PCU: also test GSGN originated PS/CS Paging containing TMSI

This additional couple of test cases reveals several bugs:

  1) the IUT encodes a erroneous RR Paging Request message
     containing P-TMSI, so TITAN fails to decode it;

  2) the IUT prints an invalid P-TMSI in its log output
     due to load of misaligned address (found by UBSan).

[1] I97fd5ffc15a4a58112d7c37c69b7ac42b0741a0e
[2] Icf8836f216793e342b239c8e6645aac1e82bf324

Change-Id: I7fbec5b2c5c3943a7413417b623f55c135c152d7

library/Osmocom_Gb_Types.ttcn

@@ -1333,6 +1333,22 @@ octetstring sdu) := {
 		}
 	}
 
+	template PDU_BSSGP ts_BSSGP_CS_PAGING_PTMSI(BssgpBvci bvci, hexstring imsi, GsmTmsi tmsi) := {
+		pDU_BSSGP_PAGING_CS := {
+			bssgpPduType := '07'O,
+			iMSI := ts_BSSGP_IMSI(imsi),
+			dRX_Parameters := t_defaultDRXparam,
+			paging_Field4 := {
+				bVCI := t_BSSGP_BVCI(bvci)
+			},
+			tLLI := omit,
+			channel_needed := omit,
+			eMLPP_Priority := omit,
+			tMSI := ts_BSSGP_TMSI(tmsi),
+			global_CN_Id := omit
+		}
+	}
+
 	template PDU_BSSGP tr_BSSGP_PS_PAGING(BssgpBvci bvci) := {
 		pDU_BSSGP_PAGING_PS := {
 			bssgpPduType := '06'O,

pcu/PCU_Tests_RAW.ttcn

@@ -1364,6 +1364,14 @@ private function f_pkt_paging_match_imsi(in PacketPagingReq req, hexstring imsi)
 	}
 }
 
+private function f_pkt_paging_match_tmsi(in PacketPagingReq req, template GsmTmsi tmsi) {
+	if (not match(req.repeated_pageinfo.cs.tmsi, tmsi)) {
+		setverdict(fail, "Mobile Identity (TMSI/P-TMSI) mismatch: ",
+			   "expected: ", tmsi, "got: ", req.repeated_pageinfo.cs.tmsi);
+		mtc.stop;
+	}
+}
+
 /* Test CS paging over the BTS<->PCU socket.
  * When a (class B or C, not A) MS has an active TBF (or is on the PDCH), the MS can not react on CS paging over CCCH.
  * Paging should be send on the PACCH.
@@ -1424,13 +1432,15 @@ testcase TC_paging_cs_from_bts() runs on RAW_PCU_Test_CT {
 
 /* Test CS paging over Gb (SGSN->PCU->BTS[PDCH]).
  */
-private function f_tc_paging_cs_from_sgsn(Nsvci bvci) runs on RAW_PCU_Test_CT {
+private function f_tc_paging_cs_from_sgsn(Nsvci bvci, boolean use_ptmsi := false)
+runs on RAW_PCU_Test_CT {
 	var GsmRrMessage rr_imm_ass;
 	var PacketUlAssign ul_tbf_ass;
 	var RlcmacDlBlock dl_block;
 	var boolean ok;
 	var OCT4 tlli := '00000001'O;
 	var hexstring imsi := f_gen_imsi(42);
+	var GsmTmsi tmsi;
 
 	/* Initialize NS/BSSGP side */
 	f_init_bssgp();
@@ -1455,18 +1465,31 @@ private function f_tc_paging_cs_from_sgsn(Nsvci bvci) runs on RAW_PCU_Test_CT {
 		mtc.stop;
 	}
 
-	/* Send paging request */
-	BSSGP[0].send(ts_BSSGP_CS_PAGING_IMSI(bvci, imsi));
+	/* Send paging request with or without TMSI */
+	if (use_ptmsi) {
+		tmsi := oct2int(f_rnd_octstring(4)); /* Random P-TMSI */
+		BSSGP[0].send(ts_BSSGP_CS_PAGING_PTMSI(bvci, imsi, tmsi));
+	} else {
+		BSSGP[0].send(ts_BSSGP_CS_PAGING_IMSI(bvci, imsi));
+	}
 
