msc: Add test case for LU with MI=IMEI (which is illegal)
Change-Id: Ie3c91a0ff212a70a8e03e0579f240a10bc4356f4
This commit is contained in:
parent
bc881789bd
commit
ba7b6d940e
|
|
@ -56,6 +56,18 @@ private function f_enc_IMSI_L3(hexstring digits) return IMSI_L3 {
|
|||
return l3;
|
||||
}
|
||||
|
||||
private function f_enc_IMEI_L3(hexstring digits) return IMEI_L3 {
|
||||
var IMEI_L3 l3;
|
||||
var integer len := lengthof(digits);
|
||||
if (len rem 2 == 1) { /* modulo remainder */
|
||||
l3.oddevenIndicator := '1'B;
|
||||
} else {
|
||||
l3.oddevenIndicator := '0'B;
|
||||
}
|
||||
l3.digits := digits;
|
||||
return l3;
|
||||
}
|
||||
|
||||
/* send template fro Mobile Identity (IMSI) */
|
||||
template (value) MobileIdentityLV ts_MI_IMSI_LV(hexstring imsi_digits) := {
|
||||
lengthIndicator := 0, /* overwritten */
|
||||
|
|
@ -67,6 +79,18 @@ template (value) MobileIdentityLV ts_MI_IMSI_LV(hexstring imsi_digits) := {
|
|||
}
|
||||
}
|
||||
|
||||
/* send template fro Mobile Identity (IMEI) */
|
||||
template (value) MobileIdentityLV ts_MI_IMEI_LV(hexstring imei_digits) := {
|
||||
lengthIndicator := 0, /* overwritten */
|
||||
mobileIdentityV := {
|
||||
typeOfIdentity := '000'B, /* overwritten */
|
||||
oddEvenInd_identity := {
|
||||
imei := f_enc_IMEI_L3(imei_digits)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Send template for Classmark 2 */
|
||||
template (value) MobileStationClassmark2_LV ts_CM2 := {
|
||||
lengthIndicator := 0,
|
||||
|
|
@ -300,6 +324,43 @@ template PDU_ML3_NW_MS tr_ML3_MT_LU_Rej(template OCT1 cause := ?) := {
|
|||
}
|
||||
}
|
||||
|
||||
template PDU_ML3_NW_MS tr_ML3_MT_MM_ID_Req(template BIT3 id_type := ?) := {
|
||||
discriminator := '0101'B,
|
||||
tiOrSkip := {
|
||||
skipIndicator := '0000'B
|
||||
},
|
||||
msgs := {
|
||||
mm := {
|
||||
identityRequest := {
|
||||
messageType := '011000'B,
|
||||
nsd := '00'B,
|
||||
identityType := id_type,
|
||||
spare1_5 := ?
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
template PDU_ML3_MS_NW ts_ML3_MO_MM_ID_Rsp(MobileIdentityLV mi) modifies ts_ML3_MO := {
|
||||
msgs := {
|
||||
mm := {
|
||||
identityResponse := {
|
||||
messageType := '011001'B,
|
||||
nsd := '00'B,
|
||||
mobileIdentityLV := mi,
|
||||
p_TMSI_TypeTV := omit,
|
||||
routingAreaIdentification2TLV := omit,
|
||||
p_TMSISignature2TLV := omit
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
template PDU_ML3_MS_NW ts_ML3_MO_MM_ID_Rsp_IMSI(hexstring imsi) :=
|
||||
ts_ML3_MO_MM_ID_Rsp(valueof(ts_MI_IMSI_LV(imsi)));
|
||||
template PDU_ML3_MS_NW ts_ML3_MO_MM_ID_Rsp_IMEI(hexstring imei) :=
|
||||
ts_ML3_MO_MM_ID_Rsp(valueof(ts_MI_IMEI_LV(imei)));
|
||||
|
||||
|
||||
template PDU_ML3_MS_NW ts_ML3_MO_CC(integer tid) := {
|
||||
discriminator := '0011'B,
|
||||
tiOrSkip := {
|
||||
|
|
|
|||
|
|
@ -125,6 +125,16 @@ function f_build_lu_imsi(hexstring imsi) return PDU_ML3_MS_NW
|
|||
var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(imsi));
|
||||
return f_build_lu(mi);
|
||||
}
|
||||
function f_build_lu_imei(hexstring imei) return PDU_ML3_MS_NW
|
||||
{
|
||||
var MobileIdentityLV mi := valueof(ts_MI_IMEI_LV(imei));
|
||||
return f_build_lu(mi);
|
||||
}
|
||||
function f_build_lu_tmsi(OCT4 tmsi) return PDU_ML3_MS_NW
|
||||
{
|
||||
var MobileIdentityLV mi := valueof(ts_MI_TMSI_LV(tmsi));
|
||||
return f_build_lu(mi);
|
||||
}
|
||||
private function f_build_lu(MobileIdentityLV mi) return PDU_ML3_MS_NW
|
||||
{
|
||||
var LocationAreaIdentification_V old_lai := { '62F220'O, '9999'O };
|
||||
|
|
|
|||
|
|
@ -620,6 +620,98 @@ testcase TC_lu_clear_request() runs on MTC_CT {
|
|||
vc_conn.done;
|
||||
}
|
||||
|
||||
/* Test LU but with illegal mobile identity type = IMEI */
|
||||
