Commit 5bdfa812 authored by Bilel's avatar Bilel

Merge branch '39-autentication-failure-in-case-of-usim-test' into 'develop1B'

[OAI-UE] Authetification XOR Algo for usim test

Closes #39

See merge request !10
parents bd8344b4 15e299bd
Branches unavailable
2024.w06 2024.w05 2024.w04 2024.w03 2024.w02 2024.w01 2023.w51 2023.w50 2023.w49 2023.w48 2023.w47 2023.w45 2023.w43 2023.w42 2023.w41 2023.w40 2023.w39 2023.w38 2023.w37 2023.w36 2023.w34 2023.w33 2023.w32 2023.w31 2023.w30 2023.w29 2023.w28 2023.w27 2023.w26 2023.w25 2023.w24 2023.w23 2023.w22 2023.w21 2023.w20 2023.w19 2023.w18 2023.w18b 2023.w16 2023.w15 2023.w14 2023.w13 2023.w12 2023.w11 2023.w11b 2023.w10 2023.w10b 2023.w09 2023.w08 2023.w08b 2023.w07 2023.w06 2023.w05 2023.w03 2023.w02 2022.42 2022.41 2022.w51 2022.w50 2022.w49 2022.w48 2022.w47 2022.w46 2022.w45 2022.w43 2022.w42 2022.w42b 2022.w41 2022.w40 2022.w39 2022.w38 2022.w37 2022.w37b 2022.w36 2022.w35 2022.w33 2022.w32 2022.w31 2022.w31b 2022.w30 2022.w29 2022.w26 2022.w25 2022.w24 2022.w24b 2022.w23 2022.w22 2022.w21 2022.w20 2022.w19 2022.w18 2022.w17 2022.w15 2022.w15b 2022.w14a 2022.w13 2022.w13b 2022.w13a 2022.w12 2022.w10 2022.w09 2022.w09b 2022.w08 2022.w08b 2022.w07 2022.w07b 2022.w06 2022.w06a 2022.w05 2022.w05b 2022.w03_hotfix 2022.w03_b 2022.w02 2022.w01 2021.wk46 2021.wk14_a 2021.wk13_d 2021.wk13_c 2021.w51_c 2021.w51_a 2021.w50_a 2021.w49_b 2021.w49_a 2021.w48 2021.w47 2021.w46 2021.w46-powder 2021.w45 2021.w45_b 2021.w44 2021.w43 2021.w42 2021.w37 2021.w36 2021.w35 2021.w34 2021.w33 2021.w32 2021.w31 2021.w30 2021.w29 2021.w28 2021.w27 2021.w26 2021.w25 2021.w24 2021.w23 2021.w22 2021.w20 2021.w19 2021.w18_b 2021.w18_a 2021.w17_b 2021.w16 2021.w15 2021.w14 2021.w13_a 2021.w12 2021.w11 2021.w10 2021.w09 2021.w08 2021.w06 2021.w05 2021.w04 2021.w02 2020.w51_2 2020.w51 2020.w50 2020.w49 2020.w48_2 2020.w48 2020.w47 2020.w46_2 2020.w46 2020.w45_2 2020.w45 2020.w44 2020.w42_2 2020.w42 2020.w41 2020.w39 2020.w38 2020.w37 2020.w36 2020.w34 2020.w33 2020.w31 2020.w30 2020.w29 2020.w28 2020.w26 2020.w25 2020.w24 2020.w23 2020.w22 2020.w19 2020.w17 2020.w16 2020.w15 2020.w11 2020.w09 2020.w06 2020.w05 2020.w04 2020.w03 2019.w51 2019.w44 2019.w41 2019.w36 2019.w30 2019.w28 2019.w27 2019.w25 2019.w23 2019.w21 2019.w17 2019.w15 2019.w13 2019.w11 2019.w10 2019.w09 2019.w08 2019.w07 2019.w06 2019.w04 2019.w03 2018.w51 2018.w48 2018.w47 2018.w46 2018.w44 2018.w41 2018.w40 2018.w39 2018.w36 2018.w33 2018.w31 2018.w29 2018.w25 2018.w19 2018.w15 2018.w12 2018.w11 2018.w10 2018.w09 2018.w08 2018.w07 2018.w06 2018.w05 2018.w04 2018.w03 2018.w02 2017.w48 2017.w46 2017.w43 2017.w42 2017.w34 2017.w30 2017.w25 2017.w24 2017.w22 2017.w20 2017.w19 2017.w15 2017.w14 2017.w13 2017.w12 2017.w11 2017.w10 2017.w09 2017.w08 2017.w07 2017.w06 2017.w05 2017.w04 2017.w03 2017.w02 2017.w01 2016.w50 2016.w49 v2.1.0 v2.0.0 v1.2.2 v1.2.1 v1.2.0 v1.1.1 v1.1.0 v1.0.3 v1.0.2 v1.0.1 v1.0.0 v1B0.8 v1B0.7 v1B0.6 v1B0.5 v1B0.4 v1B0.3 v1B0.2 v1B0.1 v0.6.1 v0.6.1_tdd v0.6 setparam osa-etsi-ws-ue osa-etsi-ws-try2 osa-etsi-ws-try1 osa-etsi-ws-gNB oai_nr_sync nr-ip-over-lte nr-ip-over-lte-v.1.5 nr-ip-over-lte-v.1.4 nr-ip-over-lte-v.1.3 nr-ip-over-lte-v.1.2 nr-ip-over-lte-v.1.1 nr-ip-over-lte-v.1.0 flexran-eol develop-nr-pdcch develop-nr-2020w03 develop-nr-2020w02 develop-nr-2019w51 develop-nr-2019w50 develop-nr-2019w48 develop-nr-2019w47 develop-nr-2019w45 develop-nr-2019w43 develop-nr-2019w42 develop-nr-2019w40 develop-nr-2019w28 develop-nr-2019w23 benetel_phase_rotation benetel_gnb_rel_2.0 benetel_gnb_rel_1.0 benetel_enb_rel_2.0 benetel_enb_rel_1.0
