Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / f50d13045e89ee395b29d436572c921a25e9477d / . / tests / msc_vlr / msc_vlr_test_gsm_authen.c
blob: d68ce056e4be70cc4291053d8c35e36eb03e6424 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]25#include "stubs.h"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]26
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]27static void test_gsm_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]28{
29 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]30 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]31
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]32 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]33
34 net->authentication_required = true;
35
36 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
37 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]38 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]39 ms_sends_msg("0508020081680001"
40 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
41 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]42 OSMO_ASSERT(gsup_tx_confirmed);
43 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
44
45 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
46 auth_request_sent = false;
47 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
48 auth_request_expect_autn = NULL;
49 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
50 gsup_rx("0a"
51 /* imsi */
52 "0108" "09710000004026f0"
53 /* 5 auth vectors... */
54 /* TL TL rand */
55 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
56 /* TL sres TL kc */
57 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
58 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
59 "2104" "20bde240" "2208" "07fa7502e07e1c00"
60 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
61 "2104" "a29514ae" "2208" "e2b234f807886400"
62 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
63 "2104" "5afc8d72" "2208" "2392f14f709ae000"
64 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]65 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000"
66 HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]67 NULL);
68 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
69 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
70
71 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]72 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]73 EXPECT_ACCEPTED(false);
74
75 thwart_rx_non_initial_requests();
76
77 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
78
79 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]80 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]81 ms_sends_msg("05542d8b2c3e");
82 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
83
84 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]85 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
86 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]87 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
88
89 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]90 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]91 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]92 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]93
94 btw("LU was successful, and the conn has already been closed");
95 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]96 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]97 EXPECT_CONN_COUNT(0);
98
99 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
100 auth_request_sent = false;
101 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
102 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]103 ms_sends_msg("05247403305886089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]104 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
105 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
106
107 btw("needs auth, not yet accepted");
108 EXPECT_ACCEPTED(false);
109 thwart_rx_non_initial_requests();
110
111 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
112 gsup_expect_tx(NULL);
113 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
114 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
115
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]116 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]117 expect_bssap_clear(OSMO_RAT_GERAN_A);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]118 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]119
120 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]121 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]122 EXPECT_CONN_COUNT(0);
123
124 BTW("an SMS is sent, MS is paged");
125 paging_expect_imsi(imsi);
126 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]127 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]128 OSMO_ASSERT(vsub);
129 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
130
131 send_sms(vsub, vsub,
132 "Privacy in residential applications is a desirable"
133 " marketing option.");
134
135 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]136 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]137 vsub = NULL;
138 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]139
140 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]141 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]142 OSMO_ASSERT(vsub);
143 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]144 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]145
146 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
147 auth_request_sent = false;
148 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
149 ms_sends_msg("06270703305882089910070000006402");
150 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
151
152 btw("needs auth, not yet accepted");
153 EXPECT_ACCEPTED(false);
154 thwart_rx_non_initial_requests();
155
156 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
157 dtap_expect_tx("09" /* SMS messages */
158 "01" /* CP-DATA */
159 "58" /* length */
160 "01" /* Network to MS */
161 "00" /* reference */
162 /* originator (gsm411_send_sms() hardcodes this weird nr) */
163 "0791" "447758100650" /* 447785016005 */
164 "00" /* dest */
165 /* SMS TPDU */
166 "4c" /* len */
167 "00" /* SMS deliver */
168 "05806470f1" /* originating address 46071 */
169 "00" /* TP-PID */
170 "00" /* GSM default alphabet */
171 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
172 "000000" /* H-M-S */
173 "00" /* GMT+0 */
174 "44" /* data length */
175 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
176 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
177 "0c7ac3e9e9b7db05");
178 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
179 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]180
181 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]182 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]183 OSMO_ASSERT(vsub);
184 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]185 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]186
187 btw("conn is still open to wait for SMS ack dance");
188 EXPECT_CONN_COUNT(1);
189
190 btw("MS replies with CP-ACK for received SMS");
191 ms_sends_msg("8904");
192 EXPECT_CONN_COUNT(1);
193
194 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
195 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]196 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]197 ms_sends_msg("890106020041020000");
198 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]199 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]200
201 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]202 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]203 EXPECT_CONN_COUNT(0);
204
205 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]206 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]207 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]208 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]209
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]210 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]211 EXPECT_CONN_COUNT(0);
212 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]213 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]214}
215
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]216static void test_gsm_authen_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]217{
218 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]219 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]220
