Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 98f0675ffcf54a1787a4ad90e1ee5e71ae632a57 / . / tests / msc_vlr / msc_vlr_test_umts_authen.c
blob: a89b0d1ab96b98801e094914926050e3176c49ca [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
25
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]26static void _test_umts_authen(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]27{
28 struct vlr_subscr *vsub;
29 const char *imsi = "901700000010650";
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]30 const char *sms =
31 "09" /* SMS messages */
32 "01" /* CP-DATA */
33 "58" /* length */
34 "01" /* Network to MS */
35 "00" /* reference */
36 /* originator (gsm411_send_sms() hardcodes this weird nr) */
37 "0791" "447758100650" /* 447785016005 */
38 "00" /* dest */
39 /* SMS TPDU */
40 "4c" /* len */
41 "00" /* SMS deliver */
42 "05802443f2" /* originating address 42342 */
43 "00" /* TP-PID */
44 "00" /* GSM default alphabet */
45 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
46 "000000" /* H-M-S */
47 "00" /* GMT+0 */
48 "44" /* data length */
49 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
50 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
51 "0c7ac3e9e9b7db05";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]52
53 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]54 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]55 rx_from_ran = via_ran;
56
57 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
58 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]59 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]60 ms_sends_msg("0508" /* MM LU */
61 "7" /* ciph key seq: no key available */
62 "0" /* LU type: normal */
63 "ffffff" "0000" /* LAI, LAC */
64 "57" /* classmark 1: R99, early classmark, no power lvl */
65 "089910070000106005" /* IMSI */
66 "3303575886" /* classmark 2 */
67 );
68 OSMO_ASSERT(gsup_tx_confirmed);
69 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
70
71 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
72 /* based on auc_3g:
73 * K = 'EB215756028D60E3275E613320AEC880',
74 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
75 * SQN = 0
76 */
77 auth_request_sent = false;
78 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
79 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
80 gsup_rx("0a"
81 /* imsi */
82 "0108" "09710000000156f0"
83 /* 5 auth vectors... */
84 /* TL TL rand */
85 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
86 /* TL sres TL kc */
87 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
88 /* TL 3G IK */
89 "2310" "27497388b6cb044648f396aa155b95ef"
90 /* TL 3G CK */
91 "2410" "f64735036e5871319c679f4742a75ea1"
92 /* TL AUTN */
93 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
94 /* TL RES */
95 "2708" "e229c19e791f2e41"
96 /* TL TL rand */
97 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
98 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
99 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
100 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
101 "2510" "1843a645b98d00005b2d666af46c45d9"
102 "2708" "7db47cf7f81e4dc7"
103 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
104 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
105 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
106 "2410" "76542abce5ff9345b0e8947f4c6e019c"
107 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
108 "2708" "706f996719ba609c"
109 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
110 "2104" "d570c03f" "2208" "ec011be8919883d6"
111 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
112 "2410" "0593f65e752e5cb7f473862bda05aa0a"
113 "2510" "541ff1f077270000c5ea00d658bc7e9a"
114 "2708" "3fd26072eaa2a04d"
115 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
116 "2104" "b072446f220823f39f9f425ad6e6"
117 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
118 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
119 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]120 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]121 NULL);
122 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
123 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
124
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]125 if (via_ran == OSMO_RAT_GERAN_A) {
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]126 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]127 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]128 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
129 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
130 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
131 } else {
132 /* On UTRAN */
133 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]134 expect_security_mode_ctrl(NULL, "27497388b6cb044648f396aa155b95ef");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]135 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]136 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]137 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
138
139 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]140 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]141 ms_sends_security_mode_complete();
142 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
143 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
144 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]145
146 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]147 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
148 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]149 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
150
151 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]152 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]153
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]154 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]155
156 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
157 EXPECT_CONN_COUNT(1);
158 EXPECT_ACCEPTED(false);
159 thwart_rx_non_initial_requests();
160
161 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]162 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]163 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
164 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
165 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
166 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]167 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]168
169 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]170 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]171 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]172 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]173 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]174
175 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]176 EXPECT_CONN_COUNT(0);
177
178 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
179 auth_request_sent = false;
180 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
181 auth_request_expect_autn = "1843a645b98d00005b2d666af46c45d9";
182 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]183 ms_sends_msg("052474"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]184 "03575886" /* classmark 2 */
185 "089910070000106005" /* IMSI */);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]186 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
187 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
188
189 btw("needs auth, not yet accepted");
190 EXPECT_ACCEPTED(false);
191 thwart_rx_non_initial_requests();
192
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]193 if (via_ran == OSMO_RAT_GERAN_A) {
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]194 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
195 gsup_expect_tx(NULL);
196 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
197 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
198 } else {
199 /* On UTRAN */
