P1sec / pycrate

A Python library to ease the development of encoders and decoders for various protocols and file formats; contains ASN.1 and CSN.1 compilers.
GNU Lesser General Public License v2.1
384 stars 132 forks source link

Query - Usage guideline or example to validate Snow 3G Integrity (Message Authentication Code) #132

Closed lweiner-spirent closed 2 years ago

lweiner-spirent commented 3 years ago

Is pycrate suitable for independent validation of the Message Authentication Code given that we can provide the suitable inputs (Integrity Key, ...)?

If so, what are the APIs that we would use to create a simple command line interface, and how would we invoke them?

p1-bmu commented 3 years ago

There is no explicit documentation on 4G / 5G NAS messages cryptographic operations. There is however an API on specific EMM and 5GMM NAS messages for integrity validation, e.g. https://github.com/P1sec/pycrate/blob/a20d9ebd35a65bdf136b89ae79b95fb8f10a17ac/pycrate_mobile/TS24301_EMM.py#L571

This is also used in the corenet part that emulates a complete 4G core network, see https://github.com/P1sec/pycrate/blob/a20d9ebd35a65bdf136b89ae79b95fb8f10a17ac/pycrate_corenet/HdlrUES1.py#L1572

If you prefer to call directly the cryptographic primitives, without having to deal with the message structures provided by pycrate, you can use directly https://github.com/P1sec/CryptoMobile/blob/246d494857328996385ab4e8ab469348c97334f2/CryptoMobile/CM.py#L134