Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 1 | /* Utility functions from ogslib imported to TTCN-3 |
| 2 | * |
| 3 | * (C) 2019 Harald Welte <laforge@gnumonks.org> |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Released under the terms of GNU General Public License, Version 2 or |
| 7 | * (at your option) any later version. |
| 8 | * |
| 9 | * SPDX-License-Identifier: GPL-2.0-or-later |
| 10 | */ |
| 11 | |
| 12 | module LTE_CryptoFunctions { |
| 13 | |
| 14 | import from General_Types all; |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 15 | import from Misc_Helpers all; |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 16 | |
| 17 | import from S1AP_Types all; |
| 18 | import from S1AP_PDU_Descriptions all; |
| 19 | |
| 20 | import from NAS_EPS_Types all; |
| 21 | import from NAS_Templates all; |
| 22 | |
| 23 | /********************************************************************************* |
| 24 | * low-level API (external C/C++ code) |
| 25 | *********************************************************************************/ |
| 26 | |
| 27 | external function f_snow_3g_f8(in OCT16 key, in integer count, in integer bearer, |
| 28 | in boolean is_downlink, in octetstring data) return octetstring; |
| 29 | |
| 30 | external function f_snow_3g_f9(in OCT16 key, in integer count, in integer fresh, |
| 31 | in boolean is_downlink, in octetstring data) return OCT4; |
| 32 | |
| 33 | external function f_kdf_kasme(in OCT16 ck, in OCT16 ik, in OCT3 plmn_id, |
| 34 | in OCT6 sqn, in OCT6 ak) return OCT32; |
| 35 | |
| 36 | external function f_kdf_nas_int(in integer alg_id, in OCT32 kasme) return OCT32; |
| 37 | external function f_kdf_nas_enc(in integer alg_id, in OCT32 kasme) return OCT32; |
| 38 | |
| 39 | external function f_kdf_enb(in OCT16 kasme, in integer ul_count) return OCT32; |
| 40 | |
| 41 | external function f_kdf_nh(in OCT16 kasme, in OCT32 sync_inp) return OCT32; |
| 42 | |
| 43 | /********************************************************************************* |
| 44 | * mid-level API |
| 45 | *********************************************************************************/ |
| 46 | |
| 47 | function f_nas_mac_calc(NAS_ALG_INT alg, octetstring k_nas_int, integer seq_nr, |
| 48 | integer bearer, boolean is_downlink, octetstring data) return OCT4 { |
| 49 | select (alg) { |
| 50 | case (NAS_ALG_IP_EIA0) { |
| 51 | return '00000000'O; |
| 52 | } |
| 53 | case (NAS_ALG_IP_EIA1) { |
| 54 | return f_snow_3g_f9(k_nas_int, seq_nr, bearer, is_downlink, data); |
| 55 | } |
| 56 | case else { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 57 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unsupported EIA: ", alg)); |
| 58 | return '00000000'O; /* never reached */ |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 59 | } |
| 60 | } |
| 61 | } |
| 62 | |
| 63 | function f_nas_encrypt(NAS_ALG_ENC alg, octetstring k_nas_enc, integer count, |
| 64 | integer bearer, boolean is_downlink, inout octetstring data) { |
| 65 | select (alg) { |
| 66 | case (NAS_ALG_ENC_EEA0) { } |
| 67 | case (NAS_ALG_ENC_EEA1) { |
| 68 | f_snow_3g_f8(k_nas_enc, count, bearer, is_downlink, data); |
| 69 | } |
| 70 | case else { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 71 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unsupported EEA: ", alg)); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 72 | } |
| 73 | } |
| 74 | } |
| 75 | |
| 76 | |
| 77 | /********************************************************************************* |
| 78 | * high-level API (full NAS encapsulation/decapsulation) |
| 79 | *********************************************************************************/ |
| 80 | |
| 81 | type record NAS_UE_State { |
| 82 | NAS_Role role, /* ATS implements UE or MME role? */ |
| 83 | |
| 84 | NAS_ALG_INT alg_int, /* NAS Integrity Protection Algorithm */ |
| 85 | octetstring k_nas_int, /* NAS Integrity Protection Key */ |
| 86 | NAS_ALG_ENC alg_enc, /* NAS Encryption Algorithm */ |
| 87 | octetstring k_nas_enc, /* NAS Encryption Key */ |
| 88 | integer rx_count, /* frame counter (ATS rx side) */ |
| 89 | integer tx_count /* frame counter (ATS tx side) */ |
| 90 | }; |
| 91 | |
| 92 | template (value) NAS_UE_State t_NAS_UE_State(NAS_Role role) := { |
