Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 4dfb2babf213f679ee93ea16e000f228f2b766b4 / . / tests / msc_vlr / msc_vlr_test_umts_authen.c
blob: 761db55e27dbb7b0b4ed6a4a8648a490fd55e683 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]26static void _test_umts_authen(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000010650";
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]30 const char *sms =
31 "09" /* SMS messages */
32 "01" /* CP-DATA */
33 "58" /* length */
34 "01" /* Network to MS */
35 "00" /* reference */
36 /* originator (gsm411_send_sms() hardcodes this weird nr) */
37 "0791" "447758100650" /* 447785016005 */
38 "00" /* dest */
39 /* SMS TPDU */
40 "4c" /* len */
41 "00" /* SMS deliver */
42 "05802443f2" /* originating address 42342 */
43 "00" /* TP-PID */
44 "00" /* GSM default alphabet */
45 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
46 "000000" /* H-M-S */
47 "00" /* GMT+0 */
48 "44" /* data length */
49 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
50 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
51 "0c7ac3e9e9b7db05";
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]52 bool encryption = (via_ran == OSMO_RAT_GERAN_A && net->a5_encryption_mask > 0x1)
53 || (via_ran == OSMO_RAT_UTRAN_IU && net->uea_encryption);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]54
55 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]56 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]57 rx_from_ran = via_ran;
58
59 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
60 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]61 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]62 ms_sends_msg("0508" /* MM LU */
63 "7" /* ciph key seq: no key available */
64 "0" /* LU type: normal */
65 "ffffff" "0000" /* LAI, LAC */
66 "57" /* classmark 1: R99, early classmark, no power lvl */
67 "089910070000106005" /* IMSI */
68 "3303575886" /* classmark 2 */
69 );
70 OSMO_ASSERT(gsup_tx_confirmed);
71 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
72
73 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
74 /* based on auc_3g:
75 * K = 'EB215756028D60E3275E613320AEC880',
76 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
77 * SQN = 0
78 */
79 auth_request_sent = false;
80 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
81 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
82 gsup_rx("0a"
83 /* imsi */
84 "0108" "09710000000156f0"
85 /* 5 auth vectors... */
86 /* TL TL rand */
87 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
88 /* TL sres TL kc */
89 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
90 /* TL 3G IK */
91 "2310" "27497388b6cb044648f396aa155b95ef"
92 /* TL 3G CK */
93 "2410" "f64735036e5871319c679f4742a75ea1"
94 /* TL AUTN */
95 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
96 /* TL RES */
97 "2708" "e229c19e791f2e41"
98 /* TL TL rand */
99 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
100 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
101 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
102 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
103 "2510" "1843a645b98d00005b2d666af46c45d9"
104 "2708" "7db47cf7f81e4dc7"
105 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
106 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
107 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
108 "2410" "76542abce5ff9345b0e8947f4c6e019c"
109 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
110 "2708" "706f996719ba609c"
111 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
112 "2104" "d570c03f" "2208" "ec011be8919883d6"
113 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
114 "2410" "0593f65e752e5cb7f473862bda05aa0a"
115 "2510" "541ff1f077270000c5ea00d658bc7e9a"
116 "2708" "3fd26072eaa2a04d"
117 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
118 "2104" "b072446f220823f39f9f425ad6e6"
119 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
120 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
121 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]122 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]123 NULL);
124 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
125 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
126
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]127 if (encryption) {
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]128 if (via_ran == OSMO_RAT_GERAN_A) {
129 btw("Test code not implemented");
130 OSMO_ASSERT(false);
131 } else {
132 /* On UTRAN */
133 btw("Encryption enabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl");
134 expect_security_mode_ctrl(NULL, "27497388b6cb044648f396aa155b95ef");
135 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
136 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
137 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]138
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]139 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
140 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
141 ms_sends_security_mode_complete();
142 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
143 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
144 }
145 } else {
146 /* Encryption disabled */
147 btw("Encryption disabled. MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]148 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]149 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]150 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
151 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
152 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]153
154 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]155 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
156 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]157 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
