Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / a456583d502a857c684451498fb2927c6443ad92 / . / tests / msc_vlr / msc_vlr_test_gsm_ciph.c
blob: 38a5caff07551816f5e21f09a9d964866dad236f [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]26static const struct osmo_gsm48_classmark classmark = {
27 // TODO
28 //bss_sends_bssap_mgmt("541203505886130b6014042f6503b8800d2100");
29};
30
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]31static void test_ciph()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]32{
33 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]34 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]35
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]36 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]37
38 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]39 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]40
41 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
42 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]43 gsup_expect_tx("08010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]44 ms_sends_msg("050802008168000130089910070000006402");
45 OSMO_ASSERT(gsup_tx_confirmed);
46 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
47
48 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
49 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
50 auth_request_sent = false;
51 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
52 auth_request_expect_autn = NULL;
53 gsup_rx("0a"
54 /* imsi */
55 "0108" "09710000004026f0"
56 /* 5 auth vectors... */
57 /* TL TL rand */
58 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
59 /* TL sres TL kc */
60 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
61 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
62 "2104" "20bde240" "2208" "07fa7502e07e1c00"
63 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
64 "2104" "a29514ae" "2208" "e2b234f807886400"
65 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
66 "2104" "5afc8d72" "2208" "2392f14f709ae000"
67 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]68 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]69 NULL);
70 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
71 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
72
73 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]74 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]75 ms_sends_msg("05542d8b2c3e");
76 OSMO_ASSERT(cipher_mode_cmd_sent);
77 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
78
79 btw("needs ciph, not yet accepted");
80 EXPECT_ACCEPTED(false);
81 thwart_rx_non_initial_requests();
82 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
83
84 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]85 gsup_expect_tx("04010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]86 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]87 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
88
89 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]90 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
91 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]92 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
93
94 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]95 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]96 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]97 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]98
99 btw("LU was successful, and the conn has already been closed");
100 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]101 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]102 EXPECT_CONN_COUNT(0);
103
104 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
105 cm_service_result_sent = RES_NONE;
106 auth_request_sent = false;
107 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]108 ms_sends_msg("05247403305886089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]109 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
110 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
111
112 btw("needs auth, not yet accepted");
113 EXPECT_ACCEPTED(false);
114 thwart_rx_non_initial_requests();
115
116 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]117 expect_cipher_mode_cmd("07fa7502e07e1c00");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]118 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
119 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
120 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
121
122 btw("needs ciph, not yet accepted");
123 EXPECT_ACCEPTED(false);
124 thwart_rx_non_initial_requests();
125
126 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]127 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]128 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
129
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]130 /* Release connection */
Vadim Yanitskiy188dd5f2019-06-19 02:05:08 +0700[diff] [blame]131 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]132 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]133
134 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]135 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]136 EXPECT_CONN_COUNT(0);
137
138 BTW("an SMS is sent, MS is paged");
139 paging_expect_imsi(imsi);
140 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]141 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]142 OSMO_ASSERT(vsub);
143 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
144
145 send_sms(vsub, vsub,
146 "Privacy in residential applications is a desirable"
147 " marketing option.");
148
149 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]150 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]151 vsub = NULL;
152 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]153
154 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]155 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]156 OSMO_ASSERT(vsub);
157 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]158 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]159
160 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
161 auth_request_sent = false;
162 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
163 ms_sends_msg("06270703305882089910070000006402");
164 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
165
166 btw("needs auth, not yet accepted");
167 EXPECT_ACCEPTED(false);
168 thwart_rx_non_initial_requests();
169
170 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]171 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]172 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
173 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
174
175 btw("needs ciph, not yet accepted");
176 EXPECT_ACCEPTED(false);
177 thwart_rx_non_initial_requests();
178
179 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
180 dtap_expect_tx("09" /* SMS messages */
181 "01" /* CP-DATA */
182 "58" /* length */
183 "01" /* Network to MS */
184 "00" /* reference */
185 /* originator (gsm411_send_sms() hardcodes this weird nr) */
186 "0791" "447758100650" /* 447785016005 */
187 "00" /* dest */
188 /* SMS TPDU */
189 "4c" /* len */
190 "00" /* SMS deliver */
191 "05806470f1" /* originating address 46071 */
192 "00" /* TP-PID */
193 "00" /* GSM default alphabet */
194 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
195 "000000" /* H-M-S */
196 "00" /* GMT+0 */
197 "44" /* data length */
198 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
199 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
200 "0c7ac3e9e9b7db05");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]201 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]202 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]203
204 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]205 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]206 OSMO_ASSERT(vsub);
207 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]208 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]209
210 btw("conn is still open to wait for SMS ack dance");
211 EXPECT_CONN_COUNT(1);
212
213 btw("MS replies with CP-ACK for received SMS");
214 ms_sends_msg("8904");
215 EXPECT_CONN_COUNT(1);
216
217 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
218 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]219 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]220 ms_sends_msg("890106020041020000");
221 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]222 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]223
224 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]225 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]226 EXPECT_CONN_COUNT(0);
227
228 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]229 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]230 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]231 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]232
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]233 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]234 EXPECT_CONN_COUNT(0);
235 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]236 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]237}
238
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]239static void test_ciph_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]240{
241 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]242 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]243
