Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 722f2b4161b01aceb37ab0b2c41ab09b92c4e93f / . / tests / msc_vlr / msc_vlr_test_umts_authen.c
blob: 03f516fe9301b383a8b2a96cb8cbeb946f3923d8 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]26static void _test_umts_authen(enum ran_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000010650";
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]30 const char *sms =
31 "09" /* SMS messages */
32 "01" /* CP-DATA */
33 "58" /* length */
34 "01" /* Network to MS */
35 "00" /* reference */
36 /* originator (gsm411_send_sms() hardcodes this weird nr) */
37 "0791" "447758100650" /* 447785016005 */
38 "00" /* dest */
39 /* SMS TPDU */
40 "4c" /* len */
41 "00" /* SMS deliver */
42 "05802443f2" /* originating address 42342 */
43 "00" /* TP-PID */
44 "00" /* GSM default alphabet */
45 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
46 "000000" /* H-M-S */
47 "00" /* GMT+0 */
48 "44" /* data length */
49 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
50 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
51 "0c7ac3e9e9b7db05";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]52
53 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]54 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]55 rx_from_ran = via_ran;
56
57 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
58 lu_result_sent = RES_NONE;
59 gsup_expect_tx("080108" "09710000000156f0");
60 ms_sends_msg("0508" /* MM LU */
61 "7" /* ciph key seq: no key available */
62 "0" /* LU type: normal */
63 "ffffff" "0000" /* LAI, LAC */
64 "57" /* classmark 1: R99, early classmark, no power lvl */
65 "089910070000106005" /* IMSI */
66 "3303575886" /* classmark 2 */
67 );
68 OSMO_ASSERT(gsup_tx_confirmed);
69 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
70
71 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
72 /* based on auc_3g:
73 * K = 'EB215756028D60E3275E613320AEC880',
74 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
75 * SQN = 0
76 */
77 auth_request_sent = false;
78 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
79 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
80 gsup_rx("0a"
81 /* imsi */
82 "0108" "09710000000156f0"
83 /* 5 auth vectors... */
84 /* TL TL rand */
85 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
86 /* TL sres TL kc */
87 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
88 /* TL 3G IK */
89 "2310" "27497388b6cb044648f396aa155b95ef"
90 /* TL 3G CK */
91 "2410" "f64735036e5871319c679f4742a75ea1"
92 /* TL AUTN */
93 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
94 /* TL RES */
95 "2708" "e229c19e791f2e41"
96 /* TL TL rand */
97 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
98 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
99 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
100 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
101 "2510" "1843a645b98d00005b2d666af46c45d9"
102 "2708" "7db47cf7f81e4dc7"
103 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
104 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
105 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
106 "2410" "76542abce5ff9345b0e8947f4c6e019c"
107 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
108 "2708" "706f996719ba609c"
109 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
110 "2104" "d570c03f" "2208" "ec011be8919883d6"
111 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
112 "2410" "0593f65e752e5cb7f473862bda05aa0a"
113 "2510" "541ff1f077270000c5ea00d658bc7e9a"
114 "2708" "3fd26072eaa2a04d"
115 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
116 "2104" "b072446f220823f39f9f425ad6e6"
117 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
118 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
119 "2510" "4bf4e564f75300009bc796706bc65744"
120 "2708" "0edb0eadbea94ac2",
121 NULL);
122 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
123 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
124
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]125 if (via_ran == RAN_GERAN_A) {
126 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
127 gsup_expect_tx("04010809710000000156f0");
128 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
129 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
130 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
131 } else {
132 /* On UTRAN */
133 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]134 expect_security_mode_ctrl(NULL, "27497388b6cb044648f396aa155b95ef");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]135 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]136 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]137 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
138
139 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
140 gsup_expect_tx("04010809710000000156f0");
141 ms_sends_security_mode_complete();
142 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
143 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
144 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]145
146 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
147 gsup_rx("10010809710000000156f00804032443f2",
148 "12010809710000000156f0");
149 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
