Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / c4628a3ad4d3c5f65782b152b771bf80357235d6 / . / tests / msc_vlr / msc_vlr_test_gsm_ciph.c
blob: 953b4c90921d1db69cde50705ccc94db60c2c878 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]25#include "stubs.h"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]26
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]27static const struct osmo_gsm48_classmark classmark = {
28 // TODO
29 //bss_sends_bssap_mgmt("541203505886130b6014042f6503b8800d2100");
30};
31
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]32static void test_ciph()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]33{
34 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]35 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]36
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]37 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]38
39 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]40 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]41
42 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
43 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]44 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]45 ms_sends_msg("050802008168000130089910070000006402");
46 OSMO_ASSERT(gsup_tx_confirmed);
47 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
48
49 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
50 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
51 auth_request_sent = false;
52 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
53 auth_request_expect_autn = NULL;
54 gsup_rx("0a"
55 /* imsi */
56 "0108" "09710000004026f0"
57 /* 5 auth vectors... */
58 /* TL TL rand */
59 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
60 /* TL sres TL kc */
61 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
62 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
63 "2104" "20bde240" "2208" "07fa7502e07e1c00"
64 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
65 "2104" "a29514ae" "2208" "e2b234f807886400"
66 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
67 "2104" "5afc8d72" "2208" "2392f14f709ae000"
68 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]69 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]70 NULL);
71 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
72 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
73
74 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]75 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]76 ms_sends_msg("05542d8b2c3e");
77 OSMO_ASSERT(cipher_mode_cmd_sent);
78 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
79
80 btw("needs ciph, not yet accepted");
81 EXPECT_ACCEPTED(false);
82 thwart_rx_non_initial_requests();
83 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
84
85 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]86 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
87 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]88 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
89
90 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]91 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
92 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]93 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
94
95 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]96 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]97 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]98 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]99
100 btw("LU was successful, and the conn has already been closed");
101 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]102 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]103 EXPECT_CONN_COUNT(0);
104
105 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
106 cm_service_result_sent = RES_NONE;
107 auth_request_sent = false;
108 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]109 ms_sends_msg("05247403305886089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]110 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
111 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
112
113 btw("needs auth, not yet accepted");
114 EXPECT_ACCEPTED(false);
115 thwart_rx_non_initial_requests();
116
117 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]118 expect_cipher_mode_cmd("07fa7502e07e1c00");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]119 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
120 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
121 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
122
123 btw("needs ciph, not yet accepted");
124 EXPECT_ACCEPTED(false);
125 thwart_rx_non_initial_requests();
126
127 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]128 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]129 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
130
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]131 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]132 expect_bssap_clear(OSMO_RAT_GERAN_A);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]133 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]134
135 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]136 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]137 EXPECT_CONN_COUNT(0);
138
139 BTW("an SMS is sent, MS is paged");
140 paging_expect_imsi(imsi);
141 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]142 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]143 OSMO_ASSERT(vsub);
144 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
145
146 send_sms(vsub, vsub,
147 "Privacy in residential applications is a desirable"
148 " marketing option.");
149
150 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]151 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]152 vsub = NULL;
153 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]154
155 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]156 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]157 OSMO_ASSERT(vsub);
158 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]159 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]160
161 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
162 auth_request_sent = false;
163 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
164 ms_sends_msg("06270703305882089910070000006402");
165 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
166
167 btw("needs auth, not yet accepted");
168 EXPECT_ACCEPTED(false);
169 thwart_rx_non_initial_requests();
170
171 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]172 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]173 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
174 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
175
176 btw("needs ciph, not yet accepted");
177 EXPECT_ACCEPTED(false);
178 thwart_rx_non_initial_requests();
179
180 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
181 dtap_expect_tx("09" /* SMS messages */
182 "01" /* CP-DATA */
183 "58" /* length */
184 "01" /* Network to MS */
185 "00" /* reference */
186 /* originator (gsm411_send_sms() hardcodes this weird nr) */
187 "0791" "447758100650" /* 447785016005 */
188 "00" /* dest */
189 /* SMS TPDU */
190 "4c" /* len */
191 "00" /* SMS deliver */
192 "05806470f1" /* originating address 46071 */
193 "00" /* TP-PID */
194 "00" /* GSM default alphabet */
195 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
196 "000000" /* H-M-S */
197 "00" /* GMT+0 */
198 "44" /* data length */
199 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
200 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
201 "0c7ac3e9e9b7db05");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]202 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]203 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]204
205 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]206 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]207 OSMO_ASSERT(vsub);
208 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]209 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]210
211 btw("conn is still open to wait for SMS ack dance");
212 EXPECT_CONN_COUNT(1);
213
214 btw("MS replies with CP-ACK for received SMS");
215 ms_sends_msg("8904");
216 EXPECT_CONN_COUNT(1);
217
218 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
219 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]220 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]221 ms_sends_msg("890106020041020000");
222 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]223 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]224
225 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]226 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]227 EXPECT_CONN_COUNT(0);
228
229 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]230 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]231 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]232 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]233
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]234 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]235 EXPECT_CONN_COUNT(0);
236 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]237 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]238}
239
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]240static void test_ciph_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]241{