158
159 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]160 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]161
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]162 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]163
164 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
165 EXPECT_CONN_COUNT(1);
166 EXPECT_ACCEPTED(false);
167 thwart_rx_non_initial_requests();
168
169 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]170 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]171 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
172 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
173 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
174 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]175 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]176
177 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]178 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]179 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]180 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]181 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]182
183 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]184 EXPECT_CONN_COUNT(0);
185
186 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
187 auth_request_sent = false;
188 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
189 auth_request_expect_autn = "1843a645b98d00005b2d666af46c45d9";
190 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]191 ms_sends_msg("052474"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]192 "03575886" /* classmark 2 */
193 "089910070000106005" /* IMSI */);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]194 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
195 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
196
197 btw("needs auth, not yet accepted");
198 EXPECT_ACCEPTED(false);
199 thwart_rx_non_initial_requests();
200
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]201 if (encryption) {
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]202 if (via_ran == OSMO_RAT_GERAN_A) {
203 btw("Test code not implemented");
204 OSMO_ASSERT(false);
205 } else {
206 /* On UTRAN */
207 btw("Encryption enabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl");
208 expect_security_mode_ctrl(NULL, "1159ec926a50e98c034a6b7d7c9f418d");
209 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
210 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
211 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
212
213 btw("MS sends SecurityModeControl acceptance, VLR accepts; above Ciphering is an implicit CM Service Accept");
214 ms_sends_security_mode_complete();
215 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
216 }
217 } else {
218 /* Encryption disabled */
219 btw("Encryption disabled. MS sends Authen Response, VLR accepts with a CM Service Accept");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]220 gsup_expect_tx(NULL);
221 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
222 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]223 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]224
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]225 /* Release connection */
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]226 expect_release_clear(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]227 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
228 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]229
230 btw("all requests serviced, conn has been released");
231 EXPECT_CONN_COUNT(0);
232
233 BTW("an SMS is sent, MS is paged");
234 paging_expect_imsi(imsi);
235 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]236 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]237 OSMO_ASSERT(vsub);
238 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
239
240 send_sms(vsub, vsub,
241 "Privacy in residential applications is a desirable"
242 " marketing option.");
243
244 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]245 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]246 vsub = NULL;
247 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]248
249 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]250 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]251 OSMO_ASSERT(vsub);
252 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]253 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]254
255 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
256 auth_request_sent = false;
257 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
258 auth_request_expect_autn = "f9375e6d41e1000096e7fe4ff1c27e39";
259 ms_sends_msg("062707"
260 "03575886" /* classmark 2 */
261 "089910070000106005" /* IMSI */);
262 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
263
264 btw("needs auth, not yet accepted");
265 EXPECT_ACCEPTED(false);
266 thwart_rx_non_initial_requests();
267
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]268 if (encryption) {
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]269 if (via_ran == OSMO_RAT_GERAN_A) {
270 btw("Test code not implemented");
271 OSMO_ASSERT(false);
272 } else {
273 /* On UTRAN */
274 btw("Encryption enabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl");
275 expect_security_mode_ctrl(NULL, "eb50e770ddcc3060101d2f43b6c2b884");
276 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
277 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
278
279 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends SMS");
280 dtap_expect_tx(sms);
281 ms_sends_security_mode_complete();
282 }
283 } else {
284 /* Encryption disabled */
285 btw("Encryption disabled. MS sends Authen Response, VLR accepts and sends pending SMS");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]286 dtap_expect_tx(sms);
287 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