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]244 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]245
246 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]247 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]248 net->vlr->cfg.assign_tmsi = true;
249
250 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
251 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]252 gsup_expect_tx("08010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]253 ms_sends_msg("050802008168000130089910070000006402");
254 OSMO_ASSERT(gsup_tx_confirmed);
255 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
256
257 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
258 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
259 auth_request_sent = false;
260 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
261 auth_request_expect_autn = NULL;
262 gsup_rx("0a"
263 /* imsi */
264 "0108" "09710000004026f0"
265 /* 5 auth vectors... */
266 /* TL TL rand */
267 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
268 /* TL sres TL kc */
269 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
270 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
271 "2104" "20bde240" "2208" "07fa7502e07e1c00"
272 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
273 "2104" "a29514ae" "2208" "e2b234f807886400"
274 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
275 "2104" "5afc8d72" "2208" "2392f14f709ae000"
276 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]277 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]278 NULL);
279 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
280 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
281
282 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]283 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]284 ms_sends_msg("05542d8b2c3e");
285 OSMO_ASSERT(cipher_mode_cmd_sent);
286 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
287 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
288
289 btw("needs ciph, not yet accepted");
290 EXPECT_ACCEPTED(false);
291 thwart_rx_non_initial_requests();
292 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
293
294 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]295 gsup_expect_tx("04010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]296 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]297 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
298
299 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]300 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
301 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]302 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
303
304 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]305 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]306
307 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
308 EXPECT_CONN_COUNT(1);
309 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
310 EXPECT_ACCEPTED(false);
311 thwart_rx_non_initial_requests();
312
313 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]314 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]315 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
316 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
317 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
318 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]319 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]320
321 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]322 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]323 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]324 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]325
326 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]327 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]328 EXPECT_CONN_COUNT(0);
329
330 btw("Subscriber has the new TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]331 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]332 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
333 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
334 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
335 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]336 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]337
338 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
339 cm_service_result_sent = RES_NONE;
340 auth_request_sent = false;
341 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
342 auth_request_expect_autn = NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]343 ms_sends_msg("05247403305886" "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]344 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
345 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
346
347 btw("needs auth, not yet accepted");
348 EXPECT_ACCEPTED(false);
349 thwart_rx_non_initial_requests();
350
351 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]352 expect_cipher_mode_cmd("07fa7502e07e1c00");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]353 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
354 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
355 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
356
357 btw("needs ciph, not yet accepted");
358 EXPECT_ACCEPTED(false);
359 thwart_rx_non_initial_requests();
360
361 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]362 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]363 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
364
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]365 /* Release connection */
Vadim Yanitskiy188dd5f2019-06-19 02:05:08 +0700[diff] [blame]366 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]367 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]368
369 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]370 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]371 EXPECT_CONN_COUNT(0);
372
373 BTW("an SMS is sent, MS is paged");
374 paging_expect_tmsi(0x03020100);
375 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]376 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]377 OSMO_ASSERT(vsub);
378 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
379
380 send_sms(vsub, vsub,
381 "Privacy in residential applications is a desirable"
382 " marketing option.");
383
384 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]385 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]386 vsub = NULL;
387 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]388
389 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]390 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]391 OSMO_ASSERT(vsub);
392 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]393 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]394
395 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
396 auth_request_sent = false;
397 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
398 ms_sends_msg("06270703305882" "05f4" "03020100");
399 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
400
401 btw("needs auth, not yet accepted");
402 EXPECT_ACCEPTED(false);
403 thwart_rx_non_initial_requests();
404
405 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]406 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]407 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
408 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
409
410 btw("needs ciph, not yet accepted");
411 EXPECT_ACCEPTED(false);
412 thwart_rx_non_initial_requests();
413
414 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
415 dtap_expect_tx("09" /* SMS messages */
416 "01" /* CP-DATA */
417 "58" /* length */
418 "01" /* Network to MS */
419 "00" /* reference */
420 /* originator (gsm411_send_sms() hardcodes this weird nr) */
421 "0791" "447758100650" /* 447785016005 */
422 "00" /* dest */
423 /* SMS TPDU */
424 "4c" /* len */
425 "00" /* SMS deliver */
426 "05806470f1" /* originating address 46071 */
427 "00" /* TP-PID */
428 "00" /* GSM default alphabet */
429 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
430 "000000" /* H-M-S */
431 "00" /* GMT+0 */
432 "44" /* data length */
433 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
434 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
435 "0c7ac3e9e9b7db05");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]436 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]437 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]438
439 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]440 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]441 OSMO_ASSERT(vsub);
442 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]443 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]444
445 btw("conn is still open to wait for SMS ack dance");
446 EXPECT_CONN_COUNT(1);
447
448 btw("MS replies with CP-ACK for received SMS");
449 ms_sends_msg("8904");
450 EXPECT_CONN_COUNT(1);
451
452 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
453 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]454 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]455 ms_sends_msg("890106020041020000");
456 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]457 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]458
459 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]460 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]461 EXPECT_CONN_COUNT(0);
462
