Commit 15e299bd authored by fnabet's avatar fnabet

[OAI-UE] Authetification XOR Algo for usim test

parent bd8344b4
...@@ -117,6 +117,7 @@ typedef struct xer_sprint_string_s { ...@@ -117,6 +117,7 @@ typedef struct xer_sprint_string_s {
} xer_sprint_string_t; } xer_sprint_string_t;
extern unsigned char NB_eNB_INST; extern unsigned char NB_eNB_INST;
extern uint8_t usim_test;
uint16_t two_tier_hexagonal_cellIds[7] = {0,1,2,4,5,7,8}; uint16_t two_tier_hexagonal_cellIds[7] = {0,1,2,4,5,7,8};
uint16_t two_tier_hexagonal_adjacent_cellIds[7][6] = {{1,2,4,5,7,8}, // CellId 0 uint16_t two_tier_hexagonal_adjacent_cellIds[7][6] = {{1,2,4,5,7,8}, // CellId 0
...@@ -1268,7 +1269,10 @@ uint8_t do_RRCConnectionSetupComplete(uint8_t Mod_id, uint8_t *buffer, const uin ...@@ -1268,7 +1269,10 @@ uint8_t do_RRCConnectionSetupComplete(uint8_t Mod_id, uint8_t *buffer, const uin
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.nonCriticalExtension=CALLOC(1, rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.nonCriticalExtension=CALLOC(1,
sizeof(*rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.nonCriticalExtension)); sizeof(*rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.nonCriticalExtension));
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.selectedPLMN_Identity=2; if(usim_test == 0)
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.selectedPLMN_Identity= 2;
else
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.selectedPLMN_Identity= 1;
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.registeredMME = rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.registeredMME =
NULL;//calloc(1,sizeof(*rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.registeredMME)); NULL;//calloc(1,sizeof(*rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.registeredMME));
......
...@@ -227,6 +227,7 @@ int main (int argc, const char* argv[]) ...@@ -227,6 +227,7 @@ int main (int argc, const char* argv[])
usim_data.imsi.u.num.digit13 = 3; usim_data.imsi.u.num.digit13 = 3;
usim_data.imsi.u.num.digit14 = 4; usim_data.imsi.u.num.digit14 = 4;
usim_data.imsi.u.num.digit15 = 0xF; usim_data.imsi.u.num.digit15 = 0xF;
usim_data.usimtestmode = 1; // set usim in test mode in order to get the CMW500 K key
#endif #endif
/* /*
* Ciphering and Integrity Keys * Ciphering and Integrity Keys
......
...@@ -79,6 +79,7 @@ Description Implements the API used by the NAS layer to read/write ...@@ -79,6 +79,7 @@ Description Implements the API used by the NAS layer to read/write
#define USIM_API_K_SIZE 16 #define USIM_API_K_SIZE 16
//#define USIM_API_K_VALUE "fec86ba6eb707ed08905757b1bb44b8f" //#define USIM_API_K_VALUE "fec86ba6eb707ed08905757b1bb44b8f"
#define USIM_API_K_VALUE "8BAF473F2F8FD09487CCCBD7097C6862" #define USIM_API_K_VALUE "8BAF473F2F8FD09487CCCBD7097C6862"
#define TEST_USIM_API_K_VALUE "000102030405060708090a0b0c0d0e0f" // CMW500 K key
static uint8_t _usim_api_k[USIM_API_K_SIZE]; static uint8_t _usim_api_k[USIM_API_K_SIZE];
...@@ -143,7 +144,14 @@ int usim_api_read(usim_data_t* data) ...@@ -143,7 +144,14 @@ int usim_api_read(usim_data_t* data)
} }
/* initialize the subscriber authentication security key */ /* initialize the subscriber authentication security key */
