Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 7b1418e6fc8ae21b179de89e1045a89457525f73 / . / tests / msc_vlr / msc_vlr_test_authen_reuse.c
blob: 103c90489a36c85b7431602bdcfa8ac7af5d4956 [file] [log] [blame]
Neels Hofmeyr7b1418e2017-10-29 02:12:16 +0100[diff] [blame^]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24/* NOTE that further auth re-use tests exist in msc_vlr_test_hlr_reject.c */
25
26#include "msc_vlr_tests.h"
27
28#define ASSERT_RELEASE_CLEAR(via_ran) \
29 switch (via_ran) { \
30 case RAN_GERAN_A: \
31 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d"); \
32 break; \
33 case RAN_UTRAN_IU: \
34 VERBOSE_ASSERT(iu_release_sent, == true, "%d"); \
35 break; \
36 default: \
37 OSMO_ASSERT(false); \
38 break; \
39 }
40
41void _test_auth_reuse(enum ran_type via_ran,
42 int set_max_reuse_count,
43 int loop_requests_without_hlr,
44 bool final_request_with_hlr)
45{
46 struct vlr_subscr *vsub;
47 const char *imsi = "901700000010650";
48 int expected_use_count;
49 int i;
50
51 net->authentication_required = true;
52 net->vlr->cfg.assign_tmsi = true;
53 net->vlr->cfg.auth_tuple_max_reuse_count = set_max_reuse_count;
54 net->vlr->cfg.auth_reuse_old_sets_on_error = false;
55 rx_from_ran = via_ran;
56
57 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
58 lu_result_sent = RES_NONE;
59 gsup_expect_tx("080108" "09710000000156f0");
60 ms_sends_msg("0508" /* MM LU */
61 "7" /* ciph key seq: no key available */
62 "0" /* LU type: normal */
63 "ffffff" "0000" /* LAI, LAC */
64 "57" /* classmark 1: R99, early classmark, no power lvl */
65 "089910070000106005" /* IMSI */
66 "3303575886" /* classmark 2 */
67 );
68 OSMO_ASSERT(gsup_tx_confirmed);
69 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
70
71 btw("from HLR, rx _SEND_AUTH_INFO_RESULT, only one tuple; VLR sends Auth Req to MS");
72 /* based on auc_3g:
73 * K = 'EB215756028D60E3275E613320AEC880',
74 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
75 * SQN = 0
76 */
77 auth_request_sent = false;
78 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
79 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
80 gsup_rx("0a"
81 /* imsi */
82 "0108" "09710000000156f0"
83 /* TL TL rand */
84 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
85 /* TL sres TL kc */
86 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
87 /* TL 3G IK */
88 "2310" "27497388b6cb044648f396aa155b95ef"
89 /* TL 3G CK */
90 "2410" "f64735036e5871319c679f4742a75ea1"
91 /* TL AUTN */
92 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
93 /* TL RES */
94 "2708" "e229c19e791f2e41",
95 NULL);
96 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
97 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
98
99 if (via_ran == RAN_GERAN_A) {
100 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
101 gsup_expect_tx("04010809710000000156f0");
102 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
103 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
104 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
105 } else {
106 /* On UTRAN */
107 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
108 cipher_mode_cmd_sent = false;
109 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
110 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
111 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
112
113 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
114 gsup_expect_tx("04010809710000000156f0");
115 ms_sends_security_mode_complete();
116 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
117 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
118 }
119
120 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
121 gsup_rx("10010809710000000156f00804032443f2",
122 "12010809710000000156f0");
123 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
124
125 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
126 gsup_rx("06010809710000000156f0", NULL);
127
128 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
129
130 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
131 EXPECT_CONN_COUNT(1);
132 EXPECT_ACCEPTED(false);
133 thwart_rx_non_initial_requests();
134
135 btw("even though the TMSI is not acked, we can already find the subscr with it");
136 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
137 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
138 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
139 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
140 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
141 vlr_subscr_put(vsub);
142
143 btw("MS sends TMSI Realloc Complete");
144 expect_release_clear(via_ran);
145 ms_sends_msg("055b");
146 ASSERT_RELEASE_CLEAR(via_ran);
147
148 btw("LU was successful, and the conn has already been closed");
149 EXPECT_CONN_COUNT(0);
150
151 expected_use_count = 1;
152
153 for (i = 0; i < loop_requests_without_hlr; i++, expected_use_count++) {
154 BTW("Now the auth tuple has use_count == %d", expected_use_count);
155 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
156 OSMO_ASSERT(vsub);
157 OSMO_ASSERT(vsub->last_tuple);
158 VERBOSE_ASSERT(vsub->last_tuple->use_count, == expected_use_count, "%d");
159 vlr_subscr_put(vsub);
160
161 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req,"
162 " and reuses old auth vector");
163 auth_request_sent = true;
164 cm_service_result_sent = RES_NONE;
165 ms_sends_msg("052478"
166 "03575886" /* classmark 2 */
167 "089910070000106005" /* IMSI */);
168 OSMO_ASSERT(g_conn);
169 OSMO_ASSERT(g_conn->conn_fsm);
