Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / cbf2c93d118facc13600811563d22df5a944a416 / . / tests / msc_vlr / msc_vlr_test_umts_authen.c
blob: cb8a0329193beb00262f54a5cc4437ce83d4238a [file] [log] [blame]
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]1/* Osmocom MSC+VLR end-to-end tests */
2
3/* (C) 2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
4 *
5 * All Rights Reserved
6 *
7 * Author: Neels Hofmeyr <nhofmeyr@sysmocom.de>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU Affero General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Affero General Public License for more details.
18 *
19 * You should have received a copy of the GNU Affero General Public License
20 * along with this program. If not, see <http://www.gnu.org/licenses/>.
21 *
22 */
23
24#include "msc_vlr_tests.h"
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]25#include "stubs.h"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]26
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]27static void _test_umts_authen(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]28{
29 struct vlr_subscr *vsub;
30 const char *imsi = "901700000010650";
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]31 const char *sms =
32 "09" /* SMS messages */
33 "01" /* CP-DATA */
34 "58" /* length */
35 "01" /* Network to MS */
36 "00" /* reference */
37 /* originator (gsm411_send_sms() hardcodes this weird nr) */
38 "0791" "447758100650" /* 447785016005 */
39 "00" /* dest */
40 /* SMS TPDU */
41 "4c" /* len */
42 "00" /* SMS deliver */
43 "05802443f2" /* originating address 42342 */
44 "00" /* TP-PID */
45 "00" /* GSM default alphabet */
46 "071010" /* Y-M-D (from wrapped gsm340_gen_scts())*/
47 "000000" /* H-M-S */
48 "00" /* GMT+0 */
49 "44" /* data length */
50 "5079da1e1ee7416937485e9ea7c965373d1d6683c270383b3d0e"
51 "d3d36ff71c949e83c22072799e9687c5ec32a81d96afcbf4b4fb"
52 "0c7ac3e9e9b7db05";
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]53
54 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]55 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]56 rx_from_ran = via_ran;
57
58 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
59 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]60 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]61 ms_sends_msg("0508" /* MM LU */
62 "7" /* ciph key seq: no key available */
63 "0" /* LU type: normal */
64 "ffffff" "0000" /* LAI, LAC */
65 "57" /* classmark 1: R99, early classmark, no power lvl */
66 "089910070000106005" /* IMSI */
67 "3303575886" /* classmark 2 */
68 );
69 OSMO_ASSERT(gsup_tx_confirmed);
70 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
71
72 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
73 /* based on auc_3g:
74 * K = 'EB215756028D60E3275E613320AEC880',
75 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
76 * SQN = 0
77 */
78 auth_request_sent = false;
79 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
80 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
81 gsup_rx("0a"
82 /* imsi */
83 "0108" "09710000000156f0"
84 /* 5 auth vectors... */
85 /* TL TL rand */
86 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
87 /* TL sres TL kc */
88 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
89 /* TL 3G IK */
90 "2310" "27497388b6cb044648f396aa155b95ef"
91 /* TL 3G CK */
92 "2410" "f64735036e5871319c679f4742a75ea1"
93 /* TL AUTN */
94 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
95 /* TL RES */
96 "2708" "e229c19e791f2e41"
97 /* TL TL rand */
98 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
99 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
100 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
101 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
102 "2510" "1843a645b98d00005b2d666af46c45d9"
103 "2708" "7db47cf7f81e4dc7"
104 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
105 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
106 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
107 "2410" "76542abce5ff9345b0e8947f4c6e019c"
108 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
109 "2708" "706f996719ba609c"
110 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
111 "2104" "d570c03f" "2208" "ec011be8919883d6"
112 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
113 "2410" "0593f65e752e5cb7f473862bda05aa0a"
114 "2510" "541ff1f077270000c5ea00d658bc7e9a"
115 "2708" "3fd26072eaa2a04d"
116 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
117 "2104" "b072446f220823f39f9f425ad6e6"
118 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
119 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
120 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]121 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]122 NULL);
123 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
124 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
125
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]126 if (via_ran == OSMO_RAT_GERAN_A) {
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]127 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]128 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]129 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
130 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
131 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
132 } else {
133 /* On UTRAN */
134 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]135 expect_security_mode_ctrl(NULL, "27497388b6cb044648f396aa155b95ef");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]136 ms_sends_msg("0554" "e229c19e" "2104" "791f2e41");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]137 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]138 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
139