if(data->usimtestmode == 0)
{
_usim_api_hex_string_to_hex_value(_usim_api_k, USIM_API_K_VALUE, USIM_API_K_SIZE); _usim_api_hex_string_to_hex_value(_usim_api_k, USIM_API_K_VALUE, USIM_API_K_SIZE);
}
else
{
_usim_api_hex_string_to_hex_value(_usim_api_k, TEST_USIM_API_K_VALUE, USIM_API_K_SIZE);
}
free(path); free(path);
LOG_FUNC_RETURN (RETURNok); LOG_FUNC_RETURN (RETURNok);
...@@ -188,6 +196,189 @@ int usim_api_write(const usim_data_t* data) ...@@ -188,6 +196,189 @@ int usim_api_write(const usim_data_t* data)
LOG_FUNC_RETURN (RETURNok); LOG_FUNC_RETURN (RETURNok);
} }
/****************************************************************************
** **
** Name: usim_api_authenticate_test() **
** **
** Description: Performs mutual authentication of the USIM to the network,**
** checking whether authentication token AUTN can be accep- **
** ted. If so, returns an authentication response RES and **
** the ciphering and integrity keys. **
** In case of synch failure, returns a re-synchronization **
** token AUTS. **
** **
** Key Generation for Test USIM based on 34.108 **
** **
** Authentication and key generating function algorithms are **
** specified in 3GPP TS 35.206. **
** **
** Inputs: rand_pP: Random challenge number **
** autn_pP: Authentication token **
** AUTN = (SQN xor AK) || AMF || MAC **
** 48 16 64 bits **
** Others: Security key **
** **
** Outputs: auts_pP: Re-synchronization token **
** res_pP: Authentication response **
** ck_pP: Ciphering key **
** ik_pP Integrity key **
** **
** Return: RETURNerror, RETURNok **
** Others: None **
** **
***************************************************************************/
int usim_api_authenticate_test(const OctetString* rand_pP, const OctetString* autn_pP,
OctetString* auts_pP, OctetString* res_pP,
OctetString* ck_pP, OctetString* ik_pP)
{
LOG_FUNC_IN;
int rc;
int i;
LOG_TRACE(INFO, "USIM-API - rand :%s",dump_octet_string(rand_pP));
LOG_TRACE(INFO, "USIM-API - autn :%s",dump_octet_string(autn_pP));
//step1: XDOUT = RAND xor K
// RES = XDOUT
for (i=0; i<USIM_API_K_SIZE; i++)
{
res_pP->value[i] = rand_pP->value[i] ^ _usim_api_k[i];
}
//step2: res = f2(xdout,n)
// ck = f3(xdout)
// ik = f4(xdout)
// ak = f5(xdout)
u8 ak[USIM_API_AK_SIZE];
for (i=0; i<15; i++)
{
ck_pP->value[i] = res_pP->value[i+1];
}
ck_pP->value[15] = res_pP->value[0];
for (i=0; i<14; i++)
{
ik_pP->value[i] = res_pP->value[i+2];
}
ik_pP->value[14] = res_pP->value[0];
ik_pP->value[15] = res_pP->value[1];
for (i=0; i<USIM_API_AK_SIZE; i++)
{
ak[i] = res_pP->value[i+3];
}
LOG_TRACE(INFO, "USIM-API - res(f2) :%s",dump_octet_string(res_pP));
LOG_TRACE(INFO, "USIM-API - ck(f3) :%s",dump_octet_string(ck_pP));
LOG_TRACE(INFO, "USIM-API - ik(f4) :%s",dump_octet_string(ik_pP));
LOG_TRACE(INFO, "USIM-API - ak(f5) : %02X%02X%02X%02X%02X%02X",
ak[0],ak[1],ak[2],ak[3],ak[4],ak[5]);
//step3: concatenate SQN with AMP SQN||AMF
// SQN = AUTN xor ak
u8 sqn[USIM_API_SQN_SIZE];
for (i = 0; i < USIM_API_SQN_SIZE; i++) {
sqn[i] = autn_pP->value[i] ^ ak[i];
}
LOG_TRACE(INFO, "USIM-API - Retrieved SQN %02X%02X%02X%02X%02X%02X",
sqn[0],sqn[1],sqn[2],sqn[3],sqn[4],sqn[5]);
LOG_TRACE(INFO, "USIM-API - Retrieved AMF %02X%02X",
