From 1766e11076a52c8c6c45ce4c9c3950e81e7f9883 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Fri, 15 Jun 2018 13:28:23 +0100
Subject: [PATCH 01/25] Starting to add OP/OPc support.

---
 lib/include/srslte/common/security.h | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/include/srslte/common/security.h b/lib/include/srslte/common/security.h
index 5dc8a6305..4881abd96 100644
--- a/lib/include/srslte/common/security.h
+++ b/lib/include/srslte/common/security.h
@@ -58,7 +58,11 @@ typedef enum{
 static const char integrity_algorithm_id_text[INTEGRITY_ALGORITHM_ID_N_ITEMS][20] = {"EIA0",
                                                                                      "128-EIA1",
                                                                                      "128-EIA2"};
-
+typedef enum
+{
+  AUTH_OP,
+  AUTH_OPC
+} AUTH_OPERATOR_CODE_TYPE;
 
 /******************************************************************************
  * Key Generation
@@ -153,6 +157,7 @@ uint8_t security_128_eea2(uint8_t  *key,
  *****************************************************************************/
 
 uint8_t security_milenage_f1( uint8_t *k,
+                              AUTH_OPERATOR_CODE_TYPE opc_t,
                               uint8_t *op,
                               uint8_t *rand,
                               uint8_t *sqn,
@@ -160,6 +165,7 @@ uint8_t security_milenage_f1( uint8_t *k,
                               uint8_t *mac_a);
 
 uint8_t security_milenage_f1_star( uint8_t *k,
+                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                    uint8_t *op,
                                    uint8_t *rand,
                                    uint8_t *sqn,
@@ -167,6 +173,7 @@ uint8_t security_milenage_f1_star( uint8_t *k,
                                    uint8_t *mac_s);
 
 uint8_t security_milenage_f2345( uint8_t *k,
+                                 AUTH_OPERATOR_CODE_TYPE opc_t,
                                  uint8_t *op,
                                  uint8_t *rand,
                                  uint8_t *res,
@@ -175,11 +182,11 @@ uint8_t security_milenage_f2345( uint8_t *k,
                                  uint8_t *ak);
 
 uint8_t security_milenage_f5_star( uint8_t *k,
+                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                    uint8_t *op,
                                    uint8_t *rand,
                                    uint8_t *ak);
 
-
 } // namespace srslte
 
 #endif // SRSLTE_SECURITY_H

From 0eeb70bede2b80a6d8d00fac5d5898132470bd34 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 11:24:35 +0100
Subject: [PATCH 02/25] Adding OPc option to security functions.

---
 lib/include/srslte/common/liblte_security.h | 11 +++++++
 lib/include/srslte/common/security.h        |  8 +----
 lib/src/common/liblte_security.cc           |  4 +++
 lib/src/common/security.cc                  |  9 +++++-
 lib/test/common/test_f12345.cc              | 36 ++++++++++++---------
 srsue/hdr/upper/usim.h                      |  1 +
 srsue/src/upper/usim.cc                     |  2 ++
 7 files changed, 47 insertions(+), 24 deletions(-)

diff --git a/lib/include/srslte/common/liblte_security.h b/lib/include/srslte/common/liblte_security.h
index 8dc31f341..528baae3d 100644
--- a/lib/include/srslte/common/liblte_security.h
+++ b/lib/include/srslte/common/liblte_security.h
@@ -122,6 +122,13 @@ typedef enum{
 static const char liblte_security_integrity_algorithm_id_text[LIBLTE_SECURITY_INTEGRITY_ALGORITHM_ID_N_ITEMS][20] = {"EIA0",
                                                                                                                      "128-EIA1",
                                                                                                                      "128-EIA2"};
+
+typedef enum
+{
+  AUTH_OP,
+  AUTH_OPC
+}AUTH_OPERATOR_CODE_TYPE;
+
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_generate_k_nas(uint8                                       *k_asme,
@@ -278,6 +285,7 @@ LIBLTE_ERROR_ENUM liblte_security_decryption_eea2(uint8  *key,
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
+                                              AUTH_OPERATOR_CODE_TYPE opc_t,
                                               uint8 *op,
                                               uint8 *rand,
                                               uint8 *sqn,
@@ -299,6 +307,7 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
+                                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                                    uint8 *op,
                                                    uint8 *rand,
                                                    uint8 *sqn,
@@ -320,6 +329,7 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
+                                                 AUTH_OPERATOR_CODE_TYPE opc_t,
                                                  uint8 *op,
                                                  uint8 *rand,
                                                  uint8 *res,
@@ -341,6 +351,7 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
+                                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                                    uint8 *op,
                                                    uint8 *rand,
                                                    uint8 *ak);
diff --git a/lib/include/srslte/common/security.h b/lib/include/srslte/common/security.h
index 4881abd96..a8756dc83 100644
--- a/lib/include/srslte/common/security.h
+++ b/lib/include/srslte/common/security.h
@@ -33,7 +33,7 @@
 
 
 #include "srslte/common/common.h"
-
+#include "srslte/common/liblte_security.h"
 
 #define SECURITY_DIRECTION_UPLINK   0
 #define SECURITY_DIRECTION_DOWNLINK 1
@@ -58,12 +58,6 @@ typedef enum{
 static const char integrity_algorithm_id_text[INTEGRITY_ALGORITHM_ID_N_ITEMS][20] = {"EIA0",
                                                                                      "128-EIA1",
                                                                                      "128-EIA2"};
-typedef enum
-{
-  AUTH_OP,
-  AUTH_OPC
-} AUTH_OPERATOR_CODE_TYPE;
-
 /******************************************************************************
  * Key Generation
  *****************************************************************************/
diff --git a/lib/src/common/liblte_security.cc b/lib/src/common/liblte_security.cc
index d8f76bf2c..7debff2d5 100644
--- a/lib/src/common/liblte_security.cc
+++ b/lib/src/common/liblte_security.cc
@@ -1099,6 +1099,7 @@ LIBLTE_ERROR_ENUM liblte_security_decryption_eea2(uint8 *key,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
+                                              AUTH_OPERATOR_CODE_TYPE opc_t,
                                               uint8 *op,
                                               uint8 *rand,
                                               uint8 *sqn,
@@ -1188,6 +1189,7 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
+                                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                                    uint8 *op,
                                                    uint8 *rand,
                                                    uint8 *sqn,
@@ -1277,6 +1279,7 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
+                                                 AUTH_OPERATOR_CODE_TYPE opc_t,
                                                  uint8 *op,
                                                  uint8 *rand,
                                                  uint8 *res,
@@ -1391,6 +1394,7 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
+                                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                                    uint8 *op,
                                                    uint8 *rand,
                                                    uint8 *ak)
diff --git a/lib/src/common/security.cc b/lib/src/common/security.cc
index 63cd478c0..73a5e45c6 100644
--- a/lib/src/common/security.cc
+++ b/lib/src/common/security.cc
@@ -26,7 +26,6 @@
 
 
 #include "srslte/common/security.h"
-#include "srslte/common/liblte_security.h"
 #include "srslte/common/snow_3g.h"
 
 #ifdef HAVE_MBEDTLS
@@ -231,6 +230,7 @@ uint8_t security_128_eea2(uint8_t  *key,
  *****************************************************************************/
 
 uint8_t security_milenage_f1( uint8_t *k,
+                              AUTH_OPERATOR_CODE_TYPE opc_t,
                               uint8_t *op,
                               uint8_t *rand,
                               uint8_t *sqn,
@@ -238,6 +238,7 @@ uint8_t security_milenage_f1( uint8_t *k,
                               uint8_t *mac_a)
 {
   return liblte_security_milenage_f1(k,
+                                     opc_t,
                                      op,
                                      rand,
                                      sqn,
@@ -246,6 +247,7 @@ uint8_t security_milenage_f1( uint8_t *k,
 }
 
 uint8_t security_milenage_f1_star( uint8_t *k,
+                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                    uint8_t *op,
                                    uint8_t *rand,
                                    uint8_t *sqn,
@@ -253,6 +255,7 @@ uint8_t security_milenage_f1_star( uint8_t *k,
                                    uint8_t *mac_s)
 {
   return liblte_security_milenage_f1_star(k,
+                                          opc_t,
                                           op,
                                           rand,
                                           sqn,
@@ -261,6 +264,7 @@ uint8_t security_milenage_f1_star( uint8_t *k,
 }
 
 uint8_t security_milenage_f2345( uint8_t *k,
+                                 AUTH_OPERATOR_CODE_TYPE opc_t,
                                  uint8_t *op,
                                  uint8_t *rand,
                                  uint8_t *res,
@@ -269,6 +273,7 @@ uint8_t security_milenage_f2345( uint8_t *k,
                                  uint8_t *ak)
 {
   return liblte_security_milenage_f2345(k,
+                                        opc_t,
                                         op,
                                         rand,
                                         res,
@@ -278,11 +283,13 @@ uint8_t security_milenage_f2345( uint8_t *k,
 }
 
 uint8_t security_milenage_f5_star( uint8_t *k,
+                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                    uint8_t *op,
                                    uint8_t *rand,
                                    uint8_t *ak)
 {
   return liblte_security_milenage_f5_star(k,
+                                          opc_t,
                                           op,
                                           rand,
                                           ak);
diff --git a/lib/test/common/test_f12345.cc b/lib/test/common/test_f12345.cc
index 1c5375c43..7a210dd9c 100644
--- a/lib/test/common/test_f12345.cc
+++ b/lib/test/common/test_f12345.cc
@@ -49,8 +49,6 @@ void arrprint(uint8_t const * const a, uint32 len) {
 /*
  * Functions
  */
-
-
 void test_set_2()
 {
   LIBLTE_ERROR_ENUM err_lte = LIBLTE_ERROR_INVALID_INPUTS;
@@ -61,17 +59,18 @@ void test_set_2()
   uint8_t sqn[] = {0xff, 0x9b, 0xb4, 0xd0, 0xb6, 0x07};
   uint8_t amf[] = {0xb9, 0xb9};
   uint8_t op[] = {0xcd, 0xc2, 0x02, 0xd5, 0x12, 0x3e, 0x20, 0xf6, 0x2b, 0x6d, 0x67, 0x6a, 0xc7, 0x2c, 0xb3, 0x18};
-  // f1
 
-   uint8_t mac_o[8]; 
+  // f1
+  uint8_t mac_o[8];
   err_lte = liblte_security_milenage_f1(k,
+                                        AUTH_OP,
                                         op,
                                         rand,
                                         sqn,
                                         amf,
                                         mac_o);
+
   assert(err_lte == LIBLTE_SUCCESS);
-  
   arrprint(mac_o, sizeof(mac_o));
 
   uint8_t mac_a[] = {0x4a, 0x9f, 0xfa, 0xc3, 0x54, 0xdf, 0xaf, 0xb3};
@@ -80,10 +79,10 @@ void test_set_2()
   err_cmp = arrcmp(mac_o, mac_a, sizeof(mac_a));
   assert(err_cmp == 0);
 
-  // f1 star 
-
+  // f1 star
   uint8_t mac_so[8];
   err_lte = liblte_security_milenage_f1_star(k,
+                                   AUTH_OP,
                                    op,
                                    rand,
                                    sqn,
@@ -93,9 +92,9 @@ void test_set_2()
   assert(err_lte == LIBLTE_SUCCESS);
 
   uint8_t mac_s[] = {0x01, 0xcf, 0xaf, 0x9e, 0xc4, 0xe8, 0x71, 0xe9};
-  
+
   arrprint(mac_so, sizeof(mac_so));
-  
+
   err_cmp = arrcmp(mac_so, mac_s, sizeof(mac_s));
   assert(err_cmp == 0);
 
@@ -106,6 +105,7 @@ void test_set_2()
   uint8_t ak_o[6];
 
   err_lte = liblte_security_milenage_f2345(k,
+                                 AUTH_OP,
                                  op,
                                  rand,
                                  res_o,
@@ -126,7 +126,7 @@ void test_set_2()
   err_cmp = arrcmp(res_o, res, sizeof(res));
   assert(err_cmp == 0);
 
-  // CK 
+  // CK
   arrprint(ck_o, sizeof(ck_o));
 
   err_cmp = arrcmp(ck_o, ck, sizeof(ck));
@@ -142,10 +142,14 @@ void test_set_2()
   err_cmp = arrcmp(ak_o, ak, sizeof(ak));
   assert(err_cmp == 0);
 
-  // f star 
+  // f star
   uint8_t ak_star_o[6];
-  
-  err_lte = liblte_security_milenage_f5_star(k, op, rand, ak_star_o);
+
+  err_lte = liblte_security_milenage_f5_star(k,
+                                             AUTH_OP,
+                                             op,
+                                             rand,
+                                             ak_star_o);
   assert(err_lte == LIBLTE_SUCCESS);
 
   arrprint(ak_star_o, sizeof(ak_star_o));
@@ -156,12 +160,12 @@ void test_set_2()
 }
 
 /*
-  Own test sets 
+  Own test sets
 */
-
 int main(int argc, char * argv[]) {
-  /*
+
   test_set_2();
+  /*
   test_set_3();
   test_set_4();
   test_set_5();
diff --git a/srsue/hdr/upper/usim.h b/srsue/hdr/upper/usim.h
index f36ae545f..b91cc599b 100644
--- a/srsue/hdr/upper/usim.h
+++ b/srsue/hdr/upper/usim.h
@@ -109,6 +109,7 @@ private:
   // User data
   auth_algo_t auth_algo;
   uint8_t     amf[2];  // 3GPP 33.102 v10.0.0 Annex H
+  AUTH_OPERATOR_CODE_TYPE opc_t;
   uint8_t     op[16];
   uint64_t    imsi;
   uint64_t    imei;
diff --git a/srsue/src/upper/usim.cc b/srsue/src/upper/usim.cc
index af3cb3fbb..7227633c6 100644
--- a/srsue/src/upper/usim.cc
+++ b/srsue/src/upper/usim.cc
@@ -341,6 +341,7 @@ auth_result_t usim::gen_auth_res_milenage(uint8_t  *rand,
 
   // Use RAND and K to compute RES, CK, IK and AK
   security_milenage_f2345( k,
+                           opc_t,
                            op,
                            rand,
                            res,
@@ -363,6 +364,7 @@ auth_result_t usim::gen_auth_res_milenage(uint8_t  *rand,
 
   // Generate MAC
   security_milenage_f1( k,
+                        opc_t,
                         op,
                         rand,
                         sqn,

From e3d1cff4a332d2bb42ad9360caaf03fc25680817 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 11:29:40 +0100
Subject: [PATCH 03/25] Revert "Adding OPc option to security functions."