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]221 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]222
223 net->authentication_required = true;
224 net->vlr->cfg.assign_tmsi = true;
225
226 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
227 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]228 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]229 ms_sends_msg("0508020081680001"
230 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
231 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]232 OSMO_ASSERT(gsup_tx_confirmed);
233 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
234
235 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
236 auth_request_sent = false;
237 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
238 auth_request_expect_autn = NULL;
239 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
240 gsup_rx("0a"
241 /* imsi */
242 "0108" "09710000004026f0"
243 /* 5 auth vectors... */
244 /* TL TL rand */
245 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
246 /* TL sres TL kc */
247 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
248 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
249 "2104" "20bde240" "2208" "07fa7502e07e1c00"
250 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
251 "2104" "a29514ae" "2208" "e2b234f807886400"
252 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
253 "2104" "5afc8d72" "2208" "2392f14f709ae000"
254 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]255 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000"
256 HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]257 NULL);
258 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
259 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
260
261 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]262 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]263 EXPECT_ACCEPTED(false);
264
265 thwart_rx_non_initial_requests();
266
267 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
268
269 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]270 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]271 ms_sends_msg("05542d8b2c3e");
272 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
273
274 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]275 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
276 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]277 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
278
279 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]280 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]281
282 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
283 EXPECT_CONN_COUNT(1);
284 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
285 EXPECT_ACCEPTED(false);
286 thwart_rx_non_initial_requests();
287
288 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]289 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]290 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
291 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
292 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
293 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]294 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]295
296 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]297 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]298 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]299 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]300
301 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]302 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]303 EXPECT_CONN_COUNT(0);
304
305 btw("Subscriber has the new TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]306 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]307 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
308 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
309 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
310 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]311 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]312
313 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
314 auth_request_sent = false;
315 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
316 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]317 ms_sends_msg("05247403305886" "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]318 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
319 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
320
321 btw("needs auth, not yet accepted");
322 EXPECT_ACCEPTED(false);
323 thwart_rx_non_initial_requests();
324
325 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
326 gsup_expect_tx(NULL);
327 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
328 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
329
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]330 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]331 expect_bssap_clear(OSMO_RAT_GERAN_A);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]332 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]333
334 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]335 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]336 EXPECT_CONN_COUNT(0);
337
338 BTW("an SMS is sent, MS is paged");
339 paging_expect_tmsi(0x03020100);
340 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]341 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]342 OSMO_ASSERT(vsub);
343 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
344
345 send_sms(vsub, vsub,
346 "Privacy in residential applications is a desirable"
347 " marketing option.");
348
349 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]350 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]351 vsub = NULL;
352 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]353
354 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]355 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]356 OSMO_ASSERT(vsub);
357 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]358 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]359
360 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
361 auth_request_sent = false;
362 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
363 ms_sends_msg("06270703305882" "05f4" "03020100");
364 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
365
366 btw("needs auth, not yet accepted");
367 EXPECT_ACCEPTED(false);
368 thwart_rx_non_initial_requests();
369
370 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
371 dtap_expect_tx("09" /* SMS messages */
372 "01" /* CP-DATA */
373 "58" /* length */
374 "01" /* Network to MS */
375 "00" /* reference */
376 /* originator (gsm411_send_sms() hardcodes this weird nr) */
377 "0791" "447758100650" /* 447785016005 */
378 "00" /* dest */
379 /* SMS TPDU */
380 "4c" /* len */
381 "00" /* SMS deliver */
382 "05806470f1" /* originating address 46071 */
383 "00" /* TP-PID */
384 "00" /* GSM default alphabet */
385 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
386 "000000" /* H-M-S */
387 "00" /* GMT+0 */
388 "44" /* data length */
389 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
390 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
391 "0c7ac3e9e9b7db05");
392 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
393 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]394
395 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]396 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]397 OSMO_ASSERT(vsub);
398 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]399 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]400
401 btw("conn is still open to wait for SMS ack dance");
402 EXPECT_CONN_COUNT(1);
403
404 btw("MS replies with CP-ACK for received SMS");
405 ms_sends_msg("8904");
406 EXPECT_CONN_COUNT(1);
407
408 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
409 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]410 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]411 ms_sends_msg("890106020041020000");
412 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]413 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]414
415 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]416 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]417 EXPECT_CONN_COUNT(0);
418
419 /* TODO: when the subscriber detaches, the vlr_subscr gets
420 * deallocated and we no longer know the TMSI. This case is covered by
421 * test_lu_unknown_tmsi(), so here I'd like to still have the TMSI.
