Start implementing security support (712ef632) · Commits · INT - Core Network and Interoperability Testing / 5G Core / NAS

ttcn/Ats_NG_NAS/NG_NAS_TCFunctions.ttcn

+29 −10

Original line number	Diff line number	Diff line
		@@ -79,6 +79,7 @@ module NG_NAS_TCFunctions {
		? // AuthorizationRequest
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_AUTHENTICATION_REQUEST(
		@@ -86,7 +87,9 @@ module NG_NAS_TCFunctions {
		-,
		?, // Authentication_parameter_RAND
		? // Authentication_parameter_AUTN
		)) == false) {
		),
		v_message
		) == false) {
		setverdict(fail);
		log("* " & __SCOPE__ & ": FAIL: Unexpected NG_AUTHENTICATION_REQUEST *");
		}
		@@ -124,7 +127,8 @@ module NG_NAS_TCFunctions {
		? // SecurityModeCommand
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		if (f_Check_5GAKA_NAS_DL_Message(vc_recvNAS_PDU, mw_NG_SECURITY_MODE_COMMAND) == false) {
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(vc_recvNAS_PDU, mw_NG_SECURITY_MODE_COMMAND, v_message) == false) {
		setverdict(fail);
		log("* " & __SCOPE__ & ": FAIL: NG_SECURITY_MODE_COMMAND mismatch. *");
		}
		@@ -185,7 +189,8 @@ module NG_NAS_TCFunctions {

		f_NGAPPDU_Get(v_PDU)
		f_NASPDU_Get(vc_recvNGAP_PDU);
		if (f_Check_5GAKA_NAS_DL_Message(vc_recvNAS_PDU, mw_NG_AUTHENTICATION_REQUEST) == true) {
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(vc_recvNAS_PDU, mw_NG_AUTHENTICATION_REQUEST, v_message) == true) {
		f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
		log("* " & __SCOPE__ & ": FAIL: Unexpected NG_AUTHENTICATION_REQUEST after T3560 timer expiry *");
		}
		@@ -243,11 +248,14 @@ module NG_NAS_TCFunctions {
		? // IdentityRequest
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_AUTHENTICATION_REQUEST(
		'111'B // Identity type
		)) == false) {
		),
		v_message
		) == false) {
		setverdict(fail);
		log("* " & __SCOPE__ & ": FAIL: Unexpected NG_IDENTITY_REQUEST *");
		}
		@@ -307,11 +315,13 @@ module NG_NAS_TCFunctions {
		?
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_AUTHENTICATION_REQUEST(
		complement(ngKSI)
		)) == false) {
		),
		v_message) == false) {
		setverdict(fail);
		log("* " & __SCOPE__ & ": FAIL: Unexpected NG_IDENTITY_REQUEST *");
		}
		@@ -367,11 +377,14 @@ module NG_NAS_TCFunctions {
		? // IdentityRequest
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_IDENTITY_REQUEST(

		)) == false) {
		// TODO
		),
		v_message
		) == false) {
		setverdict(fail);
		log("* " & __SCOPE__ & ": FAIL: Unexpected NG_IDENTITY_REQUEST *");
		}
		@@ -413,9 +426,11 @@ module NG_NAS_TCFunctions {
		? // Security mode command
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_SECURITY_MODE_COMMAND
		mw_NG_SECURITY_MODE_COMMAND,
		v_message
		) == false) {
		setverdict(fail);
		log("* " & __SCOPE__ & ": FAIL: Unexpected NG_SECURITY_MODE_COMMAND *");
		@@ -564,9 +579,11 @@ module NG_NAS_TCFunctions {
		? // PDU SESSION ESTABLISHMENT ACCEPT
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_PDU_SESSION_ESTABLISHMENT_ACCEPT
		mw_NG_PDU_SESSION_ESTABLISHMENT_ACCEPT,
		v_message
		) == false) {
		setverdict(fail);
		return;
		@@ -612,6 +629,7 @@ module NG_NAS_TCFunctions {
		? // AuthorizationRequest
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_REGISTRATION_ACCEPT(
		@@ -627,7 +645,8 @@ module NG_NAS_TCFunctions {
		),
		-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,
		?
		)) == false) {
		),
		v_message) == false) {
		setverdict(fail);
		}
		f_selfOrClientSyncAndVerdict(c_tbDone, f_getVerdict());

ttcn/Lib_NG_NAS/LIB_NG_NAS_Functions.ttcn

+96 −52

Original line number	Diff line number	Diff line
		@@ -3,6 +3,7 @@ module LIB_NG_NAS_Functions {
		// Lib_NG_NAS
		import from Lib_NG_NAS_Interface all;
		import from Lib_NG_NAS_Templates all;
		import from Lib_NG_NAS_Pixits all;