463 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]464 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]465 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]466 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]467
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]468 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]469 EXPECT_CONN_COUNT(0);
470 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]471 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]472}
473
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]474static void test_ciph_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]475{
476 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]477 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]478
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]479 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]480
481 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]482 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]483 net->vlr->cfg.check_imei_rqd = true;
484
485 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
486 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]487 gsup_expect_tx("08010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]488 ms_sends_msg("050802008168000130089910070000006402");
489 OSMO_ASSERT(gsup_tx_confirmed);
490 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
491
492 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
493 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
494 auth_request_sent = false;
495 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
496 auth_request_expect_autn = NULL;
497 gsup_rx("0a"
498 /* imsi */
499 "0108" "09710000004026f0"
500 /* 5 auth vectors... */
501 /* TL TL rand */
502 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
503 /* TL sres TL kc */
504 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
505 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
506 "2104" "20bde240" "2208" "07fa7502e07e1c00"
507 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
508 "2104" "a29514ae" "2208" "e2b234f807886400"
509 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
510 "2104" "5afc8d72" "2208" "2392f14f709ae000"
511 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]512 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]513 NULL);
514 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
515 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
516
517 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]518 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]519 ms_sends_msg("05542d8b2c3e");
520 OSMO_ASSERT(cipher_mode_cmd_sent);
521 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
522
523 btw("needs ciph, not yet accepted");
524 EXPECT_ACCEPTED(false);
525 thwart_rx_non_initial_requests();
526 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
527
528 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]529 gsup_expect_tx("04010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]530 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]531 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
532
533 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]534 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
535 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]536 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
537
538 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
539 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]540 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]541
542 btw("We will only do business when the IMEI is known");
543 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]544 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]545 OSMO_ASSERT(vsub);
546 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]547 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]548 EXPECT_ACCEPTED(false);
549 thwart_rx_non_initial_requests();
550
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]551 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]552 gsup_expect_tx("30010809710000004026f050080724433224433224" VLR_TO_HLR);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]553 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]554 EXPECT_ACCEPTED(false);
555 thwart_rx_non_initial_requests();
556
557 btw("HLR accepts the IMEI");
558 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]559 gsup_rx("32010809710000004026f0510100" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]560 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]561
562 btw("LU was successful, and the conn has already been closed");
563 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]564 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]565 EXPECT_CONN_COUNT(0);
566
567 btw("Subscriber has the IMEI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]568 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]569 OSMO_ASSERT(vsub);
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]570 VERBOSE_ASSERT(strcmp(vsub->imei, "42342342342342"), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]571 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]572
573 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]574 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]575 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]576 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]577
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]578 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]579 EXPECT_CONN_COUNT(0);
580 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]581 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]582}
583
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]584static void test_ciph_imeisv()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]585{
586 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]587 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]588
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]589 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]590
591 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]592 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr54a706c2017-07-18 15:39:27 +0200[diff] [blame]593 net->vlr->cfg.retrieve_imeisv_ciphered = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]594
595 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
596 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]597 gsup_expect_tx("08010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]598 ms_sends_msg("050802008168000130089910070000006402");
599 OSMO_ASSERT(gsup_tx_confirmed);
600 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
601
602 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
603 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
604 auth_request_sent = false;
605 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
606 auth_request_expect_autn = NULL;
607 gsup_rx("0a"
608 /* imsi */
609 "0108" "09710000004026f0"
610 /* 5 auth vectors... */
611 /* TL TL rand */
612 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
613 /* TL sres TL kc */
614 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
615 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
616 "2104" "20bde240" "2208" "07fa7502e07e1c00"
617 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
618 "2104" "a29514ae" "2208" "e2b234f807886400"
619 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
620 "2104" "5afc8d72" "2208" "2392f14f709ae000"
621 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]622 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]623 NULL);
624 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
625 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
626
627 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]628 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]629 ms_sends_msg("05542d8b2c3e");
630 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
631 VERBOSE_ASSERT(cipher_mode_cmd_sent_with_imeisv, == true, "%d");
632 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
633
634 btw("needs ciph, not yet accepted");
635 EXPECT_ACCEPTED(false);
636 thwart_rx_non_initial_requests();
637 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
638
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]639 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]640 OSMO_ASSERT(vsub);
641 VERBOSE_ASSERT(vsub->imeisv[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]642 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]643
644 btw("MS sends Ciphering Mode Complete with IMEISV, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]645 gsup_expect_tx("04010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr0ec7b232020-05-29 03:28:32 +0200[diff] [blame]646 ms_sends_ciphering_mode_complete("063217094332244332244372f5");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]647 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
648
649 btw("Subscriber has the IMEISV");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]650 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]651 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]652 VERBOSE_ASSERT(strcmp(vsub->imeisv, "4234234234234275"), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]653 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]654
655 EXPECT_ACCEPTED(false);
656 thwart_rx_non_initial_requests();
657
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]658 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]659 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
