Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / e4f9172f44996d36c6ef9d81f89c73ddede51edd / . / tests / msc_vlr / msc_vlr_test_gsm_authen.c
blob: e9eacf0b48f6be5838de24c3cc25a610204aee28 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]26void test_gsm_authen(uint8_t nr, const char *imsi)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]29
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]30 comment_start(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]31
32 net->authentication_required = true;
33
34 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
35 lu_result_sent = RES_NONE;
36 gsup_expect_tx("08010809710000004026f0");
37 ms_sends_msg("050802008168000130089910070000006402");
38 OSMO_ASSERT(gsup_tx_confirmed);
39 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
40
41 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
42 auth_request_sent = false;
43 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
44 auth_request_expect_autn = NULL;
45 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
46 gsup_rx("0a"
47 /* imsi */
48 "0108" "09710000004026f0"
49 /* 5 auth vectors... */
50 /* TL TL rand */
51 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
52 /* TL sres TL kc */
53 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
54 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
55 "2104" "20bde240" "2208" "07fa7502e07e1c00"
56 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
57 "2104" "a29514ae" "2208" "e2b234f807886400"
58 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
59 "2104" "5afc8d72" "2208" "2392f14f709ae000"
60 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
61 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
62 NULL);
63 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
64 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
65
66 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
67 gsup_rx("06010809710000004026f0", NULL);
68 EXPECT_ACCEPTED(false);
69
70 thwart_rx_non_initial_requests();
71
72 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
73
74 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
75 gsup_expect_tx("04010809710000004026f0");
76 ms_sends_msg("05542d8b2c3e");
77 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
78
79 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
80 gsup_rx("10010809710000004026f00804036470f1",
81 "12010809710000004026f0");
82 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
83
84 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]85 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]86 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]87 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]88
89 btw("LU was successful, and the conn has already been closed");
90 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
91 EXPECT_CONN_COUNT(0);
92
93 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
94 auth_request_sent = false;
95 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
96 cm_service_result_sent = RES_NONE;
97 ms_sends_msg("05247803305886089910070000006402");
98 OSMO_ASSERT(g_conn);
99 OSMO_ASSERT(g_conn->conn_fsm);
100 OSMO_ASSERT(g_conn->vsub);
101 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
102 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
103
104 btw("needs auth, not yet accepted");
105 EXPECT_ACCEPTED(false);
106 thwart_rx_non_initial_requests();
107
108 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
109 gsup_expect_tx(NULL);
110 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
111 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
112
113 btw("a USSD request is serviced");
114 dtap_expect_tx_ussd("Your extension is 46071\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]115 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]116 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
117 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]118 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]119
120 btw("all requests serviced, conn has been released");
121 EXPECT_CONN_COUNT(0);
122
123 BTW("an SMS is sent, MS is paged");
124 paging_expect_imsi(imsi);
125 paging_sent = false;
126 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
127 OSMO_ASSERT(vsub);
128 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
129
130 send_sms(vsub, vsub,
131 "Privacy in residential applications is a desirable"
132 " marketing option.");
133
134 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
135 vlr_subscr_put(vsub);
136 vsub = NULL;
137 VERBOSE_ASSERT(paging_sent, == true, "%d");
138 VERBOSE_ASSERT(paging_stopped, == false, "%d");
139
140 btw("the subscriber and its pending request should remain");
141 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
142 OSMO_ASSERT(vsub);
143 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
144 vlr_subscr_put(vsub);
145
146 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
147 auth_request_sent = false;
148 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
149 ms_sends_msg("06270703305882089910070000006402");
150 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
151
152 btw("needs auth, not yet accepted");
153 EXPECT_ACCEPTED(false);
154 thwart_rx_non_initial_requests();
155
156 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
157 dtap_expect_tx("09" /* SMS messages */
158 "01" /* CP-DATA */
159 "58" /* length */
160 "01" /* Network to MS */
161 "00" /* reference */
162 /* originator (gsm411_send_sms() hardcodes this weird nr) */
163 "0791" "447758100650" /* 447785016005 */
164 "00" /* dest */
165 /* SMS TPDU */
166 "4c" /* len */
167 "00" /* SMS deliver */
168 "05806470f1" /* originating address 46071 */
169 "00" /* TP-PID */
170 "00" /* GSM default alphabet */
171 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
172 "000000" /* H-M-S */
173 "00" /* GMT+0 */
174 "44" /* data length */
175 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
176 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
