Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 92caa1cd6d57fd05f2bb224286f09f8e1174c15d / . / tests / msc_vlr / msc_vlr_test_umts_authen.c
blob: 0a2a4464bf7e19b3b3502676a1550322c1b45e42 [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]26static void _test_umts_authen(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000010650";
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]30 const char *sms =
31 "09" /* SMS messages */
32 "01" /* CP-DATA */
33 "58" /* length */
34 "01" /* Network to MS */
35 "00" /* reference */
36 /* originator (gsm411_send_sms() hardcodes this weird nr) */
37 "0791" "447758100650" /* 447785016005 */
38 "00" /* dest */
39 /* SMS TPDU */
40 "4c" /* len */
41 "00" /* SMS deliver */
42 "05802443f2" /* originating address 42342 */
43 "00" /* TP-PID */
44 "00" /* GSM default alphabet */
45 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
46 "000000" /* H-M-S */
47 "00" /* GMT+0 */
48 "44" /* data length */
49 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
50 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
51 "0c7ac3e9e9b7db05";
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame]52 bool encryption = (via_ran == OSMO_RAT_GERAN_A && net->a5_encryption_mask > 0x1)
Alexander Couzens8b7d7852021-11-05 01:52:05 +0100[diff] [blame]53 || (via_ran == OSMO_RAT_UTRAN_IU && net->uea_encryption_mask > (1 << OSMO_UTRAN_UEA0));
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]54
55 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]56 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]57 rx_from_ran = via_ran;
58
59 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
60 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]61 gsup_expect_tx("080108" "09710000000156f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]62 ms_sends_msg("0508" /* MM LU */
63 "7" /* ciph key seq: no key available */
64 "0" /* LU type: normal */
65 "ffffff" "0000" /* LAI, LAC */
66 "57" /* classmark 1: R99, early classmark, no power lvl */
67 "089910070000106005" /* IMSI */
68 "3303575886" /* classmark 2 */
69 );
70 OSMO_ASSERT(gsup_tx_confirmed);
71 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
72
73 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
74 /* based on auc_3g:
75 * K = 'EB215756028D60E3275E613320AEC880',
76 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
77 * SQN = 0
78 */
79 auth_request_sent = false;
80 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
81 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
82 gsup_rx("0a"
83 /* imsi */
84 "0108" "09710000000156f0"
85 /* 5 auth vectors... */
86 /* TL TL rand */
87 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
88 /* TL sres TL kc */
89 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
90 /* TL 3G IK */
91 "2310" "27497388b6cb044648f396aa155b95ef"
92 /* TL 3G CK */
93 "2410" "f64735036e5871319c679f4742a75ea1"
94 /* TL AUTN */
95 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
96 /* TL RES */
97 "2708" "e229c19e791f2e41"
98 /* TL TL rand */
99 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
100 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
101 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
102 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
103 "2510" "1843a645b98d00005b2d666af46c45d9"
104 "2708" "7db47cf7f81e4dc7"
105 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
106 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
107 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
108 "2410" "76542abce5ff9345b0e8947f4c6e019c"
109 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
110 "2708" "706f996719ba609c"
111 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
112 "2104" "d570c03f" "2208" "ec011be8919883d6"
113 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
114 "2410" "0593f65e752e5cb7f473862bda05aa0a"
115 "2510" "541ff1f077270000c5ea00d658bc7e9a"
116 "2708" "3fd26072eaa2a04d"
117 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
118 "2104" "b072446f220823f39f9f425ad6e6"
119 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
120 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
121 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]122 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]123 NULL);
124 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
125 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
126
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]127 switch (via_ran) {
128 case OSMO_RAT_GERAN_A:
129 if (encryption) {
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]130 btw("Test code not implemented");
131 OSMO_ASSERT(false);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]132 }
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]133
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]134 btw("Encryption disabled. MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]135 gsup_expect_tx("04010809710000000156f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]136 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]137 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