170 OSMO_ASSERT(g_conn->vsub);
171 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
172 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
173
174 if (via_ran == RAN_GERAN_A) {
175 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
176 gsup_expect_tx(NULL);
177 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
178 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
179 } else {
180 /* On UTRAN */
181 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
182 cipher_mode_cmd_sent = false;
183 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
184 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
185 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
186
187 btw("MS sends SecurityModeControl acceptance, VLR accepts; above Ciphering is an implicit CM Service Accept");
188 ms_sends_security_mode_complete();
189 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
190 }
191
192 btw("a USSD request is serviced");
193 dtap_expect_tx_ussd("Your extension is 42342\r");
194 expect_release_clear(via_ran);
195 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
196 OSMO_ASSERT(dtap_tx_confirmed);
197 ASSERT_RELEASE_CLEAR(via_ran);
198
199 btw("all requests serviced, conn has been released");
200 EXPECT_CONN_COUNT(0);
201 }
202
203 if (final_request_with_hlr) {
204 BTW("Now the auth tuple has use_count == %d, as much as is allowed.", expected_use_count);
205 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
206 OSMO_ASSERT(vsub);
207 OSMO_ASSERT(vsub->last_tuple);
208 VERBOSE_ASSERT(vsub->last_tuple->use_count, == expected_use_count, "%d");
209 vlr_subscr_put(vsub);
210
211 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req,"
212 " and needs to request a second auth vector from HLR");
213 auth_request_sent = false;
214 cm_service_result_sent = RES_NONE;
215 gsup_expect_tx("080108" "09710000000156f0");
216 ms_sends_msg("052478"
217 "03575886" /* classmark 2 */
218 "089910070000106005" /* IMSI */);
219 OSMO_ASSERT(g_conn);
220 OSMO_ASSERT(g_conn->conn_fsm);
221 OSMO_ASSERT(g_conn->vsub);
222 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
223 VERBOSE_ASSERT(auth_request_sent, == false, "%d");
224 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
225
226 btw("from HLR, rx _SEND_AUTH_INFO_RESULT, second tuple; VLR sends Auth Req to MS");
227 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
228 auth_request_expect_autn = "1843a645b98d00005b2d666af46c45d9";
229 gsup_rx("0a"
230 /* imsi */
231 "0108" "09710000000156f0"
232 /* TL TL rand */
233 /* TL sres TL kc */
234 /* TL 3G IK */
235 /* TL 3G CK */
236 /* TL AUTN */
237 /* TL RES */
238 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
239 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
240 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
241 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
242 "2510" "1843a645b98d00005b2d666af46c45d9"
243 "2708" "7db47cf7f81e4dc7",
244 NULL);
245 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
246 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
247
248 if (via_ran == RAN_GERAN_A) {
249 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
250 gsup_expect_tx(NULL);
251 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
252 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
253 } else {
254 /* On UTRAN */
255 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
256 cipher_mode_cmd_sent = false;
257 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
258 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
259 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
260
261 btw("MS sends SecurityModeControl acceptance, VLR accepts; above Ciphering is an implicit CM Service Accept");
262 ms_sends_security_mode_complete();
263 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
264 }
265
266 btw("a USSD request is serviced");
267 dtap_expect_tx_ussd("Your extension is 42342\r");
268 expect_release_clear(via_ran);
269 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
270 OSMO_ASSERT(dtap_tx_confirmed);
271 ASSERT_RELEASE_CLEAR(via_ran);
272
273 btw("all requests serviced, conn has been released");
274 EXPECT_CONN_COUNT(0);
275 }
276
277 BTW("subscriber detaches");
278 expect_release_clear(via_ran);
279 ms_sends_msg("050130"
280 "089910070000106005" /* IMSI */);
281 ASSERT_RELEASE_CLEAR(via_ran);
282
283 EXPECT_CONN_COUNT(0);
284 clear_vlr();
285}
286
287void test_auth_use_twice_geran()
288{
289 comment_start();
290 _test_auth_reuse(RAN_GERAN_A, 1, 1, true);
291 comment_end();
292}
293
294void test_auth_use_twice_utran()
295{
296 comment_start();
297 _test_auth_reuse(RAN_UTRAN_IU, 1, 1, true);
298 comment_end();
299}
300
301void test_auth_use_infinitely_geran()
302{
303 comment_start();
304 _test_auth_reuse(RAN_GERAN_A, -1, 3, false);
305 comment_end();
306}
307
308void test_auth_use_infinitely_utran()
309{
310 comment_start();
311 _test_auth_reuse(RAN_UTRAN_IU, -1, 3, false);
312 comment_end();
313}
314
315void test_no_auth_reuse_geran()
316{
317 comment_start();
318 _test_auth_reuse(RAN_GERAN_A, 0, 0, true);
319 comment_end();
320}
321
322void test_no_auth_reuse_utran()
323{
324 comment_start();
325 _test_auth_reuse(RAN_UTRAN_IU, 0, 0, true);
326 comment_end();
327}
328
329msc_vlr_test_func_t msc_vlr_tests[] = {
330 test_auth_use_twice_geran,
331 test_auth_use_twice_utran,
332 test_auth_use_infinitely_geran,
333 test_auth_use_infinitely_utran,
334 test_no_auth_reuse_geran,
335 test_no_auth_reuse_utran,
336 NULL
337};