200 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]201 expect_security_mode_ctrl(NULL, "1159ec926a50e98c034a6b7d7c9f418d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]202 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]203 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]204 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
205
206 btw("MS sends SecurityModeControl acceptance, VLR accepts; above Ciphering is an implicit CM Service Accept");
207 ms_sends_security_mode_complete();
208 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
209 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]210
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]211 /* Release connection */
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]212 expect_release_clear(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]213 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
214 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]215
216 btw("all requests serviced, conn has been released");
217 EXPECT_CONN_COUNT(0);
218
219 BTW("an SMS is sent, MS is paged");
220 paging_expect_imsi(imsi);
221 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]222 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]223 OSMO_ASSERT(vsub);
224 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
225
226 send_sms(vsub, vsub,
227 "Privacy in residential applications is a desirable"
228 " marketing option.");
229
230 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]231 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]232 vsub = NULL;
233 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]234
235 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]236 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]237 OSMO_ASSERT(vsub);
238 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]239 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]240
241 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
242 auth_request_sent = false;
243 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
244 auth_request_expect_autn = "f9375e6d41e1000096e7fe4ff1c27e39";
245 ms_sends_msg("062707"
246 "03575886" /* classmark 2 */
247 "089910070000106005" /* IMSI */);
248 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
249
250 btw("needs auth, not yet accepted");
251 EXPECT_ACCEPTED(false);
252 thwart_rx_non_initial_requests();
253
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]254 if (via_ran == OSMO_RAT_GERAN_A) {
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]255 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
256 dtap_expect_tx(sms);
257 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
258 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]259 } else {
260 /* On UTRAN */
261 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]262 expect_security_mode_ctrl(NULL, "eb50e770ddcc3060101d2f43b6c2b884");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]263 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]264 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]265
266 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends SMS");
267 dtap_expect_tx(sms);
268 ms_sends_security_mode_complete();
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]269 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]270
271 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]272 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]273 OSMO_ASSERT(vsub);
274 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]275 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]276
277 btw("conn is still open to wait for SMS ack dance");
278 EXPECT_CONN_COUNT(1);
279
280 btw("MS replies with CP-ACK for received SMS");
281 ms_sends_msg("8904");
282 EXPECT_CONN_COUNT(1);
283
284 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
285 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]286 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]287 ms_sends_msg("890106020041020000");
288 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]289 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]290 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]291
292 btw("SMS is done, conn is gone");
293 EXPECT_CONN_COUNT(0);
294
295 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]296 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]297 ms_sends_msg("050130"
298 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]299 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]300 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]301
302 EXPECT_CONN_COUNT(0);
303 clear_vlr();
304}
305
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]306static void test_umts_authen_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]307{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]308 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]309 _test_umts_authen(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]310 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]311}
312
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]313static void test_umts_authen_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]314{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]315 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]316 _test_umts_authen(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]317 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]318}
319
320#define RECALC_AUTS 0
321
322#if RECALC_AUTS
323typedef uint8_t u8;
324extern int milenage_f2345(const u8 *opc, const u8 *k, const u8 *_rand,
325 u8 *res, u8 *ck, u8 *ik, u8 *ak, u8 *akstar);
326extern int milenage_f1(const u8 *opc, const u8 *k, const u8 *_rand,
327 const u8 *sqn, const u8 *amf, u8 *mac_a, u8 *mac_s);
328#endif
329
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]330static void _test_umts_authen_resync(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]331{
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]332 struct vlr_subscr *vsub;
333 const char *imsi = "901700000010650";
334
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]335 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]336 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]337 rx_from_ran = via_ran;
338
339 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
340 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]341 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]342 ms_sends_msg("0508" /* MM LU */
343 "7" /* ciph key seq: no key available */
344 "0" /* LU type: normal */
345 "ffffff" "0000" /* LAI, LAC */
346 "57" /* classmark 1: R99, early classmark, no power lvl */
347 "089910070000106005" /* IMSI */
348 "3303575886" /* classmark 2 */
349 );
350 OSMO_ASSERT(gsup_tx_confirmed);
351 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
352
353 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
354 /* based on auc_3g:
355 * K = 'EB215756028D60E3275E613320AEC880',
356 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
357 * SQN = 0
358 */
359 auth_request_sent = false;
360 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
361 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
362 gsup_rx("0a"
363 /* imsi */
364 "0108" "09710000000156f0"
365 /* auth vectors... */
366 /* TL TL rand */
367 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
368 /* TL sres TL kc */
369 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
370 /* TL 3G IK */
371 "2310" "27497388b6cb044648f396aa155b95ef"
372 /* TL 3G CK */
373 "2410" "f64735036e5871319c679f4742a75ea1"
374 /* TL AUTN */
375 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
376 /* TL RES */
377 "2708" "e229c19e791f2e41"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]378 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]379 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
380 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
381
382 /* The AUTN sent was 8704f5ba55f30000d2ee44b22c8ea919
383 * (see expected error output)
384 * with the first 6 bytes being SQN ^ AK.