138 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]139 break;
140 case OSMO_RAT_UTRAN_IU:
141 /* Even if encryption is disabled (UEA0), we still expect a SecurityModeControl
142 * message indicating UIA, because integrity protection is mandatory in UTRAN. */
143 btw("Encryption %sabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl",
144 encryption ? "en" : "dis");
145 expect_security_mode_ctrl(NULL, "27497388b6cb044648f396aa155b95ef");
146 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
147 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
148 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
149
150 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
151 gsup_expect_tx("04010809710000000156f0" CN_DOMAIN VLR_TO_HLR);
152 ms_sends_security_mode_complete(encryption ? 0x01 : 0x00);
153 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
154 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
155 break;
156 default:
157 btw("Unhandled RAT %s", osmo_rat_type_name(via_ran));
158 OSMO_ASSERT(false);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]159 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]160
161 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]162 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
163 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]164 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
165
166 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]167 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]168
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]169 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]170
171 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
172 EXPECT_CONN_COUNT(1);
173 EXPECT_ACCEPTED(false);
174 thwart_rx_non_initial_requests();
175
176 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]177 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]178 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
179 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
180 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
181 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]182 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]183
184 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]185 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]186 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]187 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]188 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]189
190 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]191 EXPECT_CONN_COUNT(0);
192
193 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
194 auth_request_sent = false;
195 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
196 auth_request_expect_autn = "1843a645b98d00005b2d666af46c45d9";
197 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]198 ms_sends_msg("052474"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]199 "03575886" /* classmark 2 */
200 "089910070000106005" /* IMSI */);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]201 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
202 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
203
204 btw("needs auth, not yet accepted");
205 EXPECT_ACCEPTED(false);
206 thwart_rx_non_initial_requests();
207
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]208 switch (via_ran) {
209 case OSMO_RAT_GERAN_A:
210 if (encryption) {
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]211 btw("Test code not implemented");
212 OSMO_ASSERT(false);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]213 }
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]214
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]215 btw("Encryption disabled. MS sends Authen Response, VLR accepts with a CM Service Accept");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]216 gsup_expect_tx(NULL);
217 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
218 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]219 break;
220 case OSMO_RAT_UTRAN_IU:
221 /* Even if encryption is disabled (UEA0), we still expect a SecurityModeControl
222 * message indicating UIA, because integrity protection is mandatory in UTRAN. */
223 btw("Encryption %sabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl",
224 encryption ? "en" : "dis");
225 expect_security_mode_ctrl(NULL, "1159ec926a50e98c034a6b7d7c9f418d");
226 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
227 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
228 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
229
230 btw("MS sends SecurityModeControl acceptance, VLR accepts; above Ciphering is an implicit CM Service Accept");
231 ms_sends_security_mode_complete(encryption ? 0x01 : 0x00);
232 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
233 break;
234 default:
235 btw("Unhandled RAT %s", osmo_rat_type_name(via_ran));
236 OSMO_ASSERT(false);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]237 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]238
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]239 /* Release connection */