288 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]289 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]290
291 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]292 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]293 OSMO_ASSERT(vsub);
294 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]295 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]296
297 btw("conn is still open to wait for SMS ack dance");
298 EXPECT_CONN_COUNT(1);
299
300 btw("MS replies with CP-ACK for received SMS");
301 ms_sends_msg("8904");
302 EXPECT_CONN_COUNT(1);
303
304 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
305 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]306 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]307 ms_sends_msg("890106020041020000");
308 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]309 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]310 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]311
312 btw("SMS is done, conn is gone");
313 EXPECT_CONN_COUNT(0);
314
315 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]316 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]317 ms_sends_msg("050130"
318 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]319 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]320 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]321
322 EXPECT_CONN_COUNT(0);
323 clear_vlr();
324}
325
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]326static void test_umts_authen_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]327{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]328 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]329 _test_umts_authen(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]330 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]331}
332
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]333static void test_umts_authen_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]334{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]335 comment_start();
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]336 net->uea_encryption = false;
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]337 _test_umts_authen(OSMO_RAT_UTRAN_IU);
338 comment_end();
339}
340
341static void test_umts_auth_ciph_utran()
342{
343 comment_start();
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]344 net->uea_encryption = true;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]345 _test_umts_authen(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]346 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]347}
348
349#define RECALC_AUTS 0
350
351#if RECALC_AUTS
352typedef uint8_t u8;
353extern int milenage_f2345(const u8 *opc, const u8 *k, const u8 *_rand,
354 u8 *res, u8 *ck, u8 *ik, u8 *ak, u8 *akstar);
355extern int milenage_f1(const u8 *opc, const u8 *k, const u8 *_rand,
356 const u8 *sqn, const u8 *amf, u8 *mac_a, u8 *mac_s);
357#endif
358
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]359static void _test_umts_authen_resync(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]360{
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]361 struct vlr_subscr *vsub;
362 const char *imsi = "901700000010650";
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]363 bool encryption = (via_ran == OSMO_RAT_GERAN_A && net->a5_encryption_mask > 0x1)
364 || (via_ran == OSMO_RAT_UTRAN_IU && net->uea_encryption);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]365
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]366 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]367 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]368 rx_from_ran = via_ran;
369
370 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
371 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]372 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]373 ms_sends_msg("0508" /* MM LU */
374 "7" /* ciph key seq: no key available */
375 "0" /* LU type: normal */
376 "ffffff" "0000" /* LAI, LAC */
377 "57" /* classmark 1: R99, early classmark, no power lvl */
378 "089910070000106005" /* IMSI */
379 "3303575886" /* classmark 2 */
380 );
381 OSMO_ASSERT(gsup_tx_confirmed);
382 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
383
384 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
385 /* based on auc_3g:
386 * K = 'EB215756028D60E3275E613320AEC880',
387 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
388 * SQN = 0
389 */
390 auth_request_sent = false;
391 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
392 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
393 gsup_rx("0a"
394 /* imsi */
395 "0108" "09710000000156f0"
396 /* auth vectors... */
397 /* TL TL rand */
398 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
399 /* TL sres TL kc */
400 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
401 /* TL 3G IK */
402 "2310" "27497388b6cb044648f396aa155b95ef"
403 /* TL 3G CK */
404 "2410" "f64735036e5871319c679f4742a75ea1"
405 /* TL AUTN */
406 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
407 /* TL RES */
408 "2708" "e229c19e791f2e41"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]409 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]410 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
411 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
412
413 /* The AUTN sent was 8704f5ba55f30000d2ee44b22c8ea919
414 * (see expected error output)
415 * with the first 6 bytes being SQN ^ AK.
416 * K = EB215756028D60E3275E613320AEC880
417 * OPC = FB2A3D1B360F599ABAB99DB8669F8308
418 * RAND = 39fa2f4e3d523d8619a73b4f65c3e14d
419 * --milenage-f5-->
420 * AK = 8704f5ba55f3
421 *
422 * The first six bytes are 8704f5ba55f3,
423 * and 8704f5ba55f3 ^ AK = 0.
424 * --> SQN = 0.
425 *
426 * Say the USIM doesn't like that, let's say it is at SQN 23.