150
151 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
152 gsup_rx("06010809710000000156f0", NULL);
153
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]154 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]155
156 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
157 EXPECT_CONN_COUNT(1);
158 EXPECT_ACCEPTED(false);
159 thwart_rx_non_initial_requests();
160
161 btw("even though the TMSI is not acked, we can already find the subscr with it");
162 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
163 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
164 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
165 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
166 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
167 vlr_subscr_put(vsub);
168
169 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]170 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]171 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]172 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]173 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]174
175 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]176 EXPECT_CONN_COUNT(0);
177
178 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
179 auth_request_sent = false;
180 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
181 auth_request_expect_autn = "1843a645b98d00005b2d666af46c45d9";
182 cm_service_result_sent = RES_NONE;
183 ms_sends_msg("052478"
184 "03575886" /* classmark 2 */
185 "089910070000106005" /* IMSI */);
186 OSMO_ASSERT(g_conn);
Neels Hofmeyr4d3a66b2018-03-31 18:45:59 +0200[diff] [blame]187 OSMO_ASSERT(g_conn->fi);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]188 OSMO_ASSERT(g_conn->vsub);
189 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
190 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
191
192 btw("needs auth, not yet accepted");
193 EXPECT_ACCEPTED(false);
194 thwart_rx_non_initial_requests();
195
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]196 if (via_ran == RAN_GERAN_A) {
197 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
198 gsup_expect_tx(NULL);
199 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
200 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
201 } else {
202 /* On UTRAN */
203 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]204 expect_security_mode_ctrl(NULL, "1159ec926a50e98c034a6b7d7c9f418d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]205 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]206 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]207 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
208
209 btw("MS sends SecurityModeControl acceptance, VLR accepts; above Ciphering is an implicit CM Service Accept");
210 ms_sends_security_mode_complete();
211 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
212 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]213
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]214 /* Release connection */
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]215 expect_release_clear(via_ran);
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]216 conn_conclude_cm_service_req(g_conn, via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]217 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]218
219 btw("all requests serviced, conn has been released");
220 EXPECT_CONN_COUNT(0);
221
222 BTW("an SMS is sent, MS is paged");
223 paging_expect_imsi(imsi);
224 paging_sent = false;
225 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
226 OSMO_ASSERT(vsub);
227 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
228
229 send_sms(vsub, vsub,
230 "Privacy in residential applications is a desirable"
231 " marketing option.");
232
233 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
234 vlr_subscr_put(vsub);
235 vsub = NULL;
236 VERBOSE_ASSERT(paging_sent, == true, "%d");
237 VERBOSE_ASSERT(paging_stopped, == false, "%d");
238
239 btw("the subscriber and its pending request should remain");
240 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
241 OSMO_ASSERT(vsub);
242 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
243 vlr_subscr_put(vsub);
244
245 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
246 auth_request_sent = false;
247 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
248 auth_request_expect_autn = "f9375e6d41e1000096e7fe4ff1c27e39";
249 ms_sends_msg("062707"
250 "03575886" /* classmark 2 */
251 "089910070000106005" /* IMSI */);
252 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
253
254 btw("needs auth, not yet accepted");
255 EXPECT_ACCEPTED(false);
256 thwart_rx_non_initial_requests();
257
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]258 if (via_ran == RAN_GERAN_A) {
259 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
260 dtap_expect_tx(sms);
261 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
262 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
263 VERBOSE_ASSERT(paging_stopped, == true, "%d");
264 } else {
265 /* On UTRAN */
266 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]267 expect_security_mode_ctrl(NULL, "eb50e770ddcc3060101d2f43b6c2b884");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]268 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]269 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]270 VERBOSE_ASSERT(paging_stopped, == false, "%d");
