Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 4068ab278b66af7010c3acc73a7bb87bf651fc46 / . / tests / msc_vlr / msc_vlr_test_umts_authen.c
blob: 42d406c76404542e86a80e118c1109f6a5ca0619 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]26static void _test_umts_authen(enum ran_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000010650";
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]30 const char *sms =
31 "09" /* SMS messages */
32 "01" /* CP-DATA */
33 "58" /* length */
34 "01" /* Network to MS */
35 "00" /* reference */
36 /* originator (gsm411_send_sms() hardcodes this weird nr) */
37 "0791" "447758100650" /* 447785016005 */
38 "00" /* dest */
39 /* SMS TPDU */
40 "4c" /* len */
41 "00" /* SMS deliver */
42 "05802443f2" /* originating address 42342 */
43 "00" /* TP-PID */
44 "00" /* GSM default alphabet */
45 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
46 "000000" /* H-M-S */
47 "00" /* GMT+0 */
48 "44" /* data length */
49 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
50 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
51 "0c7ac3e9e9b7db05";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]52
53 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]54 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]55 rx_from_ran = via_ran;
56
57 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
58 lu_result_sent = RES_NONE;
59 gsup_expect_tx("080108" "09710000000156f0");
60 ms_sends_msg("0508" /* MM LU */
61 "7" /* ciph key seq: no key available */
62 "0" /* LU type: normal */
63 "ffffff" "0000" /* LAI, LAC */
64 "57" /* classmark 1: R99, early classmark, no power lvl */
65 "089910070000106005" /* IMSI */
66 "3303575886" /* classmark 2 */
67 );
68 OSMO_ASSERT(gsup_tx_confirmed);
69 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
70
71 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
72 /* based on auc_3g:
73 * K = 'EB215756028D60E3275E613320AEC880',
74 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
75 * SQN = 0
76 */
77 auth_request_sent = false;
78 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
79 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
80 gsup_rx("0a"
81 /* imsi */
82 "0108" "09710000000156f0"
83 /* 5 auth vectors... */
84 /* TL TL rand */
85 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
86 /* TL sres TL kc */
87 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
88 /* TL 3G IK */
89 "2310" "27497388b6cb044648f396aa155b95ef"
90 /* TL 3G CK */
91 "2410" "f64735036e5871319c679f4742a75ea1"
92 /* TL AUTN */
93 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
94 /* TL RES */
95 "2708" "e229c19e791f2e41"
96 /* TL TL rand */
97 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
98 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
99 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
100 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
101 "2510" "1843a645b98d00005b2d666af46c45d9"
102 "2708" "7db47cf7f81e4dc7"
103 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
104 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
105 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
106 "2410" "76542abce5ff9345b0e8947f4c6e019c"
107 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
108 "2708" "706f996719ba609c"
109 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
110 "2104" "d570c03f" "2208" "ec011be8919883d6"
111 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
112 "2410" "0593f65e752e5cb7f473862bda05aa0a"
113 "2510" "541ff1f077270000c5ea00d658bc7e9a"
114 "2708" "3fd26072eaa2a04d"
115 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
116 "2104" "b072446f220823f39f9f425ad6e6"
117 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
118 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
119 "2510" "4bf4e564f75300009bc796706bc65744"
120 "2708" "0edb0eadbea94ac2",
121 NULL);
122 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
123 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
124
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]125 if (via_ran == RAN_GERAN_A) {
126 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
127 gsup_expect_tx("04010809710000000156f0");
128 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
129 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
130 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
131 } else {
132 /* On UTRAN */
133 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]134 expect_security_mode_ctrl(NULL, "27497388b6cb044648f396aa155b95ef");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]135 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]136 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]137 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
138
139 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
140 gsup_expect_tx("04010809710000000156f0");
141 ms_sends_security_mode_complete();
142 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
143 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
144 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]145
146 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
147 gsup_rx("10010809710000000156f00804032443f2",
148 "12010809710000000156f0");
149 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
150
