Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 1 | /* Utility functions from ogslib imported to TTCN-3 |
| 2 | * |
| 3 | * (C) 2019 Harald Welte <laforge@gnumonks.org> |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Released under the terms of GNU General Public License, Version 2 or |
| 7 | * (at your option) any later version. |
| 8 | * |
| 9 | * SPDX-License-Identifier: GPL-2.0-or-later |
| 10 | */ |
| 11 | |
| 12 | module LTE_CryptoFunctions { |
| 13 | |
| 14 | import from General_Types all; |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 15 | import from Misc_Helpers all; |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 16 | |
| 17 | import from S1AP_Types all; |
| 18 | import from S1AP_PDU_Descriptions all; |
| 19 | |
| 20 | import from NAS_EPS_Types all; |
| 21 | import from NAS_Templates all; |
| 22 | |
| 23 | /********************************************************************************* |
| 24 | * low-level API (external C/C++ code) |
| 25 | *********************************************************************************/ |
| 26 | |
| 27 | external function f_snow_3g_f8(in OCT16 key, in integer count, in integer bearer, |
| 28 | in boolean is_downlink, in octetstring data) return octetstring; |
| 29 | |
| 30 | external function f_snow_3g_f9(in OCT16 key, in integer count, in integer fresh, |
| 31 | in boolean is_downlink, in octetstring data) return OCT4; |
| 32 | |
| 33 | external function f_kdf_kasme(in OCT16 ck, in OCT16 ik, in OCT3 plmn_id, |
| 34 | in OCT6 sqn, in OCT6 ak) return OCT32; |
| 35 | |
| 36 | external function f_kdf_nas_int(in integer alg_id, in OCT32 kasme) return OCT32; |
| 37 | external function f_kdf_nas_enc(in integer alg_id, in OCT32 kasme) return OCT32; |
| 38 | |
| 39 | external function f_kdf_enb(in OCT16 kasme, in integer ul_count) return OCT32; |
| 40 | |
| 41 | external function f_kdf_nh(in OCT16 kasme, in OCT32 sync_inp) return OCT32; |
| 42 | |
Pau Espin Pedrol | 3be4d92 | 2024-01-15 15:21:57 +0100 | [diff] [blame] | 43 | external function f_kdf_nas_token(in OCT16 kasme, in integer ul_count) return OCT32; |
| 44 | |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 45 | /********************************************************************************* |
| 46 | * mid-level API |
| 47 | *********************************************************************************/ |
| 48 | |
| 49 | function f_nas_mac_calc(NAS_ALG_INT alg, octetstring k_nas_int, integer seq_nr, |
| 50 | integer bearer, boolean is_downlink, octetstring data) return OCT4 { |
| 51 | select (alg) { |
| 52 | case (NAS_ALG_IP_EIA0) { |
| 53 | return '00000000'O; |
| 54 | } |
| 55 | case (NAS_ALG_IP_EIA1) { |
| 56 | return f_snow_3g_f9(k_nas_int, seq_nr, bearer, is_downlink, data); |
| 57 | } |
| 58 | case else { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 59 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unsupported EIA: ", alg)); |
| 60 | return '00000000'O; /* never reached */ |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 61 | } |
| 62 | } |
| 63 | } |
| 64 | |
| 65 | function f_nas_encrypt(NAS_ALG_ENC alg, octetstring k_nas_enc, integer count, |
| 66 | integer bearer, boolean is_downlink, inout octetstring data) { |
| 67 | select (alg) { |
| 68 | case (NAS_ALG_ENC_EEA0) { } |
| 69 | case (NAS_ALG_ENC_EEA1) { |
| 70 | f_snow_3g_f8(k_nas_enc, count, bearer, is_downlink, data); |
| 71 | } |
| 72 | case else { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 73 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unsupported EEA: ", alg)); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 74 | } |
| 75 | } |
| 76 | } |
| 77 | |
| 78 | |
| 79 | /********************************************************************************* |
| 80 | * high-level API (full NAS encapsulation/decapsulation) |
| 81 | *********************************************************************************/ |
| 82 | |
| 83 | type record NAS_UE_State { |
| 84 | NAS_Role role, /* ATS implements UE or MME role? */ |
| 85 | |
| 86 | NAS_ALG_INT alg_int, /* NAS Integrity Protection Algorithm */ |
| 87 | octetstring k_nas_int, /* NAS Integrity Protection Key */ |
| 88 | NAS_ALG_ENC alg_enc, /* NAS Encryption Algorithm */ |
| 89 | octetstring k_nas_enc, /* NAS Encryption Key */ |
| 90 | integer rx_count, /* frame counter (ATS rx side) */ |
| 91 | integer tx_count /* frame counter (ATS tx side) */ |
| 92 | }; |
| 93 | |
| 94 | template (value) NAS_UE_State t_NAS_UE_State(NAS_Role role) := { |
