Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / bc5dd4927e1699e7558378630f8125597fa6ca48 / . / tests / msc_vlr / msc_vlr_test_gsm_ciph.c
blob: 42e7c737c146c36de8222411a977b7f1f9831709 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
26void test_ciph()
27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000004620";
30
31 comment_start();
32
33 /* implicit: net->authentication_required = true; */
34 net->a5_encryption = VLR_CIPH_A5_1;
35
36 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
37 lu_result_sent = RES_NONE;
38 gsup_expect_tx("08010809710000004026f0");
39 ms_sends_msg("050802008168000130089910070000006402");
40 OSMO_ASSERT(gsup_tx_confirmed);
41 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
42
43 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
44 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
45 auth_request_sent = false;
46 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
47 auth_request_expect_autn = NULL;
48 gsup_rx("0a"
49 /* imsi */
50 "0108" "09710000004026f0"
51 /* 5 auth vectors... */
52 /* TL TL rand */
53 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
54 /* TL sres TL kc */
55 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
56 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
57 "2104" "20bde240" "2208" "07fa7502e07e1c00"
58 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
59 "2104" "a29514ae" "2208" "e2b234f807886400"
60 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
61 "2104" "5afc8d72" "2208" "2392f14f709ae000"
62 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
63 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
64 NULL);
65 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
66 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
67
68 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
69 cipher_mode_cmd_sent = false;
70 ms_sends_msg("05542d8b2c3e");
71 OSMO_ASSERT(cipher_mode_cmd_sent);
72 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
73
74 btw("needs ciph, not yet accepted");
75 EXPECT_ACCEPTED(false);
76 thwart_rx_non_initial_requests();
77 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
78
79 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
80 gsup_expect_tx("04010809710000004026f0");
81 ms_sends_msg("0632");
82 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
83
84 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
85 gsup_rx("10010809710000004026f00804036470f1",
86 "12010809710000004026f0");
87 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
88
89 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]90 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]91 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]92 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]93
94 btw("LU was successful, and the conn has already been closed");
95 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
96 EXPECT_CONN_COUNT(0);
97
98 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
99 cm_service_result_sent = RES_NONE;
100 auth_request_sent = false;
101 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
102 ms_sends_msg("05247803305886089910070000006402");
103 OSMO_ASSERT(g_conn);
104 OSMO_ASSERT(g_conn->conn_fsm);
105 OSMO_ASSERT(g_conn->vsub);
106 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
107 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
108
109 btw("needs auth, not yet accepted");
110 EXPECT_ACCEPTED(false);
111 thwart_rx_non_initial_requests();
112
113 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
114 cipher_mode_cmd_sent = false;
115 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
116 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
117 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
118
119 btw("needs ciph, not yet accepted");
120 EXPECT_ACCEPTED(false);
121 thwart_rx_non_initial_requests();
122
123 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
124 ms_sends_msg("0632");
125 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
126
127 btw("a USSD request is serviced");
128 dtap_expect_tx_ussd("Your extension is 46071\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]129 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]130 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
131 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]132 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]133
134 btw("all requests serviced, conn has been released");
135 EXPECT_CONN_COUNT(0);
136
137 BTW("an SMS is sent, MS is paged");
138 paging_expect_imsi(imsi);
139 paging_sent = false;
140 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
141 OSMO_ASSERT(vsub);
142 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
143
144 send_sms(vsub, vsub,
145 "Privacy in residential applications is a desirable"
146 " marketing option.");
147
148 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
149 vlr_subscr_put(vsub);
150 vsub = NULL;
151 VERBOSE_ASSERT(paging_sent, == true, "%d");
152 VERBOSE_ASSERT(paging_stopped, == false, "%d");
153
154 btw("the subscriber and its pending request should remain");
155 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
156 OSMO_ASSERT(vsub);