422 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]423 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]424 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]425 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]426 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]427 EXPECT_CONN_COUNT(0);
428 */
429
430 BTW("subscriber sends LU Request, this time with the TMSI");
431 btw("Location Update request causes an Auth Req to MS");
432 lu_result_sent = RES_NONE;
433 auth_request_sent = false;
434 auth_request_expect_rand = "fa8f20b781b5881329d4fea26b1a3c51";
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]435 ms_sends_msg("0508020081680001"
436 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
437 "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]438 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
439 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
440
441 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]442 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]443 ms_sends_msg("05545afc8d72");
444 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
445
446 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]447 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
448 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]449 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
450
451 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]452 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]453
454 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
455 EXPECT_CONN_COUNT(1);
456 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
457 EXPECT_ACCEPTED(false);
458 thwart_rx_non_initial_requests();
459
460 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]461 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]462 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
463 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
464 VERBOSE_ASSERT(vsub->tmsi_new, == 0x07060504, "0x%08x");
465 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]466 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]467
468 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]469 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]470 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]471 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]472
473 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]474 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]475 EXPECT_CONN_COUNT(0);
476
477 btw("subscriber has the new TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]478 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]479 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
480 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
481 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
482 VERBOSE_ASSERT(vsub->tmsi, == 0x07060504, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]483 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]484
485 BTW("subscriber detaches, using new TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]486 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]487 ms_sends_msg("050130" "05f4" "07060504");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]488 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]489
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]490 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]491 EXPECT_CONN_COUNT(0);
492 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]493 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]494}
495
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]496static void test_gsm_authen_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]497{
498 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]499 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]500
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]501 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]502
503 net->authentication_required = true;
504 net->vlr->cfg.check_imei_rqd = true;
505
506 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
507 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]508 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]509 ms_sends_msg("0508020081680001"
510 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
511 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]512 OSMO_ASSERT(gsup_tx_confirmed);
513 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
514
515 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
516 auth_request_sent = false;
517 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
518 auth_request_expect_autn = NULL;
519 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
520 gsup_rx("0a"
521 /* imsi */
522 "0108" "09710000004026f0"
523 /* 5 auth vectors... */
524 /* TL TL rand */
525 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
526 /* TL sres TL kc */
527 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
528 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
529 "2104" "20bde240" "2208" "07fa7502e07e1c00"
530 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
531 "2104" "a29514ae" "2208" "e2b234f807886400"
532 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
533 "2104" "5afc8d72" "2208" "2392f14f709ae000"
534 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]535 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000"
536 HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]537 NULL);
538 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
539 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
540
541 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]542 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]543 EXPECT_ACCEPTED(false);
544 thwart_rx_non_initial_requests();
545 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
546
547 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]548 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]549 ms_sends_msg("05542d8b2c3e");
550 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
551
552 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]553 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
554 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]555 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
556
557 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
558 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]559 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]560
561 btw("We will only do business when the IMEI is known");
562 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]563 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]564 OSMO_ASSERT(vsub);
565 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]566 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]567 EXPECT_ACCEPTED(false);
568 thwart_rx_non_initial_requests();
569
