Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 14c34d8bec898f8a483c4f94e2052fa77ea16cdc / . / tests / msc_vlr / msc_vlr_test_umts_authen.c
blob: 1bf6cd217a2a9f28b731ba51088f15c262337c42 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]26static void _test_umts_authen(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000010650";
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]30 const char *sms =
31 "09" /* SMS messages */
32 "01" /* CP-DATA */
33 "58" /* length */
34 "01" /* Network to MS */
35 "00" /* reference */
36 /* originator (gsm411_send_sms() hardcodes this weird nr) */
37 "0791" "447758100650" /* 447785016005 */
38 "00" /* dest */
39 /* SMS TPDU */
40 "4c" /* len */
41 "00" /* SMS deliver */
42 "05802443f2" /* originating address 42342 */
43 "00" /* TP-PID */
44 "00" /* GSM default alphabet */
45 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
46 "000000" /* H-M-S */
47 "00" /* GMT+0 */
48 "44" /* data length */
49 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
50 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
51 "0c7ac3e9e9b7db05";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]52
53 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]54 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]55 rx_from_ran = via_ran;
56
57 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
58 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]59 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]60 ms_sends_msg("0508" /* MM LU */
61 "7" /* ciph key seq: no key available */
62 "0" /* LU type: normal */
63 "ffffff" "0000" /* LAI, LAC */
64 "57" /* classmark 1: R99, early classmark, no power lvl */
65 "089910070000106005" /* IMSI */
66 "3303575886" /* classmark 2 */
67 );
68 OSMO_ASSERT(gsup_tx_confirmed);
69 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
70
71 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
72 /* based on auc_3g:
73 * K = 'EB215756028D60E3275E613320AEC880',
74 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
75 * SQN = 0
76 */
77 auth_request_sent = false;
78 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
79 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
80 gsup_rx("0a"
81 /* imsi */
82 "0108" "09710000000156f0"
83 /* 5 auth vectors... */
84 /* TL TL rand */
85 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
86 /* TL sres TL kc */
87 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
88 /* TL 3G IK */
89 "2310" "27497388b6cb044648f396aa155b95ef"
90 /* TL 3G CK */
91 "2410" "f64735036e5871319c679f4742a75ea1"
92 /* TL AUTN */
93 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
94 /* TL RES */
95 "2708" "e229c19e791f2e41"
96 /* TL TL rand */
97 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
98 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
99 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
100 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
101 "2510" "1843a645b98d00005b2d666af46c45d9"
102 "2708" "7db47cf7f81e4dc7"
103 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
104 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
105 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
106 "2410" "76542abce5ff9345b0e8947f4c6e019c"
107 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
108 "2708" "706f996719ba609c"
109 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
110 "2104" "d570c03f" "2208" "ec011be8919883d6"
111 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
112 "2410" "0593f65e752e5cb7f473862bda05aa0a"
113 "2510" "541ff1f077270000c5ea00d658bc7e9a"
114 "2708" "3fd26072eaa2a04d"
115 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
116 "2104" "b072446f220823f39f9f425ad6e6"
117 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
118 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
119 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]120 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]121 NULL);
122 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
123 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
124
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]125 if (net->a5_encryption_mask > 0x1) {
126 /* Encryption enabled */
127 if (via_ran == OSMO_RAT_GERAN_A) {
128 btw("Test code not implemented");
129 OSMO_ASSERT(false);
130 } else {
131 /* On UTRAN */
132 btw("Encryption enabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl");
133 expect_security_mode_ctrl(NULL, "27497388b6cb044648f396aa155b95ef");
134 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
135 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
136 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]137
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]138 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
139 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
140 ms_sends_security_mode_complete();
141 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
142 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
143 }
144 } else {
145 /* Encryption disabled */
146 btw("Encryption disabled. MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]147 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]148 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]149 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
150 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
151 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]152
153 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]154 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
155 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]156 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
157
158 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]159 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]160