This reverts commit 0eeb70bede2b80a6d8d00fac5d5898132470bd34.
---
 lib/include/srslte/common/liblte_security.h | 11 -------
 lib/include/srslte/common/security.h        |  8 ++++-
 lib/src/common/liblte_security.cc           |  4 ---
 lib/src/common/security.cc                  |  9 +-----
 lib/test/common/test_f12345.cc              | 36 +++++++++------------
 srsue/hdr/upper/usim.h                      |  1 -
 srsue/src/upper/usim.cc                     |  2 --
 7 files changed, 24 insertions(+), 47 deletions(-)

diff --git a/lib/include/srslte/common/liblte_security.h b/lib/include/srslte/common/liblte_security.h
index 528baae3d..8dc31f341 100644
--- a/lib/include/srslte/common/liblte_security.h
+++ b/lib/include/srslte/common/liblte_security.h
@@ -122,13 +122,6 @@ typedef enum{
 static const char liblte_security_integrity_algorithm_id_text[LIBLTE_SECURITY_INTEGRITY_ALGORITHM_ID_N_ITEMS][20] = {"EIA0",
                                                                                                                      "128-EIA1",
                                                                                                                      "128-EIA2"};
-
-typedef enum
-{
-  AUTH_OP,
-  AUTH_OPC
-}AUTH_OPERATOR_CODE_TYPE;
-
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_generate_k_nas(uint8                                       *k_asme,
@@ -285,7 +278,6 @@ LIBLTE_ERROR_ENUM liblte_security_decryption_eea2(uint8  *key,
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
-                                              AUTH_OPERATOR_CODE_TYPE opc_t,
                                               uint8 *op,
                                               uint8 *rand,
                                               uint8 *sqn,
@@ -307,7 +299,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
-                                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                                    uint8 *op,
                                                    uint8 *rand,
                                                    uint8 *sqn,
@@ -329,7 +320,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
-                                                 AUTH_OPERATOR_CODE_TYPE opc_t,
                                                  uint8 *op,
                                                  uint8 *rand,
                                                  uint8 *res,
@@ -351,7 +341,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
 // Structs
 // Functions
 LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
-                                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                                    uint8 *op,
                                                    uint8 *rand,
                                                    uint8 *ak);
diff --git a/lib/include/srslte/common/security.h b/lib/include/srslte/common/security.h
index a8756dc83..4881abd96 100644
--- a/lib/include/srslte/common/security.h
+++ b/lib/include/srslte/common/security.h
@@ -33,7 +33,7 @@
 
 
 #include "srslte/common/common.h"
-#include "srslte/common/liblte_security.h"
+
 
 #define SECURITY_DIRECTION_UPLINK   0
 #define SECURITY_DIRECTION_DOWNLINK 1
@@ -58,6 +58,12 @@ typedef enum{
 static const char integrity_algorithm_id_text[INTEGRITY_ALGORITHM_ID_N_ITEMS][20] = {"EIA0",
                                                                                      "128-EIA1",
                                                                                      "128-EIA2"};
+typedef enum
+{
+  AUTH_OP,
+  AUTH_OPC
+} AUTH_OPERATOR_CODE_TYPE;
+
 /******************************************************************************
  * Key Generation
  *****************************************************************************/
diff --git a/lib/src/common/liblte_security.cc b/lib/src/common/liblte_security.cc
index 7debff2d5..d8f76bf2c 100644
--- a/lib/src/common/liblte_security.cc
+++ b/lib/src/common/liblte_security.cc
@@ -1099,7 +1099,6 @@ LIBLTE_ERROR_ENUM liblte_security_decryption_eea2(uint8 *key,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
-                                              AUTH_OPERATOR_CODE_TYPE opc_t,
                                               uint8 *op,
                                               uint8 *rand,
                                               uint8 *sqn,
@@ -1189,7 +1188,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
-                                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                                    uint8 *op,
                                                    uint8 *rand,
                                                    uint8 *sqn,
@@ -1279,7 +1277,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
-                                                 AUTH_OPERATOR_CODE_TYPE opc_t,
                                                  uint8 *op,
                                                  uint8 *rand,
                                                  uint8 *res,
@@ -1394,7 +1391,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
-                                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                                    uint8 *op,
                                                    uint8 *rand,
                                                    uint8 *ak)
diff --git a/lib/src/common/security.cc b/lib/src/common/security.cc
index 73a5e45c6..63cd478c0 100644
--- a/lib/src/common/security.cc
+++ b/lib/src/common/security.cc
@@ -26,6 +26,7 @@
 
 
 #include "srslte/common/security.h"
+#include "srslte/common/liblte_security.h"
 #include "srslte/common/snow_3g.h"
 
 #ifdef HAVE_MBEDTLS
@@ -230,7 +231,6 @@ uint8_t security_128_eea2(uint8_t  *key,
  *****************************************************************************/
 
 uint8_t security_milenage_f1( uint8_t *k,
-                              AUTH_OPERATOR_CODE_TYPE opc_t,
                               uint8_t *op,
                               uint8_t *rand,
                               uint8_t *sqn,
@@ -238,7 +238,6 @@ uint8_t security_milenage_f1( uint8_t *k,
                               uint8_t *mac_a)
 {
   return liblte_security_milenage_f1(k,
-                                     opc_t,
                                      op,
                                      rand,
                                      sqn,
@@ -247,7 +246,6 @@ uint8_t security_milenage_f1( uint8_t *k,
 }
 
 uint8_t security_milenage_f1_star( uint8_t *k,
-                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                    uint8_t *op,
                                    uint8_t *rand,
                                    uint8_t *sqn,
@@ -255,7 +253,6 @@ uint8_t security_milenage_f1_star( uint8_t *k,
                                    uint8_t *mac_s)
 {
   return liblte_security_milenage_f1_star(k,
-                                          opc_t,
                                           op,
                                           rand,
                                           sqn,
@@ -264,7 +261,6 @@ uint8_t security_milenage_f1_star( uint8_t *k,
 }
 
 uint8_t security_milenage_f2345( uint8_t *k,
-                                 AUTH_OPERATOR_CODE_TYPE opc_t,
                                  uint8_t *op,
                                  uint8_t *rand,
                                  uint8_t *res,
@@ -273,7 +269,6 @@ uint8_t security_milenage_f2345( uint8_t *k,
                                  uint8_t *ak)
 {
   return liblte_security_milenage_f2345(k,
-                                        opc_t,
                                         op,
                                         rand,
                                         res,
@@ -283,13 +278,11 @@ uint8_t security_milenage_f2345( uint8_t *k,
 }
 
 uint8_t security_milenage_f5_star( uint8_t *k,
-                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                    uint8_t *op,
                                    uint8_t *rand,
                                    uint8_t *ak)
 {
   return liblte_security_milenage_f5_star(k,
-                                          opc_t,
                                           op,
                                           rand,
                                           ak);
diff --git a/lib/test/common/test_f12345.cc b/lib/test/common/test_f12345.cc
index 7a210dd9c..1c5375c43 100644
--- a/lib/test/common/test_f12345.cc
+++ b/lib/test/common/test_f12345.cc
@@ -49,6 +49,8 @@ void arrprint(uint8_t const * const a, uint32 len) {
 /*
  * Functions
  */
+
+
 void test_set_2()
 {
   LIBLTE_ERROR_ENUM err_lte = LIBLTE_ERROR_INVALID_INPUTS;
@@ -59,18 +61,17 @@ void test_set_2()
   uint8_t sqn[] = {0xff, 0x9b, 0xb4, 0xd0, 0xb6, 0x07};
   uint8_t amf[] = {0xb9, 0xb9};
   uint8_t op[] = {0xcd, 0xc2, 0x02, 0xd5, 0x12, 0x3e, 0x20, 0xf6, 0x2b, 0x6d, 0x67, 0x6a, 0xc7, 0x2c, 0xb3, 0x18};
-
   // f1
-  uint8_t mac_o[8];
+
+   uint8_t mac_o[8]; 
   err_lte = liblte_security_milenage_f1(k,
-                                        AUTH_OP,
                                         op,
                                         rand,
                                         sqn,
                                         amf,
                                         mac_o);
-
   assert(err_lte == LIBLTE_SUCCESS);
+  
   arrprint(mac_o, sizeof(mac_o));
 
   uint8_t mac_a[] = {0x4a, 0x9f, 0xfa, 0xc3, 0x54, 0xdf, 0xaf, 0xb3};
@@ -79,10 +80,10 @@ void test_set_2()
   err_cmp = arrcmp(mac_o, mac_a, sizeof(mac_a));
   assert(err_cmp == 0);
 
-  // f1 star
+  // f1 star 
+
   uint8_t mac_so[8];
   err_lte = liblte_security_milenage_f1_star(k,
-                                   AUTH_OP,
                                    op,
                                    rand,
                                    sqn,
@@ -92,9 +93,9 @@ void test_set_2()
   assert(err_lte == LIBLTE_SUCCESS);
 
   uint8_t mac_s[] = {0x01, 0xcf, 0xaf, 0x9e, 0xc4, 0xe8, 0x71, 0xe9};
-
+  
   arrprint(mac_so, sizeof(mac_so));
-
+  
   err_cmp = arrcmp(mac_so, mac_s, sizeof(mac_s));
   assert(err_cmp == 0);
 
@@ -105,7 +106,6 @@ void test_set_2()
   uint8_t ak_o[6];
 
   err_lte = liblte_security_milenage_f2345(k,
-                                 AUTH_OP,
                                  op,
                                  rand,
                                  res_o,
@@ -126,7 +126,7 @@ void test_set_2()
   err_cmp = arrcmp(res_o, res, sizeof(res));
   assert(err_cmp == 0);
 
-  // CK
+  // CK 
   arrprint(ck_o, sizeof(ck_o));
 
   err_cmp = arrcmp(ck_o, ck, sizeof(ck));
@@ -142,14 +142,10 @@ void test_set_2()
   err_cmp = arrcmp(ak_o, ak, sizeof(ak));
   assert(err_cmp == 0);
 
-  // f star
+  // f star 
   uint8_t ak_star_o[6];
-
-  err_lte = liblte_security_milenage_f5_star(k,
-                                             AUTH_OP,
-                                             op,
-                                             rand,
-                                             ak_star_o);
+  
+  err_lte = liblte_security_milenage_f5_star(k, op, rand, ak_star_o);
   assert(err_lte == LIBLTE_SUCCESS);
 
   arrprint(ak_star_o, sizeof(ak_star_o));
@@ -160,12 +156,12 @@ void test_set_2()
 }
 
 /*
-  Own test sets
+  Own test sets 
 */
-int main(int argc, char * argv[]) {
 
-  test_set_2();
+int main(int argc, char * argv[]) {
   /*
+  test_set_2();
   test_set_3();
   test_set_4();
   test_set_5();
diff --git a/srsue/hdr/upper/usim.h b/srsue/hdr/upper/usim.h
index b91cc599b..f36ae545f 100644
--- a/srsue/hdr/upper/usim.h
+++ b/srsue/hdr/upper/usim.h
@@ -109,7 +109,6 @@ private:
   // User data
   auth_algo_t auth_algo;
   uint8_t     amf[2];  // 3GPP 33.102 v10.0.0 Annex H
-  AUTH_OPERATOR_CODE_TYPE opc_t;
   uint8_t     op[16];
   uint64_t    imsi;
   uint64_t    imei;
diff --git a/srsue/src/upper/usim.cc b/srsue/src/upper/usim.cc
index 7227633c6..af3cb3fbb 100644
--- a/srsue/src/upper/usim.cc
+++ b/srsue/src/upper/usim.cc
@@ -341,7 +341,6 @@ auth_result_t usim::gen_auth_res_milenage(uint8_t  *rand,
 
   // Use RAND and K to compute RES, CK, IK and AK
   security_milenage_f2345( k,
-                           opc_t,
                            op,
                            rand,
                            res,
@@ -364,7 +363,6 @@ auth_result_t usim::gen_auth_res_milenage(uint8_t  *rand,
 
   // Generate MAC
   security_milenage_f1( k,
-                        opc_t,
                         op,
                         rand,
                         sqn,

From 02bc1c9956583241d170b85e0018fd5527f7048a Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 11:34:45 +0100
Subject: [PATCH 04/25] Revert "Starting to add OP/OPc support."

