Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / c7de62cc53fa6ad985015403dd9af8f1627136a0 / . / tests / msc_vlr / msc_vlr_test_gsm_authen.c
blob: f6f1ab69ed20a2712c7628554ac60fb50432a9c9 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]26static void test_gsm_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]29 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]30
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]31 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]32
33 net->authentication_required = true;
34
35 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
36 lu_result_sent = RES_NONE;
37 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]38 ms_sends_msg("0508020081680001"
39 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
40 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]41 OSMO_ASSERT(gsup_tx_confirmed);
42 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
43
44 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
45 auth_request_sent = false;
46 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
47 auth_request_expect_autn = NULL;
48 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
49 gsup_rx("0a"
50 /* imsi */
51 "0108" "09710000004026f0"
52 /* 5 auth vectors... */
53 /* TL TL rand */
54 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
55 /* TL sres TL kc */
56 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
57 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
58 "2104" "20bde240" "2208" "07fa7502e07e1c00"
59 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
60 "2104" "a29514ae" "2208" "e2b234f807886400"
61 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
62 "2104" "5afc8d72" "2208" "2392f14f709ae000"
63 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
64 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
65 NULL);
66 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
67 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
68
69 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
70 gsup_rx("06010809710000004026f0", NULL);
71 EXPECT_ACCEPTED(false);
72
73 thwart_rx_non_initial_requests();
74
75 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
76
77 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]78 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]79 ms_sends_msg("05542d8b2c3e");
80 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
81
82 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
83 gsup_rx("10010809710000004026f00804036470f1",
84 "12010809710000004026f0");
85 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
86
87 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]88 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]89 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]90 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]91
92 btw("LU was successful, and the conn has already been closed");
93 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]94 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]95 EXPECT_CONN_COUNT(0);
96
97 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
98 auth_request_sent = false;
99 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
100 cm_service_result_sent = RES_NONE;
101 ms_sends_msg("05247803305886089910070000006402");
102 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]103 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]104 OSMO_ASSERT(g_conn->vsub);
105 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
106 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
107
108 btw("needs auth, not yet accepted");
109 EXPECT_ACCEPTED(false);
110 thwart_rx_non_initial_requests();
111
112 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
113 gsup_expect_tx(NULL);
114 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
115 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
116
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]117 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]118 expect_bssap_clear(OSMO_RAT_GERAN_A);
119 conn_conclude_cm_service_req(g_conn, OSMO_RAT_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]120
121 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]122 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]123 EXPECT_CONN_COUNT(0);
124
125 BTW("an SMS is sent, MS is paged");
126 paging_expect_imsi(imsi);
127 paging_sent = false;
128 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
129 OSMO_ASSERT(vsub);
130 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
131
132 send_sms(vsub, vsub,
133 "Privacy in residential applications is a desirable"
134 " marketing option.");
135
136 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
137 vlr_subscr_put(vsub);
138 vsub = NULL;
139 VERBOSE_ASSERT(paging_sent, == true, "%d");
140 VERBOSE_ASSERT(paging_stopped, == false, "%d");
141
142 btw("the subscriber and its pending request should remain");
143 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
144 OSMO_ASSERT(vsub);
145 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
146 vlr_subscr_put(vsub);
147
148 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
149 auth_request_sent = false;
150 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
151 ms_sends_msg("06270703305882089910070000006402");
152 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
153
154 btw("needs auth, not yet accepted");
155 EXPECT_ACCEPTED(false);
156 thwart_rx_non_initial_requests();
157
158 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
159 dtap_expect_tx("09" /* SMS messages */
160 "01" /* CP-DATA */
161 "58" /* length */
162 "01" /* Network to MS */
163 "00" /* reference */
164 /* originator (gsm411_send_sms() hardcodes this weird nr) */
165 "0791" "447758100650" /* 447785016005 */
166 "00" /* dest */
167 /* SMS TPDU */
168 "4c" /* len */
169 "00" /* SMS deliver */
170 "05806470f1" /* originating address 46071 */
171 "00" /* TP-PID */
172 "00" /* GSM default alphabet */
173 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
174 "000000" /* H-M-S */