385 * K = EB215756028D60E3275E613320AEC880
386 * OPC = FB2A3D1B360F599ABAB99DB8669F8308
387 * RAND = 39fa2f4e3d523d8619a73b4f65c3e14d
388 * --milenage-f5-->
389 * AK = 8704f5ba55f3
390 *
391 * The first six bytes are 8704f5ba55f3,
392 * and 8704f5ba55f3 ^ AK = 0.
393 * --> SQN = 0.
394 *
395 * Say the USIM doesn't like that, let's say it is at SQN 23.
396 * SQN_MS = 000000000017
397 *
398 * AUTS = Conc(SQN_MS) || MAC-S
399 * Conc(SQN_MS) = SQN_MS ⊕ f5*[K](RAND)
400 * MAC-S = f1*[K] (SQN MS || RAND || AMF)
401 *
402 * f5*--> Conc(SQN_MS) = 000000000017 ^ 979498b1f73a
403 * = 979498b1f72d
404 * AMF = 0000 (TS 33.102 v7.0.0, 6.3.3)
405 *
406 * MAC-S = f1*[K] (000000000017 || 39fa2f4e3d523d8619a73b4f65c3e14d || 0000)
407 * = 3e28c59fa2e72f9c
408 *
409 * AUTS = 979498b1f72d || 3e28c59fa2e72f9c
410 */
411#if RECALC_AUTS
412 uint8_t ak[6];
413 uint8_t akstar[6];
414 uint8_t opc[16];
415 uint8_t k[16];
416 uint8_t rand[16];
417 osmo_hexparse("EB215756028D60E3275E613320AEC880", k, sizeof(k));
418 osmo_hexparse("FB2A3D1B360F599ABAB99DB8669F8308", opc, sizeof(opc));
419 osmo_hexparse("39fa2f4e3d523d8619a73b4f65c3e14d", rand, sizeof(rand));
420 milenage_f2345(opc, k, rand, NULL, NULL, NULL, ak, akstar);
421 btw("ak = %s", osmo_hexdump_nospc(ak, sizeof(ak)));
422 btw("akstar = %s", osmo_hexdump_nospc(akstar, sizeof(akstar)));
423
424 uint8_t sqn_ms[6] = { 0, 0, 0, 0, 0, 23 };
425 uint8_t amf[2] = { 0 };
426 uint8_t mac_s[8];
427 milenage_f1(opc, k, rand, sqn_ms, amf, NULL, mac_s);
428 btw("mac_s = %s", osmo_hexdump_nospc(mac_s, sizeof(mac_s)));
429 /* verify valid AUTS resulting in SQN 23 with:
430 osmo-auc-gen -3 -a milenage -k EB215756028D60E3275E613320AEC880 \
431 -o FB2A3D1B360F599ABAB99DB8669F8308 \
432 -r 39fa2f4e3d523d8619a73b4f65c3e14d \
433 -A 979498b1f72d3e28c59fa2e72f9c
434 */
435#endif
436
437 btw("MS sends Authen Failure with Resync cause, VLR sends GSUP to HLR to resync");
438 auth_request_sent = false;
439 gsup_expect_tx("08" /* OSMO_GSUP_MSGT_SEND_AUTH_INFO_REQUEST */
440 "0108" "09710000000156f0" /* IMSI */
441 "260e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]442 "2010" "39fa2f4e3d523d8619a73b4f65c3e14d" /* RAND */
443 VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]444 ms_sends_msg("051c" /* 05 = MM; 1c = Auth Failure */
445 "15" /* cause = Synch Failure */
446 "220e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */);
447 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
448 VERBOSE_ASSERT(auth_request_sent, == false, "%d");
449 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
450
451 btw("HLR replies with new tuples");
452 auth_request_sent = false;
453 auth_request_expect_rand = "0f1feb1623e1bf626334e37ec448ac18";
454 auth_request_expect_autn = "02a83f62e9470000660d51afc75f169d";
455 gsup_rx("0a"
456 /* imsi */
457 "0108" "09710000000156f0"
458 /* 1 auth vector */
459 /* TL TL rand */
460 "0362" "2010" "0f1feb1623e1bf626334e37ec448ac18"
461 /* TL sres TL kc */
462 "2104" "efde99da" "2208" "14778c855c523730"
463 /* TL 3G IK */
464 "2310" "8a90c769b7272f3bb7a1c1fbb1ea9349"
465 /* TL 3G CK */
466 "2410" "43ffc1cf8c89a7fd6ab94bd8d6162cbf"
467 /* TL AUTN */
468 "2510" "02a83f62e9470000660d51afc75f169d"
469 /* TL RES */
470 "2708" "1df5f0b4f22b696e"
471 /* TL TL rand */
472 "0362" "2010" "ac21d34937b4e1142a2c757af2949319"
473 /* TL sres TL kc */
474 "2104" "7818bfdc" "2208" "d175571f41f314a4"
475 /* TL 3G IK */
476 "2310" "ff8edbceb6dd24799c77c3b9a6790c10"
477 /* TL 3G CK */
478 "2410" "157c39022ca9d885a7f0766a7dfee448"
479 /* TL AUTN */
480 "2510" "8a43b91898e500002cf354c6f5d1f8c3"
481 /* TL RES */
482 "2708" "f748a7078f5018db"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]483 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]484
485 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
486 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
487
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]488 if (via_ran == OSMO_RAT_GERAN_A) {
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]489 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]490 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]491 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
492 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
493 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
494 } else {
495 /* On UTRAN */
496 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]497 expect_security_mode_ctrl(NULL, "8a90c769b7272f3bb7a1c1fbb1ea9349");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]498 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]499 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]500 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
501
502 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]503 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]504 ms_sends_security_mode_complete();
505 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
506 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
507 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]508
509 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]510 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