This reverts commit 1766e11076a52c8c6c45ce4c9c3950e81e7f9883.
---
 lib/include/srslte/common/security.h | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/lib/include/srslte/common/security.h b/lib/include/srslte/common/security.h
index 4881abd96..5dc8a6305 100644
--- a/lib/include/srslte/common/security.h
+++ b/lib/include/srslte/common/security.h
@@ -58,11 +58,7 @@ typedef enum{
 static const char integrity_algorithm_id_text[INTEGRITY_ALGORITHM_ID_N_ITEMS][20] = {"EIA0",
                                                                                      "128-EIA1",
                                                                                      "128-EIA2"};
-typedef enum
-{
-  AUTH_OP,
-  AUTH_OPC
-} AUTH_OPERATOR_CODE_TYPE;
+
 
 /******************************************************************************
  * Key Generation
@@ -157,7 +153,6 @@ uint8_t security_128_eea2(uint8_t  *key,
  *****************************************************************************/
 
 uint8_t security_milenage_f1( uint8_t *k,
-                              AUTH_OPERATOR_CODE_TYPE opc_t,
                               uint8_t *op,
                               uint8_t *rand,
                               uint8_t *sqn,
@@ -165,7 +160,6 @@ uint8_t security_milenage_f1( uint8_t *k,
                               uint8_t *mac_a);
 
 uint8_t security_milenage_f1_star( uint8_t *k,
-                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                    uint8_t *op,
                                    uint8_t *rand,
                                    uint8_t *sqn,
@@ -173,7 +167,6 @@ uint8_t security_milenage_f1_star( uint8_t *k,
                                    uint8_t *mac_s);
 
 uint8_t security_milenage_f2345( uint8_t *k,
-                                 AUTH_OPERATOR_CODE_TYPE opc_t,
                                  uint8_t *op,
                                  uint8_t *rand,
                                  uint8_t *res,
@@ -182,11 +175,11 @@ uint8_t security_milenage_f2345( uint8_t *k,
                                  uint8_t *ak);
 
 uint8_t security_milenage_f5_star( uint8_t *k,
-                                   AUTH_OPERATOR_CODE_TYPE opc_t,
                                    uint8_t *op,
                                    uint8_t *rand,
                                    uint8_t *ak);
 
+
 } // namespace srslte
 
 #endif // SRSLTE_SECURITY_H

From aec0f3f5ace079ffb5c338d1ba038eceb96eba21 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 11:58:40 +0100
Subject: [PATCH 05/25] Starting to change f* to expect OPc. Making compute_OPc
 public function.

---
 lib/src/common/liblte_security.cc | 72 ++++++++++---------------------
 1 file changed, 22 insertions(+), 50 deletions(-)

diff --git a/lib/src/common/liblte_security.cc b/lib/src/common/liblte_security.cc
index d8f76bf2c..7045ff2ac 100644
--- a/lib/src/common/liblte_security.cc
+++ b/lib/src/common/liblte_security.cc
@@ -1099,7 +1099,7 @@ LIBLTE_ERROR_ENUM liblte_security_decryption_eea2(uint8 *key,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
-                                              uint8 *op,
+                                              uint8 *op_c,
                                               uint8 *rand,
                                               uint8 *sqn,
                                               uint8 *amf,
@@ -1108,13 +1108,13 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
     LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
     ROUND_KEY_STRUCT  round_keys;
     uint32            i;
-    uint8             op_c[16];
     uint8             temp[16];
     uint8             in1[16];
     uint8             out1[16];
     uint8             rijndael_input[16];
 
     if(k     != NULL &&
+       op_c  != NULL &&
        rand  != NULL &&
        sqn   != NULL &&
        amf   != NULL &&
@@ -1123,14 +1123,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
         // Initialize the round keys
         rijndael_key_schedule(k, &round_keys);
 
-        // Compute OPc
-        for(i=0;i<16;i++)
-        {
-            op_c[i] = op[i];
-        }
-
-        //compute_OPc(&round_keys, op, op_c);
-
         // Compute temp
         for(i=0; i<16; i++)
         {
@@ -1188,7 +1180,7 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1(uint8 *k,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
-                                                   uint8 *op,
+                                                   uint8 *op_c,
                                                    uint8 *rand,
                                                    uint8 *sqn,
                                                    uint8 *amf,
@@ -1197,13 +1189,13 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
     LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
     ROUND_KEY_STRUCT  round_keys;
     uint32            i;
-    uint8             op_c[16];
     uint8             temp[16];
     uint8             in1[16];
     uint8             out1[16];
     uint8             rijndael_input[16];
 
     if(k     != NULL &&
+       op_c  != NULL &&
        rand  != NULL &&
        sqn   != NULL &&
        amf   != NULL &&
@@ -1212,14 +1204,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
         // Initialize the round keys
         rijndael_key_schedule(k, &round_keys);
 
-        for(i=0;i<16;i++)
-        {
-          op_c[i] = op[i];
-        }
-
-        // Compute OPc
-        //compute_OPc(&round_keys, op, op_c);
-
         // Compute temp
         for(i=0; i<16; i++)
         {
@@ -1277,7 +1261,7 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f1_star(uint8 *k,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
-                                                 uint8 *op,
+                                                 uint8 *op_c,
                                                  uint8 *rand,
                                                  uint8 *res,
                                                  uint8 *ck,
@@ -1287,12 +1271,12 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
     LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
     ROUND_KEY_STRUCT  round_keys;
     uint32            i;
-    uint8             op_c[16];
     uint8             temp[16];
     uint8             out[16];
     uint8             rijndael_input[16];
 
     if(k    != NULL &&
+       op_c != NULL &&
        rand != NULL &&
        res  != NULL &&
        ck   != NULL &&
@@ -1302,12 +1286,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
         // Initialize the round keys
         rijndael_key_schedule(k, &round_keys);
 
-        // Compute OPc
-        //compute_OPc(&round_keys, op, op_c);
-        for(i=0;i<16;i++)
-        {
-          op_c[i] = op[i];
-        }
         // Compute temp
         for(i=0; i<16; i++)
         {
@@ -1391,7 +1369,7 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f2345(uint8 *k,
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
 LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
-                                                   uint8 *op,
+                                                   uint8 *op_c,
                                                    uint8 *rand,
                                                    uint8 *ak)
 {
@@ -1404,19 +1382,13 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
     uint8             rijndael_input[16];
 
     if(k    != NULL &&
+       op_c != NULL &&
        rand != NULL &&
        ak   != NULL)
     {
         // Initialize the round keys
         rijndael_key_schedule(k, &round_keys);
 
-        // Compute OPc
-        //compute_OPc(&round_keys, op, op_c);
-        for(i=0;i<16;i++)
-        {
-            op_c[i] = op[i];
-        }
-
         // Compute temp
         for(i=0; i<16; i++)
         {
@@ -1441,17 +1413,11 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
         {
             ak[i] = out[i];
         }
-
         err = LIBLTE_SUCCESS;
     }
-
     return(err);
 }
 
-/*******************************************************************************
-                              LOCAL FUNCTIONS
-*******************************************************************************/
-
 /*********************************************************************
     Name: compute_OPc
 
@@ -1459,19 +1425,25 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
 
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
-void compute_OPc(ROUND_KEY_STRUCT *rk,
+void compute_OPc(uint8            *k,
                  uint8            *op,
                  uint8            *op_c)
 {
-    uint32 i;
-
-    rijndael_encrypt(op, rk, op_c);
-    for(i=0; i<16; i++)
-    {
-        op_c[i] ^= op[i];
-    }
+  uint32 i;
+  ROUND_KEY_STRUCT round_keys;
+  rijndael_key_schedule(k, &round_keys);
+  rijndael_encrypt(op, round_keys, op_c);
+  for(i=0; i<16; i++)
+  {
+    op_c[i] ^= op[i];
+  }
 }
 
+/*******************************************************************************
+                              LOCAL FUNCTIONS
+*******************************************************************************/
+
+
 /*********************************************************************
     Name: rijndael_key_schedule
 

From 721be55f4fcc114dfc1f82d28f16218002cd735e Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 12:07:22 +0100
Subject: [PATCH 06/25] Fixing compute_OPc compilation issue.

---
 lib/src/common/liblte_security.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/src/common/liblte_security.cc b/lib/src/common/liblte_security.cc
index 7045ff2ac..14514320d 100644
--- a/lib/src/common/liblte_security.cc
+++ b/lib/src/common/liblte_security.cc
@@ -1376,7 +1376,6 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
     LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
     ROUND_KEY_STRUCT  round_keys;
     uint32            i;
-    uint8             op_c[16];
     uint8             temp[16];
     uint8             out[16];
     uint8             rijndael_input[16];
@@ -1432,7 +1431,7 @@ void compute_OPc(uint8            *k,
   uint32 i;
   ROUND_KEY_STRUCT round_keys;
   rijndael_key_schedule(k, &round_keys);
-  rijndael_encrypt(op, round_keys, op_c);
+  rijndael_encrypt(op, &round_keys, op_c);
   for(i=0; i<16; i++)
   {
     op_c[i] ^= op[i];

From ea5445f99987ba1017bc0f01dc769ee3db2d1ad6 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 14:49:07 +0100
Subject: [PATCH 07/25] Adding options for OP and OPc in the UE. They cannot be
 simultanoulsy set.

---
 srsue/hdr/upper/usim_base.h |  2 ++
 srsue/src/main.cc           | 24 ++++++++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/srsue/hdr/upper/usim_base.h b/srsue/hdr/upper/usim_base.h
index 9af01b8b6..b9a6ee44c 100644
--- a/srsue/hdr/upper/usim_base.h
+++ b/srsue/hdr/upper/usim_base.h
@@ -43,7 +43,9 @@ typedef enum{
 typedef struct{
   std::string mode;
   std::string algo;
+  bool using_op;
   std::string op;
+  std::string opc;
   std::string imsi;
   std::string imei;
   std::string k;
diff --git a/srsue/src/main.cc b/srsue/src/main.cc
index bf624c432..eb9bd673b 100644
--- a/srsue/src/main.cc
+++ b/srsue/src/main.cc
@@ -129,13 +129,14 @@ void parse_args(all_args_t *args, int argc, char *argv[]) {
 
     ("usim.mode", bpo::value<string>(&args->usim.mode)->default_value("soft"), "USIM mode (soft or pcsc)")
     ("usim.algo", bpo::value<string>(&args->usim.algo), "USIM authentication algorithm")
-    ("usim.opc", bpo::value<string>(&args->usim.op), "USIM operator ciphered variant")
+    ("usim.op", bpo::value<string>(&args->usim.op), "USIM operator code")
+    ("usim.opc", bpo::value<string>(&args->usim.op), "USIM operator code (ciphered variant)")
     ("usim.imsi", bpo::value<string>(&args->usim.imsi), "USIM IMSI")
     ("usim.imei", bpo::value<string>(&args->usim.imei), "USIM IMEI")
     ("usim.k", bpo::value<string>(&args->usim.k), "USIM K")
     ("usim.pin", bpo::value<string>(&args->usim.pin), "PIN in case real SIM card is used")
     ("usim.reader", bpo::value<string>(&args->usim.reader)->default_value(""), "Force specifiy PCSC reader. Default: Try all available readers.")
-
+    
     /* Expert section */
     ("expert.ip_netmask",
      bpo::value<string>(&args->expert.ip_netmask)->default_value("255.255.255.0"),
@@ -359,9 +360,28 @@ void parse_args(all_args_t *args, int argc, char *argv[]) {
     cout << "Failed to read configuration file " << config_file << " - exiting" << endl;
     exit(1);
   }
+
   bpo::store(bpo::parse_config_file(conf, common), vm);
   bpo::notify(vm);
 
+  //Check conflicting OP/OPc options and which is being used
+  if (vm.count("usim.op") && !vm["usim.op"].defaulted() &&
+      vm.count("usim.opc") && !vm["usim.opc"].defaulted())
+  {
+    cout << "Conflicting options OP and OPc. Please configure either one or the other." << endl;
+    exit(1);
+  }
+  else
+  {
+    if(vm["usim.op"].defaulted()){
+      args->usim.using_op = true;
+    }
+    else{
+      args->usim.using_op = false;
+    }
+  }
+
+  cout << vm.count("usim.op") <<endl;
   // Apply all_level to any unset layers
   if (vm.count("log.all_level")) {
     if (!vm.count("log.phy_level")) {

From 75c5e476f1c87a80ce7397d5fe1092f16fa8a90e Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 15:19:04 +0100
Subject: [PATCH 08/25] Added OPc option to UE. (needs testing.)

---
 lib/include/srslte/common/liblte_security.h | 11 +++++++
 lib/include/srslte/common/security.h        |  3 ++
 lib/src/common/liblte_security.cc           | 27 +++++++++++-----
 lib/src/common/security.cc                  |  8 +++++
 srsue/hdr/upper/usim.h                      |  1 +
 srsue/src/upper/usim.cc                     | 34 ++++++++++++++-------
 6 files changed, 65 insertions(+), 19 deletions(-)

diff --git a/lib/include/srslte/common/liblte_security.h b/lib/include/srslte/common/liblte_security.h
index 8dc31f341..b82168696 100644
--- a/lib/include/srslte/common/liblte_security.h
+++ b/lib/include/srslte/common/liblte_security.h
@@ -52,6 +52,17 @@
                               DECLARATIONS
 *******************************************************************************/
 
+/*********************************************************************
+    Name: compute_OPc
+
+    Description: Computes OPc from OP and K.
+
+    Document Reference: 35.206 v10.0.0 Annex 3
+*********************************************************************/
+LIBLTE_ERROR_ENUM liblte_compute_opc(uint8            *k,
+                                     uint8            *op,
+                                     uint8            *op_c);
+
 /*********************************************************************
     Name: liblte_security_generate_k_asme
 
diff --git a/lib/include/srslte/common/security.h b/lib/include/srslte/common/security.h
index 5dc8a6305..29bd6000c 100644
--- a/lib/include/srslte/common/security.h
+++ b/lib/include/srslte/common/security.h
@@ -151,6 +151,9 @@ uint8_t security_128_eea2(uint8_t  *key,
 /******************************************************************************
  * Authentication
  *****************************************************************************/
+uint8_t compute_opc( uint8_t *k,
+                       uint8_t *op,
+                       uint8_t *opc);
 
 uint8_t security_milenage_f1( uint8_t *k,
                               uint8_t *op,
diff --git a/lib/src/common/liblte_security.cc b/lib/src/common/liblte_security.cc
index 14514320d..5723afe00 100644
--- a/lib/src/common/liblte_security.cc
+++ b/lib/src/common/liblte_security.cc
@@ -1418,24 +1418,35 @@ LIBLTE_ERROR_ENUM liblte_security_milenage_f5_star(uint8 *k,
 }
 
 /*********************************************************************
-    Name: compute_OPc
+    Name: liblte_compute_opc
 
     Description: Computes OPc from OP and K.
 
