264 lines
8.2 KiB
Plaintext
264 lines
8.2 KiB
Plaintext
|
/* Utility functions from ogslib imported to TTCN-3
|
||
|
*
|
||
|
* (C) 2019 Harald Welte <laforge@gnumonks.org>
|
||
|
* All rights reserved.
|
||
|
*
|
||
|
* Released under the terms of GNU General Public License, Version 2 or
|
||
|
* (at your option) any later version.
|
||
|
*
|
||
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
||
|
*/
|
||
|
|
||
|
module LTE_CryptoFunctions {
|
||
|
|
||
|
import from General_Types all;
|
||
|
|
||
|
import from S1AP_Types all;
|
||
|
import from S1AP_PDU_Descriptions all;
|
||
|
|
||
|
import from NAS_EPS_Types all;
|
||
|
import from NAS_Templates all;
|
||
|
|
||
|
/*********************************************************************************
|
||
|
* low-level API (external C/C++ code)
|
||
|
*********************************************************************************/
|
||
|
|
||
|
external function f_snow_3g_f8(in OCT16 key, in integer count, in integer bearer,
|
||
|
in boolean is_downlink, in octetstring data) return octetstring;
|
||
|
|
||
|
external function f_snow_3g_f9(in OCT16 key, in integer count, in integer fresh,
|
||
|
in boolean is_downlink, in octetstring data) return OCT4;
|
||
|
|
||
|
external function f_kdf_kasme(in OCT16 ck, in OCT16 ik, in OCT3 plmn_id,
|
||
|
in OCT6 sqn, in OCT6 ak) return OCT32;
|
||
|
|
||
|
external function f_kdf_nas_int(in integer alg_id, in OCT32 kasme) return OCT32;
|
||
|
external function f_kdf_nas_enc(in integer alg_id, in OCT32 kasme) return OCT32;
|
||
|
|
||
|
external function f_kdf_enb(in OCT16 kasme, in integer ul_count) return OCT32;
|
||
|
|
||
|
external function f_kdf_nh(in OCT16 kasme, in OCT32 sync_inp) return OCT32;
|
||
|
|
||
|
/*********************************************************************************
|
||
|
* mid-level API
|
||
|
*********************************************************************************/
|
||
|
|
||
|
function f_nas_mac_calc(NAS_ALG_INT alg, octetstring k_nas_int, integer seq_nr,
|
||
|
integer bearer, boolean is_downlink, octetstring data) return OCT4 {
|
||
|
select (alg) {
|
||
|
case (NAS_ALG_IP_EIA0) {
|
||
|
return '00000000'O;
|
||
|
}
|
||
|
case (NAS_ALG_IP_EIA1) {
|
||
|
return f_snow_3g_f9(k_nas_int, seq_nr, bearer, is_downlink, data);
|
||
|
}
|
||
|
case else {
|
||
|
setverdict(fail, "Unsupported EIA: ", alg);
|
||
|
mtc.stop;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
function f_nas_encrypt(NAS_ALG_ENC alg, octetstring k_nas_enc, integer count,
|
||
|
integer bearer, boolean is_downlink, inout octetstring data) {
|
||
|
select (alg) {
|
||
|
case (NAS_ALG_ENC_EEA0) { }
|
||
|
case (NAS_ALG_ENC_EEA1) {
|
||
|
f_snow_3g_f8(k_nas_enc, count, bearer, is_downlink, data);
|
||
|
}
|
||
|
case else {
|
||
|
setverdict(fail, "Unsupported EEA: ", alg);
|
||
|
mtc.stop;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
|
||
|
/*********************************************************************************
|
||
|
* high-level API (full NAS encapsulation/decapsulation)
|
||
|
*********************************************************************************/
|
||
|
|
||
|
type record NAS_UE_State {
|
||
|
NAS_Role role, /* ATS implements UE or MME role? */
|
||
|
|
||
|
NAS_ALG_INT alg_int, /* NAS Integrity Protection Algorithm */
|
||
|
