Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / fe718bc760574e49fa09885a99496464a10096c0 / . / tests / msc_vlr / msc_vlr_test_gsm_authen.c
blob: dda84f667b3f3bde13b22a805f2c5e508b229500 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]26static void test_gsm_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]29 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]30
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]31 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]32
33 net->authentication_required = true;
34
35 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
36 lu_result_sent = RES_NONE;
37 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame^]38 ms_sends_msg("0508020081680001"
39 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
40 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]41 OSMO_ASSERT(gsup_tx_confirmed);
42 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
43
44 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
45 auth_request_sent = false;
46 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
47 auth_request_expect_autn = NULL;
48 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
49 gsup_rx("0a"
50 /* imsi */
51 "0108" "09710000004026f0"
52 /* 5 auth vectors... */
53 /* TL TL rand */
54 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
55 /* TL sres TL kc */
56 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
57 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
58 "2104" "20bde240" "2208" "07fa7502e07e1c00"
59 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
60 "2104" "a29514ae" "2208" "e2b234f807886400"
61 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
62 "2104" "5afc8d72" "2208" "2392f14f709ae000"
63 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
64 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
65 NULL);
66 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
67 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
68
69 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
70 gsup_rx("06010809710000004026f0", NULL);
71 EXPECT_ACCEPTED(false);
72
73 thwart_rx_non_initial_requests();
74
75 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
76
77 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
78 gsup_expect_tx("04010809710000004026f0");
79 ms_sends_msg("05542d8b2c3e");
80 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
81
82 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
83 gsup_rx("10010809710000004026f00804036470f1",
84 "12010809710000004026f0");
85 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
86
87 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]88 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]89 gsup_rx("06010809710000004026f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]90 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]91
92 btw("LU was successful, and the conn has already been closed");
93 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
94 EXPECT_CONN_COUNT(0);
95
96 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
97 auth_request_sent = false;
98 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
99 cm_service_result_sent = RES_NONE;
100 ms_sends_msg("05247803305886089910070000006402");
101 OSMO_ASSERT(g_conn);
102 OSMO_ASSERT(g_conn->conn_fsm);
103 OSMO_ASSERT(g_conn->vsub);
104 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
105 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
106
107 btw("needs auth, not yet accepted");
108 EXPECT_ACCEPTED(false);
109 thwart_rx_non_initial_requests();
110
111 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
112 gsup_expect_tx(NULL);
113 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
114 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
115
116 btw("a USSD request is serviced");
117 dtap_expect_tx_ussd("Your extension is 46071\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]118 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]119 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
120 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]121 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]122
123 btw("all requests serviced, conn has been released");
124 EXPECT_CONN_COUNT(0);
125
126 BTW("an SMS is sent, MS is paged");
127 paging_expect_imsi(imsi);
128 paging_sent = false;
129 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
130 OSMO_ASSERT(vsub);
131 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
132
133 send_sms(vsub, vsub,
134 "Privacy in residential applications is a desirable"
135 " marketing option.");
136
137 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
138 vlr_subscr_put(vsub);
139 vsub = NULL;
140 VERBOSE_ASSERT(paging_sent, == true, "%d");
141 VERBOSE_ASSERT(paging_stopped, == false, "%d");
142
143 btw("the subscriber and its pending request should remain");
144 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
145 OSMO_ASSERT(vsub);
146 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
147 vlr_subscr_put(vsub);
148
149 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
150 auth_request_sent = false;
151 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
152 ms_sends_msg("06270703305882089910070000006402");
153 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
154
155 btw("needs auth, not yet accepted");
156 EXPECT_ACCEPTED(false);