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]240 expect_release_clear(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]241 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
242 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]243
244 btw("all requests serviced, conn has been released");
245 EXPECT_CONN_COUNT(0);
246
247 BTW("an SMS is sent, MS is paged");
248 paging_expect_imsi(imsi);
249 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]250 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]251 OSMO_ASSERT(vsub);
252 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
253
254 send_sms(vsub, vsub,
255 "Privacy in residential applications is a desirable"
256 " marketing option.");
257
258 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]259 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]260 vsub = NULL;
261 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]262
263 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]264 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]265 OSMO_ASSERT(vsub);
266 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]267 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]268
269 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
270 auth_request_sent = false;
271 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
272 auth_request_expect_autn = "f9375e6d41e1000096e7fe4ff1c27e39";
273 ms_sends_msg("062707"
274 "03575886" /* classmark 2 */
275 "089910070000106005" /* IMSI */);
276 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
277
278 btw("needs auth, not yet accepted");
279 EXPECT_ACCEPTED(false);
280 thwart_rx_non_initial_requests();
281
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]282 switch (via_ran) {
283 case OSMO_RAT_GERAN_A:
284 if (encryption) {
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]285 btw("Test code not implemented");
286 OSMO_ASSERT(false);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]287 }
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]288
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]289 btw("Encryption disabled. MS sends Authen Response, VLR accepts and sends pending SMS");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]290 dtap_expect_tx(sms);
291 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
292 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]293 break;
294 case OSMO_RAT_UTRAN_IU:
295 /* Even if encryption is disabled (UEA0), we still expect a SecurityModeControl
296 * message indicating UIA, because integrity protection is mandatory in UTRAN. */
297 btw("Encryption %sabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl",
298 encryption ? "en" : "dis");
299 expect_security_mode_ctrl(NULL, "eb50e770ddcc3060101d2f43b6c2b884");
300 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
301 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
302
303 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends SMS");
304 dtap_expect_tx(sms);
305 ms_sends_security_mode_complete(encryption ? 0x01 : 0x00);
306 break;
307 default:
308 btw("Unhandled RAT %s", osmo_rat_type_name(via_ran));
309 OSMO_ASSERT(false);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]310 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]311
312 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]313 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]314 OSMO_ASSERT(vsub);
315 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]316 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]317
318 btw("conn is still open to wait for SMS ack dance");
319 EXPECT_CONN_COUNT(1);
320
321 btw("MS replies with CP-ACK for received SMS");
322 ms_sends_msg("8904");
323 EXPECT_CONN_COUNT(1);
324
325 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
326 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]327 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]328 ms_sends_msg("890106020041020000");
329 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]330 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]331 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]332
333 btw("SMS is done, conn is gone");
334 EXPECT_CONN_COUNT(0);
335
336 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]337 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]338 ms_sends_msg("050130"
339 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]340 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]341 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]342
343 EXPECT_CONN_COUNT(0);
344 clear_vlr();
345}
346
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]347static void test_umts_authen_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]348{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]349 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]350 _test_umts_authen(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]351 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]352}
353
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]354static void test_umts_authen_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]355{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]356 comment_start();