175 "00" /* GMT+0 */
176 "44" /* data length */
177 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
178 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
179 "0c7ac3e9e9b7db05");
180 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
181 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
182 VERBOSE_ASSERT(paging_stopped, == true, "%d");
183
184 btw("SMS was delivered, no requests pending for subscr");
185 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
186 OSMO_ASSERT(vsub);
187 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
188 vlr_subscr_put(vsub);
189
190 btw("conn is still open to wait for SMS ack dance");
191 EXPECT_CONN_COUNT(1);
192
193 btw("MS replies with CP-ACK for received SMS");
194 ms_sends_msg("8904");
195 EXPECT_CONN_COUNT(1);
196
197 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
198 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]199 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]200 ms_sends_msg("890106020041020000");
201 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]202 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]203
204 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]205 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]206 EXPECT_CONN_COUNT(0);
207
208 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]209 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]210 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]211 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]212
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]213 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]214 EXPECT_CONN_COUNT(0);
215 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]216 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]217}
218
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]219static void test_gsm_authen_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]220{
221 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]222 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]223
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]224 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]225
226 net->authentication_required = true;
227 net->vlr->cfg.assign_tmsi = true;
228
229 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
230 lu_result_sent = RES_NONE;
231 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]232 ms_sends_msg("0508020081680001"
233 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
234 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]235 OSMO_ASSERT(gsup_tx_confirmed);
236 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
237
238 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
239 auth_request_sent = false;
240 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
241 auth_request_expect_autn = NULL;
242 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
243 gsup_rx("0a"
244 /* imsi */
245 "0108" "09710000004026f0"
246 /* 5 auth vectors... */
247 /* TL TL rand */
248 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
249 /* TL sres TL kc */
250 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
251 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
252 "2104" "20bde240" "2208" "07fa7502e07e1c00"
253 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
254 "2104" "a29514ae" "2208" "e2b234f807886400"
255 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
256 "2104" "5afc8d72" "2208" "2392f14f709ae000"
257 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
258 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
259 NULL);
260 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
261 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
262
263 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
264 gsup_rx("06010809710000004026f0", NULL);
265 EXPECT_ACCEPTED(false);
266
267 thwart_rx_non_initial_requests();
268
269 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
270
271 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]272 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]273 ms_sends_msg("05542d8b2c3e");
274 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
275
276 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
277 gsup_rx("10010809710000004026f00804036470f1",
278 "12010809710000004026f0");
279 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
280
281 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
282 gsup_rx("06010809710000004026f0", NULL);
283
284 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
285 EXPECT_CONN_COUNT(1);
286 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
287 EXPECT_ACCEPTED(false);
288 thwart_rx_non_initial_requests();
289
290 btw("even though the TMSI is not acked, we can already find the subscr with it");
291 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
292 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
293 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
294 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
295 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
296 vlr_subscr_put(vsub);
297
298 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]299 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]300 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]301 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]302
303 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]304 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]305 EXPECT_CONN_COUNT(0);
306
307 btw("Subscriber has the new TMSI");
308 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
309 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
310 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
311 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
312 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
313 vlr_subscr_put(vsub);
314
315 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
316 auth_request_sent = false;
317 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
318 cm_service_result_sent = RES_NONE;