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]161 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]162
163 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
164 EXPECT_CONN_COUNT(1);
165 EXPECT_ACCEPTED(false);
166 thwart_rx_non_initial_requests();
167
168 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]169 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]170 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
171 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
172 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
173 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]174 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]175
176 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]177 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]178 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]179 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]180 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]181
182 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]183 EXPECT_CONN_COUNT(0);
184
185 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
186 auth_request_sent = false;
187 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
188 auth_request_expect_autn = "1843a645b98d00005b2d666af46c45d9";
189 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]190 ms_sends_msg("052474"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]191 "03575886" /* classmark 2 */
192 "089910070000106005" /* IMSI */);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]193 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
194 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
195
196 btw("needs auth, not yet accepted");
197 EXPECT_ACCEPTED(false);
198 thwart_rx_non_initial_requests();
199
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]200 if (net->a5_encryption_mask > 0x1) {
201 /* Encryption enabled */
202 if (via_ran == OSMO_RAT_GERAN_A) {
203 btw("Test code not implemented");
204 OSMO_ASSERT(false);
205 } else {
206 /* On UTRAN */
207 btw("Encryption enabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl");
208 expect_security_mode_ctrl(NULL, "1159ec926a50e98c034a6b7d7c9f418d");
209 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
210 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
211 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
212
213 btw("MS sends SecurityModeControl acceptance, VLR accepts; above Ciphering is an implicit CM Service Accept");
214 ms_sends_security_mode_complete();
215 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
216 }
217 } else {
218 /* Encryption disabled */
219 btw("Encryption disabled. MS sends Authen Response, VLR accepts with a CM Service Accept");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]220 gsup_expect_tx(NULL);
221 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
222 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]223 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]224
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]225 /* Release connection */
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]226 expect_release_clear(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]227 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
228 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]229
230 btw("all requests serviced, conn has been released");
231 EXPECT_CONN_COUNT(0);
232
233 BTW("an SMS is sent, MS is paged");
234 paging_expect_imsi(imsi);
235 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]236 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]237 OSMO_ASSERT(vsub);
238 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
239
240 send_sms(vsub, vsub,
241 "Privacy in residential applications is a desirable"
242 " marketing option.");
243
244 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]245 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]246 vsub = NULL;
247 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]248
249 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]250 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]251 OSMO_ASSERT(vsub);
252 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]253 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]254
255 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
256 auth_request_sent = false;
257 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
258 auth_request_expect_autn = "f9375e6d41e1000096e7fe4ff1c27e39";
259 ms_sends_msg("062707"
260 "03575886" /* classmark 2 */
261 "089910070000106005" /* IMSI */);
262 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
263
264 btw("needs auth, not yet accepted");
265 EXPECT_ACCEPTED(false);
266 thwart_rx_non_initial_requests();
267
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]268 if (net->a5_encryption_mask > 0x1) {
269 /* Encryption enabled */
270 if (via_ran == OSMO_RAT_GERAN_A) {
271 btw("Test code not implemented");
272 OSMO_ASSERT(false);
273 } else {
274 /* On UTRAN */
275 btw("Encryption enabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl");
276 expect_security_mode_ctrl(NULL, "eb50e770ddcc3060101d2f43b6c2b884");
277 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
278 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
279
280 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends SMS");
281 dtap_expect_tx(sms);
282 ms_sends_security_mode_complete();
283 }
284 } else {
285 /* Encryption disabled */
286 btw("Encryption disabled. MS sends Authen Response, VLR accepts and sends pending SMS");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]287 dtap_expect_tx(sms);
288 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