157 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
158 vlr_subscr_put(vsub);
159
160 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
161 auth_request_sent = false;
162 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
163 ms_sends_msg("06270703305882089910070000006402");
164 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
165
166 btw("needs auth, not yet accepted");
167 EXPECT_ACCEPTED(false);
168 thwart_rx_non_initial_requests();
169
170 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
171 cipher_mode_cmd_sent = false;
172 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
173 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
174
175 btw("needs ciph, not yet accepted");
176 EXPECT_ACCEPTED(false);
177 thwart_rx_non_initial_requests();
178
179 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
180 dtap_expect_tx("09" /* SMS messages */
181 "01" /* CP-DATA */
182 "58" /* length */
183 "01" /* Network to MS */
184 "00" /* reference */
185 /* originator (gsm411_send_sms() hardcodes this weird nr) */
186 "0791" "447758100650" /* 447785016005 */
187 "00" /* dest */
188 /* SMS TPDU */
189 "4c" /* len */
190 "00" /* SMS deliver */
191 "05806470f1" /* originating address 46071 */
192 "00" /* TP-PID */
193 "00" /* GSM default alphabet */
194 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
195 "000000" /* H-M-S */
196 "00" /* GMT+0 */
197 "44" /* data length */
198 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
199 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
200 "0c7ac3e9e9b7db05");
201 ms_sends_msg("0632");
202 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
203 VERBOSE_ASSERT(paging_stopped, == true, "%d");
204
205 btw("SMS was delivered, no requests pending for subscr");
206 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
207 OSMO_ASSERT(vsub);
208 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
209 vlr_subscr_put(vsub);
210
211 btw("conn is still open to wait for SMS ack dance");
212 EXPECT_CONN_COUNT(1);
213
214 btw("MS replies with CP-ACK for received SMS");
215 ms_sends_msg("8904");
216 EXPECT_CONN_COUNT(1);
217
218 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
219 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]220 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]221 ms_sends_msg("890106020041020000");
222 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]223 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]224
225 btw("SMS is done, conn is gone");
226 EXPECT_CONN_COUNT(0);
227
228 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]229 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]230 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]231 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]232
233 EXPECT_CONN_COUNT(0);
234 clear_vlr();
235 comment_end();
236}
237
238void test_ciph_tmsi()
239{
240 struct vlr_subscr *vsub;
241 const char *imsi = "901700000004620";
242
243 comment_start();
244
245 /* implicit: net->authentication_required = true; */
246 net->a5_encryption = VLR_CIPH_A5_1;
247 net->vlr->cfg.assign_tmsi = true;
248
249 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
250 lu_result_sent = RES_NONE;
251 gsup_expect_tx("08010809710000004026f0");
252 ms_sends_msg("050802008168000130089910070000006402");
253 OSMO_ASSERT(gsup_tx_confirmed);
254 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
255
256 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
257 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
258 auth_request_sent = false;
259 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
260 auth_request_expect_autn = NULL;
261 gsup_rx("0a"
262 /* imsi */
263 "0108" "09710000004026f0"
264 /* 5 auth vectors... */
265 /* TL TL rand */
266 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
267 /* TL sres TL kc */
268 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
269 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
270 "2104" "20bde240" "2208" "07fa7502e07e1c00"
271 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
272 "2104" "a29514ae" "2208" "e2b234f807886400"
273 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
274 "2104" "5afc8d72" "2208" "2392f14f709ae000"
275 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
276 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
277 NULL);
278 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
279 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
280
281 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
282 cipher_mode_cmd_sent = false;
283 ms_sends_msg("05542d8b2c3e");
284 OSMO_ASSERT(cipher_mode_cmd_sent);
285 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
286 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
287
288 btw("needs ciph, not yet accepted");
289 EXPECT_ACCEPTED(false);
290 thwart_rx_non_initial_requests();
291 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
292
293 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
294 gsup_expect_tx("04010809710000004026f0");
295 ms_sends_msg("0632");
296 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
297
298 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