autn_pP->value[USIM_API_SQN_SIZE],autn_pP->value[USIM_API_SQN_SIZE+1]);
#define USIM_API_XMAC_SIZE 8
u8 cdout[USIM_API_XMAC_SIZE];
for (i = 0; i < USIM_API_XMAC_SIZE; i++)
{
if(i < USIM_API_SQN_SIZE)
{
cdout[i] = sqn[i];
}
else
{
cdout[i] = autn_pP->value[i];
}
}
LOG_TRACE(INFO, "USIM-API - Retrieved CDOUT %02X%02X%02X%02X%02X%02X%02X%02X",
cdout[0],cdout[1],cdout[2],cdout[3],cdout[4],cdout[5],cdout[6],cdout[7]);
//step4:calculate XMAC from cdout and xdout
u8 xmac[USIM_API_XMAC_SIZE];
for(i = 0; i < USIM_API_XMAC_SIZE; i++)
{
xmac[i] = res_pP->value[i] ^ cdout[i];
}
LOG_TRACE(INFO,
"USIM-API - Computed XMAC %02X%02X%02X%02X%02X%02X%02X%02X",
xmac[0],xmac[1],xmac[2],xmac[3],
xmac[4],xmac[5],xmac[6],xmac[7]);
/* Compare the XMAC with the MAC included in AUTN */
#define USIM_API_AMF_SIZE 2
if ( memcmp(xmac, &autn_pP->value[USIM_API_SQN_SIZE + USIM_API_AMF_SIZE],
USIM_API_XMAC_SIZE) != 0 ) {
LOG_TRACE(INFO,
"USIM-API - Comparing the XMAC with the MAC included in AUTN Failed");
rc = RETURNerror;
//LOG_FUNC_RETURN (RETURNerror);
} else {
LOG_TRACE(INFO,
"USIM-API - Comparing the XMAC with the MAC included in AUTN Succeeded");
/* Verify that the received sequence number SQN is in the correct range */
rc = _usim_api_check_sqn(*(uint32_t*)(sqn), sqn[USIM_API_SQN_SIZE - 1]);
}
if (rc != RETURNok) {
/* Synchronisation failure; compute the AUTS parameter */
/* Concealed value of the counter SQNms in the USIM:
* Conc(SQNMS) = SQNMS ⊕ f5*K(RAND) */
f5star(_usim_api_k, rand_pP->value, ak);
u8 sqn_ms[USIM_API_SQNMS_SIZE];
memset(sqn_ms, 0, USIM_API_SQNMS_SIZE);
//#define USIM_API_SQN_MS_SIZE 3
printf("_usim_api_data.sqn_ms %p\n",_usim_api_data.sqn_ms);
for (i = 0; i < USIM_API_SQNMS_SIZE; i++) {
//#warning "LG:BUG HERE TODO"
printf("i %d: ((uint8_t*)(_usim_api_data.sqn_ms))[USIM_API_SQNMS_SIZE - i] %d\n",i, ((uint8_t*)(_usim_api_data.sqn_ms))[USIM_API_SQNMS_SIZE - i]);
sqn_ms[USIM_API_SQNMS_SIZE - i] =
((uint8_t*)(_usim_api_data.sqn_ms))[USIM_API_SQNMS_SIZE - i];
}
u8 sqnms[USIM_API_SQNMS_SIZE];
for (i = 0; i < USIM_API_SQNMS_SIZE; i++) {
sqnms[i] = sqn_ms[i] ^ ak[i];
}
LOG_TRACE(DEBUG, "USIM-API - SQNms %02X%02X%02X%02X%02X%02X",
sqnms[0],sqnms[1],sqnms[2],sqnms[3],sqnms[4],sqnms[5]);
/* Synchronisation message authentication code:
* MACS = f1*K(SQNMS || RAND || AMF) */
#define USIM_API_MACS_SIZE USIM_API_XMAC_SIZE
u8 macs[USIM_API_MACS_SIZE];
f1star(_usim_api_k, rand_pP->value, sqn_ms,
&rand_pP->value[USIM_API_SQN_SIZE], macs);
LOG_TRACE(DEBUG, "USIM-API - MACS %02X%02X%02X%02X%02X%02X%02X%02X",
macs[0],macs[1],macs[2],macs[3],
macs[4],macs[5],macs[6],macs[7]);
/* Synchronisation authentication token:
* AUTS = Conc(SQNMS) || MACS */
memcpy(&auts_pP->value[0], sqnms, USIM_API_SQNMS_SIZE);
memcpy(&auts_pP->value[USIM_API_SQNMS_SIZE], macs, USIM_API_MACS_SIZE);
auts_pP->length = USIM_API_SQNMS_SIZE + USIM_API_MACS_SIZE;
LOG_FUNC_RETURN (RETURNerror);
}
LOG_FUNC_RETURN (RETURNok);
}
/**************************************************************************** /****************************************************************************
** ** ** **
** Name: usim_api_authenticate() ** ** Name: usim_api_authenticate() **
......