140 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]141 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]142 ms_sends_security_mode_complete();
143 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
144 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
145 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]146
147 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]148 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
149 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]150 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
151
152 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]153 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]154
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]155 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]156
157 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
158 EXPECT_CONN_COUNT(1);
159 EXPECT_ACCEPTED(false);
160 thwart_rx_non_initial_requests();
161
162 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]163 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]164 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
165 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
166 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
167 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]168 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]169
170 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]171 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]172 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]173 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]174 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]175
176 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]177 EXPECT_CONN_COUNT(0);
178
179 BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector");
180 auth_request_sent = false;
181 auth_request_expect_rand = "c187a53a5e6b9d573cac7c74451fd46d";
182 auth_request_expect_autn = "1843a645b98d00005b2d666af46c45d9";
183 cm_service_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]184 ms_sends_msg("052474"
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]185 "03575886" /* classmark 2 */
186 "089910070000106005" /* IMSI */);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]187 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
188 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
189
190 btw("needs auth, not yet accepted");
191 EXPECT_ACCEPTED(false);
192 thwart_rx_non_initial_requests();
193
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]194 if (via_ran == OSMO_RAT_GERAN_A) {
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]195 btw("MS sends Authen Response, VLR accepts with a CM Service Accept");
196 gsup_expect_tx(NULL);
197 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
198 VERBOSE_ASSERT(cm_service_result_sent, == RES_ACCEPT, "%d");
199 } else {
200 /* On UTRAN */
201 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]202 expect_security_mode_ctrl(NULL, "1159ec926a50e98c034a6b7d7c9f418d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]203 ms_sends_msg("0554" "7db47cf7" "2104" "f81e4dc7"); /* 2nd vector's res, s.a. */
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]204 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]205 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
206
207 btw("MS sends SecurityModeControl acceptance, VLR accepts; above Ciphering is an implicit CM Service Accept");
208 ms_sends_security_mode_complete();
209 VERBOSE_ASSERT(cm_service_result_sent, == RES_NONE, "%d");
210 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]211
Vadim Yanitskiy27605852018-06-15 23:57:30 +0700[diff] [blame]212 /* Release connection */
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]213 expect_release_clear(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]214 conn_conclude_cm_service_req(g_msub, MSC_A_USE_CM_SERVICE_SMS);
215 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]216
217 btw("all requests serviced, conn has been released");
218 EXPECT_CONN_COUNT(0);
219
220 BTW("an SMS is sent, MS is paged");
221 paging_expect_imsi(imsi);
222 paging_sent = false;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]223 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]224 OSMO_ASSERT(vsub);
225 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
226
227 send_sms(vsub, vsub,
228 "Privacy in residential applications is a desirable"
229 " marketing option.");
230
231 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]232 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]233 vsub = NULL;
234 VERBOSE_ASSERT(paging_sent, == true, "%d");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]235
236 btw("the subscriber and its pending request should remain");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]237 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]238 OSMO_ASSERT(vsub);
239 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 1, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]240 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]241
242 btw("MS replies with Paging Response, and VLR sends Auth Request with third key");
243 auth_request_sent = false;
244 auth_request_expect_rand = "efa9c29a9742148d5c9070348716e1bb";
245 auth_request_expect_autn = "f9375e6d41e1000096e7fe4ff1c27e39";
246 ms_sends_msg("062707"
247 "03575886" /* classmark 2 */
248 "089910070000106005" /* IMSI */);
249 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
250
251 btw("needs auth, not yet accepted");
252 EXPECT_ACCEPTED(false);
253 thwart_rx_non_initial_requests();
254
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]255 if (via_ran == OSMO_RAT_GERAN_A) {
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]256 btw("MS sends Authen Response, VLR accepts and sends pending SMS");
257 dtap_expect_tx(sms);
258 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