octetstring k_nas_int, /* NAS Integrity Protection Key */
|
||
|
NAS_ALG_ENC alg_enc, /* NAS Encryption Algorithm */
|
||
|
octetstring k_nas_enc, /* NAS Encryption Key */
|
||
|
integer rx_count, /* frame counter (ATS rx side) */
|
||
|
integer tx_count /* frame counter (ATS tx side) */
|
||
|
};
|
||
|
|
||
|
template (value) NAS_UE_State t_NAS_UE_State(NAS_Role role) := {
|
||
|
role := role,
|
||
|
alg_int := NAS_ALG_IP_EIA0,
|
||
|
k_nas_int := ''O,
|
||
|
alg_enc := NAS_ALG_ENC_EEA0,
|
||
|
k_nas_enc := ''O,
|
||
|
rx_count := 0,
|
||
|
tx_count := 0
|
||
|
};
|
||
|
|
||
|
type enumerated NAS_Role {
|
||
|
NAS_ROLE_UE, /* ATS implements/emulates UE */
|
||
|
NAS_ROLE_MME /* ATS implements/emulates MME */
|
||
|
};
|
||
|
type enumerated NAS_ALG_INT {
|
||
|
NAS_ALG_IP_EIA0, /* no integrity protection */
|
||
|
NAS_ALG_IP_EIA1, /* SNOW-3G F9 based */
|
||
|
NAS_ALG_IP_EIA2, /* AES based */
|
||
|
NAS_ALG_IP_EIA3 /* ZUC */
|
||
|
};
|
||
|
type enumerated NAS_ALG_ENC {
|
||
|
NAS_ALG_ENC_EEA0, /* no encryption */
|
||
|
NAS_ALG_ENC_EEA1, /* SNOW-3G F8 based */
|
||
|
NAS_ALG_ENC_EEA2, /* AES based */
|
||
|
NAS_ALG_ENC_EEA3 /* ZUC */
|
||
|
};
|
||
|
|
||
|
/* port between individual per-connection components and this translator */
|
||
|
type port S1AP_NAS_Conn_PT message {
|
||
|
inout S1AP_PDU, PDU_NAS_EPS;
|
||
|
} with { extension "internal" };
|
||
|
|
||
|
/* determine if a received (from the IUT) message is downlink or not */
|
||
|
private function f_rx_is_downlink(in NAS_UE_State nus) return boolean
|
||
|
{
|
||
|
if (nus.role == NAS_ROLE_UE) {
|
||
|
return true;
|
||
|
} else {
|
||
|
return false;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* determine if a message transmitted to the IUT message is downlink or not */
|
||
|
private function f_tx_is_downlink(in NAS_UE_State nus) return boolean
|
||
|
{
|
||
|
return not f_rx_is_downlink(nus);
|
||
|
}
|
||
|
|
||
|
private function f_nas_check_ip(inout NAS_UE_State nus,
|
||
|
in PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas) return boolean
|
||
|
{
|
||
|
var octetstring data_with_seq := int2oct(secp_nas.sequenceNumber, 1) & secp_nas.nAS_Message;
|
||
|
var OCT4 exp_mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.rx_count, 0,
|
||
|
f_rx_is_downlink(nus), data_with_seq);
|
||
|
if (exp_mac != secp_nas.messageAuthenticationCode) {
|
||
|
setverdict(fail, "Received NAS MAC ", secp_nas.messageAuthenticationCode,
|
||
|
" doesn't match expected MAC ", exp_mac, ": ", secp_nas);
|
||
|
return false;
|
||
|
}
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
/* try to decapsulate (MAC verify, decrypt) NAS message */
|
||
|
function f_nas_try_decaps(inout NAS_UE_State nus, PDU_NAS_EPS nas) return PDU_NAS_EPS
|
||
|
{
|
||
|
var PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas;
|
||
|
|
||
|
/* transparently pass through any non-protected NAS */
|
||
|
if (not match(nas, tr_NAS_EMM_SecurityProtected)) {
|
||
|
return nas;
|
||
|
}
|
||
|
|
||
|
/* process any security-protected NAS */
|
||
|
secp_nas := nas.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage;
|
||
|
select (secp_nas.securityHeaderType) {
|
||
|
case ('0011'B) { /* IP with new EPS security context */
|
||
|
nus.rx_count := 0;
|
||
|
nus.alg_int := NAS_ALG_IP_EIA1; /* FIXME: from decoded inner message! */
|
||
|
if (not f_nas_check_ip(nus, secp_nas)) {
|
||