660 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]661 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
662
663 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]664 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]665 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]666 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]667
668 btw("LU was successful, and the conn has already been closed");
669 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]670 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]671 EXPECT_CONN_COUNT(0);
672
673 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]674 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]675 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]676 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]677
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]678 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]679 EXPECT_CONN_COUNT(0);
680 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]681 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]682}
683
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]684static void test_ciph_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]685{
686 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]687 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]688
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]689 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]690
691 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]692 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]693 net->vlr->cfg.assign_tmsi = true;
694 net->vlr->cfg.check_imei_rqd = true;
695
696 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
697 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]698 gsup_expect_tx("08010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]699 ms_sends_msg("050802008168000130089910070000006402");
700 OSMO_ASSERT(gsup_tx_confirmed);
701 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
702
703 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
704 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
705 auth_request_sent = false;
706 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
707 auth_request_expect_autn = NULL;
708 gsup_rx("0a"
709 /* imsi */
710 "0108" "09710000004026f0"
711 /* 5 auth vectors... */
712 /* TL TL rand */
713 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
714 /* TL sres TL kc */
715 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
716 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
717 "2104" "20bde240" "2208" "07fa7502e07e1c00"
718 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
719 "2104" "a29514ae" "2208" "e2b234f807886400"
720 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
721 "2104" "5afc8d72" "2208" "2392f14f709ae000"
722 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]723 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]724 NULL);
725 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
726 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
727
728 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]729 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]730 ms_sends_msg("05542d8b2c3e");
731 OSMO_ASSERT(cipher_mode_cmd_sent);
732 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
733
734 btw("needs ciph, not yet accepted");
735 EXPECT_ACCEPTED(false);
736 thwart_rx_non_initial_requests();
737 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
738
739 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]740 gsup_expect_tx("04010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]741 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]742 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
743
744 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]745 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
746 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]747 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
748
749 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
750 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]751 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]752
753 btw("We will only do business when the IMEI is known");
754 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]755 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]756 OSMO_ASSERT(vsub);
757 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]758 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]759 EXPECT_ACCEPTED(false);
760 thwart_rx_non_initial_requests();
761
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]762 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]763 gsup_expect_tx("30010809710000004026f050080724433224433224" VLR_TO_HLR);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]764 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]765 EXPECT_ACCEPTED(false);
766 thwart_rx_non_initial_requests();
767
768 btw("HLR accepts the IMEI");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]769 gsup_rx("32010809710000004026f0510100" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]770
771 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
772 EXPECT_CONN_COUNT(1);
773 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
774 EXPECT_ACCEPTED(false);
775 thwart_rx_non_initial_requests();
776
777 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]778 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]779 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
780 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
781 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
782 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]783 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]784
785 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]786 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]787 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]788 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]789
790 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]791 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]792 EXPECT_CONN_COUNT(0);
793
794 btw("Subscriber has the IMEI and TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]795 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]796 OSMO_ASSERT(vsub);
Oliver Smithd1037052019-05-02 13:39:26 +0200[diff] [blame]797 VERBOSE_ASSERT(strcmp(vsub->imei, "42342342342342"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]798 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]799 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]800
801 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]802 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]803 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]804 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]805
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]806 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]807 EXPECT_CONN_COUNT(0);
808 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]809 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]810}
811
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]812static void test_gsm_ciph_in_umts_env()
813{
814 struct vlr_subscr *vsub;
815 const char *imsi = "901700000010650";
816 const char *sms =
817 "09" /* SMS messages */
818 "01" /* CP-DATA */
819 "58" /* length */
820 "01" /* Network to MS */
821 "00" /* reference */
822 /* originator (gsm411_send_sms() hardcodes this weird nr) */
823 "0791" "447758100650" /* 447785016005 */
824 "00" /* dest */
825 /* SMS TPDU */
826 "4c" /* len */
827 "00" /* SMS deliver */
828 "05802443f2" /* originating address 42342 */
829 "00" /* TP-PID */
830 "00" /* GSM default alphabet */
831 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
832 "000000" /* H-M-S */
833 "00" /* GMT+0 */
834 "44" /* data length */
835 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
836 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
837 "0c7ac3e9e9b7db05";
838
839 comment_start();
840
841 /* implicit: net->authentication_required = true; */
842 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]843 rx_from_ran = OSMO_RAT_GERAN_A;
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]844
845 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
846 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]847 gsup_expect_tx("080108" "09710000000156f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]848 ms_sends_msg("0508" /* MM LU */
849 "7" /* ciph key seq: no key available */
850 "0" /* LU type: normal */
851 "ffffff" "0000" /* LAI, LAC */
852 "57" /* classmark 1: R99, early classmark, no power lvl */
853 "089910070000106005" /* IMSI */
854 "3303575886" /* classmark 2 */
855 );
856 OSMO_ASSERT(gsup_tx_confirmed);
857 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
858
859 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends *UMTS AKA* Auth Req to MS");
860 /* based on
861 * 2G auth: COMP128v1
862 * KI=7bcd108be4c3d551ee6c67faaf52bd68
863 * 3G auth: MILENAGE
864 * K=7bcd108be4c3d551ee6c67faaf52bd68
865 * OPC=6e23f641ce724679b73d933515a8589d
866 * IND-bitlen=5 last-SQN=641
867 * Note that the SRES will be calculated by COMP128v1, separately from 3G tokens;
868 * the resulting Kc to use for ciphering returned by the HLR is also calculated from COMP128v1.