271
272 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends SMS");
273 dtap_expect_tx(sms);
274 ms_sends_security_mode_complete();
275 VERBOSE_ASSERT(paging_stopped, == true, "%d");
276 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]277
278 btw("SMS was delivered, no requests pending for subscr");
279 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi);
280 OSMO_ASSERT(vsub);
281 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
282 vlr_subscr_put(vsub);
283
284 btw("conn is still open to wait for SMS ack dance");
285 EXPECT_CONN_COUNT(1);
286
287 btw("MS replies with CP-ACK for received SMS");
288 ms_sends_msg("8904");
289 EXPECT_CONN_COUNT(1);
290
291 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
292 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]293 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]294 ms_sends_msg("890106020041020000");
295 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]296 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]297 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]298
299 btw("SMS is done, conn is gone");
300 EXPECT_CONN_COUNT(0);
301
302 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]303 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]304 ms_sends_msg("050130"
305 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]306 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]307 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]308
309 EXPECT_CONN_COUNT(0);
310 clear_vlr();
311}
312
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]313static void test_umts_authen_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]314{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]315 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]316 _test_umts_authen(RAN_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]317 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]318}
319
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]320static void test_umts_authen_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]321{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]322 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]323 _test_umts_authen(RAN_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]324 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]325}
326
327#define RECALC_AUTS 0
328
329#if RECALC_AUTS
330typedef uint8_t u8;
331extern int milenage_f2345(const u8 *opc, const u8 *k, const u8 *_rand,
332 u8 *res, u8 *ck, u8 *ik, u8 *ak, u8 *akstar);
333extern int milenage_f1(const u8 *opc, const u8 *k, const u8 *_rand,
334 const u8 *sqn, const u8 *amf, u8 *mac_a, u8 *mac_s);
335#endif
336
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]337static void _test_umts_authen_resync(enum ran_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]338{
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]339 struct vlr_subscr *vsub;
340 const char *imsi = "901700000010650";
341
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]342 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]343 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]344 rx_from_ran = via_ran;
345
346 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
347 lu_result_sent = RES_NONE;
348 gsup_expect_tx("080108" "09710000000156f0");
349 ms_sends_msg("0508" /* MM LU */
350 "7" /* ciph key seq: no key available */
351 "0" /* LU type: normal */
352 "ffffff" "0000" /* LAI, LAC */
353 "57" /* classmark 1: R99, early classmark, no power lvl */
354 "089910070000106005" /* IMSI */
355 "3303575886" /* classmark 2 */
356 );
357 OSMO_ASSERT(gsup_tx_confirmed);
358 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
359
360 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
361 /* based on auc_3g:
362 * K = 'EB215756028D60E3275E613320AEC880',
363 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
364 * SQN = 0
365 */
366 auth_request_sent = false;
367 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
368 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
369 gsup_rx("0a"
370 /* imsi */
371 "0108" "09710000000156f0"
372 /* auth vectors... */
373 /* TL TL rand */
374 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
375 /* TL sres TL kc */
376 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
377 /* TL 3G IK */
378 "2310" "27497388b6cb044648f396aa155b95ef"
379 /* TL 3G CK */
380 "2410" "f64735036e5871319c679f4742a75ea1"
381 /* TL AUTN */
382 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
383 /* TL RES */
384 "2708" "e229c19e791f2e41"
385 ,NULL);
386 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
387 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
388
389 /* The AUTN sent was 8704f5ba55f30000d2ee44b22c8ea919
390 * (see expected error output)
391 * with the first 6 bytes being SQN ^ AK.
392 * K = EB215756028D60E3275E613320AEC880
393 * OPC = FB2A3D1B360F599ABAB99DB8669F8308
394 * RAND = 39fa2f4e3d523d8619a73b4f65c3e14d
395 * --milenage-f5-->
396 * AK = 8704f5ba55f3
397 *
398 * The first six bytes are 8704f5ba55f3,
399 * and 8704f5ba55f3 ^ AK = 0.
400 * --> SQN = 0.
401 *
402 * Say the USIM doesn't like that, let's say it is at SQN 23.
