Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / a7fd88ce1be10999375e3fae29c242e5eff25b5e / . / tests / msc_vlr / msc_vlr_test_gsm_ciph.c
blob: d8ea6ba9adea74d73662b228b2156f9a653f3f00 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]26static void test_ciph()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]29 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]30
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]31 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]32
33 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]34 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]35
36 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
37 lu_result_sent = RES_NONE;
38 gsup_expect_tx("08010809710000004026f0");
39 ms_sends_msg("050802008168000130089910070000006402");
40 OSMO_ASSERT(gsup_tx_confirmed);
41 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
42
43 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
44 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
45 auth_request_sent = false;
46 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
47 auth_request_expect_autn = NULL;
48 gsup_rx("0a"
49 /* imsi */
50 "0108" "09710000004026f0"
51 /* 5 auth vectors... */
52 /* TL TL rand */
53 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
54 /* TL sres TL kc */
55 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
56 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
57 "2104" "20bde240" "2208" "07fa7502e07e1c00"
58 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
59 "2104" "a29514ae" "2208" "e2b234f807886400"
60 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
61 "2104" "5afc8d72" "2208" "2392f14f709ae000"
62 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
63 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
64 NULL);
65 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
66 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
67
68 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]69 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]70 ms_sends_msg("05542d8b2c3e");
71 OSMO_ASSERT(cipher_mode_cmd_sent);
72 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
73
74 btw("needs ciph, not yet accepted");
75 EXPECT_ACCEPTED(false);
76 thwart_rx_non_initial_requests();
77 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
78
79 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
80 gsup_expect_tx("04010809710000004026f0");
81 ms_sends_msg("0632");
82 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
83
84 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
85 gsup_rx("10010809710000004026f00804036470f1",
86 "12010809710000004026f0");
87 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
88
89 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]90 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]91 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]92 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]93
94 btw("LU was successful, and the conn has already been closed");
95 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
96 EXPECT_CONN_COUNT(0);
97
98 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
99 cm_service_result_sent = RES_NONE;
100 auth_request_sent = false;
101 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
102 ms_sends_msg("05247803305886089910070000006402");
103 OSMO_ASSERT(g_conn);
104 OSMO_ASSERT(g_conn->conn_fsm);
105 OSMO_ASSERT(g_conn->vsub);
106 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
107 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
108
109 btw("needs auth, not yet accepted");
110 EXPECT_ACCEPTED(false);
111 thwart_rx_non_initial_requests();
112
113 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]114 expect_cipher_mode_cmd("07fa7502e07e1c00");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]115 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
116 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
117 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
118
119 btw("needs ciph, not yet accepted");
120 EXPECT_ACCEPTED(false);
121 thwart_rx_non_initial_requests();
122
123 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
124 ms_sends_msg("0632");
125 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
126
127 btw("a USSD request is serviced");
128 dtap_expect_tx_ussd("Your extension is 46071\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]129 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]130 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
131 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]132 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]133
134 btw("all requests serviced, conn has been released");
135 EXPECT_CONN_COUNT(0);
136
137 BTW("an SMS is sent, MS is paged");
138 paging_expect_imsi(imsi);
139 paging_sent = false;
140 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
141 OSMO_ASSERT(vsub);
142 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
143
144 send_sms(vsub, vsub,
145 "Privacy in residential applications is a desirable"
146 " marketing option.");
147
148 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
149 vlr_subscr_put(vsub);
150 vsub = NULL;
151 VERBOSE_ASSERT(paging_sent, == true, "%d");
152 VERBOSE_ASSERT(paging_stopped, == false, "%d");
153
154 btw("the subscriber and its pending request should remain");
155 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
156 OSMO_ASSERT(vsub);