299 gsup_rx("10010809710000004026f00804036470f1",
300 "12010809710000004026f0");
301 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
302
303 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
304 gsup_rx("06010809710000004026f0", NULL);
305
306 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
307 EXPECT_CONN_COUNT(1);
308 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
309 EXPECT_ACCEPTED(false);
310 thwart_rx_non_initial_requests();
311
312 btw("even though the TMSI is not acked, we can already find the subscr with it");
313 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
314 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
315 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
316 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
317 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
318 vlr_subscr_put(vsub);
319
320 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]321 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]322 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]323 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]324
325 btw("LU was successful, and the conn has already been closed");
326 EXPECT_CONN_COUNT(0);
327
328 btw("Subscriber has the new TMSI");
329 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
330 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
331 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
332 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
333 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
334 vlr_subscr_put(vsub);
335
336 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
337 cm_service_result_sent = RES_NONE;
338 auth_request_sent = false;
339 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
340 auth_request_expect_autn = NULL;
341 ms_sends_msg("05247803305886" "05f4" "03020100");
342 OSMO_ASSERT(g_conn);
343 OSMO_ASSERT(g_conn->conn_fsm);
344 OSMO_ASSERT(g_conn->vsub);
345 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
346 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
347
348 btw("needs auth, not yet accepted");
349 EXPECT_ACCEPTED(false);
350 thwart_rx_non_initial_requests();
351
352 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
353 cipher_mode_cmd_sent = false;
354 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
355 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
356 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
357
358 btw("needs ciph, not yet accepted");
359 EXPECT_ACCEPTED(false);
360 thwart_rx_non_initial_requests();
361
362 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
363 ms_sends_msg("0632");
364 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
365
366 btw("a USSD request is serviced");
367 dtap_expect_tx_ussd("Your extension is 46071\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]368 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]369 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
370 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]371 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]372
373 btw("all requests serviced, conn has been released");
374 EXPECT_CONN_COUNT(0);
375
376 BTW("an SMS is sent, MS is paged");
377 paging_expect_tmsi(0x03020100);
378 paging_sent = false;
379 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
380 OSMO_ASSERT(vsub);
381 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
382
383 send_sms(vsub, vsub,
384 "Privacy in residential applications is a desirable"
385 " marketing option.");
386
387 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
388 vlr_subscr_put(vsub);
389 vsub = NULL;
390 VERBOSE_ASSERT(paging_sent, == true, "%d");
391 VERBOSE_ASSERT(paging_stopped, == false, "%d");
392
393 btw("the subscriber and its pending request should remain");
394 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
395 OSMO_ASSERT(vsub);
396 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
397 vlr_subscr_put(vsub);
398
399 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
400 auth_request_sent = false;
401 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
402 ms_sends_msg("06270703305882" "05f4" "03020100");
403 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
404
405 btw("needs auth, not yet accepted");
406 EXPECT_ACCEPTED(false);
407 thwart_rx_non_initial_requests();
408
409 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
410 cipher_mode_cmd_sent = false;
411 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
412 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
413
414 btw("needs ciph, not yet accepted");
415 EXPECT_ACCEPTED(false);
416 thwart_rx_non_initial_requests();
417
418 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
419 dtap_expect_tx("09" /* SMS messages */
420 "01" /* CP-DATA */
421 "58" /* length */
422 "01" /* Network to MS */
423 "00" /* reference */
424 /* originator (gsm411_send_sms() hardcodes this weird nr) */
425 "0791" "447758100650" /* 447785016005 */
426 "00" /* dest */
427 /* SMS TPDU */
428 "4c" /* len */
429 "00" /* SMS deliver */
430 "05806470f1" /* originating address 46071 */
431 "00" /* TP-PID */
432 "00" /* GSM default alphabet */
433 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