242 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]243 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]244
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]245 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]246
247 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]248 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]249 net->vlr->cfg.assign_tmsi = true;
250
251 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
252 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]253 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]254 ms_sends_msg("050802008168000130089910070000006402");
255 OSMO_ASSERT(gsup_tx_confirmed);
256 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
257
258 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
259 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
260 auth_request_sent = false;
261 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
262 auth_request_expect_autn = NULL;
263 gsup_rx("0a"
264 /* imsi */
265 "0108" "09710000004026f0"
266 /* 5 auth vectors... */
267 /* TL TL rand */
268 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
269 /* TL sres TL kc */
270 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
271 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
272 "2104" "20bde240" "2208" "07fa7502e07e1c00"
273 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
274 "2104" "a29514ae" "2208" "e2b234f807886400"
275 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
276 "2104" "5afc8d72" "2208" "2392f14f709ae000"
277 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]278 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]279 NULL);
280 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
281 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
282
283 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]284 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]285 ms_sends_msg("05542d8b2c3e");
286 OSMO_ASSERT(cipher_mode_cmd_sent);
287 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
288 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
289
290 btw("needs ciph, not yet accepted");
291 EXPECT_ACCEPTED(false);
292 thwart_rx_non_initial_requests();
293 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
294
295 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]296 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
297 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]298 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
299
300 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]301 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
302 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]303 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
304
305 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]306 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]307
308 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
309 EXPECT_CONN_COUNT(1);
310 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
311 EXPECT_ACCEPTED(false);
312 thwart_rx_non_initial_requests();
313
314 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]315 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]316 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
317 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
318 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
319 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]320 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]321
322 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]323 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]324 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]325 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]326
327 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]328 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]329 EXPECT_CONN_COUNT(0);
330
331 btw("Subscriber has the new TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]332 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]333 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
334 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
335 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
336 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]337 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]338
339 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
340 cm_service_result_sent = RES_NONE;
341 auth_request_sent = false;
342 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
343 auth_request_expect_autn = NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]344 ms_sends_msg("05247403305886" "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]345 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
346 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
347
348 btw("needs auth, not yet accepted");
349 EXPECT_ACCEPTED(false);
350 thwart_rx_non_initial_requests();
351
352 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]353 expect_cipher_mode_cmd("07fa7502e07e1c00");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]354 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
355 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
356 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
357
358 btw("needs ciph, not yet accepted");
359 EXPECT_ACCEPTED(false);
360 thwart_rx_non_initial_requests();
361
362 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]363 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]364 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
365
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]366 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]367 expect_bssap_clear(OSMO_RAT_GERAN_A);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]368 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]369
370 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]371 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]372 EXPECT_CONN_COUNT(0);
373
374 BTW("an SMS is sent, MS is paged");
375 paging_expect_tmsi(0x03020100);
376 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]377 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]378 OSMO_ASSERT(vsub);
379 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
380
381 send_sms(vsub, vsub,
382 "Privacy in residential applications is a desirable"
383 " marketing option.");
384
385 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]386 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]387 vsub = NULL;
388 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]389
390 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]391 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]392 OSMO_ASSERT(vsub);
393 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]394 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]395
396 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
397 auth_request_sent = false;
398 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
399 ms_sends_msg("06270703305882" "05f4" "03020100");
400 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
401
402 btw("needs auth, not yet accepted");
403 EXPECT_ACCEPTED(false);
404 thwart_rx_non_initial_requests();
405
406 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]407 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]408 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
409 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
410
411 btw("needs ciph, not yet accepted");
412 EXPECT_ACCEPTED(false);
413 thwart_rx_non_initial_requests();
414
415 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
416 dtap_expect_tx("09" /* SMS messages */
417 "01" /* CP-DATA */
418 "58" /* length */
419 "01" /* Network to MS */
420 "00" /* reference */
421 /* originator (gsm411_send_sms() hardcodes this weird nr) */
422 "0791" "447758100650" /* 447785016005 */
423 "00" /* dest */
424 /* SMS TPDU */
425 "4c" /* len */
426 "00" /* SMS deliver */
427 "05806470f1" /* originating address 46071 */
428 "00" /* TP-PID */
429 "00" /* GSM default alphabet */
430 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
431 "000000" /* H-M-S */
432 "00" /* GMT+0 */
433 "44" /* data length */
434 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
435 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
436 "0c7ac3e9e9b7db05");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]437 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]438 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]439
440 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]441 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]442 OSMO_ASSERT(vsub);
443 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]444 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]445
446 btw("conn is still open to wait for SMS ack dance");
447 EXPECT_CONN_COUNT(1);
448
449 btw("MS replies with CP-ACK for received SMS");
450 ms_sends_msg("8904");
451 EXPECT_CONN_COUNT(1);
452
453 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
454 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]455 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]456 ms_sends_msg("890106020041020000");
457 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]458 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]459
460 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]461 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]462 EXPECT_CONN_COUNT(0);