157 thwart_rx_non_initial_requests();
158
159 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
160 dtap_expect_tx("09" /* SMS messages */
161 "01" /* CP-DATA */
162 "58" /* length */
163 "01" /* Network to MS */
164 "00" /* reference */
165 /* originator (gsm411_send_sms() hardcodes this weird nr) */
166 "0791" "447758100650" /* 447785016005 */
167 "00" /* dest */
168 /* SMS TPDU */
169 "4c" /* len */
170 "00" /* SMS deliver */
171 "05806470f1" /* originating address 46071 */
172 "00" /* TP-PID */
173 "00" /* GSM default alphabet */
174 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
175 "000000" /* H-M-S */
176 "00" /* GMT+0 */
177 "44" /* data length */
178 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
179 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
180 "0c7ac3e9e9b7db05");
181 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
182 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
183 VERBOSE_ASSERT(paging_stopped, == true, "%d");
184
185 btw("SMS was delivered, no requests pending for subscr");
186 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
187 OSMO_ASSERT(vsub);
188 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
189 vlr_subscr_put(vsub);
190
191 btw("conn is still open to wait for SMS ack dance");
192 EXPECT_CONN_COUNT(1);
193
194 btw("MS replies with CP-ACK for received SMS");
195 ms_sends_msg("8904");
196 EXPECT_CONN_COUNT(1);
197
198 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
199 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]200 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]201 ms_sends_msg("890106020041020000");
202 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]203 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]204
205 btw("SMS is done, conn is gone");
206 EXPECT_CONN_COUNT(0);
207
208 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]209 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]210 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]211 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]212
213 EXPECT_CONN_COUNT(0);
214 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]215 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]216}
217
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]218static void test_gsm_authen_tmsi()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]219{
220 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]221 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]222
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]223 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]224
225 net->authentication_required = true;
226 net->vlr->cfg.assign_tmsi = true;
227
228 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
229 lu_result_sent = RES_NONE;
230 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame^]231 ms_sends_msg("0508020081680001"
232 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
233 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]234 OSMO_ASSERT(gsup_tx_confirmed);
235 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
236
237 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
238 auth_request_sent = false;
239 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
240 auth_request_expect_autn = NULL;
241 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
242 gsup_rx("0a"
243 /* imsi */
244 "0108" "09710000004026f0"
245 /* 5 auth vectors... */
246 /* TL TL rand */
247 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
248 /* TL sres TL kc */
249 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
250 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
251 "2104" "20bde240" "2208" "07fa7502e07e1c00"
252 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
253 "2104" "a29514ae" "2208" "e2b234f807886400"
254 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
255 "2104" "5afc8d72" "2208" "2392f14f709ae000"
256 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
257 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
258 NULL);
259 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
260 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
261
262 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
263 gsup_rx("06010809710000004026f0", NULL);
264 EXPECT_ACCEPTED(false);
265
266 thwart_rx_non_initial_requests();
267
268 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
269
270 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
271 gsup_expect_tx("04010809710000004026f0");
272 ms_sends_msg("05542d8b2c3e");
273 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
274
275 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
276 gsup_rx("10010809710000004026f00804036470f1",
277 "12010809710000004026f0");
278 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
279
280 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
281 gsup_rx("06010809710000004026f0", NULL);
282
283 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
284 EXPECT_CONN_COUNT(1);
285 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
286 EXPECT_ACCEPTED(false);
287 thwart_rx_non_initial_requests();
288
289 btw("even though the TMSI is not acked, we can already find the subscr with it");
290 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
291 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
292 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