177 "0c7ac3e9e9b7db05");
178 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
179 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
180 VERBOSE_ASSERT(paging_stopped, == true, "%d");
181
182 btw("SMS was delivered, no requests pending for subscr");
183 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
184 OSMO_ASSERT(vsub);
185 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
186 vlr_subscr_put(vsub);
187
188 btw("conn is still open to wait for SMS ack dance");
189 EXPECT_CONN_COUNT(1);
190
191 btw("MS replies with CP-ACK for received SMS");
192 ms_sends_msg("8904");
193 EXPECT_CONN_COUNT(1);
194
195 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
196 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]197 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]198 ms_sends_msg("890106020041020000");
199 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]200 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]201
202 btw("SMS is done, conn is gone");
203 EXPECT_CONN_COUNT(0);
204
205 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]206 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]207 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]208 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]209
210 EXPECT_CONN_COUNT(0);
211 clear_vlr();
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]212 comment_end(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]213}
214
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]215void test_gsm_authen_tmsi(uint8_t nr, const char *imsi)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]216{
217 struct vlr_subscr *vsub;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]218
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]219 comment_start(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]220
221 net->authentication_required = true;
222 net->vlr->cfg.assign_tmsi = true;
223
224 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
225 lu_result_sent = RES_NONE;
226 gsup_expect_tx("08010809710000004026f0");
227 ms_sends_msg("050802008168000130089910070000006402");
228 OSMO_ASSERT(gsup_tx_confirmed);
229 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
230
231 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
232 auth_request_sent = false;
233 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
234 auth_request_expect_autn = NULL;
235 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
236 gsup_rx("0a"
237 /* imsi */
238 "0108" "09710000004026f0"
239 /* 5 auth vectors... */
240 /* TL TL rand */
241 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
242 /* TL sres TL kc */
243 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
244 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
245 "2104" "20bde240" "2208" "07fa7502e07e1c00"
246 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
247 "2104" "a29514ae" "2208" "e2b234f807886400"
248 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
249 "2104" "5afc8d72" "2208" "2392f14f709ae000"
250 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
251 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
252 NULL);
253 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
254 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
255
256 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
257 gsup_rx("06010809710000004026f0", NULL);
258 EXPECT_ACCEPTED(false);
259
260 thwart_rx_non_initial_requests();
261
262 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
263
264 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
265 gsup_expect_tx("04010809710000004026f0");
266 ms_sends_msg("05542d8b2c3e");
267 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
268
269 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
270 gsup_rx("10010809710000004026f00804036470f1",
271 "12010809710000004026f0");
272 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
273
274 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
275 gsup_rx("06010809710000004026f0", NULL);
276
277 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
278 EXPECT_CONN_COUNT(1);
279 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
280 EXPECT_ACCEPTED(false);
281 thwart_rx_non_initial_requests();
282
283 btw("even though the TMSI is not acked, we can already find the subscr with it");
284 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
285 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
286 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
287 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
288 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
289 vlr_subscr_put(vsub);
290
291 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]292 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]293 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]294 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]295
296 btw("LU was successful, and the conn has already been closed");
297 EXPECT_CONN_COUNT(0);
298
299 btw("Subscriber has the new TMSI");
300 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
301 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
302 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
303 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
304 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
305 vlr_subscr_put(vsub);
306
307 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
308 auth_request_sent = false;
309 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
310 cm_service_result_sent = RES_NONE;
311 ms_sends_msg("05247803305886" "05f4" "03020100");
312 OSMO_ASSERT(g_conn);
313 OSMO_ASSERT(g_conn->conn_fsm);
314 OSMO_ASSERT(g_conn->vsub);
315 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
316 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
317
318 btw("needs auth, not yet accepted");
319 EXPECT_ACCEPTED(false);
320 thwart_rx_non_initial_requests();
321
322 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
323 gsup_expect_tx(NULL);