......@@ -117,6 +117,7 @@ typedef struct xer_sprint_string_s {
} xer_sprint_string_t;
extern unsigned char NB_eNB_INST;
extern uint8_t usim_test;
uint16_t two_tier_hexagonal_cellIds[7] = {0,1,2,4,5,7,8};
uint16_t two_tier_hexagonal_adjacent_cellIds[7][6] = {{1,2,4,5,7,8}, // CellId 0
......@@ -1268,7 +1269,10 @@ uint8_t do_RRCConnectionSetupComplete(uint8_t Mod_id, uint8_t *buffer, const uin
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.nonCriticalExtension=CALLOC(1,
sizeof(*rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.nonCriticalExtension));
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.selectedPLMN_Identity=2;
if(usim_test == 0)
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.selectedPLMN_Identity= 2;
else
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.selectedPLMN_Identity= 1;
rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.registeredMME =
NULL;//calloc(1,sizeof(*rrcConnectionSetupComplete->criticalExtensions.choice.c1.choice.rrcConnectionSetupComplete_r8.registeredMME));
......
......@@ -227,6 +227,7 @@ int main (int argc, const char* argv[])
usim_data.imsi.u.num.digit13 = 3;
usim_data.imsi.u.num.digit14 = 4;
usim_data.imsi.u.num.digit15 = 0xF;
usim_data.usimtestmode = 1; // set usim in test mode in order to get the CMW500 K key
#endif
/*
* Ciphering and Integrity Keys
......
......@@ -79,6 +79,7 @@ Description Implements the API used by the NAS layer to read/write
#define USIM_API_K_SIZE 16
//#define USIM_API_K_VALUE "fec86ba6eb707ed08905757b1bb44b8f"
#define USIM_API_K_VALUE "8BAF473F2F8FD09487CCCBD7097C6862"
#define TEST_USIM_API_K_VALUE "000102030405060708090a0b0c0d0e0f" // CMW500 K key
static uint8_t _usim_api_k[USIM_API_K_SIZE];
......@@ -143,7 +144,14 @@ int usim_api_read(usim_data_t* data)
}
/* initialize the subscriber authentication security key */
_usim_api_hex_string_to_hex_value(_usim_api_k, USIM_API_K_VALUE, USIM_API_K_SIZE);
if(data->usimtestmode == 0)
{
_usim_api_hex_string_to_hex_value(_usim_api_k, USIM_API_K_VALUE, USIM_API_K_SIZE);
}
else
{
_usim_api_hex_string_to_hex_value(_usim_api_k, TEST_USIM_API_K_VALUE, USIM_API_K_SIZE);
}
free(path);
LOG_FUNC_RETURN (RETURNok);
......@@ -188,6 +196,189 @@ int usim_api_write(const usim_data_t* data)
LOG_FUNC_RETURN (RETURNok);
}
/****************************************************************************
** **
** Name: usim_api_authenticate_test() **
** **
** Description: Performs mutual authentication of the USIM to the network,**
** checking whether authentication token AUTN can be accep- **
** ted. If so, returns an authentication response RES and **
** the ciphering and integrity keys. **
** In case of synch failure, returns a re-synchronization **
** token AUTS. **
** **
** Key Generation for Test USIM based on 34.108 **
** **
** Authentication and key generating function algorithms are **
** specified in 3GPP TS 35.206. **
** **
** Inputs: rand_pP: Random challenge number **
** autn_pP: Authentication token **
** AUTN = (SQN xor AK) || AMF || MAC **
** 48 16 64 bits **
** Others: Security key **
** **
** Outputs: auts_pP: Re-synchronization token **
** res_pP: Authentication response **
** ck_pP: Ciphering key **
** ik_pP Integrity key **
** **
** Return: RETURNerror, RETURNok **
** Others: None **
** **
***************************************************************************/
int usim_api_authenticate_test(const OctetString* rand_pP, const OctetString* autn_pP,
