Harald Welte | c918e4e | 2019-07-12 18:53:55 +0800 | [diff] [blame] | 1 | /* Utility functions from ogslib imported to TTCN-3 |
| 2 | * |
| 3 | * (C) 2019 Harald Welte <laforge@gnumonks.org> |
| 4 | * All rights reserved. |
| 5 | * |
| 6 | * Released under the terms of GNU General Public License, Version 2 or |
| 7 | * (at your option) any later version. |
| 8 | * |
| 9 | * SPDX-License-Identifier: GPL-2.0-or-later |
| 10 | */ |
| 11 | |
| 12 | module LTE_CryptoFunctions { |
| 13 | |
| 14 | import from General_Types all; |
| 15 | |
| 16 | import from S1AP_Types all; |
| 17 | import from S1AP_PDU_Descriptions all; |
| 18 | |
| 19 | import from NAS_EPS_Types all; |
| 20 | import from NAS_Templates all; |
| 21 | |
| 22 | /********************************************************************************* |
| 23 | * low-level API (external C/C++ code) |
| 24 | *********************************************************************************/ |
| 25 | |
| 26 | external function f_snow_3g_f8(in OCT16 key, in integer count, in integer bearer, |
| 27 | in boolean is_downlink, in octetstring data) return octetstring; |
| 28 | |
| 29 | external function f_snow_3g_f9(in OCT16 key, in integer count, in integer fresh, |
| 30 | in boolean is_downlink, in octetstring data) return OCT4; |
| 31 | |
| 32 | external function f_kdf_kasme(in OCT16 ck, in OCT16 ik, in OCT3 plmn_id, |
| 33 | in OCT6 sqn, in OCT6 ak) return OCT32; |
| 34 | |
| 35 | external function f_kdf_nas_int(in integer alg_id, in OCT32 kasme) return OCT32; |
| 36 | external function f_kdf_nas_enc(in integer alg_id, in OCT32 kasme) return OCT32; |
| 37 | |
| 38 | external function f_kdf_enb(in OCT16 kasme, in integer ul_count) return OCT32; |
| 39 | |
| 40 | external function f_kdf_nh(in OCT16 kasme, in OCT32 sync_inp) return OCT32; |
| 41 | |
| 42 | /********************************************************************************* |
| 43 | * mid-level API |
| 44 | *********************************************************************************/ |
| 45 | |
| 46 | function f_nas_mac_calc(NAS_ALG_INT alg, octetstring k_nas_int, integer seq_nr, |
| 47 | integer bearer, boolean is_downlink, octetstring data) return OCT4 { |
| 48 | select (alg) { |
| 49 | case (NAS_ALG_IP_EIA0) { |
| 50 | return '00000000'O; |
| 51 | } |
| 52 | case (NAS_ALG_IP_EIA1) { |
| 53 | return f_snow_3g_f9(k_nas_int, seq_nr, bearer, is_downlink, data); |
| 54 | } |
| 55 | case else { |
| 56 | setverdict(fail, "Unsupported EIA: ", alg); |
| 57 | mtc.stop; |
| 58 | } |
| 59 | } |
| 60 | } |
| 61 | |
| 62 | function f_nas_encrypt(NAS_ALG_ENC alg, octetstring k_nas_enc, integer count, |
| 63 | integer bearer, boolean is_downlink, inout octetstring data) { |
| 64 | select (alg) { |
| 65 | case (NAS_ALG_ENC_EEA0) { } |
| 66 | case (NAS_ALG_ENC_EEA1) { |
| 67 | f_snow_3g_f8(k_nas_enc, count, bearer, is_downlink, data); |
| 68 | } |
| 69 | case else { |
| 70 | setverdict(fail, "Unsupported EEA: ", alg); |
| 71 | mtc.stop; |
| 72 | } |
| 73 | } |
| 74 | } |
| 75 | |
| 76 | |
| 77 | /********************************************************************************* |
| 78 | * high-level API (full NAS encapsulation/decapsulation) |
| 79 | *********************************************************************************/ |
| 80 | |
| 81 | type record NAS_UE_State { |
| 82 | NAS_Role role, /* ATS implements UE or MME role? */ |
| 83 | |
| 84 | NAS_ALG_INT alg_int, /* NAS Integrity Protection Algorithm */ |
| 85 | octetstring k_nas_int, /* NAS Integrity Protection Key */ |
| 86 | NAS_ALG_ENC alg_enc, /* NAS Encryption Algorithm */ |
| 87 | octetstring k_nas_enc, /* NAS Encryption Key */ |
| 88 | integer rx_count, /* frame counter (ATS rx side) */ |
| 89 | integer tx_count /* frame counter (ATS tx side) */ |
| 90 | }; |
| 91 | |
| 92 | template (value) NAS_UE_State t_NAS_UE_State(NAS_Role role) := { |
| 93 | role := role, |
| 94 | alg_int := NAS_ALG_IP_EIA0, |
| 95 | k_nas_int := ''O, |
| 96 | alg_enc := NAS_ALG_ENC_EEA0, |
| 97 | k_nas_enc := ''O, |
| 98 | rx_count := 0, |
| 99 | tx_count := 0 |
| 100 | }; |
| 101 | |
| 102 | type enumerated NAS_Role { |
| 103 | NAS_ROLE_UE, /* ATS implements/emulates UE */ |
| 104 | NAS_ROLE_MME /* ATS implements/emulates MME */ |
| 105 | }; |
| 106 | type enumerated NAS_ALG_INT { |
| 107 | NAS_ALG_IP_EIA0, /* no integrity protection */ |
| 108 | NAS_ALG_IP_EIA1, /* SNOW-3G F9 based */ |
| 109 | NAS_ALG_IP_EIA2, /* AES based */ |
| 110 | NAS_ALG_IP_EIA3 /* ZUC */ |
| 111 | }; |
| 112 | type enumerated NAS_ALG_ENC { |
| 113 | NAS_ALG_ENC_EEA0, /* no encryption */ |
| 114 | NAS_ALG_ENC_EEA1, /* SNOW-3G F8 based */ |
| 115 | NAS_ALG_ENC_EEA2, /* AES based */ |
| 116 | NAS_ALG_ENC_EEA3 /* ZUC */ |
| 117 | }; |
| 118 | |
| 119 | /* port between individual per-connection components and this translator */ |
| 120 | type port S1AP_NAS_Conn_PT message { |
| 121 | inout S1AP_PDU, PDU_NAS_EPS; |
| 122 | } with { extension "internal" }; |
| 123 | |
| 124 | /* determine if a received (from the IUT) message is downlink or not */ |
| 125 | private function f_rx_is_downlink(in NAS_UE_State nus) return boolean |
| 126 | { |
| 127 | if (nus.role == NAS_ROLE_UE) { |
| 128 | return true; |
| 129 | } else { |
| 130 | return false; |
| 131 | } |
| 132 | } |
| 133 | |
| 134 | /* determine if a message transmitted to the IUT message is downlink or not */ |
| 135 | private function f_tx_is_downlink(in NAS_UE_State nus) return boolean |
| 136 | { |
| 137 | return not f_rx_is_downlink(nus); |
| 138 | } |
| 139 | |
| 140 | private function f_nas_check_ip(inout NAS_UE_State nus, |
| 141 | in PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas) return boolean |
| 142 | { |
| 143 | var octetstring data_with_seq := int2oct(secp_nas.sequenceNumber, 1) & secp_nas.nAS_Message; |
| 144 | var OCT4 exp_mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.rx_count, 0, |
| 145 | f_rx_is_downlink(nus), data_with_seq); |
| 146 | if (exp_mac != secp_nas.messageAuthenticationCode) { |
| 147 | setverdict(fail, "Received NAS MAC ", secp_nas.messageAuthenticationCode, |
| 148 | " doesn't match expected MAC ", exp_mac, ": ", secp_nas); |
| 149 | return false; |
| 150 | } |
| 151 | return true; |
| 152 | } |
| 153 | |
| 154 | /* try to decapsulate (MAC verify, decrypt) NAS message */ |
| 155 | function f_nas_try_decaps(inout NAS_UE_State nus, PDU_NAS_EPS nas) return PDU_NAS_EPS |
| 156 | { |
| 157 | var PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas; |
| 158 | |
| 159 | /* transparently pass through any non-protected NAS */ |
| 160 | if (not match(nas, tr_NAS_EMM_SecurityProtected)) { |
| 161 | return nas; |
| 162 | } |
| 163 | |
| 164 | /* process any security-protected NAS */ |
| 165 | secp_nas := nas.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage; |
| 166 | select (secp_nas.securityHeaderType) { |
| 167 | case ('0011'B) { /* IP with new EPS security context */ |
| 168 | nus.rx_count := 0; |
| 169 | nus.alg_int := NAS_ALG_IP_EIA1; /* FIXME: from decoded inner message! */ |
| 170 | if (not f_nas_check_ip(nus, secp_nas)) { |
| 171 | mtc.stop; |
| 172 | } |
| 173 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 174 | } |
| 175 | case ('0001'B) { /* IP only */ |
| 176 | if (not f_nas_check_ip(nus, secp_nas)) { |
| 177 | mtc.stop; |
| 178 | } |
| 179 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 180 | } |
| 181 | case ('0010'B) { /* IP + ciphered */ |
| 182 | if (not f_nas_check_ip(nus, secp_nas)) { |
| 183 | mtc.stop; |
| 184 | } |
| 185 | f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0, |
| 186 | f_rx_is_downlink(nus), secp_nas.nAS_Message); |
| 187 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 188 | } |
| 189 | case ('0100'B) { /* IP + ciphered; new EPS security context */ |
| 190 | nus.rx_count := 0; |
| 191 | if (not f_nas_check_ip(nus, secp_nas)) { |
| 192 | mtc.stop; |
| 193 | } |
| 194 | f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0, |
| 195 | f_rx_is_downlink(nus), secp_nas.nAS_Message); |
| 196 | return dec_PDU_NAS_EPS(secp_nas.nAS_Message); |
| 197 | } |
| 198 | //case ('0101'B) { /* IP + partially ciphered */ } |
| 199 | //case ('1100'B) { /* Service Request Message */ } |
| 200 | case else { |
| 201 | setverdict(fail, "Implement SecHdrType for ", secp_nas); |
| 202 | mtc.stop; |
| 203 | } |
| 204 | } |
| 205 | } |
| 206 | |
| 207 | private function f_nas_determine_sec_hdr_t(boolean encrypt, boolean authenticate, boolean new_ctx) |
| 208 | return BIT4 |
| 209 | { |
| 210 | if (encrypt == false and authenticate == false and new_ctx == false) { |
| 211 | return '0000'B; |
| 212 | } else if (encrypt == false and authenticate == true and new_ctx == false) { |
| 213 | return '0001'B; |
| 214 | } else if (encrypt == false and authenticate == true and new_ctx == true) { |
| 215 | return '0011'B; |
| 216 | } else if (encrypt == true and authenticate == true and new_ctx == true) { |
| 217 | return '0100'B; |
| 218 | } else if (encrypt == true and authenticate == true and new_ctx == false) { |
| 219 | return '0010'B; |
| 220 | } else { |
| 221 | setverdict(fail, "invalid sec_hdr conditions"); |
| 222 | mtc.stop; |
| 223 | } |
| 224 | } |
| 225 | |
| 226 | /* encapsulate a NAS message (encrypt, MAC) */ |
| 227 | function f_nas_encaps(inout NAS_UE_State nus, PDU_NAS_EPS nas_in, boolean new_ctx := false) |
| 228 | return PDU_NAS_EPS |
| 229 | { |
| 230 | var boolean encrypt := false; |
| 231 | var boolean authenticate := false; |
| 232 | if (nus.alg_int != NAS_ALG_IP_EIA0) { |
| 233 | authenticate := true; |
| 234 | } |
| 235 | if (nus.alg_enc != NAS_ALG_ENC_EEA0) { |
| 236 | encrypt := true; |
| 237 | } |
| 238 | |
| 239 | if (encrypt == false and authenticate == false) { |
| 240 | return nas_in; |
| 241 | } |
| 242 | |
| 243 | if (new_ctx) { |
| 244 | nus.tx_count := 0; |
| 245 | } |
| 246 | |
| 247 | var BIT4 sec_hdr_t := f_nas_determine_sec_hdr_t(encrypt, authenticate, new_ctx); |
| 248 | var octetstring nas_enc := enc_PDU_NAS_EPS(nas_in); |
| 249 | if (encrypt) { |
| 250 | f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.tx_count, 0, |
| 251 | f_tx_is_downlink(nus), nas_enc); |
| 252 | } |
| 253 | var PDU_NAS_EPS nas_out; |
| 254 | nas_out := valueof(ts_NAS_EMM_SecurityProtected(sec_hdr_t, nus.tx_count, nas_enc)); |
| 255 | if (authenticate) { |
| 256 | var OCT4 mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.tx_count, 0, |
| 257 | f_tx_is_downlink(nus), '00'O & nas_enc); |
| 258 | nas_out.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage.messageAuthenticationCode := mac; |
| 259 | } |
| 260 | return nas_out; |
| 261 | } |
| 262 | |
| 263 | } // namespace |