434 "000000" /* H-M-S */
435 "00" /* GMT+0 */
436 "44" /* data length */
437 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
438 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
439 "0c7ac3e9e9b7db05");
440 ms_sends_msg("0632");
441 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
442 VERBOSE_ASSERT(paging_stopped, == true, "%d");
443
444 btw("SMS was delivered, no requests pending for subscr");
445 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
446 OSMO_ASSERT(vsub);
447 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
448 vlr_subscr_put(vsub);
449
450 btw("conn is still open to wait for SMS ack dance");
451 EXPECT_CONN_COUNT(1);
452
453 btw("MS replies with CP-ACK for received SMS");
454 ms_sends_msg("8904");
455 EXPECT_CONN_COUNT(1);
456
457 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
458 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]459 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]460 ms_sends_msg("890106020041020000");
461 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]462 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]463
464 btw("SMS is done, conn is gone");
465 EXPECT_CONN_COUNT(0);
466
467 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]468 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]469 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]470 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]471
472 EXPECT_CONN_COUNT(0);
473 clear_vlr();
474 comment_end();
475}
476
477void test_ciph_imei()
478{
479 struct vlr_subscr *vsub;
480 const char *imsi = "901700000004620";
481
482 comment_start();
483
484 /* implicit: net->authentication_required = true; */
485 net->a5_encryption = VLR_CIPH_A5_1;
486 net->vlr->cfg.check_imei_rqd = true;
487
488 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
489 lu_result_sent = RES_NONE;
490 gsup_expect_tx("08010809710000004026f0");
491 ms_sends_msg("050802008168000130089910070000006402");
492 OSMO_ASSERT(gsup_tx_confirmed);
493 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
494
495 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
496 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
497 auth_request_sent = false;
498 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
499 auth_request_expect_autn = NULL;
500 gsup_rx("0a"
501 /* imsi */
502 "0108" "09710000004026f0"
503 /* 5 auth vectors... */
504 /* TL TL rand */
505 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
506 /* TL sres TL kc */
507 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
508 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
509 "2104" "20bde240" "2208" "07fa7502e07e1c00"
510 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
511 "2104" "a29514ae" "2208" "e2b234f807886400"
512 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
513 "2104" "5afc8d72" "2208" "2392f14f709ae000"
514 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
515 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
516 NULL);
517 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
518 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
519
520 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
521 cipher_mode_cmd_sent = false;
522 ms_sends_msg("05542d8b2c3e");
523 OSMO_ASSERT(cipher_mode_cmd_sent);
524 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
525
526 btw("needs ciph, not yet accepted");
527 EXPECT_ACCEPTED(false);
528 thwart_rx_non_initial_requests();
529 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
530
531 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
532 gsup_expect_tx("04010809710000004026f0");
533 ms_sends_msg("0632");
534 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
535
536 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
537 gsup_rx("10010809710000004026f00804036470f1",
538 "12010809710000004026f0");
539 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
540
541 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
542 dtap_expect_tx("051802");
543 gsup_rx("06010809710000004026f0", NULL);
544
545 btw("We will only do business when the IMEI is known");
546 EXPECT_CONN_COUNT(1);
547 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
548 OSMO_ASSERT(vsub);
549 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
550 vlr_subscr_put(vsub);
551 EXPECT_ACCEPTED(false);
552 thwart_rx_non_initial_requests();
553
554 btw("MS replies with an Identity Response");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]555 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]556 ms_sends_msg("0559084a32244332244332");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]557 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]558
559 btw("LU was successful, and the conn has already been closed");
560 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
561 EXPECT_CONN_COUNT(0);
562
563 btw("Subscriber has the IMEI");
564 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
565 OSMO_ASSERT(vsub);
566 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423423"), == 0, "%d");
567 vlr_subscr_put(vsub);
568