403 * SQN_MS = 000000000017
404 *
405 * AUTS = Conc(SQN_MS) || MAC-S
406 * Conc(SQN_MS) = SQN_MS ⊕ f5*[K](RAND)
407 * MAC-S = f1*[K] (SQN MS || RAND || AMF)
408 *
409 * f5*--> Conc(SQN_MS) = 000000000017 ^ 979498b1f73a
410 * = 979498b1f72d
411 * AMF = 0000 (TS 33.102 v7.0.0, 6.3.3)
412 *
413 * MAC-S = f1*[K] (000000000017 || 39fa2f4e3d523d8619a73b4f65c3e14d || 0000)
414 * = 3e28c59fa2e72f9c
415 *
416 * AUTS = 979498b1f72d || 3e28c59fa2e72f9c
417 */
418#if RECALC_AUTS
419 uint8_t ak[6];
420 uint8_t akstar[6];
421 uint8_t opc[16];
422 uint8_t k[16];
423 uint8_t rand[16];
424 osmo_hexparse("EB215756028D60E3275E613320AEC880", k, sizeof(k));
425 osmo_hexparse("FB2A3D1B360F599ABAB99DB8669F8308", opc, sizeof(opc));
426 osmo_hexparse("39fa2f4e3d523d8619a73b4f65c3e14d", rand, sizeof(rand));
427 milenage_f2345(opc, k, rand, NULL, NULL, NULL, ak, akstar);
428 btw("ak = %s", osmo_hexdump_nospc(ak, sizeof(ak)));
429 btw("akstar = %s", osmo_hexdump_nospc(akstar, sizeof(akstar)));
430
431 uint8_t sqn_ms[6] = { 0, 0, 0, 0, 0, 23 };
432 uint8_t amf[2] = { 0 };
433 uint8_t mac_s[8];
434 milenage_f1(opc, k, rand, sqn_ms, amf, NULL, mac_s);
435 btw("mac_s = %s", osmo_hexdump_nospc(mac_s, sizeof(mac_s)));
436 /* verify valid AUTS resulting in SQN 23 with:
437 osmo-auc-gen -3 -a milenage -k EB215756028D60E3275E613320AEC880 \
438 -o FB2A3D1B360F599ABAB99DB8669F8308 \
439 -r 39fa2f4e3d523d8619a73b4f65c3e14d \
440 -A 979498b1f72d3e28c59fa2e72f9c
441 */
442#endif
443
444 btw("MS sends Authen Failure with Resync cause, VLR sends GSUP to HLR to resync");
445 auth_request_sent = false;
446 gsup_expect_tx("08" /* OSMO_GSUP_MSGT_SEND_AUTH_INFO_REQUEST */
447 "0108" "09710000000156f0" /* IMSI */
448 "260e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */
449 "2010" "39fa2f4e3d523d8619a73b4f65c3e14d" /* RAND */);
450 ms_sends_msg("051c" /* 05 = MM; 1c = Auth Failure */
451 "15" /* cause = Synch Failure */
452 "220e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */);
453 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
454 VERBOSE_ASSERT(auth_request_sent, == false, "%d");
455 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
456
457 btw("HLR replies with new tuples");
458 auth_request_sent = false;
459 auth_request_expect_rand = "0f1feb1623e1bf626334e37ec448ac18";
460 auth_request_expect_autn = "02a83f62e9470000660d51afc75f169d";
461 gsup_rx("0a"
462 /* imsi */
463 "0108" "09710000000156f0"
464 /* 1 auth vector */
465 /* TL TL rand */
466 "0362" "2010" "0f1feb1623e1bf626334e37ec448ac18"
467 /* TL sres TL kc */
468 "2104" "efde99da" "2208" "14778c855c523730"
469 /* TL 3G IK */
470 "2310" "8a90c769b7272f3bb7a1c1fbb1ea9349"
471 /* TL 3G CK */
472 "2410" "43ffc1cf8c89a7fd6ab94bd8d6162cbf"
473 /* TL AUTN */
474 "2510" "02a83f62e9470000660d51afc75f169d"
475 /* TL RES */
476 "2708" "1df5f0b4f22b696e"
477 /* TL TL rand */
478 "0362" "2010" "ac21d34937b4e1142a2c757af2949319"
479 /* TL sres TL kc */
480 "2104" "7818bfdc" "2208" "d175571f41f314a4"
481 /* TL 3G IK */
482 "2310" "ff8edbceb6dd24799c77c3b9a6790c10"
483 /* TL 3G CK */
484 "2410" "157c39022ca9d885a7f0766a7dfee448"
485 /* TL AUTN */
486 "2510" "8a43b91898e500002cf354c6f5d1f8c3"
487 /* TL RES */
488 "2708" "f748a7078f5018db"
489 ,NULL);
490
491 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
492 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
493
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]494 if (via_ran == RAN_GERAN_A) {
495 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
496 gsup_expect_tx("04010809710000000156f0");
497 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
498 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
499 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
500 } else {
501 /* On UTRAN */
502 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]503 expect_security_mode_ctrl(NULL, "8a90c769b7272f3bb7a1c1fbb1ea9349");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]504 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]505 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]506 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
507
508 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
509 gsup_expect_tx("04010809710000000156f0");
510 ms_sends_security_mode_complete();
511 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
512 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
513 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]514
515 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
516 gsup_rx("10010809710000000156f00804032443f2",
517 "12010809710000000156f0");
518 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
519
520 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
521 gsup_rx("06010809710000000156f0", NULL);
522