| 95 | role := role, |
| 96 | alg_int := NAS_ALG_IP_EIA0, |
| 97 | k_nas_int := ''O, |
| 98 | alg_enc := NAS_ALG_ENC_EEA0, |
| 99 | k_nas_enc := ''O, |
| 100 | rx_count := 0, |
| 101 | tx_count := 0 |
| 102 | }; |
| 103 | |
| 104 | type enumerated NAS_Role { |
| 105 | NAS_ROLE_UE, /* ATS implements/emulates UE */ |
| 106 | NAS_ROLE_MME /* ATS implements/emulates MME */ |
| 107 | }; |
| 108 | type enumerated NAS_ALG_INT { |
| 109 | NAS_ALG_IP_EIA0, /* no integrity protection */ |
| 110 | NAS_ALG_IP_EIA1, /* SNOW-3G F9 based */ |
| 111 | NAS_ALG_IP_EIA2, /* AES based */ |
| 112 | NAS_ALG_IP_EIA3 /* ZUC */ |
| 113 | }; |
| 114 | type enumerated NAS_ALG_ENC { |
| 115 | NAS_ALG_ENC_EEA0, /* no encryption */ |
| 116 | NAS_ALG_ENC_EEA1, /* SNOW-3G F8 based */ |
| 117 | NAS_ALG_ENC_EEA2, /* AES based */ |
| 118 | NAS_ALG_ENC_EEA3 /* ZUC */ |
| 119 | }; |
| 120 | |
| 121 | /* port between individual per-connection components and this translator */ |
| 122 | type port S1AP_NAS_Conn_PT message { |
| 123 | inout S1AP_PDU, PDU_NAS_EPS; |
| 124 | } with { extension "internal" }; |
| 125 | |
| 126 | /* determine if a received (from the IUT) message is downlink or not */ |
| 127 | private function f_rx_is_downlink(in NAS_UE_State nus) return boolean |
| 128 | { |
| 129 | if (nus.role == NAS_ROLE_UE) { |
| 130 | return true; |
| 131 | } else { |
| 132 | return false; |
| 133 | } |
| 134 | } |
| 135 | |
| 136 | /* determine if a message transmitted to the IUT message is downlink or not */ |
| 137 | private function f_tx_is_downlink(in NAS_UE_State nus) return boolean |
| 138 | { |
| 139 | return not f_rx_is_downlink(nus); |
| 140 | } |
| 141 | |
| 142 | private function f_nas_check_ip(inout NAS_UE_State nus, |
| 143 | in PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas) return boolean |
| 144 | { |
| 145 | var octetstring data_with_seq := int2oct(secp_nas.sequenceNumber, 1) & secp_nas.nAS_Message; |
| 146 | var OCT4 exp_mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.rx_count, 0, |
| 147 | f_rx_is_downlink(nus), data_with_seq); |
Pau Espin Pedrol | acb5b8f | 2023-12-15 19:09:42 +0100 | [diff] [blame] | 148 | |
| 149 | if (nus.rx_count != secp_nas.sequenceNumber) { |
| 150 | setverdict(fail, "Received NAS SeqNr ", secp_nas.sequenceNumber, |
| 151 | " doesn't match expected SeqNr ", nus.rx_count, ": ", secp_nas, " | nus: ", nus); |
| 152 | return false; |
| 153 | } |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 154 | if (exp_mac != secp_nas.messageAuthenticationCode) { |
| 155 | setverdict(fail, "Received NAS MAC ", secp_nas.messageAuthenticationCode, |
Pau Espin Pedrol | 9ad1980 | 2023-12-14 18:11:31 +0100 | [diff] [blame] | 156 | " doesn't match expected MAC ", exp_mac, ": ", secp_nas, " | nus: ", nus); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 157 | return false; |
| 158 | } |
| 159 | return true; |
| 160 | } |
| 161 | |
| 162 | /* try to decapsulate (MAC verify, decrypt) NAS message */ |
| 163 | function f_nas_try_decaps(inout NAS_UE_State nus, PDU_NAS_EPS nas) return PDU_NAS_EPS |
| 164 | { |
| 165 | var PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas; |
| 166 | |
| 167 | /* transparently pass through any non-protected NAS */ |
| 168 | if (not match(nas, tr_NAS_EMM_SecurityProtected)) { |
| 169 | return nas; |
| 170 | } |
| 171 | |
| 172 | /* process any security-protected NAS */ |
| 173 | secp_nas := nas.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage; |
| 174 | select (secp_nas.securityHeaderType) { |
| 175 | case ('0011'B) { /* IP with new EPS security context */ |
| 176 | nus.rx_count := 0; |
| 177 | nus.alg_int := NAS_ALG_IP_EIA1; /* FIXME: from decoded inner message! */ |
| 178 | if (not f_nas_check_ip(nus, secp_nas)) { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 179 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed"); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 180 | } |
Pau Espin Pedrol | 41f4d90 | 2024-01-08 19:37:54 +0100 | [diff] [blame] | 181 | nus.rx_count := nus.rx_count + 1; |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 182 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 183 | } |
| 184 | case ('0001'B) { /* IP only */ |
| 185 | if (not f_nas_check_ip(nus, secp_nas)) { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 186 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed"); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 187 | } |
