This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgReview at https://gerrit.osmocom.org/6028 msc: Add test case for LU with MI=IMEI (which is illegal) Change-Id: Ie3c91a0ff212a70a8e03e0579f240a10bc4356f4 --- M library/L3_Templates.ttcn M msc_tests/BSC_ConnectionHandler.ttcn M msc_tests/MSC_Tests.ttcn 3 files changed, 163 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/28/6028/1 diff --git a/library/L3_Templates.ttcn b/library/L3_Templates.ttcn index d652873..ca81b72 100644 --- a/library/L3_Templates.ttcn +++ b/library/L3_Templates.ttcn @@ -56,6 +56,18 @@ return l3; } +private function f_enc_IMEI_L3(hexstring digits) return IMEI_L3 { + var IMEI_L3 l3; + var integer len := lengthof(digits); + if (len rem 2 == 1) { /* modulo remainder */ + l3.oddevenIndicator := '1'B; + } else { + l3.oddevenIndicator := '0'B; + } + l3.digits := digits; + return l3; +} + /* send template fro Mobile Identity (IMSI) */ template (value) MobileIdentityLV ts_MI_IMSI_LV(hexstring imsi_digits) := { lengthIndicator := 0, /* overwritten */ @@ -66,6 +78,18 @@ } } } + +/* send template fro Mobile Identity (IMEI) */ +template (value) MobileIdentityLV ts_MI_IMEI_LV(hexstring imei_digits) := { + lengthIndicator := 0, /* overwritten */ + mobileIdentityV := { + typeOfIdentity := '000'B, /* overwritten */ + oddEvenInd_identity := { + imei := f_enc_IMEI_L3(imei_digits) + } + } +} + /* Send template for Classmark 2 */ template (value) MobileStationClassmark2_LV ts_CM2 := { @@ -300,6 +324,43 @@ } } +template PDU_ML3_NW_MS tr_ML3_MT_MM_ID_Req(template BIT3 id_type := ?) := { + discriminator := '0101'B, + tiOrSkip := { + skipIndicator := '0000'B + }, + msgs := { + mm := { + identityRequest := { + messageType := '011000'B, + nsd := '00'B, + identityType := id_type, + spare1_5 := ? + } + } + } +} + +template PDU_ML3_MS_NW ts_ML3_MO_MM_ID_Rsp(MobileIdentityLV mi) modifies ts_ML3_MO := { + msgs := { + mm := { + identityResponse := { + messageType := '011001'B, + nsd := '00'B, + mobileIdentityLV := mi, + p_TMSI_TypeTV := omit, + routingAreaIdentification2TLV := omit, + p_TMSISignature2TLV := omit + } + } + } +} +template PDU_ML3_MS_NW ts_ML3_MO_MM_ID_Rsp_IMSI(hexstring imsi) := + ts_ML3_MO_MM_ID_Rsp(valueof(ts_MI_IMSI_LV(imsi))); +template PDU_ML3_MS_NW ts_ML3_MO_MM_ID_Rsp_IMEI(hexstring imei) := + ts_ML3_MO_MM_ID_Rsp(valueof(ts_MI_IMEI_LV(imei))); + + template PDU_ML3_MS_NW ts_ML3_MO_CC(integer tid) := { discriminator := '0011'B, tiOrSkip := { diff --git a/msc_tests/BSC_ConnectionHandler.ttcn b/msc_tests/BSC_ConnectionHandler.ttcn index f9b4d3e..0fb1702 100644 --- a/msc_tests/BSC_ConnectionHandler.ttcn +++ b/msc_tests/BSC_ConnectionHandler.ttcn @@ -125,6 +125,16 @@ var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(imsi)); return f_build_lu(mi); } +function f_build_lu_imei(hexstring imei) return PDU_ML3_MS_NW +{ + var MobileIdentityLV mi := valueof(ts_MI_IMEI_LV(imei)); + return f_build_lu(mi); +} +function f_build_lu_tmsi(OCT4 tmsi) return PDU_ML3_MS_NW +{ + var MobileIdentityLV mi := valueof(ts_MI_TMSI_LV(tmsi)); + return f_build_lu(mi); +} private function f_build_lu(MobileIdentityLV mi) return PDU_ML3_MS_NW { var LocationAreaIdentification_V old_lai := { '62F220'O, '9999'O }; diff --git a/msc_tests/MSC_Tests.ttcn b/msc_tests/MSC_Tests.ttcn index a21ad50..c2d1771 100644 --- a/msc_tests/MSC_Tests.ttcn +++ b/msc_tests/MSC_Tests.ttcn @@ -620,6 +620,98 @@ vc_conn.done; } +/* Test LU but with illegal mobile identity type = IMEI */ +private function