     Document Reference: 35.206 v10.0.0 Annex 3
 *********************************************************************/
-void compute_OPc(uint8            *k,
-                 uint8            *op,
-                 uint8            *op_c)
+
+LIBLTE_ERROR_ENUM liblte_compute_opc(uint8            *k,
+                                     uint8            *op,
+                                     uint8            *op_c)
 {
   uint32 i;
   ROUND_KEY_STRUCT round_keys;
-  rijndael_key_schedule(k, &round_keys);
-  rijndael_encrypt(op, &round_keys, op_c);
-  for(i=0; i<16; i++)
+  LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
+
+  if(k    != NULL &&
+     op   != NULL &&
+     op_c  != NULL)
   {
-    op_c[i] ^= op[i];
+
+    rijndael_key_schedule(k, &round_keys);
+    rijndael_encrypt(op, &round_keys, op_c);
+    for(i=0; i<16; i++)
+    {
+      op_c[i] ^= op[i];
+    }
+    err = LIBLTE_SUCCESS;
   }
+  return err;
 }
 
 /*******************************************************************************
diff --git a/lib/src/common/security.cc b/lib/src/common/security.cc
index 63cd478c0..65ef5e0c4 100644
--- a/lib/src/common/security.cc
+++ b/lib/src/common/security.cc
@@ -229,6 +229,14 @@ uint8_t security_128_eea2(uint8_t  *key,
 /******************************************************************************
  * Authentication
  *****************************************************************************/
+uint8_t compute_opc( uint8_t *k,
+                     uint8_t *op,
+                     uint8_t *opc)
+{
+  return liblte_compute_opc(k,
+                            op,
+                            opc);
+}
 
 uint8_t security_milenage_f1( uint8_t *k,
                               uint8_t *op,
diff --git a/srsue/hdr/upper/usim.h b/srsue/hdr/upper/usim.h
index f36ae545f..ce42e3022 100644
--- a/srsue/hdr/upper/usim.h
+++ b/srsue/hdr/upper/usim.h
@@ -110,6 +110,7 @@ private:
   auth_algo_t auth_algo;
   uint8_t     amf[2];  // 3GPP 33.102 v10.0.0 Annex H
   uint8_t     op[16];
+  uint8_t     opc[16];
   uint64_t    imsi;
   uint64_t    imei;
   uint8_t     k[16];
diff --git a/srsue/src/upper/usim.cc b/srsue/src/upper/usim.cc
index af3cb3fbb..b90f65d8a 100644
--- a/srsue/src/upper/usim.cc
+++ b/srsue/src/upper/usim.cc
@@ -46,11 +46,30 @@ int usim::init(usim_args_t *args, srslte::log *usim_log_)
   const char *imei_c = args->imei.c_str();
   uint32_t    i;
 
-  if(32 == args->op.length()) {
-    str_to_hex(args->op, op);
+  if(32 == args->k.length()) {
+    str_to_hex(args->k, k);
   } else {
-    usim_log->error("Invalid length for OP: %zu should be %d\n", args->op.length(), 32);
-    usim_log->console("Invalid length for OP: %zu should be %d\n", args->op.length(), 32);
+    usim_log->error("Invalid length for K: %zu should be %d\n", args->k.length(), 32);
+    usim_log->console("Invalid length for K: %zu should be %d\n", args->k.length(), 32);
+  }
+
+  if(args->using_op)
+  {
+    if(32 == args->op.length()) {
+      str_to_hex(args->op, op);
+      compute_opc(k,op,opc);
+    } else {
+      usim_log->error("Invalid length for OP: %zu should be %d\n", args->op.length(), 32);
+      usim_log->console("Invalid length for OP: %zu should be %d\n", args->op.length(), 32);
+    }
+  }
+  else{
+    if(32 == args->opc.length()) {
+      str_to_hex(args->opc, opc);
+    } else {
+      usim_log->error("Invalid length for OPc: %zu should be %d\n", args->opc.length(), 32);
+      usim_log->console("Invalid length for OPc: %zu should be %d\n", args->opc.length(), 32);
+    }
   }
 
   if(15 == args->imsi.length()) {
@@ -77,13 +96,6 @@ int usim::init(usim_args_t *args, srslte::log *usim_log_)
     usim_log->console("Invalid length for IMEI: %zu should be %d\n", args->imei.length(), 15);
   }
 
-  if(32 == args->k.length()) {
-    str_to_hex(args->k, k);
-  } else {
-    usim_log->error("Invalid length for K: %zu should be %d\n", args->k.length(), 32);
-    usim_log->console("Invalid length for K: %zu should be %d\n", args->k.length(), 32);
-  }
-
   auth_algo = auth_algo_milenage;
   if("xor" == args->algo) {
     auth_algo = auth_algo_xor;

From a839817790d0f76dde0fc56fe91c966a4420ffee Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 16:42:41 +0100
Subject: [PATCH 09/25] Starting to add OPc option to HSS.

---
 srsepc/src/hss/hss.cc      | 38 +++++++++++++++++++++++++++++++++-----
 srsepc/user_db.csv.example |  4 ++--
 2 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/srsepc/src/hss/hss.cc b/srsepc/src/hss/hss.cc
index cb15cebf0..4deeb41a2 100644
--- a/srsepc/src/hss/hss.cc
+++ b/srsepc/src/hss/hss.cc
@@ -154,18 +154,32 @@ hss::read_db_file(std::string db_filename)
     if(line[0] != '#')
     {
       std::vector<std::string> split = split_string(line,','); 
-      if(split.size()!=6)
+      if(split.size()!=7)
       {
-        m_hss_log->error("Error parsing UE database\n");
+        m_hss_log->error("Error parsing UE database. Wrong number of columns in .csv\n");
+        m_hss_log->error("Columns: %d\n",split.size());
         return false;
       }
       hss_ue_ctx_t *ue_ctx = new hss_ue_ctx_t;
       ue_ctx->name = split[0];
       ue_ctx->imsi = atoll(split[1].c_str());
       get_uint_vec_from_hex_str(split[2],ue_ctx->key,16);
-      get_uint_vec_from_hex_str(split[3],ue_ctx->op,16);
-      get_uint_vec_from_hex_str(split[4],ue_ctx->amf,2);
-      get_uint_vec_from_hex_str(split[5],ue_ctx->sqn,6);
+      if(split[3] == std::string("op"))
+      {
+        get_uint_vec_from_hex_str(split[4],ue_ctx->op,16);
+      }
+      else if (split[3] == std::string("opc"))
+      {
+        get_uint_vec_from_hex_str(split[4],ue_ctx->op,16);
+      }
+      else
+      {
+        m_hss_log->error("Neither OP nor OPc configured.\n");
+        return false;
+      }
+      get_uint_vec_from_hex_str(split[4],ue_ctx->op,16);
+      get_uint_vec_from_hex_str(split[5],ue_ctx->amf,2);
+      get_uint_vec_from_hex_str(split[6],ue_ctx->sqn,6);
 
       m_hss_log->debug("Added user from DB, IMSI: %015lu\n", ue_ctx->imsi);
       m_hss_log->debug_hex(ue_ctx->key, 16, "User Key : ");
@@ -202,6 +216,20 @@ bool hss::write_db_file(std::string db_filename)
   }
   m_hss_log->info("Opened DB file: %s\n", db_filename.c_str() );
 
+  //Write comment info
+  m_db_file << "#"                                                                           << std::endl
+            << "# .csv to store UE's information in HSS"                                     << std::endl
+            << "# Kept in the following format: \"Name,IMSI,Key,OP,AMF\""                    << std::endl
+            << "#"                                                                           << std::endl
+            << "# Name: Human readable name to help distinguish UE's. Ignored by the HSS"    << std::endl
+            << "# IMSI: UE's IMSI value"                                                     << std::endl
+            << "# Key:  UE's key, where other keys are derived from. Stored in hexadecimal"  << std::endl
+            << "# OP:   Operator's code, sotred in hexadecimal"                              << std::endl
+            << "# AMF:  Authentication management field, stored in hexadecimal"              << std::endl
+            << "# SQN:  UE's Sequence number for freshness of the authentication"            << std::endl
+            << "#"                                                                           << std::endl
+            << "# Note: Lines starting by '#' are ignored"                                   << std::endl;
+
   std::map<uint64_t,hss_ue_ctx_t*>::iterator it = m_imsi_to_ue_ctx.begin();
   while(it!=m_imsi_to_ue_ctx.end())
   {
diff --git a/srsepc/user_db.csv.example b/srsepc/user_db.csv.example
index 7551c50f8..cd7e56415 100644
--- a/srsepc/user_db.csv.example
+++ b/srsepc/user_db.csv.example
@@ -10,5 +10,5 @@
 # SQN:  UE's Sequence number for freshness of the authentication 
 #
 # Note: Lines starting by '#' are ignored
-ue1,001010123456789,00112233445566778899aabbccddeeff,63BFA50EE6523365FF14C1F45F88737D,9001,000000001234
-ue2,001010123456780,00112233445566778899aabbccddeeaa,63BFA50EE6523365FF14C1F45F88737D,8000,000000001235
+ue1,001010123456789,00112233445566778899aabbccddeeff,op,63bfa50ee6523365ff14c1f45f88737d,9001,000000001234
+ue2,001010123456780,00112233445566778899aabbccddeeff,opc,63bfa50ee6523365ff14c1f45f88737d,8000,000000001234

From 0d61011d1396c4e8ee69d1d3ed76fff7eb5e8c47 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 17:21:06 +0100
Subject: [PATCH 10/25] Changing user_db.csv to allow users to choose OP/OPc.

---
 srsepc/hdr/hss/hss.h  | 12 +++++++-----
 srsepc/src/hss/hss.cc |  8 ++++++++
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/srsepc/hdr/hss/hss.h b/srsepc/hdr/hss/hss.h
index 97e2d45c1..26bbe8aa6 100644
--- a/srsepc/hdr/hss/hss.h
+++ b/srsepc/hdr/hss/hss.h
@@ -54,11 +54,13 @@ typedef struct{
 typedef struct{
     std::string name;
     uint64_t imsi;
-    uint8_t key[16];
-    uint8_t op[16];
-    uint8_t amf[2];
-    uint8_t sqn[6];
-    uint8_t last_rand[16];
+    uint8_t  key[16];
+    bool     op_configured;
+    uint8_t  op[16];
+    uint8_t  opc[16];
+    uint8_t  amf[2];
+    uint8_t  sqn[6];
+    uint8_t  last_rand[16];
 }hss_ue_ctx_t;
 
 enum hss_auth_algo {
diff --git a/srsepc/src/hss/hss.cc b/srsepc/src/hss/hss.cc
index 4deeb41a2..6cd06cdc7 100644
--- a/srsepc/src/hss/hss.cc
+++ b/srsepc/src/hss/hss.cc
@@ -166,10 +166,12 @@ hss::read_db_file(std::string db_filename)
       get_uint_vec_from_hex_str(split[2],ue_ctx->key,16);
       if(split[3] == std::string("op"))
       {
+        ue_ctx->op_configured = true;
         get_uint_vec_from_hex_str(split[4],ue_ctx->op,16);
       }
       else if (split[3] == std::string("opc"))
       {
+        ue_ctx->op_configured =false;
         get_uint_vec_from_hex_str(split[4],ue_ctx->op,16);
       }
       else
@@ -239,6 +241,12 @@ bool hss::write_db_file(std::string db_filename)
       m_db_file << ",";
       m_db_file << hex_string(it->second->key, 16);
       m_db_file << ",";
+      if(it->second->op_configured){
+        m_db_file << "op,";
+      }
+      else{
+        m_db_file << "opc,";
+      }
       m_db_file << hex_string(it->second->op, 16);
       m_db_file << ",";
       m_db_file << hex_string(it->second->amf, 2);

From e9c3b4c8ceb5e73837c84e68bf12a5c242355a9e Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 17:45:13 +0100
Subject: [PATCH 11/25] Added OPc suport on EPC.

---
 srsepc/src/hss/hss.cc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/srsepc/src/hss/hss.cc b/srsepc/src/hss/hss.cc
index 6cd06cdc7..eaf206f5c 100644
--- a/srsepc/src/hss/hss.cc
+++ b/srsepc/src/hss/hss.cc
@@ -168,11 +168,12 @@ hss::read_db_file(std::string db_filename)
       {
         ue_ctx->op_configured = true;
         get_uint_vec_from_hex_str(split[4],ue_ctx->op,16);
+        compute_opc(ue_ctx->key,ue_ctx->op,ue_ctx->opc);
       }
       else if (split[3] == std::string("opc"))
       {
         ue_ctx->op_configured =false;
-        get_uint_vec_from_hex_str(split[4],ue_ctx->op,16);
+        get_uint_vec_from_hex_str(split[4],ue_ctx->opc,16);
       }
       else
       {
@@ -185,7 +186,10 @@ hss::read_db_file(std::string db_filename)
 
       m_hss_log->debug("Added user from DB, IMSI: %015lu\n", ue_ctx->imsi);
       m_hss_log->debug_hex(ue_ctx->key, 16, "User Key : ");
-      m_hss_log->debug_hex(ue_ctx->op, 16, "User OP : ");
+      if(ue_ctx->op_configured){
+        m_hss_log->debug_hex(ue_ctx->op, 16, "User OP : ");
+      }
+      m_hss_log->debug_hex(ue_ctx->opc, 16, "User OPc : ");
       m_hss_log->debug_hex(ue_ctx->amf, 2, "AMF : ");
       m_hss_log->debug_hex(ue_ctx->sqn, 6, "SQN : ");
 
@@ -210,7 +214,7 @@ bool hss::write_db_file(std::string db_filename)
   uint8_t sqn[6];
 
   std::ofstream m_db_file;
-  
+
   m_db_file.open(db_filename.c_str(), std::ofstream::out);
   if(!m_db_file.is_open())
   {

From bd39d8bac283fdf12db57ce663ca0d381459a9e5 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 19:32:50 +0100
Subject: [PATCH 12/25] Fixed bug in getting OPc. Removed debug print. Fixed
 test12345. UE is still having re-synch issues.