427 * SQN_MS = 000000000017
428 *
429 * AUTS = Conc(SQN_MS) || MAC-S
430 * Conc(SQN_MS) = SQN_MS ⊕ f5*[K](RAND)
431 * MAC-S = f1*[K] (SQN MS || RAND || AMF)
432 *
433 * f5*--> Conc(SQN_MS) = 000000000017 ^ 979498b1f73a
434 * = 979498b1f72d
435 * AMF = 0000 (TS 33.102 v7.0.0, 6.3.3)
436 *
437 * MAC-S = f1*[K] (000000000017 || 39fa2f4e3d523d8619a73b4f65c3e14d || 0000)
438 * = 3e28c59fa2e72f9c
439 *
440 * AUTS = 979498b1f72d || 3e28c59fa2e72f9c
441 */
442#if RECALC_AUTS
443 uint8_t ak[6];
444 uint8_t akstar[6];
445 uint8_t opc[16];
446 uint8_t k[16];
447 uint8_t rand[16];
448 osmo_hexparse("EB215756028D60E3275E613320AEC880", k, sizeof(k));
449 osmo_hexparse("FB2A3D1B360F599ABAB99DB8669F8308", opc, sizeof(opc));
450 osmo_hexparse("39fa2f4e3d523d8619a73b4f65c3e14d", rand, sizeof(rand));
451 milenage_f2345(opc, k, rand, NULL, NULL, NULL, ak, akstar);
452 btw("ak = %s", osmo_hexdump_nospc(ak, sizeof(ak)));
453 btw("akstar = %s", osmo_hexdump_nospc(akstar, sizeof(akstar)));
454
455 uint8_t sqn_ms[6] = { 0, 0, 0, 0, 0, 23 };
456 uint8_t amf[2] = { 0 };
457 uint8_t mac_s[8];
458 milenage_f1(opc, k, rand, sqn_ms, amf, NULL, mac_s);
459 btw("mac_s = %s", osmo_hexdump_nospc(mac_s, sizeof(mac_s)));
460 /* verify valid AUTS resulting in SQN 23 with:
461 osmo-auc-gen -3 -a milenage -k EB215756028D60E3275E613320AEC880 \
462 -o FB2A3D1B360F599ABAB99DB8669F8308 \
463 -r 39fa2f4e3d523d8619a73b4f65c3e14d \
464 -A 979498b1f72d3e28c59fa2e72f9c
465 */
466#endif
467
468 btw("MS sends Authen Failure with Resync cause, VLR sends GSUP to HLR to resync");
469 auth_request_sent = false;
470 gsup_expect_tx("08" /* OSMO_GSUP_MSGT_SEND_AUTH_INFO_REQUEST */
471 "0108" "09710000000156f0" /* IMSI */
472 "260e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]473 "2010" "39fa2f4e3d523d8619a73b4f65c3e14d" /* RAND */
474 VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]475 ms_sends_msg("051c" /* 05 = MM; 1c = Auth Failure */
476 "15" /* cause = Synch Failure */
477 "220e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */);
478 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
479 VERBOSE_ASSERT(auth_request_sent, == false, "%d");
480 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
481
482 btw("HLR replies with new tuples");
483 auth_request_sent = false;
484 auth_request_expect_rand = "0f1feb1623e1bf626334e37ec448ac18";
485 auth_request_expect_autn = "02a83f62e9470000660d51afc75f169d";
486 gsup_rx("0a"
487 /* imsi */
488 "0108" "09710000000156f0"
489 /* 1 auth vector */
490 /* TL TL rand */
491 "0362" "2010" "0f1feb1623e1bf626334e37ec448ac18"
492 /* TL sres TL kc */
493 "2104" "efde99da" "2208" "14778c855c523730"
494 /* TL 3G IK */
495 "2310" "8a90c769b7272f3bb7a1c1fbb1ea9349"
496 /* TL 3G CK */
497 "2410" "43ffc1cf8c89a7fd6ab94bd8d6162cbf"
498 /* TL AUTN */
499 "2510" "02a83f62e9470000660d51afc75f169d"
500 /* TL RES */
501 "2708" "1df5f0b4f22b696e"
502 /* TL TL rand */
503 "0362" "2010" "ac21d34937b4e1142a2c757af2949319"
504 /* TL sres TL kc */
505 "2104" "7818bfdc" "2208" "d175571f41f314a4"
506 /* TL 3G IK */
507 "2310" "ff8edbceb6dd24799c77c3b9a6790c10"
508 /* TL 3G CK */
509 "2410" "157c39022ca9d885a7f0766a7dfee448"
510 /* TL AUTN */
511 "2510" "8a43b91898e500002cf354c6f5d1f8c3"
512 /* TL RES */
513 "2708" "f748a7078f5018db"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]514 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]515
516 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
517 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
518
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]519 if (encryption) {
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]520 if (via_ran == OSMO_RAT_GERAN_A) {
521 btw("Test code not implemented");
522 OSMO_ASSERT(false);
523 } else {
524 /* On UTRAN */
525 btw("Encryption enabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl");
526 expect_security_mode_ctrl(NULL, "8a90c769b7272f3bb7a1c1fbb1ea9349");
527 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
528 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
529 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]530
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]531 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
532 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
533 ms_sends_security_mode_complete();
534 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
535 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
536 }
537 } else {
538 /* Encryption disabled */
539 btw("Encryption disabled. MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]540 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]541 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]542 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
543 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
544 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]545
546 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]547 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
548 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]549 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
550
551 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]552 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]553