259 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]260 } else {
261 /* On UTRAN */
262 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]263 expect_security_mode_ctrl(NULL, "eb50e770ddcc3060101d2f43b6c2b884");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]264 ms_sends_msg("0554" "706f9967" "2104" "19ba609c"); /* 3nd vector's res, s.a. */
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]265 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]266
267 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends SMS");
268 dtap_expect_tx(sms);
269 ms_sends_security_mode_complete();
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]270 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]271
272 btw("SMS was delivered, no requests pending for subscr");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]273 vsub = vlr_subscr_find_by_imsi(net->vlr, imsi, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]274 OSMO_ASSERT(vsub);
275 VERBOSE_ASSERT(llist_count(&vsub->cs.requests), == 0, "%d");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]276 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]277
278 btw("conn is still open to wait for SMS ack dance");
279 EXPECT_CONN_COUNT(1);
280
281 btw("MS replies with CP-ACK for received SMS");
282 ms_sends_msg("8904");
283 EXPECT_CONN_COUNT(1);
284
285 btw("MS also sends RP-ACK, MSC in turn sends CP-ACK for that");
286 dtap_expect_tx("0904");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]287 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]288 ms_sends_msg("890106020041020000");
289 VERBOSE_ASSERT(dtap_tx_confirmed, == true, "%d");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]290 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]291 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]292
293 btw("SMS is done, conn is gone");
294 EXPECT_CONN_COUNT(0);
295
296 BTW("subscriber detaches");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]297 expect_release_clear(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]298 ms_sends_msg("050130"
299 "089910070000106005" /* IMSI */);
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]300 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]301 ran_sends_clear_complete(via_ran);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]302
303 EXPECT_CONN_COUNT(0);
304 clear_vlr();
305}
306
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]307static void test_umts_authen_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]308{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]309 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]310 _test_umts_authen(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]311 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]312}
313
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]314static void test_umts_authen_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]315{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]316 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]317 _test_umts_authen(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]318 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]319}
320
321#define RECALC_AUTS 0
322
323#if RECALC_AUTS
324typedef uint8_t u8;
325extern int milenage_f2345(const u8 *opc, const u8 *k, const u8 *_rand,
326 u8 *res, u8 *ck, u8 *ik, u8 *ak, u8 *akstar);
327extern int milenage_f1(const u8 *opc, const u8 *k, const u8 *_rand,
328 const u8 *sqn, const u8 *amf, u8 *mac_a, u8 *mac_s);
329#endif
330
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]331static void _test_umts_authen_resync(enum osmo_rat_type via_ran)
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]332{
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]333 struct vlr_subscr *vsub;
334 const char *imsi = "901700000010650";
335
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]336 net->authentication_required = true;
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]337 net->vlr->cfg.assign_tmsi = true;
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]338 rx_from_ran = via_ran;
339
340 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
341 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]342 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]343 ms_sends_msg("0508" /* MM LU */
344 "7" /* ciph key seq: no key available */
345 "0" /* LU type: normal */
346 "ffffff" "0000" /* LAI, LAC */
347 "57" /* classmark 1: R99, early classmark, no power lvl */
348 "089910070000106005" /* IMSI */
349 "3303575886" /* classmark 2 */
350 );
351 OSMO_ASSERT(gsup_tx_confirmed);
352 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
353
354 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
355 /* based on auc_3g:
356 * K = 'EB215756028D60E3275E613320AEC880',
357 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
358 * SQN = 0
359 */
360 auth_request_sent = false;
361 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
362 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
363 gsup_rx("0a"
364 /* imsi */
365 "0108" "09710000000156f0"
366 /* auth vectors... */
367 /* TL TL rand */
368 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
369 /* TL sres TL kc */
370 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
371 /* TL 3G IK */
372 "2310" "27497388b6cb044648f396aa155b95ef"
373 /* TL 3G CK */
374 "2410" "f64735036e5871319c679f4742a75ea1"
375 /* TL AUTN */
376 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
377 /* TL RES */
378 "2708" "e229c19e791f2e41"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]379 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]380 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
381 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
382
383 /* The AUTN sent was 8704f5ba55f30000d2ee44b22c8ea919
384 * (see expected error output)
385 * with the first 6 bytes being SQN ^ AK.