463
464 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]465 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]466 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]467 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]468
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]469 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]470 EXPECT_CONN_COUNT(0);
471 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]472 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]473}
474
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]475static void test_ciph_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]476{
477 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]478 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]479
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]480 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]481
482 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]483 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]484 net->vlr->cfg.check_imei_rqd = true;
485
486 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
487 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]488 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]489 ms_sends_msg("050802008168000130089910070000006402");
490 OSMO_ASSERT(gsup_tx_confirmed);
491 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
492
493 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
494 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
495 auth_request_sent = false;
496 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
497 auth_request_expect_autn = NULL;
498 gsup_rx("0a"
499 /* imsi */
500 "0108" "09710000004026f0"
501 /* 5 auth vectors... */
502 /* TL TL rand */
503 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
504 /* TL sres TL kc */
505 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
506 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
507 "2104" "20bde240" "2208" "07fa7502e07e1c00"
508 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
509 "2104" "a29514ae" "2208" "e2b234f807886400"
510 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
511 "2104" "5afc8d72" "2208" "2392f14f709ae000"
512 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]513 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]514 NULL);
515 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
516 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
517
518 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]519 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]520 ms_sends_msg("05542d8b2c3e");
521 OSMO_ASSERT(cipher_mode_cmd_sent);
522 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
523
524 btw("needs ciph, not yet accepted");
525 EXPECT_ACCEPTED(false);
526 thwart_rx_non_initial_requests();
527 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
528
529 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]530 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
531 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]532 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
533
534 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]535 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
536 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]537 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
538
539 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
540 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]541 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]542
543 btw("We will only do business when the IMEI is known");
544 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]545 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]546 OSMO_ASSERT(vsub);
547 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]548 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]549 EXPECT_ACCEPTED(false);
550 thwart_rx_non_initial_requests();
551
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]552 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]553 gsup_expect_tx("30010809710000004026f050090824433224433224f0" VLR_TO_HLR);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]554 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]555 EXPECT_ACCEPTED(false);
556 thwart_rx_non_initial_requests();
557
558 btw("HLR accepts the IMEI");
559 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]560 gsup_rx("32010809710000004026f0510100" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]561 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]562
563 btw("LU was successful, and the conn has already been closed");
564 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]565 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]566 EXPECT_CONN_COUNT(0);
567
568 btw("Subscriber has the IMEI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]569 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]570 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]571 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]572 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]573
574 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]575 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]576 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]577 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]578
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]579 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]580 EXPECT_CONN_COUNT(0);
581 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]582 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]583}
584
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]585static void test_ciph_imeisv()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]586{
587 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]588 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]589
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]590 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]591
592 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]593 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr54a706c2017-07-18 15:39:27 +0200[diff] [blame]594 net->vlr->cfg.retrieve_imeisv_ciphered = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]595
596 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
597 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]598 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]599 ms_sends_msg("050802008168000130089910070000006402");
600 OSMO_ASSERT(gsup_tx_confirmed);
601 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
602
603 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
604 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
605 auth_request_sent = false;
606 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
607 auth_request_expect_autn = NULL;
608 gsup_rx("0a"
609 /* imsi */
610 "0108" "09710000004026f0"
611 /* 5 auth vectors... */
612 /* TL TL rand */
613 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
614 /* TL sres TL kc */
615 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
616 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
617 "2104" "20bde240" "2208" "07fa7502e07e1c00"
618 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
619 "2104" "a29514ae" "2208" "e2b234f807886400"
620 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
621 "2104" "5afc8d72" "2208" "2392f14f709ae000"
622 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]623 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]624 NULL);
625 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
626 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
627
628 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]629 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]630 ms_sends_msg("05542d8b2c3e");
631 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
632 VERBOSE_ASSERT(cipher_mode_cmd_sent_with_imeisv, == true, "%d");
633 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
634
635 btw("needs ciph, not yet accepted");
636 EXPECT_ACCEPTED(false);
637 thwart_rx_non_initial_requests();
638 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
639
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]640 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]641 OSMO_ASSERT(vsub);
642 VERBOSE_ASSERT(vsub->imeisv[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]643 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]644
645 btw("MS sends Ciphering Mode Complete with IMEISV, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]646 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
647 ms_sends_ciphering_mode_complete("063217094b32244332244372f5");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]648 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
649
650 btw("Subscriber has the IMEISV");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]651 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]652 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]653 VERBOSE_ASSERT(strcmp(vsub->imeisv, "4234234234234275"), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]654 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]655
656 EXPECT_ACCEPTED(false);
657 thwart_rx_non_initial_requests();
658
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]659 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]660 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