157 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
158 vlr_subscr_put(vsub);
159
160 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
161 auth_request_sent = false;
162 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
163 ms_sends_msg("06270703305882089910070000006402");
164 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
165
166 btw("needs auth, not yet accepted");
167 EXPECT_ACCEPTED(false);
168 thwart_rx_non_initial_requests();
169
170 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]171 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]172 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
173 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
174
175 btw("needs ciph, not yet accepted");
176 EXPECT_ACCEPTED(false);
177 thwart_rx_non_initial_requests();
178
179 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
180 dtap_expect_tx("09" /* SMS messages */
181 "01" /* CP-DATA */
182 "58" /* length */
183 "01" /* Network to MS */
184 "00" /* reference */
185 /* originator (gsm411_send_sms() hardcodes this weird nr) */
186 "0791" "447758100650" /* 447785016005 */
187 "00" /* dest */
188 /* SMS TPDU */
189 "4c" /* len */
190 "00" /* SMS deliver */
191 "05806470f1" /* originating address 46071 */
192 "00" /* TP-PID */
193 "00" /* GSM default alphabet */
194 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
195 "000000" /* H-M-S */
196 "00" /* GMT+0 */
197 "44" /* data length */
198 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
199 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
200 "0c7ac3e9e9b7db05");
201 ms_sends_msg("0632");
202 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
203 VERBOSE_ASSERT(paging_stopped, == true, "%d");
204
205 btw("SMS was delivered, no requests pending for subscr");
206 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
207 OSMO_ASSERT(vsub);
208 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
209 vlr_subscr_put(vsub);
210
211 btw("conn is still open to wait for SMS ack dance");
212 EXPECT_CONN_COUNT(1);
213
214 btw("MS replies with CP-ACK for received SMS");
215 ms_sends_msg("8904");
216 EXPECT_CONN_COUNT(1);
217
218 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
219 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]220 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]221 ms_sends_msg("890106020041020000");
222 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]223 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]224
225 btw("SMS is done, conn is gone");
226 EXPECT_CONN_COUNT(0);
227
228 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]229 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]230 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]231 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]232
233 EXPECT_CONN_COUNT(0);
234 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]235 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]236}
237
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]238static void test_ciph_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]239{
240 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]241 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]242
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]243 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]244
245 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]246 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]247 net->vlr->cfg.assign_tmsi = true;
248
249 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
250 lu_result_sent = RES_NONE;
251 gsup_expect_tx("08010809710000004026f0");
252 ms_sends_msg("050802008168000130089910070000006402");
253 OSMO_ASSERT(gsup_tx_confirmed);
254 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
255
256 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
257 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
258 auth_request_sent = false;
259 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
260 auth_request_expect_autn = NULL;
261 gsup_rx("0a"
262 /* imsi */
263 "0108" "09710000004026f0"
264 /* 5 auth vectors... */
265 /* TL TL rand */
266 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
267 /* TL sres TL kc */
268 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
269 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
270 "2104" "20bde240" "2208" "07fa7502e07e1c00"
271 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
272 "2104" "a29514ae" "2208" "e2b234f807886400"
273 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
274 "2104" "5afc8d72" "2208" "2392f14f709ae000"
275 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
276 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
277 NULL);
278 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
279 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
280
281 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]282 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]283 ms_sends_msg("05542d8b2c3e");
284 OSMO_ASSERT(cipher_mode_cmd_sent);
285 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
286 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
287
288 btw("needs ciph, not yet accepted");
289 EXPECT_ACCEPTED(false);
290 thwart_rx_non_initial_requests();
291 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
292
293 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
294 gsup_expect_tx("04010809710000004026f0");
295 ms_sends_msg("0632");
296 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