869 */
870 auth_request_sent = false;
871 auth_request_expect_rand = "4ac8d1cd1a51937597ca1016fe69a0fa";
872 auth_request_expect_autn = "2d837d2b0d6f00004b282d5acf23428d";
873 gsup_rx("0a"
874 /* imsi */
875 "0108" "09710000000156f0"
876 /* 5 auth vectors... */
877 /* TL TL rand */
878 "0362" "2010" "4ac8d1cd1a51937597ca1016fe69a0fa"
879 /* TL sres TL kc */
880 "2104" "dacc4b26" "2208" "7a75f0ac9b844400"
881 /* TL 3G IK */
882 "2310" "3747da4e31545baa2db59e500bdae047"
883 /* TL 3G CK */
884 "2410" "8544d35b945ccba01a7f1293575291c3"
885 /* TL AUTN */
886 "2510" "2d837d2b0d6f00004b282d5acf23428d"
887 /* TL RES */
888 "2708" "37527064741f8ddb"
889 /* TL TL rand */
890 "0362" "2010" "b2661531b97b12c5a2edc21a0ed16fc5"
891 "2104" "2fb4cfad" "2208" "da149b11d473f400"
892 "2310" "3fe013b1a428ea737c37f8f0288c8edf"
893 "2410" "f275438c02b97e4d6f639dddda3d10b9"
894 "2510" "78cdd96c60840000322f421b3bb778b1"
895 "2708" "ed3ebf9cb6ea48ed"
896 "0362" "2010" "54d8f19778056666b41c8c25e52eb60c"
897 "2104" "0ff61e0f" "2208" "26ec67fad3073000"
898 "2310" "2868b0922c652616f1c975e3eaf7943a"
899 "2410" "6a84a20b1bc13ec9840466406d2dd91e"
900 "2510" "53f3e5632b3d00008865dd54d49663f2"
901 "2708" "86e848a9e7ad8cd5"
902 "0362" "2010" "1f05607ff9c8984f46ad97f8c9a94982"
903 "2104" "91a36e3d" "2208" "5d84421884fdcc00"
904 "2310" "2171fef54b81e30c83a598a5e44f634c"
905 "2410" "f02d088697509827565b46938fece211"
906 "2510" "1b43bbf9815e00001cb9b2a9f6b8a77c"
907 "2708" "373e67d62e719c51"
908 "0362" "2010" "80d89a58a2a41050918caf68a4e93c64"
909 "2104" "a319f5f1" "2208" "883df2b867293000"
910 "2310" "fa5d70f929ff298efb160413698dc107"
911 "2410" "ae9a3d8ce70ce13bac297bdb91cd6c68"
912 "2510" "5c0dc2eeaefa0000396882a1fe2cf80b"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]913 "2708" "65ab1cad216bfe87" HLR_TO_VLR,
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]914 NULL);
915 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
916 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
917
918 btw("MS sends *GSM AKA* Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]919 expect_cipher_mode_cmd("7a75f0ac9b844400");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]920 ms_sends_msg("0554" "dacc4b26");
921 OSMO_ASSERT(cipher_mode_cmd_sent);
922 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
923
924 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]925 gsup_expect_tx("04010809710000000156f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]926 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]927 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
928
929 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]930 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
931 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]932 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
933
934 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
935 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]936 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]937 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
938
939 btw("LU was successful, and the conn has already been closed");
940 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]941 ran_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]942 EXPECT_CONN_COUNT(0);
943
944 BTW("after a while, a new conn sends a CM Service Request. VLR responds with *UMTS AKA* Auth Req, 2nd auth vector");
945 auth_request_sent = false;
946 auth_request_expect_rand = "b2661531b97b12c5a2edc21a0ed16fc5";
947 auth_request_expect_autn = "78cdd96c60840000322f421b3bb778b1";
948 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]949 ms_sends_msg("052474"
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]950 "03575886" /* classmark 2 */
951 "089910070000106005" /* IMSI */);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]952 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
953 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
954
955 btw("needs auth, not yet accepted");
956 EXPECT_ACCEPTED(false);
957 thwart_rx_non_initial_requests();
958
959 btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]960 expect_cipher_mode_cmd("da149b11d473f400");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]961 ms_sends_msg("0554" "2fb4cfad");
962 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
963 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
964
965 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]966 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]967 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
968
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]969 /* Release connection */
Vadim Yanitskiy188dd5f2019-06-19 02:05:08 +0700[diff] [blame]970 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]971 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]972
973 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]974 ran_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]975 EXPECT_CONN_COUNT(0);
976
977 BTW("an SMS is sent, MS is paged");
978 paging_expect_imsi(imsi);
979 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]980 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]981 OSMO_ASSERT(vsub);
982 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
983
984 send_sms(vsub, vsub,
985 "Privacy in residential applications is a desirable"
986 " marketing option.");
987
988 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]989 vlr_subscr_put(vsub, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]990 vsub = NULL;
991 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]992
993 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]994 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]995 OSMO_ASSERT(vsub);
996 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]997 vlr_subscr_put(vsub, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]998
999 btw("MS replies with Paging Response, and VLR sends *UMTS AKA* Auth Request with third key");
1000 auth_request_sent = false;
1001 auth_request_expect_rand = "54d8f19778056666b41c8c25e52eb60c";
1002 auth_request_expect_autn = "53f3e5632b3d00008865dd54d49663f2";
1003 ms_sends_msg("062707"
1004 "03575886" /* classmark 2 */
1005 "089910070000106005" /* IMSI */);
1006 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1007
1008 btw("needs auth, not yet accepted");
1009 EXPECT_ACCEPTED(false);
1010 thwart_rx_non_initial_requests();
1011
1012 btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1013 expect_cipher_mode_cmd("26ec67fad3073000");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1014 ms_sends_msg("0554" "0ff61e0f");
1015 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1016
1017 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1018 dtap_expect_tx(sms);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1019 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1020 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1021