319 ms_sends_msg("05247803305886" "05f4" "03020100");
320 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]321 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]322 OSMO_ASSERT(g_conn->vsub);
323 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
324 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
325
326 btw("needs auth, not yet accepted");
327 EXPECT_ACCEPTED(false);
328 thwart_rx_non_initial_requests();
329
330 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
331 gsup_expect_tx(NULL);
332 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
333 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
334
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]335 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]336 expect_bssap_clear(OSMO_RAT_GERAN_A);
337 conn_conclude_cm_service_req(g_conn, OSMO_RAT_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]338
339 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]340 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]341 EXPECT_CONN_COUNT(0);
342
343 BTW("an SMS is sent, MS is paged");
344 paging_expect_tmsi(0x03020100);
345 paging_sent = false;
346 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
347 OSMO_ASSERT(vsub);
348 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
349
350 send_sms(vsub, vsub,
351 "Privacy in residential applications is a desirable"
352 " marketing option.");
353
354 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
355 vlr_subscr_put(vsub);
356 vsub = NULL;
357 VERBOSE_ASSERT(paging_sent, == true, "%d");
358 VERBOSE_ASSERT(paging_stopped, == false, "%d");
359
360 btw("the subscriber and its pending request should remain");
361 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
362 OSMO_ASSERT(vsub);
363 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
364 vlr_subscr_put(vsub);
365
366 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
367 auth_request_sent = false;
368 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
369 ms_sends_msg("06270703305882" "05f4" "03020100");
370 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
371
372 btw("needs auth, not yet accepted");
373 EXPECT_ACCEPTED(false);
374 thwart_rx_non_initial_requests();
375
376 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
377 dtap_expect_tx("09" /* SMS messages */
378 "01" /* CP-DATA */
379 "58" /* length */
380 "01" /* Network to MS */
381 "00" /* reference */
382 /* originator (gsm411_send_sms() hardcodes this weird nr) */
383 "0791" "447758100650" /* 447785016005 */
384 "00" /* dest */
385 /* SMS TPDU */
386 "4c" /* len */
387 "00" /* SMS deliver */
388 "05806470f1" /* originating address 46071 */
389 "00" /* TP-PID */
390 "00" /* GSM default alphabet */
391 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
392 "000000" /* H-M-S */
393 "00" /* GMT+0 */
394 "44" /* data length */
395 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
396 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
397 "0c7ac3e9e9b7db05");
398 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
399 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
400 VERBOSE_ASSERT(paging_stopped, == true, "%d");
401
402 btw("SMS was delivered, no requests pending for subscr");
403 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
404 OSMO_ASSERT(vsub);
405 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
406 vlr_subscr_put(vsub);
407
408 btw("conn is still open to wait for SMS ack dance");
409 EXPECT_CONN_COUNT(1);
410
411 btw("MS replies with CP-ACK for received SMS");
412 ms_sends_msg("8904");
413 EXPECT_CONN_COUNT(1);
414
415 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
416 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]417 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]418 ms_sends_msg("890106020041020000");
419 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]420 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]421
422 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]423 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]424 EXPECT_CONN_COUNT(0);
425
426 /* TODO: when the subscriber detaches, the vlr_subscr gets
427 * deallocated and we no longer know the TMSI. This case is covered by
428 * test_lu_unknown_tmsi(), so here I'd like to still have the TMSI.
429 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]430 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]431 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]432 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]433 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]434 EXPECT_CONN_COUNT(0);
435 */
436
437 BTW("subscriber sends LU Request, this time with the TMSI");
438 btw("Location Update request causes an Auth Req to MS");
439 lu_result_sent = RES_NONE;
440 auth_request_sent = false;
441 auth_request_expect_rand = "fa8f20b781b5881329d4fea26b1a3c51";
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]442 ms_sends_msg("0508020081680001"
443 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
444 "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]445 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
446 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
447
448 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]449 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]450 ms_sends_msg("05545afc8d72");
451 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
452
453 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
454 gsup_rx("10010809710000004026f00804036470f1",
455 "12010809710000004026f0");
456 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
457
458 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
459 gsup_rx("06010809710000004026f0", NULL);
460
461 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
462 EXPECT_CONN_COUNT(1);
463 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
464 EXPECT_ACCEPTED(false);
465 thwart_rx_non_initial_requests();
466
467 btw("even though the TMSI is not acked, we can already find the subscr with it");