324 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
325 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
326
327 btw("a USSD request is serviced");
328 dtap_expect_tx_ussd("Your extension is 46071\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]329 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]330 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
331 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]332 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]333
334 btw("all requests serviced, conn has been released");
335 EXPECT_CONN_COUNT(0);
336
337 BTW("an SMS is sent, MS is paged");
338 paging_expect_tmsi(0x03020100);
339 paging_sent = false;
340 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
341 OSMO_ASSERT(vsub);
342 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
343
344 send_sms(vsub, vsub,
345 "Privacy in residential applications is a desirable"
346 " marketing option.");
347
348 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
349 vlr_subscr_put(vsub);
350 vsub = NULL;
351 VERBOSE_ASSERT(paging_sent, == true, "%d");
352 VERBOSE_ASSERT(paging_stopped, == false, "%d");
353
354 btw("the subscriber and its pending request should remain");
355 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
356 OSMO_ASSERT(vsub);
357 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
358 vlr_subscr_put(vsub);
359
360 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
361 auth_request_sent = false;
362 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
363 ms_sends_msg("06270703305882" "05f4" "03020100");
364 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
365
366 btw("needs auth, not yet accepted");
367 EXPECT_ACCEPTED(false);
368 thwart_rx_non_initial_requests();
369
370 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
371 dtap_expect_tx("09" /* SMS messages */
372 "01" /* CP-DATA */
373 "58" /* length */
374 "01" /* Network to MS */
375 "00" /* reference */
376 /* originator (gsm411_send_sms() hardcodes this weird nr) */
377 "0791" "447758100650" /* 447785016005 */
378 "00" /* dest */
379 /* SMS TPDU */
380 "4c" /* len */
381 "00" /* SMS deliver */
382 "05806470f1" /* originating address 46071 */
383 "00" /* TP-PID */
384 "00" /* GSM default alphabet */
385 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
386 "000000" /* H-M-S */
387 "00" /* GMT+0 */
388 "44" /* data length */
389 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
390 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
391 "0c7ac3e9e9b7db05");
392 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
393 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
394 VERBOSE_ASSERT(paging_stopped, == true, "%d");
395
396 btw("SMS was delivered, no requests pending for subscr");
397 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
398 OSMO_ASSERT(vsub);
399 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
400 vlr_subscr_put(vsub);
401
402 btw("conn is still open to wait for SMS ack dance");
403 EXPECT_CONN_COUNT(1);
404
405 btw("MS replies with CP-ACK for received SMS");
406 ms_sends_msg("8904");
407 EXPECT_CONN_COUNT(1);
408
409 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
410 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]411 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]412 ms_sends_msg("890106020041020000");
413 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]414 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]415
416 btw("SMS is done, conn is gone");
417 EXPECT_CONN_COUNT(0);
418
419 /* TODO: when the subscriber detaches, the vlr_subscr gets
420 * deallocated and we no longer know the TMSI. This case is covered by
421 * test_lu_unknown_tmsi(), so here I'd like to still have the TMSI.
422 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]423 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]424 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]425 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]426 EXPECT_CONN_COUNT(0);
427 */
428
429 BTW("subscriber sends LU Request, this time with the TMSI");
430 btw("Location Update request causes an Auth Req to MS");
431 lu_result_sent = RES_NONE;
432 auth_request_sent = false;
433 auth_request_expect_rand = "fa8f20b781b5881329d4fea26b1a3c51";
434 ms_sends_msg("050802008168000130" "05f4" "03020100");
435 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
436 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
437
438 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
439 gsup_expect_tx("04010809710000004026f0");
440 ms_sends_msg("05545afc8d72");
441 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
442
443 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
444 gsup_rx("10010809710000004026f00804036470f1",
445 "12010809710000004026f0");
446 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
447
448 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
449 gsup_rx("06010809710000004026f0", NULL);
450
451 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
452 EXPECT_CONN_COUNT(1);
453 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
454 EXPECT_ACCEPTED(false);
455 thwart_rx_non_initial_requests();
456
457 btw("even though the TMSI is not acked, we can already find the subscr with it");
458 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
459 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
460 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
461 VERBOSE_ASSERT(vsub->tmsi_new, == 0x07060504, "0x%08x");
462 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
463 vlr_subscr_put(vsub);
464
465 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]466 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]467 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]468 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]469
470 btw("LU was successful, and the conn has already been closed");
471 EXPECT_CONN_COUNT(0);
472
473 btw("subscriber has the new TMSI");
474 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