297
298 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
299 gsup_rx("10010809710000004026f00804036470f1",
300 "12010809710000004026f0");
301 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
302
303 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
304 gsup_rx("06010809710000004026f0", NULL);
305
306 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
307 EXPECT_CONN_COUNT(1);
308 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
309 EXPECT_ACCEPTED(false);
310 thwart_rx_non_initial_requests();
311
312 btw("even though the TMSI is not acked, we can already find the subscr with it");
313 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
314 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
315 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
316 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
317 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
318 vlr_subscr_put(vsub);
319
320 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]321 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]322 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]323 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]324
325 btw("LU was successful, and the conn has already been closed");
326 EXPECT_CONN_COUNT(0);
327
328 btw("Subscriber has the new TMSI");
329 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
330 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
331 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
332 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
333 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
334 vlr_subscr_put(vsub);
335
336 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
337 cm_service_result_sent = RES_NONE;
338 auth_request_sent = false;
339 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
340 auth_request_expect_autn = NULL;
341 ms_sends_msg("05247803305886" "05f4" "03020100");
342 OSMO_ASSERT(g_conn);
343 OSMO_ASSERT(g_conn->conn_fsm);
344 OSMO_ASSERT(g_conn->vsub);
345 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
346 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
347
348 btw("needs auth, not yet accepted");
349 EXPECT_ACCEPTED(false);
350 thwart_rx_non_initial_requests();
351
352 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]353 expect_cipher_mode_cmd("07fa7502e07e1c00");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]354 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
355 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
356 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
357
358 btw("needs ciph, not yet accepted");
359 EXPECT_ACCEPTED(false);
360 thwart_rx_non_initial_requests();
361
362 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
363 ms_sends_msg("0632");
364 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
365
366 btw("a USSD request is serviced");
367 dtap_expect_tx_ussd("Your extension is 46071\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]368 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]369 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
370 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]371 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]372
373 btw("all requests serviced, conn has been released");
374 EXPECT_CONN_COUNT(0);
375
376 BTW("an SMS is sent, MS is paged");
377 paging_expect_tmsi(0x03020100);
378 paging_sent = false;
379 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
380 OSMO_ASSERT(vsub);
381 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
382
383 send_sms(vsub, vsub,
384 "Privacy in residential applications is a desirable"
385 " marketing option.");
386
387 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
388 vlr_subscr_put(vsub);
389 vsub = NULL;
390 VERBOSE_ASSERT(paging_sent, == true, "%d");
391 VERBOSE_ASSERT(paging_stopped, == false, "%d");
392
393 btw("the subscriber and its pending request should remain");
394 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
395 OSMO_ASSERT(vsub);
396 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
397 vlr_subscr_put(vsub);
398
399 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
400 auth_request_sent = false;
401 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
402 ms_sends_msg("06270703305882" "05f4" "03020100");
403 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
404
405 btw("needs auth, not yet accepted");
406 EXPECT_ACCEPTED(false);
407 thwart_rx_non_initial_requests();
408
409 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]410 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]411 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
412 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
413
414 btw("needs ciph, not yet accepted");
415 EXPECT_ACCEPTED(false);
416 thwart_rx_non_initial_requests();
417
418 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
419 dtap_expect_tx("09" /* SMS messages */
420 "01" /* CP-DATA */
421 "58" /* length */
422 "01" /* Network to MS */
423 "00" /* reference */
424 /* originator (gsm411_send_sms() hardcodes this weird nr) */
425 "0791" "447758100650" /* 447785016005 */
426 "00" /* dest */
427 /* SMS TPDU */
428 "4c" /* len */
429 "00" /* SMS deliver */
430 "05806470f1" /* originating address 46071 */
431 "00" /* TP-PID */
432 "00" /* GSM default alphabet */
433 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
434 "000000" /* H-M-S */
435 "00" /* GMT+0 */
436 "44" /* data length */