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]523 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]524
525 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
526 EXPECT_CONN_COUNT(1);
527 EXPECT_ACCEPTED(false);
528 thwart_rx_non_initial_requests();
529
530 btw("even though the TMSI is not acked, we can already find the subscr with it");
531 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100);
532 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
533 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
534 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
535 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
536 vlr_subscr_put(vsub);
537
538 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]539 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]540 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]541 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]542 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]543
544 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]545 EXPECT_CONN_COUNT(0);
546
547 clear_vlr();
548}
549
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]550static void test_umts_authen_resync_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]551{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]552 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]553 _test_umts_authen_resync(RAN_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]554 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]555}
556
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]557static void test_umts_authen_resync_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]558{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]559 comment_start();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]560 _test_umts_authen_resync(RAN_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]561 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]562}
563
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]564static void _test_umts_authen_too_short_res(enum ran_type via_ran)
565{
566 net->authentication_required = true;
567 net->vlr->cfg.assign_tmsi = true;
568 rx_from_ran = via_ran;
569
570 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
571 lu_result_sent = RES_NONE;
572 gsup_expect_tx("080108" "09710000000156f0");
573 ms_sends_msg("0508" /* MM LU */
574 "7" /* ciph key seq: no key available */
575 "0" /* LU type: normal */
576 "ffffff" "0000" /* LAI, LAC */
577 "57" /* classmark 1: R99, early classmark, no power lvl */
578 "089910070000106005" /* IMSI */
579 "3303575886" /* classmark 2 */
580 );
581 OSMO_ASSERT(gsup_tx_confirmed);
582 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
583
584 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
585 /* based on auc_3g:
586 * K = 'EB215756028D60E3275E613320AEC880',
587 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
588 * SQN = 0
589 */
590 auth_request_sent = false;
591 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
592 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
593 gsup_rx("0a"
594 /* imsi */
595 "0108" "09710000000156f0"
596 /* 5 auth vectors... */
597 /* TL TL rand */
598 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
599 /* TL sres TL kc */
600 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
601 /* TL 3G IK */
602 "2310" "27497388b6cb044648f396aa155b95ef"
603 /* TL 3G CK */
604 "2410" "f64735036e5871319c679f4742a75ea1"
605 /* TL AUTN */
606 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
607 /* TL RES */
608 "2708" "e229c19e791f2e41"
609 /* TL TL rand */
610 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
611 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
612 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
613 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
614 "2510" "1843a645b98d00005b2d666af46c45d9"
615 "2708" "7db47cf7f81e4dc7"
616 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
617 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
618 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
619 "2410" "76542abce5ff9345b0e8947f4c6e019c"
620 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
621 "2708" "706f996719ba609c"
622 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
623 "2104" "d570c03f" "2208" "ec011be8919883d6"
624 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
625 "2410" "0593f65e752e5cb7f473862bda05aa0a"
626 "2510" "541ff1f077270000c5ea00d658bc7e9a"
627 "2708" "3fd26072eaa2a04d"
628 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
629 "2104" "b072446f220823f39f9f425ad6e6"
630 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
631 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
632 "2510" "4bf4e564f75300009bc796706bc65744"
633 "2708" "0edb0eadbea94ac2",