151 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
152 gsup_rx("06010809710000000156f0", NULL);
153
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]154 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]155
156 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
157 EXPECT_CONN_COUNT(1);
158 EXPECT_ACCEPTED(false);
159 thwart_rx_non_initial_requests();
160
161 btw("even though the TMSI is not acked, we can already find the subscr with it");
162 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
163 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
164 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
165 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
166 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
167 vlr_subscr_put(vsub);
168
169 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]170 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]171 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]172 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame^]173 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]174
175 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]176 EXPECT_CONN_COUNT(0);
177
178 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
179 auth_request_sent = false;
180 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
181 auth_request_expect_autn = "1843a645b98d00005b2d666af46c45d9";
182 cm_service_result_sent = RES_NONE;
183 ms_sends_msg("052478"
184 "03575886" /* classmark 2 */
185 "089910070000106005" /* IMSI */);
186 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]187 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]188 OSMO_ASSERT(g_conn->vsub);
189 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
190 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
191
192 btw("needs auth, not yet accepted");
193 EXPECT_ACCEPTED(false);
194 thwart_rx_non_initial_requests();
195
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]196 if (via_ran == RAN_GERAN_A) {
197 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
198 gsup_expect_tx(NULL);
199 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
200 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
201 } else {
202 /* On UTRAN */
203 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]204 expect_security_mode_ctrl(NULL, "1159ec926a50e98c034a6b7d7c9f418d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]205 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]206 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]207 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
208
209 btw("MS sends SecurityModeControl acceptance, VLR accepts; above Ciphering is an implicit CM Service Accept");
210 ms_sends_security_mode_complete();
211 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
212 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]213
214 btw("a USSD request is serviced");
215 dtap_expect_tx_ussd("Your extension is 42342\r");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]216 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]217 ms_sends_msg("0b3b1c15a11302010002013b300b04010f0406aa510c061b017f0100");
218 OSMO_ASSERT(dtap_tx_confirmed);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]219 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame^]220 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]221
222 btw("all requests serviced, conn has been released");
223 EXPECT_CONN_COUNT(0);
224
225 BTW("an SMS is sent, MS is paged");
226 paging_expect_imsi(imsi);
227 paging_sent = false;
228 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
229 OSMO_ASSERT(vsub);
230 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
231
232 send_sms(vsub, vsub,
233 "Privacy in residential applications is a desirable"
234 " marketing option.");
235
236 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
237 vlr_subscr_put(vsub);
238 vsub = NULL;
239 VERBOSE_ASSERT(paging_sent, == true, "%d");
240 VERBOSE_ASSERT(paging_stopped, == false, "%d");
241
242 btw("the subscriber and its pending request should remain");
243 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
244 OSMO_ASSERT(vsub);
245 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
246 vlr_subscr_put(vsub);
247
248 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
249 auth_request_sent = false;
250 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
251 auth_request_expect_autn = "f9375e6d41e1000096e7fe4ff1c27e39";
252 ms_sends_msg("062707"
253 "03575886" /* classmark 2 */
254 "089910070000106005" /* IMSI */);
255 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
256
257 btw("needs auth, not yet accepted");
258 EXPECT_ACCEPTED(false);
259 thwart_rx_non_initial_requests();
260
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]261 if (via_ran == RAN_GERAN_A) {
262 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
263 dtap_expect_tx(sms);
264 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
265 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
266 VERBOSE_ASSERT(paging_stopped, == true, "%d");
267 } else {
268 /* On UTRAN */
269 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]270 expect_security_mode_ctrl(NULL, "eb50e770ddcc3060101d2f43b6c2b884");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]271 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]272 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]273 VERBOSE_ASSERT(paging_stopped, == false, "%d");