437 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
438 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
439 "0c7ac3e9e9b7db05");
440 ms_sends_msg("0632");
441 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
442 VERBOSE_ASSERT(paging_stopped, == true, "%d");
443
444 btw("SMS was delivered, no requests pending for subscr");
445 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
446 OSMO_ASSERT(vsub);
447 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
448 vlr_subscr_put(vsub);
449
450 btw("conn is still open to wait for SMS ack dance");
451 EXPECT_CONN_COUNT(1);
452
453 btw("MS replies with CP-ACK for received SMS");
454 ms_sends_msg("8904");
455 EXPECT_CONN_COUNT(1);
456
457 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
458 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]459 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]460 ms_sends_msg("890106020041020000");
461 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]462 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]463
464 btw("SMS is done, conn is gone");
465 EXPECT_CONN_COUNT(0);
466
467 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]468 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]469 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]470 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]471
472 EXPECT_CONN_COUNT(0);
473 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]474 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]475}
476
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]477static void test_ciph_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]478{
479 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]480 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]481
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]482 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]483
484 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]485 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]486 net->vlr->cfg.check_imei_rqd = true;
487
488 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
489 lu_result_sent = RES_NONE;
490 gsup_expect_tx("08010809710000004026f0");
491 ms_sends_msg("050802008168000130089910070000006402");
492 OSMO_ASSERT(gsup_tx_confirmed);
493 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
494
495 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
496 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
497 auth_request_sent = false;
498 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
499 auth_request_expect_autn = NULL;
500 gsup_rx("0a"
501 /* imsi */
502 "0108" "09710000004026f0"
503 /* 5 auth vectors... */
504 /* TL TL rand */
505 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
506 /* TL sres TL kc */
507 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
508 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
509 "2104" "20bde240" "2208" "07fa7502e07e1c00"
510 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
511 "2104" "a29514ae" "2208" "e2b234f807886400"
512 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
513 "2104" "5afc8d72" "2208" "2392f14f709ae000"
514 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
515 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
516 NULL);
517 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
518 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
519
520 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]521 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]522 ms_sends_msg("05542d8b2c3e");
523 OSMO_ASSERT(cipher_mode_cmd_sent);
524 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
525
526 btw("needs ciph, not yet accepted");
527 EXPECT_ACCEPTED(false);
528 thwart_rx_non_initial_requests();
529 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
530
531 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
532 gsup_expect_tx("04010809710000004026f0");
533 ms_sends_msg("0632");
534 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
535
536 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
537 gsup_rx("10010809710000004026f00804036470f1",
538 "12010809710000004026f0");
539 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
540
541 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
542 dtap_expect_tx("051802");
543 gsup_rx("06010809710000004026f0", NULL);
544
545 btw("We will only do business when the IMEI is known");
546 EXPECT_CONN_COUNT(1);
547 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
548 OSMO_ASSERT(vsub);
549 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
550 vlr_subscr_put(vsub);
551 EXPECT_ACCEPTED(false);
552 thwart_rx_non_initial_requests();
553
554 btw("MS replies with an Identity Response");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]555 expect_bssap_clear();
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]556 ms_sends_msg("0559084a32244332244302");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]557 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]558
559 btw("LU was successful, and the conn has already been closed");
560 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
561 EXPECT_CONN_COUNT(0);
562
563 btw("Subscriber has the IMEI");
564 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
565 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]566 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]567 vlr_subscr_put(vsub);
568