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]570 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]571 gsup_expect_tx("30010809710000004026f050090824433224433224f0" VLR_TO_HLR);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]572 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]573 EXPECT_ACCEPTED(false);
574 thwart_rx_non_initial_requests();
575
576 btw("HLR accepts the IMEI");
577 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]578 gsup_rx("32010809710000004026f0510100" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]579 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]580
581 btw("LU was successful, and the conn has already been closed");
582 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]583 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]584 EXPECT_CONN_COUNT(0);
585
586 btw("Subscriber has the IMEI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]587 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]588 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]589 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]590 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]591
592 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]593 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]594 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]595 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]596
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]597 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]598 EXPECT_CONN_COUNT(0);
599 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]600 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]601}
602
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]603static void test_gsm_authen_imei_nack()
604{
605 struct vlr_subscr *vsub;
606 const char *imsi = "901700000004620";
607
608 comment_start();
609
610 net->authentication_required = true;
611 net->vlr->cfg.check_imei_rqd = true;
612
613 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
614 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]615 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]616 ms_sends_msg("0508020081680001"
617 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
618 "089910070000006402");
619 OSMO_ASSERT(gsup_tx_confirmed);
620 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
621
622 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
623 auth_request_sent = false;
624 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
625 auth_request_expect_autn = NULL;
626 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
627 gsup_rx("0a"
628 /* imsi */
629 "0108" "09710000004026f0"
630 /* 5 auth vectors... */
631 /* TL TL rand */
632 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
633 /* TL sres TL kc */
634 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
635 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
636 "2104" "20bde240" "2208" "07fa7502e07e1c00"
637 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
638 "2104" "a29514ae" "2208" "e2b234f807886400"
639 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
640 "2104" "5afc8d72" "2208" "2392f14f709ae000"
641 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]642 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000"
643 HLR_TO_VLR,
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]644 NULL);
645 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
646 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
647
648 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]649 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]650 EXPECT_ACCEPTED(false);
651
652 thwart_rx_non_initial_requests();
653
654 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
655
656 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]657 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]658 ms_sends_msg("05542d8b2c3e");
659 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
660
661 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]662 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
663 "12010809710000004026f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]664 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
665
666 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
667 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]668 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]669
670 btw("We will only do business when the IMEI is known");
671 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]672 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]673 OSMO_ASSERT(vsub);
674 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]675 vlr_subscr_put(vsub, __func__);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]676 EXPECT_ACCEPTED(false);
677 thwart_rx_non_initial_requests();
678
679 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]680 gsup_expect_tx("30010809710000004026f050090824433224433224f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]681 ms_sends_msg("0559084a32244332244302");
682 EXPECT_ACCEPTED(false);
683 thwart_rx_non_initial_requests();
684
685 expect_bssap_clear();
686 btw("HLR does not like the IMEI and sends NACK");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]687 gsup_rx("32010809710000004026f0510101" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]688 EXPECT_ACCEPTED(false);
689 thwart_rx_non_initial_requests();
690
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]691 ran_sends_clear_complete();
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]692 EXPECT_CONN_COUNT(0);
693 clear_vlr();
694 comment_end();
695}
696
697static void test_gsm_authen_imei_err()
698{
699 struct vlr_subscr *vsub;
700 const char *imsi = "901700000004620";
701
702 comment_start();
703
704 net->authentication_required = true;
705 net->vlr->cfg.check_imei_rqd = true;
706
707 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
708 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]709 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]710 ms_sends_msg("0508020081680001"
711 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
712 "089910070000006402");
713 OSMO_ASSERT(gsup_tx_confirmed);
714 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
715
716 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
717 auth_request_sent = false;
718 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
719 auth_request_expect_autn = NULL;
720 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
721 gsup_rx("0a"
722 /* imsi */
723 "0108" "09710000004026f0"
724 /* 5 auth vectors... */
725 /* TL TL rand */
726 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
727 /* TL sres TL kc */
728 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
729 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
730 "2104" "20bde240" "2208" "07fa7502e07e1c00"