Alexander Couzens8b7d7852021-11-05 01:52:05 +0100[diff] [blame]357 net->uea_encryption_mask = (1 << OSMO_UTRAN_UEA0);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]358 _test_umts_authen(OSMO_RAT_UTRAN_IU);
359 comment_end();
360}
361
362static void test_umts_auth_ciph_utran()
363{
364 comment_start();
Alexander Couzens8b7d7852021-11-05 01:52:05 +0100[diff] [blame]365 net->uea_encryption_mask = (1 << OSMO_UTRAN_UEA1) | (1 << OSMO_UTRAN_UEA2);
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]366 _test_umts_authen(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]367 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]368}
369
370#define RECALC_AUTS 0
371
372#if RECALC_AUTS
373typedef uint8_t u8;
374extern int milenage_f2345(const u8 *opc, const u8 *k, const u8 *_rand,
375 u8 *res, u8 *ck, u8 *ik, u8 *ak, u8 *akstar);
376extern int milenage_f1(const u8 *opc, const u8 *k, const u8 *_rand,
377 const u8 *sqn, const u8 *amf, u8 *mac_a, u8 *mac_s);
378#endif
379
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]380static void _test_umts_authen_resync(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]381{
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]382 struct vlr_subscr *vsub;
383 const char *imsi = "901700000010650";
Neels Hofmeyr4dfb2ba2019-08-13 16:00:37 +0200[diff] [blame]384 bool encryption = (via_ran == OSMO_RAT_GERAN_A && net->a5_encryption_mask > 0x1)
Alexander Couzens8b7d7852021-11-05 01:52:05 +0100[diff] [blame]385 || (via_ran == OSMO_RAT_UTRAN_IU && net->uea_encryption_mask > (1 << OSMO_UTRAN_UEA0));
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]386
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]387 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]388 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]389 rx_from_ran = via_ran;
390
391 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
392 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]393 gsup_expect_tx("080108" "09710000000156f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]394 ms_sends_msg("0508" /* MM LU */
395 "7" /* ciph key seq: no key available */
396 "0" /* LU type: normal */
397 "ffffff" "0000" /* LAI, LAC */
398 "57" /* classmark 1: R99, early classmark, no power lvl */
399 "089910070000106005" /* IMSI */
400 "3303575886" /* classmark 2 */
401 );
402 OSMO_ASSERT(gsup_tx_confirmed);
403 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
404
405 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
406 /* based on auc_3g:
407 * K = 'EB215756028D60E3275E613320AEC880',
408 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
409 * SQN = 0
410 */
411 auth_request_sent = false;
412 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
413 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
414 gsup_rx("0a"
415 /* imsi */
416 "0108" "09710000000156f0"
417 /* auth vectors... */
418 /* TL TL rand */
419 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
420 /* TL sres TL kc */
421 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
422 /* TL 3G IK */
423 "2310" "27497388b6cb044648f396aa155b95ef"
424 /* TL 3G CK */
425 "2410" "f64735036e5871319c679f4742a75ea1"
426 /* TL AUTN */
427 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
428 /* TL RES */
429 "2708" "e229c19e791f2e41"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]430 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]431 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
432 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
433
434 /* The AUTN sent was 8704f5ba55f30000d2ee44b22c8ea919
435 * (see expected error output)
436 * with the first 6 bytes being SQN ^ AK.
437 * K = EB215756028D60E3275E613320AEC880
438 * OPC = FB2A3D1B360F599ABAB99DB8669F8308
439 * RAND = 39fa2f4e3d523d8619a73b4f65c3e14d
440 * --milenage-f5-->
441 * AK = 8704f5ba55f3
442 *
443 * The first six bytes are 8704f5ba55f3,
444 * and 8704f5ba55f3 ^ AK = 0.
445 * --> SQN = 0.
446 *
447 * Say the USIM doesn't like that, let's say it is at SQN 23.
448 * SQN_MS = 000000000017
449 *
450 * AUTS = Conc(SQN_MS) || MAC-S
451 * Conc(SQN_MS) = SQN_MS ⊕ f5*[K](RAND)
452 * MAC-S = f1*[K] (SQN MS || RAND || AMF)
453 *
454 * f5*--> Conc(SQN_MS) = 000000000017 ^ 979498b1f73a
455 * = 979498b1f72d
456 * AMF = 0000 (TS 33.102 v7.0.0, 6.3.3)
457 *
458 * MAC-S = f1*[K] (000000000017 || 39fa2f4e3d523d8619a73b4f65c3e14d || 0000)
459 * = 3e28c59fa2e72f9c
460 *
461 * AUTS = 979498b1f72d || 3e28c59fa2e72f9c
462 */
463#if RECALC_AUTS
464 uint8_t ak[6];
465 uint8_t akstar[6];
466 uint8_t opc[16];
467 uint8_t k[16];
468 uint8_t rand[16];
469 osmo_hexparse("EB215756028D60E3275E613320AEC880", k, sizeof(k));
470 osmo_hexparse("FB2A3D1B360F599ABAB99DB8669F8308", opc, sizeof(opc));
471 osmo_hexparse("39fa2f4e3d523d8619a73b4f65c3e14d", rand, sizeof(rand));
472 milenage_f2345(opc, k, rand, NULL, NULL, NULL, ak, akstar);
473 btw("ak = %s", osmo_hexdump_nospc(ak, sizeof(ak)));
474 btw("akstar = %s", osmo_hexdump_nospc(akstar, sizeof(akstar)));
475
476 uint8_t sqn_ms[6] = { 0, 0, 0, 0, 0, 23 };
477 uint8_t amf[2] = { 0 };
478 uint8_t mac_s[8];
479 milenage_f1(opc, k, rand, sqn_ms, amf, NULL, mac_s);
480 btw("mac_s = %s", osmo_hexdump_nospc(mac_s, sizeof(mac_s)));