Pau Espin Pedrol | 41f4d90 | 2024-01-08 19:37:54 +0100 | [diff] [blame] | 188 | nus.rx_count := nus.rx_count + 1; |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 189 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 190 | } |
| 191 | case ('0010'B) { /* IP + ciphered */ |
| 192 | if (not f_nas_check_ip(nus, secp_nas)) { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 193 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed"); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 194 | } |
Pau Espin Pedrol | 41f4d90 | 2024-01-08 19:37:54 +0100 | [diff] [blame] | 195 | nus.rx_count := nus.rx_count + 1; |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 196 | f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0, |
| 197 | f_rx_is_downlink(nus), secp_nas.nAS_Message); |
| 198 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 199 | } |
| 200 | case ('0100'B) { /* IP + ciphered; new EPS security context */ |
| 201 | nus.rx_count := 0; |
| 202 | if (not f_nas_check_ip(nus, secp_nas)) { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 203 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed"); |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 204 | } |
| 205 | f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0, |
| 206 | f_rx_is_downlink(nus), secp_nas.nAS_Message); |
Pau Espin Pedrol | 41f4d90 | 2024-01-08 19:37:54 +0100 | [diff] [blame] | 207 | nus.rx_count := nus.rx_count + 1; |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 208 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 209 | } |
| 210 | //case ('0101'B) { /* IP + partially ciphered */ } |
| 211 | //case ('1100'B) { /* Service Request Message */ } |
| 212 | case else { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 213 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Implement SecHdrType for ", secp_nas)); |
| 214 | mtc.stop; /* make compiler happy about not returning. */ |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 215 | } |
| 216 | } |
| 217 | } |
| 218 | |
| 219 | private function f_nas_determine_sec_hdr_t(boolean encrypt, boolean authenticate, boolean new_ctx) |
| 220 | return BIT4 |
| 221 | { |
| 222 | if (encrypt == false and authenticate == false and new_ctx == false) { |
| 223 | return '0000'B; |
| 224 | } else if (encrypt == false and authenticate == true and new_ctx == false) { |
| 225 | return '0001'B; |
| 226 | } else if (encrypt == false and authenticate == true and new_ctx == true) { |
| 227 | return '0011'B; |
| 228 | } else if (encrypt == true and authenticate == true and new_ctx == true) { |
| 229 | return '0100'B; |
| 230 | } else if (encrypt == true and authenticate == true and new_ctx == false) { |
| 231 | return '0010'B; |
| 232 | } else { |
Pau Espin Pedrol | 4976217 | 2023-12-14 18:03:27 +0100 | [diff] [blame] | 233 | Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "Invalid sec_hdr conditions"); |
| 234 | return '0000'B; /* never reached, make compiler happy */ |
Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 235 | } |
| 236 | } |
| 237 | |
| 238 | /* encapsulate a NAS message (encrypt, MAC) */ |
| 239 | function f_nas_encaps(inout NAS_UE_State nus, PDU_NAS_EPS nas_in, boolean new_ctx := false) |
| 240 | return PDU_NAS_EPS |
| 241 | { |
| 242 | var boolean encrypt := false; |
| 243 | var boolean authenticate := false; |
| 244 | if (nus.alg_int != NAS_ALG_IP_EIA0) { |
| 245 | authenticate := true; |
| 246 | } |
| 247 | if (nus.alg_enc != NAS_ALG_ENC_EEA0) { |
| 248 | encrypt := true; |
| 249 | } |
| 250 | |
| 251 | if (encrypt == false and authenticate == false) { |
| 252 | return nas_in; |
| 253 | } |
| 254 | |
| 255 | if (new_ctx) { |
| 256 | nus.tx_count := 0; |
| 257 | } |
| 258 | |
| 259 | var BIT4 sec_hdr_t := f_nas_determine_sec_hdr_t(encrypt, authenticate, new_ctx); |
| 260 | var octetstring nas_enc := enc_PDU_NAS_EPS(nas_in); |
| 261 | if (encrypt) { |
| 262 | f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.tx_count, 0, |
| 263 | f_tx_is_downlink(nus), nas_enc); |
| 264 | } |
| 265 | var PDU_NAS_EPS nas_out; |
| 266 | nas_out := valueof(ts_NAS_EMM_SecurityProtected(sec_hdr_t, nus.tx_count, nas_enc)); |
| 267 | if (authenticate) { |
| 268 | var OCT4 mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.tx_count, 0, |
| 269 | f_tx_is_downlink(nus), '00'O & nas_enc); |
| 270 | nas_out.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage.messageAuthenticationCode := mac; |
| 271 | } |
| 272 | return nas_out; |
| 273 | } |
| 274 | |
| 275 | } // namespace |