661 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]662 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
663
664 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]665 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]666 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]667 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]668
669 btw("LU was successful, and the conn has already been closed");
670 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]671 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]672 EXPECT_CONN_COUNT(0);
673
674 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]675 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]676 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]677 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]678
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]679 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]680 EXPECT_CONN_COUNT(0);
681 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]682 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]683}
684
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]685static void test_ciph_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]686{
687 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]688 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]689
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]690 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]691
692 /* implicit: net->authentication_required = true; */
Harald Welte7b222aa2017-12-23 19:30:32 +0100[diff] [blame]693 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]694 net->vlr->cfg.assign_tmsi = true;
695 net->vlr->cfg.check_imei_rqd = true;
696
697 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
698 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]699 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]700 ms_sends_msg("050802008168000130089910070000006402");
701 OSMO_ASSERT(gsup_tx_confirmed);
702 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
703
704 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
705 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
706 auth_request_sent = false;
707 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
708 auth_request_expect_autn = NULL;
709 gsup_rx("0a"
710 /* imsi */
711 "0108" "09710000004026f0"
712 /* 5 auth vectors... */
713 /* TL TL rand */
714 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
715 /* TL sres TL kc */
716 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
717 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
718 "2104" "20bde240" "2208" "07fa7502e07e1c00"
719 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
720 "2104" "a29514ae" "2208" "e2b234f807886400"
721 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
722 "2104" "5afc8d72" "2208" "2392f14f709ae000"
723 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]724 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]725 NULL);
726 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
727 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
728
729 btw("MS sends Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]730 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]731 ms_sends_msg("05542d8b2c3e");
732 OSMO_ASSERT(cipher_mode_cmd_sent);
733 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
734
735 btw("needs ciph, not yet accepted");
736 EXPECT_ACCEPTED(false);
737 thwart_rx_non_initial_requests();
738 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
739
740 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]741 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
742 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]743 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
744
745 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]746 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
747 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]748 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
749
750 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
751 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]752 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]753
754 btw("We will only do business when the IMEI is known");
755 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]756 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]757 OSMO_ASSERT(vsub);
758 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]759 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]760 EXPECT_ACCEPTED(false);
761 thwart_rx_non_initial_requests();
762
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]763 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]764 gsup_expect_tx("30010809710000004026f050090824433224433224f0" VLR_TO_HLR);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]765 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]766 EXPECT_ACCEPTED(false);
767 thwart_rx_non_initial_requests();
768
769 btw("HLR accepts the IMEI");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]770 gsup_rx("32010809710000004026f0510100" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]771
772 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
773 EXPECT_CONN_COUNT(1);
774 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
775 EXPECT_ACCEPTED(false);
776 thwart_rx_non_initial_requests();
777
778 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]779 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]780 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
781 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
782 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
783 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]784 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]785
786 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]787 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]788 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]789 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]790
791 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]792 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]793 EXPECT_CONN_COUNT(0);
794
795 btw("Subscriber has the IMEI and TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]796 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]797 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]798 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]799 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]800 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]801
802 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]803 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]804 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]805 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]806
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]807 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]808 EXPECT_CONN_COUNT(0);
809 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]810 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]811}
812
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]813static void test_gsm_ciph_in_umts_env()
814{
815 struct vlr_subscr *vsub;
816 const char *imsi = "901700000010650";
817 const char *sms =
818 "09" /* SMS messages */
819 "01" /* CP-DATA */
820 "58" /* length */
821 "01" /* Network to MS */
822 "00" /* reference */
823 /* originator (gsm411_send_sms() hardcodes this weird nr) */
824 "0791" "447758100650" /* 447785016005 */
825 "00" /* dest */
826 /* SMS TPDU */
827 "4c" /* len */
828 "00" /* SMS deliver */
829 "05802443f2" /* originating address 42342 */
830 "00" /* TP-PID */
831 "00" /* GSM default alphabet */
832 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
833 "000000" /* H-M-S */
834 "00" /* GMT+0 */
835 "44" /* data length */
836 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
837 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
838 "0c7ac3e9e9b7db05";
839
840 comment_start();
841
842 /* implicit: net->authentication_required = true; */
843 net->a5_encryption_mask = (1 << 1);
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]844 rx_from_ran = OSMO_RAT_GERAN_A;
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]845
846 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
847 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]848 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]849 ms_sends_msg("0508" /* MM LU */
850 "7" /* ciph key seq: no key available */
851 "0" /* LU type: normal */
852 "ffffff" "0000" /* LAI, LAC */
853 "57" /* classmark 1: R99, early classmark, no power lvl */
854 "089910070000106005" /* IMSI */
855 "3303575886" /* classmark 2 */
856 );
857 OSMO_ASSERT(gsup_tx_confirmed);
858 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
859
860 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends *UMTS AKA* Auth Req to MS");
861 /* based on
862 * 2G auth: COMP128v1
863 * KI=7bcd108be4c3d551ee6c67faaf52bd68
864 * 3G auth: MILENAGE
865 * K=7bcd108be4c3d551ee6c67faaf52bd68
866 * OPC=6e23f641ce724679b73d933515a8589d
867 * IND-bitlen=5 last-SQN=641
868 * Note that the SRES will be calculated by COMP128v1, separately from 3G tokens;
869 * the resulting Kc to use for ciphering returned by the HLR is also calculated from COMP128v1.