293 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
294 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
295 vlr_subscr_put(vsub);
296
297 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]298 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]299 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]300 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]301
302 btw("LU was successful, and the conn has already been closed");
303 EXPECT_CONN_COUNT(0);
304
305 btw("Subscriber has the new TMSI");
306 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
307 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
308 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
309 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
310 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
311 vlr_subscr_put(vsub);
312
313 BTW("after a while, a new conn sends a CM Service Request using above TMSI. VLR responds with Auth Req, 2nd auth vector");
314 auth_request_sent = false;
315 auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
316 cm_service_result_sent = RES_NONE;
317 ms_sends_msg("05247803305886" "05f4" "03020100");
318 OSMO_ASSERT(g_conn);
319 OSMO_ASSERT(g_conn->conn_fsm);
320 OSMO_ASSERT(g_conn->vsub);
321 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
322 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
323
324 btw("needs auth, not yet accepted");
325 EXPECT_ACCEPTED(false);
326 thwart_rx_non_initial_requests();
327
328 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
329 gsup_expect_tx(NULL);
330 ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
331 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
332
333 btw("a USSD request is serviced");
334 dtap_expect_tx_ussd("Your extension is 46071\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]335 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]336 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
337 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]338 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]339
340 btw("all requests serviced, conn has been released");
341 EXPECT_CONN_COUNT(0);
342
343 BTW("an SMS is sent, MS is paged");
344 paging_expect_tmsi(0x03020100);
345 paging_sent = false;
346 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
347 OSMO_ASSERT(vsub);
348 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
349
350 send_sms(vsub, vsub,
351 "Privacy in residential applications is a desirable"
352 " marketing option.");
353
354 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
355 vlr_subscr_put(vsub);
356 vsub = NULL;
357 VERBOSE_ASSERT(paging_sent, == true, "%d");
358 VERBOSE_ASSERT(paging_stopped, == false, "%d");
359
360 btw("the subscriber and its pending request should remain");
361 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
362 OSMO_ASSERT(vsub);
363 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
364 vlr_subscr_put(vsub);
365
366 btw("MS replies with Paging Response using TMSI, and VLR sends Auth Request with third key");
367 auth_request_sent = false;
368 auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
369 ms_sends_msg("06270703305882" "05f4" "03020100");
370 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
371
372 btw("needs auth, not yet accepted");
373 EXPECT_ACCEPTED(false);
374 thwart_rx_non_initial_requests();
375
376 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
377 dtap_expect_tx("09" /* SMS messages */
378 "01" /* CP-DATA */
379 "58" /* length */
380 "01" /* Network to MS */
381 "00" /* reference */
382 /* originator (gsm411_send_sms() hardcodes this weird nr) */
383 "0791" "447758100650" /* 447785016005 */
384 "00" /* dest */
385 /* SMS TPDU */
386 "4c" /* len */
387 "00" /* SMS deliver */
388 "05806470f1" /* originating address 46071 */
389 "00" /* TP-PID */
390 "00" /* GSM default alphabet */
391 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
392 "000000" /* H-M-S */
393 "00" /* GMT+0 */
394 "44" /* data length */
395 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
396 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
397 "0c7ac3e9e9b7db05");
398 ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
399 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
400 VERBOSE_ASSERT(paging_stopped, == true, "%d");
401
402 btw("SMS was delivered, no requests pending for subscr");
403 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
404 OSMO_ASSERT(vsub);
405 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
406 vlr_subscr_put(vsub);
407
408 btw("conn is still open to wait for SMS ack dance");
409 EXPECT_CONN_COUNT(1);
410
411 btw("MS replies with CP-ACK for received SMS");
412 ms_sends_msg("8904");
413 EXPECT_CONN_COUNT(1);
414
415 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
416 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]417 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]418 ms_sends_msg("890106020041020000");
419 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]420 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]421
422 btw("SMS is done, conn is gone");
423 EXPECT_CONN_COUNT(0);
424
425 /* TODO: when the subscriber detaches, the vlr_subscr gets
426 * deallocated and we no longer know the TMSI. This case is covered by
427 * test_lu_unknown_tmsi(), so here I'd like to still have the TMSI.