1022 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1023 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1024 OSMO_ASSERT(vsub);
1025 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1026 vlr_subscr_put(vsub, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1027
1028 btw("conn is still open to wait for SMS ack dance");
1029 EXPECT_CONN_COUNT(1);
1030
1031 btw("MS replies with CP-ACK for received SMS");
1032 ms_sends_msg("8904");
1033 EXPECT_CONN_COUNT(1);
1034
1035 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1036 dtap_expect_tx("0904");
1037 expect_bssap_clear();
1038 ms_sends_msg("890106020041020000");
1039 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1040 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1041
1042 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1043 ran_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1044 EXPECT_CONN_COUNT(0);
1045
1046 BTW("subscriber detaches");
1047 expect_bssap_clear();
1048 ms_sends_msg("050130"
1049 "089910070000106005" /* IMSI */);
1050 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1051
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1052 ran_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1053 EXPECT_CONN_COUNT(0);
1054 clear_vlr();
1055 comment_end();
1056}
1057
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1058static void test_a5_3_supported()
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1059{
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1060 struct vlr_subscr *vsub;
1061 const char *imsi = "901700000004620";
1062
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1063 comment_start();
1064
1065 /* implicit: net->authentication_required = true; */
1066 net->a5_encryption_mask = (1 << 3); /* A5/3 */
1067
1068 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1069 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]1070 gsup_expect_tx("08010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1071 ms_sends_msg("050802008168000130089910070000006402");
1072 OSMO_ASSERT(gsup_tx_confirmed);
1073 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1074
1075 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1076 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1077 auth_request_sent = false;
1078 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1079 auth_request_expect_autn = NULL;
1080 gsup_rx("0a"
1081 /* imsi */
1082 "0108" "09710000004026f0"
1083 /* 5 auth vectors... */
1084 /* TL TL rand */
1085 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1086 /* TL sres TL kc */
1087 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1088 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1089 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1090 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1091 "2104" "a29514ae" "2208" "e2b234f807886400"
1092 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1093 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1094 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1095 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1096 NULL);
1097 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1098 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1099
1100 BTW("MS sends Authen Response, VLR accepts and wants to send Ciphering Mode Command to MS"
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1101 " -- but needs Classmark 2 to determine whether A5/3 is supported");
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1102 cipher_mode_cmd_sent = false;
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1103 ms_sends_msg("05542d8b2c3e");
1104 OSMO_ASSERT(!cipher_mode_cmd_sent);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1105 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1106
1107 btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
1108 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1109 ms_sends_classmark_update(&classmark);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1110 OSMO_ASSERT(cipher_mode_cmd_sent);
1111 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1112
1113 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]1114 gsup_expect_tx("04010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1115 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1116 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1117
1118 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1119 gsup_rx("10010809710000004026f00804032443f2" HLR_TO_VLR,
1120 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1121 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1122
1123 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
1124 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1125 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1126 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1127
1128 btw("LU was successful, and the conn has already been closed");
1129 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1130 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1131 EXPECT_CONN_COUNT(0);
1132
1133 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1134 cm_service_result_sent = RES_NONE;
1135 auth_request_sent = false;
1136 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1137 ms_sends_msg("05247403305886089910070000006402");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1138 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1139 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1140
1141 btw("needs auth, not yet accepted");
1142 EXPECT_ACCEPTED(false);
1143 thwart_rx_non_initial_requests();
1144
1145 btw("MS sends Authen Response, VLR accepts and requests Ciphering. We already know Classmark 3,"
1146 " so no need to request Classmark Update.");
1147 expect_cipher_mode_cmd("07fa7502e07e1c00");
1148 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
1149 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1150 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1151
1152 btw("needs ciph, not yet accepted");
1153 EXPECT_ACCEPTED(false);
1154 thwart_rx_non_initial_requests();
1155
1156 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1157 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1158 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1159
1160 /* Release connection */
Vadim Yanitskiy188dd5f2019-06-19 02:05:08 +0700[diff] [blame]1161 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1162 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1163
1164 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1165 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1166 EXPECT_CONN_COUNT(0);
1167
1168 BTW("an SMS is sent, MS is paged");
1169 paging_expect_imsi(imsi);
1170 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1171 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1172 OSMO_ASSERT(vsub);
1173 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1174
1175 send_sms(vsub, vsub,
1176 "Privacy in residential applications is a desirable"