private function f_tc_lu_by_imei(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
|
||||
g_pars := pars;
|
||||
|
||||
var PDU_ML3_MS_NW l3_lu := f_build_lu_imei(g_pars.imsi)
|
||||
var PDU_DTAP_MT dtap_mt;
|
||||
|
||||
/* tell GSUP dispatcher to send this IMSI to us */
|
||||
f_create_gsup_expect(hex2str(g_pars.imsi));
|
||||
|
||||
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
|
||||
f_bssap_compl_l3(l3_lu);
|
||||
|
||||
/* Send Early Classmark, just for the fun of it */
|
||||
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
|
||||
/* wait for LU reject, ignore any ID REQ */
|
||||
alt {
|
||||
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) { }
|
||||
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req)) { repeat; }
|
||||
}
|
||||
/* wait for normal teardown */
|
||||
BSSAP.receive(tr_BSSMAP_ClearCommand);
|
||||
BSSAP.send(ts_BSSMAP_ClearComplete);
|
||||
BSSAP.receive(BSSAP_Conn_Prim:MSC_CONN_PRIM_DISC_IND);
|
||||
setverdict(pass);
|
||||
}
|
||||
testcase TC_lu_by_imei() runs on MTC_CT {
|
||||
var BSC_ConnHdlr vc_conn;
|
||||
f_init();
|
||||
|
||||
vc_conn := f_start_handler(refers(f_tc_lu_by_imei), testcasename(), 9);
|
||||
vc_conn.done;
|
||||
}
|
||||
|
||||
/* Test LU by TMSI with unknown TMSI, expect (and answer) ID REQ. */
|
||||
private function f_tc_lu_tmsi_noauth_unknown(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
|
||||
g_pars := pars;
|
||||
|
||||
var PDU_ML3_MS_NW l3_lu := f_build_lu_tmsi('01020304'O); /* FIXME: Random */
|
||||
var PDU_DTAP_MT dtap_mt;
|
||||
|
||||
/* tell GSUP dispatcher to send this IMSI to us */
|
||||
f_create_gsup_expect(hex2str(g_pars.imsi));
|
||||
|
||||
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
|
||||
f_bssap_compl_l3(l3_lu);
|
||||
|
||||
/* Send Early Classmark, just for the fun of it */
|
||||
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
|
||||
|
||||
/* Wait for + respond to ID REQ (IMSI) */
|
||||
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req('001'B)));
|
||||
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_MM_ID_Rsp_IMSI(g_pars.imsi)));
|
||||
|
||||
/* Expect MSC to do UpdateLocation to HLR; respond to it */
|
||||
GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
|
||||
GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn));
|
||||
GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi));
|
||||
GSUP.send(ts_GSUP_UL_RES(g_pars.imsi));
|
||||
|
||||
alt {
|
||||
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) { }
|
||||
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) {
|
||||
setverdict(fail, "Expected LU ACK, but received REJ");
|
||||
}
|
||||
}
|
||||
|
||||
/* wait for normal teardown */
|
||||
BSSAP.receive(tr_BSSMAP_ClearCommand);
|
||||
BSSAP.send(ts_BSSMAP_ClearComplete);
|
||||
BSSAP.receive(BSSAP_Conn_Prim:MSC_CONN_PRIM_DISC_IND);
|
||||
setverdict(pass);
|
||||
}
|
||||
testcase TC_lu_by_tmsi_noauth_unknown() runs on MTC_CT {
|
||||
var BSC_ConnHdlr vc_conn;
|
||||
f_init();
|
||||
|
||||
vc_conn := f_start_handler(refers(f_tc_lu_tmsi_noauth_unknown), testcasename(), 1);
|
||||
vc_conn.done;
|
||||
}
|
||||
|
||||
|
||||
/* TODO:
|
||||
* continue to send repeated MO signalling messages to keep channel open: does MSC tmeout?
|
||||
* malformed messages (missing IE, invalid message type): properly rejected?
|
||||
* MT call while LU or is ongoing: Do we use existing lchan or page while lchan active?
|
||||
* 3G/2G auth permutations
|
||||
* encryption algorithms vs. classmark vs. vty config
|
||||
* emergency call
|
||||
* IMSI DETACH
|
||||
* send new transaction after/during clear (like SMS, ...)
|
||||
*/
|
||||
|
||||
|
||||
control {
|
||||
|
|
|
|||
Loading…
Reference in New Issue