731 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
732 "2104" "a29514ae" "2208" "e2b234f807886400"
733 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
734 "2104" "5afc8d72" "2208" "2392f14f709ae000"
735 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]736 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]737 NULL);
738 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
739 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
740
741 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]742 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]743 EXPECT_ACCEPTED(false);
744
745 thwart_rx_non_initial_requests();
746
747 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
748
749 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]750 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]751 ms_sends_msg("05542d8b2c3e");
752 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
753
754 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]755 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
756 "12010809710000004026f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]757 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
758
759 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
760 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]761 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]762
763 btw("We will only do business when the IMEI is known");
764 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]765 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]766 OSMO_ASSERT(vsub);
767 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]768 vlr_subscr_put(vsub, __func__);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]769 EXPECT_ACCEPTED(false);
770 thwart_rx_non_initial_requests();
771
772 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]773 gsup_expect_tx("30010809710000004026f050090824433224433224f0" VLR_TO_HLR);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]774 ms_sends_msg("0559084a32244332244302");
775 EXPECT_ACCEPTED(false);
776 thwart_rx_non_initial_requests();
777
778 expect_bssap_clear();
779 btw("HLR can't parse the message and returns ERR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]780 gsup_rx("31010809710000004026f0020160" HLR_TO_VLR, NULL);
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]781 EXPECT_ACCEPTED(false);
782 thwart_rx_non_initial_requests();
783
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]784 ran_sends_clear_complete();
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]785 EXPECT_CONN_COUNT(0);
786 clear_vlr();
787 comment_end();
788}
789
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]790static void test_gsm_authen_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]791{
792 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]793 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]794
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]795 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]796
797 net->authentication_required = true;
798 net->vlr->cfg.assign_tmsi = true;
799 net->vlr->cfg.check_imei_rqd = true;
800
801 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
802 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]803 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]804 ms_sends_msg("0508020081680001"
805 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
806 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]807 OSMO_ASSERT(gsup_tx_confirmed);
808 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
809
810 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
811 auth_request_sent = false;
812 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
813 auth_request_expect_autn = NULL;
814 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
815 gsup_rx("0a"
816 /* imsi */
817 "0108" "09710000004026f0"
818 /* 5 auth vectors... */
819 /* TL TL rand */
820 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
821 /* TL sres TL kc */
822 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
823 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
824 "2104" "20bde240" "2208" "07fa7502e07e1c00"
825 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
826 "2104" "a29514ae" "2208" "e2b234f807886400"
827 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
828 "2104" "5afc8d72" "2208" "2392f14f709ae000"
829 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]830 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]831 NULL);
832 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
833 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
834
835 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]836 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]837 EXPECT_ACCEPTED(false);
838
839 thwart_rx_non_initial_requests();
840
841 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
842
843 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]844 gsup_expect_tx("04010809710000004026f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]845 ms_sends_msg("05542d8b2c3e");
846 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
847
848 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]849 gsup_rx("10010809710000004026f00804036470f1" HLR_TO_VLR,
850 "12010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]851 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
852
853 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
854 dtap_expect_tx("051802");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]855 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]856
857 btw("We will only do business when the IMEI is known");
858 EXPECT_CONN_COUNT(1);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]859 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]860 OSMO_ASSERT(vsub);
861 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]862 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]863 EXPECT_ACCEPTED(false);
864 thwart_rx_non_initial_requests();
865
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]866 btw("MS replies with an Identity Response, VLR sends the IMEI to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]867 gsup_expect_tx("30010809710000004026f050090824433224433224f0" VLR_TO_HLR);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]868 ms_sends_msg("0559084a32244332244302");
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]869 EXPECT_ACCEPTED(false);
870 thwart_rx_non_initial_requests();
871
872 btw("HLR accepts the IMEI");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]873 gsup_rx("32010809710000004026f0510100" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]874
875 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
876 EXPECT_CONN_COUNT(1);
877 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
878 EXPECT_ACCEPTED(false);
879 thwart_rx_non_initial_requests();
880
