Commit fea6fffd authored by Steffen Ludtke's avatar Steffen Ludtke Committed by kretzschmann
Browse files

rework TP_NGNAS_AMF_AUT_SEQ_01

parent 2248b40e

test_purposes/Ngnas_Common.tplan2

+10 −0
Original line number Diff line number Diff line
@@ -233,6 +233,7 @@ Package Ngnas_Common { 
    	

        type NgapMessage;

        type Cause;

        type Bitstring;

        

        //Table 8.1-1     

        NgapMessage AMF_CONFIGURATION_UPDATE;
@@ -338,9 +339,18 @@ Package Ngnas_Common { 
        NgapMessage AUTHENTICATION_REQUEST;

        NgapMessage AUTHENTICATION_RESPONSE;

        

        // Table 9.3.1: Security header type

        Bitstring PLAIN_5GS_NAS_MESSAGE; // 0 0 0 0 , not security protected

        Bitstring INTEGRITY_PROTECTED; // 0 0 0 1

        Bitstring INTEGRITY_PROTECTED_AND_CIPHERED; // 0 0 1 0

        Bitstring INTEGRITY_PROTECTED_WITH_NEW_5G_NAS_SECURITY_CONTEXT; // 0 0 1 1

        Bitstring INTEGRITY_PROTECTED_AND_CIPHERED_WITH_NEW_5G_NAS_SECURITY_CONTEXT; // 0 1 0 0



        //Section 9.3.1.2

        Cause Multiple_Location_Reporting_Reference_ID_instances; 



        

                

    } // End of Data section

          

        Configuration {

test_purposes/ngnas/TP_AMF_NGNAS.tplan2

+12 −18
Original line number Diff line number Diff line
@@ -121,19 +121,20 @@ Package TP_AMF { 
			

			TP Id TP_NGNAS_AMF_AUT_SEQ_01 

			

			// TODO:

			Test objective "Verify that the IUT sends an Security mode command message correctly upon receipt of a NAS Registration without an active security context."

			Test objective "Verify that the IUT sends a SECURITY MODE CONTROL message with all mandatory IEs to indicate NAS security mode procedure upon receipt of a NAS AUTHENTICATION_RESPONSE"

			

			Reference 

				"ETSI TS 124 501 [1], Clause 5.4.1"

				"ETSI TS 124 501 [1], Clause 5.4.1.2"

			

			// TODO

			Config Id CF_AMF_N2

			Config Id CF_AMF_N2N1

			

			PICS Selection NONE

			

			Initial conditions with {

				the UE entity isNotRegisteredTo the AMF

				the UE entity isNotRegisteredTo the AMF and

				event AUTHENTICATION_REQUEST occurs with {

					argument replaced by the security_header_type set to INTEGRITY_PROTECTED_WITH_NEW_5G_NAS_SECURITY_CONTEXT

				}														

			}

			

			Expected behaviour
@@ -141,28 +142,21 @@ Package TP_AMF { 
					when {

						the IUT entity receives a UPLINK_NAS_TRANSFER containing // AUTHENTICATION_RESPONSE

							NAS_PDU containing

								extended_protocol_discriminator indicating value 01010111, //reference ts_124007v180200p: Table 11.2.3.1.1A.1: EPD values 

								security_header_type indicating value 0000,

								extended_protocol_discriminator set to 5GS_MOBILITY_MANAGEMENT_MESSAGE, //reference ts_124007v180200p: Table 11.2.3.1.1A.1: EPD values 

								security_header_type set to INTEGRITY_PROTECTED_WITH_NEW_5G_NAS_SECURITY_CONTEXT,

								authentication_response_message_identity set to AUTHENTICATION_RESPONSE, //reference ts_124007v180200p: Table 11.2.3.1.1A.1: EPD values 

								authentication_response_parameter, // optional: This IE is included if the message is sent in a 5G AKA based primary authentication and key agreement procedure.

								EAP_message //optional: TODO: EAP message IE is included if the EAP message received in a related AUTHENTICATION REQUEST message was an EAP-request.

								;

					from the UE entity

					}

					then {

					the IUT entity sends an DOWNLINK_NAS_TRANSFER containing // Security mode command

						NAS_PDU containing

							extended_protocol_discriminator indicating value 01111110, //reference ts_124007v180200p: Table 11.2.3.1.1A.1: EPD values 

							security_header_type indicating value 0000, //not security protected

							extended_protocol_discriminator set to 5GS_MOBILITY_MANAGEMENT_MESSAGE, //reference ts_124007v180200p: Table 11.2.3.1.1A.1: EPD values 

							security_header_type set to INTEGRITY_PROTECTED_WITH_NEW_5G_NAS_SECURITY_CONTEXT,

							security_mode_command_message_identity set to SECURITY_MODE_COMMAND,

							selected_NAS_security_algorithms,

							ngKSI, //TODO: see [1] Table 9.11.3.32.1

							replayed_UE_security_capabilities, // UE security capability 9.11.3.54	

							

							IMEISV request,	//optional: The AMF may include this information element to request the UE to send its IMEISV with the corresponding SECURITY MODE COMPLETE message. 

							Selected EPS NAS security algorithms,	//TODO optional: This IE shall be included if the AMF supports N26 interface and the UE set the S1 mode bit to "S1 mode supported" in the 5GMM capability IE of the REGISTRATION REQUEST message. 

							Additional 5G security information, //optional: weglassen // raus

							EAP message // TODO: optional, see 5.4.1.2 // Raus

						;

					to the UE entity

					}