| 93 | role := role, |
| 94 | alg_int := NAS_ALG_IP_EIA0, |
| 95 | k_nas_int := ''O, |
| 96 | alg_enc := NAS_ALG_ENC_EEA0, |
| 97 | k_nas_enc := ''O, |
| 98 | rx_count := 0, |
| 99 | tx_count := 0 |
| 100 | }; |
| 101 | |
| 102 | type enumerated NAS_Role { |
| 103 | NAS_ROLE_UE, /* ATS implements/emulates UE */ |
| 104 | NAS_ROLE_MME /* ATS implements/emulates MME */ |
| 105 | }; |
| 106 | type enumerated NAS_ALG_INT { |
| 107 | NAS_ALG_IP_EIA0, /* no integrity protection */ |
| 108 | NAS_ALG_IP_EIA1, /* SNOW-3G F9 based */ |
| 109 | NAS_ALG_IP_EIA2, /* AES based */ |
| 110 | NAS_ALG_IP_EIA3 /* ZUC */ |
| 111 | }; |
| 112 | type enumerated NAS_ALG_ENC { |
| 113 | NAS_ALG_ENC_EEA0, /* no encryption */ |
| 114 | NAS_ALG_ENC_EEA1, /* SNOW-3G F8 based */ |
| 115 | NAS_ALG_ENC_EEA2, /* AES based */ |
| 116 | NAS_ALG_ENC_EEA3 /* ZUC */ |
| 117 | }; |
| 118 | |
| 119 | /* port between individual per-connection components and this translator */ |
| 120 | type port S1AP_NAS_Conn_PT message { |
| 121 | inout S1AP_PDU, PDU_NAS_EPS; |
| 122 | } with { extension "internal" }; |
| 123 | |
| 124 | /* determine if a received (from the IUT) message is downlink or not */ |
| 125 | private function f_rx_is_downlink(in NAS_UE_State nus) return boolean |
| 126 | { |
| 127 | if (nus.role == NAS_ROLE_UE) { |
| 128 | return true; |
| 129 | } else { |
| 130 | return false; |
| 131 | } |
| 132 | } |
| 133 | |
| 134 | /* determine if a message transmitted to the IUT message is downlink or not */ |
| 135 | private function f_tx_is_downlink(in NAS_UE_State nus) return boolean |
| 136 | { |
| 137 | return not f_rx_is_downlink(nus); |
| 138 | } |
| 139 | |
| 140 | private function f_nas_check_ip(inout NAS_UE_State nus, |
| 141 | in PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas) return boolean |
| 142 | { |
| 143 | var octetstring data_with_seq := int2oct(secp_nas.sequenceNumber, 1) & secp_nas.nAS_Message; |
| 144 | var OCT4 exp_mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.rx_count, 0, |
| 145 | f_rx_is_downlink(nus), data_with_seq); |
Pau Espin Pedrol | acb5b8f | 2023-12-15 19:09:42 +0100 | [diff] [blame] | 146 | |
| 147 | if (nus.rx_count != secp_nas.sequenceNumber) { |
| 148 | setverdict(fail, "Received NAS SeqNr ", secp_nas.sequenceNumber, |
| 149 | " doesn't match expected SeqNr ", nus.rx_count, ": ", secp_nas, " | nus: ", nus); |
| 150 | return false; |
| 151 | } |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 152 | if (exp_mac != secp_nas.messageAuthenticationCode) { |
| 153 | setverdict(fail, "Received NAS MAC ", secp_nas.messageAuthenticationCode, |
Pau Espin Pedrol | 9ad1980 | 2023-12-14 18:11:31 +0100 | [diff] [blame] | 154 | " doesn't match expected MAC ", exp_mac, ": ", secp_nas, " | nus: ", nus); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 155 | return false; |
| 156 | } |
| 157 | return true; |
| 158 | } |
| 159 | |
| 160 | /* try to decapsulate (MAC verify, decrypt) NAS message */ |
| 161 | function f_nas_try_decaps(inout NAS_UE_State nus, PDU_NAS_EPS nas) return PDU_NAS_EPS |
| 162 | { |
| 163 | var PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas; |
| 164 | |
| 165 | /* transparently pass through any non-protected NAS */ |
| 166 | if (not match(nas, tr_NAS_EMM_SecurityProtected)) { |
| 167 | return nas; |
| 168 | } |
| 169 | |
| 170 | /* process any security-protected NAS */ |
| 171 | secp_nas := nas.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage; |
| 172 | select (secp_nas.securityHeaderType) { |
| 173 | case ('0011'B) { /* IP with new EPS security context */ |
| 174 | nus.rx_count := 0; |
| 175 | nus.alg_int := NAS_ALG_IP_EIA1; /* FIXME: from decoded inner message! */ |
| 176 | if (not f_nas_check_ip(nus, secp_nas)) { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 177 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed"); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 178 | } |
| 179 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 180 | } |
| 181 | case ('0001'B) { /* IP only */ |
Pau Espin Pedrol | acb5b8f | 2023-12-15 19:09:42 +0100 | [diff] [blame] | 182 | nus.rx_count := nus.rx_count + 1; |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 183 | if (not f_nas_check_ip(nus, secp_nas)) { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 184 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed"); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 185 | } |