386 * K = EB215756028D60E3275E613320AEC880
387 * OPC = FB2A3D1B360F599ABAB99DB8669F8308
388 * RAND = 39fa2f4e3d523d8619a73b4f65c3e14d
389 * --milenage-f5-->
390 * AK = 8704f5ba55f3
391 *
392 * The first six bytes are 8704f5ba55f3,
393 * and 8704f5ba55f3 ^ AK = 0.
394 * --> SQN = 0.
395 *
396 * Say the USIM doesn't like that, let's say it is at SQN 23.
397 * SQN_MS = 000000000017
398 *
399 * AUTS = Conc(SQN_MS) || MAC-S
400 * Conc(SQN_MS) = SQN_MS ⊕ f5*[K](RAND)
401 * MAC-S = f1*[K] (SQN MS || RAND || AMF)
402 *
403 * f5*--> Conc(SQN_MS) = 000000000017 ^ 979498b1f73a
404 * = 979498b1f72d
405 * AMF = 0000 (TS 33.102 v7.0.0, 6.3.3)
406 *
407 * MAC-S = f1*[K] (000000000017 || 39fa2f4e3d523d8619a73b4f65c3e14d || 0000)
408 * = 3e28c59fa2e72f9c
409 *
410 * AUTS = 979498b1f72d || 3e28c59fa2e72f9c
411 */
412#if RECALC_AUTS
413 uint8_t ak[6];
414 uint8_t akstar[6];
415 uint8_t opc[16];
416 uint8_t k[16];
417 uint8_t rand[16];
418 osmo_hexparse("EB215756028D60E3275E613320AEC880", k, sizeof(k));
419 osmo_hexparse("FB2A3D1B360F599ABAB99DB8669F8308", opc, sizeof(opc));
420 osmo_hexparse("39fa2f4e3d523d8619a73b4f65c3e14d", rand, sizeof(rand));
421 milenage_f2345(opc, k, rand, NULL, NULL, NULL, ak, akstar);
422 btw("ak = %s", osmo_hexdump_nospc(ak, sizeof(ak)));
423 btw("akstar = %s", osmo_hexdump_nospc(akstar, sizeof(akstar)));
424
425 uint8_t sqn_ms[6] = { 0, 0, 0, 0, 0, 23 };
426 uint8_t amf[2] = { 0 };
427 uint8_t mac_s[8];
428 milenage_f1(opc, k, rand, sqn_ms, amf, NULL, mac_s);
429 btw("mac_s = %s", osmo_hexdump_nospc(mac_s, sizeof(mac_s)));
430 /* verify valid AUTS resulting in SQN 23 with:
431 osmo-auc-gen -3 -a milenage -k EB215756028D60E3275E613320AEC880 \
432 -o FB2A3D1B360F599ABAB99DB8669F8308 \
433 -r 39fa2f4e3d523d8619a73b4f65c3e14d \
434 -A 979498b1f72d3e28c59fa2e72f9c
435 */
436#endif
437
438 btw("MS sends Authen Failure with Resync cause, VLR sends GSUP to HLR to resync");
439 auth_request_sent = false;
440 gsup_expect_tx("08" /* OSMO_GSUP_MSGT_SEND_AUTH_INFO_REQUEST */
441 "0108" "09710000000156f0" /* IMSI */
442 "260e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]443 "2010" "39fa2f4e3d523d8619a73b4f65c3e14d" /* RAND */
444 VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]445 ms_sends_msg("051c" /* 05 = MM; 1c = Auth Failure */
446 "15" /* cause = Synch Failure */
447 "220e" "979498b1f72d3e28c59fa2e72f9c" /* AUTS */);
448 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
449 VERBOSE_ASSERT(auth_request_sent, == false, "%d");
450 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
451
452 btw("HLR replies with new tuples");
453 auth_request_sent = false;
454 auth_request_expect_rand = "0f1feb1623e1bf626334e37ec448ac18";
455 auth_request_expect_autn = "02a83f62e9470000660d51afc75f169d";
456 gsup_rx("0a"
457 /* imsi */
458 "0108" "09710000000156f0"
459 /* 1 auth vector */
460 /* TL TL rand */
461 "0362" "2010" "0f1feb1623e1bf626334e37ec448ac18"
462 /* TL sres TL kc */
463 "2104" "efde99da" "2208" "14778c855c523730"
464 /* TL 3G IK */
465 "2310" "8a90c769b7272f3bb7a1c1fbb1ea9349"
466 /* TL 3G CK */
467 "2410" "43ffc1cf8c89a7fd6ab94bd8d6162cbf"
468 /* TL AUTN */
469 "2510" "02a83f62e9470000660d51afc75f169d"
470 /* TL RES */
471 "2708" "1df5f0b4f22b696e"
472 /* TL TL rand */
473 "0362" "2010" "ac21d34937b4e1142a2c757af2949319"
474 /* TL sres TL kc */
475 "2104" "7818bfdc" "2208" "d175571f41f314a4"
476 /* TL 3G IK */
477 "2310" "ff8edbceb6dd24799c77c3b9a6790c10"
478 /* TL 3G CK */
479 "2410" "157c39022ca9d885a7f0766a7dfee448"
480 /* TL AUTN */
481 "2510" "8a43b91898e500002cf354c6f5d1f8c3"
482 /* TL RES */
483 "2708" "f748a7078f5018db"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]484 HLR_TO_VLR,NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]485
486 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
487 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
488
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]489 if (via_ran == OSMO_RAT_GERAN_A) {
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]490 btw("MS sends Authen Response, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]491 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]492 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
493 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
494 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
495 } else {
496 /* On UTRAN */
