msc_vlr_tests a5/4

2021-06-10 05:21:03 +02:00 · 2021-06-10 05:21:03 +02:00 · 6ec26e37a4
parent 9fb17c6c8c
commit 6ec26e37a4
2 changed files with 265 additions and 2 deletions
--- a/tests/msc_vlr/msc_vlr_test_gsm_ciph.c
+++ b/tests/msc_vlr/msc_vlr_test_gsm_ciph.c
@ -1491,6 +1491,227 @@ static void test_cm_service_needs_classmark_update()
 	comment_end();
 }

+static void test_a5_4_supported()
+{
+	struct vlr_subscr *vsub;
+	const char *imsi = "901700000004620";
+	const struct osmo_gsm48_classmark cm = {
+		.classmark2_len = sizeof(struct gsm48_classmark2),
+		.classmark2 = {
+			.a5_1 = 1,
+			.a5_2 = 0,
+			.a5_3 = 1,
+		},
+		.classmark3_len = 1,
+		.classmark3 = { 0x01 }, /* 0b0001 == A5/4 supported */
+	};
+
+	comment_start();
+
+	/* implicit: net->authentication_required = true; */
+	net->a5_encryption_mask = (1 << 4); /* A5/4 */
+
+	btw("Location Update request causes a GSUP Send Auth Info request to HLR");
+	lu_result_sent = RES_NONE;
+	gsup_expect_tx("08010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
+	ms_sends_msg("050802008168000130089910070000006402");
+	OSMO_ASSERT(gsup_tx_confirmed);
+	VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
+
+	btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
+	/* Based on a Ki of 000102030405060708090a0b0c0d0e0f */
+	auth_request_sent = false;
+	auth_request_expect_rand = "585df1ae287f6e273dce07090d61320b";
+	auth_request_expect_autn = NULL;
+	gsup_rx("0a"
+		/* imsi */
+		"0108" "09710000004026f0"
+		/* 5 auth vectors... */
+		/* TL    TL     rand */
+		"0322"  "2010" "585df1ae287f6e273dce07090d61320b"
+		/*       TL     sres       TL     kc */
+			"2104" "2d8b2c3e" "2208" "61855fb81fc2a800"
+		"0322"  "2010" "12aca96fb4ffdea5c985cbafa9b6e18b"
+			"2104" "20bde240" "2208" "07fa7502e07e1c00"
+		"0322"  "2010" "e7c03ba7cf0e2fde82b2dc4d63077d42"
+			"2104" "a29514ae" "2208" "e2b234f807886400"
+		"0322"  "2010" "fa8f20b781b5881329d4fea26b1a3c51"
+			"2104" "5afc8d72" "2208" "2392f14f709ae000"
+		"0322"  "2010" "0fd4cc8dbe8715d1f439e304edfd68dc"
+			"2104" "bc8d1c5b" "2208" "da7cdd6bfe2d7000" HLR_TO_VLR,
+		NULL);
+	VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
+	VERBOSE_ASSERT(auth_request_sent, == true, "%d");
+
+	BTW("MS sends Authen Response, VLR accepts and wants to send Ciphering Mode Command to MS"
+	    " -- but needs Classmark 2 to determine whether A5/3 is supported");
+	cipher_mode_cmd_sent = false;
+	ms_sends_msg("05542d8b2c3e");
+	OSMO_ASSERT(!cipher_mode_cmd_sent);
+	VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
+
+	btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command in A5/3");
+	expect_cipher_mode_cmd("61855fb81fc2a800");
+	ms_sends_classmark_update(&cm);
+	OSMO_ASSERT(cipher_mode_cmd_sent);
+	VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
+
+	btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
+	gsup_expect_tx("04010809710000004026f0" CN_DOMAIN VLR_TO_HLR);
+	ms_sends_ciphering_mode_complete(NULL, 4);
+	VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
+
+	btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
+	gsup_rx("10010809710000004026f00804032443f2" HLR_TO_VLR,
+		"12010809710000004026f0" VLR_TO_HLR);
+	VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
+
+	btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
+	expect_bssap_clear();
+	gsup_rx("06010809710000004026f0" HLR_TO_VLR, NULL);
+	VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
+
+	btw("LU was successful, and the conn has already been closed");
+	VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
+	ran_sends_clear_complete();
+	EXPECT_CONN_COUNT(0);
+
+	BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
+	cm_service_result_sent = RES_NONE;
+	auth_request_sent = false;
+	auth_request_expect_rand = "12aca96fb4ffdea5c985cbafa9b6e18b";
+	ms_sends_msg("05247403305886089910070000006402");
+	VERBOSE_ASSERT(auth_request_sent, == true, "%d");
+	VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
+
+	btw("needs auth, not yet accepted");
+	EXPECT_ACCEPTED(false);
+	thwart_rx_non_initial_requests();
+
+	btw("MS sends Authen Response, VLR accepts and requests Ciphering. We already know Classmark 3,"
+	    " so no need to request Classmark Update.");