468 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
469 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
470 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
471 VERBOSE_ASSERT(vsub->tmsi_new, == 0x07060504, "0x%08x");
472 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
473 vlr_subscr_put(vsub);
474
475 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]476 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]477 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]478 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]479
480 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]481 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]482 EXPECT_CONN_COUNT(0);
483
484 btw("subscriber has the new TMSI");
485 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
486 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
487 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
488 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
489 VERBOSE_ASSERT(vsub->tmsi, == 0x07060504, "0x%08x");
490 vlr_subscr_put(vsub);
491
492 BTW("subscriber detaches, using new TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]493 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]494 ms_sends_msg("050130" "05f4" "07060504");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]495 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]496
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]497 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]498 EXPECT_CONN_COUNT(0);
499 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]500 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]501}
502
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]503static void test_gsm_authen_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]504{
505 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]506 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]507
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]508 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]509
510 net->authentication_required = true;
511 net->vlr->cfg.check_imei_rqd = true;
512
513 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
514 lu_result_sent = RES_NONE;
515 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]516 ms_sends_msg("0508020081680001"
517 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
518 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]519 OSMO_ASSERT(gsup_tx_confirmed);
520 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
521
522 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
523 auth_request_sent = false;
524 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
525 auth_request_expect_autn = NULL;
526 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
527 gsup_rx("0a"
528 /* imsi */
529 "0108" "09710000004026f0"
530 /* 5 auth vectors... */
531 /* TL TL rand */
532 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
533 /* TL sres TL kc */
534 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
535 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
536 "2104" "20bde240" "2208" "07fa7502e07e1c00"
537 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
538 "2104" "a29514ae" "2208" "e2b234f807886400"
539 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
540 "2104" "5afc8d72" "2208" "2392f14f709ae000"
541 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
542 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
543 NULL);
544 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
545 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
546
547 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
548 gsup_rx("06010809710000004026f0", NULL);
549 EXPECT_ACCEPTED(false);
550 thwart_rx_non_initial_requests();
551 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
552
553 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]554 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]555 ms_sends_msg("05542d8b2c3e");
556 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
557
558 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
559 gsup_rx("10010809710000004026f00804036470f1",
560 "12010809710000004026f0");
561 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
562
563 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
564 dtap_expect_tx("051802");
565 gsup_rx("06010809710000004026f0", NULL);
566
567 btw("We will only do business when the IMEI is known");
568 EXPECT_CONN_COUNT(1);
569 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
570 OSMO_ASSERT(vsub);
571 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
572 vlr_subscr_put(vsub);
573 EXPECT_ACCEPTED(false);
574 thwart_rx_non_initial_requests();
575
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]576 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
577 gsup_expect_tx("30010809710000004026f050090824433224433224f0");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]578 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]579 EXPECT_ACCEPTED(false);
580 thwart_rx_non_initial_requests();
581
582 btw("HLR accepts the IMEI");
583 expect_bssap_clear();
584 gsup_rx("32010809710000004026f0510100", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]585 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]586
587 btw("LU was successful, and the conn has already been closed");
588 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]589 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]590 EXPECT_CONN_COUNT(0);
591
592 btw("Subscriber has the IMEI");
593 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
594 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]595 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]596 vlr_subscr_put(vsub);
597
598 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]599 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]600 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]601 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]602