f_tc_lu_by_imei(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr { + g_pars := pars; + + var PDU_ML3_MS_NW l3_lu := f_build_lu_imei(g_pars.imsi) + var PDU_DTAP_MT dtap_mt; + + /* tell GSUP dispatcher to send this IMSI to us */ + f_create_gsup_expect(hex2str(g_pars.imsi)); + + /* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */ + f_bssap_compl_l3(l3_lu); + + /* Send Early Classmark, just for the fun of it */ + BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3)); + /* wait for LU reject, ignore any ID REQ */ + alt { + [] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) { } + [] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req)) { repeat; } + } + /* wait for normal teardown */ + BSSAP.receive(tr_BSSMAP_ClearCommand); + BSSAP.send(ts_BSSMAP_ClearComplete); + BSSAP.receive(BSSAP_Conn_Prim:MSC_CONN_PRIM_DISC_IND); + setverdict(pass); +} +testcase TC_lu_by_imei() runs on MTC_CT { + var BSC_ConnHdlr vc_conn; + f_init(); + + vc_conn := f_start_handler(refers(f_tc_lu_by_imei), testcasename(), 9); + vc_conn.done; +} + +/* Test LU by TMSI with unknown TMSI, expect (and answer) ID REQ. */ +private function f_tc_lu_tmsi_noauth_unknown(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr { + g_pars := pars; + + var PDU_ML3_MS_NW l3_lu := f_build_lu_tmsi('01020304'O); /* FIXME: Random */ + var PDU_DTAP_MT dtap_mt; + + /* tell GSUP dispatcher to send this IMSI to us */ + f_create_gsup_expect(hex2str(g_pars.imsi)); + + /* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */ + f_bssap_compl_l3(l3_lu); + + /* Send Early Classmark, just for the fun of it */ + BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3)); + + /* Wait for + respond to ID REQ (IMSI) */ + BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req('001'B))); + BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_MM_ID_Rsp_IMSI(g_pars.imsi))); + + /* Expect MSC to do UpdateLocation to HLR; respond to it */ + GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi)); + GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn)); + GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi)); + GSUP.send(ts_GSUP_UL_RES(g_pars.imsi)); + + alt { + [] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) { } + [] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) { + setverdict(fail, "Expected LU ACK, but received REJ"); + } + } + + /* wait for normal teardown */ + BSSAP.receive(tr_BSSMAP_ClearCommand); + BSSAP.send(ts_BSSMAP_ClearComplete); + BSSAP.receive(BSSAP_Conn_Prim:MSC_CONN_PRIM_DISC_IND); + setverdict(pass); +} +testcase TC_lu_by_tmsi_noauth_unknown() runs on MTC_CT { + var BSC_ConnHdlr vc_conn; + f_init(); + + vc_conn := f_start_handler(refers(f_tc_lu_tmsi_noauth_unknown), testcasename(), 1); + vc_conn.done; +} + + +/* TODO: + * continue to send repeated MO signalling messages to keep channel open: does MSC tmeout? + * malformed messages (missing IE, invalid message type): properly rejected? + * MT call while LU or is ongoing: Do we use existing lchan or page while lchan active? + * 3G/2G auth permutations + * encryption algorithms vs. classmark vs. vty config + * emergency call + * IMSI DETACH + * send new transaction after/during clear (like SMS, ...) + */ control { -- To view, visit https://gerrit.osmocom.org/6028 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie3c91a0ff212a70a8e03e0579f240a10bc4356f4 Gerrit-PatchSet: 1 Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-Owner: Harald Welte <laforge at gnumonks.org>