def generate_authentication_info_answer_milenage(self, imsi, RAND=None):
serving_network_id = PLMN(val=self.plmn).to_bytes()
if len(serving_network_id) != 3:
print "Invalid SN_ID %s" % hexlify(serving_network_id).decode(
'ascii')
# Get provided subscriber key (k), authentication management field (amf) and operator variant configuration field (op) if imsi is found
K, AMF, OP, SQN, result = self.check_key_amf_op(imsi)
# Pack SQN from integer to buffer
SQNb = b'\0\0' + pack('>I', int(SQN))
# Generate challenge
if RAND is None or len(RAND) != 16:
RAND = urandom(16)
self.imsi_to_uecontext[imsi].set_rand(RAND)
# Compute milenage functions
milenage = Milenage(OP)
XRES, CK, IK, AK = milenage.f2345(K, RAND, OP)
MAC_A = milenage.f1(K, RAND, SQNb, AMF)
SQN_X_AK = xor_buf(SQNb, AK)
AUTN = SQN_X_AK + AMF + MAC_A
K_ASME = conv_A2(CK, IK, serving_network_id, SQN_X_AK)
# Store generated information
self.imsi_to_uecontext[imsi].set_ik(IK)
self.imsi_to_uecontext[imsi].set_ck(CK)
self.imsi_to_uecontext[imsi].set_ak(AK)
self.imsi_to_uecontext[imsi].set_xres(XRES)
self.imsi_to_uecontext[imsi].set_autn(AUTN)
print "\t [INFO] Generated Authentication vector for %s" % (imsi)
return RAND, XRES, AUTN, K_ASME
class FGSIDGUTI(Envelope):
_GEN = (
Uint('ind', val=0xf, bl=4, rep=REPR_HEX),
Uint('spare', bl=1),
Uint('Type', val=FGSIDTYPE_GUTI, bl=3, dic=FGSIDType_dict),
PLMN(),
Uint8('AMFRegionID'),
Uint('AMFSetID', bl=10),
Uint('AMFPtr', bl=6),
Uint32('5GTMSI', rep=REPR_HEX)
)
class SUPI_IMSI(Envelope):
_GEN = (
PLMN(),
BufBCD('RoutingInd', bl=16),
Uint('spare', bl=4, rep=REPR_HEX),
Uint('ProtSchemeID', bl=4, dic=_ProtSchemeID_dict),
Uint8('HNPKID'),
Alt('Output', GEN={
0 : BufBCD('IMSI'),
1 : SUCI_ECIESProfA(),
2 : SUCI_ECIESProfB()
},
DEFAULT=Buf('SUCI_UnkProf', rep=REPR_HEX),
sel=lambda self: self.get_env()[2].get_val())
)
def build_attach_accept_pdu(plmn, direction, k_nas_int, integrity_algorithm, k_nas_enc, ciphering_algorithm, assigned_ip):
# TODO: Replace al hardcoded values with parameters received from handler
# TODO: Manage multiple TAI
# Tracking Area Identity List
tai_list = PartialTAIList1(val={'Type':1,'PLMN': PLMN(val=plmn).to_bytes(), 'TAC0':1})
# ESM Message container
esm = ESMActDefaultEPSBearerCtxtRequest(val={'EPSBearerId': 5, 'PTI': 1, 'APN': [{'Value': 'acho.ipv4'}], 'APN_AMBR':{'DL':254, 'UL':254,'DLExt':222, 'ULExt':158}, 'ProtConfig':{'Ext':1}, 'PDNAddr':{'Addr':inet_aton_cn(1, assigned_ip)}})
#esm['PDNAddr']['V'].set_val(inet_aton_cn(1, assigned_ip))
# EPS Mobile identity - GUTI.
'''
encode(type, ident) sets the mobile identity with given type
type: IDTYPE_GUTI = 6
ident: 4-tuple (PLMN -string of digits-, MMEGroupID -uint16-, MMECode -uint8-, MTMSI -uint32-)
'''
eps_mob_id_guti = EPSID()
eps_mob_id_guti.encode(6, [PLMN(val=plmn).to_bytes(), 4, 1, 541709315])
# GPRS Timer
t_3402 = GPRSTimer(val={'Unit':1, 'Value':12})
# EMMAttachAccept
nas_pdu = EMMAttachAccept(val={'SecHdr': 0, 'EPSAttachResult':{'Value':1},'T3412':{'Unit':2, 'Value':9},'TAIList': tai_list.to_bytes(),'ESMContainer': esm.to_bytes(),'GUTI': eps_mob_id_guti.to_bytes(),'T3402': t_3402.to_bytes()})
nas_pdu['EPSAttachResult'][0].set_val(1)
#print show(nas_pdu['EPSAttachResult'])
# Integrity protected and ciphered
sec_nas_pdu = EMMSecProtNASMessage(val={'SecHdr': 2,'Seqn': 0,'NASMessage': nas_pdu.to_bytes()})
sec_nas_pdu.encrypt(k_nas_enc, direction, ciphering_algorithm, 0)
sec_nas_pdu.mac_compute(k_nas_int, direction, integrity_algorithm, 1)
return sec_nas_pdu
def build_s1setup_response(mme_plmn, mme_gid, mme_code, mme_capacity):
PDU = S1AP.S1AP_PDU_Descriptions.S1AP_PDU
# Mode GUMMEI dict can be added
ServedGUMMEIs = [
{
'servedPLMNs': [
PLMN(val=mme_plmn).to_bytes(),
], # add more PLMN in this 1st GUMMEI if needed
'servedGroupIDs': [
uint_to_bytes(mme_gid, 16),
], # add more MME Group ID in this 1st GUMMEI if needed
'servedMMECs': [
uint_to_bytes(mme_code, 8),
], # add more MME Code in this 1st GUMMEI if needed
},
]
S1SetupIEs = [
{
'id': 105,
'criticality': 'reject',
'value': ('ServedGUMMEIs', ServedGUMMEIs)
},
{
'id': 87,
'criticality': 'reject',
'value': ('RelativeMMECapacity', mme_capacity)
}, # add more optional IEs if needed
]
S1SetupVal = ('successfulOutcome', {
'procedureCode': 17,
'criticality': 'ignore',
'value': ('S1SetupResponse', {
'protocolIEs': S1SetupIEs
})
})
PDU.set_val(S1SetupVal)
return PDU.to_aper()
class FGSTAI(Envelope):
_name = '5GSTAI'
_GEN = (
PLMN(),
Uint24('TAC', rep=REPR_HEX)
)