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]603 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]604 EXPECT_CONN_COUNT(0);
605 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]606 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]607}
608
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]609static void test_gsm_authen_imei_nack()
610{
611 struct vlr_subscr *vsub;
612 const char *imsi = "901700000004620";
613
614 comment_start();
615
616 net->authentication_required = true;
617 net->vlr->cfg.check_imei_rqd = true;
618
619 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
620 lu_result_sent = RES_NONE;
621 gsup_expect_tx("08010809710000004026f0");
622 ms_sends_msg("0508020081680001"
623 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
624 "089910070000006402");
625 OSMO_ASSERT(gsup_tx_confirmed);
626 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
627
628 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
629 auth_request_sent = false;
630 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
631 auth_request_expect_autn = NULL;
632 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
633 gsup_rx("0a"
634 /* imsi */
635 "0108" "09710000004026f0"
636 /* 5 auth vectors... */
637 /* TL TL rand */
638 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
639 /* TL sres TL kc */
640 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
641 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
642 "2104" "20bde240" "2208" "07fa7502e07e1c00"
643 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
644 "2104" "a29514ae" "2208" "e2b234f807886400"
645 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
646 "2104" "5afc8d72" "2208" "2392f14f709ae000"
647 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
648 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
649 NULL);
650 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
651 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
652
653 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
654 gsup_rx("06010809710000004026f0", NULL);
655 EXPECT_ACCEPTED(false);
656
657 thwart_rx_non_initial_requests();
658
659 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
660
661 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
662 gsup_expect_tx("04010809710000004026f0280102");
663 ms_sends_msg("05542d8b2c3e");
664 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
665
666 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
667 gsup_rx("10010809710000004026f00804036470f1",
668 "12010809710000004026f0");
669 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
670
671 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
672 dtap_expect_tx("051802");
673 gsup_rx("06010809710000004026f0", NULL);
674
675 btw("We will only do business when the IMEI is known");
676 EXPECT_CONN_COUNT(1);
677 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
678 OSMO_ASSERT(vsub);
679 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
680 vlr_subscr_put(vsub);
681 EXPECT_ACCEPTED(false);
682 thwart_rx_non_initial_requests();
683
684 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
685 gsup_expect_tx("30010809710000004026f050090824433224433224f0");
686 ms_sends_msg("0559084a32244332244302");
687 EXPECT_ACCEPTED(false);
688 thwart_rx_non_initial_requests();
689
690 expect_bssap_clear();
691 btw("HLR does not like the IMEI and sends NACK");
692 gsup_rx("32010809710000004026f0510101", NULL);
693 EXPECT_ACCEPTED(false);
694 thwart_rx_non_initial_requests();
695
696 bss_sends_clear_complete();
697 EXPECT_CONN_COUNT(0);
698 clear_vlr();
699 comment_end();
700}
701
702static void test_gsm_authen_imei_err()
703{
704 struct vlr_subscr *vsub;
705 const char *imsi = "901700000004620";
706
707 comment_start();
708
709 net->authentication_required = true;
710 net->vlr->cfg.check_imei_rqd = true;
711
712 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
713 lu_result_sent = RES_NONE;
714 gsup_expect_tx("08010809710000004026f0");
715 ms_sends_msg("0508020081680001"
716 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
717 "089910070000006402");
718 OSMO_ASSERT(gsup_tx_confirmed);
719 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
720
721 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
722 auth_request_sent = false;
723 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
724 auth_request_expect_autn = NULL;
725 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
726 gsup_rx("0a"
727 /* imsi */
728 "0108" "09710000004026f0"
729 /* 5 auth vectors... */
730 /* TL TL rand */
731 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
732 /* TL sres TL kc */
733 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
734 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
735 "2104" "20bde240" "2208" "07fa7502e07e1c00"
736 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
737 "2104" "a29514ae" "2208" "e2b234f807886400"
738 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
739 "2104" "5afc8d72" "2208" "2392f14f709ae000"
740 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
741 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
742 NULL);
743 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
744 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
745
746 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
747 gsup_rx("06010809710000004026f0", NULL);
748 EXPECT_ACCEPTED(false);
749
750 thwart_rx_non_initial_requests();
751
752 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
753
754 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
755 gsup_expect_tx("04010809710000004026f0280102");
756 ms_sends_msg("05542d8b2c3e");
757 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
758
759 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
760 gsup_rx("10010809710000004026f00804036470f1",
761 "12010809710000004026f0");
762 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
763
764 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
765 dtap_expect_tx("051802");
766 gsup_rx("06010809710000004026f0", NULL);
767