 	/* Receive it on BTS side towards MS */
 	f_rx_rlcmac_dl_block_exp_pkt_pag_req(dl_block);
 
-	/* Make sure that Packet Paging Request contains the same IMSI */
-	f_pkt_paging_match_imsi(dl_block.ctrl.payload.u.paging, imsi);
+	/* Make sure that Packet Paging Request contains the same P-TMSI/IMSI */
+	if (use_ptmsi) {
+		f_pkt_paging_match_tmsi(dl_block.ctrl.payload.u.paging, tmsi);
+	} else {
+		f_pkt_paging_match_imsi(dl_block.ctrl.payload.u.paging, imsi);
+	}
 
 	setverdict(pass);
 }
 
+testcase TC_paging_cs_from_sgsn_sign_ptmsi() runs on RAW_PCU_Test_CT {
+	f_tc_paging_cs_from_sgsn(0, true);
+}
+
 testcase TC_paging_cs_from_sgsn_sign() runs on RAW_PCU_Test_CT {
 	f_tc_paging_cs_from_sgsn(0);
 }
@@ -1477,12 +1500,14 @@ testcase TC_paging_cs_from_sgsn_ptp() runs on RAW_PCU_Test_CT {
 
 /* Test PS paging over Gb (SGSN->PCU->BTS[CCCH]).
  */
-private function f_tc_paging_ps_from_sgsn(Nsvci bvci) runs on RAW_PCU_Test_CT {
+private function f_tc_paging_ps_from_sgsn(Nsvci bvci, boolean use_ptmsi := false)
+runs on RAW_PCU_Test_CT {
 	var GsmRrMessage rr_pag_req1;
 	var OCT4 tlli := '00000001'O;
 	var integer imsi_suff_rx;
 	var integer imsi_suff_tx := 423;
 	var hexstring imsi := f_gen_imsi(imsi_suff_tx);
+	var GsmTmsi tmsi;
 
 	/* Initialize NS/BSSGP side */
 	f_init_bssgp();
@@ -1494,8 +1519,13 @@ private function f_tc_paging_ps_from_sgsn(Nsvci bvci) runs on RAW_PCU_Test_CT {
 	f_bssgp_establish();
 	f_bssgp_client_llgmm_assign('FFFFFFFF'O, tlli);
 
-	/* Send paging request */
-	BSSGP[0].send(ts_BSSGP_PS_PAGING_IMSI(bvci, imsi));
+	/* Send paging request with or without TMSI */
+	if (use_ptmsi) {
+		tmsi := oct2int(f_rnd_octstring(4)); /* Random P-TMSI */
+		BSSGP[0].send(ts_BSSGP_PS_PAGING_PTMSI(bvci, imsi, tmsi));
+	} else {
+		BSSGP[0].send(ts_BSSGP_PS_PAGING_IMSI(bvci, imsi));
+	}
 
 	/* Receive it on BTS side towards MS */
 	f_pcuif_rx_pch_pag_req1(imsi_suff_rx, rr_pag_req1);
@@ -1504,9 +1534,14 @@ private function f_tc_paging_ps_from_sgsn(Nsvci bvci) runs on RAW_PCU_Test_CT {
 		mtc.stop;
 	}
 
+	/* TODO: match MI (P-TMSI/IMSI) of received RR Paging Request */
 	setverdict(pass);
 }
 
+testcase TC_paging_ps_from_sgsn_sign_ptmsi() runs on RAW_PCU_Test_CT {
+	f_tc_paging_ps_from_sgsn(0, true);
+}
+
 testcase TC_paging_ps_from_sgsn_sign() runs on RAW_PCU_Test_CT {
 	f_tc_paging_ps_from_sgsn(0);
 }
@@ -1530,8 +1565,10 @@ control {
 	execute( TC_mt_ping_pong_with_dl_racap() );
 	execute( TC_imm_ass_dl_block_retrans() );
 	execute( TC_paging_cs_from_bts() );
+	execute( TC_paging_cs_from_sgsn_sign_ptmsi() );
 	execute( TC_paging_cs_from_sgsn_sign() );
 	execute( TC_paging_cs_from_sgsn_ptp() );
+	execute( TC_paging_ps_from_sgsn_sign_ptmsi() );
 	execute( TC_paging_ps_from_sgsn_sign() );
 	execute( TC_paging_ps_from_sgsn_ptp() );
 }