+	expect_cipher_mode_cmd("07fa7502e07e1c00");
+	ms_sends_msg("0554" "20bde240" /* 2nd vector's sres, s.a. */);
+	VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
+	VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
+
+	btw("needs ciph, not yet accepted");
+	EXPECT_ACCEPTED(false);
+	thwart_rx_non_initial_requests();
+
+	btw("MS sends Ciphering Mode Complete, VLR accepts; above Ciphering is an implicit CM Service Accept");
+	ms_sends_ciphering_mode_complete(NULL, 4);
+	VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
+
+	/* Release connection */
+	expect_bssap_clear();
+	conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
+
+	btw("all requests serviced, conn has been released");
+	ran_sends_clear_complete();
+	EXPECT_CONN_COUNT(0);
+
+	BTW("an SMS is sent, MS is paged");
+	paging_expect_imsi(imsi);
+	paging_sent = false;
+	vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
+	OSMO_ASSERT(vsub);
+	VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
+
+	send_sms(vsub, vsub,
+		 "Privacy in residential applications is a desirable"
+		 " marketing option.");
+
+	VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
+	vlr_subscr_put(vsub, __func__);
+	vsub = NULL;
+	VERBOSE_ASSERT(paging_sent, == true, "%d");
+
+	btw("the subscriber and its pending request should remain");
+	vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
+	OSMO_ASSERT(vsub);
+	VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
+	vlr_subscr_put(vsub, __func__);
+
+	btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
+	auth_request_sent = false;
+	auth_request_expect_rand = "e7c03ba7cf0e2fde82b2dc4d63077d42";
+	ms_sends_msg("06270703305882089910070000006402");
+	VERBOSE_ASSERT(auth_request_sent, == true, "%d");
+
+	btw("needs auth, not yet accepted");
+	EXPECT_ACCEPTED(false);
+	thwart_rx_non_initial_requests();
+
+	btw("MS sends Authen Response, VLR accepts and requests Ciphering");
+	expect_cipher_mode_cmd("e2b234f807886400");
+	ms_sends_msg("0554" "a29514ae" /* 3rd vector's sres, s.a. */);
+	VERBOSE_ASSERT(cipher_mode_cmd_sent, == true, "%d");
+
+	btw("needs ciph, not yet accepted");
+	EXPECT_ACCEPTED(false);
+	thwart_rx_non_initial_requests();
+
+	btw("MS sends Ciphering Mode Complete, VLR accepts and sends pending SMS");
+	dtap_expect_tx("09" /* SMS messages */
+		       "01" /* CP-DATA */
+		       "58" /* length */
+		       "01" /* Network to MS */
+		       "00" /* reference */
+		       /* originator (gsm411_send_sms() hardcodes this weird nr) */
+		       "0791" "447758100650" /* 447785016005 */
+		       "00" /* dest */
+		       /* SMS TPDU */
+		       "4c" /* len */
+		       "00" /* SMS deliver */
+		       "05802443f2" /* originating address 42342 */
+		       "00" /* TP-PID */
+		       "00" /* GSM default alphabet */
+		       "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
+		       "000000" /* H-M-S */
+		       "00" /* GMT+0 */
+		       "44" /* data length */
+		       "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
+		       "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
+		       "0c7ac3e9e9b7db05");
+	ms_sends_ciphering_mode_complete(NULL, 4);
+	VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
+
+	btw("SMS was delivered, no requests pending for subscr");
+	vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
+	OSMO_ASSERT(vsub);
+	VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
+	vlr_subscr_put(vsub, __func__);
+
+	btw("conn is still open to wait for SMS ack dance");
+	EXPECT_CONN_COUNT(1);
+
+	btw("MS replies with CP-ACK for received SMS");
+	ms_sends_msg("8904");
+	EXPECT_CONN_COUNT(1);
+
+	btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
+	dtap_expect_tx("0904");
+	expect_bssap_clear();
+	ms_sends_msg("890106020041020000");
+	VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
+	VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
+
+	btw("SMS is done, conn is gone");
+	ran_sends_clear_complete();
+	EXPECT_CONN_COUNT(0);
+
+	BTW("subscriber detaches");
+	expect_bssap_clear();
+	ms_sends_msg("050130089910070000006402");
+	VERBOSE_ASSERT(bssap_clear_sent, == true, "%d");
+
+	ran_sends_clear_complete();
+	EXPECT_CONN_COUNT(0);
+	clear_vlr();
+	comment_end();
+}
+