870 */
871 auth_request_sent = false;
872 auth_request_expect_rand = "4ac8d1cd1a51937597ca1016fe69a0fa";
873 auth_request_expect_autn = "2d837d2b0d6f00004b282d5acf23428d";
874 gsup_rx("0a"
875 /* imsi */
876 "0108" "09710000000156f0"
877 /* 5 auth vectors... */
878 /* TL TL rand */
879 "0362" "2010" "4ac8d1cd1a51937597ca1016fe69a0fa"
880 /* TL sres TL kc */
881 "2104" "dacc4b26" "2208" "7a75f0ac9b844400"
882 /* TL 3G IK */
883 "2310" "3747da4e31545baa2db59e500bdae047"
884 /* TL 3G CK */
885 "2410" "8544d35b945ccba01a7f1293575291c3"
886 /* TL AUTN */
887 "2510" "2d837d2b0d6f00004b282d5acf23428d"
888 /* TL RES */
889 "2708" "37527064741f8ddb"
890 /* TL TL rand */
891 "0362" "2010" "b2661531b97b12c5a2edc21a0ed16fc5"
892 "2104" "2fb4cfad" "2208" "da149b11d473f400"
893 "2310" "3fe013b1a428ea737c37f8f0288c8edf"
894 "2410" "f275438c02b97e4d6f639dddda3d10b9"
895 "2510" "78cdd96c60840000322f421b3bb778b1"
896 "2708" "ed3ebf9cb6ea48ed"
897 "0362" "2010" "54d8f19778056666b41c8c25e52eb60c"
898 "2104" "0ff61e0f" "2208" "26ec67fad3073000"
899 "2310" "2868b0922c652616f1c975e3eaf7943a"
900 "2410" "6a84a20b1bc13ec9840466406d2dd91e"
901 "2510" "53f3e5632b3d00008865dd54d49663f2"
902 "2708" "86e848a9e7ad8cd5"
903 "0362" "2010" "1f05607ff9c8984f46ad97f8c9a94982"
904 "2104" "91a36e3d" "2208" "5d84421884fdcc00"
905 "2310" "2171fef54b81e30c83a598a5e44f634c"
906 "2410" "f02d088697509827565b46938fece211"
907 "2510" "1b43bbf9815e00001cb9b2a9f6b8a77c"
908 "2708" "373e67d62e719c51"
909 "0362" "2010" "80d89a58a2a41050918caf68a4e93c64"
910 "2104" "a319f5f1" "2208" "883df2b867293000"
911 "2310" "fa5d70f929ff298efb160413698dc107"
912 "2410" "ae9a3d8ce70ce13bac297bdb91cd6c68"
913 "2510" "5c0dc2eeaefa0000396882a1fe2cf80b"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]914 "2708" "65ab1cad216bfe87" HLR_TO_VLR,
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]915 NULL);
916 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
917 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
918
919 btw("MS sends *GSM AKA* Authen Response, VLR accepts and sends Ciphering Mode Command to MS");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]920 expect_cipher_mode_cmd("7a75f0ac9b844400");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]921 ms_sends_msg("0554" "dacc4b26");
922 OSMO_ASSERT(cipher_mode_cmd_sent);
923 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
924
925 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]926 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
927 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]928 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
929
930 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]931 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
932 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]933 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
934
935 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
936 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]937 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]938 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
939
940 btw("LU was successful, and the conn has already been closed");
941 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]942 ran_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]943 EXPECT_CONN_COUNT(0);
944
945 BTW("after a while, a new conn sends a CM Service Request. VLR responds with *UMTS AKA* Auth Req, 2nd auth vector");
946 auth_request_sent = false;
947 auth_request_expect_rand = "b2661531b97b12c5a2edc21a0ed16fc5";
948 auth_request_expect_autn = "78cdd96c60840000322f421b3bb778b1";
949 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]950 ms_sends_msg("052474"
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]951 "03575886" /* classmark 2 */
952 "089910070000106005" /* IMSI */);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]953 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
954 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
955
956 btw("needs auth, not yet accepted");
957 EXPECT_ACCEPTED(false);
958 thwart_rx_non_initial_requests();
959
960 btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]961 expect_cipher_mode_cmd("da149b11d473f400");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]962 ms_sends_msg("0554" "2fb4cfad");
963 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
964 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
965
966 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]967 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]968 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
969
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]970 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]971 expect_bssap_clear(OSMO_RAT_GERAN_A);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]972 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]973
974 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]975 ran_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]976 EXPECT_CONN_COUNT(0);
977
978 BTW("an SMS is sent, MS is paged");
979 paging_expect_imsi(imsi);
980 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]981 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]982 OSMO_ASSERT(vsub);
983 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
984
985 send_sms(vsub, vsub,
986 "Privacy in residential applications is a desirable"
987 " marketing option.");
988
989 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]990 vlr_subscr_put(vsub, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]991 vsub = NULL;
992 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]993
994 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]995 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]996 OSMO_ASSERT(vsub);
997 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]998 vlr_subscr_put(vsub, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]999
1000 btw("MS replies with Paging Response, and VLR sends *UMTS AKA* Auth Request with third key");
1001 auth_request_sent = false;
1002 auth_request_expect_rand = "54d8f19778056666b41c8c25e52eb60c";
1003 auth_request_expect_autn = "53f3e5632b3d00008865dd54d49663f2";
1004 ms_sends_msg("062707"
1005 "03575886" /* classmark 2 */
1006 "089910070000106005" /* IMSI */);
1007 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1008
1009 btw("needs auth, not yet accepted");
1010 EXPECT_ACCEPTED(false);
1011 thwart_rx_non_initial_requests();
1012
1013 btw("MS sends *GSM AKA* Authen Response, VLR accepts and requests Ciphering");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1014 expect_cipher_mode_cmd("26ec67fad3073000");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1015 ms_sends_msg("0554" "0ff61e0f");
1016 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1017
1018 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1019 dtap_expect_tx(sms);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1020 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1021 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1022
