Rename some PIXITs; Addimg logs in LIB_NG_NAS_Functions_ext.cc; Add PIXIT to... (81a24e59) · Commits · INT - Core Network and Interoperability Testing / 5G Core / NAS

ccsrc/Externals/LIB_NG_NAS_Functions_ext.cc

+4 −0

Original line number	Diff line number	Diff line
		@@ -65,6 +65,8 @@ namespace LIB__NG__NAS__Functions {
		INTEGER fx__f1(const BITSTRING& p_authK, const BITSTRING& p_rand, const BITSTRING& p_sqn, const BITSTRING& p_amf, BITSTRING& p_mac_a) {
		loggers::get_instance().log_msg(">>> fx__f1: p_authK: ", bit2oct(p_authK));
		loggers::get_instance().log_msg(">>> fx__f1: p_rand: ", bit2oct(p_rand));
		loggers::get_instance().log_msg(">>> fx__f1: p_sqn: ", bit2oct(p_sqn));
		loggers::get_instance().log_msg(">>> fx__f1: p_amf: ", bit2oct(p_amf));

		rijndael r;
		OCTETSTRING authK = bit2oct(p_authK);
		@@ -131,6 +133,8 @@ namespace LIB__NG__NAS__Functions {
		INTEGER fx__f1star(const BITSTRING& p_authK, const BITSTRING& p_rand, const BITSTRING& p_sqn, const BITSTRING& p_amf, BITSTRING& p_mac_s) {
		loggers::get_instance().log_msg(">>> fx__f1star: p_authK: ", bit2oct(p_authK));
		loggers::get_instance().log_msg(">>> fx__f1star: p_rand: ", bit2oct(p_rand));
		loggers::get_instance().log_msg(">>> fx__f1: p_sqn: ", bit2oct(p_sqn));
		loggers::get_instance().log_msg(">>> fx__f1: p_amf: ", bit2oct(p_amf));

		rijndael r;
		OCTETSTRING authK = bit2oct(p_authK);

etc/Ats_NG_NAS/AtsNGAP_AMF.cfg_

+24 −10

Original line number	Diff line number	Diff line
		@@ -12,12 +12,17 @@ LibNGAP_Pixits.PX_AMF_UE_NGAP_ID := 22
		LibNGAP_Pixits.PX_PLMN_IDENTITY := '00f110'O
		LibNGAP_Pixits.PX_GNB_ID := '0000000000000001001110'B

		Lib_NG_NAS_Pixits.PX_CHECK_SECURITY := false
		Lib_NG_NAS_Pixits.PX_CHECK_SECURITY := true
		Lib_NG_NAS_Pixits.PX_SUPI_FORMAT := '0000'B
		Lib_NG_NAS_Pixits.PX_SUPI_DIGITS := '00f110214300014444330302'O
		Lib_NG_NAS_Pixits.PX_USIM_OPERATOR_VARIANT_ALGORITHM_CONFIGURATION := '00000000000000000000000000000000'O
		Lib_NG_NAS_Pixits.PX_LONG_TERM_KEY := '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'B
		Lib_NG_NAS_Pixits.PX_PLMN := '000000'O;
		# OP
		Lib_NG_NAS_Pixits.PX_OPERATOR_KEY := '00000000000000000000000000000000'O
		# OPc
		Lib_NG_NAS_Pixits.PX_OPERATOR_SECRET_KEY := '00000000000000000000000000000000'O
		Lib_NG_NAS_Pixits.PX_FORCE_USING_OPERATOR_SECRET_KEY := true

		Lib_NG_NAS_Pixits.PX_SUBSCRIPTION_KEY := '00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'B
		Lib_NG_NAS_Pixits.PX_PLMN := '00f110'O;


		NAS_5GC_Parameters.px_NAS_5GC_XRES_Length := 8 # In ETSI TS 135 206 V16.0.0 (2020-08) Table Table 5. f2 output, RES length is 8 octets (64 bits)
		@@ -67,14 +72,23 @@ system.N2_gNBaMF_P.params := "NGAP/SCTP_FILE/IP_OFFLINE/ETH(mac_src=8c554ac1eee0
		# In this section you can specify what parts of your test suite you want to execute.
		#AtsImsIot_TestControl.control