OctetString* auts_pP, OctetString* res_pP,
OctetString* ck_pP, OctetString* ik_pP)
{
LOG_FUNC_IN;
int rc;
int i;
LOG_TRACE(INFO, "USIM-API - rand :%s",dump_octet_string(rand_pP));
LOG_TRACE(INFO, "USIM-API - autn :%s",dump_octet_string(autn_pP));
//step1: XDOUT = RAND xor K
// RES = XDOUT
for (i=0; i<USIM_API_K_SIZE; i++)
{
res_pP->value[i] = rand_pP->value[i] ^ _usim_api_k[i];
}
//step2: res = f2(xdout,n)
// ck = f3(xdout)
// ik = f4(xdout)
// ak = f5(xdout)
u8 ak[USIM_API_AK_SIZE];
for (i=0; i<15; i++)
{
ck_pP->value[i] = res_pP->value[i+1];
}
ck_pP->value[15] = res_pP->value[0];
for (i=0; i<14; i++)
{
ik_pP->value[i] = res_pP->value[i+2];
}
ik_pP->value[14] = res_pP->value[0];
ik_pP->value[15] = res_pP->value[1];
for (i=0; i<USIM_API_AK_SIZE; i++)
{
ak[i] = res_pP->value[i+3];
}
LOG_TRACE(INFO, "USIM-API - res(f2) :%s",dump_octet_string(res_pP));
LOG_TRACE(INFO, "USIM-API - ck(f3) :%s",dump_octet_string(ck_pP));
LOG_TRACE(INFO, "USIM-API - ik(f4) :%s",dump_octet_string(ik_pP));
LOG_TRACE(INFO, "USIM-API - ak(f5) : %02X%02X%02X%02X%02X%02X",
ak[0],ak[1],ak[2],ak[3],ak[4],ak[5]);
//step3: concatenate SQN with AMP SQN||AMF
// SQN = AUTN xor ak
u8 sqn[USIM_API_SQN_SIZE];
for (i = 0; i < USIM_API_SQN_SIZE; i++) {
sqn[i] = autn_pP->value[i] ^ ak[i];
}
LOG_TRACE(INFO, "USIM-API - Retrieved SQN %02X%02X%02X%02X%02X%02X",
sqn[0],sqn[1],sqn[2],sqn[3],sqn[4],sqn[5]);
LOG_TRACE(INFO, "USIM-API - Retrieved AMF %02X%02X",
autn_pP->value[USIM_API_SQN_SIZE],autn_pP->value[USIM_API_SQN_SIZE+1]);
#define USIM_API_XMAC_SIZE 8
u8 cdout[USIM_API_XMAC_SIZE];
for (i = 0; i < USIM_API_XMAC_SIZE; i++)
{
if(i < USIM_API_SQN_SIZE)
{
cdout[i] = sqn[i];
}
else
{
cdout[i] = autn_pP->value[i];
}
}
LOG_TRACE(INFO, "USIM-API - Retrieved CDOUT %02X%02X%02X%02X%02X%02X%02X%02X",
cdout[0],cdout[1],cdout[2],cdout[3],cdout[4],cdout[5],cdout[6],cdout[7]);
//step4:calculate XMAC from cdout and xdout
u8 xmac[USIM_API_XMAC_SIZE];
for(i = 0; i < USIM_API_XMAC_SIZE; i++)
{
xmac[i] = res_pP->value[i] ^ cdout[i];
}
LOG_TRACE(INFO,
"USIM-API - Computed XMAC %02X%02X%02X%02X%02X%02X%02X%02X",
xmac[0],xmac[1],xmac[2],xmac[3],
xmac[4],xmac[5],xmac[6],xmac[7]);
/* Compare the XMAC with the MAC included in AUTN */
#define USIM_API_AMF_SIZE 2
if ( memcmp(xmac, &autn_pP->value[USIM_API_SQN_SIZE + USIM_API_AMF_SIZE],
USIM_API_XMAC_SIZE) != 0 ) {
LOG_TRACE(INFO,
"USIM-API - Comparing the XMAC with the MAC included in AUTN Failed");
rc = RETURNerror;
//LOG_FUNC_RETURN (RETURNerror);
} else {
LOG_TRACE(INFO,
"USIM-API - Comparing the XMAC with the MAC included in AUTN Succeeded");
/* Verify that the received sequence number SQN is in the correct range */
rc = _usim_api_check_sqn(*(uint32_t*)(sqn), sqn[USIM_API_SQN_SIZE - 1]);
}
if (rc != RETURNok) {
/* Synchronisation failure; compute the AUTS parameter */