1023 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1024 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1025 OSMO_ASSERT(vsub);
1026 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1027 vlr_subscr_put(vsub, __func__);
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1028
1029 btw("conn is still open to wait for SMS ack dance");
1030 EXPECT_CONN_COUNT(1);
1031
1032 btw("MS replies with CP-ACK for received SMS");
1033 ms_sends_msg("8904");
1034 EXPECT_CONN_COUNT(1);
1035
1036 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1037 dtap_expect_tx("0904");
1038 expect_bssap_clear();
1039 ms_sends_msg("890106020041020000");
1040 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1041 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1042
1043 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1044 ran_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1045 EXPECT_CONN_COUNT(0);
1046
1047 BTW("subscriber detaches");
1048 expect_bssap_clear();
1049 ms_sends_msg("050130"
1050 "089910070000106005" /* IMSI */);
1051 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1052
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1053 ran_sends_clear_complete();
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1054 EXPECT_CONN_COUNT(0);
1055 clear_vlr();
1056 comment_end();
1057}
1058
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1059static void test_a5_3_supported()
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1060{
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1061 struct vlr_subscr *vsub;
1062 const char *imsi = "901700000004620";
1063
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1064 comment_start();
1065
1066 /* implicit: net->authentication_required = true; */
1067 net->a5_encryption_mask = (1 << 3); /* A5/3 */
1068
1069 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1070 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1071 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1072 ms_sends_msg("050802008168000130089910070000006402");
1073 OSMO_ASSERT(gsup_tx_confirmed);
1074 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1075
1076 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1077 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1078 auth_request_sent = false;
1079 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1080 auth_request_expect_autn = NULL;
1081 gsup_rx("0a"
1082 /* imsi */
1083 "0108" "09710000004026f0"
1084 /* 5 auth vectors... */
1085 /* TL TL rand */
1086 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1087 /* TL sres TL kc */
1088 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1089 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1090 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1091 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1092 "2104" "a29514ae" "2208" "e2b234f807886400"
1093 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1094 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1095 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1096 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1097 NULL);
1098 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1099 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1100
1101 BTW("MS sends Authen Response, VLR accepts and wants to send Ciphering Mode Command to MS"
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1102 " -- but needs Classmark 2 to determine whether A5/3 is supported");
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1103 cipher_mode_cmd_sent = false;
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1104 ms_sends_msg("05542d8b2c3e");
1105 OSMO_ASSERT(!cipher_mode_cmd_sent);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1106 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1107
1108 btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
1109 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1110 ms_sends_classmark_update(&classmark);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1111 OSMO_ASSERT(cipher_mode_cmd_sent);
1112 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1113
1114 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1115 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
1116 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1117 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1118
1119 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1120 gsup_rx("10010809710000004026f00804032443f2" HLR_TO_VLR,
1121 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1122 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1123
1124 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
1125 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1126 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1127 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1128
1129 btw("LU was successful, and the conn has already been closed");
1130 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1131 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1132 EXPECT_CONN_COUNT(0);
1133
1134 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1135 cm_service_result_sent = RES_NONE;
1136 auth_request_sent = false;
1137 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1138 ms_sends_msg("05247403305886089910070000006402");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1139 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1140 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1141
1142 btw("needs auth, not yet accepted");
1143 EXPECT_ACCEPTED(false);
1144 thwart_rx_non_initial_requests();
1145
1146 btw("MS sends Authen Response, VLR accepts and requests Ciphering. We already know Classmark 3,"
1147 " so no need to request Classmark Update.");
1148 expect_cipher_mode_cmd("07fa7502e07e1c00");
1149 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
1150 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1151 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1152
1153 btw("needs ciph, not yet accepted");
1154 EXPECT_ACCEPTED(false);
1155 thwart_rx_non_initial_requests();
1156
1157 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1158 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1159 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1160
1161 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]1162 expect_bssap_clear(OSMO_RAT_GERAN_A);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1163 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1164
1165 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1166 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1167 EXPECT_CONN_COUNT(0);
1168
1169 BTW("an SMS is sent, MS is paged");
1170 paging_expect_imsi(imsi);
1171 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1172 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1173 OSMO_ASSERT(vsub);
1174 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1175
1176 send_sms(vsub, vsub,