497 btw("MS sends Authen Response, VLR accepts and sends SecurityModeControl");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]498 expect_security_mode_ctrl(NULL, "8a90c769b7272f3bb7a1c1fbb1ea9349");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]499 ms_sends_msg("0554" "1df5f0b4" "2104" "f22b696e");
Neels Hofmeyrdbabfd32018-03-10 02:06:47 +0100[diff] [blame]500 VERBOSE_ASSERT(security_mode_ctrl_sent, == true, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]501 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
502
503 btw("MS sends SecurityModeControl acceptance, VLR accepts and sends GSUP LU Req to HLR");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]504 gsup_expect_tx("04010809710000000156f0280102" VLR_TO_HLR);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]505 ms_sends_security_mode_complete();
506 VERBOSE_ASSERT(gsup_tx_confirmed, == true, "%d");
507 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
508 }
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]509
510 btw("HLR sends _INSERT_DATA_REQUEST, VLR responds with _INSERT_DATA_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]511 gsup_rx("10010809710000000156f00804032443f2" HLR_TO_VLR,
512 "12010809710000000156f0" VLR_TO_HLR);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]513 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
514
515 btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]516 gsup_rx("06010809710000000156f0" HLR_TO_VLR, NULL);
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]517
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]518 VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d");
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]519
520 btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl");
521 EXPECT_CONN_COUNT(1);
522 EXPECT_ACCEPTED(false);
523 thwart_rx_non_initial_requests();
524
525 btw("even though the TMSI is not acked, we can already find the subscr with it");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]526 vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]527 VERBOSE_ASSERT(vsub != NULL, == true, "%d");
528 VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d");
529 VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x");
530 VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x");
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame]531 vlr_subscr_put(vsub, __func__);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]532
533 btw("MS sends TMSI Realloc Complete");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]534 expect_release_clear(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]535 ms_sends_msg("055b");
Philipp Maierfbf66102017-04-09 12:32:51 +0200[diff] [blame]536 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]537 ran_sends_clear_complete(via_ran);
Neels Hofmeyr84da6b12016-05-20 21:59:55 +0200[diff] [blame]538
539 btw("LU was successful, and the conn has already been closed");
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]540 EXPECT_CONN_COUNT(0);
541
542 clear_vlr();
543}
544
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]545static void test_umts_authen_resync_geran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]546{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]547 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]548 _test_umts_authen_resync(OSMO_RAT_GERAN_A);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]549 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]550}
551
Neels Hofmeyrf3d81f62018-03-02 01:05:38 +0100[diff] [blame]552static void test_umts_authen_resync_utran()
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]553{
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]554 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]555 _test_umts_authen_resync(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrdfdc61d2018-03-02 00:40:58 +0100[diff] [blame]556 comment_end();
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]557}
558
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]559static void _test_umts_authen_too_short_res(enum osmo_rat_type via_ran)
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]560{
561 net->authentication_required = true;
562 net->vlr->cfg.assign_tmsi = true;
563 rx_from_ran = via_ran;
564
565 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
566 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]567 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]568 ms_sends_msg("0508" /* MM LU */