768 btw("We will only do business when the IMEI is known");
769 EXPECT_CONN_COUNT(1);
770 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
771 OSMO_ASSERT(vsub);
772 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
773 vlr_subscr_put(vsub);
774 EXPECT_ACCEPTED(false);
775 thwart_rx_non_initial_requests();
776
777 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
778 gsup_expect_tx("30010809710000004026f050090824433224433224f0");
779 ms_sends_msg("0559084a32244332244302");
780 EXPECT_ACCEPTED(false);
781 thwart_rx_non_initial_requests();
782
783 expect_bssap_clear();
784 btw("HLR can't parse the message and returns ERR");
785 gsup_rx("31010809710000004026f0020160", NULL);
786 EXPECT_ACCEPTED(false);
787 thwart_rx_non_initial_requests();
788
789 bss_sends_clear_complete();
790 EXPECT_CONN_COUNT(0);
791 clear_vlr();
792 comment_end();
793}
794
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]795static void test_gsm_authen_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]796{
797 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]798 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]799
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]800 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]801
802 net->authentication_required = true;
803 net->vlr->cfg.assign_tmsi = true;
804 net->vlr->cfg.check_imei_rqd = true;
805
806 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
807 lu_result_sent = RES_NONE;
808 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]809 ms_sends_msg("0508020081680001"
810 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
811 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]812 OSMO_ASSERT(gsup_tx_confirmed);
813 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
814
815 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
816 auth_request_sent = false;
817 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
818 auth_request_expect_autn = NULL;
819 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
820 gsup_rx("0a"
821 /* imsi */
822 "0108" "09710000004026f0"
823 /* 5 auth vectors... */
824 /* TL TL rand */
825 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
826 /* TL sres TL kc */
827 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
828 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
829 "2104" "20bde240" "2208" "07fa7502e07e1c00"
830 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
831 "2104" "a29514ae" "2208" "e2b234f807886400"
832 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
833 "2104" "5afc8d72" "2208" "2392f14f709ae000"
834 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
835 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
836 NULL);
837 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
838 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
839
840 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
841 gsup_rx("06010809710000004026f0", NULL);
842 EXPECT_ACCEPTED(false);
843
844 thwart_rx_non_initial_requests();
845
846 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
847
848 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]849 gsup_expect_tx("04010809710000004026f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]850 ms_sends_msg("05542d8b2c3e");
851 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
852
853 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
854 gsup_rx("10010809710000004026f00804036470f1",
855 "12010809710000004026f0");
856 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
857
858 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
859 dtap_expect_tx("051802");
860 gsup_rx("06010809710000004026f0", NULL);
861
862 btw("We will only do business when the IMEI is known");
863 EXPECT_CONN_COUNT(1);
864 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
865 OSMO_ASSERT(vsub);
866 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
867 vlr_subscr_put(vsub);
868 EXPECT_ACCEPTED(false);
869 thwart_rx_non_initial_requests();
870
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]871 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
872 gsup_expect_tx("30010809710000004026f050090824433224433224f0");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]873 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]874 EXPECT_ACCEPTED(false);
875 thwart_rx_non_initial_requests();
876
877 btw("HLR accepts the IMEI");
878 gsup_rx("32010809710000004026f0510100", NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]879
880 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
881 EXPECT_CONN_COUNT(1);
882 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
883 EXPECT_ACCEPTED(false);
884 thwart_rx_non_initial_requests();
885
886 btw("even though the TMSI is not acked, we can already find the subscr with it");
887 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
888 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
889 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
890 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
891 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
892 vlr_subscr_put(vsub);
893
894 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]895 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]896 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]897 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]898
899 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]900 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]901 EXPECT_CONN_COUNT(0);
902
903 btw("Subscriber has the IMEI and TMSI");
904 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
905 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]906 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]907 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
908 vlr_subscr_put(vsub);
909
910 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]911 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]912 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]913 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]914