---
 lib/test/common/test_f12345.cc | 33 ++++++++++++++++++----------
 srsepc/hdr/hss/hss.h           |  2 +-
 srsepc/src/hss/hss.cc          | 40 ++++++++++++++--------------------
 srsue/src/main.cc              |  1 -
 4 files changed, 39 insertions(+), 37 deletions(-)

diff --git a/lib/test/common/test_f12345.cc b/lib/test/common/test_f12345.cc
index 1c5375c43..e75d80bd7 100644
--- a/lib/test/common/test_f12345.cc
+++ b/lib/test/common/test_f12345.cc
@@ -63,9 +63,19 @@ void test_set_2()
   uint8_t op[] = {0xcd, 0xc2, 0x02, 0xd5, 0x12, 0x3e, 0x20, 0xf6, 0x2b, 0x6d, 0x67, 0x6a, 0xc7, 0x2c, 0xb3, 0x18};
   // f1
 
-   uint8_t mac_o[8]; 
+  uint8_t opc_o[16];
+  err_lte = liblte_compute_opc(k,op,opc_o);
+  assert(err_lte == LIBLTE_SUCCESS);
+
+  arrprint(opc_o, sizeof(opc_o));
+
+  uint8_t opc_a[] = {0xcd, 0x63, 0xcb, 0x71, 0x95, 0x4a, 0x9f, 0x4e, 0x48, 0xa5, 0x99, 0x4e, 0x37, 0xa0, 0x2b, 0xaf};
+  err_cmp = arrcmp(opc_o,opc_a,sizeof(opc_o));
+  assert(err_cmp == 0);
+
+  uint8_t mac_o[8];
   err_lte = liblte_security_milenage_f1(k,
-                                        op,
+                                        opc_o,
                                         rand,
                                         sqn,
                                         amf,
@@ -84,7 +94,7 @@ void test_set_2()
 
   uint8_t mac_so[8];
   err_lte = liblte_security_milenage_f1_star(k,
-                                   op,
+                                   opc_o,
                                    rand,
                                    sqn,
                                    amf,
@@ -93,9 +103,9 @@ void test_set_2()
   assert(err_lte == LIBLTE_SUCCESS);
 
   uint8_t mac_s[] = {0x01, 0xcf, 0xaf, 0x9e, 0xc4, 0xe8, 0x71, 0xe9};
-  
+
   arrprint(mac_so, sizeof(mac_so));
-  
+
   err_cmp = arrcmp(mac_so, mac_s, sizeof(mac_s));
   assert(err_cmp == 0);
 
@@ -106,7 +116,7 @@ void test_set_2()
   uint8_t ak_o[6];
 
   err_lte = liblte_security_milenage_f2345(k,
-                                 op,
+                                 opc_o,
                                  rand,
                                  res_o,
                                  ck_o,
@@ -126,7 +136,7 @@ void test_set_2()
   err_cmp = arrcmp(res_o, res, sizeof(res));
   assert(err_cmp == 0);
 
-  // CK 
+  // CK
   arrprint(ck_o, sizeof(ck_o));
 
   err_cmp = arrcmp(ck_o, ck, sizeof(ck));
@@ -142,10 +152,10 @@ void test_set_2()
   err_cmp = arrcmp(ak_o, ak, sizeof(ak));
   assert(err_cmp == 0);
 
-  // f star 
+  // f star
   uint8_t ak_star_o[6];
-  
-  err_lte = liblte_security_milenage_f5_star(k, op, rand, ak_star_o);
+
+  err_lte = liblte_security_milenage_f5_star(k, opc_o, rand, ak_star_o);
   assert(err_lte == LIBLTE_SUCCESS);
 
   arrprint(ak_star_o, sizeof(ak_star_o));
@@ -160,8 +170,9 @@ void test_set_2()
 */
 
 int main(int argc, char * argv[]) {
-  /*
+
   test_set_2();
+  /*
   test_set_3();
   test_set_4();
   test_set_5();
diff --git a/srsepc/hdr/hss/hss.h b/srsepc/hdr/hss/hss.h
index 26bbe8aa6..c81ec6296 100644
--- a/srsepc/hdr/hss/hss.h
+++ b/srsepc/hdr/hss/hss.h
@@ -91,7 +91,7 @@ private:
 
 
   void gen_rand(uint8_t rand_[16]);
-  bool get_k_amf_op_sqn(uint64_t imsi, uint8_t *k, uint8_t *amf, uint8_t *op, uint8_t *sqn);
+  bool get_k_amf_opc_sqn(uint64_t imsi, uint8_t *k, uint8_t *amf, uint8_t *op, uint8_t *sqn);
 
   bool gen_auth_info_answer_milenage(uint64_t imsi, uint8_t *k_asme, uint8_t *autn, uint8_t *rand, uint8_t *xres);
   bool gen_auth_info_answer_xor(uint64_t imsi, uint8_t *k_asme, uint8_t *autn, uint8_t *rand, uint8_t *xres);
diff --git a/srsepc/src/hss/hss.cc b/srsepc/src/hss/hss.cc
index eaf206f5c..fa4c89bd9 100644
--- a/srsepc/src/hss/hss.cc
+++ b/srsepc/src/hss/hss.cc
@@ -180,7 +180,6 @@ hss::read_db_file(std::string db_filename)
         m_hss_log->error("Neither OP nor OPc configured.\n");
         return false;
       }
-      get_uint_vec_from_hex_str(split[4],ue_ctx->op,16);
       get_uint_vec_from_hex_str(split[5],ue_ctx->amf,2);
       get_uint_vec_from_hex_str(split[6],ue_ctx->sqn,6);
 
@@ -321,10 +320,10 @@ hss::resync_sqn_milenage(uint64_t imsi, uint8_t *auts)
 
   uint8_t k[16];
   uint8_t amf[2];
-  uint8_t op[16];
+  uint8_t opc[16];
   uint8_t sqn[6];
 
-  if(!get_k_amf_op_sqn(imsi, k, amf, op, sqn))
+  if(!get_k_amf_opc_sqn(imsi, k, amf, opc, sqn))
   {
     return false;
   }
@@ -340,13 +339,13 @@ hss::resync_sqn_milenage(uint64_t imsi, uint8_t *auts)
   }
 
   m_hss_log->debug_hex(k, 16, "User Key : ");
-  m_hss_log->debug_hex(op, 16, "User OP : ");
+  m_hss_log->debug_hex(opc, 16, "User OPc : ");
   m_hss_log->debug_hex(last_rand, 16, "User Last Rand : ");
   m_hss_log->debug_hex(auts, 16, "AUTS : ");
   m_hss_log->debug_hex(sqn_ms_xor_ak, 6, "SQN xor AK : ");
   m_hss_log->debug_hex(mac_s, 8, "MAC : ");
 
-  security_milenage_f5_star(k, op, last_rand, ak);
+  security_milenage_f5_star(k, opc, last_rand, ak);
   m_hss_log->debug_hex(ak, 6, "Resynch AK : ");
 
   uint8_t sqn_ms[6];
@@ -359,17 +358,10 @@ hss::resync_sqn_milenage(uint64_t imsi, uint8_t *auts)
 
   uint8_t mac_s_tmp[8];
 
-  security_milenage_f1_star(k, op, last_rand, sqn_ms, amf, mac_s_tmp);
+  security_milenage_f1_star(k, opc, last_rand, sqn_ms, amf, mac_s_tmp);
 
   m_hss_log->debug_hex(mac_s_tmp, 8, "MAC calc : ");
-  /*
-  for(int i=0; i<8; i++){
-    if(!(mac_s_tmp[i] == mac_s[i])){
-      m_hss_log->error("Calculated MAC does not match sent MAC\n");
-      return false;
-    }
-  }
-  */
+
   set_sqn(imsi, sqn_ms);
 
   return true;
@@ -380,7 +372,7 @@ hss::gen_auth_info_answer_milenage(uint64_t imsi, uint8_t *k_asme, uint8_t *autn
 {
   uint8_t k[16];
   uint8_t amf[2];
-  uint8_t op[16];
+  uint8_t opc[16];
   uint8_t sqn[6];
 
   uint8_t     ck[16];
@@ -389,14 +381,14 @@ hss::gen_auth_info_answer_milenage(uint64_t imsi, uint8_t *k_asme, uint8_t *autn
   uint8_t     mac[8];
 
 
-  if(!get_k_amf_op_sqn(imsi, k, amf, op, sqn))
+  if(!get_k_amf_opc_sqn(imsi, k, amf, opc, sqn))
   {
     return false;
   }
   gen_rand(rand);
 
   security_milenage_f2345( k,
-                           op,
+                           opc,
                            rand,
                            xres,
                            ck,
@@ -404,7 +396,7 @@ hss::gen_auth_info_answer_milenage(uint64_t imsi, uint8_t *k_asme, uint8_t *autn
                            ak);
 
   m_hss_log->debug_hex(k, 16, "User Key : ");
-  m_hss_log->debug_hex(op, 16, "User OP : ");
+  m_hss_log->debug_hex(opc, 16, "User OPc : ");
   m_hss_log->debug_hex(rand, 16, "User Rand : ");
   m_hss_log->debug_hex(xres, 8, "User XRES: ");
   m_hss_log->debug_hex(ck, 16, "User CK: ");
@@ -412,7 +404,7 @@ hss::gen_auth_info_answer_milenage(uint64_t imsi, uint8_t *k_asme, uint8_t *autn
   m_hss_log->debug_hex(ak, 6, "User AK: ");
 
   security_milenage_f1( k,
-                        op,
+                        opc,
                         rand,
                         sqn,
                         amf,
@@ -459,7 +451,7 @@ hss::gen_auth_info_answer_xor(uint64_t imsi, uint8_t *k_asme, uint8_t *autn, uin
 {
   uint8_t k[16];
   uint8_t amf[2];
-  uint8_t op[16];
+  uint8_t opc[16];
   uint8_t sqn[6];
 
   uint8_t  xdout[16];
@@ -472,7 +464,7 @@ hss::gen_auth_info_answer_xor(uint64_t imsi, uint8_t *k_asme, uint8_t *autn, uin
 
   int i = 0;
 
-  if(!get_k_amf_op_sqn(imsi, k, amf, op, sqn))
+  if(!get_k_amf_opc_sqn(imsi, k, amf, opc, sqn))
   {
     return false;
   }
@@ -493,7 +485,7 @@ hss::gen_auth_info_answer_xor(uint64_t imsi, uint8_t *k_asme, uint8_t *autn, uin
   }
 
   m_hss_log->debug_hex(k, 16, "User Key : ");
-  m_hss_log->debug_hex(op, 16, "User OP : ");
+  m_hss_log->debug_hex(opc, 16, "User OPc : ");
   m_hss_log->debug_hex(rand, 16, "User Rand : ");
   m_hss_log->debug_hex(xres, 8, "User XRES: ");
   m_hss_log->debug_hex(ck, 16, "User CK: ");
@@ -565,7 +557,7 @@ hss::gen_auth_info_answer_xor(uint64_t imsi, uint8_t *k_asme, uint8_t *autn, uin
 
 
 bool
-hss::get_k_amf_op_sqn(uint64_t imsi, uint8_t *k, uint8_t *amf, uint8_t *op, uint8_t *sqn)
+hss::get_k_amf_opc_sqn(uint64_t imsi, uint8_t *k, uint8_t *amf, uint8_t *opc, uint8_t *sqn)
 {
 
   std::map<uint64_t,hss_ue_ctx_t*>::iterator ue_ctx_it = m_imsi_to_ue_ctx.find(imsi);
@@ -579,7 +571,7 @@ hss::get_k_amf_op_sqn(uint64_t imsi, uint8_t *k, uint8_t *amf, uint8_t *op, uint
   m_hss_log->info("Found User %015lu\n",imsi);
   memcpy(k, ue_ctx->key, 16);
   memcpy(amf, ue_ctx->amf, 2);
-  memcpy(op, ue_ctx->op, 16);
+  memcpy(opc, ue_ctx->opc, 16);
   memcpy(sqn, ue_ctx->sqn, 6);
 
   return true;
diff --git a/srsue/src/main.cc b/srsue/src/main.cc
index eb9bd673b..ccf7ae88d 100644
--- a/srsue/src/main.cc
+++ b/srsue/src/main.cc
@@ -381,7 +381,6 @@ void parse_args(all_args_t *args, int argc, char *argv[]) {
     }
   }
 
-  cout << vm.count("usim.op") <<endl;
   // Apply all_level to any unset layers
   if (vm.count("log.all_level")) {
     if (!vm.count("log.phy_level")) {

From b9c50a93a86145402fec2412083ccfc1ec84dfaf Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 18 Jun 2018 20:03:57 +0100
Subject: [PATCH 13/25] Fixed bug in writing OPc into user_db.csv.