274
275 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends SMS");
276 dtap_expect_tx(sms);
277 ms_sends_security_mode_complete();
278 VERBOSE_ASSERT(paging_stopped, == true, "%d");
279 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]280
281 btw("SMS was delivered, no requests pending for subscr");
282 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
283 OSMO_ASSERT(vsub);
284 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
285 vlr_subscr_put(vsub);
286
287 btw("conn is still open to wait for SMS ack dance");
288 EXPECT_CONN_COUNT(1);
289
290 btw("MS replies with CP-ACK for received SMS");
291 ms_sends_msg("8904");
292 EXPECT_CONN_COUNT(1);
293
294 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
295 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]296 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]297 ms_sends_msg("890106020041020000");
298 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]299 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame^]300 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]301
302 btw("SMS is done, conn is gone");
303 EXPECT_CONN_COUNT(0);
304
305 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]306 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]307 ms_sends_msg("050130"
308 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]309 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame^]310 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]311
312 EXPECT_CONN_COUNT(0);
313 clear_vlr();
314}
315
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]316static void test_umts_authen_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]317{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]318 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]319 _test_umts_authen(RAN_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]320 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]321}
322
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]323static void test_umts_authen_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]324{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]325 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]326 _test_umts_authen(RAN_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]327 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]328}
329
330#define RECALC_AUTS 0
331
332#if RECALC_AUTS
333typedef uint8_t u8;
334extern int milenage_f2345(const u8 *opc, const u8 *k, const u8 *_rand,
335 u8 *res, u8 *ck, u8 *ik, u8 *ak, u8 *akstar);
336extern int milenage_f1(const u8 *opc, const u8 *k, const u8 *_rand,
337 const u8 *sqn, const u8 *amf, u8 *mac_a, u8 *mac_s);
338#endif
339
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]340static void _test_umts_authen_resync(enum ran_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]341{
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]342 struct vlr_subscr *vsub;
343 const char *imsi = "901700000010650";
344
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]345 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]346 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]347 rx_from_ran = via_ran;
348
349 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
350 lu_result_sent = RES_NONE;
351 gsup_expect_tx("080108" "09710000000156f0");
352 ms_sends_msg("0508" /* MM LU */
353 "7" /* ciph key seq: no key available */
354 "0" /* LU type: normal */
355 "ffffff" "0000" /* LAI, LAC */
356 "57" /* classmark 1: R99, early classmark, no power lvl */
357 "089910070000106005" /* IMSI */
358 "3303575886" /* classmark 2 */
359 );
360 OSMO_ASSERT(gsup_tx_confirmed);
361 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
362
363 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
364 /* based on auc_3g:
365 * K = 'EB215756028D60E3275E613320AEC880',
366 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
367 * SQN = 0
368 */
369 auth_request_sent = false;
370 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
371 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
372 gsup_rx("0a"
373 /* imsi */
374 "0108" "09710000000156f0"
375 /* auth vectors... */
376 /* TL TL rand */
377 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
378 /* TL sres TL kc */
379 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
380 /* TL 3G IK */
381 "2310" "27497388b6cb044648f396aa155b95ef"
382 /* TL 3G CK */
383 "2410" "f64735036e5871319c679f4742a75ea1"
384 /* TL AUTN */
385 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
386 /* TL RES */
387 "2708" "e229c19e791f2e41"
388 ,NULL);
389 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
390 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
391
392 /* The AUTN sent was 8704f5ba55f30000d2ee44b22c8ea919
393 * (see expected error output)
394 * with the first 6 bytes being SQN ^ AK.
395 * K = EB215756028D60E3275E613320AEC880
396 * OPC = FB2A3D1B360F599ABAB99DB8669F8308
397 * RAND = 39fa2f4e3d523d8619a73b4f65c3e14d
398 * --milenage-f5-->
399 * AK = 8704f5ba55f3
400 *
401 * The first six bytes are 8704f5ba55f3,
402 * and 8704f5ba55f3 ^ AK = 0.
403 * --> SQN = 0.
404 *
405 * Say the USIM doesn't like that, let's say it is at SQN 23.