1177 " marketing option.");
1178
1179 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1180 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1181 vsub = NULL;
1182 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1183
1184 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1185 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1186 OSMO_ASSERT(vsub);
1187 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1188 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1189
1190 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1191 auth_request_sent = false;
1192 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
1193 ms_sends_msg("06270703305882089910070000006402");
1194 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1195
1196 btw("needs auth, not yet accepted");
1197 EXPECT_ACCEPTED(false);
1198 thwart_rx_non_initial_requests();
1199
1200 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
1201 expect_cipher_mode_cmd("e2b234f807886400");
1202 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
1203 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1204
1205 btw("needs ciph, not yet accepted");
1206 EXPECT_ACCEPTED(false);
1207 thwart_rx_non_initial_requests();
1208
1209 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1210 dtap_expect_tx("09" /* SMS messages */
1211 "01" /* CP-DATA */
1212 "58" /* length */
1213 "01" /* Network to MS */
1214 "00" /* reference */
1215 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1216 "0791" "447758100650" /* 447785016005 */
1217 "00" /* dest */
1218 /* SMS TPDU */
1219 "4c" /* len */
1220 "00" /* SMS deliver */
1221 "05802443f2" /* originating address 42342 */
1222 "00" /* TP-PID */
1223 "00" /* GSM default alphabet */
1224 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1225 "000000" /* H-M-S */
1226 "00" /* GMT+0 */
1227 "44" /* data length */
1228 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1229 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1230 "0c7ac3e9e9b7db05");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1231 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1232 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1233
1234 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1235 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1236 OSMO_ASSERT(vsub);
1237 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1238 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1239
1240 btw("conn is still open to wait for SMS ack dance");
1241 EXPECT_CONN_COUNT(1);
1242
1243 btw("MS replies with CP-ACK for received SMS");
1244 ms_sends_msg("8904");
1245 EXPECT_CONN_COUNT(1);
1246
1247 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1248 dtap_expect_tx("0904");
1249 expect_bssap_clear();
1250 ms_sends_msg("890106020041020000");
1251 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1252 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1253
1254 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1255 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1256 EXPECT_CONN_COUNT(0);
1257
1258 BTW("subscriber detaches");
1259 expect_bssap_clear();
1260 ms_sends_msg("050130089910070000006402");
1261 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1262
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1263 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1264 EXPECT_CONN_COUNT(0);
1265 clear_vlr();
1266 comment_end();
1267}
1268
1269/* During CM Service Request or Paging Response we already have Classmark 2 that indicates A5/3
Martin Hauke3f07dac2019-11-14 17:49:08 +0100[diff] [blame]1270 * availability. Here, in a hacky way remove the knowledge of Classmark 2 to tickle a code path where
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1271 * proc_arq_fsm needs a Classmark Update during Ciphering. Shouldn't happen in reality though. */
1272static void test_cm_service_needs_classmark_update()
1273{
1274 struct vlr_subscr *vsub;
1275 const char *imsi = "901700000004620";
1276
1277 comment_start();
1278
1279 /* A5/3 support is indicated in Classmark 3. By configuring A5/3, trigger the code paths that
1280 * send a Classmark Request. */
1281 net->a5_encryption_mask = (1 << 3); /* A5/3 */
1282 /* implicit: net->authentication_required = true; */
1283
1284 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1285 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]1286 gsup_expect_tx("08010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1287 ms_sends_msg("050802008168000130089910070000006402");
1288 OSMO_ASSERT(gsup_tx_confirmed);
1289 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1290
1291 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1292 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1293 auth_request_sent = false;
1294 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1295 auth_request_expect_autn = NULL;
1296 gsup_rx("0a"
1297 /* imsi */
1298 "0108" "09710000004026f0"
1299 /* 5 auth vectors... */
1300 /* TL TL rand */
1301 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1302 /* TL sres TL kc */
1303 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1304 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1305 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1306 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1307 "2104" "a29514ae" "2208" "e2b234f807886400"
1308 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1309 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1310 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1311 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1312 NULL);
1313 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1314 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1315
1316 BTW("MS sends Authen Response, VLR accepts and wants to send Ciphering Mode Command to MS"
1317 " -- but needs Classmark 2 to determine whether A5/3 is supported");
1318 cipher_mode_cmd_sent = false;
1319 ms_sends_msg("05542d8b2c3e");
1320 OSMO_ASSERT(!cipher_mode_cmd_sent);
1321 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1322
1323 btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
1324 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1325 ms_sends_classmark_update(&classmark);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1326 OSMO_ASSERT(cipher_mode_cmd_sent);
1327 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1328
1329 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]1330 gsup_expect_tx("04010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1331 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1332 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1333
1334 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1335 gsup_rx("10010809710000004026f00804032443f2" HLR_TO_VLR,
1336 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1337 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1338
1339 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