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]554 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]555
556 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
557 EXPECT_CONN_COUNT(1);
558 EXPECT_ACCEPTED(false);
559 thwart_rx_non_initial_requests();
560
561 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]562 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]563 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
564 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
565 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
566 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]567 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]568
569 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]570 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]571 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]572 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]573 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]574
575 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]576 EXPECT_CONN_COUNT(0);
577
578 clear_vlr();
579}
580
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]581static void test_umts_authen_resync_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]582{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]583 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]584 _test_umts_authen_resync(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]585 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]586}
587
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]588static void test_umts_authen_resync_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]589{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]590 comment_start();
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]591 net->uea_encryption = false;
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]592 _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
593 comment_end();
594}
595
596static void test_umts_auth_ciph_resync_utran()
597{
598 comment_start();
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame^]599 net->uea_encryption = true;
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]600 _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]601 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]602}
603
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]604static void _test_umts_authen_too_short_res(enum osmo_rat_type via_ran)
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]605{
606 net->authentication_required = true;
607 net->vlr->cfg.assign_tmsi = true;
608 rx_from_ran = via_ran;
609
610 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
611 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]612 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]613 ms_sends_msg("0508" /* MM LU */
614 "7" /* ciph key seq: no key available */
615 "0" /* LU type: normal */
616 "ffffff" "0000" /* LAI, LAC */
617 "57" /* classmark 1: R99, early classmark, no power lvl */
618 "089910070000106005" /* IMSI */
619 "3303575886" /* classmark 2 */
620 );
621 OSMO_ASSERT(gsup_tx_confirmed);
622 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
623
624 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
625 /* based on auc_3g:
626 * K = 'EB215756028D60E3275E613320AEC880',
627 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
628 * SQN = 0
629 */
630 auth_request_sent = false;
631 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
632 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
633 gsup_rx("0a"
634 /* imsi */
635 "0108" "09710000000156f0"
636 /* 5 auth vectors... */
637 /* TL TL rand */
638 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
639 /* TL sres TL kc */
640 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
641 /* TL 3G IK */
642 "2310" "27497388b6cb044648f396aa155b95ef"
643 /* TL 3G CK */
644 "2410" "f64735036e5871319c679f4742a75ea1"
645 /* TL AUTN */
646 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
647 /* TL RES */
648 "2708" "e229c19e791f2e41"
649 /* TL TL rand */
650 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
651 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
652 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
653 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
654 "2510" "1843a645b98d00005b2d666af46c45d9"
655 "2708" "7db47cf7f81e4dc7"
656 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
657 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
658 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
659 "2410" "76542abce5ff9345b0e8947f4c6e019c"
660 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
661 "2708" "706f996719ba609c"
662 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
663 "2104" "d570c03f" "2208" "ec011be8919883d6"
664 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
665 "2410" "0593f65e752e5cb7f473862bda05aa0a"
666 "2510" "541ff1f077270000c5ea00d658bc7e9a"
667 "2708" "3fd26072eaa2a04d"
668 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
669 "2104" "b072446f220823f39f9f425ad6e6"
670 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
671 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