...@@ -334,6 +334,8 @@ typedef struct { ...@@ -334,6 +334,8 @@ typedef struct {
usim_epsloci_t epsloci; usim_epsloci_t epsloci;
/* Non-Access Stratum configuration */ /* Non-Access Stratum configuration */
usim_nasconfig_t nasconfig; usim_nasconfig_t nasconfig;
/* usim test mode */
uint8_t usimtestmode;
} usim_data_t; } usim_data_t;
/****************************************************************************/ /****************************************************************************/
...@@ -351,5 +353,8 @@ int usim_api_write(const usim_data_t* data); ...@@ -351,5 +353,8 @@ int usim_api_write(const usim_data_t* data);
int usim_api_authenticate(const OctetString* rand, const OctetString* autn, int usim_api_authenticate(const OctetString* rand, const OctetString* autn,
OctetString* auts, OctetString* res, OctetString* auts, OctetString* res,
OctetString* ck, OctetString* ik); OctetString* ck, OctetString* ik);
int usim_api_authenticate_test(const OctetString* rand, const OctetString* autn,
OctetString* auts, OctetString* res,
OctetString* ck, OctetString* ik);
#endif /* __USIM_API_H__*/ #endif /* __USIM_API_H__*/
...@@ -86,6 +86,8 @@ extern void *_emm_service_t3417_handler(void *); ...@@ -86,6 +86,8 @@ extern void *_emm_service_t3417_handler(void *);
extern void *_emm_detach_t3421_handler(void *); extern void *_emm_detach_t3421_handler(void *);
extern void *_emm_tau_t3430_handler(void *); extern void *_emm_tau_t3430_handler(void *);
extern uint8_t usim_test;
/****************************************************************************/ /****************************************************************************/
/******************* L O C A L D E F I N I T I O N S *******************/ /******************* L O C A L D E F I N I T I O N S *******************/
/****************************************************************************/ /****************************************************************************/
...@@ -240,8 +242,15 @@ int emm_proc_authentication_request(int native_ksi, int ksi, ...@@ -240,8 +242,15 @@ int emm_proc_authentication_request(int native_ksi, int ksi,
* of the core network by means of the received AUTN parameter and * of the core network by means of the received AUTN parameter and
* request the USIM to compute RES, CK and IK for given RAND * request the USIM to compute RES, CK and IK for given RAND
*/ */
if(usim_test == 0)
{
rc = usim_api_authenticate(rand, autn, &auts, &res, &ck, &ik); rc = usim_api_authenticate(rand, autn, &auts, &res, &ck, &ik);
} }
else
{
rc = usim_api_authenticate_test(rand, autn, &auts, &res, &ck, &ik); // XOR algo for autentication on usim test mode
}
}
if (rc != RETURNok) { if (rc != RETURNok) {
/* /*
......
...@@ -62,6 +62,7 @@ Description Implements the EPS Mobility Management procedures executed ...@@ -62,6 +62,7 @@ Description Implements the EPS Mobility Management procedures executed
/****************************************************************************/ /****************************************************************************/
/**************** E X T E R N A L D E F I N I T I O N S ****************/ /**************** E X T E R N A L D E F I N I T I O N S ****************/
/****************************************************************************/ /****************************************************************************/
extern uint8_t usim_test;
/****************************************************************************/ /****************************************************************************/
/******************* L O C A L D E F I N I T I O N S *******************/ /******************* L O C A L D E F I N I T I O N S *******************/
...@@ -116,7 +117,14 @@ int EmmDeregisteredNormalService(const emm_reg_t *evt) ...@@ -116,7 +117,14 @@ int EmmDeregisteredNormalService(const emm_reg_t *evt)
/* /*
* Initiate the attach procedure for EPS services * Initiate the attach procedure for EPS services
*/ */
if(usim_test == 0)
{
rc = emm_proc_attach(EMM_ATTACH_TYPE_EPS); rc = emm_proc_attach(EMM_ATTACH_TYPE_EPS);
}
else
{
rc = emm_proc_attach(EMM_ATTACH_TYPE_IMSI); // CMW500 IMSI initial attach expected
}
break; break;
case _EMMREG_ATTACH_REQ: case _EMMREG_ATTACH_REQ:
......
...@@ -59,6 +59,7 @@ Description Defines the EPS Mobility Management procedure call manager, ...@@ -59,6 +59,7 @@ Description Defines the EPS Mobility Management procedure call manager,
/****************************************************************************/ /****************************************************************************/
/**************** E X T E R N A L D E F I N I T I O N S ****************/ /**************** E X T E R N A L D E F I N I T I O N S ****************/
/****************************************************************************/ /****************************************************************************/
extern uint8_t usim_test;
/****************************************************************************/ /****************************************************************************/
/******************* L O C A L D E F I N I T I O N S *******************/ /******************* L O C A L D E F I N I T I O N S *******************/
...@@ -166,6 +167,7 @@ void emm_main_initialize(emm_indication_callback_t cb, const char *imei) ...@@ -166,6 +167,7 @@ void emm_main_initialize(emm_indication_callback_t cb, const char *imei)
/* /*
* Get USIM application data * Get USIM application data
*/ */
_usim_data.usimtestmode = usim_test;
if ( usim_api_read(&_usim_data) != RETURNok ) { if ( usim_api_read(&_usim_data) != RETURNok ) {
/* The USIM application may not be present or not valid */ /* The USIM application may not be present or not valid */
LOG_TRACE(WARNING, "EMM-MAIN - Failed to read USIM application data"); LOG_TRACE(WARNING, "EMM-MAIN - Failed to read USIM application data");
......