406 * SQN_MS = 000000000017
407 *
408 * AUTS = Conc(SQN_MS) || MAC-S
409 * Conc(SQN_MS) = SQN_MS ⊕ f5*[K](RAND)
410 * MAC-S = f1*[K] (SQN MS || RAND || AMF)
411 *
412 * f5*--> Conc(SQN_MS) = 000000000017 ^ 979498b1f73a
413 * = 979498b1f72d
414 * AMF = 0000 (TS 33.102 v7.0.0, 6.3.3)
415 *
416 * MAC-S = f1*[K] (000000000017 || 39fa2f4e3d523d8619a73b4f65c3e14d || 0000)
417 * = 3e28c59fa2e72f9c
418 *
419 * AUTS = 979498b1f72d || 3e28c59fa2e72f9c
420 */
421#if RECALC_AUTS
422 uint8_t ak[6];
423 uint8_t akstar[6];
424 uint8_t opc[16];
425 uint8_t k[16];
426 uint8_t rand[16];
427 osmo_hexparse("EB215756028D60E3275E613320AEC880", k, sizeof(k));
428 osmo_hexparse("FB2A3D1B360F599ABAB99DB8669F8308", opc, sizeof(opc));
429 osmo_hexparse("39fa2f4e3d523d8619a73b4f65c3e14d", rand, sizeof(rand));
430 milenage_f2345(opc, k, rand, NULL, NULL, NULL, ak, akstar);
431 btw("ak = %s", osmo_hexdump_nospc(ak, sizeof(ak)));
432 btw("akstar = %s", osmo_hexdump_nospc(akstar, sizeof(akstar)));
433
434 uint8_t sqn_ms[6] = { 0, 0, 0, 0, 0, 23 };
435 uint8_t amf[2] = { 0 };
436 uint8_t mac_s[8];
437 milenage_f1(opc, k, rand, sqn_ms, amf, NULL, mac_s);
438 btw("mac_s = %s", osmo_hexdump_nospc(mac_s, sizeof(mac_s)));
439 /* verify valid AUTS resulting in SQN 23 with:
440 osmo-auc-gen -3 -a milenage -k EB215756028D60E3275E613320AEC880 \
441 -o FB2A3D1B360F599ABAB99DB8669F8308 \
442 -r 39fa2f4e3d523d8619a73b4f65c3e14d \
443 -A 979498b1f72d3e28c59fa2e72f9c
444 */
445#endif
446
447 btw("MS sends Authen Failure with Resync cause, VLR sends GSUP to HLR to resync");
448 auth_request_sent = false;
449 gsup_expect_tx("08" /* OSMO_GSUP_MSGT_SEND_AUTH_INFO_REQUEST */
450 "0108" "09710000000156f0" /* IMSI */
451 "260e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */
452 "2010" "39fa2f4e3d523d8619a73b4f65c3e14d" /* RAND */);
453 ms_sends_msg("051c" /* 05 = MM; 1c = Auth Failure */
454 "15" /* cause = Synch Failure */
455 "220e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */);
456 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
457 VERBOSE_ASSERT(auth_request_sent, == false, "%d");
458 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
459
460 btw("HLR replies with new tuples");
461 auth_request_sent = false;
462 auth_request_expect_rand = "0f1feb1623e1bf626334e37ec448ac18";
463 auth_request_expect_autn = "02a83f62e9470000660d51afc75f169d";
464 gsup_rx("0a"
465 /* imsi */
466 "0108" "09710000000156f0"
467 /* 1 auth vector */
468 /* TL TL rand */
469 "0362" "2010" "0f1feb1623e1bf626334e37ec448ac18"
470 /* TL sres TL kc */
471 "2104" "efde99da" "2208" "14778c855c523730"
472 /* TL 3G IK */
473 "2310" "8a90c769b7272f3bb7a1c1fbb1ea9349"
474 /* TL 3G CK */
475 "2410" "43ffc1cf8c89a7fd6ab94bd8d6162cbf"
476 /* TL AUTN */
477 "2510" "02a83f62e9470000660d51afc75f169d"
478 /* TL RES */
479 "2708" "1df5f0b4f22b696e"
480 /* TL TL rand */
481 "0362" "2010" "ac21d34937b4e1142a2c757af2949319"
482 /* TL sres TL kc */
483 "2104" "7818bfdc" "2208" "d175571f41f314a4"
484 /* TL 3G IK */
485 "2310" "ff8edbceb6dd24799c77c3b9a6790c10"
486 /* TL 3G CK */
487 "2410" "157c39022ca9d885a7f0766a7dfee448"
488 /* TL AUTN */
489 "2510" "8a43b91898e500002cf354c6f5d1f8c3"
490 /* TL RES */
491 "2708" "f748a7078f5018db"
492 ,NULL);
493
494 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
495 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
496
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]497 if (via_ran == RAN_GERAN_A) {
498 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
499 gsup_expect_tx("04010809710000000156f0");
500 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
501 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
502 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
503 } else {
504 /* On UTRAN */
505 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]506 expect_security_mode_ctrl(NULL, "8a90c769b7272f3bb7a1c1fbb1ea9349");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]507 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]508 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]509 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
510
511 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
512 gsup_expect_tx("04010809710000000156f0");
513 ms_sends_security_mode_complete();
514 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
515 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
516 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]517
518 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
519 gsup_rx("10010809710000000156f00804032443f2",
520 "12010809710000000156f0");
521 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
522
523 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
524 gsup_rx("06010809710000000156f0", NULL);