| 186 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 187 | } |
| 188 | case ('0010'B) { /* IP + ciphered */ |
Pau Espin Pedrol | acb5b8f | 2023-12-15 19:09:42 +0100 | [diff] [blame] | 189 | nus.rx_count := nus.rx_count + 1; |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 190 | if (not f_nas_check_ip(nus, secp_nas)) { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 191 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed"); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 192 | } |
| 193 | f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0, |
| 194 | f_rx_is_downlink(nus), secp_nas.nAS_Message); |
| 195 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 196 | } |
| 197 | case ('0100'B) { /* IP + ciphered; new EPS security context */ |
| 198 | nus.rx_count := 0; |
| 199 | if (not f_nas_check_ip(nus, secp_nas)) { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 200 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed"); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 201 | } |
| 202 | f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0, |
| 203 | f_rx_is_downlink(nus), secp_nas.nAS_Message); |
| 204 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 205 | } |
| 206 | //case ('0101'B) { /* IP + partially ciphered */ } |
| 207 | //case ('1100'B) { /* Service Request Message */ } |
| 208 | case else { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 209 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Implement SecHdrType for ", secp_nas)); |
| 210 | mtc.stop; /* make compiler happy about not returning. */ |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 211 | } |
| 212 | } |
| 213 | } |
| 214 | |
| 215 | private function f_nas_determine_sec_hdr_t(boolean encrypt, boolean authenticate, boolean new_ctx) |
| 216 | return BIT4 |
| 217 | { |
| 218 | if (encrypt == false and authenticate == false and new_ctx == false) { |
| 219 | return '0000'B; |
| 220 | } else if (encrypt == false and authenticate == true and new_ctx == false) { |
| 221 | return '0001'B; |
| 222 | } else if (encrypt == false and authenticate == true and new_ctx == true) { |
| 223 | return '0011'B; |
| 224 | } else if (encrypt == true and authenticate == true and new_ctx == true) { |
| 225 | return '0100'B; |
| 226 | } else if (encrypt == true and authenticate == true and new_ctx == false) { |
| 227 | return '0010'B; |
| 228 | } else { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 229 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "Invalid sec_hdr conditions"); |
| 230 | return '0000'B; /* never reached, make compiler happy */ |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 231 | } |
| 232 | } |
| 233 | |
| 234 | /* encapsulate a NAS message (encrypt, MAC) */ |
| 235 | function f_nas_encaps(inout NAS_UE_State nus, PDU_NAS_EPS nas_in, boolean new_ctx := false) |
| 236 | return PDU_NAS_EPS |
| 237 | { |
| 238 | var boolean encrypt := false; |
| 239 | var boolean authenticate := false; |
| 240 | if (nus.alg_int != NAS_ALG_IP_EIA0) { |
| 241 | authenticate := true; |
| 242 | } |
| 243 | if (nus.alg_enc != NAS_ALG_ENC_EEA0) { |
| 244 | encrypt := true; |
| 245 | } |
| 246 | |
| 247 | if (encrypt == false and authenticate == false) { |
| 248 | return nas_in; |
| 249 | } |
| 250 | |
| 251 | if (new_ctx) { |
| 252 | nus.tx_count := 0; |
| 253 | } |
| 254 | |
| 255 | var BIT4 sec_hdr_t := f_nas_determine_sec_hdr_t(encrypt, authenticate, new_ctx); |
| 256 | var octetstring nas_enc := enc_PDU_NAS_EPS(nas_in); |
| 257 | if (encrypt) { |
| 258 | f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.tx_count, 0, |
| 259 | f_tx_is_downlink(nus), nas_enc); |
| 260 | } |
| 261 | var PDU_NAS_EPS nas_out; |
| 262 | nas_out := valueof(ts_NAS_EMM_SecurityProtected(sec_hdr_t, nus.tx_count, nas_enc)); |
| 263 | if (authenticate) { |
| 264 | var OCT4 mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.tx_count, 0, |
| 265 | f_tx_is_downlink(nus), '00'O & nas_enc); |
| 266 | nas_out.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage.messageAuthenticationCode := mac; |
| 267 | } |
| 268 | return nas_out; |
| 269 | } |
| 270 | |
| 271 | } // namespace |