289 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]290 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]291
292 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]293 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]294 OSMO_ASSERT(vsub);
295 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]296 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]297
298 btw("conn is still open to wait for SMS ack dance");
299 EXPECT_CONN_COUNT(1);
300
301 btw("MS replies with CP-ACK for received SMS");
302 ms_sends_msg("8904");
303 EXPECT_CONN_COUNT(1);
304
305 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
306 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]307 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]308 ms_sends_msg("890106020041020000");
309 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]310 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]311 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]312
313 btw("SMS is done, conn is gone");
314 EXPECT_CONN_COUNT(0);
315
316 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]317 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]318 ms_sends_msg("050130"
319 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]320 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]321 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]322
323 EXPECT_CONN_COUNT(0);
324 clear_vlr();
325}
326
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]327static void test_umts_authen_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]328{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]329 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]330 /* A5/0 = no encryption */
331 net->a5_encryption_mask = A5_0;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]332 _test_umts_authen(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]333 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]334}
335
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]336static void test_umts_authen_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]337{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]338 comment_start();
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]339 /* A5/0 = no encryption; so far the A5 setting also triggers UTRAN encryption */
340 net->a5_encryption_mask = A5_0;
341 _test_umts_authen(OSMO_RAT_UTRAN_IU);
342 comment_end();
343}
344
345static void test_umts_auth_ciph_utran()
346{
347 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]348 /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
349 net->a5_encryption_mask = A5_0_3;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]350 _test_umts_authen(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]351 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]352}
353
354#define RECALC_AUTS 0
355
356#if RECALC_AUTS
357typedef uint8_t u8;
358extern int milenage_f2345(const u8 *opc, const u8 *k, const u8 *_rand,
359 u8 *res, u8 *ck, u8 *ik, u8 *ak, u8 *akstar);
360extern int milenage_f1(const u8 *opc, const u8 *k, const u8 *_rand,
361 const u8 *sqn, const u8 *amf, u8 *mac_a, u8 *mac_s);
362#endif
363
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]364static void _test_umts_authen_resync(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]365{
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]366 struct vlr_subscr *vsub;
367 const char *imsi = "901700000010650";
368
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]369 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]370 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]371 rx_from_ran = via_ran;
372
373 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
374 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]375 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]376 ms_sends_msg("0508" /* MM LU */
377 "7" /* ciph key seq: no key available */
378 "0" /* LU type: normal */
379 "ffffff" "0000" /* LAI, LAC */
380 "57" /* classmark 1: R99, early classmark, no power lvl */
381 "089910070000106005" /* IMSI */
382 "3303575886" /* classmark 2 */
383 );
384 OSMO_ASSERT(gsup_tx_confirmed);
385 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
386
387 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
388 /* based on auc_3g:
389 * K = 'EB215756028D60E3275E613320AEC880',
390 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
391 * SQN = 0
392 */
393 auth_request_sent = false;
394 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
395 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
396 gsup_rx("0a"
397 /* imsi */
398 "0108" "09710000000156f0"
399 /* auth vectors... */
400 /* TL TL rand */
401 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
402 /* TL sres TL kc */
403 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
404 /* TL 3G IK */
405 "2310" "27497388b6cb044648f396aa155b95ef"
406 /* TL 3G CK */
407 "2410" "f64735036e5871319c679f4742a75ea1"
408 /* TL AUTN */
409 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
410 /* TL RES */
411 "2708" "e229c19e791f2e41"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]412 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]413 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
414 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
415
416 /* The AUTN sent was 8704f5ba55f30000d2ee44b22c8ea919
417 * (see expected error output)
418 * with the first 6 bytes being SQN ^ AK.
419 * K = EB215756028D60E3275E613320AEC880
420 * OPC = FB2A3D1B360F599ABAB99DB8669F8308
421 * RAND = 39fa2f4e3d523d8619a73b4f65c3e14d
422 * --milenage-f5-->
423 * AK = 8704f5ba55f3
424 *
425 * The first six bytes are 8704f5ba55f3,
426 * and 8704f5ba55f3 ^ AK = 0.
427 * --> SQN = 0.
428 *
429 * Say the USIM doesn't like that, let's say it is at SQN 23.