569 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]570 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]571 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]572 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]573
574 EXPECT_CONN_COUNT(0);
575 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]576 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]577}
578
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]579static void test_ciph_imeisv()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]580{
581 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]582 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]583
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]584 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]585
586 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]587 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr54a706c2017-07-18 15:39:27 +0200[diff] [blame]588 net->vlr->cfg.retrieve_imeisv_ciphered = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]589
590 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
591 lu_result_sent = RES_NONE;
592 gsup_expect_tx("08010809710000004026f0");
593 ms_sends_msg("050802008168000130089910070000006402");
594 OSMO_ASSERT(gsup_tx_confirmed);
595 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
596
597 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
598 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
599 auth_request_sent = false;
600 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
601 auth_request_expect_autn = NULL;
602 gsup_rx("0a"
603 /* imsi */
604 "0108" "09710000004026f0"
605 /* 5 auth vectors... */
606 /* TL TL rand */
607 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
608 /* TL sres TL kc */
609 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
610 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
611 "2104" "20bde240" "2208" "07fa7502e07e1c00"
612 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
613 "2104" "a29514ae" "2208" "e2b234f807886400"
614 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
615 "2104" "5afc8d72" "2208" "2392f14f709ae000"
616 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
617 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
618 NULL);
619 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
620 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
621
622 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]623 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]624 ms_sends_msg("05542d8b2c3e");
625 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
626 VERBOSE_ASSERT(cipher_mode_cmd_sent_with_imeisv, == true, "%d");
627 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
628
629 btw("needs ciph, not yet accepted");
630 EXPECT_ACCEPTED(false);
631 thwart_rx_non_initial_requests();
632 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
633
634 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
635 OSMO_ASSERT(vsub);
636 VERBOSE_ASSERT(vsub->imeisv[0], == 0, "%d");
637 vlr_subscr_put(vsub);
638
639 btw("MS sends Ciphering Mode Complete with IMEISV, VLR accepts and sends GSUP LU Req to HLR");
640 gsup_expect_tx("04010809710000004026f0");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]641 ms_sends_msg("063217094b32244332244372f5");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]642 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
643
644 btw("Subscriber has the IMEISV");
645 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
646 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]647 VERBOSE_ASSERT(strcmp(vsub->imeisv, "4234234234234275"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]648 vlr_subscr_put(vsub);
649
650 EXPECT_ACCEPTED(false);
651 thwart_rx_non_initial_requests();
652
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]653 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
654 gsup_rx("10010809710000004026f00804036470f1",
655 "12010809710000004026f0");
656 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
657
658 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]659 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]660 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]661 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]662
663 btw("LU was successful, and the conn has already been closed");
664 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
665 EXPECT_CONN_COUNT(0);
666
667 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]668 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]669 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]670 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]671
672 EXPECT_CONN_COUNT(0);
673 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]674 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]675}
676
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]677static void test_ciph_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]678{
679 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]680 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]681
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]682 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]683
684 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]685 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]686 net->vlr->cfg.assign_tmsi = true;
687 net->vlr->cfg.check_imei_rqd = true;
688
689 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
690 lu_result_sent = RES_NONE;