|
mtc.stop;
|
||
|
}
|
||
|
return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
|
||
|
}
|
||
|
case ('0001'B) { /* IP only */
|
||
|
if (not f_nas_check_ip(nus, secp_nas)) {
|
||
|
mtc.stop;
|
||
|
}
|
||
|
return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
|
||
|
}
|
||
|
case ('0010'B) { /* IP + ciphered */
|
||
|
if (not f_nas_check_ip(nus, secp_nas)) {
|
||
|
mtc.stop;
|
||
|
}
|
||
|
f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0,
|
||
|
f_rx_is_downlink(nus), secp_nas.nAS_Message);
|
||
|
return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
|
||
|
}
|
||
|
case ('0100'B) { /* IP + ciphered; new EPS security context */
|
||
|
nus.rx_count := 0;
|
||
|
if (not f_nas_check_ip(nus, secp_nas)) {
|
||
|
mtc.stop;
|
||
|
}
|
||
|
f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0,
|
||
|
f_rx_is_downlink(nus), secp_nas.nAS_Message);
|
||
|
return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
|
||
|
}
|
||
|
//case ('0101'B) { /* IP + partially ciphered */ }
|
||
|
//case ('1100'B) { /* Service Request Message */ }
|
||
|
case else {
|
||
|
setverdict(fail, "Implement SecHdrType for ", secp_nas);
|
||
|
mtc.stop;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
private function f_nas_determine_sec_hdr_t(boolean encrypt, boolean authenticate, boolean new_ctx)
|
||
|
return BIT4
|
||
|
{
|
||
|
if (encrypt == false and authenticate == false and new_ctx == false) {
|
||
|
return '0000'B;
|
||
|
} else if (encrypt == false and authenticate == true and new_ctx == false) {
|
||
|
return '0001'B;
|
||
|
} else if (encrypt == false and authenticate == true and new_ctx == true) {
|
||
|
return '0011'B;
|
||
|
} else if (encrypt == true and authenticate == true and new_ctx == true) {
|
||
|
return '0100'B;
|
||
|
} else if (encrypt == true and authenticate == true and new_ctx == false) {
|
||
|
return '0010'B;
|
||
|
} else {
|
||
|
setverdict(fail, "invalid sec_hdr conditions");
|
||
|
mtc.stop;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* encapsulate a NAS message (encrypt, MAC) */
|
||
|
function f_nas_encaps(inout NAS_UE_State nus, PDU_NAS_EPS nas_in, boolean new_ctx := false)
|
||
|
return PDU_NAS_EPS
|
||
|
{
|
||
|
var boolean encrypt := false;
|
||
|
var boolean authenticate := false;
|
||
|
if (nus.alg_int != NAS_ALG_IP_EIA0) {
|
||
|
authenticate := true;
|
||
|
}
|
||
|
if (nus.alg_enc != NAS_ALG_ENC_EEA0) {
|
||
|
encrypt := true;
|
||
|
}
|
||
|
|
||
|
if (encrypt == false and authenticate == false) {
|
||
|
return nas_in;
|
||
|
}
|
||
|
|
||
|
if (new_ctx) {
|
||
|
nus.tx_count := 0;
|
||
|
}
|
||
|
|
||
|
var BIT4 sec_hdr_t := f_nas_determine_sec_hdr_t(encrypt, authenticate, new_ctx);
|
||
|
var octetstring nas_enc := enc_PDU_NAS_EPS(nas_in);
|
||
|
if (encrypt) {
|
||
|
f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.tx_count, 0,
|
||
|
f_tx_is_downlink(nus), nas_enc);
|
||
|
}
|
||
|
var PDU_NAS_EPS nas_out;
|
||
|
nas_out := valueof(ts_NAS_EMM_SecurityProtected(sec_hdr_t, nus.tx_count, nas_enc));
|
||
|
if (authenticate) {
|
||
|
var OCT4 mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.tx_count, 0,
|
||
|
f_tx_is_downlink(nus), '00'O & nas_enc);
|
||
|
nas_out.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage.messageAuthenticationCode := mac;
|
||
|
}
|
||
|
return nas_out;
|
||
|
}
|
||
|
|
||
|
} // namespace
|