430 * SQN_MS = 000000000017
431 *
432 * AUTS = Conc(SQN_MS) || MAC-S
433 * Conc(SQN_MS) = SQN_MS ⊕ f5*[K](RAND)
434 * MAC-S = f1*[K] (SQN MS || RAND || AMF)
435 *
436 * f5*--> Conc(SQN_MS) = 000000000017 ^ 979498b1f73a
437 * = 979498b1f72d
438 * AMF = 0000 (TS 33.102 v7.0.0, 6.3.3)
439 *
440 * MAC-S = f1*[K] (000000000017 || 39fa2f4e3d523d8619a73b4f65c3e14d || 0000)
441 * = 3e28c59fa2e72f9c
442 *
443 * AUTS = 979498b1f72d || 3e28c59fa2e72f9c
444 */
445#if RECALC_AUTS
446 uint8_t ak[6];
447 uint8_t akstar[6];
448 uint8_t opc[16];
449 uint8_t k[16];
450 uint8_t rand[16];
451 osmo_hexparse("EB215756028D60E3275E613320AEC880", k, sizeof(k));
452 osmo_hexparse("FB2A3D1B360F599ABAB99DB8669F8308", opc, sizeof(opc));
453 osmo_hexparse("39fa2f4e3d523d8619a73b4f65c3e14d", rand, sizeof(rand));
454 milenage_f2345(opc, k, rand, NULL, NULL, NULL, ak, akstar);
455 btw("ak = %s", osmo_hexdump_nospc(ak, sizeof(ak)));
456 btw("akstar = %s", osmo_hexdump_nospc(akstar, sizeof(akstar)));
457
458 uint8_t sqn_ms[6] = { 0, 0, 0, 0, 0, 23 };
459 uint8_t amf[2] = { 0 };
460 uint8_t mac_s[8];
461 milenage_f1(opc, k, rand, sqn_ms, amf, NULL, mac_s);
462 btw("mac_s = %s", osmo_hexdump_nospc(mac_s, sizeof(mac_s)));
463 /* verify valid AUTS resulting in SQN 23 with:
464 osmo-auc-gen -3 -a milenage -k EB215756028D60E3275E613320AEC880 \
465 -o FB2A3D1B360F599ABAB99DB8669F8308 \
466 -r 39fa2f4e3d523d8619a73b4f65c3e14d \
467 -A 979498b1f72d3e28c59fa2e72f9c
468 */
469#endif
470
471 btw("MS sends Authen Failure with Resync cause, VLR sends GSUP to HLR to resync");
472 auth_request_sent = false;
473 gsup_expect_tx("08" /* OSMO_GSUP_MSGT_SEND_AUTH_INFO_REQUEST */
474 "0108" "09710000000156f0" /* IMSI */
475 "260e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]476 "2010" "39fa2f4e3d523d8619a73b4f65c3e14d" /* RAND */
477 VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]478 ms_sends_msg("051c" /* 05 = MM; 1c = Auth Failure */
479 "15" /* cause = Synch Failure */
480 "220e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */);
481 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
482 VERBOSE_ASSERT(auth_request_sent, == false, "%d");
483 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
484
485 btw("HLR replies with new tuples");
486 auth_request_sent = false;
487 auth_request_expect_rand = "0f1feb1623e1bf626334e37ec448ac18";
488 auth_request_expect_autn = "02a83f62e9470000660d51afc75f169d";
489 gsup_rx("0a"
490 /* imsi */
491 "0108" "09710000000156f0"
492 /* 1 auth vector */
493 /* TL TL rand */
494 "0362" "2010" "0f1feb1623e1bf626334e37ec448ac18"
495 /* TL sres TL kc */
496 "2104" "efde99da" "2208" "14778c855c523730"
497 /* TL 3G IK */
498 "2310" "8a90c769b7272f3bb7a1c1fbb1ea9349"
499 /* TL 3G CK */
500 "2410" "43ffc1cf8c89a7fd6ab94bd8d6162cbf"
501 /* TL AUTN */
502 "2510" "02a83f62e9470000660d51afc75f169d"
503 /* TL RES */
504 "2708" "1df5f0b4f22b696e"
505 /* TL TL rand */
506 "0362" "2010" "ac21d34937b4e1142a2c757af2949319"
507 /* TL sres TL kc */
508 "2104" "7818bfdc" "2208" "d175571f41f314a4"
509 /* TL 3G IK */
510 "2310" "ff8edbceb6dd24799c77c3b9a6790c10"
511 /* TL 3G CK */
512 "2410" "157c39022ca9d885a7f0766a7dfee448"
513 /* TL AUTN */
514 "2510" "8a43b91898e500002cf354c6f5d1f8c3"
515 /* TL RES */
516 "2708" "f748a7078f5018db"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]517 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]518
519 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
520 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
521
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]522 if (net->a5_encryption_mask > 0x1) {
523 /* Encryption enabled */
524 if (via_ran == OSMO_RAT_GERAN_A) {
525 btw("Test code not implemented");
526 OSMO_ASSERT(false);
527 } else {
528 /* On UTRAN */
529 btw("Encryption enabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl");
530 expect_security_mode_ctrl(NULL, "8a90c769b7272f3bb7a1c1fbb1ea9349");
531 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
532 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
533 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]534
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]535 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
536 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
537 ms_sends_security_mode_complete();
538 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
539 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
540 }
541 } else {
542 /* Encryption disabled */
543 btw("Encryption disabled. MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]544 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]545 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]546 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
547 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
548 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]549
550 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]551 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
552 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]553 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
554
555 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]556 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]557
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]558 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]559
560 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
561 EXPECT_CONN_COUNT(1);
562 EXPECT_ACCEPTED(false);
563 thwart_rx_non_initial_requests();