691 gsup_expect_tx("08010809710000004026f0");
692 ms_sends_msg("050802008168000130089910070000006402");
693 OSMO_ASSERT(gsup_tx_confirmed);
694 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
695
696 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
697 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
698 auth_request_sent = false;
699 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
700 auth_request_expect_autn = NULL;
701 gsup_rx("0a"
702 /* imsi */
703 "0108" "09710000004026f0"
704 /* 5 auth vectors... */
705 /* TL TL rand */
706 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
707 /* TL sres TL kc */
708 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
709 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
710 "2104" "20bde240" "2208" "07fa7502e07e1c00"
711 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
712 "2104" "a29514ae" "2208" "e2b234f807886400"
713 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
714 "2104" "5afc8d72" "2208" "2392f14f709ae000"
715 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
716 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
717 NULL);
718 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
719 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
720
721 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]722 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]723 ms_sends_msg("05542d8b2c3e");
724 OSMO_ASSERT(cipher_mode_cmd_sent);
725 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
726
727 btw("needs ciph, not yet accepted");
728 EXPECT_ACCEPTED(false);
729 thwart_rx_non_initial_requests();
730 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
731
732 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
733 gsup_expect_tx("04010809710000004026f0");
734 ms_sends_msg("0632");
735 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
736
737 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
738 gsup_rx("10010809710000004026f00804036470f1",
739 "12010809710000004026f0");
740 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
741
742 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
743 dtap_expect_tx("051802");
744 gsup_rx("06010809710000004026f0", NULL);
745
746 btw("We will only do business when the IMEI is known");
747 EXPECT_CONN_COUNT(1);
748 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
749 OSMO_ASSERT(vsub);
750 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
751 vlr_subscr_put(vsub);
752 EXPECT_ACCEPTED(false);
753 thwart_rx_non_initial_requests();
754
755 btw("MS replies with an Identity Response");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]756 ms_sends_msg("0559084a32244332244302");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]757
758 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
759 EXPECT_CONN_COUNT(1);
760 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
761 EXPECT_ACCEPTED(false);
762 thwart_rx_non_initial_requests();
763
764 btw("even though the TMSI is not acked, we can already find the subscr with it");
765 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
766 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
767 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
768 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
769 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
770 vlr_subscr_put(vsub);
771
772 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]773 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]774 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]775 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]776
777 btw("LU was successful, and the conn has already been closed");
778 EXPECT_CONN_COUNT(0);
779
780 btw("Subscriber has the IMEI and TMSI");
781 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
782 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]783 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]784 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
785 vlr_subscr_put(vsub);
786
787 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]788 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]789 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]790 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]791
792 EXPECT_CONN_COUNT(0);
793 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]794 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]795}
796
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]797static void test_gsm_ciph_in_umts_env()
798{
799 struct vlr_subscr *vsub;
800 const char *imsi = "901700000010650";
801 const char *sms =
802 "09" /* SMS messages */
803 "01" /* CP-DATA */
804 "58" /* length */
805 "01" /* Network to MS */
806 "00" /* reference */
807 /* originator (gsm411_send_sms() hardcodes this weird nr) */
808 "0791" "447758100650" /* 447785016005 */
809 "00" /* dest */
810 /* SMS TPDU */
811 "4c" /* len */
812 "00" /* SMS deliver */
813 "05802443f2" /* originating address 42342 */
814 "00" /* TP-PID */
815 "00" /* GSM default alphabet */
816 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
817 "000000" /* H-M-S */
818 "00" /* GMT+0 */
819 "44" /* data length */
820 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
821 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
822 "0c7ac3e9e9b7db05";
823
824 comment_start();
825
826 /* implicit: net->authentication_required = true; */
827 net->a5_encryption_mask = (1 << 1);
828 rx_from_ran = RAN_GERAN_A;
829
830 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