881 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]882 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]883 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
884 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
885 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
886 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]887 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]888
889 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]890 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]891 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]892 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]893
894 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]895 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]896 EXPECT_CONN_COUNT(0);
897
898 btw("Subscriber has the IMEI and TMSI");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]899 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]900 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]901 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]902 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]903 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]904
905 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]906 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]907 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]908 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]909
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]910 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]911 EXPECT_CONN_COUNT(0);
912 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]913 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]914}
915
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]916static void test_gsm_milenage_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]917{
918 struct vlr_subscr *vsub;
919 const char *imsi = "901700000010650";
920
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]921 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]922
923 net->authentication_required = true;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]924 rx_from_ran = OSMO_RAT_GERAN_A;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]925
926 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
927 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]928 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]929 ms_sends_msg("0508" /* MM LU */
930 "7" /* ciph key seq: no key available */
931 "0" /* LU type: normal */
932 "ffffff" "0000" /* LAI, LAC */
933 "30" /* classmark 1: GSM phase 2 */
934 "089910070000106005" /* IMSI */
935 );
936 OSMO_ASSERT(gsup_tx_confirmed);
937 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
938
939 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
940 /* based on auc_3g:
941 * K = 'EB215756028D60E3275E613320AEC880',
942 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
943 * SQN = 0
944 */
945 auth_request_sent = false;
946 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
947 auth_request_expect_autn = NULL;
948 gsup_rx("0a"
949 /* imsi */
950 "0108" "09710000000156f0"
951 /* 5 auth vectors... */
952 /* TL TL rand */
953 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
954 /* TL sres TL kc */
955 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
956 /* TL 3G IK */
957 "2310" "27497388b6cb044648f396aa155b95ef"
958 /* TL 3G CK */
959 "2410" "f64735036e5871319c679f4742a75ea1"
960 /* TL AUTN */
961 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
962 /* TL RES */
963 "2708" "e229c19e791f2e41"
964 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
965 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
966 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
967 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
968 "2510" "1843a645b98d00005b2d666af46c45d9"
969 "2708" "7db47cf7f81e4dc7"
970 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
971 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
972 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
973 "2410" "76542abce5ff9345b0e8947f4c6e019c"
974 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]975 "2708" "706f996719ba609c" HLR_TO_VLR,
976 NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]977 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
978 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
979
980 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]981 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]982 ms_sends_msg("0554" "9b36efdf");
983 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
984
985 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]986 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
987 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]988 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
989
990 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]991 expect_bssap_clear();
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]992 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]993 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]994
995 btw("LU was successful, and the conn has already been closed");
996 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]997 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]998 EXPECT_CONN_COUNT(0);
999
1000 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
1001 auth_request_sent = false;
1002 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
1003 auth_request_expect_autn = NULL;
1004 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1005 ms_sends_msg("052474"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1006 "03305886" /* classmark 2: GSM phase 2 */
1007 "089910070000106005" /* IMSI */);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1008 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
1009 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1010
1011 btw("needs auth, not yet accepted");
1012 EXPECT_ACCEPTED(false);
1013 thwart_rx_non_initial_requests();
1014
1015 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
1016 gsup_expect_tx(NULL);
1017 ms_sends_msg("0554" "85aa3130"); /* 2nd vector's sres, s.a. */
1018 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
1019
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]1020 /* Release connection */
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]1021 expect_bssap_clear(OSMO_RAT_GERAN_A);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1022 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1023
1024 btw("all requests serviced, conn has been released");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1025 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1026 EXPECT_CONN_COUNT(0);
1027
1028 BTW("an SMS is sent, MS is paged");
1029 paging_expect_imsi(imsi);