569 "7" /* ciph key seq: no key available */
570 "0" /* LU type: normal */
571 "ffffff" "0000" /* LAI, LAC */
572 "57" /* classmark 1: R99, early classmark, no power lvl */
573 "089910070000106005" /* IMSI */
574 "3303575886" /* classmark 2 */
575 );
576 OSMO_ASSERT(gsup_tx_confirmed);
577 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
578
579 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
580 /* based on auc_3g:
581 * K = 'EB215756028D60E3275E613320AEC880',
582 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
583 * SQN = 0
584 */
585 auth_request_sent = false;
586 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
587 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
588 gsup_rx("0a"
589 /* imsi */
590 "0108" "09710000000156f0"
591 /* 5 auth vectors... */
592 /* TL TL rand */
593 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
594 /* TL sres TL kc */
595 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
596 /* TL 3G IK */
597 "2310" "27497388b6cb044648f396aa155b95ef"
598 /* TL 3G CK */
599 "2410" "f64735036e5871319c679f4742a75ea1"
600 /* TL AUTN */
601 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
602 /* TL RES */
603 "2708" "e229c19e791f2e41"
604 /* TL TL rand */
605 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
606 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
607 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
608 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
609 "2510" "1843a645b98d00005b2d666af46c45d9"
610 "2708" "7db47cf7f81e4dc7"
611 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
612 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
613 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
614 "2410" "76542abce5ff9345b0e8947f4c6e019c"
615 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
616 "2708" "706f996719ba609c"
617 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
618 "2104" "d570c03f" "2208" "ec011be8919883d6"
619 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
620 "2410" "0593f65e752e5cb7f473862bda05aa0a"
621 "2510" "541ff1f077270000c5ea00d658bc7e9a"
622 "2708" "3fd26072eaa2a04d"
623 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
624 "2104" "b072446f220823f39f9f425ad6e6"
625 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
626 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
627 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]628 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]629 NULL);
630 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
631 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
632
633 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]634 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]635 expect_release_clear(via_ran);
636 ms_sends_msg("0554" "e229c19e" "2103" "791f2e" /* nipped one byte */);
637 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
638 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]639 ran_sends_clear_complete(via_ran);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]640
641 EXPECT_CONN_COUNT(0);
642 clear_vlr();
643}
644
645static void test_umts_authen_too_short_res_geran()
646{
647 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]648 _test_umts_authen_too_short_res(OSMO_RAT_GERAN_A);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]649 comment_end();
650}
651
652static void test_umts_authen_too_short_res_utran()
653{
654 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]655 _test_umts_authen_too_short_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]656 comment_end();
657}
658
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]659static void _test_umts_authen_too_long_res(enum osmo_rat_type via_ran)
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]660{
661 net->authentication_required = true;
662 net->vlr->cfg.assign_tmsi = true;
663 rx_from_ran = via_ran;
664
665 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
666 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]667 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]668 ms_sends_msg("0508" /* MM LU */
669 "7" /* ciph key seq: no key available */
670 "0" /* LU type: normal */
671 "ffffff" "0000" /* LAI, LAC */
672 "57" /* classmark 1: R99, early classmark, no power lvl */
673 "089910070000106005" /* IMSI */
674 "3303575886" /* classmark 2 */
675 );