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]915 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]916 EXPECT_CONN_COUNT(0);
917 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]918 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]919}
920
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]921static void test_gsm_milenage_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]922{
923 struct vlr_subscr *vsub;
924 const char *imsi = "901700000010650";
925
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]926 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]927
928 net->authentication_required = true;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]929 rx_from_ran = OSMO_RAT_GERAN_A;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]930
931 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
932 lu_result_sent = RES_NONE;
933 gsup_expect_tx("080108" "09710000000156f0");
934 ms_sends_msg("0508" /* MM LU */
935 "7" /* ciph key seq: no key available */
936 "0" /* LU type: normal */
937 "ffffff" "0000" /* LAI, LAC */
938 "30" /* classmark 1: GSM phase 2 */
939 "089910070000106005" /* IMSI */
940 );
941 OSMO_ASSERT(gsup_tx_confirmed);
942 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
943
944 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
945 /* based on auc_3g:
946 * K = 'EB215756028D60E3275E613320AEC880',
947 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
948 * SQN = 0
949 */
950 auth_request_sent = false;
951 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
952 auth_request_expect_autn = NULL;
953 gsup_rx("0a"
954 /* imsi */
955 "0108" "09710000000156f0"
956 /* 5 auth vectors... */
957 /* TL TL rand */
958 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
959 /* TL sres TL kc */
960 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
961 /* TL 3G IK */
962 "2310" "27497388b6cb044648f396aa155b95ef"
963 /* TL 3G CK */
964 "2410" "f64735036e5871319c679f4742a75ea1"
965 /* TL AUTN */
966 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
967 /* TL RES */
968 "2708" "e229c19e791f2e41"
969 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
970 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
971 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
972 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
973 "2510" "1843a645b98d00005b2d666af46c45d9"
974 "2708" "7db47cf7f81e4dc7"
975 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
976 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
977 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
978 "2410" "76542abce5ff9345b0e8947f4c6e019c"
979 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
980 "2708" "706f996719ba609c"
981 ,NULL);
982 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
983 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
984
985 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrd0756b12018-09-28 02:41:39 +0200[diff] [blame]986 gsup_expect_tx("04010809710000000156f0280102");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]987 ms_sends_msg("0554" "9b36efdf");
988 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
989
990 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
991 gsup_rx("10010809710000000156f00804032443f2",
992 "12010809710000000156f0");
993 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
994
995 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]996 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]997 gsup_rx("06010809710000000156f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]998 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]999
1000 btw("LU was successful, and the conn has already been closed");
1001 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1002 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1003 EXPECT_CONN_COUNT(0);
1004
1005 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1006 auth_request_sent = false;
1007 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
1008 auth_request_expect_autn = NULL;
1009 cm_service_result_sent = RES_NONE;
1010 ms_sends_msg("052478"
1011 "03305886" /* classmark 2: GSM phase 2 */
1012 "089910070000106005" /* IMSI */);
1013 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]1014 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1015 OSMO_ASSERT(g_conn->vsub);
1016 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1017 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1018
1019 btw("needs auth, not yet accepted");
1020 EXPECT_ACCEPTED(false);
1021 thwart_rx_non_initial_requests();
1022
1023 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
1024 gsup_expect_tx(NULL);
1025 ms_sends_msg("0554" "85aa3130"); /* 2nd vector's sres, s.a. */
1026 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
1027
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]1028 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]1029 expect_bssap_clear(OSMO_RAT_GERAN_A);
1030 conn_conclude_cm_service_req(g_conn, OSMO_RAT_GERAN_A);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1031
1032 btw("all requests serviced, conn has been released");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1033 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1034 EXPECT_CONN_COUNT(0);
1035
1036 BTW("an SMS is sent, MS is paged");
1037 paging_expect_imsi(imsi);
1038 paging_sent = false;
1039 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1040 OSMO_ASSERT(vsub);
1041 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1042
1043 send_sms(vsub, vsub,
1044 "Privacy in residential applications is a desirable"
1045 " marketing option.");
1046
1047 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
1048 vlr_subscr_put(vsub);
1049 vsub = NULL;
1050 VERBOSE_ASSERT(paging_sent, == true, "%d");
1051 VERBOSE_ASSERT(paging_stopped, == false, "%d");
1052
1053 btw("the subscriber and its pending request should remain");
1054 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1055 OSMO_ASSERT(vsub);
1056 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