831 lu_result_sent = RES_NONE;
832 gsup_expect_tx("080108" "09710000000156f0");
833 ms_sends_msg("0508" /* MM LU */
834 "7" /* ciph key seq: no key available */
835 "0" /* LU type: normal */
836 "ffffff" "0000" /* LAI, LAC */
837 "57" /* classmark 1: R99, early classmark, no power lvl */
838 "089910070000106005" /* IMSI */
839 "3303575886" /* classmark 2 */
840 );
841 OSMO_ASSERT(gsup_tx_confirmed);
842 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
843
844 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends *UMTS AKA* Auth Req to MS");
845 /* based on
846 * 2G auth: COMP128v1
847 * KI=7bcd108be4c3d551ee6c67faaf52bd68
848 * 3G auth: MILENAGE
849 * K=7bcd108be4c3d551ee6c67faaf52bd68
850 * OPC=6e23f641ce724679b73d933515a8589d
851 * IND-bitlen=5 last-SQN=641
852 * Note that the SRES will be calculated by COMP128v1, separately from 3G tokens;
853 * the resulting Kc to use for ciphering returned by the HLR is also calculated from COMP128v1.
854 */
855 auth_request_sent = false;
856 auth_request_expect_rand = "4ac8d1cd1a51937597ca1016fe69a0fa";
857 auth_request_expect_autn = "2d837d2b0d6f00004b282d5acf23428d";
858 gsup_rx("0a"
859 /* imsi */
860 "0108" "09710000000156f0"
861 /* 5 auth vectors... */
862 /* TL TL rand */
863 "0362" "2010" "4ac8d1cd1a51937597ca1016fe69a0fa"
864 /* TL sres TL kc */
865 "2104" "dacc4b26" "2208" "7a75f0ac9b844400"
866 /* TL 3G IK */
867 "2310" "3747da4e31545baa2db59e500bdae047"
868 /* TL 3G CK */
869 "2410" "8544d35b945ccba01a7f1293575291c3"
870 /* TL AUTN */
871 "2510" "2d837d2b0d6f00004b282d5acf23428d"
872 /* TL RES */
873 "2708" "37527064741f8ddb"
874 /* TL TL rand */
875 "0362" "2010" "b2661531b97b12c5a2edc21a0ed16fc5"
876 "2104" "2fb4cfad" "2208" "da149b11d473f400"
877 "2310" "3fe013b1a428ea737c37f8f0288c8edf"
878 "2410" "f275438c02b97e4d6f639dddda3d10b9"
879 "2510" "78cdd96c60840000322f421b3bb778b1"
880 "2708" "ed3ebf9cb6ea48ed"
881 "0362" "2010" "54d8f19778056666b41c8c25e52eb60c"
882 "2104" "0ff61e0f" "2208" "26ec67fad3073000"
883 "2310" "2868b0922c652616f1c975e3eaf7943a"
884 "2410" "6a84a20b1bc13ec9840466406d2dd91e"
885 "2510" "53f3e5632b3d00008865dd54d49663f2"
886 "2708" "86e848a9e7ad8cd5"
887 "0362" "2010" "1f05607ff9c8984f46ad97f8c9a94982"
888 "2104" "91a36e3d" "2208" "5d84421884fdcc00"
889 "2310" "2171fef54b81e30c83a598a5e44f634c"
890 "2410" "f02d088697509827565b46938fece211"
891 "2510" "1b43bbf9815e00001cb9b2a9f6b8a77c"
892 "2708" "373e67d62e719c51"
893 "0362" "2010" "80d89a58a2a41050918caf68a4e93c64"
894 "2104" "a319f5f1" "2208" "883df2b867293000"
895 "2310" "fa5d70f929ff298efb160413698dc107"
896 "2410" "ae9a3d8ce70ce13bac297bdb91cd6c68"
897 "2510" "5c0dc2eeaefa0000396882a1fe2cf80b"
898 "2708" "65ab1cad216bfe87",
899 NULL);
900 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
901 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
902
903 btw("MS sends *GSM AKA* Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]904 expect_cipher_mode_cmd("7a75f0ac9b844400");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]905 ms_sends_msg("0554" "dacc4b26");
906 OSMO_ASSERT(cipher_mode_cmd_sent);
907 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
908
909 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
910 gsup_expect_tx("04010809710000000156f0");
911 ms_sends_msg("0632");
912 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
913
914 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
915 gsup_rx("10010809710000000156f00804032443f2",
916 "12010809710000000156f0");
917 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
918
919 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
920 expect_bssap_clear();
921 gsup_rx("06010809710000000156f0", NULL);
922 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
923
924 btw("LU was successful, and the conn has already been closed");
925 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
926 EXPECT_CONN_COUNT(0);
927
928 BTW("after a while, a new conn sends a CM Service Request. VLR responds with *UMTS AKA* Auth Req, 2nd auth vector");
929 auth_request_sent = false;
930 auth_request_expect_rand = "b2661531b97b12c5a2edc21a0ed16fc5";
931 auth_request_expect_autn = "78cdd96c60840000322f421b3bb778b1";
932 cm_service_result_sent = RES_NONE;
933 ms_sends_msg("052478"
934 "03575886" /* classmark 2 */
935 "089910070000106005" /* IMSI */);
936 OSMO_ASSERT(g_conn);
937 OSMO_ASSERT(g_conn->conn_fsm);
938 OSMO_ASSERT(g_conn->vsub);
939 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
940 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
941
942 btw("needs auth, not yet accepted");
943 EXPECT_ACCEPTED(false);
944 thwart_rx_non_initial_requests();
945
946 btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]947 expect_cipher_mode_cmd("da149b11d473f400");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]948 ms_sends_msg("0554" "2fb4cfad");
949 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
950 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
951
952 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
953 ms_sends_msg("0632");
954 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
955
956 btw("a USSD request is serviced");
957 dtap_expect_tx_ussd("Your extension is 42342\r");
958 expect_bssap_clear();
959 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
960 OSMO_ASSERT(dtap_tx_confirmed);
961 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
962
963 btw("all requests serviced, conn has been released");