428 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]429 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]430 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]431 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]432 EXPECT_CONN_COUNT(0);
433 */
434
435 BTW("subscriber sends LU Request, this time with the TMSI");
436 btw("Location Update request causes an Auth Req to MS");
437 lu_result_sent = RES_NONE;
438 auth_request_sent = false;
439 auth_request_expect_rand = "fa8f20b781b5881329d4fea26b1a3c51";
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame^]440 ms_sends_msg("0508020081680001"
441 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
442 "05f4" "03020100");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]443 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
444 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
445
446 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
447 gsup_expect_tx("04010809710000004026f0");
448 ms_sends_msg("05545afc8d72");
449 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
450
451 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
452 gsup_rx("10010809710000004026f00804036470f1",
453 "12010809710000004026f0");
454 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
455
456 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
457 gsup_rx("06010809710000004026f0", NULL);
458
459 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
460 EXPECT_CONN_COUNT(1);
461 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
462 EXPECT_ACCEPTED(false);
463 thwart_rx_non_initial_requests();
464
465 btw("even though the TMSI is not acked, we can already find the subscr with it");
466 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
467 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
468 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
469 VERBOSE_ASSERT(vsub->tmsi_new, == 0x07060504, "0x%08x");
470 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
471 vlr_subscr_put(vsub);
472
473 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]474 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]475 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]476 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]477
478 btw("LU was successful, and the conn has already been closed");
479 EXPECT_CONN_COUNT(0);
480
481 btw("subscriber has the new TMSI");
482 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x07060504);
483 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
484 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
485 VERBOSE_ASSERT(vsub->tmsi_new, == GSM_RESERVED_TMSI, "0x%08x");
486 VERBOSE_ASSERT(vsub->tmsi, == 0x07060504, "0x%08x");
487 vlr_subscr_put(vsub);
488
489 BTW("subscriber detaches, using new TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]490 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]491 ms_sends_msg("050130" "05f4" "07060504");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]492 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]493
494 EXPECT_CONN_COUNT(0);
495 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]496 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]497}
498
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]499static void test_gsm_authen_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]500{
501 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]502 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]503
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]504 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]505
506 net->authentication_required = true;
507 net->vlr->cfg.check_imei_rqd = true;
508
509 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
510 lu_result_sent = RES_NONE;
511 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame^]512 ms_sends_msg("0508020081680001"
513 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
514 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]515 OSMO_ASSERT(gsup_tx_confirmed);
516 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
517
518 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
519 auth_request_sent = false;
520 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
521 auth_request_expect_autn = NULL;
522 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
523 gsup_rx("0a"
524 /* imsi */
525 "0108" "09710000004026f0"
526 /* 5 auth vectors... */
527 /* TL TL rand */
528 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
529 /* TL sres TL kc */
530 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
531 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
532 "2104" "20bde240" "2208" "07fa7502e07e1c00"
533 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
534 "2104" "a29514ae" "2208" "e2b234f807886400"
535 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
536 "2104" "5afc8d72" "2208" "2392f14f709ae000"
537 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
538 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
539 NULL);
540 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
541 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
542
543 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
544 gsup_rx("06010809710000004026f0", NULL);
545 EXPECT_ACCEPTED(false);
546 thwart_rx_non_initial_requests();
547 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
548
549 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
550 gsup_expect_tx("04010809710000004026f0");
551 ms_sends_msg("05542d8b2c3e");
552 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
553
554 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
555 gsup_rx("10010809710000004026f00804036470f1",
556 "12010809710000004026f0");
557 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
558
559 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
560 dtap_expect_tx("051802");
561 gsup_rx("06010809710000004026f0", NULL);