525
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]526 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]527
528 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
529 EXPECT_CONN_COUNT(1);
530 EXPECT_ACCEPTED(false);
531 thwart_rx_non_initial_requests();
532
533 btw("even though the TMSI is not acked, we can already find the subscr with it");
534 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
535 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
536 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
537 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
538 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
539 vlr_subscr_put(vsub);
540
541 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]542 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]543 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]544 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame^]545 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]546
547 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]548 EXPECT_CONN_COUNT(0);
549
550 clear_vlr();
551}
552
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]553static void test_umts_authen_resync_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]554{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]555 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]556 _test_umts_authen_resync(RAN_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]557 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]558}
559
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]560static void test_umts_authen_resync_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]561{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]562 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]563 _test_umts_authen_resync(RAN_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]564 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]565}
566
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]567static void _test_umts_authen_too_short_res(enum ran_type via_ran)
568{
569 net->authentication_required = true;
570 net->vlr->cfg.assign_tmsi = true;
571 rx_from_ran = via_ran;
572
573 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
574 lu_result_sent = RES_NONE;
575 gsup_expect_tx("080108" "09710000000156f0");
576 ms_sends_msg("0508" /* MM LU */
577 "7" /* ciph key seq: no key available */
578 "0" /* LU type: normal */
579 "ffffff" "0000" /* LAI, LAC */
580 "57" /* classmark 1: R99, early classmark, no power lvl */
581 "089910070000106005" /* IMSI */
582 "3303575886" /* classmark 2 */
583 );
584 OSMO_ASSERT(gsup_tx_confirmed);
585 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
586
587 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
588 /* based on auc_3g:
589 * K = 'EB215756028D60E3275E613320AEC880',
590 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
591 * SQN = 0
592 */
593 auth_request_sent = false;
594 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
595 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
596 gsup_rx("0a"
597 /* imsi */
598 "0108" "09710000000156f0"
599 /* 5 auth vectors... */
600 /* TL TL rand */
601 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
602 /* TL sres TL kc */
603 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
604 /* TL 3G IK */
605 "2310" "27497388b6cb044648f396aa155b95ef"
606 /* TL 3G CK */
607 "2410" "f64735036e5871319c679f4742a75ea1"
608 /* TL AUTN */
609 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
610 /* TL RES */
611 "2708" "e229c19e791f2e41"
612 /* TL TL rand */
613 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
614 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
615 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
616 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
617 "2510" "1843a645b98d00005b2d666af46c45d9"
618 "2708" "7db47cf7f81e4dc7"
619 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
620 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
621 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
622 "2410" "76542abce5ff9345b0e8947f4c6e019c"
623 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
624 "2708" "706f996719ba609c"
625 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
626 "2104" "d570c03f" "2208" "ec011be8919883d6"
627 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
628 "2410" "0593f65e752e5cb7f473862bda05aa0a"
629 "2510" "541ff1f077270000c5ea00d658bc7e9a"
630 "2708" "3fd26072eaa2a04d"
631 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
632 "2104" "b072446f220823f39f9f425ad6e6"
633 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
634 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
635 "2510" "4bf4e564f75300009bc796706bc65744"
