Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-ttcn3-hacks / 64043d8bae1831b568c02b42df6aca60f5383e48 / . / mme / LTE_CryptoFunctions.ttcn
blob: 687caabe3f183167655b9a025090ce769b9cd7c1 [file] [log] [blame]
Harald Weltec918e4e2019-07-12 18:53:55 +0800[diff] [blame]1/* Utility functions from ogslib imported to TTCN-3
2 *
3 * (C) 2019 Harald Welte <laforge@gnumonks.org>
4 * All rights reserved.
5 *
6 * Released under the terms of GNU General Public License, Version 2 or
7 * (at your option) any later version.
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12module LTE_CryptoFunctions {
13
14import from General_Types all;
15
16import from S1AP_Types all;
17import from S1AP_PDU_Descriptions all;
18
19import from NAS_EPS_Types all;
20import from NAS_Templates all;
21
22/*********************************************************************************
23 * low-level API (external C/C++ code)
24 *********************************************************************************/
25
26external function f_snow_3g_f8(in OCT16 key, in integer count, in integer bearer,
27 in boolean is_downlink, in octetstring data) return octetstring;
28
29external function f_snow_3g_f9(in OCT16 key, in integer count, in integer fresh,
30 in boolean is_downlink, in octetstring data) return OCT4;
31
32external function f_kdf_kasme(in OCT16 ck, in OCT16 ik, in OCT3 plmn_id,
33 in OCT6 sqn, in OCT6 ak) return OCT32;
34
35external function f_kdf_nas_int(in integer alg_id, in OCT32 kasme) return OCT32;
36external function f_kdf_nas_enc(in integer alg_id, in OCT32 kasme) return OCT32;
37
38external function f_kdf_enb(in OCT16 kasme, in integer ul_count) return OCT32;
39
40external function f_kdf_nh(in OCT16 kasme, in OCT32 sync_inp) return OCT32;
41
42/*********************************************************************************
43 * mid-level API
44 *********************************************************************************/
45
46function f_nas_mac_calc(NAS_ALG_INT alg, octetstring k_nas_int, integer seq_nr,
47 integer bearer, boolean is_downlink, octetstring data) return OCT4 {
48 select (alg) {
49 case (NAS_ALG_IP_EIA0) {
50 return '00000000'O;
51 }
52 case (NAS_ALG_IP_EIA1) {
53 return f_snow_3g_f9(k_nas_int, seq_nr, bearer, is_downlink, data);
54 }
55 case else {
56 setverdict(fail, "Unsupported EIA: ", alg);
57 mtc.stop;
58 }
59 }
60}
61
62function f_nas_encrypt(NAS_ALG_ENC alg, octetstring k_nas_enc, integer count,
63 integer bearer, boolean is_downlink, inout octetstring data) {
64 select (alg) {
65 case (NAS_ALG_ENC_EEA0) { }
66 case (NAS_ALG_ENC_EEA1) {
67 f_snow_3g_f8(k_nas_enc, count, bearer, is_downlink, data);
68 }
69 case else {
70 setverdict(fail, "Unsupported EEA: ", alg);
71 mtc.stop;
72 }
73 }
74}
75
76
77/*********************************************************************************
78 * high-level API (full NAS encapsulation/decapsulation)
79 *********************************************************************************/
80
81type record NAS_UE_State {
82 NAS_Role role, /* ATS implements UE or MME role? */
83
84 NAS_ALG_INT alg_int, /* NAS Integrity Protection Algorithm */
85 octetstring k_nas_int, /* NAS Integrity Protection Key */
86 NAS_ALG_ENC alg_enc, /* NAS Encryption Algorithm */
87 octetstring k_nas_enc, /* NAS Encryption Key */
88 integer rx_count, /* frame counter (ATS rx side) */
89 integer tx_count /* frame counter (ATS tx side) */
90};
91
92template (value) NAS_UE_State t_NAS_UE_State(NAS_Role role) := {
93 role := role,
94 alg_int := NAS_ALG_IP_EIA0,
95 k_nas_int := ''O,
96 alg_enc := NAS_ALG_ENC_EEA0,
97 k_nas_enc := ''O,
98 rx_count := 0,
99 tx_count := 0
100};
101
102type enumerated NAS_Role {
103 NAS_ROLE_UE, /* ATS implements/emulates UE */
104 NAS_ROLE_MME /* ATS implements/emulates MME */
105};
106type enumerated NAS_ALG_INT {
107 NAS_ALG_IP_EIA0, /* no integrity protection */
108 NAS_ALG_IP_EIA1, /* SNOW-3G F9 based */
109 NAS_ALG_IP_EIA2, /* AES based */
110 NAS_ALG_IP_EIA3 /* ZUC */
111};
112type enumerated NAS_ALG_ENC {
113 NAS_ALG_ENC_EEA0, /* no encryption */
114 NAS_ALG_ENC_EEA1, /* SNOW-3G F8 based */
115 NAS_ALG_ENC_EEA2, /* AES based */
116 NAS_ALG_ENC_EEA3 /* ZUC */
117};
118
119/* port between individual per-connection components and this translator */
120type port S1AP_NAS_Conn_PT message {
121 inout S1AP_PDU, PDU_NAS_EPS;
122} with { extension "internal" };
123
124/* determine if a received (from the IUT) message is downlink or not */
125private function f_rx_is_downlink(in NAS_UE_State nus) return boolean
126{
127 if (nus.role == NAS_ROLE_UE) {
128 return true;
129 } else {
130 return false;