672 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]673 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]674 NULL);
675 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
676 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
677
678 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]679 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]680 expect_release_clear(via_ran);
681 ms_sends_msg("0554" "e229c19e" "2103" "791f2e" /* nipped one byte */);
682 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
683 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]684 ran_sends_clear_complete(via_ran);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]685
686 EXPECT_CONN_COUNT(0);
687 clear_vlr();
688}
689
690static void test_umts_authen_too_short_res_geran()
691{
692 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]693 _test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]694 comment_end();
695}
696
697static void test_umts_authen_too_short_res_utran()
698{
699 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]700 _test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]701 comment_end();
702}
703
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]704static void _test_umts_authen_too_long_res(enum osmo_rat_type via_ran)
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]705{
706 net->authentication_required = true;
707 net->vlr->cfg.assign_tmsi = true;
708 rx_from_ran = via_ran;
709
710 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
711 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]712 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]713 ms_sends_msg("0508" /* MM LU */
714 "7" /* ciph key seq: no key available */
715 "0" /* LU type: normal */
716 "ffffff" "0000" /* LAI, LAC */
717 "57" /* classmark 1: R99, early classmark, no power lvl */
718 "089910070000106005" /* IMSI */
719 "3303575886" /* classmark 2 */
720 );
721 OSMO_ASSERT(gsup_tx_confirmed);
722 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
723
724 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
725 /* based on auc_3g:
726 * K = 'EB215756028D60E3275E613320AEC880',
727 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
728 * SQN = 0
729 */
730 auth_request_sent = false;
731 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
732 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
733 gsup_rx("0a"
734 /* imsi */
735 "0108" "09710000000156f0"
736 /* 5 auth vectors... */
737 /* TL TL rand */
738 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
739 /* TL sres TL kc */
740 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
741 /* TL 3G IK */
742 "2310" "27497388b6cb044648f396aa155b95ef"
743 /* TL 3G CK */
744 "2410" "f64735036e5871319c679f4742a75ea1"
745 /* TL AUTN */
746 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
747 /* TL RES */
748 "2708" "e229c19e791f2e41"
749 /* TL TL rand */
750 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
751 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
752 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
753 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
754 "2510" "1843a645b98d00005b2d666af46c45d9"
755 "2708" "7db47cf7f81e4dc7"
756 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
757 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
758 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
759 "2410" "76542abce5ff9345b0e8947f4c6e019c"
760 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
761 "2708" "706f996719ba609c"
762 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
763 "2104" "d570c03f" "2208" "ec011be8919883d6"
764 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
765 "2410" "0593f65e752e5cb7f473862bda05aa0a"
766 "2510" "541ff1f077270000c5ea00d658bc7e9a"
767 "2708" "3fd26072eaa2a04d"
768 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
769 "2104" "b072446f220823f39f9f425ad6e6"
770 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
771 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
772 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]773 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]774 NULL);
775 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
776 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
777
778 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]779 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]780 expect_release_clear(via_ran);
781 ms_sends_msg("0554" "e229c19e" "2105" "791f2e4123" /* added one byte */);
782 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
783 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]784 ran_sends_clear_complete(via_ran);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]785
786 EXPECT_CONN_COUNT(0);
787 clear_vlr();
788}
789
790static void test_umts_authen_too_long_res_geran()
791{
792 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]793 _test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]794 comment_end();
795}
796
797static void test_umts_authen_too_long_res_utran()
798{
799 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]800 _test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]801 comment_end();
802}
803
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]804static void _test_umts_authen_only_sres(enum osmo_rat_type via_ran)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]805{