/* Concealed value of the counter SQNms in the USIM:
* Conc(SQNMS) = SQNMS ⊕ f5*K(RAND) */
f5star(_usim_api_k, rand_pP->value, ak);
u8 sqn_ms[USIM_API_SQNMS_SIZE];
memset(sqn_ms, 0, USIM_API_SQNMS_SIZE);
//#define USIM_API_SQN_MS_SIZE 3
printf("_usim_api_data.sqn_ms %p\n",_usim_api_data.sqn_ms);
for (i = 0; i < USIM_API_SQNMS_SIZE; i++) {
//#warning "LG:BUG HERE TODO"
printf("i %d: ((uint8_t*)(_usim_api_data.sqn_ms))[USIM_API_SQNMS_SIZE - i] %d\n",i, ((uint8_t*)(_usim_api_data.sqn_ms))[USIM_API_SQNMS_SIZE - i]);
sqn_ms[USIM_API_SQNMS_SIZE - i] =
((uint8_t*)(_usim_api_data.sqn_ms))[USIM_API_SQNMS_SIZE - i];
}
u8 sqnms[USIM_API_SQNMS_SIZE];
for (i = 0; i < USIM_API_SQNMS_SIZE; i++) {
sqnms[i] = sqn_ms[i] ^ ak[i];
}
LOG_TRACE(DEBUG, "USIM-API - SQNms %02X%02X%02X%02X%02X%02X",
sqnms[0],sqnms[1],sqnms[2],sqnms[3],sqnms[4],sqnms[5]);
/* Synchronisation message authentication code:
* MACS = f1*K(SQNMS || RAND || AMF) */
#define USIM_API_MACS_SIZE USIM_API_XMAC_SIZE
u8 macs[USIM_API_MACS_SIZE];
f1star(_usim_api_k, rand_pP->value, sqn_ms,
&rand_pP->value[USIM_API_SQN_SIZE], macs);
LOG_TRACE(DEBUG, "USIM-API - MACS %02X%02X%02X%02X%02X%02X%02X%02X",
macs[0],macs[1],macs[2],macs[3],
macs[4],macs[5],macs[6],macs[7]);
/* Synchronisation authentication token:
* AUTS = Conc(SQNMS) || MACS */
memcpy(&auts_pP->value[0], sqnms, USIM_API_SQNMS_SIZE);
memcpy(&auts_pP->value[USIM_API_SQNMS_SIZE], macs, USIM_API_MACS_SIZE);
auts_pP->length = USIM_API_SQNMS_SIZE + USIM_API_MACS_SIZE;
LOG_FUNC_RETURN (RETURNerror);
}
LOG_FUNC_RETURN (RETURNok);
}
/****************************************************************************
** **
** Name: usim_api_authenticate() **
......
......@@ -334,6 +334,8 @@ typedef struct {
usim_epsloci_t epsloci;
/* Non-Access Stratum configuration */
usim_nasconfig_t nasconfig;
/* usim test mode */
uint8_t usimtestmode;
} usim_data_t;
/****************************************************************************/
......@@ -351,5 +353,8 @@ int usim_api_write(const usim_data_t* data);
int usim_api_authenticate(const OctetString* rand, const OctetString* autn,
OctetString* auts, OctetString* res,
OctetString* ck, OctetString* ik);
int usim_api_authenticate_test(const OctetString* rand, const OctetString* autn,
OctetString* auts, OctetString* res,
OctetString* ck, OctetString* ik);
#endif /* __USIM_API_H__*/
......@@ -86,6 +86,8 @@ extern void *_emm_service_t3417_handler(void *);
extern void *_emm_detach_t3421_handler(void *);
extern void *_emm_tau_t3430_handler(void *);
extern uint8_t usim_test;
/****************************************************************************/
/******************* L O C A L D E F I N I T I O N S *******************/
/****************************************************************************/
......@@ -240,7 +242,14 @@ int emm_proc_authentication_request(int native_ksi, int ksi,
* of the core network by means of the received AUTN parameter and
* request the USIM to compute RES, CK and IK for given RAND
*/
rc = usim_api_authenticate(rand, autn, &auts, &res, &ck, &ik);
if(usim_test == 0)
{
rc = usim_api_authenticate(rand, autn, &auts, &res, &ck, &ik);
}
else
{
rc = usim_api_authenticate_test(rand, autn, &auts, &res, &ck, &ik); // XOR algo for autentication on usim test mode
}
}
if (rc != RETURNok) {
......