564
565 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]566 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]567 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
568 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
569 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
570 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]571 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]572
573 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]574 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]575 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]576 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]577 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]578
579 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]580 EXPECT_CONN_COUNT(0);
581
582 clear_vlr();
583}
584
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]585static void test_umts_authen_resync_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]586{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]587 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]588 /* A5/0 = no encryption */
589 net->a5_encryption_mask = A5_0;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]590 _test_umts_authen_resync(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]591 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]592}
593
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]594static void test_umts_authen_resync_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]595{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]596 comment_start();
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]597 /* A5/0 = no encryption; so far the A5 setting also triggers UTRAN encryption */
598 net->a5_encryption_mask = A5_0;
599 _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
600 comment_end();
601}
602
603static void test_umts_auth_ciph_resync_utran()
604{
605 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]606 /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
607 net->a5_encryption_mask = A5_0_3;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]608 _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]609 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]610}
611
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]612static void _test_umts_authen_too_short_res(enum osmo_rat_type via_ran)
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]613{
614 net->authentication_required = true;
615 net->vlr->cfg.assign_tmsi = true;
616 rx_from_ran = via_ran;
617
618 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
619 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]620 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]621 ms_sends_msg("0508" /* MM LU */
622 "7" /* ciph key seq: no key available */
623 "0" /* LU type: normal */
624 "ffffff" "0000" /* LAI, LAC */
625 "57" /* classmark 1: R99, early classmark, no power lvl */
626 "089910070000106005" /* IMSI */
627 "3303575886" /* classmark 2 */
628 );
629 OSMO_ASSERT(gsup_tx_confirmed);
630 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
631
632 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
633 /* based on auc_3g:
634 * K = 'EB215756028D60E3275E613320AEC880',
635 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
636 * SQN = 0
637 */
638 auth_request_sent = false;
639 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
640 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
641 gsup_rx("0a"
642 /* imsi */
643 "0108" "09710000000156f0"
644 /* 5 auth vectors... */
645 /* TL TL rand */
646 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
647 /* TL sres TL kc */
648 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
649 /* TL 3G IK */
650 "2310" "27497388b6cb044648f396aa155b95ef"
651 /* TL 3G CK */
652 "2410" "f64735036e5871319c679f4742a75ea1"
653 /* TL AUTN */
654 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
655 /* TL RES */
656 "2708" "e229c19e791f2e41"
657 /* TL TL rand */
658 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
659 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
660 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
661 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
662 "2510" "1843a645b98d00005b2d666af46c45d9"
663 "2708" "7db47cf7f81e4dc7"
664 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
665 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
666 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
667 "2410" "76542abce5ff9345b0e8947f4c6e019c"
668 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
669 "2708" "706f996719ba609c"
670 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
671 "2104" "d570c03f" "2208" "ec011be8919883d6"
672 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
673 "2410" "0593f65e752e5cb7f473862bda05aa0a"
674 "2510" "541ff1f077270000c5ea00d658bc7e9a"
675 "2708" "3fd26072eaa2a04d"
676 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
677 "2104" "b072446f220823f39f9f425ad6e6"
678 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
679 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
680 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]681 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]682 NULL);
683 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
684 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
685
686 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]687 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]688 expect_release_clear(via_ran);