562
563 btw("We will only do business when the IMEI is known");
564 EXPECT_CONN_COUNT(1);
565 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
566 OSMO_ASSERT(vsub);
567 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
568 vlr_subscr_put(vsub);
569 EXPECT_ACCEPTED(false);
570 thwart_rx_non_initial_requests();
571
572 btw("MS replies with an Identity Response");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]573 expect_bssap_clear();
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]574 ms_sends_msg("0559084a32244332244302");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]575 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]576
577 btw("LU was successful, and the conn has already been closed");
578 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
579 EXPECT_CONN_COUNT(0);
580
581 btw("Subscriber has the IMEI");
582 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
583 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]584 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]585 vlr_subscr_put(vsub);
586
587 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]588 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]589 ms_sends_msg("050130089910070000006402");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]590 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]591
592 EXPECT_CONN_COUNT(0);
593 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]594 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]595}
596
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]597static void test_gsm_authen_tmsi_imei()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]598{
599 struct vlr_subscr *vsub;
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]600 const char *imsi = "901700000004620";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]601
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]602 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]603
604 net->authentication_required = true;
605 net->vlr->cfg.assign_tmsi = true;
606 net->vlr->cfg.check_imei_rqd = true;
607
608 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
609 lu_result_sent = RES_NONE;
610 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame^]611 ms_sends_msg("0508020081680001"
612 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
613 "089910070000006402");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]614 OSMO_ASSERT(gsup_tx_confirmed);
615 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
616
617 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
618 auth_request_sent = false;
619 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
620 auth_request_expect_autn = NULL;
621 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
622 gsup_rx("0a"
623 /* imsi */
624 "0108" "09710000004026f0"
625 /* 5 auth vectors... */
626 /* TL TL rand */
627 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
628 /* TL sres TL kc */
629 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
630 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
631 "2104" "20bde240" "2208" "07fa7502e07e1c00"
632 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
633 "2104" "a29514ae" "2208" "e2b234f807886400"
634 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
635 "2104" "5afc8d72" "2208" "2392f14f709ae000"
636 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
637 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
638 NULL);
639 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
640 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
641
642 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
643 gsup_rx("06010809710000004026f0", NULL);
644 EXPECT_ACCEPTED(false);
645
646 thwart_rx_non_initial_requests();
647
648 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
649
650 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
651 gsup_expect_tx("04010809710000004026f0");
652 ms_sends_msg("05542d8b2c3e");
653 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
654
655 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
656 gsup_rx("10010809710000004026f00804036470f1",
657 "12010809710000004026f0");
658 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
659
660 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT, and we send an ID Request for the IMEI to the MS");
661 dtap_expect_tx("051802");
662 gsup_rx("06010809710000004026f0", NULL);
663
664 btw("We will only do business when the IMEI is known");
665 EXPECT_CONN_COUNT(1);
666 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
667 OSMO_ASSERT(vsub);
668 VERBOSE_ASSERT(vsub->imei[0], == 0, "%d");
669 vlr_subscr_put(vsub);
670 EXPECT_ACCEPTED(false);
671 thwart_rx_non_initial_requests();
672
673 btw("MS replies with an Identity Response");
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]674 ms_sends_msg("0559084a32244332244302");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]675
676 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
677 EXPECT_CONN_COUNT(1);
678 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
679 EXPECT_ACCEPTED(false);
680 thwart_rx_non_initial_requests();
681
682 btw("even though the TMSI is not acked, we can already find the subscr with it");
683 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
684 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
685 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
686 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
687 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
688 vlr_subscr_put(vsub);
689
690 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]691 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]692 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]693 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]694
695 btw("LU was successful, and the conn has already been closed");
696 EXPECT_CONN_COUNT(0);
697