481 /* verify valid AUTS resulting in SQN 23 with:
482 osmo-auc-gen -3 -a milenage -k EB215756028D60E3275E613320AEC880 \
483 -o FB2A3D1B360F599ABAB99DB8669F8308 \
484 -r 39fa2f4e3d523d8619a73b4f65c3e14d \
485 -A 979498b1f72d3e28c59fa2e72f9c
486 */
487#endif
488
489 btw("MS sends Authen Failure with Resync cause, VLR sends GSUP to HLR to resync");
490 auth_request_sent = false;
491 gsup_expect_tx("08" /* OSMO_GSUP_MSGT_SEND_AUTH_INFO_REQUEST */
492 "0108" "09710000000156f0" /* IMSI */
493 "260e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]494 "2010" "39fa2f4e3d523d8619a73b4f65c3e14d" /* RAND */
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]495 CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]496 ms_sends_msg("051c" /* 05 = MM; 1c = Auth Failure */
497 "15" /* cause = Synch Failure */
498 "220e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */);
499 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
500 VERBOSE_ASSERT(auth_request_sent, == false, "%d");
501 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
502
503 btw("HLR replies with new tuples");
504 auth_request_sent = false;
505 auth_request_expect_rand = "0f1feb1623e1bf626334e37ec448ac18";
506 auth_request_expect_autn = "02a83f62e9470000660d51afc75f169d";
507 gsup_rx("0a"
508 /* imsi */
509 "0108" "09710000000156f0"
510 /* 1 auth vector */
511 /* TL TL rand */
512 "0362" "2010" "0f1feb1623e1bf626334e37ec448ac18"
513 /* TL sres TL kc */
514 "2104" "efde99da" "2208" "14778c855c523730"
515 /* TL 3G IK */
516 "2310" "8a90c769b7272f3bb7a1c1fbb1ea9349"
517 /* TL 3G CK */
518 "2410" "43ffc1cf8c89a7fd6ab94bd8d6162cbf"
519 /* TL AUTN */
520 "2510" "02a83f62e9470000660d51afc75f169d"
521 /* TL RES */
522 "2708" "1df5f0b4f22b696e"
523 /* TL TL rand */
524 "0362" "2010" "ac21d34937b4e1142a2c757af2949319"
525 /* TL sres TL kc */
526 "2104" "7818bfdc" "2208" "d175571f41f314a4"
527 /* TL 3G IK */
528 "2310" "ff8edbceb6dd24799c77c3b9a6790c10"
529 /* TL 3G CK */
530 "2410" "157c39022ca9d885a7f0766a7dfee448"
531 /* TL AUTN */
532 "2510" "8a43b91898e500002cf354c6f5d1f8c3"
533 /* TL RES */
534 "2708" "f748a7078f5018db"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]535 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]536
537 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
538 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
539
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]540 switch (via_ran) {
541 case OSMO_RAT_GERAN_A:
542 if (encryption) {
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]543 btw("Test code not implemented");
544 OSMO_ASSERT(false);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]545 }
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]546
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]547 btw("Encryption disabled. MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]548 gsup_expect_tx("04010809710000000156f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]549 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]550 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
551 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
Vadim Yanitskiy565ea2b2021-11-28 16:42:58 +0300[diff] [blame]552 break;
553 case OSMO_RAT_UTRAN_IU:
554 /* Even if encryption is disabled (UEA0), we still expect a SecurityModeControl
555 * message indicating UIA, because integrity protection is mandatory in UTRAN. */
556 btw("Encryption %sabled. MS sends Authen Response, VLR accepts and sends SecurityModeControl",
557 encryption ? "en" : "dis");
558 expect_security_mode_ctrl(NULL, "8a90c769b7272f3bb7a1c1fbb1ea9349");
559 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
560 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
561 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
562
563 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
564 gsup_expect_tx("04010809710000000156f0" CN_DOMAIN VLR_TO_HLR);
565 ms_sends_security_mode_complete(encryption ? 0x01 : 0x00);
566 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
567 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
568 break;
569 default:
570 btw("Unhandled RAT %s", osmo_rat_type_name(via_ran));
571 OSMO_ASSERT(false);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]572 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]573
574 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]575 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
576 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]577 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
578
579 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]580 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]581
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]582 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]583
584 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
585 EXPECT_CONN_COUNT(1);
586 EXPECT_ACCEPTED(false);
587 thwart_rx_non_initial_requests();
588
589 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]590 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]591 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