		// NG_NAS
		import from NG_NAS_TypeDefs all;
		@@ -10,8 +11,11 @@ module LIB_NG_NAS_Functions {

		// Lib3GPP
		import from NG_NAS_MsgContainers all;
		import from CommonDefs all;
		import from NAS_CommonTemplates all;
		import from NG_NAS_Common all;
		import from NAS_AuthenticationCommon all;
		import from NG_NAS_SecurityFunctions all;

		// Lib_NGAP
		import from NGAP_IEs language "ASN.1:2002" all;
		@@ -22,15 +26,9 @@ module LIB_NG_NAS_Functions {
		import from LibNGAP_Interface all;
		import from LibNGAP_Steps all;


		import from Lib_NG_NAS_Pixits all;

		/********************************************************************************
		*
		* FIXME Use or enhance check functions from 3GPP library such as NG_NASTemplateFunctions.f_Check_NG_SecurityModeCompleteMsg
		*
		********************************************************************************/

		/**
		* @desc Function to send NGSetupRequest message and await for NGSetupResponse message
		*/
		function f_send_NGSetupRequest_await_NGSetupRespone() runs on NGNASComponent {
		f_send_NGAP_PDU(
		m_ngap_initMsg(
		@@ -79,40 +77,16 @@ module LIB_NG_NAS_Functions {
		)));
		}

		function f_await_NGInitialContextSetupRequest_send_NGInitialContextSetupRespone() runs on NGNASComponent {
		f_recv_NGAP_PDU(
		mw_ngap_initMsg(
		mw_n2_InitialContextSetupRequest_withPDUSessionList( // FIXME FSCOM How to deal with it?

		)));
		f_send_NGAP_PDU(
		m_ngap_succMsg(
		m_n2_InitialContextSetupResponse_noPDUSessionResourceSetupListSURes
		));
		}

		function f_send_NGUERadioCApabilityInfoIndication() runs on NGNASComponent {
		f_send_NGAP_PDU(
		m_ngap_initMsg(
		m_n2_UERadioCapabilityInfoIndication(
		-, -,
		''O // FIXME FSCOM How to deal with UERadioCapability
		)));
		}

		/**
		* @desc Function to send NAS RegistrationRequest message
		* @see NG_NASTemplateFunctions.f_Check_NG_RegistrationReqMsg
		*/
		function f_send_NasRegistrationRequest() runs on NGNASComponent {
		vt_NgNasUl_Msg := m_NG_REGISTRATION_REQUEST(
		{'1'B,'001'B},//in template (value) RegistrationType p_RegistrationType,
		'000'B,//in template (value) NAS_KsiValue p_KeySetId,
		'0'B,//in template (value) B1_Type p_Tsc,
		{ // 24.501 cl. 9.11.3.4
		iei:=omit,
		iel:='0002'O,
		idDigit1:='0000'B, // 1st identitity digit
		oddEvenInd:='0'B, // Odd/even indicator or Spare
		typeOfId:='000'B, // Type of identity
		otherDigits:='00'O// length (1..infinity) optional // Other identity digits, could be any length @sic R5-192389, @sic R5w190307 sic@ sic@
		}//in template (value) NG_MobileIdentity p_MobileId,
		{'0'B,'001'B},
		'111'B,
		'0'B,
		m_NG_MobileIdentitySUCI('0000'B,'00f110214300014444330302'O) // TODO Use PIXIT here?
		);
		vc_sendNAS_PDU := bit2oct(encvalue(valueof(vt_NgNasUl_Msg)));
		f_send_NGAP_PDU(
		@@ -128,6 +102,9 @@ module LIB_NG_NAS_Functions {
		)))));
		}