676 OSMO_ASSERT(gsup_tx_confirmed);
677 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
678
679 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
680 /* based on auc_3g:
681 * K = 'EB215756028D60E3275E613320AEC880',
682 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
683 * SQN = 0
684 */
685 auth_request_sent = false;
686 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
687 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
688 gsup_rx("0a"
689 /* imsi */
690 "0108" "09710000000156f0"
691 /* 5 auth vectors... */
692 /* TL TL rand */
693 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
694 /* TL sres TL kc */
695 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
696 /* TL 3G IK */
697 "2310" "27497388b6cb044648f396aa155b95ef"
698 /* TL 3G CK */
699 "2410" "f64735036e5871319c679f4742a75ea1"
700 /* TL AUTN */
701 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
702 /* TL RES */
703 "2708" "e229c19e791f2e41"
704 /* TL TL rand */
705 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
706 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
707 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
708 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
709 "2510" "1843a645b98d00005b2d666af46c45d9"
710 "2708" "7db47cf7f81e4dc7"
711 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
712 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
713 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
714 "2410" "76542abce5ff9345b0e8947f4c6e019c"
715 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
716 "2708" "706f996719ba609c"
717 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
718 "2104" "d570c03f" "2208" "ec011be8919883d6"
719 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
720 "2410" "0593f65e752e5cb7f473862bda05aa0a"
721 "2510" "541ff1f077270000c5ea00d658bc7e9a"
722 "2708" "3fd26072eaa2a04d"
723 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
724 "2104" "b072446f220823f39f9f425ad6e6"
725 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
726 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
727 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]728 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]729 NULL);
730 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
731 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
732
733 btw("MS sends Authen Response of wrong RES size, VLR thwarts");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]734 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]735 expect_release_clear(via_ran);
736 ms_sends_msg("0554" "e229c19e" "2105" "791f2e4123" /* added one byte */);
737 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
738 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]739 ran_sends_clear_complete(via_ran);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]740
741 EXPECT_CONN_COUNT(0);
742 clear_vlr();
743}
744
745static void test_umts_authen_too_long_res_geran()
746{
747 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]748 _test_umts_authen_too_long_res(OSMO_RAT_GERAN_A);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]749 comment_end();
750}
751
752static void test_umts_authen_too_long_res_utran()
753{
754 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]755 _test_umts_authen_too_long_res(OSMO_RAT_UTRAN_IU);
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]756 comment_end();
757}
758
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]759static void _test_umts_authen_only_sres(enum osmo_rat_type via_ran)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]760{
761 net->authentication_required = true;
762 net->vlr->cfg.assign_tmsi = true;
763 rx_from_ran = via_ran;
764
765 btw("Location Update request causes a GSUP Send Auth Info request to HLR");
766 lu_result_sent = RES_NONE;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]767 gsup_expect_tx("080108" "09710000000156f0" VLR_TO_HLR);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]768 ms_sends_msg("0508" /* MM LU */
769 "7" /* ciph key seq: no key available */
770 "0" /* LU type: normal */
771 "ffffff" "0000" /* LAI, LAC */
772 "57" /* classmark 1: R99, early classmark, no power lvl */
773 "089910070000106005" /* IMSI */
774 "3303575886" /* classmark 2 */
775 );
776 OSMO_ASSERT(gsup_tx_confirmed);
777 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
778
779 btw("from HLR, rx _SEND_AUTH_INFO_RESULT; VLR sends Auth Req to MS");