511 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]512 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
513
514 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]515 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]516
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]517 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]518
519 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
520 EXPECT_CONN_COUNT(1);
521 EXPECT_ACCEPTED(false);
522 thwart_rx_non_initial_requests();
523
524 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]525 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]526 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
527 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
528 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
529 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]530 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]531
532 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]533 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]534 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]535 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]536 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]537
538 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]539 EXPECT_CONN_COUNT(0);
540
541 clear_vlr();
542}
543
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]544static void test_umts_authen_resync_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]545{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]546 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]547 _test_umts_authen_resync(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]548 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]549}
550
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]551static void test_umts_authen_resync_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]552{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]553 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]554 _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]555 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]556}
557
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]558static void _test_umts_authen_too_short_res(enum osmo_rat_type via_ran)
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]559{
560 net->authentication_required = true;
561 net->vlr->cfg.assign_tmsi = true;
562 rx_from_ran = via_ran;
563
564 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
565 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]566 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]567 ms_sends_msg("0508" /* MM LU */
568 "7" /* ciph key seq: no key available */
569 "0" /* LU type: normal */
570 "ffffff" "0000" /* LAI, LAC */
571 "57" /* classmark 1: R99, early classmark, no power lvl */
572 "089910070000106005" /* IMSI */
573 "3303575886" /* classmark 2 */
574 );
575 OSMO_ASSERT(gsup_tx_confirmed);
576 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
577
578 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
579 /* based on auc_3g:
580 * K = 'EB215756028D60E3275E613320AEC880',
581 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
582 * SQN = 0
583 */
584 auth_request_sent = false;
585 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
586 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
587 gsup_rx("0a"
588 /* imsi */
589 "0108" "09710000000156f0"
590 /* 5 auth vectors... */
591 /* TL TL rand */
592 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
593 /* TL sres TL kc */
594 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
595 /* TL 3G IK */
596 "2310" "27497388b6cb044648f396aa155b95ef"
597 /* TL 3G CK */
598 "2410" "f64735036e5871319c679f4742a75ea1"
599 /* TL AUTN */
600 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
601 /* TL RES */
602 "2708" "e229c19e791f2e41"
603 /* TL TL rand */
604 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
605 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
606 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
607 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
608 "2510" "1843a645b98d00005b2d666af46c45d9"
609 "2708" "7db47cf7f81e4dc7"
610 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
611 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
612 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
613 "2410" "76542abce5ff9345b0e8947f4c6e019c"
614 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
615 "2708" "706f996719ba609c"
616 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
617 "2104" "d570c03f" "2208" "ec011be8919883d6"
618 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
619 "2410" "0593f65e752e5cb7f473862bda05aa0a"
620 "2510" "541ff1f077270000c5ea00d658bc7e9a"
621 "2708" "3fd26072eaa2a04d"
622 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
623 "2104" "b072446f220823f39f9f425ad6e6"
624 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
625 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