634 NULL);
635 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
636 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
637
638 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
639 gsup_expect_tx("0b010809710000000156f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
640 expect_release_clear(via_ran);
641 ms_sends_msg("0554" "e229c19e" "2103" "791f2e" /* nipped one byte */);
642 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
643 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]644 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]645
646 EXPECT_CONN_COUNT(0);
647 clear_vlr();
648}
649
650static void test_umts_authen_too_short_res_geran()
651{
652 comment_start();
653 _test_umts_authen_too_short_res(RAN_GERAN_A);
654 comment_end();
655}
656
657static void test_umts_authen_too_short_res_utran()
658{
659 comment_start();
660 _test_umts_authen_too_short_res(RAN_UTRAN_IU);
661 comment_end();
662}
663
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]664static void _test_umts_authen_too_long_res(enum ran_type via_ran)
665{
666 net->authentication_required = true;
667 net->vlr->cfg.assign_tmsi = true;
668 rx_from_ran = via_ran;
669
670 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
671 lu_result_sent = RES_NONE;
672 gsup_expect_tx("080108" "09710000000156f0");
673 ms_sends_msg("0508" /* MM LU */
674 "7" /* ciph key seq: no key available */
675 "0" /* LU type: normal */
676 "ffffff" "0000" /* LAI, LAC */
677 "57" /* classmark 1: R99, early classmark, no power lvl */
678 "089910070000106005" /* IMSI */
679 "3303575886" /* classmark 2 */
680 );
681 OSMO_ASSERT(gsup_tx_confirmed);
682 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
683
684 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
685 /* based on auc_3g:
686 * K = 'EB215756028D60E3275E613320AEC880',
687 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
688 * SQN = 0
689 */
690 auth_request_sent = false;
691 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
692 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
693 gsup_rx("0a"
694 /* imsi */
695 "0108" "09710000000156f0"
696 /* 5 auth vectors... */
697 /* TL TL rand */
698 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
699 /* TL sres TL kc */
700 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
701 /* TL 3G IK */
702 "2310" "27497388b6cb044648f396aa155b95ef"
703 /* TL 3G CK */
704 "2410" "f64735036e5871319c679f4742a75ea1"
705 /* TL AUTN */
706 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
707 /* TL RES */
708 "2708" "e229c19e791f2e41"
709 /* TL TL rand */
710 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
711 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
712 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
713 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
714 "2510" "1843a645b98d00005b2d666af46c45d9"
715 "2708" "7db47cf7f81e4dc7"
716 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
717 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
718 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
719 "2410" "76542abce5ff9345b0e8947f4c6e019c"
720 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
721 "2708" "706f996719ba609c"
722 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
723 "2104" "d570c03f" "2208" "ec011be8919883d6"
724 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
725 "2410" "0593f65e752e5cb7f473862bda05aa0a"
726 "2510" "541ff1f077270000c5ea00d658bc7e9a"
727 "2708" "3fd26072eaa2a04d"
728 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
729 "2104" "b072446f220823f39f9f425ad6e6"
730 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
731 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
732 "2510" "4bf4e564f75300009bc796706bc65744"
733 "2708" "0edb0eadbea94ac2",
734 NULL);
735 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
736 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
737
738 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
739 gsup_expect_tx("0b010809710000000156f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
740 expect_release_clear(via_ran);
741 ms_sends_msg("0554" "e229c19e" "2105" "791f2e4123" /* added one byte */);
742 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
743 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]744 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]745
746 EXPECT_CONN_COUNT(0);
747 clear_vlr();
748}
749
750static void test_umts_authen_too_long_res_geran()
751{
752 comment_start();
753 _test_umts_authen_too_long_res(RAN_GERAN_A);
754 comment_end();
755}
756
757static void test_umts_authen_too_long_res_utran()
758{
759 comment_start();
760 _test_umts_authen_too_long_res(RAN_UTRAN_IU);
761 comment_end();
762}
763