475 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
476 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
477 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
478 VERBOSE_ASSERT(vsub->tmsi, == 0x07060504, "0x%08x");
479 vlr_subscr_put(vsub);
480
481 BTW("subscriber detaches, using new TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]482 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]483 ms_sends_msg("050130" "05f4" "07060504");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]484 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]485
486 EXPECT_CONN_COUNT(0);
487 clear_vlr();
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]488 comment_end(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]489}
490
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]491void test_gsm_authen_imei(uint8_t nr, const char *imsi)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]492{
493 struct vlr_subscr *vsub;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]494
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]495 comment_start(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]496
497 net->authentication_required = true;
498 net->vlr->cfg.check_imei_rqd = true;
499
500 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
501 lu_result_sent = RES_NONE;
502 gsup_expect_tx("08010809710000004026f0");
503 ms_sends_msg("050802008168000130089910070000006402");
504 OSMO_ASSERT(gsup_tx_confirmed);
505 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
506
507 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
508 auth_request_sent = false;
509 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
510 auth_request_expect_autn = NULL;
511 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
512 gsup_rx("0a"
513 /* imsi */
514 "0108" "09710000004026f0"
515 /* 5 auth vectors... */
516 /* TL TL rand */
517 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
518 /* TL sres TL kc */
519 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
520 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
521 "2104" "20bde240" "2208" "07fa7502e07e1c00"
522 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
523 "2104" "a29514ae" "2208" "e2b234f807886400"
524 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
525 "2104" "5afc8d72" "2208" "2392f14f709ae000"
526 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
527 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
528 NULL);
529 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
530 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
531
532 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
533 gsup_rx("06010809710000004026f0", NULL);
534 EXPECT_ACCEPTED(false);
535 thwart_rx_non_initial_requests();
536 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
537
538 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
539 gsup_expect_tx("04010809710000004026f0");
540 ms_sends_msg("05542d8b2c3e");
541 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
542
543 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
544 gsup_rx("10010809710000004026f00804036470f1",
545 "12010809710000004026f0");
546 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
547
548 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
549 dtap_expect_tx("051802");
550 gsup_rx("06010809710000004026f0", NULL);
551
552 btw("We will only do business when the IMEI is known");
553 EXPECT_CONN_COUNT(1);
554 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
555 OSMO_ASSERT(vsub);
556 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
557 vlr_subscr_put(vsub);
558 EXPECT_ACCEPTED(false);
559 thwart_rx_non_initial_requests();
560
561 btw("MS replies with an Identity Response");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]562 expect_bssap_clear();
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]563 ms_sends_msg("0559084a32244332244302");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]564 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]565
566 btw("LU was successful, and the conn has already been closed");
567 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
568 EXPECT_CONN_COUNT(0);
569
570 btw("Subscriber has the IMEI");
571 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
572 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]573 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]574 vlr_subscr_put(vsub);
575
576 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]577 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]578 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]579 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]580
581 EXPECT_CONN_COUNT(0);
582 clear_vlr();
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]583 comment_end(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]584}
585
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]586void test_gsm_authen_tmsi_imei(uint8_t nr, const char *imsi)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]587{
588 struct vlr_subscr *vsub;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]589
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]590 comment_start(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]591
592 net->authentication_required = true;
593 net->vlr->cfg.assign_tmsi = true;
594 net->vlr->cfg.check_imei_rqd = true;
595
596 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
597 lu_result_sent = RES_NONE;
598 gsup_expect_tx("08010809710000004026f0");
599 ms_sends_msg("050802008168000130089910070000006402");
600 OSMO_ASSERT(gsup_tx_confirmed);
601 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
602
603 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
604 auth_request_sent = false;
605 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
606 auth_request_expect_autn = NULL;
607 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
608 gsup_rx("0a"
609 /* imsi */
610 "0108" "09710000004026f0"
611 /* 5 auth vectors... */
612 /* TL TL rand */
613 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