636 "2708" "0edb0eadbea94ac2",
637 NULL);
638 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
639 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
640
641 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
642 gsup_expect_tx("0b010809710000000156f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
643 expect_release_clear(via_ran);
644 ms_sends_msg("0554" "e229c19e" "2103" "791f2e" /* nipped one byte */);
645 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
646 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame^]647 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]648
649 EXPECT_CONN_COUNT(0);
650 clear_vlr();
651}
652
653static void test_umts_authen_too_short_res_geran()
654{
655 comment_start();
656 _test_umts_authen_too_short_res(RAN_GERAN_A);
657 comment_end();
658}
659
660static void test_umts_authen_too_short_res_utran()
661{
662 comment_start();
663 _test_umts_authen_too_short_res(RAN_UTRAN_IU);
664 comment_end();
665}
666
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]667static void _test_umts_authen_too_long_res(enum ran_type via_ran)
668{
669 net->authentication_required = true;
670 net->vlr->cfg.assign_tmsi = true;
671 rx_from_ran = via_ran;
672
673 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
674 lu_result_sent = RES_NONE;
675 gsup_expect_tx("080108" "09710000000156f0");
676 ms_sends_msg("0508" /* MM LU */
677 "7" /* ciph key seq: no key available */
678 "0" /* LU type: normal */
679 "ffffff" "0000" /* LAI, LAC */
680 "57" /* classmark 1: R99, early classmark, no power lvl */
681 "089910070000106005" /* IMSI */
682 "3303575886" /* classmark 2 */
683 );
684 OSMO_ASSERT(gsup_tx_confirmed);
685 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
686
687 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
688 /* based on auc_3g:
689 * K = 'EB215756028D60E3275E613320AEC880',
690 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
691 * SQN = 0
692 */
693 auth_request_sent = false;
694 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
695 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
696 gsup_rx("0a"
697 /* imsi */
698 "0108" "09710000000156f0"
699 /* 5 auth vectors... */
700 /* TL TL rand */
701 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
702 /* TL sres TL kc */
703 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
704 /* TL 3G IK */
705 "2310" "27497388b6cb044648f396aa155b95ef"
706 /* TL 3G CK */
707 "2410" "f64735036e5871319c679f4742a75ea1"
708 /* TL AUTN */
709 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
710 /* TL RES */
711 "2708" "e229c19e791f2e41"
712 /* TL TL rand */
713 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
714 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
715 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
716 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
717 "2510" "1843a645b98d00005b2d666af46c45d9"
718 "2708" "7db47cf7f81e4dc7"
719 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
720 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
721 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
722 "2410" "76542abce5ff9345b0e8947f4c6e019c"
723 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
724 "2708" "706f996719ba609c"
725 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
726 "2104" "d570c03f" "2208" "ec011be8919883d6"
727 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
728 "2410" "0593f65e752e5cb7f473862bda05aa0a"
729 "2510" "541ff1f077270000c5ea00d658bc7e9a"
730 "2708" "3fd26072eaa2a04d"
731 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
732 "2104" "b072446f220823f39f9f425ad6e6"
733 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
734 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
735 "2510" "4bf4e564f75300009bc796706bc65744"
736 "2708" "0edb0eadbea94ac2",
737 NULL);
738 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
739 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
740
741 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
742 gsup_expect_tx("0b010809710000000156f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
743 expect_release_clear(via_ran);
744 ms_sends_msg("0554" "e229c19e" "2105" "791f2e4123" /* added one byte */);
745 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
746 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame^]747 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]748
749 EXPECT_CONN_COUNT(0);
750 clear_vlr();
751}
752
753static void test_umts_authen_too_long_res_geran()
754{
755 comment_start();
756 _test_umts_authen_too_long_res(RAN_GERAN_A);
757 comment_end();
758}
759
760static void test_umts_authen_too_long_res_utran()
761{
762 comment_start();
763 _test_umts_authen_too_long_res(RAN_UTRAN_IU);