806 net->authentication_required = true;
807 net->vlr->cfg.assign_tmsi = true;
808 rx_from_ran = via_ran;
809
810 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
811 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]812 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]813 ms_sends_msg("0508" /* MM LU */
814 "7" /* ciph key seq: no key available */
815 "0" /* LU type: normal */
816 "ffffff" "0000" /* LAI, LAC */
817 "57" /* classmark 1: R99, early classmark, no power lvl */
818 "089910070000106005" /* IMSI */
819 "3303575886" /* classmark 2 */
820 );
821 OSMO_ASSERT(gsup_tx_confirmed);
822 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
823
824 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
825 /* based on auc_3g:
826 * K = 'EB215756028D60E3275E613320AEC880',
827 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
828 * SQN = 0
829 */
830 auth_request_sent = false;
831 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
832 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
833 gsup_rx("0a"
834 /* imsi */
835 "0108" "09710000000156f0"
836 /* 5 auth vectors... */
837 /* TL TL rand */
838 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
839 /* TL sres TL kc */
840 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
841 /* TL 3G IK */
842 "2310" "27497388b6cb044648f396aa155b95ef"
843 /* TL 3G CK */
844 "2410" "f64735036e5871319c679f4742a75ea1"
845 /* TL AUTN */
846 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
847 /* TL RES */
848 "2708" "e229c19e791f2e41"
849 /* TL TL rand */
850 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
851 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
852 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
853 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
854 "2510" "1843a645b98d00005b2d666af46c45d9"
855 "2708" "7db47cf7f81e4dc7"
856 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
857 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
858 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
859 "2410" "76542abce5ff9345b0e8947f4c6e019c"
860 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
861 "2708" "706f996719ba609c"
862 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
863 "2104" "d570c03f" "2208" "ec011be8919883d6"
864 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
865 "2410" "0593f65e752e5cb7f473862bda05aa0a"
866 "2510" "541ff1f077270000c5ea00d658bc7e9a"
867 "2708" "3fd26072eaa2a04d"
868 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
869 "2104" "b072446f220823f39f9f425ad6e6"
870 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
871 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
872 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]873 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]874 NULL);
875 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
876 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
877
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]878 if (via_ran == OSMO_RAT_GERAN_A)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]879 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
880 " GERAN reports an SRES mismatch");
881 else
882 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
883 " UTRAN disallows GSM AKA altogether");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]884 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]885 expect_release_clear(via_ran);
886 ms_sends_msg("0554" "e229c19e" /* Only the SRES half of the RES */);
887 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
888 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]889 ran_sends_clear_complete(via_ran);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]890
891 EXPECT_CONN_COUNT(0);
892 clear_vlr();
893}
894
895static void test_umts_authen_only_sres_geran()
896{
897 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]898 _test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]899 comment_end();
900}
901
902static void test_umts_authen_only_sres_utran()
903{
904 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]905 _test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]906 comment_end();
907}
908
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]909
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]910msc_vlr_test_func_t msc_vlr_tests[] = {
911 test_umts_authen_geran,
912 test_umts_authen_utran,
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]913 test_umts_auth_ciph_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]914 test_umts_authen_resync_geran,
915 test_umts_authen_resync_utran,
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]916 test_umts_auth_ciph_resync_utran,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]917 test_umts_authen_too_short_res_geran,
918 test_umts_authen_too_short_res_utran,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]919 test_umts_authen_too_long_res_geran,
920 test_umts_authen_too_long_res_utran,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]921 test_umts_authen_only_sres_geran,
922 test_umts_authen_only_sres_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]923 NULL
924};