		# Verify that the IUT sends an AUTHENTICATION REQUEST message correctly upon receipt of a NAS Registration without an active security context
		#NG_NAS_TestCases.TC_5GNAS_AMF_AUT_REQ_01
		# Verify that the IUT sends an AUTHENTICATION REJECT message correctly upon receipt of an AUTHENTICATION RESPONSE message indicating a wrong ARP IEI
		#NG_NAS_TestCases.TC_5GNAS_AMF_AUT_REQ_02
		# Verify that the IUT sends an IDENTITY REQUEST message correctly upon receipt of an AUTHENTICATION FAILURE message indicating a 5GMM cause value #20 - MAC failure
		#NG_NAS_TestCases.TC_5GNAS_AMF_AUT_REQ_03
		# Verify that the IUT sends an IDENTITY REQUEST message correctly upon receipt of an AUTHENTICATION FAILURE message indicating a 5GMM cause value #20 - MAC failure
		#NG_NAS_TestCases.TC_5GNAS_AMF_AUT_REQ_04
		# Verify that the IUT sends a new AUTHENTICATION REQUEST message with new ngKSI value to re-initiate the 5G AKA based primary authentication upon receipt of an AUTHENTICATION FAILURE message indicating a 5GMM cause value #71 - ngKSI already in use
		#NG_NAS_TestCases.TC_5GNAS_AMF_AUT_REQ_05
		# Verify that the IUT sends a new IDENTITY REQUEST message to obtain the SUCI from the UE upon receipt of an AUTHENTICATION FAILURE message indicating a 5GMM cause value #26 - non-5G authentication unacceptable
		#NG_NAS_TestCases.TC_5GNAS_AMF_AUT_ABN_01
		# Verify that the IUT sends a SECURITY MODE COMMAND message correctly to indicate NAS security mode procedure upon receipt of a NAS AUTHENTICATION RESPONSE
		#NG_NAS_TestCases.TC_NGNAS_AMF_AUT_SEQ_01
		#NG_NAS_TestCases.TC_5GNAS_AMF_SEC_ACC_01
		# Verify that the IUT, upon receiving the NAS SECURITY MODE COMPLETE message after completing the NAS Authentication and Security procedure, successfully completes the registration process by accepting the registration
		NG_NAS_TestCases.TC_5GNAS_AMF_SEC_ACC_01
		# Verify that the IUT, upon receiving the NAS SECURITY MODE REJECT Message after a failed NAS Authentication and security procedure, successfully aborts the registration process by rejecting the registration
		#NG_NAS_TestCases.TC_5GNAS_AMF_SEC_REJ_01
		#NG_NAS_TestCases.TC_5GNAS_AMF_DLN_ACC_01
		#NG_NAS_TestCases.TC_5GNAS_AMF_REG_ACC_01
		@@ -127,9 +141,9 @@ system.N2_gNBaMF_P.params := "NGAP/SCTP_FILE/IP_OFFLINE/ETH(mac_src=8c554ac1eee0
		# Eurecom publiction "Security Analysis of 5G Authentication"
		# https://eprint.iacr.org/2022/1623.pdf
		# Verdict fail
		NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_01
		NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_02
		NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_03
		#NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_01
		#NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_02
		#NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_17_03
		#NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_18_01
		#NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_19_01
		#NG_NAS_TestCases.TC_5G_AKA_CRYPTO_FUNCTIONS_TEST_20_01

ttcn/Ats_NG_NAS/NG_NAS_TestCases.ttcn

+41 −33

Original line number	Diff line number	Diff line
		@@ -96,7 +96,7 @@ module NG_NAS_TestCases {
		} // End of testcase TC_5GNAS_AMF_AUT_REQ_01

		/**
		* @desc Verify that the IUT sends an AUTHENTICATION REQUEST message correctly upon receipt of a NAS Registration without an active security context
		* @desc Verify that the IUT sends an AUTHENTICATION REJECT message correctly upon receipt of an AUTHENTICATION RESPONSE message indicating a wrong ARP IEI
		* @see ETSI TS 124 501 [1], Clause 5.4.1.3.5 and 8.2.5
		*/
		testcase TC_5GNAS_AMF_AUT_REQ_02() runs on gNB_NGNAS_NGAPComponent system TestAdapter {
		@@ -124,7 +124,7 @@ module NG_NAS_TestCases {
		} // End of testcase TC_5GNAS_AMF_AUT_REQ_02

		/**
		* @desc Verify that the IUT stops re-sending an AUTHENTICATION REQUEST message if no AUTHENTICATION RESPONSE message is received on the fifth expiry of timer T3560
		* @desc Verify that the IUT sends an IDENTITY REQUEST message correctly upon receipt of an AUTHENTICATION FAILURE message indicating a 5GMM cause value #20 - MAC failure
		* @see ETSI TS 124 501 [1], Clauses 5.4.1.3.7 b) and Table 10.3.1
		*/
		testcase TC_5GNAS_AMF_AUT_REQ_03() runs on gNB_NGNAS_NGAPComponent system TestAdapter {
		@@ -1938,7 +1938,7 @@ module NG_NAS_TestCases {

		f_set_op(v_op);

		var B64_Type v_xres := oct2bit('6283ace5e894a0ad'O);
		var B64_Type v_xres := oct2bit('609696B02F696DDF'O);
		var B64_Type v_xres_computed;
		var B128_Type v_ck;
		var B128_Type v_ik;
		@@ -2018,30 +2018,32 @@ module NG_NAS_TestCases {

		f_set_op(v_op);

		var B64_Type v_mac_a;
		var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a);
		var B64_Type v_xres;
		var B128_Type v_ck;
		var B128_Type v_ik;
		var B48_Type v_ak;
		var integer v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak);
		if (v_result != 0) {
		log("* " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". *");
		log("* " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". *");
		setverdict(fail);
		stop;
		}
		var B64_Type v_mac_s;
		v_result := f_f1star(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_s);
		var B48_Type v_sqn := v_sqn_ak xor4b v_ak; // SQN = SQN_AK ⊕ AK
		var B64_Type v_mac_a;
		v_result := f_f1(oct2bit(v_K), v_rand, v_sqn, v_amf, v_mac_a);
		if (v_result != 0) {
		log("* " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". *");
		setverdict(fail);
		stop;
		}
		var B64_Type v_xres;
		var B128_Type v_ck;
		var B128_Type v_ik;
		var B48_Type v_ak;
		v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak);
		var B64_Type v_mac_s;
		v_result := f_f1star(oct2bit(v_K), v_rand, v_sqn, v_amf, v_mac_s);
		if (v_result != 0) {
		log("* " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". *");
		log("* " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". *");
		setverdict(fail);
		stop;
		}

		var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) Annex A.2 KAUSF derivation function: Ks = CK \|\| IK
		var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand));
		v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side
		@@ -2094,29 +2096,21 @@ module NG_NAS_TestCases {

		f_force_opc(v_opc);

		var B64_Type v_mac_a_computed;
		var integer v_result := f_f1(oct2bit(v_K), v_rand, v_sqn_ak, v_amf, v_mac_a_computed);
		if (v_result != 0) {
		log("* " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". *");
		setverdict(fail);
		stop;
		}
		if (not(match(v_mac_a_computed, v_mac_a))) {
		log("* " & __SCOPE__ & ": ERROR: 'v_mac_a_computed' did not return the expected value. *");
		setverdict(fail);
		stop;
		}

		var B64_Type v_xres;
		var B128_Type v_ck;
		var B128_Type v_ik;
		var B48_Type v_ak;
		v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak);
		var integer v_result := f_f2345(oct2bit(v_K), v_rand, v_xres, v_ck, v_ik, v_ak);
		if (v_result != 0) {
		log("* " & __SCOPE__ & ": ERROR: 'f_f2345' returned an error code: " & int2str(v_result) & ". *");
		setverdict(fail);
		stop;
		}
		log("v_xres =", bit2oct(v_xres));
		log("v_ck =", bit2oct(v_ck));
		log("v_ik =", bit2oct(v_ik));
		log("v_ak =", bit2oct(v_ak));

		var B256_Type v_Ks := v_ck & v_ik; // ETSI TS 133 501 V16.18.0 (2024-04) Annex A.2 KAUSF derivation function: Ks = CK \|\| IK
		var Common_AuthenticationParams_Type v_auth_params := valueof(cs_CommonAuthParams_Init(v_rand));
		v_auth_params.AUTN := v_sqn_ak & v_amf & v_mac_a; // ETSI TS 135 205 V16.0.0 (2020-08) 7.2 Use of the algorithms on the AuC side
		@@ -2125,14 +2119,28 @@ module NG_NAS_TestCases {
		v_auth_params.XRES := v_xres;
		v_auth_params.XRESLength := lengthof(v_xres);

		var B64_Type v_RESstar := oct2bit('a7c39d021cc80709'O);
		var B64_Type v_XRESstar := oct2bit('60775ce133f05be3'O);
		var B48_Type v_sqn := v_sqn_ak xor4b v_ak; // SQN = SQN_AK ⊕ AK
		log("v_sqn =", bit2oct(v_sqn));
		var B64_Type v_mac_a_computed;
		v_result := f_f1(oct2bit(v_K), v_rand, /v_ak/v_sqn, v_amf, v_mac_a_computed);
		if (v_result != 0) {
		log("* " & __SCOPE__ & ": ERROR: 'fx_f1' returned an error code: " & int2str(v_result) & ". *");
		setverdict(fail);
		stop;
		}
		if (not(match(v_mac_a_computed, v_mac_a))) {
		log("* " & __SCOPE__ & ": ERROR: 'v_mac_a_computed' did not return the expected value. *");
		setverdict(fail);
		stop;
		}

		var B64_Type v_RESstar := oct2bit('26F37F6C2DC1E002'O);
		var B64_Type v_XRESstar := oct2bit('A3FB2BF1A695413A'O);
		var B128_Type v_res := f_NG_Authentication_A4(v_PLMN, v_auth_params, tsc_KDF_HMAC_SHA_256, v_Ks);
		var B64_Type v_RESstar_computed := substr(v_res, 0, 64);
		var B64_Type v_XRESstar_computed := substr(v_res, 64, 64);
		log("v_RESstar_computed =", v_RESstar_computed);
		log("v_XRESstar_computed =", v_XRESstar_computed);
		log("v_RESstar_computed =", bit2oct(v_RESstar_computed));
		log("v_XRESstar_computed =", bit2oct(v_XRESstar_computed));
		if (not(match(v_RESstar_computed, v_RESstar))) {
		log("* " & __SCOPE__ & ": ERROR: 'v_RESstar_computed' did not return the expected value. *");
		setverdict(fail);

ttcn/Lib_NG_NAS/LIB_NG_NAS_Functions.ttcn

+19 −13

Original line number	Diff line number	Diff line
		@@ -279,12 +279,14 @@ module LIB_NG_NAS_Functions {
		)))));
		}

		function f_terminate_NasRegistrationRequest_with_reject() runs on NGNASComponent {
		function f_terminate_NasRegistrationRequest_with_reject(
		in NAS_CauseValue_Type p_nas_cause_value := tsc_EmmCause_IllegalMe
		) runs on NGNASComponent {
		// Send error message
		vt_NgNasUl_Msg := m_NG_AUTHENTICATION_FAILURE(
		m_GMM_GSM_Cause(
		-,
		tsc_EmmCause_IllegalMe // '00000110'B;
		p_nas_cause_value
		));
		vc_sendNAS_PDU := bit2oct(encvalue(valueof(vt_NgNasUl_Msg)));
		f_send_NGAP_PDU(
		@@ -559,12 +561,12 @@ module LIB_NG_NAS_Functions {
		* @param [in,out] p_ng_nas_security_params_type Built security parameters
		*/
		function f_5g_aka_compute_res_xres(
		in B128_Type p_long_term_key := PX_LONG_TERM_KEY,
		in B128_Type p_subscription_key := PX_SUBSCRIPTION_KEY,
		in B128_Type p_rand,
		in B128_Type p_autn,
		in ABBA p_abba,
		in NAS_PlmnId p_PLMN,
		in hexstring p_NID,
		in template (omit) hexstring p_NID := omit,
		inout NG_NAS_SecurityParams_Type p_ng_nas_security_params_type
		) return boolean {
		log(">>> f_5g_aka_compute_res_xres: ", p_ng_nas_security_params_type);
		@@ -575,7 +577,7 @@ module LIB_NG_NAS_Functions {
		p_ng_nas_security_params_type.AuthParams.RandValue := p_rand;
		p_ng_nas_security_params_type.AuthParams.AUTN := p_autn;

		log("f_5g_aka_compute_res_xres: PX_LONG_TERM_KEY=", PX_LONG_TERM_KEY);
		log("f_5g_aka_compute_res_xres: PX_SUBSCRIPTION_KEY=", PX_SUBSCRIPTION_KEY);

		// Extract SQN from v_sqn_ak and XOR it with calculated MAC
		var B48_Type v_sqn_ak := f_extract_sqn_ak_from_autn(p_autn);
		@@ -586,13 +588,17 @@ module LIB_NG_NAS_Functions {
		log("f_5g_aka_compute_res_xres: v_mac=", bit2oct(v_mac));

		// Set OP
		f_set_op(PX_USIM_OPERATOR_VARIANT_ALGORITHM_CONFIGURATION);
		if (PX_FORCE_USING_OPERATOR_SECRET_KEY == false) {
		f_set_op(PX_OPERATOR_KEY);
		} else {
		f_force_opc(PX_OPERATOR_SECRET_KEY);
		}
		// Calculate RES, CK, IK and AK in one step
		var B128_Type v_ck;
		var B128_Type v_ik;
		var B48_Type v_ak;
		var B64_Type v_res;
		if (f_f2345(PX_LONG_TERM_KEY, p_rand, v_res, v_ck, v_ik, v_ak) == -1) {
		if (f_f2345(PX_SUBSCRIPTION_KEY, p_rand, v_res, v_ck, v_ik, v_ak) == -1) {
		log("f_f2345 failed");
		return false;
		}
		@@ -605,15 +611,15 @@ module LIB_NG_NAS_Functions {
		var B48_Type v_sqn := v_sqn_ak xor4b v_ak;
		log("f_5g_aka_compute_res_xres: v_sqn=", bit2oct(v_sqn));

		// Verify that MAC was accepted
		var B64_Type v_mac_p;
		if (f_f1(PX_LONG_TERM_KEY, p_rand, v_sqn, v_amf, v_mac_p) == -1) {
		// Verify that MAC-A was accepted
		var B64_Type v_mac_a;
		if (f_f1(PX_SUBSCRIPTION_KEY, p_rand, v_sqn, v_amf, v_mac_a) == -1) {
		log("f_f1 failed: ");
		return false;
		}
		log("f_5g_aka_compute_res_xres: v_mac_p=", bit2oct(v_mac_p));
		if (PX_CHECK_SECURITY and (v_mac != v_mac_p)) {
		log("v_mac != v_mac_p");
		log("f_5g_aka_compute_res_xres: v_mac_a=", bit2oct(v_mac_a));
		if (PX_CHECK_SECURITY and (v_mac != v_mac_a)) {
		log("v_mac != v_mac_a");
		return false;
		}

ttcn/Lib_NG_NAS/Lib_NG_NAS_Pixits.ttcn

+17 −3

Original line number	Diff line number	Diff line
		@@ -20,9 +20,23 @@ module Lib_NG_NAS_Pixits {

		modulepar octetstring PX_SUPI_DIGITS := '00f110214300014444330302'O;

		modulepar O16_Type PX_USIM_OPERATOR_VARIANT_ALGORITHM_CONFIGURATION := '00000000000000000000000000000000'O;
		/**
		* @desc Operator Key (OP)
		*/
		modulepar O16_Type PX_OPERATOR_KEY := '00000000000000000000000000000000'O;

		/**
		* @desc OPc is derived from OP and K
		* OPc is used in 3GPP AKA algorithm
		*/
		modulepar O16_Type PX_OPERATOR_SECRET_KEY := '00000000000000000000000000000000'O;

		modulepar boolean PX_FORCE_USING_OPERATOR_SECRET_KEY := false

		modulepar B128_Type PX_LONG_TERM_KEY := oct2bit('00000000000000000000000000000000'O);
		/**
		* @desc Subscription key (K)
		*/
		modulepar B128_Type PX_SUBSCRIPTION_KEY := oct2bit('00000000000000000000000000000000'O);

		modulepar NAS_PlmnId PX_PLMN := '000000'O;