---
 srsepc/src/hss/hss.cc | 3 ++-
 srsue/src/main.cc     | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/srsepc/src/hss/hss.cc b/srsepc/src/hss/hss.cc
index fa4c89bd9..77a7bd825 100644
--- a/srsepc/src/hss/hss.cc
+++ b/srsepc/src/hss/hss.cc
@@ -246,11 +246,12 @@ bool hss::write_db_file(std::string db_filename)
       m_db_file << ",";
       if(it->second->op_configured){
         m_db_file << "op,";
+        m_db_file << hex_string(it->second->op, 16);
       }
       else{
         m_db_file << "opc,";
+        m_db_file << hex_string(it->second->opc, 16);
       }
-      m_db_file << hex_string(it->second->op, 16);
       m_db_file << ",";
       m_db_file << hex_string(it->second->amf, 2);
       m_db_file << ",";
diff --git a/srsue/src/main.cc b/srsue/src/main.cc
index ccf7ae88d..353921dbf 100644
--- a/srsue/src/main.cc
+++ b/srsue/src/main.cc
@@ -136,16 +136,16 @@ void parse_args(all_args_t *args, int argc, char *argv[]) {
     ("usim.k", bpo::value<string>(&args->usim.k), "USIM K")
     ("usim.pin", bpo::value<string>(&args->usim.pin), "PIN in case real SIM card is used")
     ("usim.reader", bpo::value<string>(&args->usim.reader)->default_value(""), "Force specifiy PCSC reader. Default: Try all available readers.")
-    
+
     /* Expert section */
     ("expert.ip_netmask",
      bpo::value<string>(&args->expert.ip_netmask)->default_value("255.255.255.0"),
      "Netmask of the tun_srsue device")
-  
+
      ("expert.mbms_service",
      bpo::value<int>(&args->expert.mbms_service)->default_value(-1),
      "automatically starts an mbms service of the number given")
-  
+
     ("expert.phy.worker_cpu_mask",
      bpo::value<int>(&args->expert.phy.worker_cpu_mask)->default_value(-1),
      "cpu bit mask (eg 255 = 1111 1111)")

From 6a32b5b047a283a20e5633bcb8361f87d5b37281 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Tue, 19 Jun 2018 18:09:14 +0100
Subject: [PATCH 14/25] Starting to separate the increment of SQN into a
 seperate function.

---
 srsepc/hdr/hss/hss.h  |  3 ++-
 srsepc/src/hss/hss.cc | 51 +++++++++++++++++++++++++++++--------------
 2 files changed, 37 insertions(+), 17 deletions(-)

diff --git a/srsepc/hdr/hss/hss.h b/srsepc/hdr/hss/hss.h
index c81ec6296..d19f690e6 100644
--- a/srsepc/hdr/hss/hss.h
+++ b/srsepc/hdr/hss/hss.h
@@ -102,7 +102,8 @@ private:
   std::vector<std::string> split_string(const std::string &str, char delimiter);
   void get_uint_vec_from_hex_str(const std::string &key_str, uint8_t *key, uint len);
 
-  void increment_sqn(uint64_t imsi);
+  void increment_ue_sqn(uint64_t imsi);
+  void increment_sqn(uint8_t *sqn, uint8_t *next_sqn);
   void set_sqn(uint64_t imsi, uint8_t *sqn);
 
   void set_last_rand(uint64_t imsi, uint8_t *rand);
diff --git a/srsepc/src/hss/hss.cc b/srsepc/src/hss/hss.cc
index 77a7bd825..674f4a1fc 100644
--- a/srsepc/src/hss/hss.cc
+++ b/srsepc/src/hss/hss.cc
@@ -140,7 +140,7 @@ bool
 hss::read_db_file(std::string db_filename)
 {
   std::ifstream m_db_file;
-  
+
   m_db_file.open(db_filename.c_str(), std::ifstream::in);
   if(!m_db_file.is_open())
   {
@@ -153,11 +153,12 @@ hss::read_db_file(std::string db_filename)
   {
     if(line[0] != '#')
     {
-      std::vector<std::string> split = split_string(line,','); 
-      if(split.size()!=7)
+      uint column_size = 7;
+      std::vector<std::string> split = split_string(line,',');
+      if(split.size() != column_size)
       {
         m_hss_log->error("Error parsing UE database. Wrong number of columns in .csv\n");
-        m_hss_log->error("Columns: %d\n",split.size());
+        m_hss_log->error("Columns: %lu, Expected %d.\n",split.size(),column_size);
         return false;
       }
       hss_ue_ctx_t *ue_ctx = new hss_ue_ctx_t;
@@ -280,7 +281,7 @@ hss::gen_auth_info_answer(uint64_t imsi, uint8_t *k_asme, uint8_t *autn, uint8_t
     ret = gen_auth_info_answer_milenage(imsi, k_asme, autn, rand, xres);
     break;
   }
-  increment_sqn(imsi);
+  increment_ue_sqn(imsi);
   return ret;
 
 }
@@ -298,7 +299,7 @@ hss::resync_sqn(uint64_t imsi, uint8_t *auts)
     ret = resync_sqn_milenage(imsi, auts);
     break;
   }
-  increment_sqn(imsi);
+  increment_ue_sqn(imsi);
   return ret;
 }
 
@@ -354,6 +355,7 @@ hss::resync_sqn_milenage(uint64_t imsi, uint8_t *auts)
     sqn_ms[i] = sqn_ms_xor_ak[i] ^ ak[i];
   }
   m_hss_log->debug_hex(sqn_ms, 6, "SQN MS : ");
+  m_hss_log->debug_hex(sqn   , 6, "SQN HE : ");
 
   m_hss_log->debug_hex(amf, 2, "AMF : ");
 
@@ -579,7 +581,7 @@ hss::get_k_amf_opc_sqn(uint64_t imsi, uint8_t *k, uint8_t *amf, uint8_t *opc, ui
 }
 
 void
-hss::increment_sqn(uint64_t imsi)
+hss::increment_ue_sqn(uint64_t imsi)
 {
   hss_ue_ctx_t *ue_ctx = NULL;
   bool ret = get_ue_ctx(imsi, &ue_ctx);
@@ -589,22 +591,39 @@ hss::increment_sqn(uint64_t imsi)
   }
 
   // Awkward 48 bit sqn and doing arithmetic 
-  uint64_t sqn = 0;
-  uint8_t *p = (uint8_t *)&sqn;
+  //uint64_t sqn = 0;
+  //uint8_t *p = (uint8_t *)&sqn;
+
+  //for(int i = 0; i < 6; i++) {
+  //  p[5-i] = (uint8_t) ((ue_ctx->sqn[i]));
+  //}
+
+  //sqn++;
+  //for(int i = 0; i < 6; i++){
+  //  ue_ctx->sqn[i] = p[5-i];
+  //}
+  increment_sqn(ue_ctx->sqn,ue_ctx->sqn);
+  m_hss_log->debug("Incremented SQN (IMSI: %" PRIu64 ")" PRIu64 "\n", imsi);
+  m_hss_log->debug_hex(ue_ctx->sqn, 6, "SQN: ");
+}
+
+void
+hss::increment_sqn(uint8_t *sqn, uint8_t *next_sqn)
+{
+  // Awkward 48 bit sqn and doing arithmetic 
+  uint64_t tmp_sqn = 0;
+  uint8_t *p = (uint8_t *)&tmp_sqn;
 
   for(int i = 0; i < 6; i++) {
-    p[5-i] = (uint8_t) ((ue_ctx->sqn[i]));
+    p[5-i] = sqn[i];
   }
 
-  sqn++;
-
-  m_hss_log->debug("Incremented SQN (IMSI: %" PRIu64 ") SQN: %" PRIu64 "\n", imsi, sqn);
-
+  tmp_sqn++;
   for(int i = 0; i < 6; i++){
-    ue_ctx->sqn[i] = p[5-i];
+    next_sqn[i] = p[5-i];
   }
+  return;
 }
-
 void
 hss::set_sqn(uint64_t imsi, uint8_t *sqn)
 {

From 8df7a1b1af9adf595aac4266f69db0c82cbe766c Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Tue, 19 Jun 2018 19:29:09 +0100
Subject: [PATCH 15/25] Change some debug prints.

---
 srsepc/src/hss/hss.cc                | 4 ++--
 srsepc/src/mme/s1ap_nas_transport.cc | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/srsepc/src/hss/hss.cc b/srsepc/src/hss/hss.cc
index 674f4a1fc..1295ec646 100644
--- a/srsepc/src/hss/hss.cc
+++ b/srsepc/src/hss/hss.cc
@@ -52,7 +52,7 @@ hss::~hss()
 
 hss*
 hss::get_instance(void)
-{ 
+{
   pthread_mutex_lock(&hss_instance_mutex);
   if(NULL == m_instance) {
     m_instance = new hss();
@@ -93,7 +93,7 @@ hss::init(hss_args_t *hss_args, srslte::log_filter *hss_log)
 
   mcc = hss_args->mcc;
   mnc = hss_args->mnc;
-  
+
   db_file = hss_args->db_file;
 
   m_hss_log->info("HSS Initialized. DB file %s, authentication algorithm %s, MCC: %d, MNC: %d\n", hss_args->db_file.c_str(),hss_args->auth_algo.c_str(), mcc, mnc);
diff --git a/srsepc/src/mme/s1ap_nas_transport.cc b/srsepc/src/mme/s1ap_nas_transport.cc
index f4114603a..6e407cbbd 100644
--- a/srsepc/src/mme/s1ap_nas_transport.cc
+++ b/srsepc/src/mme/s1ap_nas_transport.cc
@@ -1382,8 +1382,8 @@ s1ap_nas_transport::handle_authentication_failure(srslte::byte_buffer_t *nas_msg
     m_s1ap_log->info("Non-EPS authentication unacceptable\n");
     break;
     case 21:
-    m_s1ap_log->console("Sequence number synch failure\n");
-    m_s1ap_log->info("Sequence number synch failure\n");
+    m_s1ap_log->console("Authentication Failure -- Synchronization Failure\n");
+    m_s1ap_log->info("Authentication Failure -- Synchronization Failure\n");
     if(auth_fail.auth_fail_param_present == false){
       m_s1ap_log->error("Missing fail parameter\n");
       return false;

From d3469e51c1627fbb0c514315479948bd3cdbebe2 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Fri, 22 Jun 2018 19:06:57 +0100
Subject: [PATCH 16/25] Starting to play with key set identifier.

---
 srsepc/src/mme/s1ap_nas_transport.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/srsepc/src/mme/s1ap_nas_transport.cc b/srsepc/src/mme/s1ap_nas_transport.cc
index 6e407cbbd..3f5ddd53a 100644
--- a/srsepc/src/mme/s1ap_nas_transport.cc
+++ b/srsepc/src/mme/s1ap_nas_transport.cc
@@ -1450,7 +1450,9 @@ s1ap_nas_transport::pack_authentication_request(srslte::byte_buffer_t *reply_msg
   memcpy(auth_req.autn , autn, 16);
   memcpy(auth_req.rand, rand, 16);
   auth_req.nas_ksi.tsc_flag=LIBLTE_MME_TYPE_OF_SECURITY_CONTEXT_FLAG_NATIVE;
-  auth_req.nas_ksi.nas_ksi=0;
+  static uint8_t nas_ksi_tmp =  0;
+  auth_req.nas_ksi.nas_ksi = nas_ksi_tmp++;
+  //auth_req.nas_ksi.nas_ksi = 0;
 
   LIBLTE_ERROR_ENUM err = liblte_mme_pack_authentication_request_msg(&auth_req, (LIBLTE_BYTE_MSG_STRUCT *) nas_buffer);
   if(err != LIBLTE_SUCCESS)

From d44a3c44ca5e22cc9b50588df80907d5a37318fa Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 25 Jun 2018 12:48:11 +0100
Subject: [PATCH 17/25] Making sure eKSI is changed on re-synch. Re-synch on
 SYSMOCOM USIMs seem to work.