1177 "Privacy in residential applications is a desirable"
1178 " marketing option.");
1179
1180 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1181 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1182 vsub = NULL;
1183 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1184
1185 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1186 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1187 OSMO_ASSERT(vsub);
1188 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1189 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1190
1191 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1192 auth_request_sent = false;
1193 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
1194 ms_sends_msg("06270703305882089910070000006402");
1195 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1196
1197 btw("needs auth, not yet accepted");
1198 EXPECT_ACCEPTED(false);
1199 thwart_rx_non_initial_requests();
1200
1201 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
1202 expect_cipher_mode_cmd("e2b234f807886400");
1203 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
1204 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1205
1206 btw("needs ciph, not yet accepted");
1207 EXPECT_ACCEPTED(false);
1208 thwart_rx_non_initial_requests();
1209
1210 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1211 dtap_expect_tx("09" /* SMS messages */
1212 "01" /* CP-DATA */
1213 "58" /* length */
1214 "01" /* Network to MS */
1215 "00" /* reference */
1216 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1217 "0791" "447758100650" /* 447785016005 */
1218 "00" /* dest */
1219 /* SMS TPDU */
1220 "4c" /* len */
1221 "00" /* SMS deliver */
1222 "05802443f2" /* originating address 42342 */
1223 "00" /* TP-PID */
1224 "00" /* GSM default alphabet */
1225 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1226 "000000" /* H-M-S */
1227 "00" /* GMT+0 */
1228 "44" /* data length */
1229 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1230 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1231 "0c7ac3e9e9b7db05");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1232 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1233 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1234
1235 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1236 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1237 OSMO_ASSERT(vsub);
1238 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1239 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1240
1241 btw("conn is still open to wait for SMS ack dance");
1242 EXPECT_CONN_COUNT(1);
1243
1244 btw("MS replies with CP-ACK for received SMS");
1245 ms_sends_msg("8904");
1246 EXPECT_CONN_COUNT(1);
1247
1248 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1249 dtap_expect_tx("0904");
1250 expect_bssap_clear();
1251 ms_sends_msg("890106020041020000");
1252 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1253 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1254
1255 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1256 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1257 EXPECT_CONN_COUNT(0);
1258
1259 BTW("subscriber detaches");
1260 expect_bssap_clear();
1261 ms_sends_msg("050130089910070000006402");
1262 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1263
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1264 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1265 EXPECT_CONN_COUNT(0);
1266 clear_vlr();
1267 comment_end();
1268}
1269
1270/* During CM Service Request or Paging Response we already have Classmark 2 that indicates A5/3
1271 * availablity. Here, in a hacky way remove the knowledge of Classmark 2 to tickle a code path where
1272 * proc_arq_fsm needs a Classmark Update during Ciphering. Shouldn't happen in reality though. */
1273static void test_cm_service_needs_classmark_update()
1274{
1275 struct vlr_subscr *vsub;
1276 const char *imsi = "901700000004620";
1277
1278 comment_start();
1279
1280 /* A5/3 support is indicated in Classmark 3. By configuring A5/3, trigger the code paths that
1281 * send a Classmark Request. */
1282 net->a5_encryption_mask = (1 << 3); /* A5/3 */
1283 /* implicit: net->authentication_required = true; */
1284
1285 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1286 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1287 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1288 ms_sends_msg("050802008168000130089910070000006402");
1289 OSMO_ASSERT(gsup_tx_confirmed);
1290 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1291
1292 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1293 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1294 auth_request_sent = false;
1295 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1296 auth_request_expect_autn = NULL;
1297 gsup_rx("0a"
1298 /* imsi */
1299 "0108" "09710000004026f0"
1300 /* 5 auth vectors... */
1301 /* TL TL rand */
1302 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1303 /* TL sres TL kc */
1304 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1305 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1306 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1307 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1308 "2104" "a29514ae" "2208" "e2b234f807886400"
1309 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1310 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1311 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1312 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1313 NULL);
1314 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1315 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1316
1317 BTW("MS sends Authen Response, VLR accepts and wants to send Ciphering Mode Command to MS"
1318 " -- but needs Classmark 2 to determine whether A5/3 is supported");
1319 cipher_mode_cmd_sent = false;
1320 ms_sends_msg("05542d8b2c3e");
1321 OSMO_ASSERT(!cipher_mode_cmd_sent);
1322 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1323
1324 btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
1325 expect_cipher_mode_cmd("61855fb81fc2a800");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1326 ms_sends_classmark_update(&classmark);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1327 OSMO_ASSERT(cipher_mode_cmd_sent);
1328 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1329
1330 btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1331 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
1332 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1333 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1334
1335 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1336 gsup_rx("10010809710000004026f00804032443f2" HLR_TO_VLR,
1337 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1338 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1339
1340 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
1341 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1342 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1343 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1344