689 ms_sends_msg("0554" "e229c19e" "2103" "791f2e" /* nipped one byte */);
690 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
691 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]692 ran_sends_clear_complete(via_ran);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]693
694 EXPECT_CONN_COUNT(0);
695 clear_vlr();
696}
697
698static void test_umts_authen_too_short_res_geran()
699{
700 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]701 /* A5/0 = no encryption */
702 net->a5_encryption_mask = A5_0;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]703 _test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]704 comment_end();
705}
706
707static void test_umts_authen_too_short_res_utran()
708{
709 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]710 /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
711 net->a5_encryption_mask = A5_0_3;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]712 _test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]713 comment_end();
714}
715
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]716static void _test_umts_authen_too_long_res(enum osmo_rat_type via_ran)
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]717{
718 net->authentication_required = true;
719 net->vlr->cfg.assign_tmsi = true;
720 rx_from_ran = via_ran;
721
722 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
723 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]724 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]725 ms_sends_msg("0508" /* MM LU */
726 "7" /* ciph key seq: no key available */
727 "0" /* LU type: normal */
728 "ffffff" "0000" /* LAI, LAC */
729 "57" /* classmark 1: R99, early classmark, no power lvl */
730 "089910070000106005" /* IMSI */
731 "3303575886" /* classmark 2 */
732 );
733 OSMO_ASSERT(gsup_tx_confirmed);
734 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
735
736 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
737 /* based on auc_3g:
738 * K = 'EB215756028D60E3275E613320AEC880',
739 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
740 * SQN = 0
741 */
742 auth_request_sent = false;
743 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
744 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
745 gsup_rx("0a"
746 /* imsi */
747 "0108" "09710000000156f0"
748 /* 5 auth vectors... */
749 /* TL TL rand */
750 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
751 /* TL sres TL kc */
752 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
753 /* TL 3G IK */
754 "2310" "27497388b6cb044648f396aa155b95ef"
755 /* TL 3G CK */
756 "2410" "f64735036e5871319c679f4742a75ea1"
757 /* TL AUTN */
758 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
759 /* TL RES */
760 "2708" "e229c19e791f2e41"
761 /* TL TL rand */
762 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
763 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
764 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
765 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
766 "2510" "1843a645b98d00005b2d666af46c45d9"
767 "2708" "7db47cf7f81e4dc7"
768 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
769 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
770 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
771 "2410" "76542abce5ff9345b0e8947f4c6e019c"
772 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
773 "2708" "706f996719ba609c"
774 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
775 "2104" "d570c03f" "2208" "ec011be8919883d6"
776 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
777 "2410" "0593f65e752e5cb7f473862bda05aa0a"
778 "2510" "541ff1f077270000c5ea00d658bc7e9a"
779 "2708" "3fd26072eaa2a04d"
780 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
781 "2104" "b072446f220823f39f9f425ad6e6"
782 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
783 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
784 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]785 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]786 NULL);
787 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
788 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
789
790 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]791 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]792 expect_release_clear(via_ran);
793 ms_sends_msg("0554" "e229c19e" "2105" "791f2e4123" /* added one byte */);
794 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
795 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]796 ran_sends_clear_complete(via_ran);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]797
798 EXPECT_CONN_COUNT(0);
799 clear_vlr();
800}
801
802static void test_umts_authen_too_long_res_geran()
803{
804 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]805 /* A5/0 = no encryption */
806 net->a5_encryption_mask = A5_0;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]807 _test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]808 comment_end();
809}
810
811static void test_umts_authen_too_long_res_utran()
812{
813 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]814 /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
815 net->a5_encryption_mask = A5_0_3;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]816 _test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]817 comment_end();
818}
819
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]820static void _test_umts_authen_only_sres(enum osmo_rat_type via_ran)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]821{