1057 vlr_subscr_put(vsub);
1058
1059 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1060 auth_request_sent = false;
1061 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
1062 auth_request_expect_autn = NULL;
1063 ms_sends_msg("062707"
1064 "03305886" /* classmark 2 */
1065 "089910070000106005" /* IMSI */);
1066 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1067
1068 btw("needs auth, not yet accepted");
1069 EXPECT_ACCEPTED(false);
1070 thwart_rx_non_initial_requests();
1071
1072 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
1073 dtap_expect_tx("09" /* SMS messages */
1074 "01" /* CP-DATA */
1075 "58" /* length */
1076 "01" /* Network to MS */
1077 "00" /* reference */
1078 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1079 "0791" "447758100650" /* 447785016005 */
1080 "00" /* dest */
1081 /* SMS TPDU */
1082 "4c" /* len */
1083 "00" /* SMS deliver */
1084 "05802443f2" /* originating address 42342 */
1085 "00" /* TP-PID */
1086 "00" /* GSM default alphabet */
1087 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1088 "000000" /* H-M-S */
1089 "00" /* GMT+0 */
1090 "44" /* data length */
1091 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1092 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1093 "0c7ac3e9e9b7db05");
1094 ms_sends_msg("0554" "69d5f9fb"); /* 3nd vector's sres, s.a. */
1095 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
1096 VERBOSE_ASSERT(paging_stopped, == true, "%d");
1097
1098 btw("SMS was delivered, no requests pending for subscr");
1099 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
1100 OSMO_ASSERT(vsub);
1101 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1102 vlr_subscr_put(vsub);
1103
1104 btw("conn is still open to wait for SMS ack dance");
1105 EXPECT_CONN_COUNT(1);
1106
1107 btw("MS replies with CP-ACK for received SMS");
1108 ms_sends_msg("8904");
1109 EXPECT_CONN_COUNT(1);
1110
1111 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1112 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1113 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1114 ms_sends_msg("890106020041020000");
1115 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1116 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1117
1118 btw("SMS is done, conn is gone");
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1119 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1120 EXPECT_CONN_COUNT(0);
1121
1122 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1123 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1124 ms_sends_msg("050130"
1125 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1126 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1127
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1128 bss_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1129 EXPECT_CONN_COUNT(0);
1130 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]1131 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1132}
1133
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1134static void test_wrong_sres_length()
1135{
1136 comment_start();
1137 fake_time_start();
1138
1139 net->authentication_required = true;
1140
1141 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1142 lu_result_sent = RES_NONE;
1143 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]1144 ms_sends_msg("0508020081680001"
1145 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
1146 "089910070000006402");
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1147 OSMO_ASSERT(gsup_tx_confirmed);
1148 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1149
1150 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1151 auth_request_sent = false;
1152 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1153 auth_request_expect_autn = NULL;
1154 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1155 gsup_rx("0a"
1156 /* imsi */
1157 "0108" "09710000004026f0"
1158 /* 5 auth vectors... */
1159 /* TL TL rand */
1160 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1161 /* TL sres TL kc */
1162 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1163 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1164 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1165 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1166 "2104" "a29514ae" "2208" "e2b234f807886400"
1167 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1168 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1169 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
1170 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
1171 NULL);
1172 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1173 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1174
1175 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
1176 gsup_rx("06010809710000004026f0", NULL);
1177 EXPECT_ACCEPTED(false);
1178
1179 thwart_rx_non_initial_requests();
1180
1181 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1182
1183 btw("MS sends Authen Response with too short SRES data, auth is thwarted.");
1184 gsup_expect_tx("0b010809710000004026f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
1185 expect_bssap_clear();
1186 ms_sends_msg("05542d8b2c");
1187 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
1188
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]1189 bss_sends_clear_complete();
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1190 EXPECT_CONN_COUNT(0);
1191 clear_vlr();
1192 comment_end();
1193}
1194
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1195msc_vlr_test_func_t msc_vlr_tests[] = {
1196 test_gsm_authen,
1197 test_gsm_authen_tmsi,
1198 test_gsm_authen_imei,
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]1199 test_gsm_authen_imei_nack,
1200 test_gsm_authen_imei_err,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1201 test_gsm_authen_tmsi_imei,
1202 test_gsm_milenage_authen,
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1203 test_wrong_sres_length,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1204 NULL
1205};