fix SRB2 security handling in SS

master
Andre Puschmann 5 years ago
parent 7c1b4c1f12
commit 0e337a01c3

@ -54,6 +54,7 @@ public:
const std::array<uint8_t, 32> k_up_enc, const std::array<uint8_t, 32> k_up_enc,
const srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo, const srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo,
const srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo) = 0; const srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo) = 0;
virtual void release_as_security() = 0;
}; };
class ss_srb_interface class ss_srb_interface

@ -124,7 +124,7 @@ private:
handle_ccch_pdu(document, &rx_buf->at(rx_buf_offset), n - rx_buf_offset); handle_ccch_pdu(document, &rx_buf->at(rx_buf_offset), n - rx_buf_offset);
} else if (rrcpdu.HasMember("Dcch")) { } else if (rrcpdu.HasMember("Dcch")) {
rx_buf_offset += 2; rx_buf_offset += 2;
uint32_t lcid = 1; uint32_t lcid = document["Common"]["RoutingInfo"]["RadioBearerId"]["Srb"].GetInt();
handle_dcch_pdu(document, lcid, &rx_buf->at(rx_buf_offset), n - rx_buf_offset); handle_dcch_pdu(document, lcid, &rx_buf->at(rx_buf_offset), n - rx_buf_offset);
} else { } else {
log->error("Received unknown request.\n"); log->error("Received unknown request.\n");
@ -161,7 +161,7 @@ private:
// Todo: move to SYSSIM // Todo: move to SYSSIM
void handle_dcch_pdu(Document& document, const uint16_t lcid, const uint8_t* payload, const uint16_t len) void handle_dcch_pdu(Document& document, const uint16_t lcid, const uint8_t* payload, const uint16_t len)
{ {
log->info_hex(payload, len, "Received DCCH RRC PDU\n"); log->info_hex(payload, len, "Received DCCH RRC PDU (lcid=%d)\n", lcid);
// pack into byte buffer // pack into byte buffer
unique_byte_buffer_t pdu = pool_allocate_blocking; unique_byte_buffer_t pdu = pool_allocate_blocking;

@ -409,6 +409,9 @@ private:
// configure SS to use AS security // configure SS to use AS security
syssim->set_as_security(lcid, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo); syssim->set_as_security(lcid, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
} else if (as_sec.HasMember("Release")) {
// release all security configs
syssim->release_as_security();
} }
if (config_flag.GetBool() == true) { if (config_flag.GetBool() == true) {

@ -149,6 +149,7 @@ public:
pdcp.reset(); pdcp.reset();
cells.clear(); cells.clear();
pcell_idx = -1; pcell_idx = -1;
as_security_enabled = false;
} }
// Called from UT before starting testcase // Called from UT before starting testcase
@ -765,8 +766,17 @@ public:
void add_srb(uint32_t lcid, pdcp_config_t pdcp_config) void add_srb(uint32_t lcid, pdcp_config_t pdcp_config)
{ {
std::lock_guard<std::mutex> lock(mutex); std::lock_guard<std::mutex> lock(mutex);
log.info("Adding SRB%d\n", lcid);
pdcp.add_bearer(lcid, pdcp_config); pdcp.add_bearer(lcid, pdcp_config);
rlc.add_bearer(lcid, srslte::rlc_config_t::srb_config(lcid)); rlc.add_bearer(lcid, srslte::rlc_config_t::srb_config(lcid));
// Enable security for SRB2
if (lcid == 2) {
log.info("Enabling AS security for LCID=%d\n", lcid);
pdcp.config_security(lcid, k_rrc_enc.data(), k_rrc_int.data(), k_up_enc.data(), cipher_algo, integ_algo);
pdcp.enable_encryption(lcid);
pdcp.enable_integrity(lcid);
}
} }
void reestablish_bearer(uint32_t lcid) void reestablish_bearer(uint32_t lcid)
@ -780,6 +790,7 @@ public:
void del_srb(uint32_t lcid) void del_srb(uint32_t lcid)
{ {
std::lock_guard<std::mutex> lock(mutex); std::lock_guard<std::mutex> lock(mutex);
log.info("Deleting SRB%d\n", lcid);
// Only delete SRB1/2 // Only delete SRB1/2
if (lcid > 0) { if (lcid > 0) {
pdcp.del_bearer(lcid); pdcp.del_bearer(lcid);
@ -852,19 +863,42 @@ public:
bool rb_is_um(uint32_t lcid) { return false; } bool rb_is_um(uint32_t lcid) { return false; }
int set_as_security(const uint32_t lcid, int set_as_security(const uint32_t lcid,
std::array<uint8_t, 32> k_rrc_enc, std::array<uint8_t, 32> k_rrc_enc_,
std::array<uint8_t, 32> k_rrc_int, std::array<uint8_t, 32> k_rrc_int_,
std::array<uint8_t, 32> k_up_enc, std::array<uint8_t, 32> k_up_enc_,
const srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo, const srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
const srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo) const srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_)
{ {
log.info("Setting AS security for LCID=%d\n", lcid); log.info("Setting AS security for LCID=%d\n", lcid);
pdcp.config_security(lcid, k_rrc_enc.data(), k_rrc_int.data(), k_up_enc.data(), cipher_algo, integ_algo); pdcp.config_security(lcid, k_rrc_enc_.data(), k_rrc_int_.data(), k_up_enc_.data(), cipher_algo_, integ_algo_);
pdcp.enable_integrity(lcid); pdcp.enable_integrity(lcid);
pdcp.enable_encryption(lcid); pdcp.enable_encryption(lcid);
// if SRB2 is established, also apply security config
uint32_t srb2_lcid = 2;
if (pdcp.is_lcid_enabled(2)) {
log.info("Updating AS security for LCID=%d\n", srb2_lcid);
pdcp.config_security(
srb2_lcid, k_rrc_enc_.data(), k_rrc_int_.data(), k_up_enc_.data(), cipher_algo_, integ_algo_);
}
// store security config for later use (i.e. new bearer added)
as_security_enabled = true;
k_rrc_enc = k_rrc_enc_;
k_rrc_int = k_rrc_int_;
k_up_enc = k_up_enc_;
cipher_algo = cipher_algo_;
integ_algo = integ_algo_;
return 0; return 0;
} }
void release_as_security()
{
log.info("Releasing AS security\n");
as_security_enabled = false;
}
void select_cell(srslte_cell_t phy_cell) void select_cell(srslte_cell_t phy_cell)
{ {
// find matching cell in SS cell list // find matching cell in SS cell list
@ -952,6 +986,14 @@ private:
srslte::rlc rlc; srslte::rlc rlc;
srslte::pdcp pdcp; srslte::pdcp pdcp;
// security config
bool as_security_enabled = false;
std::array<uint8_t, 32> k_rrc_enc;
std::array<uint8_t, 32> k_rrc_int;
std::array<uint8_t, 32> k_up_enc;
srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo = CIPHERING_ALGORITHM_ID_EEA0;
srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo = INTEGRITY_ALGORITHM_ID_EIA0;
std::vector<std::string> rb_id_vec = std::vector<std::string> rb_id_vec =
{"SRB0", "SRB1", "SRB2", "DRB1", "DRB2", "DRB3", "DRB4", "DRB5", "DRB6", "DRB7", "DRB8"}; {"SRB0", "SRB1", "SRB2", "DRB1", "DRB2", "DRB3", "DRB4", "DRB5", "DRB6", "DRB7", "DRB8"};
}; };

Loading…
Cancel
Save