698 btw("Subscriber has the IMEI and TMSI");
699 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
700 OSMO_ASSERT(vsub);
Neels Hofmeyr34d33bd2017-07-20 02:56:21 +0200[diff] [blame]701 VERBOSE_ASSERT(strcmp(vsub->imei, "423423423423420"), == 0, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]702 VERBOSE_ASSERT(vsub->tmsi, == 0x03020100, "0x%08x");
703 vlr_subscr_put(vsub);
704
705 BTW("subscriber detaches, using TMSI");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]706 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]707 ms_sends_msg("050130" "05f4" "03020100");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]708 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]709
710 EXPECT_CONN_COUNT(0);
711 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]712 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]713}
714
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]715static void test_gsm_milenage_authen()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]716{
717 struct vlr_subscr *vsub;
718 const char *imsi = "901700000010650";
719
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]720 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]721
722 net->authentication_required = true;
723 rx_from_ran = RAN_GERAN_A;
724
725 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
726 lu_result_sent = RES_NONE;
727 gsup_expect_tx("080108" "09710000000156f0");
728 ms_sends_msg("0508" /* MM LU */
729 "7" /* ciph key seq: no key available */
730 "0" /* LU type: normal */
731 "ffffff" "0000" /* LAI, LAC */
732 "30" /* classmark 1: GSM phase 2 */
733 "089910070000106005" /* IMSI */
734 );
735 OSMO_ASSERT(gsup_tx_confirmed);
736 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
737
738 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
739 /* based on auc_3g:
740 * K = 'EB215756028D60E3275E613320AEC880',
741 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
742 * SQN = 0
743 */
744 auth_request_sent = false;
745 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
746 auth_request_expect_autn = NULL;
747 gsup_rx("0a"
748 /* imsi */
749 "0108" "09710000000156f0"
750 /* 5 auth vectors... */
751 /* TL TL rand */
752 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
753 /* TL sres TL kc */
754 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
755 /* TL 3G IK */
756 "2310" "27497388b6cb044648f396aa155b95ef"
757 /* TL 3G CK */
758 "2410" "f64735036e5871319c679f4742a75ea1"
759 /* TL AUTN */
760 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
761 /* TL RES */
762 "2708" "e229c19e791f2e41"
763 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
764 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
765 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
766 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
767 "2510" "1843a645b98d00005b2d666af46c45d9"
768 "2708" "7db47cf7f81e4dc7"
769 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
770 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
771 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
772 "2410" "76542abce5ff9345b0e8947f4c6e019c"
773 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
774 "2708" "706f996719ba609c"
775 ,NULL);
776 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
777 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
778
779 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
780 gsup_expect_tx("04010809710000000156f0");
781 ms_sends_msg("0554" "9b36efdf");
782 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
783
784 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
785 gsup_rx("10010809710000000156f00804032443f2",
786 "12010809710000000156f0");
787 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
788
789 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]790 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]791 gsup_rx("06010809710000000156f0", NULL);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]792 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]793
794 btw("LU was successful, and the conn has already been closed");
795 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
796 EXPECT_CONN_COUNT(0);
797
798 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
799 auth_request_sent = false;
800 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
801 auth_request_expect_autn = NULL;
802 cm_service_result_sent = RES_NONE;
803 ms_sends_msg("052478"
804 "03305886" /* classmark 2: GSM phase 2 */
805 "089910070000106005" /* IMSI */);
806 OSMO_ASSERT(g_conn);
807 OSMO_ASSERT(g_conn->conn_fsm);
808 OSMO_ASSERT(g_conn->vsub);
809 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
810 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
811
812 btw("needs auth, not yet accepted");
813 EXPECT_ACCEPTED(false);
814 thwart_rx_non_initial_requests();
815
816 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
817 gsup_expect_tx(NULL);
818 ms_sends_msg("0554" "85aa3130"); /* 2nd vector's sres, s.a. */
819 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
820
821 btw("a USSD request is serviced");
822 dtap_expect_tx_ussd("Your extension is 42342\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]823 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]824 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
825 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]826 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]827
828 btw("all requests serviced, conn has been released");
829 EXPECT_CONN_COUNT(0);
830
831 BTW("an SMS is sent, MS is paged");
832 paging_expect_imsi(imsi);
833 paging_sent = false;
834 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
835 OSMO_ASSERT(vsub);
836 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
837
838 send_sms(vsub, vsub,
839 "Privacy in residential applications is a desirable"
840 " marketing option.");
841