---
 srsepc/hdr/mme/s1ap_common.h         |  1 +
 srsepc/hdr/mme/s1ap_nas_transport.h  |  2 +-
 srsepc/src/mme/s1ap_nas_transport.cc | 48 +++++++++++++++-------------
 3 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/srsepc/hdr/mme/s1ap_common.h b/srsepc/hdr/mme/s1ap_common.h
index a71daada8..7465f9696 100644
--- a/srsepc/hdr/mme/s1ap_common.h
+++ b/srsepc/hdr/mme/s1ap_common.h
@@ -110,6 +110,7 @@ typedef struct{
 } enb_ctx_t;
 
 typedef struct{
+  uint8_t  eksi;
   uint8_t  k_asme[32]; 
   uint8_t  xres[16]; //minimum 6, maximum 16
   uint32_t dl_nas_count;
diff --git a/srsepc/hdr/mme/s1ap_nas_transport.h b/srsepc/hdr/mme/s1ap_nas_transport.h
index e0b7d93fa..3a11302c5 100644
--- a/srsepc/hdr/mme/s1ap_nas_transport.h
+++ b/srsepc/hdr/mme/s1ap_nas_transport.h
@@ -113,7 +113,7 @@ private:
   bool integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu);
   bool short_integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu);
 
-  bool pack_authentication_request(srslte::byte_buffer_t *reply_msg, uint32_t enb_ue_s1ap_id, uint32_t next_mme_ue_s1ap_id, uint8_t *autn,uint8_t *rand);
+  bool pack_authentication_request(srslte::byte_buffer_t *reply_msg, uint32_t enb_ue_s1ap_id, uint32_t next_mme_ue_s1ap_id, uint8_t eksi, uint8_t *autn, uint8_t *rand);
   bool pack_authentication_reject(srslte::byte_buffer_t *reply_msg, uint32_t enb_ue_s1ap_id, uint32_t mme_ue_s1ap_id);
   bool unpack_authentication_response(LIBLTE_S1AP_MESSAGE_UPLINKNASTRANSPORT_STRUCT *ul_xport, LIBLTE_MME_AUTHENTICATION_RESPONSE_MSG_STRUCT *auth_resp);
 
diff --git a/srsepc/src/mme/s1ap_nas_transport.cc b/srsepc/src/mme/s1ap_nas_transport.cc
index 3f5ddd53a..ad009cc6c 100644
--- a/srsepc/src/mme/s1ap_nas_transport.cc
+++ b/srsepc/src/mme/s1ap_nas_transport.cc
@@ -504,6 +504,9 @@ s1ap_nas_transport::handle_nas_imsi_attach_request(uint32_t enb_ue_s1ap_id,
     m_s1ap_log->info("User not found. IMSI %015lu\n",emm_ctx->imsi);
     return false;
   }
+  //Allocate eKSI for this authentication vector
+  //Here we assume a new security context thus a new eKSI
+  emm_ctx->security_ctxt.eksi=0;
 
   //Save the UE context
   ue_ctx_t *new_ctx = new ue_ctx_t;
@@ -512,7 +515,7 @@ s1ap_nas_transport::handle_nas_imsi_attach_request(uint32_t enb_ue_s1ap_id,
   m_s1ap->add_ue_ctx_to_mme_ue_s1ap_id_map(new_ctx);
 
   //Pack NAS Authentication Request in Downlink NAS Transport msg
-  pack_authentication_request(reply_buffer, ecm_ctx->enb_ue_s1ap_id, ecm_ctx->mme_ue_s1ap_id, autn, rand);
+  pack_authentication_request(reply_buffer, ecm_ctx->enb_ue_s1ap_id, ecm_ctx->mme_ue_s1ap_id, emm_ctx->security_ctxt.eksi, autn, rand);
 
   //Send reply to eNB
   *reply_flag = true;
@@ -592,7 +595,7 @@ s1ap_nas_transport::handle_nas_guti_attach_request(  uint32_t enb_ue_s1ap_id,
 
     //Save whether ESM information transfer is necessary
     ecm_ctx->eit = pdn_con_req.esm_info_transfer_flag_present;
-    //m_s1ap_log->console("EPS Bearer id: %d\n", eps_bearer_id);
+
     //Add eNB info to UE ctxt
     memcpy(&ecm_ctx->enb_sri, enb_sri, sizeof(struct sctp_sndrcvinfo));
     //Initialize E-RABs
@@ -617,7 +620,6 @@ s1ap_nas_transport::handle_nas_guti_attach_request(  uint32_t enb_ue_s1ap_id,
 
     m_s1ap_log->console("Could not find M-TMSI=0x%x. Sending ID request\n",m_tmsi);
     m_s1ap_log->info("Could not find M-TMSI=0x%x. Sending Id Request\n", m_tmsi);
-    //m_s1ap->add_new_ue_ecm_ctx(ue_ecm_ctx);
 
     //Store temporary ue context
     ue_ctx_t *new_ctx = new ue_ctx_t;
@@ -646,7 +648,7 @@ s1ap_nas_transport::handle_nas_guti_attach_request(  uint32_t enb_ue_s1ap_id,
       if(msg_valid == true && emm_ctx->state == EMM_STATE_DEREGISTERED)
       {
         m_s1ap_log->console("GUTI Attach Integrity valid. UL count %d, DL count %d\n",emm_ctx->security_ctxt.ul_nas_count, emm_ctx->security_ctxt.dl_nas_count);
-        
+
         //Create new MME UE S1AP Identity
         emm_ctx->mme_ue_s1ap_id = m_s1ap->get_next_mme_ue_s1ap_id();
         ecm_ctx->mme_ue_s1ap_id = emm_ctx->mme_ue_s1ap_id;
@@ -672,7 +674,7 @@ s1ap_nas_transport::handle_nas_guti_attach_request(  uint32_t enb_ue_s1ap_id,
 
         //Store context based on MME UE S1AP id
         m_s1ap->add_ue_ctx_to_mme_ue_s1ap_id_map(ue_ctx);
-        
+
         //Re-generate K_eNB
         srslte::security_generate_k_enb(emm_ctx->security_ctxt.k_asme, emm_ctx->security_ctxt.ul_nas_count, emm_ctx->security_ctxt.k_enb);
         m_s1ap_log->info("Generating KeNB with UL NAS COUNT: %d\n",emm_ctx->security_ctxt.ul_nas_count);
@@ -760,12 +762,12 @@ s1ap_nas_transport::handle_nas_guti_attach_request(  uint32_t enb_ue_s1ap_id,
         }
         //Store context based on MME UE S1AP id
         m_s1ap->add_ue_ctx_to_mme_ue_s1ap_id_map(ue_ctx);
- 
+
         //NAS integrity failed. Re-start authentication process.
         m_s1ap_log->console("GUTI Attach request NAS integrity failed.\n");
         m_s1ap_log->console("RE-starting authentication procedure.\n");
-        uint8_t     autn[16]; 
-        uint8_t     rand[16]; 
+        uint8_t     autn[16];
+        uint8_t     rand[16];
         //Get Authentication Vectors from HSS
         if(!m_hss->gen_auth_info_answer(emm_ctx->imsi, emm_ctx->security_ctxt.k_asme, autn, rand, emm_ctx->security_ctxt.xres))
         {
@@ -773,7 +775,9 @@ s1ap_nas_transport::handle_nas_guti_attach_request(  uint32_t enb_ue_s1ap_id,
             m_s1ap_log->info("User not found. IMSI %015lu\n",emm_ctx->imsi);
             return false;
         }
-        pack_authentication_request(reply_buffer, ecm_ctx->enb_ue_s1ap_id, ecm_ctx->mme_ue_s1ap_id, autn, rand);
+        //Restarting security context. Reseting eKSI to 0.
+        emm_ctx->security_ctxt.eksi=0;
+        pack_authentication_request(reply_buffer, ecm_ctx->enb_ue_s1ap_id, ecm_ctx->mme_ue_s1ap_id, emm_ctx->security_ctxt.eksi, autn, rand);
 
         //Send reply to eNB
         *reply_flag = true;
@@ -1196,12 +1200,14 @@ s1ap_nas_transport::handle_identity_response(srslte::byte_buffer_t *nas_msg, ue_
     m_s1ap_log->info("User not found. IMSI %015lu\n",imsi);
     return false;
   }
+  //Identity reponse from unknown GUTI atach. Assigning new eKSI.
+  emm_ctx->security_ctxt.eksi=0;
 
   //Store UE context im IMSI map
   m_s1ap->add_ue_ctx_to_imsi_map(ue_ctx);
 
   //Pack NAS Authentication Request in Downlink NAS Transport msg
-  pack_authentication_request(reply_msg, ecm_ctx->enb_ue_s1ap_id, ecm_ctx->mme_ue_s1ap_id, autn, rand);
+  pack_authentication_request(reply_msg, ecm_ctx->enb_ue_s1ap_id, ecm_ctx->mme_ue_s1ap_id, emm_ctx->security_ctxt.eksi, autn, rand);
 
   //Send reply to eNB
   *reply_flag = true;
@@ -1401,8 +1407,11 @@ s1ap_nas_transport::handle_authentication_failure(srslte::byte_buffer_t *nas_msg
       m_s1ap_log->info("User not found. IMSI %015lu\n", emm_ctx->imsi);
       return false;
     }
+    //Making sure eKSI is different from previous eKSI.
+    emm_ctx->security_ctxt.eksi = (emm_ctx->security_ctxt.eksi+1)%6;
+
     //Pack NAS Authentication Request in Downlink NAS Transport msg
-    pack_authentication_request(reply_msg, ecm_ctx->enb_ue_s1ap_id, ecm_ctx->mme_ue_s1ap_id, autn, rand);
+    pack_authentication_request(reply_msg, ecm_ctx->enb_ue_s1ap_id, ecm_ctx->mme_ue_s1ap_id, emm_ctx->security_ctxt.eksi, autn, rand);
 
     //Send reply to eNB
     *reply_flag = true;
@@ -1414,15 +1423,10 @@ s1ap_nas_transport::handle_authentication_failure(srslte::byte_buffer_t *nas_msg
   }
   return true;
 }
-  /*
-bool
-s1ap_nas_transport::handle_detach_request(nas_msg, ue_ctx, reply_buffer, reply_flag)
-{
-  return true;
-  }*/
+
 /*Packing/Unpacking helper functions*/
 bool
-s1ap_nas_transport::pack_authentication_request(srslte::byte_buffer_t *reply_msg, uint32_t enb_ue_s1ap_id, uint32_t next_mme_ue_s1ap_id, uint8_t *autn, uint8_t *rand)
+s1ap_nas_transport::pack_authentication_request(srslte::byte_buffer_t *reply_msg, uint32_t enb_ue_s1ap_id, uint32_t next_mme_ue_s1ap_id, uint8_t eksi, uint8_t *autn, uint8_t *rand)
 {
   srslte::byte_buffer_t *nas_buffer = m_pool->allocate();
 
@@ -1450,9 +1454,7 @@ s1ap_nas_transport::pack_authentication_request(srslte::byte_buffer_t *reply_msg
   memcpy(auth_req.autn , autn, 16);
   memcpy(auth_req.rand, rand, 16);
   auth_req.nas_ksi.tsc_flag=LIBLTE_MME_TYPE_OF_SECURITY_CONTEXT_FLAG_NATIVE;
-  static uint8_t nas_ksi_tmp =  0;
-  auth_req.nas_ksi.nas_ksi = nas_ksi_tmp++;
-  //auth_req.nas_ksi.nas_ksi = 0;
+  auth_req.nas_ksi.nas_ksi = eksi;
 
   LIBLTE_ERROR_ENUM err = liblte_mme_pack_authentication_request_msg(&auth_req, (LIBLTE_BYTE_MSG_STRUCT *) nas_buffer);
   if(err != LIBLTE_SUCCESS)
@@ -1892,7 +1894,7 @@ s1ap_nas_transport::pack_identity_request(srslte::byte_buffer_t *reply_msg, uint
   //Setup Dw NAS structure
   LIBLTE_S1AP_MESSAGE_DOWNLINKNASTRANSPORT_STRUCT *dw_nas = &init->choice.DownlinkNASTransport;
   dw_nas->ext=false;
-  dw_nas->MME_UE_S1AP_ID.MME_UE_S1AP_ID = mme_ue_s1ap_id;//FIXME Change name
+  dw_nas->MME_UE_S1AP_ID.MME_UE_S1AP_ID = mme_ue_s1ap_id;
   dw_nas->eNB_UE_S1AP_ID.ENB_UE_S1AP_ID = enb_ue_s1ap_id;
   dw_nas->HandoverRestrictionList_present=false;
   dw_nas->SubscriberProfileIDforRFP_present=false;
@@ -1918,7 +1920,7 @@ s1ap_nas_transport::pack_identity_request(srslte::byte_buffer_t *reply_msg, uint
     m_s1ap_log->error("Error packing Dw NAS Transport: Authentication Reject\n");
     m_s1ap_log->console("Error packing Downlink NAS Transport: Authentication Reject\n");
     return false;
-  } 
+  }
 
   m_pool->deallocate(nas_buffer);
   return true;

From 80f7f955ce0401883d9e4ce2f6a9eca84ef6e9ba Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 25 Jun 2018 17:01:53 +0100
Subject: [PATCH 18/25] Making sure that the Security Mode command uses the
 correct eKSI.

---
 srsepc/src/mme/s1ap_nas_transport.cc | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/srsepc/src/mme/s1ap_nas_transport.cc b/srsepc/src/mme/s1ap_nas_transport.cc
index ad009cc6c..371c55fd9 100644
--- a/srsepc/src/mme/s1ap_nas_transport.cc
+++ b/srsepc/src/mme/s1ap_nas_transport.cc
@@ -223,7 +223,8 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
 
   if( sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS ||
       (msg_type == LIBLTE_MME_MSG_TYPE_IDENTITY_RESPONSE && sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY) ||
-      (msg_type == LIBLTE_MME_MSG_TYPE_AUTHENTICATION_RESPONSE && sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY))
+      (msg_type == LIBLTE_MME_MSG_TYPE_AUTHENTICATION_RESPONSE && sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY) ||
+      (msg_type == LIBLTE_MME_MSG_TYPE_AUTHENTICATION_FAILURE && sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY))
   {
     //Only identity response and authentication response are valid as plain NAS.
     //Sometimes authentication response and identity are sent as integrity protected,
@@ -1035,6 +1036,7 @@ s1ap_nas_transport::handle_nas_authentication_response(srslte::byte_buffer_t *na
   {
     m_s1ap_log->console("UE Authentication Accepted.\n");
     m_s1ap_log->info("UE Authentication Accepted.\n");
+
     //Send Security Mode Command
     emm_ctx->security_ctxt.ul_nas_count = 0; // Reset the NAS uplink counter for the right key k_enb derivation
     pack_security_mode_command(reply_buffer, emm_ctx, ecm_ctx);
@@ -1591,7 +1593,7 @@ s1ap_nas_transport::pack_security_mode_command(srslte::byte_buffer_t *reply_msg,
   sm_cmd.selected_nas_sec_algs.type_of_eia = LIBLTE_MME_TYPE_OF_INTEGRITY_ALGORITHM_128_EIA1;
 
   sm_cmd.nas_ksi.tsc_flag=LIBLTE_MME_TYPE_OF_SECURITY_CONTEXT_FLAG_NATIVE;
-  sm_cmd.nas_ksi.nas_ksi=0; 
+  sm_cmd.nas_ksi.nas_ksi=ue_emm_ctx->security_ctxt.eksi; 
 
   //Replay UE security cap
   memcpy(sm_cmd.ue_security_cap.eea,ue_emm_ctx->security_ctxt.ue_network_cap.eea,8*sizeof(bool));
@@ -1608,8 +1610,6 @@ s1ap_nas_transport::pack_security_mode_command(srslte::byte_buffer_t *reply_msg,
   sm_cmd.nonce_mme_present=false;
 
   uint8_t  sec_hdr_type=3;
-  
-  // ue_emm_ctx->security_ctxt.dl_nas_count = 0;
   LIBLTE_ERROR_ENUM err = liblte_mme_pack_security_mode_command_msg(&sm_cmd,sec_hdr_type, ue_emm_ctx->security_ctxt.dl_nas_count,(LIBLTE_BYTE_MSG_STRUCT *) nas_buffer);
   if(err != LIBLTE_SUCCESS)
   {
@@ -1691,9 +1691,8 @@ s1ap_nas_transport::pack_esm_information_request(srslte::byte_buffer_t *reply_ms
   esm_info_req.proc_transaction_id = ue_emm_ctx->procedure_transaction_id;
 
   uint8_t sec_hdr_type = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED;
-  
+
   ue_emm_ctx->security_ctxt.dl_nas_count++;
- 
   LIBLTE_ERROR_ENUM err = srslte_mme_pack_esm_information_request_msg(&esm_info_req, sec_hdr_type,ue_emm_ctx->security_ctxt.dl_nas_count,(LIBLTE_BYTE_MSG_STRUCT *) nas_buffer);
   if(err != LIBLTE_SUCCESS)
   {

From 50f497dcdc6563631aaf925cb56bfe25eb1c9beb Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 25 Jun 2018 17:25:55 +0100
Subject: [PATCH 19/25] Small fix in srsUE for reading OPc from config file.