569 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]570 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]571 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]572 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]573
574 EXPECT_CONN_COUNT(0);
575 clear_vlr();
576 comment_end();
577}
578
579void test_ciph_imeisv()
580{
581 struct vlr_subscr *vsub;
582 const char *imsi = "901700000004620";
583
584 comment_start();
585
586 /* implicit: net->authentication_required = true; */
587 net->a5_encryption = VLR_CIPH_A5_1;
Neels Hofmeyr54a706c2017-07-18 15:39:27 +0200[diff] [blame]588 net->vlr->cfg.retrieve_imeisv_ciphered = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]589
590 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
591 lu_result_sent = RES_NONE;
592 gsup_expect_tx("08010809710000004026f0");
593 ms_sends_msg("050802008168000130089910070000006402");
594 OSMO_ASSERT(gsup_tx_confirmed);
595 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
596
597 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
598 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
599 auth_request_sent = false;
600 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
601 auth_request_expect_autn = NULL;
602 gsup_rx("0a"
603 /* imsi */
604 "0108" "09710000004026f0"
605 /* 5 auth vectors... */
606 /* TL TL rand */
607 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
608 /* TL sres TL kc */
609 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
610 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
611 "2104" "20bde240" "2208" "07fa7502e07e1c00"
612 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
613 "2104" "a29514ae" "2208" "e2b234f807886400"
614 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
615 "2104" "5afc8d72" "2208" "2392f14f709ae000"
616 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
617 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
618 NULL);
619 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
620 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
621
622 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
623 cipher_mode_cmd_sent = false;
624 ms_sends_msg("05542d8b2c3e");
625 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
626 VERBOSE_ASSERT(cipher_mode_cmd_sent_with_imeisv, == true, "%d");
627 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
628
629 btw("needs ciph, not yet accepted");
630 EXPECT_ACCEPTED(false);
631 thwart_rx_non_initial_requests();
632 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
633
634 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
635 OSMO_ASSERT(vsub);
636 VERBOSE_ASSERT(vsub->imeisv[0], == 0, "%d");
637 vlr_subscr_put(vsub);
638
639 btw("MS sends Ciphering Mode Complete with IMEISV, VLR accepts and sends GSUP LU Req to HLR");
640 gsup_expect_tx("04010809710000004026f0");
641 ms_sends_msg("063217094b32244332244332f5");
642 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
643
644 btw("Subscriber has the IMEISV");
645 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
646 OSMO_ASSERT(vsub);
647 VERBOSE_ASSERT(strcmp(vsub->imeisv, "4234234234234235"), == 0, "%d");
648 vlr_subscr_put(vsub);
649
650 EXPECT_ACCEPTED(false);
651 thwart_rx_non_initial_requests();
652
653 btw("MS replies with an Identity Response");
654 ms_sends_msg("0559084a32244332244332");
655
656 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
657 gsup_rx("10010809710000004026f00804036470f1",
658 "12010809710000004026f0");
659 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
660
661 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]662 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]663 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]664 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]665
666 btw("LU was successful, and the conn has already been closed");
667 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
668 EXPECT_CONN_COUNT(0);
669
670 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]671 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]672 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]673 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]674
675 EXPECT_CONN_COUNT(0);
676 clear_vlr();
677 comment_end();
678}
679
680void test_ciph_tmsi_imei()
681{
682 struct vlr_subscr *vsub;
683 const char *imsi = "901700000004620";
684
685 comment_start();
686
687 /* implicit: net->authentication_required = true; */
688 net->a5_encryption = VLR_CIPH_A5_1;
689 net->vlr->cfg.assign_tmsi = true;
690 net->vlr->cfg.check_imei_rqd = true;
691
692 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
693 lu_result_sent = RES_NONE;
694 gsup_expect_tx("08010809710000004026f0");
695 ms_sends_msg("050802008168000130089910070000006402");
696 OSMO_ASSERT(gsup_tx_confirmed);
697 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
698
699 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
700 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
701 auth_request_sent = false;
702 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
703 auth_request_expect_autn = NULL;
704 gsup_rx("0a"
705 /* imsi */
706 "0108" "09710000004026f0"
707 /* 5 auth vectors... */
708 /* TL TL rand */
709 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