592 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
593 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
594 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]595 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]596
597 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]598 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]599 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]600 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]601 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]602
603 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]604 EXPECT_CONN_COUNT(0);
605
606 clear_vlr();
607}
608
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]609static void test_umts_authen_resync_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]610{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]611 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]612 _test_umts_authen_resync(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]613 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]614}
615
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]616static void test_umts_authen_resync_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]617{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]618 comment_start();
Alexander Couzens8b7d7852021-11-05 01:52:05 +0100[diff] [blame]619 net->uea_encryption_mask = (1 << OSMO_UTRAN_UEA0);
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]620 _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
621 comment_end();
622}
623
624static void test_umts_auth_ciph_resync_utran()
625{
626 comment_start();
Alexander Couzens8b7d7852021-11-05 01:52:05 +0100[diff] [blame]627 net->uea_encryption_mask = (1 << OSMO_UTRAN_UEA1) | (1 << OSMO_UTRAN_UEA2);
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]628 _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]629 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]630}
631
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]632static void _test_umts_authen_too_short_res(enum osmo_rat_type via_ran)
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]633{
634 net->authentication_required = true;
635 net->vlr->cfg.assign_tmsi = true;
636 rx_from_ran = via_ran;
637
638 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
639 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]640 gsup_expect_tx("080108" "09710000000156f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]641 ms_sends_msg("0508" /* MM LU */
642 "7" /* ciph key seq: no key available */
643 "0" /* LU type: normal */
644 "ffffff" "0000" /* LAI, LAC */
645 "57" /* classmark 1: R99, early classmark, no power lvl */
646 "089910070000106005" /* IMSI */
647 "3303575886" /* classmark 2 */
648 );
649 OSMO_ASSERT(gsup_tx_confirmed);
650 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
651
652 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
653 /* based on auc_3g:
654 * K = 'EB215756028D60E3275E613320AEC880',
655 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
656 * SQN = 0
657 */
658 auth_request_sent = false;
659 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
660 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
661 gsup_rx("0a"
662 /* imsi */
663 "0108" "09710000000156f0"
664 /* 5 auth vectors... */
665 /* TL TL rand */
666 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
667 /* TL sres TL kc */
668 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
669 /* TL 3G IK */
670 "2310" "27497388b6cb044648f396aa155b95ef"
671 /* TL 3G CK */
672 "2410" "f64735036e5871319c679f4742a75ea1"
673 /* TL AUTN */
674 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
675 /* TL RES */
676 "2708" "e229c19e791f2e41"
677 /* TL TL rand */
678 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
679 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
680 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
681 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
682 "2510" "1843a645b98d00005b2d666af46c45d9"
683 "2708" "7db47cf7f81e4dc7"
684 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
685 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
686 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
687 "2410" "76542abce5ff9345b0e8947f4c6e019c"
688 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
689 "2708" "706f996719ba609c"
690 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
691 "2104" "d570c03f" "2208" "ec011be8919883d6"
692 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
693 "2410" "0593f65e752e5cb7f473862bda05aa0a"
694 "2510" "541ff1f077270000c5ea00d658bc7e9a"
695 "2708" "3fd26072eaa2a04d"
696 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
697 "2104" "b072446f220823f39f9f425ad6e6"
698 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
699 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
700 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]701 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]702 NULL);
703 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
704 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
705
706 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]707 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]708 expect_release_clear(via_ran);