964 EXPECT_CONN_COUNT(0);
965
966 BTW("an SMS is sent, MS is paged");
967 paging_expect_imsi(imsi);
968 paging_sent = false;
969 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
970 OSMO_ASSERT(vsub);
971 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
972
973 send_sms(vsub, vsub,
974 "Privacy in residential applications is a desirable"
975 " marketing option.");
976
977 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
978 vlr_subscr_put(vsub);
979 vsub = NULL;
980 VERBOSE_ASSERT(paging_sent, == true, "%d");
981 VERBOSE_ASSERT(paging_stopped, == false, "%d");
982
983 btw("the subscriber and its pending request should remain");
984 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
985 OSMO_ASSERT(vsub);
986 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
987 vlr_subscr_put(vsub);
988
989 btw("MS replies with Paging Response, and VLR sends *UMTS AKA* Auth Request with third key");
990 auth_request_sent = false;
991 auth_request_expect_rand = "54d8f19778056666b41c8c25e52eb60c";
992 auth_request_expect_autn = "53f3e5632b3d00008865dd54d49663f2";
993 ms_sends_msg("062707"
994 "03575886" /* classmark 2 */
995 "089910070000106005" /* IMSI */);
996 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
997
998 btw("needs auth, not yet accepted");
999 EXPECT_ACCEPTED(false);
1000 thwart_rx_non_initial_requests();
1001
1002 btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1003 expect_cipher_mode_cmd("26ec67fad3073000");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1004 ms_sends_msg("0554" "0ff61e0f");
1005 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1006
1007 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1008 dtap_expect_tx(sms);
1009 ms_sends_msg("0632");
1010 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1011 VERBOSE_ASSERT(paging_stopped, == true, "%d");
1012
1013 btw("SMS was delivered, no requests pending for subscr");
1014 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1015 OSMO_ASSERT(vsub);
1016 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1017 vlr_subscr_put(vsub);
1018
1019 btw("conn is still open to wait for SMS ack dance");
1020 EXPECT_CONN_COUNT(1);
1021
1022 btw("MS replies with CP-ACK for received SMS");
1023 ms_sends_msg("8904");
1024 EXPECT_CONN_COUNT(1);
1025
1026 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1027 dtap_expect_tx("0904");
1028 expect_bssap_clear();
1029 ms_sends_msg("890106020041020000");
1030 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1031 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1032
1033 btw("SMS is done, conn is gone");
1034 EXPECT_CONN_COUNT(0);
1035
1036 BTW("subscriber detaches");
1037 expect_bssap_clear();
1038 ms_sends_msg("050130"
1039 "089910070000106005" /* IMSI */);
1040 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1041
1042 EXPECT_CONN_COUNT(0);
1043 clear_vlr();
1044 comment_end();
1045}
1046
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame^]1047static void test_a5_3_not_supported()
1048{
1049 comment_start();
1050
1051 /* implicit: net->authentication_required = true; */
1052 net->a5_encryption_mask = (1 << 3); /* A5/3 */
1053
1054 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1055 lu_result_sent = RES_NONE;
1056 gsup_expect_tx("08010809710000004026f0");
1057 ms_sends_msg("050802008168000130089910070000006402");
1058 OSMO_ASSERT(gsup_tx_confirmed);
1059 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1060
1061 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1062 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1063 auth_request_sent = false;
1064 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1065 auth_request_expect_autn = NULL;
1066 gsup_rx("0a"
1067 /* imsi */
1068 "0108" "09710000004026f0"
1069 /* 5 auth vectors... */
1070 /* TL TL rand */
1071 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1072 /* TL sres TL kc */
1073 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1074 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1075 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1076 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1077 "2104" "a29514ae" "2208" "e2b234f807886400"
1078 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1079 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1080 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
1081 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
1082 NULL);
1083 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1084 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1085
1086 BTW("MS sends Authen Response, VLR accepts and wants to send Ciphering Mode Command to MS"
1087 " -- alas, no matching cipher can be found, abort and release");
1088 cipher_mode_cmd_sent = false;
1089 expect_bssap_clear();
1090 ms_sends_msg("05542d8b2c3e");
1091 OSMO_ASSERT(!cipher_mode_cmd_sent);
1092 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
1093
1094 EXPECT_CONN_COUNT(0);
1095 clear_vlr();
1096 comment_end();
1097}
1098
1099
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1100msc_vlr_test_func_t msc_vlr_tests[] = {
1101 test_ciph,
1102 test_ciph_tmsi,
1103 test_ciph_imei,
1104 test_ciph_imeisv,
1105 test_ciph_tmsi_imei,
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1106 test_gsm_ciph_in_umts_env,
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame^]1107 test_a5_3_not_supported,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1108 NULL
1109};