710 /* TL sres TL kc */
711 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
712 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
713 "2104" "20bde240" "2208" "07fa7502e07e1c00"
714 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
715 "2104" "a29514ae" "2208" "e2b234f807886400"
716 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
717 "2104" "5afc8d72" "2208" "2392f14f709ae000"
718 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
719 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
720 NULL);
721 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
722 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
723
724 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
725 cipher_mode_cmd_sent = false;
726 ms_sends_msg("05542d8b2c3e");
727 OSMO_ASSERT(cipher_mode_cmd_sent);
728 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
729
730 btw("needs ciph, not yet accepted");
731 EXPECT_ACCEPTED(false);
732 thwart_rx_non_initial_requests();
733 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
734
735 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
736 gsup_expect_tx("04010809710000004026f0");
737 ms_sends_msg("0632");
738 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
739
740 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
741 gsup_rx("10010809710000004026f00804036470f1",
742 "12010809710000004026f0");
743 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
744
745 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
746 dtap_expect_tx("051802");
747 gsup_rx("06010809710000004026f0", NULL);
748
749 btw("We will only do business when the IMEI is known");
750 EXPECT_CONN_COUNT(1);
751 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
752 OSMO_ASSERT(vsub);
753 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
754 vlr_subscr_put(vsub);
755 EXPECT_ACCEPTED(false);
756 thwart_rx_non_initial_requests();
757
758 btw("MS replies with an Identity Response");
759 ms_sends_msg("0559084a32244332244332");
760
761 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
762 EXPECT_CONN_COUNT(1);
763 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
764 EXPECT_ACCEPTED(false);
765 thwart_rx_non_initial_requests();
766
767 btw("even though the TMSI is not acked, we can already find the subscr with it");
768 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
769 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
770 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
771 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
772 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
773 vlr_subscr_put(vsub);
774
775 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]776 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]777 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]778 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]779
780 btw("LU was successful, and the conn has already been closed");
781 EXPECT_CONN_COUNT(0);
782
783 btw("Subscriber has the IMEI and TMSI");
784 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
785 OSMO_ASSERT(vsub);
786 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423423"), == 0, "%d");
787 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
788 vlr_subscr_put(vsub);
789
790 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]791 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]792 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]793 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]794
795 EXPECT_CONN_COUNT(0);
796 clear_vlr();
797 comment_end();
798}
799
800void test_lu_unknown_tmsi()
801{
802 comment_start();
803
804 btw("Location Update request with unknown TMSI sends ID Request for IMSI");
805 lu_result_sent = RES_NONE;
806 dtap_expect_tx("051801");
807 ms_sends_msg("050802008168000130" "05f4" "23422342");
808 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
809
810 EXPECT_ACCEPTED(false);
811 thwart_rx_non_initial_requests();
812
813 btw("MS tells us the IMSI, causes a GSUP LU request to HLR");
814 gsup_expect_tx("04010809710000004026f0");
815 ms_sends_msg("0559089910070000006402");
816 OSMO_ASSERT(gsup_tx_confirmed);
817 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
818
819 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
820 gsup_rx("10010809710000004026f00804036470f1",
821 "12010809710000004026f0");
822 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
823
824 btw("having received subscriber data does not mean acceptance");
825 EXPECT_ACCEPTED(false);
826 thwart_rx_non_initial_requests();
827 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
828
829 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]830 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]831 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]832 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]833
834 btw("LU was successful, and the conn has already been closed");
835 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
836 EXPECT_CONN_COUNT(0);
837 clear_vlr();
838 comment_end();
839}
840
841msc_vlr_test_func_t msc_vlr_tests[] = {
842 test_ciph,
843 test_ciph_tmsi,
844 test_ciph_imei,
845 test_ciph_imeisv,
846 test_ciph_tmsi_imei,
847 NULL
848};