		/**
		* @desc Function to await NAS NGSetupResponse message
		*/
		function f_await_registration_accept() runs on NGNASComponent {
		// Await request for REGISTRATION_ACCEPT
		f_recv_NGAP_PDU(
		@@ -138,6 +115,7 @@ module LIB_NG_NAS_Functions {
		? // AuthorizationRequest
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_REGISTRATION_ACCEPT(
		@@ -153,12 +131,19 @@ module LIB_NG_NAS_Functions {
		),
		-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,-,
		?
		)) == false) {
		),
		v_message) == false) {
		setverdict(fail);
		return;
		}
		}

		/********************************************************************************
		*
		* FIXME Use or enhance check functions from 3GPP library such as NG_NASTemplateFunctions.f_Check_NG_SecurityModeCompleteMsg
		*
		********************************************************************************/

		function f_await_NasAuthorizationRequest_send_NasAuthorizationResponse() runs on NGNASComponent {
		// Await request for authorization
		f_recv_NGAP_PDU(
		@@ -169,21 +154,25 @@ module LIB_NG_NAS_Functions {
		? // AuthorizationRequest
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_AUTHENTICATION_REQUEST(
		'111'B,
		'100'B,
		-,
		?, // Authentication_parameter_RAND
		? // Authentication_parameter_AUTN

		)) == false) {
		mw_GMM_AuthRAND,
		mw_GSM_AUTN
		),
		v_message
		) == false) {
		setverdict(fail);
		return;
		}
		// Compute RES/XRES
		f_compute_res_xres(v_message.authentication_Request.rand.randValue, v_message.authentication_Request.autn.aUTN, vc_ng_nas_security_params_type);
		// Send response
		vt_NgNasUl_Msg := m_NG_AUTHENTICATION_RESPONSE(
		{ iei := '2d'O, iel := '10'O, res := oct2bit('a7c39d021cc8070960775ce133f05be3'O) }
		{ iei := '2d'O, iel := '10'O, res := vc_ng_nas_security_params_type.AuthParams.XRES }
		);
		vc_sendNAS_PDU := bit2oct(encvalue(valueof(vt_NgNasUl_Msg)));
		f_send_NGAP_PDU(
		@@ -209,9 +198,11 @@ module LIB_NG_NAS_Functions {
		? // Security mode command
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_SECURITY_MODE_COMMAND
		mw_NG_SECURITY_MODE_COMMAND,
		v_message
		) == false) {
		setverdict(fail);
		return;
		@@ -228,9 +219,11 @@ module LIB_NG_NAS_Functions {
		? // Security mode command
		)));
		f_NASPDU_Get(vc_recvNGAP_PDU);
		var NG_NAS_DL_Message_Type v_message;
		if (f_Check_5GAKA_NAS_DL_Message(
		vc_recvNAS_PDU,
		mw_NG_SECURITY_MODE_COMMAND
		mw_NG_SECURITY_MODE_COMMAND,
		v_message
		) == false) {
		setverdict(fail);
		return;
		@@ -285,6 +278,27 @@ module LIB_NG_NAS_Functions {
		)))));
		}

		function f_send_NGUERadioCApabilityInfoIndication() runs on NGNASComponent {
		f_send_NGAP_PDU(
		m_ngap_initMsg(
		m_n2_UERadioCapabilityInfoIndication(
		-, -,
		''O // FIXME FSCOM How to deal with UERadioCapability
		)));
		}

		function f_await_NGInitialContextSetupRequest_send_NGInitialContextSetupRespone() runs on NGNASComponent {
		f_recv_NGAP_PDU(
		mw_ngap_initMsg(
		mw_n2_InitialContextSetupRequest_withPDUSessionList( // FIXME FSCOM How to deal with it?

		)));
		f_send_NGAP_PDU(
		m_ngap_succMsg(
		m_n2_InitialContextSetupResponse_noPDUSessionResourceSetupListSURes
		));
		}

		function f_NASPDU_Get(inout NGAP_PDU p_PDU) runs on NGNASComponent {

		vc_recvNGAP_PDU := p_PDU;
		@@ -375,7 +389,8 @@ module LIB_NG_NAS_Functions {

		function f_Check_5GAKA_NAS_DL_Message(
		in NAS_PDU p_nas_pdu,
		in template NG_NAS_DL_Message_Type p_NG_NAS_DL_Message_Type
		in template NG_NAS_DL_Message_Type p_NG_NAS_DL_Message_Type,
		out NG_NAS_DL_Message_Type p_message
		) return boolean {
		log(">>> f_Check_5GAKA_NAS_DL_Message: ", p_nas_pdu);

		@@ -403,7 +418,8 @@ module LIB_NG_NAS_Functions {
		return false;
		}
		}
		log("f_Check_5GAKA_NAS_DL_Message: matching");
		p_message := v_message;
		log("f_Check_5GAKA_NAS_DL_Message: matching: p_message: ", p_message);

		return true;
		} // End of function f_Check_5GAKA_NAS_DL_Message
		@@ -477,4 +493,32 @@ module LIB_NG_NAS_Functions {
		return true;
		} // End of function f_Check_5GAKA_NAS_UL_Message_is_encrypted

		/**
		* @desc Compute RES and XRES values based on rAND & AUTN received in the NG_AUTHENTICATION_REQUEST
		* @param [in] p_rand
		* @param [in] p_autn
		* @param [in] KeySeq
		* @param [in,out] p_ng_nas_security_params_type Built security parameters
		*/
		function f_compute_res_xres(
		in B128_Type p_rand,
		in B128_Type p_autn,
		inout NG_NAS_SecurityParams_Type p_ng_nas_security_params_type
		) return boolean {
		log(">>> f_compute_res_xres: ", p_ng_nas_security_params_type);

		p_ng_nas_security_params_type := valueof(cs_NG_NAS_SecurityParamsInit);
		p_ng_nas_security_params_type.AuthParams.RandValue := p_rand;
		p_ng_nas_security_params_type.AuthParams.AUTN := p_autn;
		p_ng_nas_security_params_type.AuthParams.AUTN := p_autn;

		// TODO Generate CK & IK

		// TODO Compute RES


		log("<<< f_compute_res_xres: ", p_ng_nas_security_params_type);
		return true;
		} // End of function f_compute_res_xres

		} // End of module LIB_NG_NAS_Functions
		No newline at end of file

ttcn/Lib_NG_NAS/Lib_NG_NAS_Interface.ttcn

+4 −2

Original line number	Diff line number	Diff line
		@@ -15,7 +15,8 @@ module Lib_NG_NAS_Interface {
		import from LibCommon_Sync all;

		//Lib3GPP
		import from NG_NAS_MsgContainers {type NG_NAS_DL_Message_Type, NG_NAS_UL_Message_Type};
		import from NG_NAS_MsgContainers all;
		import from NG_NAS_SecurityFunctions all;

		// LibNGAP
		//import from NGAP_IEs language "ASN.1:1997" all;
		@@ -37,6 +38,7 @@ module Lib_NG_NAS_Interface {
		var octetstring vc_sendNAS_PDU :=''O;
		var octetstring vc_recvNAS_PDU :=''O;
		var octetstring vc_recvNAS_PDUDefault:=''O;
		var NG_NAS_SecurityParams_Type vc_ng_nas_security_params_type := {};

		// Init of values at component started

ttcn/Lib_NG_NAS/Lib_NG_NAS_Templates.ttcn

+15 −0

Original line number	Diff line number	Diff line
		@@ -2198,4 +2198,19 @@ module Lib_NG_NAS_Templates {
		plainNASMessage := p_plainNASMessage /* cl. 9.9 M V 3-n */
		} // End of template mw_NG_SECURITY_PROTECTED_NAS_MESSAGE

		template (present) RAND mw_GMM_AuthRAND(
		template (present) B128_Type p_rand := ?
		) := { /* @status APPROVED (IMS, IMS_IRAT, LTE_A_IRAT, LTE_IRAT, NR5GC, NR5GC_IRAT, POS, SSNITZ, UTRAN) */
		iei := '21'O,
		randValue := p_rand
		} // End of template

		template (present) AUTN mw_GSM_AUTN(
		template (present) B128_Type p_autn := ?
		) := { /* @status APPROVED (IMS, IMS_IRAT, LTE_A_IRAT, LTE_IRAT, NR5GC, NR5GC_IRAT, POS, SSNITZ, UTRAN) */
		iei := '20'O,
		iel := '10'O, // Length of 16 octets
		aUTN := p_autn // value of Authentication Parameter AUTN
		} // End of template

		} // End of module Lib_NG_NAS_Templates
		No newline at end of file