1030 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1031 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1032 OSMO_ASSERT(vsub);
1033 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
1034
1035 send_sms(vsub, vsub,
1036 "Privacy in residential applications is a desirable"
1037 " marketing option.");
1038
1039 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1040 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1041 vsub = NULL;
1042 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1043
1044 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1045 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1046 OSMO_ASSERT(vsub);
1047 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1048 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1049
1050 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
1051 auth_request_sent = false;
1052 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
1053 auth_request_expect_autn = NULL;
1054 ms_sends_msg("062707"
1055 "03305886" /* classmark 2 */
1056 "089910070000106005" /* IMSI */);
1057 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1058
1059 btw("needs auth, not yet accepted");
1060 EXPECT_ACCEPTED(false);
1061 thwart_rx_non_initial_requests();
1062
1063 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
1064 dtap_expect_tx("09" /* SMS messages */
1065 "01" /* CP-DATA */
1066 "58" /* length */
1067 "01" /* Network to MS */
1068 "00" /* reference */
1069 /* originator (gsm411_send_sms() hardcodes this weird nr) */
1070 "0791" "447758100650" /* 447785016005 */
1071 "00" /* dest */
1072 /* SMS TPDU */
1073 "4c" /* len */
1074 "00" /* SMS deliver */
1075 "05802443f2" /* originating address 42342 */
1076 "00" /* TP-PID */
1077 "00" /* GSM default alphabet */
1078 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
1079 "000000" /* H-M-S */
1080 "00" /* GMT+0 */
1081 "44" /* data length */
1082 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
1083 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
1084 "0c7ac3e9e9b7db05");
1085 ms_sends_msg("0554" "69d5f9fb"); /* 3nd vector's sres, s.a. */
1086 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1087
1088 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1089 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1090 OSMO_ASSERT(vsub);
1091 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]1092 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1093
1094 btw("conn is still open to wait for SMS ack dance");
1095 EXPECT_CONN_COUNT(1);
1096
1097 btw("MS replies with CP-ACK for received SMS");
1098 ms_sends_msg("8904");
1099 EXPECT_CONN_COUNT(1);
1100
1101 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
1102 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1103 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1104 ms_sends_msg("890106020041020000");
1105 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1106 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1107
1108 btw("SMS is done, conn is gone");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1109 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1110 EXPECT_CONN_COUNT(0);
1111
1112 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1113 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1114 ms_sends_msg("050130"
1115 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]1116 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1117
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1118 ran_sends_clear_complete();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1119 EXPECT_CONN_COUNT(0);
1120 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]1121 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1122}
1123
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1124static void test_wrong_sres_length()
1125{
1126 comment_start();
1127 fake_time_start();
1128
1129 net->authentication_required = true;
1130
1131 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
1132 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1133 gsup_expect_tx("08010809710000004026f0" VLR_TO_HLR);
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame]1134 ms_sends_msg("0508020081680001"
1135 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
1136 "089910070000006402");
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1137 OSMO_ASSERT(gsup_tx_confirmed);
1138 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1139
1140 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
1141 auth_request_sent = false;
1142 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
1143 auth_request_expect_autn = NULL;
1144 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
1145 gsup_rx("0a"
1146 /* imsi */
1147 "0108" "09710000004026f0"
1148 /* 5 auth vectors... */
1149 /* TL TL rand */
1150 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
1151 /* TL sres TL kc */
1152 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
1153 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
1154 "2104" "20bde240" "2208" "07fa7502e07e1c00"
1155 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
1156 "2104" "a29514ae" "2208" "e2b234f807886400"
1157 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
1158 "2104" "5afc8d72" "2208" "2392f14f709ae000"
1159 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1160 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1161 NULL);
1162 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
1163 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1164
1165 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1166 gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1167 EXPECT_ACCEPTED(false);
1168
1169 thwart_rx_non_initial_requests();
1170
1171 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
1172
1173 btw("MS sends Authen Response with too short SRES data, auth is thwarted.");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1174 gsup_expect_tx("0b010809710000004026f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1175 expect_bssap_clear();
1176 ms_sends_msg("05542d8b2c");
1177 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
1178
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1179 ran_sends_clear_complete();
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1180 EXPECT_CONN_COUNT(0);
1181 clear_vlr();
1182 comment_end();
1183}
1184
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1185msc_vlr_test_func_t msc_vlr_tests[] = {
1186 test_gsm_authen,
1187 test_gsm_authen_tmsi,
1188 test_gsm_authen_imei,
Oliver Smith7d053092018-12-14 17:37:38 +0100[diff] [blame]1189 test_gsm_authen_imei_nack,
1190 test_gsm_authen_imei_err,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1191 test_gsm_authen_tmsi_imei,
1192 test_gsm_milenage_authen,
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]1193 test_wrong_sres_length,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1194 NULL
1195};