1340 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1341 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1342 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1343
1344 btw("LU was successful, and the conn has already been closed");
1345 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1346 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1347 EXPECT_CONN_COUNT(0);
1348
1349
1350 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1351 cm_service_result_sent = RES_NONE;
1352 auth_request_sent = false;
1353 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1354 ms_sends_msg("05247403305886089910070000006402");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1355 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1356 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1357
1358 btw("needs auth, not yet accepted");
1359 EXPECT_ACCEPTED(false);
1360 thwart_rx_non_initial_requests();
1361
1362 btw("MS sends Authen Response, VLR accepts and requests Ciphering. We already know Classmark 3,"
1363 " so no need to request Classmark Update.");
1364 expect_cipher_mode_cmd("07fa7502e07e1c00");
1365 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
1366 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1367 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1368
1369 btw("needs ciph, not yet accepted");
1370 EXPECT_ACCEPTED(false);
1371 thwart_rx_non_initial_requests();
1372
1373 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1374 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1375 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1376
1377 /* Release connection */
Vadim Yanitskiy188dd5f2019-06-19 02:05:08 +0700[diff] [blame]1378 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1379 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1380
1381 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1382 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1383 EXPECT_CONN_COUNT(0);
1384
1385 BTW("an SMS is sent, MS is paged");
1386 paging_expect_imsi(imsi);
1387 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1388 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1389 OSMO_ASSERT(vsub);
1390 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1391
1392 send_sms(vsub, vsub, "Privacy in residential applications is a desirable marketing option.");
1393
1394 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1395 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1396 vsub = NULL;
1397 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1398
1399 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1400 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1401 OSMO_ASSERT(vsub);
1402 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1403 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1404
1405 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1406 auth_request_sent = false;
1407 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
1408 ms_sends_msg("06270703305882089910070000006402");
1409 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1410
1411 BTW("Fake a situation where Classmark 2 is unknown during proc_arq_fsm");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1412 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1413 OSMO_ASSERT(vsub);
1414 vsub->classmark.classmark2_len = 0;
1415 vsub->classmark.classmark3_len = 0;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1416 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1417
1418 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
1419 btw("MS sends Authen Response, VLR accepts and requests Ciphering."
1420 " Normally, we'd know Classmark 3, but this test removed it."
1421 " Hence a Classmark Request is generated.");
1422 cipher_mode_cmd_sent = false;
1423 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
1424 OSMO_ASSERT(!cipher_mode_cmd_sent);
1425
1426 btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
1427 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1428 ms_sends_classmark_update(&classmark);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1429 OSMO_ASSERT(cipher_mode_cmd_sent);
1430
1431 btw("needs ciph, not yet accepted");
1432 EXPECT_ACCEPTED(false);
1433
1434 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1435 dtap_expect_tx("09" /* SMS messages */
1436 "01" /* CP-DATA */
1437 "58" /* length */
1438 "01" /* Network to MS */
1439 "00" /* reference */
1440 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1441 "0791" "447758100650" /* 447785016005 */
1442 "00" /* dest */
1443 /* SMS TPDU */
1444 "4c" /* len */
1445 "00" /* SMS deliver */
1446 "05802443f2" /* originating address 42342 */
1447 "00" /* TP-PID */
1448 "00" /* GSM default alphabet */
1449 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1450 "000000" /* H-M-S */
1451 "00" /* GMT+0 */
1452 "44" /* data length */
1453 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1454 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1455 "0c7ac3e9e9b7db05");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1456 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1457 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1458
1459 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1460 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1461 OSMO_ASSERT(vsub);
1462 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1463 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1464
1465 btw("conn is still open to wait for SMS ack dance");
1466 EXPECT_CONN_COUNT(1);
1467
1468 btw("MS replies with CP-ACK for received SMS");
1469 ms_sends_msg("8904");
1470 EXPECT_CONN_COUNT(1);
1471
1472 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1473 dtap_expect_tx("0904");
1474 expect_bssap_clear();
1475 ms_sends_msg("890106020041020000");
1476 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1477 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1478
1479 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1480 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1481 EXPECT_CONN_COUNT(0);
1482
1483 BTW("subscriber detaches");
1484 expect_bssap_clear();
1485 ms_sends_msg("050130089910070000006402");
1486 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1487
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1488 ran_sends_clear_complete();
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1489 EXPECT_CONN_COUNT(0);
1490 clear_vlr();
1491 comment_end();
1492}
1493
1494
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1495msc_vlr_test_func_t msc_vlr_tests[] = {
1496 test_ciph,
1497 test_ciph_tmsi,
1498 test_ciph_imei,
1499 test_ciph_imeisv,
1500 test_ciph_tmsi_imei,
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1501 test_gsm_ciph_in_umts_env,
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1502 test_a5_3_supported,
1503 test_cm_service_needs_classmark_update,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1504 NULL
1505};