614 /* TL sres TL kc */
615 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
616 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
617 "2104" "20bde240" "2208" "07fa7502e07e1c00"
618 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
619 "2104" "a29514ae" "2208" "e2b234f807886400"
620 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
621 "2104" "5afc8d72" "2208" "2392f14f709ae000"
622 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
623 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
624 NULL);
625 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
626 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
627
628 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
629 gsup_rx("06010809710000004026f0", NULL);
630 EXPECT_ACCEPTED(false);
631
632 thwart_rx_non_initial_requests();
633
634 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
635
636 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
637 gsup_expect_tx("04010809710000004026f0");
638 ms_sends_msg("05542d8b2c3e");
639 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
640
641 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
642 gsup_rx("10010809710000004026f00804036470f1",
643 "12010809710000004026f0");
644 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
645
646 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
647 dtap_expect_tx("051802");
648 gsup_rx("06010809710000004026f0", NULL);
649
650 btw("We will only do business when the IMEI is known");
651 EXPECT_CONN_COUNT(1);
652 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
653 OSMO_ASSERT(vsub);
654 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
655 vlr_subscr_put(vsub);
656 EXPECT_ACCEPTED(false);
657 thwart_rx_non_initial_requests();
658
659 btw("MS replies with an Identity Response");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]660 ms_sends_msg("0559084a32244332244302");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]661
662 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
663 EXPECT_CONN_COUNT(1);
664 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
665 EXPECT_ACCEPTED(false);
666 thwart_rx_non_initial_requests();
667
668 btw("even though the TMSI is not acked, we can already find the subscr with it");
669 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
670 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
671 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
672 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
673 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
674 vlr_subscr_put(vsub);
675
676 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]677 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]678 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]679 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]680
681 btw("LU was successful, and the conn has already been closed");
682 EXPECT_CONN_COUNT(0);
683
684 btw("Subscriber has the IMEI and TMSI");
685 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
686 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]687 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]688 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
689 vlr_subscr_put(vsub);
690
691 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]692 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]693 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]694 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]695
696 EXPECT_CONN_COUNT(0);
697 clear_vlr();
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]698 comment_end(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]699}
700
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]701void test_gsm_milenage_authen(uint8_t nr, const char *ignored)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]702{
703 struct vlr_subscr *vsub;
704 const char *imsi = "901700000010650";
705
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]706 comment_start(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]707
708 net->authentication_required = true;
709 rx_from_ran = RAN_GERAN_A;
710
711 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
712 lu_result_sent = RES_NONE;
713 gsup_expect_tx("080108" "09710000000156f0");
714 ms_sends_msg("0508" /* MM LU */
715 "7" /* ciph key seq: no key available */
716 "0" /* LU type: normal */
717 "ffffff" "0000" /* LAI, LAC */
718 "30" /* classmark 1: GSM phase 2 */
719 "089910070000106005" /* IMSI */
720 );
721 OSMO_ASSERT(gsup_tx_confirmed);
722 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
723
724 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
725 /* based on auc_3g:
726 * K = 'EB215756028D60E3275E613320AEC880',
727 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
728 * SQN = 0
729 */
730 auth_request_sent = false;
731 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
732 auth_request_expect_autn = NULL;
733 gsup_rx("0a"
734 /* imsi */
735 "0108" "09710000000156f0"
736 /* 5 auth vectors... */
737 /* TL TL rand */
738 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
739 /* TL sres TL kc */
740 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
741 /* TL 3G IK */
742 "2310" "27497388b6cb044648f396aa155b95ef"
743 /* TL 3G CK */
744 "2410" "f64735036e5871319c679f4742a75ea1"
745 /* TL AUTN */
746 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
747 /* TL RES */
748 "2708" "e229c19e791f2e41"
749 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
750 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
751 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
752 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
753 "2510" "1843a645b98d00005b2d666af46c45d9"
754 "2708" "7db47cf7f81e4dc7"
755 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
756 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
757 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
758 "2410" "76542abce5ff9345b0e8947f4c6e019c"
759 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