822 net->authentication_required = true;
823 net->vlr->cfg.assign_tmsi = true;
824 rx_from_ran = via_ran;
825
826 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
827 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]828 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]829 ms_sends_msg("0508" /* MM LU */
830 "7" /* ciph key seq: no key available */
831 "0" /* LU type: normal */
832 "ffffff" "0000" /* LAI, LAC */
833 "57" /* classmark 1: R99, early classmark, no power lvl */
834 "089910070000106005" /* IMSI */
835 "3303575886" /* classmark 2 */
836 );
837 OSMO_ASSERT(gsup_tx_confirmed);
838 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
839
840 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
841 /* based on auc_3g:
842 * K = 'EB215756028D60E3275E613320AEC880',
843 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
844 * SQN = 0
845 */
846 auth_request_sent = false;
847 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
848 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
849 gsup_rx("0a"
850 /* imsi */
851 "0108" "09710000000156f0"
852 /* 5 auth vectors... */
853 /* TL TL rand */
854 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
855 /* TL sres TL kc */
856 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
857 /* TL 3G IK */
858 "2310" "27497388b6cb044648f396aa155b95ef"
859 /* TL 3G CK */
860 "2410" "f64735036e5871319c679f4742a75ea1"
861 /* TL AUTN */
862 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
863 /* TL RES */
864 "2708" "e229c19e791f2e41"
865 /* TL TL rand */
866 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
867 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
868 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
869 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
870 "2510" "1843a645b98d00005b2d666af46c45d9"
871 "2708" "7db47cf7f81e4dc7"
872 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
873 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
874 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
875 "2410" "76542abce5ff9345b0e8947f4c6e019c"
876 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
877 "2708" "706f996719ba609c"
878 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
879 "2104" "d570c03f" "2208" "ec011be8919883d6"
880 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
881 "2410" "0593f65e752e5cb7f473862bda05aa0a"
882 "2510" "541ff1f077270000c5ea00d658bc7e9a"
883 "2708" "3fd26072eaa2a04d"
884 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
885 "2104" "b072446f220823f39f9f425ad6e6"
886 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
887 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
888 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]889 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]890 NULL);
891 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
892 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
893
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]894 if (via_ran == OSMO_RAT_GERAN_A)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]895 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
896 " GERAN reports an SRES mismatch");
897 else
898 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
899 " UTRAN disallows GSM AKA altogether");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]900 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]901 expect_release_clear(via_ran);
902 ms_sends_msg("0554" "e229c19e" /* Only the SRES half of the RES */);
903 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
904 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]905 ran_sends_clear_complete(via_ran);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]906
907 EXPECT_CONN_COUNT(0);
908 clear_vlr();
909}
910
911static void test_umts_authen_only_sres_geran()
912{
913 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]914 /* A5/0 = no encryption */
915 net->a5_encryption_mask = A5_0;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]916 _test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]917 comment_end();
918}
919
920static void test_umts_authen_only_sres_utran()
921{
922 comment_start();
Neels Hofmeyra4d7a762019-07-31 15:21:19 +0200[diff] [blame]923 /* A5/0 + A5/3 = encryption enabled; so far the A5 setting also triggers UTRAN encryption */
924 net->a5_encryption_mask = A5_0_3;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]925 _test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]926 comment_end();
927}
928
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]929
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]930msc_vlr_test_func_t msc_vlr_tests[] = {
931 test_umts_authen_geran,
932 test_umts_authen_utran,
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]933 test_umts_auth_ciph_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]934 test_umts_authen_resync_geran,
935 test_umts_authen_resync_utran,
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame^]936 test_umts_auth_ciph_resync_utran,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]937 test_umts_authen_too_short_res_geran,
938 test_umts_authen_too_short_res_utran,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]939 test_umts_authen_too_long_res_geran,
940 test_umts_authen_too_long_res_utran,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]941 test_umts_authen_only_sres_geran,
942 test_umts_authen_only_sres_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]943 NULL
944};