[MERGED] osmo-ttcn3-hacks[master]: msc: Add test case for LU with MI=IMEI (which is illegal)

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Wed Jan 24 21:59:49 UTC 2018


Harald Welte has submitted this change and it was merged.

Change subject: msc: Add test case for LU with MI=IMEI (which is illegal)
......................................................................


msc: Add test case for LU with MI=IMEI (which is illegal)

Change-Id: Ie3c91a0ff212a70a8e03e0579f240a10bc4356f4
---
M library/L3_Templates.ttcn
M msc_tests/BSC_ConnectionHandler.ttcn
M msc_tests/MSC_Tests.ttcn
3 files changed, 163 insertions(+), 0 deletions(-)

Approvals:
  Harald Welte: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/library/L3_Templates.ttcn b/library/L3_Templates.ttcn
index d652873..ca81b72 100644
--- a/library/L3_Templates.ttcn
+++ b/library/L3_Templates.ttcn
@@ -56,6 +56,18 @@
 	return l3;
 }
 
+private function f_enc_IMEI_L3(hexstring digits) return IMEI_L3 {
+	var IMEI_L3 l3;
+	var integer len := lengthof(digits);
+	if (len rem 2 == 1) {	/* modulo remainder */
+		l3.oddevenIndicator := '1'B;
+	} else {
+		l3.oddevenIndicator := '0'B;
+	}
+	l3.digits := digits;
+	return l3;
+}
+
 /* send template fro Mobile Identity (IMSI) */
 template (value) MobileIdentityLV ts_MI_IMSI_LV(hexstring imsi_digits) := {
 	lengthIndicator := 0, /* overwritten */
@@ -66,6 +78,18 @@
 		}
 	}
 }
+
+/* send template fro Mobile Identity (IMEI) */
+template (value) MobileIdentityLV ts_MI_IMEI_LV(hexstring imei_digits) := {
+	lengthIndicator := 0, /* overwritten */
+	mobileIdentityV := {
+		typeOfIdentity := '000'B, /* overwritten */
+		oddEvenInd_identity := {
+			imei := f_enc_IMEI_L3(imei_digits)
+		}
+	}
+}
+
 
 /* Send template for Classmark 2 */
 template (value) MobileStationClassmark2_LV ts_CM2 := {
@@ -300,6 +324,43 @@
 	}
 }
 
+template PDU_ML3_NW_MS tr_ML3_MT_MM_ID_Req(template BIT3 id_type := ?) := {
+	discriminator := '0101'B,
+	tiOrSkip := {
+		skipIndicator := '0000'B
+	},
+	msgs := {
+		mm := {
+			identityRequest := {
+				messageType := '011000'B,
+				nsd := '00'B,
+				identityType := id_type,
+				spare1_5 := ?
+			}
+		}
+	}
+}
+
+template PDU_ML3_MS_NW ts_ML3_MO_MM_ID_Rsp(MobileIdentityLV mi) modifies ts_ML3_MO := {
+	msgs := {
+		mm := {
+			identityResponse := {
+				messageType := '011001'B,
+				nsd := '00'B,
+				mobileIdentityLV := mi,
+				p_TMSI_TypeTV := omit,
+				routingAreaIdentification2TLV := omit,
+				p_TMSISignature2TLV := omit
+			}
+		}
+	}
+}
+template PDU_ML3_MS_NW ts_ML3_MO_MM_ID_Rsp_IMSI(hexstring imsi) :=
+					ts_ML3_MO_MM_ID_Rsp(valueof(ts_MI_IMSI_LV(imsi)));
+template PDU_ML3_MS_NW ts_ML3_MO_MM_ID_Rsp_IMEI(hexstring imei) :=
+					ts_ML3_MO_MM_ID_Rsp(valueof(ts_MI_IMEI_LV(imei)));
+
+
 template PDU_ML3_MS_NW ts_ML3_MO_CC(integer tid) := {
 	discriminator := '0011'B,
 	tiOrSkip := {
diff --git a/msc_tests/BSC_ConnectionHandler.ttcn b/msc_tests/BSC_ConnectionHandler.ttcn
index f9b4d3e..0fb1702 100644
--- a/msc_tests/BSC_ConnectionHandler.ttcn
+++ b/msc_tests/BSC_ConnectionHandler.ttcn
@@ -125,6 +125,16 @@
 	var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(imsi));
 	return f_build_lu(mi);
 }
+function f_build_lu_imei(hexstring imei) return PDU_ML3_MS_NW
+{
+	var MobileIdentityLV mi := valueof(ts_MI_IMEI_LV(imei));
+	return f_build_lu(mi);
+}
+function f_build_lu_tmsi(OCT4 tmsi) return PDU_ML3_MS_NW
+{
+	var MobileIdentityLV mi := valueof(ts_MI_TMSI_LV(tmsi));
+	return f_build_lu(mi);
+}
 private function f_build_lu(MobileIdentityLV mi) return PDU_ML3_MS_NW
 {
 	var LocationAreaIdentification_V old_lai := { '62F220'O, '9999'O };
diff --git a/msc_tests/MSC_Tests.ttcn b/msc_tests/MSC_Tests.ttcn
index a21ad50..c2d1771 100644
--- a/msc_tests/MSC_Tests.ttcn
+++ b/msc_tests/MSC_Tests.ttcn
@@ -620,6 +620,98 @@
 	vc_conn.done;
 }
 