760 "2708" "706f996719ba609c"
761 ,NULL);
762 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
763 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
764
765 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
766 gsup_expect_tx("04010809710000000156f0");
767 ms_sends_msg("0554" "9b36efdf");
768 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
769
770 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
771 gsup_rx("10010809710000000156f00804032443f2",
772 "12010809710000000156f0");
773 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
774
775 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]776 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]777 gsup_rx("06010809710000000156f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]778 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]779
780 btw("LU was successful, and the conn has already been closed");
781 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
782 EXPECT_CONN_COUNT(0);
783
784 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
785 auth_request_sent = false;
786 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
787 auth_request_expect_autn = NULL;
788 cm_service_result_sent = RES_NONE;
789 ms_sends_msg("052478"
790 "03305886" /* classmark 2: GSM phase 2 */
791 "089910070000106005" /* IMSI */);
792 OSMO_ASSERT(g_conn);
793 OSMO_ASSERT(g_conn->conn_fsm);
794 OSMO_ASSERT(g_conn->vsub);
795 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
796 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
797
798 btw("needs auth, not yet accepted");
799 EXPECT_ACCEPTED(false);
800 thwart_rx_non_initial_requests();
801
802 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
803 gsup_expect_tx(NULL);
804 ms_sends_msg("0554" "85aa3130"); /* 2nd vector's sres, s.a. */
805 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
806
807 btw("a USSD request is serviced");
808 dtap_expect_tx_ussd("Your extension is 42342\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]809 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]810 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
811 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]812 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]813
814 btw("all requests serviced, conn has been released");
815 EXPECT_CONN_COUNT(0);
816
817 BTW("an SMS is sent, MS is paged");
818 paging_expect_imsi(imsi);
819 paging_sent = false;
820 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
821 OSMO_ASSERT(vsub);
822 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
823
824 send_sms(vsub, vsub,
825 "Privacy in residential applications is a desirable"
826 " marketing option.");
827
828 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
829 vlr_subscr_put(vsub);
830 vsub = NULL;
831 VERBOSE_ASSERT(paging_sent, == true, "%d");
832 VERBOSE_ASSERT(paging_stopped, == false, "%d");
833
834 btw("the subscriber and its pending request should remain");
835 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
836 OSMO_ASSERT(vsub);
837 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
838 vlr_subscr_put(vsub);
839
840 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
841 auth_request_sent = false;
842 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
843 auth_request_expect_autn = NULL;
844 ms_sends_msg("062707"
845 "03305886" /* classmark 2 */
846 "089910070000106005" /* IMSI */);
847 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
848
849 btw("needs auth, not yet accepted");
850 EXPECT_ACCEPTED(false);
851 thwart_rx_non_initial_requests();
852
853 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
854 dtap_expect_tx("09" /* SMS messages */
855 "01" /* CP-DATA */
856 "58" /* length */
857 "01" /* Network to MS */
858 "00" /* reference */
859 /* originator (gsm411_send_sms() hardcodes this weird nr) */
860 "0791" "447758100650" /* 447785016005 */
861 "00" /* dest */
862 /* SMS TPDU */
863 "4c" /* len */
864 "00" /* SMS deliver */
865 "05802443f2" /* originating address 42342 */
866 "00" /* TP-PID */
867 "00" /* GSM default alphabet */
868 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
869 "000000" /* H-M-S */
870 "00" /* GMT+0 */
871 "44" /* data length */
872 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
873 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
874 "0c7ac3e9e9b7db05");
875 ms_sends_msg("0554" "69d5f9fb"); /* 3nd vector's sres, s.a. */
876 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
877 VERBOSE_ASSERT(paging_stopped, == true, "%d");
878
879 btw("SMS was delivered, no requests pending for subscr");
880 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
881 OSMO_ASSERT(vsub);
882 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
883 vlr_subscr_put(vsub);
884
885 btw("conn is still open to wait for SMS ack dance");
886 EXPECT_CONN_COUNT(1);
887
888 btw("MS replies with CP-ACK for received SMS");
889 ms_sends_msg("8904");
890 EXPECT_CONN_COUNT(1);
891
892 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
893 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]894 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]895 ms_sends_msg("890106020041020000");
896 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]897 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]898
899 btw("SMS is done, conn is gone");
900 EXPECT_CONN_COUNT(0);
901
902 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]903 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]904 ms_sends_msg("050130"
905 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]906 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]907
908 EXPECT_CONN_COUNT(0);
909 clear_vlr();
Maxb0a43142018-02-06 19:19:52 +0100[diff] [blame]910 comment_end(nr, imsi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]911}
912
913msc_vlr_test_func_t msc_vlr_tests[] = {
914 test_gsm_authen,
915 test_gsm_authen_tmsi,
916 test_gsm_authen_imei,
917 test_gsm_authen_tmsi_imei,
918 test_gsm_milenage_authen,
919 NULL
920};