626 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]627 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]628 NULL);
629 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
630 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
631
632 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]633 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]634 expect_release_clear(via_ran);
635 ms_sends_msg("0554" "e229c19e" "2103" "791f2e" /* nipped one byte */);
636 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
637 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]638 ran_sends_clear_complete(via_ran);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]639
640 EXPECT_CONN_COUNT(0);
641 clear_vlr();
642}
643
644static void test_umts_authen_too_short_res_geran()
645{
646 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]647 _test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]648 comment_end();
649}
650
651static void test_umts_authen_too_short_res_utran()
652{
653 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]654 _test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]655 comment_end();
656}
657
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]658static void _test_umts_authen_too_long_res(enum osmo_rat_type via_ran)
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]659{
660 net->authentication_required = true;
661 net->vlr->cfg.assign_tmsi = true;
662 rx_from_ran = via_ran;
663
664 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
665 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]666 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]667 ms_sends_msg("0508" /* MM LU */
668 "7" /* ciph key seq: no key available */
669 "0" /* LU type: normal */
670 "ffffff" "0000" /* LAI, LAC */
671 "57" /* classmark 1: R99, early classmark, no power lvl */
672 "089910070000106005" /* IMSI */
673 "3303575886" /* classmark 2 */
674 );
675 OSMO_ASSERT(gsup_tx_confirmed);
676 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
677
678 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
679 /* based on auc_3g:
680 * K = 'EB215756028D60E3275E613320AEC880',
681 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
682 * SQN = 0
683 */
684 auth_request_sent = false;
685 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
686 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
687 gsup_rx("0a"
688 /* imsi */
689 "0108" "09710000000156f0"
690 /* 5 auth vectors... */
691 /* TL TL rand */
692 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
693 /* TL sres TL kc */
694 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
695 /* TL 3G IK */
696 "2310" "27497388b6cb044648f396aa155b95ef"
697 /* TL 3G CK */
698 "2410" "f64735036e5871319c679f4742a75ea1"
699 /* TL AUTN */
700 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
701 /* TL RES */
702 "2708" "e229c19e791f2e41"
703 /* TL TL rand */
704 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
705 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
706 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
707 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
708 "2510" "1843a645b98d00005b2d666af46c45d9"
709 "2708" "7db47cf7f81e4dc7"
710 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
711 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
712 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
713 "2410" "76542abce5ff9345b0e8947f4c6e019c"
714 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
715 "2708" "706f996719ba609c"
716 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
717 "2104" "d570c03f" "2208" "ec011be8919883d6"
718 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
719 "2410" "0593f65e752e5cb7f473862bda05aa0a"
720 "2510" "541ff1f077270000c5ea00d658bc7e9a"
721 "2708" "3fd26072eaa2a04d"
722 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
723 "2104" "b072446f220823f39f9f425ad6e6"
724 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
725 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
726 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]727 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]728 NULL);
729 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
730 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
731
732 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]733 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]734 expect_release_clear(via_ran);
735 ms_sends_msg("0554" "e229c19e" "2105" "791f2e4123" /* added one byte */);
736 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
737 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]738 ran_sends_clear_complete(via_ran);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]739
740 EXPECT_CONN_COUNT(0);
741 clear_vlr();
742}
743
744static void test_umts_authen_too_long_res_geran()
745{
746 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]747 _test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]748 comment_end();
749}
750
751static void test_umts_authen_too_long_res_utran()
752{
753 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]754 _test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]755 comment_end();