709 ms_sends_msg("0554" "e229c19e" "2103" "791f2e" /* nipped one byte */);
710 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
711 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]712 ran_sends_clear_complete(via_ran);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]713
714 EXPECT_CONN_COUNT(0);
715 clear_vlr();
716}
717
718static void test_umts_authen_too_short_res_geran()
719{
720 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]721 _test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]722 comment_end();
723}
724
725static void test_umts_authen_too_short_res_utran()
726{
727 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]728 _test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]729 comment_end();
730}
731
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]732static void _test_umts_authen_too_long_res(enum osmo_rat_type via_ran)
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]733{
734 net->authentication_required = true;
735 net->vlr->cfg.assign_tmsi = true;
736 rx_from_ran = via_ran;
737
738 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
739 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]740 gsup_expect_tx("080108" "09710000000156f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]741 ms_sends_msg("0508" /* MM LU */
742 "7" /* ciph key seq: no key available */
743 "0" /* LU type: normal */
744 "ffffff" "0000" /* LAI, LAC */
745 "57" /* classmark 1: R99, early classmark, no power lvl */
746 "089910070000106005" /* IMSI */
747 "3303575886" /* classmark 2 */
748 );
749 OSMO_ASSERT(gsup_tx_confirmed);
750 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
751
752 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
753 /* based on auc_3g:
754 * K = 'EB215756028D60E3275E613320AEC880',
755 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
756 * SQN = 0
757 */
758 auth_request_sent = false;
759 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
760 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
761 gsup_rx("0a"
762 /* imsi */
763 "0108" "09710000000156f0"
764 /* 5 auth vectors... */
765 /* TL TL rand */
766 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
767 /* TL sres TL kc */
768 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
769 /* TL 3G IK */
770 "2310" "27497388b6cb044648f396aa155b95ef"
771 /* TL 3G CK */
772 "2410" "f64735036e5871319c679f4742a75ea1"
773 /* TL AUTN */
774 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
775 /* TL RES */
776 "2708" "e229c19e791f2e41"
777 /* TL TL rand */
778 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
779 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
780 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
781 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
782 "2510" "1843a645b98d00005b2d666af46c45d9"
783 "2708" "7db47cf7f81e4dc7"
784 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
785 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
786 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
787 "2410" "76542abce5ff9345b0e8947f4c6e019c"
788 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
789 "2708" "706f996719ba609c"
790 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
791 "2104" "d570c03f" "2208" "ec011be8919883d6"
792 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
793 "2410" "0593f65e752e5cb7f473862bda05aa0a"
794 "2510" "541ff1f077270000c5ea00d658bc7e9a"
795 "2708" "3fd26072eaa2a04d"
796 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
797 "2104" "b072446f220823f39f9f425ad6e6"
798 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
799 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
800 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]801 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]802 NULL);
803 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
804 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
805
806 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]807 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]808 expect_release_clear(via_ran);
809 ms_sends_msg("0554" "e229c19e" "2105" "791f2e4123" /* added one byte */);
810 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
811 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]812 ran_sends_clear_complete(via_ran);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]813
814 EXPECT_CONN_COUNT(0);
815 clear_vlr();
816}
817
818static void test_umts_authen_too_long_res_geran()
819{
820 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]821 _test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]822 comment_end();
823}
824
825static void test_umts_authen_too_long_res_utran()
826{
827 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]828 _test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]829 comment_end();
830}
831
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]832static void _test_umts_authen_only_sres(enum osmo_rat_type via_ran)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]833{
834 net->authentication_required = true;
835 net->vlr->cfg.assign_tmsi = true;