842 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
843 vlr_subscr_put(vsub);
844 vsub = NULL;
845 VERBOSE_ASSERT(paging_sent, == true, "%d");
846 VERBOSE_ASSERT(paging_stopped, == false, "%d");
847
848 btw("the subscriber and its pending request should remain");
849 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
850 OSMO_ASSERT(vsub);
851 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
852 vlr_subscr_put(vsub);
853
854 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
855 auth_request_sent = false;
856 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
857 auth_request_expect_autn = NULL;
858 ms_sends_msg("062707"
859 "03305886" /* classmark 2 */
860 "089910070000106005" /* IMSI */);
861 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
862
863 btw("needs auth, not yet accepted");
864 EXPECT_ACCEPTED(false);
865 thwart_rx_non_initial_requests();
866
867 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
868 dtap_expect_tx("09" /* SMS messages */
869 "01" /* CP-DATA */
870 "58" /* length */
871 "01" /* Network to MS */
872 "00" /* reference */
873 /* originator (gsm411_send_sms() hardcodes this weird nr) */
874 "0791" "447758100650" /* 447785016005 */
875 "00" /* dest */
876 /* SMS TPDU */
877 "4c" /* len */
878 "00" /* SMS deliver */
879 "05802443f2" /* originating address 42342 */
880 "00" /* TP-PID */
881 "00" /* GSM default alphabet */
882 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
883 "000000" /* H-M-S */
884 "00" /* GMT+0 */
885 "44" /* data length */
886 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
887 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
888 "0c7ac3e9e9b7db05");
889 ms_sends_msg("0554" "69d5f9fb"); /* 3nd vector's sres, s.a. */
890 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
891 VERBOSE_ASSERT(paging_stopped, == true, "%d");
892
893 btw("SMS was delivered, no requests pending for subscr");
894 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
895 OSMO_ASSERT(vsub);
896 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
897 vlr_subscr_put(vsub);
898
899 btw("conn is still open to wait for SMS ack dance");
900 EXPECT_CONN_COUNT(1);
901
902 btw("MS replies with CP-ACK for received SMS");
903 ms_sends_msg("8904");
904 EXPECT_CONN_COUNT(1);
905
906 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
907 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]908 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]909 ms_sends_msg("890106020041020000");
910 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]911 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]912
913 btw("SMS is done, conn is gone");
914 EXPECT_CONN_COUNT(0);
915
916 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]917 expect_bssap_clear();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]918 ms_sends_msg("050130"
919 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]920 VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]921
922 EXPECT_CONN_COUNT(0);
923 clear_vlr();
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]924 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]925}
926
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]927static void test_wrong_sres_length()
928{
929 comment_start();
930 fake_time_start();
931
932 net->authentication_required = true;
933
934 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
935 lu_result_sent = RES_NONE;
936 gsup_expect_tx("08010809710000004026f0");
Neels Hofmeyrfe718bc2018-03-11 01:24:33 +0100[diff] [blame^]937 ms_sends_msg("0508020081680001"
938 "30" /* <-- Revision Level == 1, i.e. is_r99 == false */
939 "089910070000006402");
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]940 OSMO_ASSERT(gsup_tx_confirmed);
941 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
942
943 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
944 auth_request_sent = false;
945 auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
946 auth_request_expect_autn = NULL;
947 /* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
948 gsup_rx("0a"
949 /* imsi */
950 "0108" "09710000004026f0"
951 /* 5 auth vectors... */
952 /* TL TL rand */
953 "0322" "2010" "585df1ae287f6e273dce07090d61320b"
954 /* TL sres TL kc */
955 "2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
956 "0322" "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
957 "2104" "20bde240" "2208" "07fa7502e07e1c00"
958 "0322" "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
959 "2104" "a29514ae" "2208" "e2b234f807886400"
960 "0322" "2010" "fa8f20b781b5881329d4fea26b1a3c51"
961 "2104" "5afc8d72" "2208" "2392f14f709ae000"
962 "0322" "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
963 "2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000",
964 NULL);
965 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
966 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
967
968 btw("If the HLR were to send a GSUP _UPDATE_LOCATION_RESULT we'd still reject");
969 gsup_rx("06010809710000004026f0", NULL);
970 EXPECT_ACCEPTED(false);
971
972 thwart_rx_non_initial_requests();
973
974 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
975
976 btw("MS sends Authen Response with too short SRES data, auth is thwarted.");
977 gsup_expect_tx("0b010809710000004026f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
978 expect_bssap_clear();
979 ms_sends_msg("05542d8b2c");
980 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
981
982 EXPECT_CONN_COUNT(0);
983 clear_vlr();
984 comment_end();
985}
986
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]987msc_vlr_test_func_t msc_vlr_tests[] = {
988 test_gsm_authen,
989 test_gsm_authen_tmsi,
990 test_gsm_authen_imei,
991 test_gsm_authen_tmsi_imei,
992 test_gsm_milenage_authen,
Neels Hofmeyr8e0af0b2018-03-10 03:32:18 +0100[diff] [blame]993 test_wrong_sres_length,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]994 NULL
995};