_gsm_authen_imei_nack,
1189 test_gsm_authen_imei_err,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1190 test_gsm_authen_tmsi_imei,
1191 test_gsm_milenage_authen,
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1192 test_wrong_sres_length,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1193 NULL
1194};