/* Utility functions from ogslib imported to TTCN-3
 *
 * (C) 2019 Harald Welte <laforge@gnumonks.org>
 * All rights reserved.
 *
 * Released under the terms of GNU General Public License, Version 2 or
 * (at your option) any later version.
 *
 * SPDX-License-Identifier: GPL-2.0-or-later
 */

module LTE_CryptoFunctions {

import from General_Types all;
import from Misc_Helpers all;

import from S1AP_Types all;
import from S1AP_PDU_Descriptions all;

import from NAS_EPS_Types all;
import from NAS_Templates all;

/*********************************************************************************
 * low-level API (external C/C++ code)
 *********************************************************************************/

external function f_snow_3g_f8(in OCT16 key, in integer count, in integer bearer,
				in boolean is_downlink, in octetstring data) return octetstring;

external function f_snow_3g_f9(in OCT16 key, in integer count, in integer fresh,
				in boolean is_downlink, in octetstring data) return OCT4;

external function f_kdf_kasme(in OCT16 ck, in OCT16 ik, in OCT3 plmn_id,
			      in OCT6 sqn, in OCT6 ak) return OCT32;

external function f_kdf_nas_int(in integer alg_id, in OCT32 kasme) return OCT32;
external function f_kdf_nas_enc(in integer alg_id, in OCT32 kasme) return OCT32;

external function f_kdf_enb(in OCT16 kasme, in integer ul_count) return OCT32;

external function f_kdf_nh(in OCT16 kasme, in OCT32 sync_inp) return OCT32;

external function f_kdf_nas_token(in OCT16 kasme, in integer ul_count) return OCT32;

/*********************************************************************************
 * mid-level API
 *********************************************************************************/

function f_nas_mac_calc(NAS_ALG_INT alg, octetstring k_nas_int, integer seq_nr,
				integer bearer, boolean is_downlink, octetstring data) return OCT4 {
	select (alg) {
	case (NAS_ALG_IP_EIA0) {
		return '00000000'O;
		}
	case (NAS_ALG_IP_EIA1) {
		return f_snow_3g_f9(k_nas_int, seq_nr, bearer, is_downlink, data);
		}
	case else {
		Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unsupported EIA: ", alg));
		return '00000000'O; /* never reached */
		}
	}
}

function f_nas_encrypt(NAS_ALG_ENC alg, octetstring k_nas_enc, integer count,
			integer bearer, boolean is_downlink, inout octetstring data) {
	select (alg) {
	case (NAS_ALG_ENC_EEA0) { }
	case (NAS_ALG_ENC_EEA1) {
		f_snow_3g_f8(k_nas_enc, count, bearer, is_downlink, data);
		}
	case else {
		Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unsupported EEA: ", alg));
		}
	}
}


/*********************************************************************************
 * high-level API (full NAS encapsulation/decapsulation)
 *********************************************************************************/

type record NAS_UE_State {
	NAS_Role role,		/* ATS implements UE or MME role? */

	NAS_ALG_INT alg_int,	/* NAS Integrity Protection Algorithm */
	octetstring k_nas_int,	/* NAS Integrity Protection Key */
	NAS_ALG_ENC alg_enc,	/* NAS Encryption Algorithm */
	octetstring k_nas_enc,	/* NAS Encryption Key */
	integer rx_count,	/* frame counter (ATS rx side) */
	integer tx_count,	/* frame counter (ATS tx side) */
	boolean new_ctx,	/* Use "New EPS Security Context" when building next sec_hdr_t */
	boolean use_int,	/* Whether to use "Integrity" in sec_hdr_t */
	boolean use_enc		/* Whether to use "Ciphering" in sec_hdr_t */
};

template (value) NAS_UE_State t_NAS_UE_State(NAS_Role role) := {
	role := role,
	alg_int := NAS_ALG_IP_EIA0,
	k_nas_int := ''O,
	alg_enc := NAS_ALG_ENC_EEA0,
	k_nas_enc := ''O,
	rx_count := 0,
	tx_count := 0,
	new_ctx := false,
	use_int := false,
	use_enc := false
};

type enumerated NAS_Role {
	NAS_ROLE_UE,	/* ATS implements/emulates UE */
	NAS_ROLE_MME	/* ATS implements/emulates MME */
};
type enumerated NAS_ALG_INT {
	NAS_ALG_IP_EIA0,	/* no integrity protection */
	NAS_ALG_IP_EIA1,	/* SNOW-3G F9 based */
	NAS_ALG_IP_EIA2,	/* AES based */
	NAS_ALG_IP_EIA3		/* ZUC */
};
type enumerated NAS_ALG_ENC {
	NAS_ALG_ENC_EEA0,	/* no encryption */
	NAS_ALG_ENC_EEA1,	/* SNOW-3G F8 based */
	NAS_ALG_ENC_EEA2,	/* AES based */
	NAS_ALG_ENC_EEA3	/* ZUC */
};

/* port between individual per-connection components and this translator */
type port S1AP_NAS_Conn_PT message {
	inout S1AP_PDU, PDU_NAS_EPS;
} with { extension "internal" };

/* determine if a received (from the IUT) message is downlink or not */
private function f_rx_is_downlink(in NAS_UE_State nus) return boolean
{
	if (nus.role == NAS_ROLE_UE) {
		return true;
	} else {
		return false;
	}
}

/* determine if a message transmitted to the IUT message is downlink or not */
private function f_tx_is_downlink(in NAS_UE_State nus) return boolean
{
	return not f_rx_is_downlink(nus);
}

private function f_nas_check_ip(inout NAS_UE_State nus,
				in PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas) return boolean
{
	var octetstring data_with_seq := int2oct(secp_nas.sequenceNumber, 1) & secp_nas.nAS_Message;
	var OCT4 exp_mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.rx_count, 0,
					   f_rx_is_downlink(nus), data_with_seq);

	if (nus.rx_count != secp_nas.sequenceNumber) {
		setverdict(fail, "Received NAS SeqNr ", secp_nas.sequenceNumber,
			   " doesn't match expected SeqNr ", nus.rx_count, ": ", secp_nas, " | nus: ", nus);
		return false;
	}
	if (exp_mac != secp_nas.messageAuthenticationCode) {
		setverdict(fail, "Received NAS MAC ", secp_nas.messageAuthenticationCode,
			   " doesn't match expected MAC ", exp_mac, ": ", secp_nas, " | nus: ", nus);
		return false;
	}
	return true;
}

/* try to decapsulate (MAC verify, decrypt) NAS message */
function f_nas_try_decaps(inout NAS_UE_State nus, PDU_NAS_EPS nas) return PDU_NAS_EPS
{
	var PDU_NAS_EPS_SecurityProtectedNASMessage secp_nas;

	/* transparently pass through any non-protected NAS */
	if (not match(nas, tr_NAS_EMM_SecurityProtected)) {
		return nas;
	}

	/* process any security-protected NAS */
	secp_nas := nas.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage;
	select (secp_nas.securityHeaderType) {
	case ('0011'B) { /* IP with new EPS security context */
		nus.new_ctx := true;
		nus.rx_count := 0;
		nus.alg_int := NAS_ALG_IP_EIA1; /* FIXME: from decoded inner message! */
		if (not f_nas_check_ip(nus, secp_nas)) {
			Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed");
		}
		nus.rx_count := nus.rx_count + 1;
		return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
		}
	case ('0001'B) { /* IP only */
		nus.new_ctx := false;
		if (not f_nas_check_ip(nus, secp_nas)) {
			Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed");
		}
		nus.rx_count := nus.rx_count + 1;
		return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
		}
	case ('0010'B) { /* IP + ciphered */
		nus.new_ctx := false;
		if (not f_nas_check_ip(nus, secp_nas)) {
			Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed");
		}
		nus.rx_count := nus.rx_count + 1;
		f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0,
			      f_rx_is_downlink(nus), secp_nas.nAS_Message);
		return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
		}
	case ('0100'B) { /* IP + ciphered; new EPS security context */
		nus.new_ctx := true;
		nus.rx_count := 0;
		if (not f_nas_check_ip(nus, secp_nas)) {
			Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed");
		}
		f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.rx_count, 0,
			      f_rx_is_downlink(nus), secp_nas.nAS_Message);
		nus.rx_count := nus.rx_count + 1;
		return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
		}
	//case ('0101'B) { /* IP + partially ciphered */ }
	//case ('1100'B) { /* Service Request Message */ }
	case else  {
		Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Implement SecHdrType for ", secp_nas));
		mtc.stop; /* make compiler happy about not returning. */
		}
	}
}

private function f_nas_determine_sec_hdr_t(boolean encrypt, boolean authenticate, boolean new_ctx)
return BIT4
{
	if (encrypt == false and authenticate == false and new_ctx == false) {
		return '0000'B;
	} else if (encrypt == false and authenticate == true and new_ctx == false) {
		return '0001'B;
	} else if (encrypt == false and authenticate == true and new_ctx == true) {
		return '0011'B;
	} else if (encrypt == true and authenticate == true and new_ctx == true) {
		return '0100'B;
	} else if (encrypt == true and authenticate == true and new_ctx == false) {
		return '0010'B;
	} else {
		Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "Invalid sec_hdr conditions");
		return '0000'B; /* never reached, make compiler happy */
	}
}

/* encapsulate a NAS message (encrypt, MAC) */
function f_nas_encaps(inout NAS_UE_State nus, PDU_NAS_EPS nas_in)
return PDU_NAS_EPS
{
	var BIT4 sec_hdr_t;
	var PDU_NAS_EPS nas_out;

	if (nus.use_enc == false and nus.use_int == false) {
		return nas_in;
	}

	if (nus.new_ctx) {
		nus.tx_count := 0;
	}

	var octetstring nas_enc := enc_PDU_NAS_EPS(nas_in);
	if (nus.use_enc) {
		f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.tx_count, 0,
			      f_tx_is_downlink(nus), nas_enc);
	}

	sec_hdr_t := f_nas_determine_sec_hdr_t(nus.use_enc, nus.use_int, nus.new_ctx);
	nas_out := valueof(ts_NAS_EMM_SecurityProtected(sec_hdr_t, nus.tx_count, nas_enc));
	if (nus.use_int) {
		var OCT4 mac := f_nas_mac_calc(nus.alg_int, nus.k_nas_int, nus.tx_count, 0,
						f_tx_is_downlink(nus), '00'O & nas_enc);
		nas_out.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage.messageAuthenticationCode := mac;
	}
	return nas_out;
}

} // namespace