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]764static void _test_umts_authen_only_sres(enum ran_type via_ran)
765{
766 net->authentication_required = true;
767 net->vlr->cfg.assign_tmsi = true;
768 rx_from_ran = via_ran;
769
770 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
771 lu_result_sent = RES_NONE;
772 gsup_expect_tx("080108" "09710000000156f0");
773 ms_sends_msg("0508" /* MM LU */
774 "7" /* ciph key seq: no key available */
775 "0" /* LU type: normal */
776 "ffffff" "0000" /* LAI, LAC */
777 "57" /* classmark 1: R99, early classmark, no power lvl */
778 "089910070000106005" /* IMSI */
779 "3303575886" /* classmark 2 */
780 );
781 OSMO_ASSERT(gsup_tx_confirmed);
782 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
783
784 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
785 /* based on auc_3g:
786 * K = 'EB215756028D60E3275E613320AEC880',
787 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
788 * SQN = 0
789 */
790 auth_request_sent = false;
791 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
792 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
793 gsup_rx("0a"
794 /* imsi */
795 "0108" "09710000000156f0"
796 /* 5 auth vectors... */
797 /* TL TL rand */
798 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
799 /* TL sres TL kc */
800 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
801 /* TL 3G IK */
802 "2310" "27497388b6cb044648f396aa155b95ef"
803 /* TL 3G CK */
804 "2410" "f64735036e5871319c679f4742a75ea1"
805 /* TL AUTN */
806 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
807 /* TL RES */
808 "2708" "e229c19e791f2e41"
809 /* TL TL rand */
810 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
811 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
812 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
813 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
814 "2510" "1843a645b98d00005b2d666af46c45d9"
815 "2708" "7db47cf7f81e4dc7"
816 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
817 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
818 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
819 "2410" "76542abce5ff9345b0e8947f4c6e019c"
820 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
821 "2708" "706f996719ba609c"
822 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
823 "2104" "d570c03f" "2208" "ec011be8919883d6"
824 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
825 "2410" "0593f65e752e5cb7f473862bda05aa0a"
826 "2510" "541ff1f077270000c5ea00d658bc7e9a"
827 "2708" "3fd26072eaa2a04d"
828 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
829 "2104" "b072446f220823f39f9f425ad6e6"
830 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
831 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
832 "2510" "4bf4e564f75300009bc796706bc65744"
833 "2708" "0edb0eadbea94ac2",
834 NULL);
835 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
836 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
837
838 if (via_ran == RAN_GERAN_A)
839 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
840 " GERAN reports an SRES mismatch");
841 else
842 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
843 " UTRAN disallows GSM AKA altogether");
844 gsup_expect_tx("0b010809710000000156f0"); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
845 expect_release_clear(via_ran);
846 ms_sends_msg("0554" "e229c19e" /* Only the SRES half of the RES */);
847 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
848 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyr4068ab22018-04-01 20:55:54 +0200[diff] [blame]849 bss_rnc_sends_release_clear_complete(via_ran);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]850
851 EXPECT_CONN_COUNT(0);
852 clear_vlr();
853}
854
855static void test_umts_authen_only_sres_geran()
856{
857 comment_start();
858 _test_umts_authen_only_sres(RAN_GERAN_A);
859 comment_end();
860}
861
862static void test_umts_authen_only_sres_utran()
863{
864 comment_start();
865 _test_umts_authen_only_sres(RAN_UTRAN_IU);
866 comment_end();
867}
868
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]869
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]870msc_vlr_test_func_t msc_vlr_tests[] = {
871 test_umts_authen_geran,
872 test_umts_authen_utran,
873 test_umts_authen_resync_geran,
874 test_umts_authen_resync_utran,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]875 test_umts_authen_too_short_res_geran,
876 test_umts_authen_too_short_res_utran,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]877 test_umts_authen_too_long_res_geran,
878 test_umts_authen_too_long_res_utran,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]879 test_umts_authen_only_sres_geran,
880 test_umts_authen_only_sres_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]881 NULL
882};