836 rx_from_ran = via_ran;
837
838 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
839 lu_result_sent = RES_NONE;
Neels Hofmeyr63b24642019-12-12 01:31:04 +0100[diff] [blame]840 gsup_expect_tx("080108" "09710000000156f0" CN_DOMAIN VLR_TO_HLR);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]841 ms_sends_msg("0508" /* MM LU */
842 "7" /* ciph key seq: no key available */
843 "0" /* LU type: normal */
844 "ffffff" "0000" /* LAI, LAC */
845 "57" /* classmark 1: R99, early classmark, no power lvl */
846 "089910070000106005" /* IMSI */
847 "3303575886" /* classmark 2 */
848 );
849 OSMO_ASSERT(gsup_tx_confirmed);
850 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
851
852 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
853 /* based on auc_3g:
854 * K = 'EB215756028D60E3275E613320AEC880',
855 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
856 * SQN = 0
857 */
858 auth_request_sent = false;
859 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
860 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
861 gsup_rx("0a"
862 /* imsi */
863 "0108" "09710000000156f0"
864 /* 5 auth vectors... */
865 /* TL TL rand */
866 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
867 /* TL sres TL kc */
868 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
869 /* TL 3G IK */
870 "2310" "27497388b6cb044648f396aa155b95ef"
871 /* TL 3G CK */
872 "2410" "f64735036e5871319c679f4742a75ea1"
873 /* TL AUTN */
874 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
875 /* TL RES */
876 "2708" "e229c19e791f2e41"
877 /* TL TL rand */
878 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
879 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
880 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
881 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
882 "2510" "1843a645b98d00005b2d666af46c45d9"
883 "2708" "7db47cf7f81e4dc7"
884 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
885 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
886 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
887 "2410" "76542abce5ff9345b0e8947f4c6e019c"
888 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
889 "2708" "706f996719ba609c"
890 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
891 "2104" "d570c03f" "2208" "ec011be8919883d6"
892 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
893 "2410" "0593f65e752e5cb7f473862bda05aa0a"
894 "2510" "541ff1f077270000c5ea00d658bc7e9a"
895 "2708" "3fd26072eaa2a04d"
896 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
897 "2104" "b072446f220823f39f9f425ad6e6"
898 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
899 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
900 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]901 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]902 NULL);
903 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
904 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
905
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]906 if (via_ran == OSMO_RAT_GERAN_A)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]907 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
908 " GERAN reports an SRES mismatch");
909 else
910 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
911 " UTRAN disallows GSM AKA altogether");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]912 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]913 expect_release_clear(via_ran);
914 ms_sends_msg("0554" "e229c19e" /* Only the SRES half of the RES */);
915 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
916 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]917 ran_sends_clear_complete(via_ran);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]918
919 EXPECT_CONN_COUNT(0);
920 clear_vlr();
921}
922
923static void test_umts_authen_only_sres_geran()
924{
925 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]926 _test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]927 comment_end();
928}
929
930static void test_umts_authen_only_sres_utran()
931{
932 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]933 _test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]934 comment_end();
935}
936
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]937
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]938msc_vlr_test_func_t msc_vlr_tests[] = {
939 test_umts_authen_geran,
940 test_umts_authen_utran,
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]941 test_umts_auth_ciph_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]942 test_umts_authen_resync_geran,
943 test_umts_authen_resync_utran,
Neels Hofmeyr14c34d82019-07-31 15:51:02 +0200[diff] [blame]944 test_umts_auth_ciph_resync_utran,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]945 test_umts_authen_too_short_res_geran,
946 test_umts_authen_too_short_res_utran,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]947 test_umts_authen_too_long_res_geran,
948 test_umts_authen_too_long_res_utran,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]949 test_umts_authen_only_sres_geran,
950 test_umts_authen_only_sres_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]951 NULL
952};