131 }
132}
133
134/* determine if a message transmitted to the IUT message is downlink or not */
135private function f_tx_is_downlink(in NAS_UE_State nus) return boolean
136{
137 return not f_rx_is_downlink(nus);
138}
139
140private function f_nas_check_ip(inout NAS_UE_State nus,
141 in PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas) return boolean
142{
143 var octetstring data_with_seq := int2oct(secp_nas.sequenceNumber, 1) & secp_nas.nAS_Message;
144 var OCT4 exp_mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.rx_count, 0,
145 f_rx_is_downlink(nus), data_with_seq);
146 if (exp_mac != secp_nas.messageAuthenticationCode) {
147 setverdict(fail, "Received NAS MAC ", secp_nas.messageAuthenticationCode,
148 " doesn't match expected MAC ", exp_mac, ": ", secp_nas);
149 return false;
150 }
151 return true;
152}
153
154/* try to decapsulate (MAC verify, decrypt) NAS message */
155function f_nas_try_decaps(inout NAS_UE_State nus, PDU_NAS_EPS nas) return PDU_NAS_EPS
156{
157 var PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas;
158
159 /* transparently pass through any non-protected NAS */
160 if (not match(nas, tr_NAS_EMM_SecurityProtected)) {
161 return nas;
162 }
163
164 /* process any security-protected NAS */
165 secp_nas := nas.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage;
166 select (secp_nas.securityHeaderType) {
167 case ('0011'B) { /* IP with new EPS security context */
168 nus.rx_count := 0;
169 nus.alg_int := NAS_ALG_IP_EIA1; /* FIXME: from decoded inner message! */
170 if (not f_nas_check_ip(nus, secp_nas)) {
171 mtc.stop;
172 }
173 return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
174 }
175 case ('0001'B) { /* IP only */
176 if (not f_nas_check_ip(nus, secp_nas)) {
177 mtc.stop;
178 }
179 return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
180 }
181 case ('0010'B) { /* IP + ciphered */
182 if (not f_nas_check_ip(nus, secp_nas)) {
183 mtc.stop;
184 }
185 f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0,
186 f_rx_is_downlink(nus), secp_nas.nAS_Message);
187 return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
188 }
189 case ('0100'B) { /* IP + ciphered; new EPS security context */
190 nus.rx_count := 0;
191 if (not f_nas_check_ip(nus, secp_nas)) {
192 mtc.stop;
193 }
194 f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0,
195 f_rx_is_downlink(nus), secp_nas.nAS_Message);
196 return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
197 }
198 //case ('0101'B) { /* IP + partially ciphered */ }
199 //case ('1100'B) { /* Service Request Message */ }
200 case else {
201 setverdict(fail, "Implement SecHdrType for ", secp_nas);
202 mtc.stop;
203 }
204 }
205}
206
207private function f_nas_determine_sec_hdr_t(boolean encrypt, boolean authenticate, boolean new_ctx)
208return BIT4
209{
210 if (encrypt == false and authenticate == false and new_ctx == false) {
211 return '0000'B;
212 } else if (encrypt == false and authenticate == true and new_ctx == false) {
213 return '0001'B;
214 } else if (encrypt == false and authenticate == true and new_ctx == true) {
215 return '0011'B;
216 } else if (encrypt == true and authenticate == true and new_ctx == true) {
217 return '0100'B;
218 } else if (encrypt == true and authenticate == true and new_ctx == false) {
219 return '0010'B;
220 } else {
221 setverdict(fail, "invalid sec_hdr conditions");
222 mtc.stop;
223 }
224}
225
226/* encapsulate a NAS message (encrypt, MAC) */
227function f_nas_encaps(inout NAS_UE_State nus, PDU_NAS_EPS nas_in, boolean new_ctx := false)
228return PDU_NAS_EPS
229{
230 var boolean encrypt := false;
231 var boolean authenticate := false;
232 if (nus.alg_int != NAS_ALG_IP_EIA0) {
233 authenticate := true;
234 }
235 if (nus.alg_enc != NAS_ALG_ENC_EEA0) {
236 encrypt := true;
237 }
238
239 if (encrypt == false and authenticate == false) {
240 return nas_in;
241 }
242
243 if (new_ctx) {
244 nus.tx_count := 0;
245 }
246
247 var BIT4 sec_hdr_t := f_nas_determine_sec_hdr_t(encrypt, authenticate, new_ctx);
248 var octetstring nas_enc := enc_PDU_NAS_EPS(nas_in);
249 if (encrypt) {
250 f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.tx_count, 0,
251 f_tx_is_downlink(nus), nas_enc);
252 }
253 var PDU_NAS_EPS nas_out;
254 nas_out := valueof(ts_NAS_EMM_SecurityProtected(sec_hdr_t, nus.tx_count, nas_enc));
255 if (authenticate) {
256 var OCT4 mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.tx_count, 0,
257 f_tx_is_downlink(nus), '00'O & nas_enc);
258 nas_out.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage.messageAuthenticationCode := mac;
259 }
260 return nas_out;
261}
262
263} // namespace