---
 srsue/src/main.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/srsue/src/main.cc b/srsue/src/main.cc
index 353921dbf..3359059fc 100644
--- a/srsue/src/main.cc
+++ b/srsue/src/main.cc
@@ -130,7 +130,7 @@ void parse_args(all_args_t *args, int argc, char *argv[]) {
     ("usim.mode", bpo::value<string>(&args->usim.mode)->default_value("soft"), "USIM mode (soft or pcsc)")
     ("usim.algo", bpo::value<string>(&args->usim.algo), "USIM authentication algorithm")
     ("usim.op", bpo::value<string>(&args->usim.op), "USIM operator code")
-    ("usim.opc", bpo::value<string>(&args->usim.op), "USIM operator code (ciphered variant)")
+    ("usim.opc", bpo::value<string>(&args->usim.opc), "USIM operator code (ciphered variant)")
     ("usim.imsi", bpo::value<string>(&args->usim.imsi), "USIM IMSI")
     ("usim.imei", bpo::value<string>(&args->usim.imei), "USIM IMEI")
     ("usim.k", bpo::value<string>(&args->usim.k), "USIM K")

From 50f9f788522a2cc497a4f75d40062e7d438cd15c Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 25 Jun 2018 17:39:05 +0100
Subject: [PATCH 20/25] Changed f2345 and f1 in USIM to use OPc.

---
 srsue/src/upper/usim.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srsue/src/upper/usim.cc b/srsue/src/upper/usim.cc
index b90f65d8a..dedbc8794 100644
--- a/srsue/src/upper/usim.cc
+++ b/srsue/src/upper/usim.cc
@@ -353,7 +353,7 @@ auth_result_t usim::gen_auth_res_milenage(uint8_t  *rand,
 
   // Use RAND and K to compute RES, CK, IK and AK
   security_milenage_f2345( k,
-                           op,
+                           opc,
                            rand,
                            res,
                            ck,
@@ -375,7 +375,7 @@ auth_result_t usim::gen_auth_res_milenage(uint8_t  *rand,
 
   // Generate MAC
   security_milenage_f1( k,
-                        op,
+                        opc,
                         rand,
                         sqn,
                         amf,

From ad1d32333bd8c2eb817eef5461b9dcb73922979e Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Mon, 25 Jun 2018 17:59:34 +0100
Subject: [PATCH 21/25] Fixing up user_db.csv comments and default values.

---
 srsepc/src/hss/hss.cc      | 37 +++++++++++++------------------------
 srsepc/user_db.csv.example | 21 +++++++++++----------
 2 files changed, 24 insertions(+), 34 deletions(-)

diff --git a/srsepc/src/hss/hss.cc b/srsepc/src/hss/hss.cc
index 1295ec646..ab3a0acad 100644
--- a/srsepc/src/hss/hss.cc
+++ b/srsepc/src/hss/hss.cc
@@ -223,18 +223,19 @@ bool hss::write_db_file(std::string db_filename)
   m_hss_log->info("Opened DB file: %s\n", db_filename.c_str() );
 
   //Write comment info
-  m_db_file << "#"                                                                           << std::endl
-            << "# .csv to store UE's information in HSS"                                     << std::endl
-            << "# Kept in the following format: \"Name,IMSI,Key,OP,AMF\""                    << std::endl
-            << "#"                                                                           << std::endl
-            << "# Name: Human readable name to help distinguish UE's. Ignored by the HSS"    << std::endl
-            << "# IMSI: UE's IMSI value"                                                     << std::endl
-            << "# Key:  UE's key, where other keys are derived from. Stored in hexadecimal"  << std::endl
-            << "# OP:   Operator's code, sotred in hexadecimal"                              << std::endl
-            << "# AMF:  Authentication management field, stored in hexadecimal"              << std::endl
-            << "# SQN:  UE's Sequence number for freshness of the authentication"            << std::endl
-            << "#"                                                                           << std::endl
-            << "# Note: Lines starting by '#' are ignored"                                   << std::endl;
+  m_db_file << "#                                                                            " << std::endl
+            << "# .csv to store UE's information in HSS                                      " << std::endl
+            << "# Kept in the following format: \"Name,IMSI,Key,OP_Type,OP,AMF,SQN\"         " << std::endl
+            << "#                                                                            " << std::endl
+            << "# Name:    Human readable name to help distinguish UE's. Ignored by the HSS  " << std::endl
+            << "# IMSI:    UE's IMSI value                                                   " << std::endl
+            << "# Key:     UE's key, where other keys are derived from. Stored in hexadecimal" << std::endl
+            << "# OP_Type: Operator's code type, either OP or OPc                            " << std::endl
+            << "# OP/OPc:  Operator Code/Cyphered Operator Code, stored in hexadecimal       " << std::endl
+            << "# AMF:     Authentication management field, stored in hexadecimal            " << std::endl
+            << "# SQN:     UE's Sequence number for freshness of the authentication          " << std::endl
+            << "#                                                                            " << std::endl
+            << "# Note: Lines starting by '#' are ignored and will be overwritten            " << std::endl;
 
   std::map<uint64_t,hss_ue_ctx_t*>::iterator it = m_imsi_to_ue_ctx.begin();
   while(it!=m_imsi_to_ue_ctx.end())
@@ -590,18 +591,6 @@ hss::increment_ue_sqn(uint64_t imsi)
     return;
   }
 
-  // Awkward 48 bit sqn and doing arithmetic 
-  //uint64_t sqn = 0;
-  //uint8_t *p = (uint8_t *)&sqn;
-
-  //for(int i = 0; i < 6; i++) {
-  //  p[5-i] = (uint8_t) ((ue_ctx->sqn[i]));
-  //}
-
-  //sqn++;
-  //for(int i = 0; i < 6; i++){
-  //  ue_ctx->sqn[i] = p[5-i];
-  //}
   increment_sqn(ue_ctx->sqn,ue_ctx->sqn);
   m_hss_log->debug("Incremented SQN (IMSI: %" PRIu64 ")" PRIu64 "\n", imsi);
   m_hss_log->debug_hex(ue_ctx->sqn, 6, "SQN: ");
diff --git a/srsepc/user_db.csv.example b/srsepc/user_db.csv.example
index cd7e56415..9b2ff26c0 100644
--- a/srsepc/user_db.csv.example
+++ b/srsepc/user_db.csv.example
@@ -1,14 +1,15 @@
 #
 # .csv to store UE's information in HSS
-# Kept in the following format: "Name,IMSI,Key,OP,AMF"
-# 
-# Name: Human readable name to help distinguish UE's. Largely ignored by the HSS
-# IMSI: UE's IMSI value
-# Key:  UE's key, where other keys are derived from. Stored in hexadecimal
-# OP:   Operator's code, sotred in hexadecimal
-# AMF:  Authentication management field, stored in hexadecimal
-# SQN:  UE's Sequence number for freshness of the authentication 
+# Kept in the following format: \"Name,IMSI,Key,OP_Type,OP,AMF,SQN\"
 #
-# Note: Lines starting by '#' are ignored
-ue1,001010123456789,00112233445566778899aabbccddeeff,op,63bfa50ee6523365ff14c1f45f88737d,9001,000000001234
+# Name:    Human readable name to help distinguish UE's. Ignored by the HSS
+# IMSI:    UE's IMSI value
+# Key:     UE's key, where other keys are derived from. Stored in hexadecimal
+# OP_Type: Operator's code type, either OP or OPc
+# OP/OPc:  Operator Code/Cyphered Operator Code, stored in hexadecimal
+# AMF:     Authentication management field, stored in hexadecimal
+# SQN:     UE's Sequence number for freshness of the authentication
+#
+# Note: Lines starting by '#' are ignored and will be overwritten
+ue1,001010123456789,00112233445566778899aabbccddeeff,opc,63bfa50ee6523365ff14c1f45f88737d,9001,000000001234
 ue2,001010123456780,00112233445566778899aabbccddeeff,opc,63bfa50ee6523365ff14c1f45f88737d,8000,000000001234

From 25aafa1f63a57c08df0fc56b50acbb18b6dc2459 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Tue, 26 Jun 2018 10:49:46 +0100
Subject: [PATCH 22/25] Fixing the USIM test.

---
 srsue/test/upper/usim_test.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/srsue/test/upper/usim_test.cc b/srsue/test/upper/usim_test.cc
index c3b13a09c..27ece5cbc 100644
--- a/srsue/test/upper/usim_test.cc
+++ b/srsue/test/upper/usim_test.cc
@@ -79,7 +79,8 @@ int main(int argc, char **argv)
   args.imei = "356092040793011";
   args.imsi = "208930000000001";
   args.k = "8BAF473F2F8FD09487CCCBD7097C6862";
-  args.op = "8e27b6af0e692e750f32667a3b14605d"; // OPc
+  args.using_op = false;
+  args.opc = "8e27b6af0e692e750f32667a3b14605d"; // OPc
 
   srsue::usim usim;
   usim.init(&args, &usim_log);

From 721cb4adaef85f71a17af62b8096898b8b5bb972 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Tue, 26 Jun 2018 11:56:52 +0100
Subject: [PATCH 23/25] Chaging default of srsUE to OPc.

---
 srsue/ue.conf.example | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/srsue/ue.conf.example b/srsue/ue.conf.example
index cbeca8541..eeef5531b 100644
--- a/srsue/ue.conf.example
+++ b/srsue/ue.conf.example
@@ -98,7 +98,7 @@ file_max_size = -1
 [usim]
 mode = soft
 algo = xor
-op   = 63BFA50EE6523365FF14C1F45F88737D
+opc  = 63BFA50EE6523365FF14C1F45F88737D
 k    = 00112233445566778899aabbccddeeff
 imsi = 001010123456789
 imei = 353490069873319

From b8bb270ac7461a0cb03151203c44047c17a2da3e Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Tue, 26 Jun 2018 12:08:42 +0100
Subject: [PATCH 24/25] Cosmetic fix.

---
 srsepc/hdr/hss/hss.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/srsepc/hdr/hss/hss.h b/srsepc/hdr/hss/hss.h
index d19f690e6..4df632d83 100644
--- a/srsepc/hdr/hss/hss.h
+++ b/srsepc/hdr/hss/hss.h
@@ -91,7 +91,7 @@ private:
 
 
   void gen_rand(uint8_t rand_[16]);
-  bool get_k_amf_opc_sqn(uint64_t imsi, uint8_t *k, uint8_t *amf, uint8_t *op, uint8_t *sqn);
+  bool get_k_amf_opc_sqn(uint64_t imsi, uint8_t *k, uint8_t *amf, uint8_t *opc, uint8_t *sqn);
 
   bool gen_auth_info_answer_milenage(uint64_t imsi, uint8_t *k_asme, uint8_t *autn, uint8_t *rand, uint8_t *xres);
   bool gen_auth_info_answer_xor(uint64_t imsi, uint8_t *k_asme, uint8_t *autn, uint8_t *rand, uint8_t *xres);

From e57797b78642a79cdf6bd0b5b5ee68e60f6df151 Mon Sep 17 00:00:00 2001
From: Pedro Alvarez <pedro.alvarez@softwareradiosystems.com>
Date: Tue, 26 Jun 2018 12:12:35 +0100
Subject: [PATCH 25/25] Cosmetic change.

---
 srsepc/user_db.csv.example | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/srsepc/user_db.csv.example b/srsepc/user_db.csv.example
index 9b2ff26c0..55db2e44c 100644
--- a/srsepc/user_db.csv.example
+++ b/srsepc/user_db.csv.example
@@ -1,6 +1,6 @@
 #
 # .csv to store UE's information in HSS
-# Kept in the following format: \"Name,IMSI,Key,OP_Type,OP,AMF,SQN\"
+# Kept in the following format: "Name,IMSI,Key,OP_Type,OP,AMF,SQN"
 #
 # Name:    Human readable name to help distinguish UE's. Ignored by the HSS
 # IMSI:    UE's IMSI value