 msc_vlr_test_func_t msc_vlr_tests[] = {
 	test_ciph,
@ -1501,5 +1722,6 @@ msc_vlr_test_func_t msc_vlr_tests[] = {
 	test_gsm_ciph_in_umts_env,
 	test_a5_3_supported,
 	test_cm_service_needs_classmark_update,
+	test_a5_4_supported,
 	NULL
 };
--- a/tests/msc_vlr/msc_vlr_test_umts_authen.c
+++ b/tests/msc_vlr/msc_vlr_test_umts_authen.c
@ -23,6 +23,8 @@

 #include "msc_vlr_tests.h"

+static struct osmo_gsm48_classmark classmark = {0};
+
 static void _test_umts_authen(enum osmo_rat_type via_ran)
 {
 	struct vlr_subscr *vsub;
@ -126,8 +128,28 @@ static void _test_umts_authen(enum osmo_rat_type via_ran)

 	if (encryption) {
 		if (via_ran == OSMO_RAT_GERAN_A) {
-			btw("Test code not implemented");
-			OSMO_ASSERT(false);
+			/* On GERAN */
+			btw("MS sends Authen Response, VLR accepts and wants to send Ciphering Mode Command to MS"
+			    " -- but needs Classmark 2 to determine whether A5/4 is supported");
+
+			cipher_mode_cmd_sent = false;
+			ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
+			OSMO_ASSERT(!cipher_mode_cmd_sent);
+			VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
+
+			btw("BSC sends back a BSSMAP Classmark Update, that triggers the Ciphering Mode Command");
+			expect_cipher_mode_cmd("059a4f668f6fbe39");
+			/* enable A5/4 in MS classmark */
+			classmark.classmark3_len = 1;
+			classmark.classmark3[0] = 1; /* 0b0001 == A5/4 supported */
+			ms_sends_classmark_update(&classmark);
+			OSMO_ASSERT(cipher_mode_cmd_sent);
+			VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
+
+			btw("MS sends Ciphering Mode Complete, VLR accepts and sends GSUP LU Req to HLR");
+			gsup_expect_tx("04010809710000000156f0" CN_DOMAIN VLR_TO_HLR);
+			ms_sends_ciphering_mode_complete2(NULL, 5);
+			VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
 		} else {
 			/* On UTRAN */
 			btw("Encryption enabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl");
@ -338,6 +360,14 @@ static void test_umts_authen_utran()
 	comment_end();
 }

+static void test_umts_auth_ciph_geran()
+{
+	comment_start();
+	net->uea_encryption = true;
+	_test_umts_authen(OSMO_RAT_GERAN_A);
+	comment_end();
+}
+
 static void test_umts_auth_ciph_utran()
 {
 	comment_start();
@ -906,10 +936,20 @@ static void test_umts_authen_only_sres_utran()
 	comment_end();
 }

+static void test_umts_auth_ciph_geran_a5_4()
+{
+	comment_start();
+	net->uea_encryption = true;
+	/* enable A5/4 in config */
+	net->a5_encryption_mask |= (1 << 4);
+	_test_umts_authen(OSMO_RAT_GERAN_A);
+	comment_end();
+}

 msc_vlr_test_func_t msc_vlr_tests[] = {
 	test_umts_authen_geran,
 	test_umts_authen_utran,
+	test_umts_auth_ciph_geran,
 	test_umts_auth_ciph_utran,
 	test_umts_authen_resync_geran,
 	test_umts_authen_resync_utran,
@ -920,5 +960,6 @@ msc_vlr_test_func_t msc_vlr_tests[] = {
 	test_umts_authen_too_long_res_utran,
 	test_umts_authen_only_sres_geran,
 	test_umts_authen_only_sres_utran,
+	test_umts_auth_ciph_geran_a5_4,
 	NULL
 };