+/* Test LU but with illegal mobile identity type = IMEI */
+private function f_tc_lu_by_imei(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	g_pars := pars;
+
+	var PDU_ML3_MS_NW l3_lu := f_build_lu_imei(g_pars.imsi)
+	var PDU_DTAP_MT dtap_mt;
+
+	/* tell GSUP dispatcher to send this IMSI to us */
+	f_create_gsup_expect(hex2str(g_pars.imsi));
+
+	/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
+	f_bssap_compl_l3(l3_lu);
+
+	/* Send Early Classmark, just for the fun of it */
+	BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
+	/* wait for LU reject, ignore any ID REQ */
+	alt {
+	[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) { }
+	[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req)) { repeat; }
+	}
+	/* wait for normal teardown */
+	BSSAP.receive(tr_BSSMAP_ClearCommand);
+	BSSAP.send(ts_BSSMAP_ClearComplete);
+	BSSAP.receive(BSSAP_Conn_Prim:MSC_CONN_PRIM_DISC_IND);
+	setverdict(pass);
+}
+testcase TC_lu_by_imei() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+
+	vc_conn := f_start_handler(refers(f_tc_lu_by_imei), testcasename(), 9);
+	vc_conn.done;
+}
+
+/* Test LU by TMSI with unknown TMSI, expect (and answer) ID REQ. */
+private function f_tc_lu_tmsi_noauth_unknown(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
+	g_pars := pars;
+
+	var PDU_ML3_MS_NW l3_lu := f_build_lu_tmsi('01020304'O); /* FIXME: Random */
+	var PDU_DTAP_MT dtap_mt;
+
+	/* tell GSUP dispatcher to send this IMSI to us */
+	f_create_gsup_expect(hex2str(g_pars.imsi));
+
+	/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
+	f_bssap_compl_l3(l3_lu);
+
+	/* Send Early Classmark, just for the fun of it */
+	BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
+
+	/* Wait for + respond to ID REQ (IMSI) */
+	BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req('001'B)));
+	BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_MM_ID_Rsp_IMSI(g_pars.imsi)));
+
+	/* Expect MSC to do UpdateLocation to HLR; respond to it */
+	GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
+	GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn));
+	GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi));
+	GSUP.send(ts_GSUP_UL_RES(g_pars.imsi));
+
+	alt {
+	[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) { }
+	[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) {
+		setverdict(fail, "Expected LU ACK, but received REJ");
+		}
+	}
+
+	/* wait for normal teardown */
+	BSSAP.receive(tr_BSSMAP_ClearCommand);
+	BSSAP.send(ts_BSSMAP_ClearComplete);
+	BSSAP.receive(BSSAP_Conn_Prim:MSC_CONN_PRIM_DISC_IND);
+	setverdict(pass);
+}
+testcase TC_lu_by_tmsi_noauth_unknown() runs on MTC_CT {
+	var BSC_ConnHdlr vc_conn;
+	f_init();
+
+	vc_conn := f_start_handler(refers(f_tc_lu_tmsi_noauth_unknown), testcasename(), 1);
+	vc_conn.done;
+}
+
+
+/* TODO:
+   * continue to send repeated MO signalling messages to keep channel open: does MSC tmeout?
+   * malformed messages (missing IE, invalid message type): properly rejected?
+   * MT call while LU or is ongoing: Do we use existing lchan or page while lchan active?
+   * 3G/2G auth permutations
+   * encryption algorithms vs. classmark vs. vty config
+   * emergency call
+   * IMSI DETACH
+   * send new transaction after/during clear (like SMS, ...)
+ */
 
 
 control {

-- 
To view, visit https://gerrit.osmocom.org/6028
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie3c91a0ff212a70a8e03e0579f240a10bc4356f4
Gerrit-PatchSet: 1
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Owner: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder



More information about the gerrit-log mailing list