......@@ -62,6 +62,7 @@ Description Implements the EPS Mobility Management procedures executed
/****************************************************************************/
/**************** E X T E R N A L D E F I N I T I O N S ****************/
/****************************************************************************/
extern uint8_t usim_test;
/****************************************************************************/
/******************* L O C A L D E F I N I T I O N S *******************/
......@@ -116,7 +117,14 @@ int EmmDeregisteredNormalService(const emm_reg_t *evt)
/*
* Initiate the attach procedure for EPS services
*/
rc = emm_proc_attach(EMM_ATTACH_TYPE_EPS);
if(usim_test == 0)
{
rc = emm_proc_attach(EMM_ATTACH_TYPE_EPS);
}
else
{
rc = emm_proc_attach(EMM_ATTACH_TYPE_IMSI); // CMW500 IMSI initial attach expected
}
break;
case _EMMREG_ATTACH_REQ:
......
......@@ -59,6 +59,7 @@ Description Defines the EPS Mobility Management procedure call manager,
/****************************************************************************/
/**************** E X T E R N A L D E F I N I T I O N S ****************/
/****************************************************************************/
extern uint8_t usim_test;
/****************************************************************************/
/******************* L O C A L D E F I N I T I O N S *******************/
......@@ -166,6 +167,7 @@ void emm_main_initialize(emm_indication_callback_t cb, const char *imei)
/*
* Get USIM application data
*/
_usim_data.usimtestmode = usim_test;
if ( usim_api_read(&_usim_data) != RETURNok ) {
/* The USIM application may not be present or not valid */
LOG_TRACE(WARNING, "EMM-MAIN - Failed to read USIM application data");
......
......@@ -212,6 +212,7 @@ char rf_config_file[1024];
int chain_offset=0;
int phy_test = 0;
uint8_t usim_test = 0;
char ref[128] = "internal";
......@@ -387,6 +388,7 @@ void help (void) {
printf(" --loop-memory get softmodem (UE) to loop through memory instead of acquiring from HW\n");
printf(" --mmapped-dma sets flag for improved EXMIMO UE performance\n");
printf(" --single-thread runs lte-softmodem in only one thread\n");
printf(" --usim-test use XOR autentication algo in case of test usim mode\n");
printf(" -C Set the downlink frequency for all component carriers\n");
printf(" -d Enable soft scope and L1 and L2 stats (Xforms)\n");
printf(" -F Calibrate the EXMIMO borad, available files: exmimo2_2arxg.lime exmimo2_2brxg.lime \n");
......@@ -693,6 +695,7 @@ static void get_options (int argc, char **argv)
LONG_OPTION_DUMP_FRAME,
LONG_OPTION_LOOPMEMORY,
LONG_OPTION_PHYTEST,
LONG_OPTION_USIMTEST,
LONG_OPTION_MMAPPED_DMA,
LONG_OPTION_SINGLE_THREAD,
#if T_TRACER
......@@ -719,6 +722,7 @@ static void get_options (int argc, char **argv)
{"ue-dump-frame", no_argument, NULL, LONG_OPTION_DUMP_FRAME},
{"loop-memory", required_argument, NULL, LONG_OPTION_LOOPMEMORY},
{"phy-test", no_argument, NULL, LONG_OPTION_PHYTEST},
{"usim-test", no_argument, NULL, LONG_OPTION_USIMTEST},
{"mmapped-dma", no_argument, NULL, LONG_OPTION_MMAPPED_DMA},
{"single-thread", no_argument, NULL, LONG_OPTION_SINGLE_THREAD},
#if T_TRACER
......@@ -818,6 +822,9 @@ static void get_options (int argc, char **argv)
phy_test = 1;
break;
case LONG_OPTION_USIMTEST:
usim_test = 1;
break;
case LONG_OPTION_MMAPPED_DMA:
mmapped_dma = 1;
break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment