Loading ccsrc/Externals/NG_security_ext.cc +0 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,6 @@ #include "base_time.hh" //#include "converter.hh" #include "loggers.hh" //#include "xml_converters.hh" //namespace NG__SecurityDefinitionsAndExternalFunctions { Loading etc/Ats_NG_NAS/AtsNGAP_AMF.cfg_ +5 −1 Original line number Diff line number Diff line Loading @@ -125,10 +125,14 @@ system.N2_gNBaMF_P.params := "NGAP/SCTP_FILE/IP_OFFLINE/ETH(mac_src=8c554ac1eee0 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_16_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_02 NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_03 ########NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_03 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_18_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_19_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_20_01 NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_21_01 NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_22_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_23_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_24_01 [GROUPS] # In this section you can specify groups of hosts. These groups can be used inside the Loading ttcn/Ats_NG_NAS/NG_NAS_TestCases.ttcn +268 −1 Original line number Diff line number Diff line Loading @@ -17,12 +17,17 @@ module NG_NAS_TestCases { // Lib3GPP import from CommonDefs all; // Lib3GPP/NAS import from NAS_CommonTypeDefs all; import from NAS_AuthenticationCommon all; // Lib3GPP/NG_NAS import from NG_NAS_SecurityFunctions all; // Lib3GPP/Common4G5G import from EUTRA_NR_SecurityFunctions all; // Lib_NG_NAS import from Lib_NG_NAS_Interface all; import from LIB_NG_NAS_Functions all; Loading Loading @@ -2391,6 +2396,268 @@ module NG_NAS_TestCases { } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_20_01 /** * @desc Verify that the KAMF derivation function is working correctly * @see ETSI TS 133 501 V16.18.0 (2024-04) Clause 5.11.1.1 Ciphering algorithm identifier values * @see ETSI TS 133 501 V16.18.0 (2024-04) Figure 6.2.2-2: Key distribution and key derivation scheme for 5G for the UE * @see ETSI TS 133 501 V16.18.0 (2024-04) A.8 Algorithm key derivation functions * @see https://cryptii.com/pipes/hmac */ testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_21_01() runs on gNB_NGNAS_NGAPComponent system TestAdapter { // From ETSI TS 135 207 V16.0.0 (2020-08) Clause 4.3 Test Set 1 var O16_Type v_K := '465b5ce8b199b49faa5f0a2ee238a6bc'O; // The long-term key: Subscriber key var B128_Type v_rand := oct2bit('23553cbe9637a89d218ae64dae47bf35'O); var O16_Type v_op := 'cdc202d5123e20f62b6d676ac72cb318'O; // Operator Variant Algorithm Configuration Field var B48_Type v_sqn_ak := oct2bit('ff9bb4d0b607'O); var B16_Type v_amf := oct2bit('b9b9'O); // AMF: Authentication Management Field var NAS_PlmnId v_PLMN := '00f110'O; // PLMN ID: 001-01 var hexstring v_NID := '000138'H; // NID: Network Identifier var charstring v_supi := "001014444333000"; f_set_op(v_op); var B64_Type v_mac_a; var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); stop; } var B64_Type v_xres; var B128_Type v_ck; var B128_Type v_ik; var B48_Type v_ak; v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); } var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand)); v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side v_auth_params.CK := v_ck; v_auth_params.IK := v_ik; v_auth_params.XRES := v_xres; v_auth_params.XRESLength := lengthof(v_xres); var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) A.2 KAUSF derivation function: Ks = CK || IK var B256_Type v_k_ausf := f_NG_Authentication_A2(v_auth_params, tsc_KDF_HMAC_SHA_256, v_Ks, v_PLMN, v_NID); var B256_Type v_k_seaf := f_NG_Authentication_A6(v_PLMN, v_k_ausf, tsc_KDF_HMAC_SHA_256, v_NID); var B256_Type v_k_amf := f_NG_Authentication_A7(v_supi, v_k_seaf, bit2oct(v_amf), tsc_KDF_HMAC_SHA_256) var B128_Type v_k_nas_enc := oct2bit('38254CAFDE124D5156041D8B640CD341'O); // KNASenc: NAS Cyphering Key var B128_Type v_k_nas_enc_computed := f_NG_Authentication_A8(tsc_NAS_Enc_Alg, '0010'B, //128-NEA2 128-bit AES based algorithm v_k_amf, tsc_KDF_HMAC_SHA_256) if (not(match(v_k_nas_enc_computed, v_k_nas_enc))) { log("*** " & __SCOPE__ & ": ERROR: 'v_k_nas_enc_computed' did not return the expected value. ***"); setverdict(fail); } else { log("*** " & __SCOPE__ & ": 'v_k_nas_enc_computed' returned the expected value ***"); } setverdict(pass) } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_21_01 /** * @desc Verify that the KAMF derivation function is working correctly * @see ETSI TS 133 501 V16.18.0 (2024-04) Clause 5.11.1.1 Ciphering algorithm identifier values * @see ETSI TS 133 501 V16.18.0 (2024-04) Figure 6.2.2-2: Key distribution and key derivation scheme for 5G for the UE * @see ETSI TS 133 501 V16.18.0 (2024-04) A.8 Algorithm key derivation functions * @see https://cryptii.com/pipes/hmac */ testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_22_01() runs on gNB_NGNAS_NGAPComponent system TestAdapter { // From ETSI TS 135 207 V16.0.0 (2020-08) Clause 4.3 Test Set 1 var O16_Type v_K := '465b5ce8b199b49faa5f0a2ee238a6bc'O; // The long-term key: Subscriber key var B128_Type v_rand := oct2bit('23553cbe9637a89d218ae64dae47bf35'O); var O16_Type v_op := 'cdc202d5123e20f62b6d676ac72cb318'O; // Operator Variant Algorithm Configuration Field var B48_Type v_sqn_ak := oct2bit('ff9bb4d0b607'O); var B16_Type v_amf := oct2bit('b9b9'O); // AMF: Authentication Management Field var NAS_PlmnId v_PLMN := '00f110'O; // PLMN ID: 001-01 var hexstring v_NID := '000138'H; // NID: Network Identifier var charstring v_supi := "001014444333000"; f_set_op(v_op); var B64_Type v_mac_a; var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); stop; } var B64_Type v_xres; var B128_Type v_ck; var B128_Type v_ik; var B48_Type v_ak; v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); } var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand)); v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side v_auth_params.CK := v_ck; v_auth_params.IK := v_ik; v_auth_params.XRES := v_xres; v_auth_params.XRESLength := lengthof(v_xres); var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) A.2 KAUSF derivation function: Ks = CK || IK var B256_Type v_k_ausf := f_NG_Authentication_A2(v_auth_params, tsc_KDF_HMAC_SHA_256, v_Ks, v_PLMN, v_NID); var B256_Type v_k_seaf := f_NG_Authentication_A6(v_PLMN, v_k_ausf, tsc_KDF_HMAC_SHA_256, v_NID); var B256_Type v_k_amf := f_NG_Authentication_A7(v_supi, v_k_seaf, bit2oct(v_amf), tsc_KDF_HMAC_SHA_256) var B128_Type v_k_nas_enc := oct2bit('94F7B2EC0D79F26D593C352328A92281'O); // KNASenc: NAS Cyphering Key var B128_Type v_k_nas_enc_computed := f_NG_Authentication_A8(tsc_NAS_Int_Alg, '0010'B, //128-NEA2 128-bit AES based algorithm v_k_amf, tsc_KDF_HMAC_SHA_256) if (not(match(v_k_nas_enc_computed, v_k_nas_enc))) { log("*** " & __SCOPE__ & ": ERROR: 'v_k_nas_enc_computed' did not return the expected value. ***"); setverdict(fail); } else { log("*** " & __SCOPE__ & ": 'v_k_nas_enc_computed' returned the expected value ***"); } setverdict(pass) } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_22_01 /** * @desc Verify that the KAMF derivation function is working correctly * @see ETSI TS 133 501 V16.18.0 (2024-04) Figure 6.2.2-2: Key distribution and key derivation scheme for 5G for the UE * @see ETSI TS 133 501 V16.18.0 (2024-04) A.17 SoR-MAC-IAUSF generation function * @see https://cryptii.com/pipes/hmac */ testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_23_01() runs on gNB_NGNAS_NGAPComponent system TestAdapter { // From ETSI TS 135 207 V16.0.0 (2020-08) Clause 4.3 Test Set 1 var O16_Type v_K := '465b5ce8b199b49faa5f0a2ee238a6bc'O; // The long-term key: Subscriber key var B128_Type v_rand := oct2bit('23553cbe9637a89d218ae64dae47bf35'O); var O16_Type v_op := 'cdc202d5123e20f62b6d676ac72cb318'O; // Operator Variant Algorithm Configuration Field var B48_Type v_sqn_ak := oct2bit('ff9bb4d0b607'O); var B16_Type v_amf := oct2bit('b9b9'O); // AMF: Authentication Management Field var NAS_PlmnId v_PLMN := '00f110'O; // PLMN ID: 001-01 var hexstring v_NID := '000138'H; // NID: Network Identifier var charstring v_supi := "001014444333000"; var O1_Type v_sor_header := '00'O; // FIXME Not sure about this value var O2_Type v_counter_sor := '0000'O; // FIXME Not sure about this value f_set_op(v_op); var B64_Type v_mac_a; var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); stop; } var B64_Type v_xres; var B128_Type v_ck; var B128_Type v_ik; var B48_Type v_ak; v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); } var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand)); v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side v_auth_params.CK := v_ck; v_auth_params.IK := v_ik; v_auth_params.XRES := v_xres; v_auth_params.XRESLength := lengthof(v_xres); var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) A.2 KAUSF derivation function: Ks = CK || IK var B256_Type v_k_ausf := f_NG_Authentication_A2(v_auth_params, tsc_KDF_HMAC_SHA_256, v_Ks, v_PLMN, v_NID); var B128_Type v_sor_mac_i_ausf := oct2bit('14FAA726B4F25EBFC0CC58877B42CDC8'O); // SoR-MAC-Iausf var B128_Type v_sor_mac_i_ausf_computed := f_NG_Authentication_A17(v_sor_header, v_k_ausf, v_counter_sor, -, tsc_KDF_HMAC_SHA_256) if (not(match(v_sor_mac_i_ausf_computed, v_sor_mac_i_ausf))) { log("*** " & __SCOPE__ & ": ERROR: 'v_sor_mac_i_ausf_computed' did not return the expected value. ***"); setverdict(fail); } else { log("*** " & __SCOPE__ & ": 'v_sor_mac_i_ausf_computed' returned the expected value ***"); } setverdict(pass) } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_23_01 /** * @desc Verify that the KAMF derivation function is working correctly * @see ETSI TS 133 501 V16.18.0 (2024-04) Figure 6.2.2-2: Key distribution and key derivation scheme for 5G for the UE * @see ETSI TS 133 501 V16.18.0 (2024-04) A.18 SoR-MAC-IUE generation function * @see https://cryptii.com/pipes/hmac */ testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_24_01() runs on gNB_NGNAS_NGAPComponent system TestAdapter { // From ETSI TS 135 207 V16.0.0 (2020-08) Clause 4.3 Test Set 1 var O16_Type v_K := '465b5ce8b199b49faa5f0a2ee238a6bc'O; // The long-term key: Subscriber key var B128_Type v_rand := oct2bit('23553cbe9637a89d218ae64dae47bf35'O); var O16_Type v_op := 'cdc202d5123e20f62b6d676ac72cb318'O; // Operator Variant Algorithm Configuration Field var B48_Type v_sqn_ak := oct2bit('ff9bb4d0b607'O); var B16_Type v_amf := oct2bit('b9b9'O); // AMF: Authentication Management Field var NAS_PlmnId v_PLMN := '00f110'O; // PLMN ID: 001-01 var hexstring v_NID := '000138'H; // NID: Network Identifier var charstring v_supi := "001014444333000"; var O2_Type v_counter := '0000'O; // FIXME Not sure about this value f_set_op(v_op); var B64_Type v_mac_a; var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); stop; } var B64_Type v_xres; var B128_Type v_ck; var B128_Type v_ik; var B48_Type v_ak; v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); } var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand)); v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side v_auth_params.CK := v_ck; v_auth_params.IK := v_ik; v_auth_params.XRES := v_xres; v_auth_params.XRESLength := lengthof(v_xres); var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) A.2 KAUSF derivation function: Ks = CK || IK var B256_Type v_k_ausf := f_NG_Authentication_A2(v_auth_params, tsc_KDF_HMAC_SHA_256, v_Ks, v_PLMN, v_NID); var B128_Type v_so_r_mac_iue := oct2bit('F38A33C13CF17CFDA4FCA7BDBEDB760A'O); // SoR-MAC-Iue var B128_Type v_so_r_mac_iue_computed := f_NG_Authentication_A18(v_k_ausf, v_counter, tsc_KDF_HMAC_SHA_256) log("v_so_r_mac_iue_computed=", v_so_r_mac_iue_computed); if (not(match(v_so_r_mac_iue_computed, v_so_r_mac_iue))) { log("*** " & __SCOPE__ & ": ERROR: 'v_so_r_mac_iue_computed' did not return the expected value. ***"); setverdict(fail); } else { log("*** " & __SCOPE__ & ": 'v_so_r_mac_iue_computed' returned the expected value ***"); } setverdict(pass) } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_24_01 } // End of group fiveG_AKA_Crypto_Functions }// End of module NG_NAS_TestCases ttcn/Lib3GPP/Common4G5G/EUTRA_NR_SecurityFunctions.ttcn +5 −0 Original line number Diff line number Diff line Loading @@ -153,14 +153,19 @@ module EUTRA_NR_SecurityFunctions { var octetstring v_S; // Generation of String v_S := const_S69_FC; log("f_NG_Authentication_A8 (1): v_S=", v_S); //FC = 0x69 v_S := ( v_S & int2oct ( p_AlgTypeDistg, 1 ) ); log("f_NG_Authentication_A8 (2): v_S=", v_S); //P0 = algorithm type distinguisher v_S := ( v_S & '0001'O ); log("f_NG_Authentication_A8 (3): v_S=", v_S); //L0 = length of algorithm type distinguisher (i.e. 0x00 0x01)) v_S := ( v_S & bit2oct ( p_Alg ) ); log("f_NG_Authentication_A8 (4): v_S=", v_S); //P1 = algorithm identity v_S := ( v_S & '0001'O ); log("f_NG_Authentication_A8 (5): v_S=", v_S); //L1 = length of algorithm identity (i.e. 0x00 0x01) return substr(fx_KeyDerivationFunction(p_KDF_Type, p_Key, v_S), 128, 128); Loading ttcn/Lib3GPP/NG_NAS/NG_NAS_SecurityFunctions.ttcn +18 −0 Original line number Diff line number Diff line Loading @@ -514,14 +514,19 @@ module NG_NAS_SecurityFunctions { // Generation of String v_S := const_S6D_FC; log("f_NG_Authentication_A7 (1): v_S=", v_S); //FC = 0x6D v_S := (v_S & v_P0); log("f_NG_Authentication_A7 (2): v_S=", v_S); //P0 = serving network ID v_S := (v_S & int2oct(lengthof(v_P0), 2)) ; log("f_NG_Authentication_A7 (3): v_S=", v_S); //L0 = length of SUPI v_S := (v_S & v_P1); log("f_NG_Authentication_A7 (4): v_S=", v_S); //P0 = serving network ID v_S := (v_S & int2oct(lengthof(v_P1), 2)) ; log("f_NG_Authentication_A7 (5): v_S=", v_S); //L1 = length of ABBA return fx_KeyDerivationFunction(p_KDF_Type, p_KSEAF, v_S); Loading Loading @@ -550,19 +555,27 @@ module NG_NAS_SecurityFunctions { // Generation of String v_S := const_S77_FC; log("f_NG_Authentication_A17 (1): v_S=", v_S); //FC = 0x77 v_S := (v_S & p_SoRHeader); log("f_NG_Authentication_A17 (2): v_S=", v_S); //P0 = SOR Header v_S := (v_S & '0001'O); log("f_NG_Authentication_A17 (3): v_S=", v_S); //L0 = length of SOR Header v_S := (v_S & p_Counter); log("f_NG_Authentication_A17 (4): v_S=", v_S); //P1 = Counter v_S := (v_S & '0002'O) ; log("f_NG_Authentication_A17 (5): v_S=", v_S); //L1 = length of Counter if (lengthof (p_PLMNandAccessTechnologyList) > 0) { //P2 & L2 are optional v_S := (v_S & p_PLMNandAccessTechnologyList); log("f_NG_Authentication_A17 (6-1): v_S=", v_S); v_S := (v_S & int2oct(lengthof(p_PLMNandAccessTechnologyList), 2)) ; log("f_NG_Authentication_A17 (6-2): v_S=", v_S); } log("f_NG_Authentication_A17 (7): v_S=", v_S); return substr(fx_KeyDerivationFunction(p_KDF_Type, p_KAUSF, v_S), 128, 128); // returns LSB 128 bits[truncated] of the key generated } Loading @@ -586,14 +599,19 @@ module NG_NAS_SecurityFunctions { // Generation of String v_S := const_S78_FC; log("f_NG_Authentication_A18 (1): v_S=", v_S); //FC = 0x78 v_S := (v_S & '01'O); log("f_NG_Authentication_A18 (2): v_S=", v_S); //P0 = SOR Ack v_S := (v_S & '0001'O); log("f_NG_Authentication_A18 (3): v_S=", v_S); //L0 = length of SOR Ack v_S := (v_S & p_Counter); log("f_NG_Authentication_A18 (4): v_S=", v_S); //P1 = Counter v_S := (v_S & '0002'O) ; log("f_NG_Authentication_A18 (5): v_S=", v_S); //L1 = length of Counter return substr(fx_KeyDerivationFunction(p_KDF_Type, p_KAUSF, v_S), 128, 128); Loading Loading
ccsrc/Externals/NG_security_ext.cc +0 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,6 @@ #include "base_time.hh" //#include "converter.hh" #include "loggers.hh" //#include "xml_converters.hh" //namespace NG__SecurityDefinitionsAndExternalFunctions { Loading
etc/Ats_NG_NAS/AtsNGAP_AMF.cfg_ +5 −1 Original line number Diff line number Diff line Loading @@ -125,10 +125,14 @@ system.N2_gNBaMF_P.params := "NGAP/SCTP_FILE/IP_OFFLINE/ETH(mac_src=8c554ac1eee0 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_16_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_02 NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_03 ########NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_03 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_18_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_19_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_20_01 NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_21_01 NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_22_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_23_01 #NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_24_01 [GROUPS] # In this section you can specify groups of hosts. These groups can be used inside the Loading
ttcn/Ats_NG_NAS/NG_NAS_TestCases.ttcn +268 −1 Original line number Diff line number Diff line Loading @@ -17,12 +17,17 @@ module NG_NAS_TestCases { // Lib3GPP import from CommonDefs all; // Lib3GPP/NAS import from NAS_CommonTypeDefs all; import from NAS_AuthenticationCommon all; // Lib3GPP/NG_NAS import from NG_NAS_SecurityFunctions all; // Lib3GPP/Common4G5G import from EUTRA_NR_SecurityFunctions all; // Lib_NG_NAS import from Lib_NG_NAS_Interface all; import from LIB_NG_NAS_Functions all; Loading Loading @@ -2391,6 +2396,268 @@ module NG_NAS_TestCases { } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_20_01 /** * @desc Verify that the KAMF derivation function is working correctly * @see ETSI TS 133 501 V16.18.0 (2024-04) Clause 5.11.1.1 Ciphering algorithm identifier values * @see ETSI TS 133 501 V16.18.0 (2024-04) Figure 6.2.2-2: Key distribution and key derivation scheme for 5G for the UE * @see ETSI TS 133 501 V16.18.0 (2024-04) A.8 Algorithm key derivation functions * @see https://cryptii.com/pipes/hmac */ testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_21_01() runs on gNB_NGNAS_NGAPComponent system TestAdapter { // From ETSI TS 135 207 V16.0.0 (2020-08) Clause 4.3 Test Set 1 var O16_Type v_K := '465b5ce8b199b49faa5f0a2ee238a6bc'O; // The long-term key: Subscriber key var B128_Type v_rand := oct2bit('23553cbe9637a89d218ae64dae47bf35'O); var O16_Type v_op := 'cdc202d5123e20f62b6d676ac72cb318'O; // Operator Variant Algorithm Configuration Field var B48_Type v_sqn_ak := oct2bit('ff9bb4d0b607'O); var B16_Type v_amf := oct2bit('b9b9'O); // AMF: Authentication Management Field var NAS_PlmnId v_PLMN := '00f110'O; // PLMN ID: 001-01 var hexstring v_NID := '000138'H; // NID: Network Identifier var charstring v_supi := "001014444333000"; f_set_op(v_op); var B64_Type v_mac_a; var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); stop; } var B64_Type v_xres; var B128_Type v_ck; var B128_Type v_ik; var B48_Type v_ak; v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); } var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand)); v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side v_auth_params.CK := v_ck; v_auth_params.IK := v_ik; v_auth_params.XRES := v_xres; v_auth_params.XRESLength := lengthof(v_xres); var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) A.2 KAUSF derivation function: Ks = CK || IK var B256_Type v_k_ausf := f_NG_Authentication_A2(v_auth_params, tsc_KDF_HMAC_SHA_256, v_Ks, v_PLMN, v_NID); var B256_Type v_k_seaf := f_NG_Authentication_A6(v_PLMN, v_k_ausf, tsc_KDF_HMAC_SHA_256, v_NID); var B256_Type v_k_amf := f_NG_Authentication_A7(v_supi, v_k_seaf, bit2oct(v_amf), tsc_KDF_HMAC_SHA_256) var B128_Type v_k_nas_enc := oct2bit('38254CAFDE124D5156041D8B640CD341'O); // KNASenc: NAS Cyphering Key var B128_Type v_k_nas_enc_computed := f_NG_Authentication_A8(tsc_NAS_Enc_Alg, '0010'B, //128-NEA2 128-bit AES based algorithm v_k_amf, tsc_KDF_HMAC_SHA_256) if (not(match(v_k_nas_enc_computed, v_k_nas_enc))) { log("*** " & __SCOPE__ & ": ERROR: 'v_k_nas_enc_computed' did not return the expected value. ***"); setverdict(fail); } else { log("*** " & __SCOPE__ & ": 'v_k_nas_enc_computed' returned the expected value ***"); } setverdict(pass) } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_21_01 /** * @desc Verify that the KAMF derivation function is working correctly * @see ETSI TS 133 501 V16.18.0 (2024-04) Clause 5.11.1.1 Ciphering algorithm identifier values * @see ETSI TS 133 501 V16.18.0 (2024-04) Figure 6.2.2-2: Key distribution and key derivation scheme for 5G for the UE * @see ETSI TS 133 501 V16.18.0 (2024-04) A.8 Algorithm key derivation functions * @see https://cryptii.com/pipes/hmac */ testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_22_01() runs on gNB_NGNAS_NGAPComponent system TestAdapter { // From ETSI TS 135 207 V16.0.0 (2020-08) Clause 4.3 Test Set 1 var O16_Type v_K := '465b5ce8b199b49faa5f0a2ee238a6bc'O; // The long-term key: Subscriber key var B128_Type v_rand := oct2bit('23553cbe9637a89d218ae64dae47bf35'O); var O16_Type v_op := 'cdc202d5123e20f62b6d676ac72cb318'O; // Operator Variant Algorithm Configuration Field var B48_Type v_sqn_ak := oct2bit('ff9bb4d0b607'O); var B16_Type v_amf := oct2bit('b9b9'O); // AMF: Authentication Management Field var NAS_PlmnId v_PLMN := '00f110'O; // PLMN ID: 001-01 var hexstring v_NID := '000138'H; // NID: Network Identifier var charstring v_supi := "001014444333000"; f_set_op(v_op); var B64_Type v_mac_a; var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); stop; } var B64_Type v_xres; var B128_Type v_ck; var B128_Type v_ik; var B48_Type v_ak; v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); } var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand)); v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side v_auth_params.CK := v_ck; v_auth_params.IK := v_ik; v_auth_params.XRES := v_xres; v_auth_params.XRESLength := lengthof(v_xres); var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) A.2 KAUSF derivation function: Ks = CK || IK var B256_Type v_k_ausf := f_NG_Authentication_A2(v_auth_params, tsc_KDF_HMAC_SHA_256, v_Ks, v_PLMN, v_NID); var B256_Type v_k_seaf := f_NG_Authentication_A6(v_PLMN, v_k_ausf, tsc_KDF_HMAC_SHA_256, v_NID); var B256_Type v_k_amf := f_NG_Authentication_A7(v_supi, v_k_seaf, bit2oct(v_amf), tsc_KDF_HMAC_SHA_256) var B128_Type v_k_nas_enc := oct2bit('94F7B2EC0D79F26D593C352328A92281'O); // KNASenc: NAS Cyphering Key var B128_Type v_k_nas_enc_computed := f_NG_Authentication_A8(tsc_NAS_Int_Alg, '0010'B, //128-NEA2 128-bit AES based algorithm v_k_amf, tsc_KDF_HMAC_SHA_256) if (not(match(v_k_nas_enc_computed, v_k_nas_enc))) { log("*** " & __SCOPE__ & ": ERROR: 'v_k_nas_enc_computed' did not return the expected value. ***"); setverdict(fail); } else { log("*** " & __SCOPE__ & ": 'v_k_nas_enc_computed' returned the expected value ***"); } setverdict(pass) } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_22_01 /** * @desc Verify that the KAMF derivation function is working correctly * @see ETSI TS 133 501 V16.18.0 (2024-04) Figure 6.2.2-2: Key distribution and key derivation scheme for 5G for the UE * @see ETSI TS 133 501 V16.18.0 (2024-04) A.17 SoR-MAC-IAUSF generation function * @see https://cryptii.com/pipes/hmac */ testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_23_01() runs on gNB_NGNAS_NGAPComponent system TestAdapter { // From ETSI TS 135 207 V16.0.0 (2020-08) Clause 4.3 Test Set 1 var O16_Type v_K := '465b5ce8b199b49faa5f0a2ee238a6bc'O; // The long-term key: Subscriber key var B128_Type v_rand := oct2bit('23553cbe9637a89d218ae64dae47bf35'O); var O16_Type v_op := 'cdc202d5123e20f62b6d676ac72cb318'O; // Operator Variant Algorithm Configuration Field var B48_Type v_sqn_ak := oct2bit('ff9bb4d0b607'O); var B16_Type v_amf := oct2bit('b9b9'O); // AMF: Authentication Management Field var NAS_PlmnId v_PLMN := '00f110'O; // PLMN ID: 001-01 var hexstring v_NID := '000138'H; // NID: Network Identifier var charstring v_supi := "001014444333000"; var O1_Type v_sor_header := '00'O; // FIXME Not sure about this value var O2_Type v_counter_sor := '0000'O; // FIXME Not sure about this value f_set_op(v_op); var B64_Type v_mac_a; var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); stop; } var B64_Type v_xres; var B128_Type v_ck; var B128_Type v_ik; var B48_Type v_ak; v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); } var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand)); v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side v_auth_params.CK := v_ck; v_auth_params.IK := v_ik; v_auth_params.XRES := v_xres; v_auth_params.XRESLength := lengthof(v_xres); var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) A.2 KAUSF derivation function: Ks = CK || IK var B256_Type v_k_ausf := f_NG_Authentication_A2(v_auth_params, tsc_KDF_HMAC_SHA_256, v_Ks, v_PLMN, v_NID); var B128_Type v_sor_mac_i_ausf := oct2bit('14FAA726B4F25EBFC0CC58877B42CDC8'O); // SoR-MAC-Iausf var B128_Type v_sor_mac_i_ausf_computed := f_NG_Authentication_A17(v_sor_header, v_k_ausf, v_counter_sor, -, tsc_KDF_HMAC_SHA_256) if (not(match(v_sor_mac_i_ausf_computed, v_sor_mac_i_ausf))) { log("*** " & __SCOPE__ & ": ERROR: 'v_sor_mac_i_ausf_computed' did not return the expected value. ***"); setverdict(fail); } else { log("*** " & __SCOPE__ & ": 'v_sor_mac_i_ausf_computed' returned the expected value ***"); } setverdict(pass) } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_23_01 /** * @desc Verify that the KAMF derivation function is working correctly * @see ETSI TS 133 501 V16.18.0 (2024-04) Figure 6.2.2-2: Key distribution and key derivation scheme for 5G for the UE * @see ETSI TS 133 501 V16.18.0 (2024-04) A.18 SoR-MAC-IUE generation function * @see https://cryptii.com/pipes/hmac */ testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_24_01() runs on gNB_NGNAS_NGAPComponent system TestAdapter { // From ETSI TS 135 207 V16.0.0 (2020-08) Clause 4.3 Test Set 1 var O16_Type v_K := '465b5ce8b199b49faa5f0a2ee238a6bc'O; // The long-term key: Subscriber key var B128_Type v_rand := oct2bit('23553cbe9637a89d218ae64dae47bf35'O); var O16_Type v_op := 'cdc202d5123e20f62b6d676ac72cb318'O; // Operator Variant Algorithm Configuration Field var B48_Type v_sqn_ak := oct2bit('ff9bb4d0b607'O); var B16_Type v_amf := oct2bit('b9b9'O); // AMF: Authentication Management Field var NAS_PlmnId v_PLMN := '00f110'O; // PLMN ID: 001-01 var hexstring v_NID := '000138'H; // NID: Network Identifier var charstring v_supi := "001014444333000"; var O2_Type v_counter := '0000'O; // FIXME Not sure about this value f_set_op(v_op); var B64_Type v_mac_a; var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); stop; } var B64_Type v_xres; var B128_Type v_ck; var B128_Type v_ik; var B48_Type v_ak; v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak); if (v_result != 0) { log("*** " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". ***"); setverdict(fail); } var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand)); v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side v_auth_params.CK := v_ck; v_auth_params.IK := v_ik; v_auth_params.XRES := v_xres; v_auth_params.XRESLength := lengthof(v_xres); var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) A.2 KAUSF derivation function: Ks = CK || IK var B256_Type v_k_ausf := f_NG_Authentication_A2(v_auth_params, tsc_KDF_HMAC_SHA_256, v_Ks, v_PLMN, v_NID); var B128_Type v_so_r_mac_iue := oct2bit('F38A33C13CF17CFDA4FCA7BDBEDB760A'O); // SoR-MAC-Iue var B128_Type v_so_r_mac_iue_computed := f_NG_Authentication_A18(v_k_ausf, v_counter, tsc_KDF_HMAC_SHA_256) log("v_so_r_mac_iue_computed=", v_so_r_mac_iue_computed); if (not(match(v_so_r_mac_iue_computed, v_so_r_mac_iue))) { log("*** " & __SCOPE__ & ": ERROR: 'v_so_r_mac_iue_computed' did not return the expected value. ***"); setverdict(fail); } else { log("*** " & __SCOPE__ & ": 'v_so_r_mac_iue_computed' returned the expected value ***"); } setverdict(pass) } // End of testcase TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_24_01 } // End of group fiveG_AKA_Crypto_Functions }// End of module NG_NAS_TestCases
ttcn/Lib3GPP/Common4G5G/EUTRA_NR_SecurityFunctions.ttcn +5 −0 Original line number Diff line number Diff line Loading @@ -153,14 +153,19 @@ module EUTRA_NR_SecurityFunctions { var octetstring v_S; // Generation of String v_S := const_S69_FC; log("f_NG_Authentication_A8 (1): v_S=", v_S); //FC = 0x69 v_S := ( v_S & int2oct ( p_AlgTypeDistg, 1 ) ); log("f_NG_Authentication_A8 (2): v_S=", v_S); //P0 = algorithm type distinguisher v_S := ( v_S & '0001'O ); log("f_NG_Authentication_A8 (3): v_S=", v_S); //L0 = length of algorithm type distinguisher (i.e. 0x00 0x01)) v_S := ( v_S & bit2oct ( p_Alg ) ); log("f_NG_Authentication_A8 (4): v_S=", v_S); //P1 = algorithm identity v_S := ( v_S & '0001'O ); log("f_NG_Authentication_A8 (5): v_S=", v_S); //L1 = length of algorithm identity (i.e. 0x00 0x01) return substr(fx_KeyDerivationFunction(p_KDF_Type, p_Key, v_S), 128, 128); Loading
ttcn/Lib3GPP/NG_NAS/NG_NAS_SecurityFunctions.ttcn +18 −0 Original line number Diff line number Diff line Loading @@ -514,14 +514,19 @@ module NG_NAS_SecurityFunctions { // Generation of String v_S := const_S6D_FC; log("f_NG_Authentication_A7 (1): v_S=", v_S); //FC = 0x6D v_S := (v_S & v_P0); log("f_NG_Authentication_A7 (2): v_S=", v_S); //P0 = serving network ID v_S := (v_S & int2oct(lengthof(v_P0), 2)) ; log("f_NG_Authentication_A7 (3): v_S=", v_S); //L0 = length of SUPI v_S := (v_S & v_P1); log("f_NG_Authentication_A7 (4): v_S=", v_S); //P0 = serving network ID v_S := (v_S & int2oct(lengthof(v_P1), 2)) ; log("f_NG_Authentication_A7 (5): v_S=", v_S); //L1 = length of ABBA return fx_KeyDerivationFunction(p_KDF_Type, p_KSEAF, v_S); Loading Loading @@ -550,19 +555,27 @@ module NG_NAS_SecurityFunctions { // Generation of String v_S := const_S77_FC; log("f_NG_Authentication_A17 (1): v_S=", v_S); //FC = 0x77 v_S := (v_S & p_SoRHeader); log("f_NG_Authentication_A17 (2): v_S=", v_S); //P0 = SOR Header v_S := (v_S & '0001'O); log("f_NG_Authentication_A17 (3): v_S=", v_S); //L0 = length of SOR Header v_S := (v_S & p_Counter); log("f_NG_Authentication_A17 (4): v_S=", v_S); //P1 = Counter v_S := (v_S & '0002'O) ; log("f_NG_Authentication_A17 (5): v_S=", v_S); //L1 = length of Counter if (lengthof (p_PLMNandAccessTechnologyList) > 0) { //P2 & L2 are optional v_S := (v_S & p_PLMNandAccessTechnologyList); log("f_NG_Authentication_A17 (6-1): v_S=", v_S); v_S := (v_S & int2oct(lengthof(p_PLMNandAccessTechnologyList), 2)) ; log("f_NG_Authentication_A17 (6-2): v_S=", v_S); } log("f_NG_Authentication_A17 (7): v_S=", v_S); return substr(fx_KeyDerivationFunction(p_KDF_Type, p_KAUSF, v_S), 128, 128); // returns LSB 128 bits[truncated] of the key generated } Loading @@ -586,14 +599,19 @@ module NG_NAS_SecurityFunctions { // Generation of String v_S := const_S78_FC; log("f_NG_Authentication_A18 (1): v_S=", v_S); //FC = 0x78 v_S := (v_S & '01'O); log("f_NG_Authentication_A18 (2): v_S=", v_S); //P0 = SOR Ack v_S := (v_S & '0001'O); log("f_NG_Authentication_A18 (3): v_S=", v_S); //L0 = length of SOR Ack v_S := (v_S & p_Counter); log("f_NG_Authentication_A18 (4): v_S=", v_S); //P1 = Counter v_S := (v_S & '0002'O) ; log("f_NG_Authentication_A18 (5): v_S=", v_S); //L1 = length of Counter return substr(fx_KeyDerivationFunction(p_KDF_Type, p_KAUSF, v_S), 128, 128); Loading