764 comment_end();
765}
766
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]767static void _test_umts_authen_only_sres(enum ran_type via_ran)
768{
769 net->authentication_required = true;
770 net->vlr->cfg.assign_tmsi = true;
771 rx_from_ran = via_ran;
772
773 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
774 lu_result_sent = RES_NONE;
775 gsup_expect_tx("080108" "09710000000156f0");
776 ms_sends_msg("0508" /* MM LU */
777 "7" /* ciph key seq: no key available */
778 "0" /* LU type: normal */
779 "ffffff" "0000" /* LAI, LAC */
780 "57" /* classmark 1: R99, early classmark, no power lvl */
781 "089910070000106005" /* IMSI */
782 "3303575886" /* classmark 2 */
783 );
784 OSMO_ASSERT(gsup_tx_confirmed);
785 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
786
787 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
788 /* based on auc_3g:
789 * K = 'EB215756028D60E3275E613320AEC880',
790 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
791 * SQN = 0
792 */
793 auth_request_sent = false;
794 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
795 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
796 gsup_rx("0a"
797 /* imsi */
798 "0108" "09710000000156f0"
799 /* 5 auth vectors... */
800 /* TL TL rand */
801 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
802 /* TL sres TL kc */
803 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
804 /* TL 3G IK */
805 "2310" "27497388b6cb044648f396aa155b95ef"
806 /* TL 3G CK */
807 "2410" "f64735036e5871319c679f4742a75ea1"
808 /* TL AUTN */
809 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
810 /* TL RES */
811 "2708" "e229c19e791f2e41"
812 /* TL TL rand */
813 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
814 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
815 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
816 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
817 "2510" "1843a645b98d00005b2d666af46c45d9"
818 "2708" "7db47cf7f81e4dc7"
819 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
820 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
821 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
822 "2410" "76542abce5ff9345b0e8947f4c6e019c"
823 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
824 "2708" "706f996719ba609c"
825 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
826 "2104" "d570c03f" "2208" "ec011be8919883d6"
827 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
828 "2410" "0593f65e752e5cb7f473862bda05aa0a"
829 "2510" "541ff1f077270000c5ea00d658bc7e9a"
830 "2708" "3fd26072eaa2a04d"
831 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
832 "2104" "b072446f220823f39f9f425ad6e6"
833 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
834 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
835 "2510" "4bf4e564f75300009bc796706bc65744"
836 "2708" "0edb0eadbea94ac2",
837 NULL);
838 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
839 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
840
841 if (via_ran == RAN_GERAN_A)
842 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
843 " GERAN reports an SRES mismatch");
844 else
845 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
846 " UTRAN disallows GSM AKA altogether");
847 gsup_expect_tx("0b010809710000000156f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
848 expect_release_clear(via_ran);
849 ms_sends_msg("0554" "e229c19e" /* Only the SRES half of the RES */);
850 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
851 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame^]852 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]853
854 EXPECT_CONN_COUNT(0);
855 clear_vlr();
856}
857
858static void test_umts_authen_only_sres_geran()
859{
860 comment_start();
861 _test_umts_authen_only_sres(RAN_GERAN_A);
862 comment_end();
863}
864
865static void test_umts_authen_only_sres_utran()
866{
867 comment_start();
868 _test_umts_authen_only_sres(RAN_UTRAN_IU);
869 comment_end();
870}
871
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]872
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]873msc_vlr_test_func_t msc_vlr_tests[] = {
874 test_umts_authen_geran,
875 test_umts_authen_utran,
876 test_umts_authen_resync_geran,
877 test_umts_authen_resync_utran,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]878 test_umts_authen_too_short_res_geran,
879 test_umts_authen_too_short_res_utran,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]880 test_umts_authen_too_long_res_geran,
881 test_umts_authen_too_long_res_utran,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]882 test_umts_authen_only_sres_geran,
883 test_umts_authen_only_sres_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]884 NULL
885};