780 /* based on auc_3g:
781 * K = 'EB215756028D60E3275E613320AEC880',
782 * OPC = 'FB2A3D1B360F599ABAB99DB8669F8308'
783 * SQN = 0
784 */
785 auth_request_sent = false;
786 auth_request_expect_rand = "39fa2f4e3d523d8619a73b4f65c3e14d";
787 auth_request_expect_autn = "8704f5ba55f30000d2ee44b22c8ea919";
788 gsup_rx("0a"
789 /* imsi */
790 "0108" "09710000000156f0"
791 /* 5 auth vectors... */
792 /* TL TL rand */
793 "0362" "2010" "39fa2f4e3d523d8619a73b4f65c3e14d"
794 /* TL sres TL kc */
795 "2104" "9b36efdf" "2208" "059a4f668f6fbe39"
796 /* TL 3G IK */
797 "2310" "27497388b6cb044648f396aa155b95ef"
798 /* TL 3G CK */
799 "2410" "f64735036e5871319c679f4742a75ea1"
800 /* TL AUTN */
801 "2510" "8704f5ba55f30000d2ee44b22c8ea919"
802 /* TL RES */
803 "2708" "e229c19e791f2e41"
804 /* TL TL rand */
805 "0362" "2010" "c187a53a5e6b9d573cac7c74451fd46d"
806 "2104" "85aa3130" "2208" "d3d50a000bf04f6e"
807 "2310" "1159ec926a50e98c034a6b7d7c9f418d"
808 "2410" "df3a03d9ca5335641efc8e36d76cd20b"
809 "2510" "1843a645b98d00005b2d666af46c45d9"
810 "2708" "7db47cf7f81e4dc7"
811 "0362" "2010" "efa9c29a9742148d5c9070348716e1bb"
812 "2104" "69d5f9fb" "2208" "3df176f0c29f1a3d"
813 "2310" "eb50e770ddcc3060101d2f43b6c2b884"
814 "2410" "76542abce5ff9345b0e8947f4c6e019c"
815 "2510" "f9375e6d41e1000096e7fe4ff1c27e39"
816 "2708" "706f996719ba609c"
817 "0362" "2010" "f023d5a3b24726e0631b64b3840f8253"
818 "2104" "d570c03f" "2208" "ec011be8919883d6"
819 "2310" "c4e58af4ba43f3bcd904e16984f086d7"
820 "2410" "0593f65e752e5cb7f473862bda05aa0a"
821 "2510" "541ff1f077270000c5ea00d658bc7e9a"
822 "2708" "3fd26072eaa2a04d"
823 "0362" "2010" "2f8f90c780d6a9c0c53da7ac57b6707e"
824 "2104" "b072446f220823f39f9f425ad6e6"
825 "2310" "65af0527fda95b0dc5ae4aa515cdf32f"
826 "2410" "537c3b35a3b13b08d08eeb28098f45cc"
827 "2510" "4bf4e564f75300009bc796706bc65744"
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]828 "2708" "0edb0eadbea94ac2" HLR_TO_VLR,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]829 NULL);
830 VERBOSE_ASSERT(auth_request_sent, == true, "%d");
831 VERBOSE_ASSERT(lu_result_sent, == RES_NONE, "%d");
832
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]833 if (via_ran == OSMO_RAT_GERAN_A)
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]834 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
835 " GERAN reports an SRES mismatch");
836 else
837 btw("MS sends Authen Response of wrong RES size, VLR thwarts:"
838 " UTRAN disallows GSM AKA altogether");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]839 gsup_expect_tx("0b010809710000000156f0" VLR_TO_HLR); /* OSMO_GSUP_MSGT_AUTH_FAIL_REPORT */
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]840 expect_release_clear(via_ran);
841 ms_sends_msg("0554" "e229c19e" /* Only the SRES half of the RES */);
842 VERBOSE_ASSERT(lu_result_sent, == RES_REJECT, "%d");
843 ASSERT_RELEASE_CLEAR(via_ran);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]844 ran_sends_clear_complete(via_ran);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]845
846 EXPECT_CONN_COUNT(0);
847 clear_vlr();
848}
849
850static void test_umts_authen_only_sres_geran()
851{
852 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]853 _test_umts_authen_only_sres(OSMO_RAT_GERAN_A);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]854 comment_end();
855}
856
857static void test_umts_authen_only_sres_utran()
858{
859 comment_start();
Neels Hofmeyr7814a832018-12-26 00:40:18 +0100[diff] [blame]860 _test_umts_authen_only_sres(OSMO_RAT_UTRAN_IU);
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]861 comment_end();
862}
863
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]864
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]865msc_vlr_test_func_t msc_vlr_tests[] = {
866 test_umts_authen_geran,
867 test_umts_authen_utran,
868 test_umts_authen_resync_geran,
869 test_umts_authen_resync_utran,
Neels Hofmeyr15ed4262018-03-10 04:02:44 +0100[diff] [blame]870 test_umts_authen_too_short_res_geran,
871 test_umts_authen_too_short_res_utran,
Neels Hofmeyrc6d20dd2018-03-10 04:03:43 +0100[diff] [blame]872 test_umts_authen_too_long_res_geran,
873 test_umts_authen_too_long_res_utran,
Neels Hofmeyr31adcae2018-03-10 04:08:45 +0100[diff] [blame]874 test_umts_authen_only_sres_geran,
875 test_umts_authen_only_sres_utran,
Neels Hofmeyr6a29d322017-01-25 15:04:16 +0100[diff] [blame]876 NULL
877};