1345 btw("LU was successful, and the conn has already been closed");
1346 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1347 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1348 EXPECT_CONN_COUNT(0);
1349
1350
1351 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1352 cm_service_result_sent = RES_NONE;
1353 auth_request_sent = false;
1354 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1355 ms_sends_msg("05247403305886089910070000006402");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1356 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1357 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1358
1359 btw("needs auth, not yet accepted");
1360 EXPECT_ACCEPTED(false);
1361 thwart_rx_non_initial_requests();
1362
1363 btw("MS sends Authen Response, VLR accepts and requests Ciphering. We already know Classmark 3,"
1364 " so no need to request Classmark Update.");
1365 expect_cipher_mode_cmd("07fa7502e07e1c00");
1366 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
1367 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1368 VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
1369
1370 btw("needs ciph, not yet accepted");
1371 EXPECT_ACCEPTED(false);
1372 thwart_rx_non_initial_requests();
1373
1374 btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1375 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1376 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1377
1378 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]1379 expect_bssap_clear(OSMO_RAT_GERAN_A);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1380 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1381
1382 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1383 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1384 EXPECT_CONN_COUNT(0);
1385
1386 BTW("an SMS is sent, MS is paged");
1387 paging_expect_imsi(imsi);
1388 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1389 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1390 OSMO_ASSERT(vsub);
1391 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1392
1393 send_sms(vsub, vsub, "Privacy in residential applications is a desirable marketing option.");
1394
1395 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1396 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1397 vsub = NULL;
1398 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1399
1400 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1401 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1402 OSMO_ASSERT(vsub);
1403 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1404 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1405
1406 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1407 auth_request_sent = false;
1408 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
1409 ms_sends_msg("06270703305882089910070000006402");
1410 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1411
1412 BTW("Fake a situation where Classmark 2 is unknown during proc_arq_fsm");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1413 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1414 OSMO_ASSERT(vsub);
1415 vsub->classmark.classmark2_len = 0;
1416 vsub->classmark.classmark3_len = 0;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1417 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1418
1419 btw("MS sends Authen Response, VLR accepts and requests Ciphering");
1420 btw("MS sends Authen Response, VLR accepts and requests Ciphering."
1421 " Normally, we'd know Classmark 3, but this test removed it."
1422 " Hence a Classmark Request is generated.");
1423 cipher_mode_cmd_sent = false;
1424 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
1425 OSMO_ASSERT(!cipher_mode_cmd_sent);
1426
1427 btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
1428 expect_cipher_mode_cmd("e2b234f807886400");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1429 ms_sends_classmark_update(&classmark);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1430 OSMO_ASSERT(cipher_mode_cmd_sent);
1431
1432 btw("needs ciph, not yet accepted");
1433 EXPECT_ACCEPTED(false);
1434
1435 btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
1436 dtap_expect_tx("09" /* SMS messages */
1437 "01" /* CP-DATA */
1438 "58" /* length */
1439 "01" /* Network to MS */
1440 "00" /* reference */
1441 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1442 "0791" "447758100650" /* 447785016005 */
1443 "00" /* dest */
1444 /* SMS TPDU */
1445 "4c" /* len */
1446 "00" /* SMS deliver */
1447 "05802443f2" /* originating address 42342 */
1448 "00" /* TP-PID */
1449 "00" /* GSM default alphabet */
1450 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1451 "000000" /* H-M-S */
1452 "00" /* GMT+0 */
1453 "44" /* data length */
1454 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1455 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1456 "0c7ac3e9e9b7db05");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1457 ms_sends_ciphering_mode_complete(NULL);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1458 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1459
1460 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1461 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1462 OSMO_ASSERT(vsub);
1463 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1464 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1465
1466 btw("conn is still open to wait for SMS ack dance");
1467 EXPECT_CONN_COUNT(1);
1468
1469 btw("MS replies with CP-ACK for received SMS");
1470 ms_sends_msg("8904");
1471 EXPECT_CONN_COUNT(1);
1472
1473 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1474 dtap_expect_tx("0904");
1475 expect_bssap_clear();
1476 ms_sends_msg("890106020041020000");
1477 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1478 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
1479
1480 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1481 ran_sends_clear_complete();
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1482 EXPECT_CONN_COUNT(0);
1483
1484 BTW("subscriber detaches");
1485 expect_bssap_clear();
1486 ms_sends_msg("050130089910070000006402");
1487 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1488
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame^]1489 ran_sends_clear_complete();
Neels Hofmeyra7fd88c2018-03-02 01:50:42 +0100[diff] [blame]1490 EXPECT_CONN_COUNT(0);
1491 clear_vlr();
1492 comment_end();
1493}
1494
1495
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1496msc_vlr_test_func_t msc_vlr_tests[] = {
1497 test_ciph,
1498 test_ciph_tmsi,
1499 test_ciph_imei,
1500 test_ciph_imeisv,
1501 test_ciph_tmsi_imei,
Neels Hofmeyrcac6e892018-03-10 02:05:44 +0100[diff] [blame]1502 test_gsm_ciph_in_umts_env,
Neels Hofmeyr3117b702018-09-13 03:23:07 +0200[diff] [blame]1503 test_a5_3_supported,
1504 test_cm_service_needs_classmark_update,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1505 NULL
1506};