756}
757
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]758static void _test_umts_authen_only_sres(enum osmo_rat_type via_ran)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]759{
760 net->authentication_required = true;
761 net->vlr->cfg.assign_tmsi = true;
762 rx_from_ran = via_ran;
763
764 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
765 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]766 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]767 ms_sends_msg("0508" /* MM LU */
768 "7" /* ciph key seq: no key available */
769 "0" /* LU type: normal */
770 "ffffff" "0000" /* LAI, LAC */
771 "57" /* classmark 1: R99, early classmark, no power lvl */
772 "089910070000106005" /* IMSI */
773 "3303575886" /* classmark 2 */
774 );
775 OSMO_ASSERT(gsup_tx_confirmed);
776 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
777
778 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
779 /* based on auc_3g:
780 * K = 'EB215756028D60E3275E613320AEC880',
781 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
782 * SQN = 0
783 */
784 auth_request_sent = false;
785 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
786 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
787 gsup_rx("0a"
788 /* imsi */
789 "0108" "09710000000156f0"
790 /* 5 auth vectors... */
791 /* TL TL rand */
792 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
793 /* TL sres TL kc */
794 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
795 /* TL 3G IK */
796 "2310" "27497388b6cb044648f396aa155b95ef"
797 /* TL 3G CK */
798 "2410" "f64735036e5871319c679f4742a75ea1"
799 /* TL AUTN */
800 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
801 /* TL RES */
802 "2708" "e229c19e791f2e41"
803 /* TL TL rand */
804 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
805 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
806 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
807 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
808 "2510" "1843a645b98d00005b2d666af46c45d9"
809 "2708" "7db47cf7f81e4dc7"
810 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
811 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
812 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
813 "2410" "76542abce5ff9345b0e8947f4c6e019c"
814 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
815 "2708" "706f996719ba609c"
816 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
817 "2104" "d570c03f" "2208" "ec011be8919883d6"
818 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
819 "2410" "0593f65e752e5cb7f473862bda05aa0a"
820 "2510" "541ff1f077270000c5ea00d658bc7e9a"
821 "2708" "3fd26072eaa2a04d"
822 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
823 "2104" "b072446f220823f39f9f425ad6e6"
824 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
825 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
826 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]827 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]828 NULL);
829 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
830 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
831
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]832 if (via_ran == OSMO_RAT_GERAN_A)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]833 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
834 " GERAN reports an SRES mismatch");
835 else
836 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
837 " UTRAN disallows GSM AKA altogether");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]838 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]839 expect_release_clear(via_ran);
840 ms_sends_msg("0554" "e229c19e" /* Only the SRES half of the RES */);
841 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
842 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]843 ran_sends_clear_complete(via_ran);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]844
845 EXPECT_CONN_COUNT(0);
846 clear_vlr();
847}
848
849static void test_umts_authen_only_sres_geran()
850{
851 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]852 _test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]853 comment_end();
854}
855
856static void test_umts_authen_only_sres_utran()
857{
858 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]859 _test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]860 comment_end();
861}
862
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]863
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]864msc_vlr_test_func_t msc_vlr_tests[] = {
865 test_umts_authen_geran,
866 test_umts_authen_utran,
867 test_umts_authen_resync_geran,
868 test_umts_authen_resync_utran,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]869 test_umts_authen_too_short_res_geran,
870 test_umts_authen_too_short_res_utran,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]871 test_umts_authen_too_long_res_geran,
872 test_umts_authen_too_long_res_utran,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]873 test_umts_authen_only_sres_geran,
874 test_umts_authen_only_sres_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]875 NULL
876};