...@@ -212,6 +212,7 @@ char rf_config_file[1024]; ...@@ -212,6 +212,7 @@ char rf_config_file[1024];
int chain_offset=0; int chain_offset=0;
int phy_test = 0; int phy_test = 0;
uint8_t usim_test = 0;
char ref[128] = "internal"; char ref[128] = "internal";
...@@ -387,6 +388,7 @@ void help (void) { ...@@ -387,6 +388,7 @@ void help (void) {
printf(" --loop-memory get softmodem (UE) to loop through memory instead of acquiring from HW\n"); printf(" --loop-memory get softmodem (UE) to loop through memory instead of acquiring from HW\n");
printf(" --mmapped-dma sets flag for improved EXMIMO UE performance\n"); printf(" --mmapped-dma sets flag for improved EXMIMO UE performance\n");
printf(" --single-thread runs lte-softmodem in only one thread\n"); printf(" --single-thread runs lte-softmodem in only one thread\n");
printf(" --usim-test use XOR autentication algo in case of test usim mode\n");
printf(" -C Set the downlink frequency for all component carriers\n"); printf(" -C Set the downlink frequency for all component carriers\n");
printf(" -d Enable soft scope and L1 and L2 stats (Xforms)\n"); printf(" -d Enable soft scope and L1 and L2 stats (Xforms)\n");
printf(" -F Calibrate the EXMIMO borad, available files: exmimo2_2arxg.lime exmimo2_2brxg.lime \n"); printf(" -F Calibrate the EXMIMO borad, available files: exmimo2_2arxg.lime exmimo2_2brxg.lime \n");
...@@ -693,6 +695,7 @@ static void get_options (int argc, char **argv) ...@@ -693,6 +695,7 @@ static void get_options (int argc, char **argv)
LONG_OPTION_DUMP_FRAME, LONG_OPTION_DUMP_FRAME,
LONG_OPTION_LOOPMEMORY, LONG_OPTION_LOOPMEMORY,
LONG_OPTION_PHYTEST, LONG_OPTION_PHYTEST,
LONG_OPTION_USIMTEST,
LONG_OPTION_MMAPPED_DMA, LONG_OPTION_MMAPPED_DMA,
LONG_OPTION_SINGLE_THREAD, LONG_OPTION_SINGLE_THREAD,
#if T_TRACER #if T_TRACER
...@@ -719,6 +722,7 @@ static void get_options (int argc, char **argv) ...@@ -719,6 +722,7 @@ static void get_options (int argc, char **argv)
{"ue-dump-frame", no_argument, NULL, LONG_OPTION_DUMP_FRAME}, {"ue-dump-frame", no_argument, NULL, LONG_OPTION_DUMP_FRAME},
{"loop-memory", required_argument, NULL, LONG_OPTION_LOOPMEMORY}, {"loop-memory", required_argument, NULL, LONG_OPTION_LOOPMEMORY},
{"phy-test", no_argument, NULL, LONG_OPTION_PHYTEST}, {"phy-test", no_argument, NULL, LONG_OPTION_PHYTEST},
{"usim-test", no_argument, NULL, LONG_OPTION_USIMTEST},
{"mmapped-dma", no_argument, NULL, LONG_OPTION_MMAPPED_DMA}, {"mmapped-dma", no_argument, NULL, LONG_OPTION_MMAPPED_DMA},
{"single-thread", no_argument, NULL, LONG_OPTION_SINGLE_THREAD}, {"single-thread", no_argument, NULL, LONG_OPTION_SINGLE_THREAD},
#if T_TRACER #if T_TRACER
...@@ -818,6 +822,9 @@ static void get_options (int argc, char **argv) ...@@ -818,6 +822,9 @@ static void get_options (int argc, char **argv)
phy_test = 1; phy_test = 1;
break; break;
case LONG_OPTION_USIMTEST:
usim_test = 1;
break;
case LONG_OPTION_MMAPPED_DMA: case LONG_OPTION_MMAPPED_DMA:
mmapped_dma = 1; mmapped_dma = 1;
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment