Using estimated COUNT (from NAS overflow counter and RX SQN) for decription of NAS messaages. Should avoid issues decripting messages when the COUNT is larger than 256.

4 years ago · 17a8ec6cdd
parent 9f9fbe2420
commit 17a8ec6cdd
1 changed files with 19 additions and 8 deletions
--- a/srsue/src/stack/upper/nas.cc
+++ b/srsue/src/stack/upper/nas.cc
@ -772,8 +772,8 @@ bool nas::integrity_check(byte_buffer_t* pdu)
                mac[3]);

    // Updated local count (according to TS 24.301 Sec. 4.4.3.3)
-    if (pdu->msg[5] != ctxt.rx_count) {
-      logger.info("Update local count to received value %d", pdu->msg[5]);
+    if (count_est != ctxt.rx_count) {
+      logger.info("Update local count to estimated count %d", count_est);
      ctxt.rx_count = count_est;
    }
    return true;
@ -786,12 +786,17 @@ bool nas::integrity_check(byte_buffer_t* pdu)
 void nas::cipher_encrypt(byte_buffer_t* pdu)
 {
  byte_buffer_t pdu_tmp;
+
+  if (ctxt.cipher_algo != CIPHERING_ALGORITHM_ID_EEA0) {
+    logger.debug("Encrypting PDU. count=%d", ctxt.tx_count);
+  }
+
  switch (ctxt.cipher_algo) {
    case CIPHERING_ALGORITHM_ID_EEA0:
      break;
    case CIPHERING_ALGORITHM_ID_128_EEA1:
      security_128_eea1(&k_nas_enc[16],
-                        pdu->msg[5],
+                        ctxt.tx_count,
                        0, // Bearer always 0 for NAS
                        SECURITY_DIRECTION_UPLINK,
                        &pdu->msg[6],
@ -801,7 +806,7 @@ void nas::cipher_encrypt(byte_buffer_t* pdu)
      break;
    case CIPHERING_ALGORITHM_ID_128_EEA2:
      security_128_eea2(&k_nas_enc[16],
-                        pdu->msg[5],
+                        ctxt.tx_count,
                        0, // Bearer always 0 for NAS
                        SECURITY_DIRECTION_UPLINK,
                        &pdu->msg[6],
@ -811,7 +816,7 @@ void nas::cipher_encrypt(byte_buffer_t* pdu)
      break;
    case CIPHERING_ALGORITHM_ID_128_EEA3:
      security_128_eea3(&k_nas_enc[16],
-                        pdu->msg[5],
+                        ctxt.tx_count,
                        0, // Bearer always 0 for NAS
                        SECURITY_DIRECTION_UPLINK,
                        &pdu->msg[6],
@ -828,12 +833,18 @@ void nas::cipher_encrypt(byte_buffer_t* pdu)
 void nas::cipher_decrypt(byte_buffer_t* pdu)
 {
  byte_buffer_t tmp_pdu;
+
+  uint32_t count_est = (ctxt.rx_count & 0x00FFFF00u) | pdu->msg[5];
+  if (ctxt.cipher_algo != CIPHERING_ALGORITHM_ID_EEA0) {
+    logger.debug("Decrypting PDU. Local: count=%d, Received: count=%d", ctxt.rx_count, count_est);
+  }
+
  switch (ctxt.cipher_algo) {
    case CIPHERING_ALGORITHM_ID_EEA0:
      break;
    case CIPHERING_ALGORITHM_ID_128_EEA1:
      security_128_eea1(&k_nas_enc[16],
-                        pdu->msg[5],
+                        count_est,
                        0, // Bearer always 0 for NAS
                        SECURITY_DIRECTION_DOWNLINK,
                        &pdu->msg[6],
@ -843,7 +854,7 @@ void nas::cipher_decrypt(byte_buffer_t* pdu)
      break;
    case CIPHERING_ALGORITHM_ID_128_EEA2:
      security_128_eea2(&k_nas_enc[16],
-                        pdu->msg[5],
+                        count_est,
                        0, // Bearer always 0 for NAS
                        SECURITY_DIRECTION_DOWNLINK,
                        &pdu->msg[6],
@ -854,7 +865,7 @@ void nas::cipher_decrypt(byte_buffer_t* pdu)
      break;
    case CIPHERING_ALGORITHM_ID_128_EEA3:
      security_128_eea3(&k_nas_enc[16],
-                        pdu->msg[5],
+                        count_est,
                        0, // Bearer always 0 for NAS
                        SECURITY_DIRECTION_DOWNLINK,
                        &pdu->msg[6],