Changing integrity functions in nas.cc

master
Pedro Alvarez 7 years ago
parent 5fd337a7ad
commit 1bad88a432

@ -193,8 +193,8 @@ public:
bool pack_attach_accept( emm_ctx_t *ue_emm_ctx, ecm_ctx_t *ue_ecm_ctx, LIBLTE_S1AP_E_RABTOBESETUPITEMCTXTSUREQ_STRUCT *erab_ctxt, struct srslte::gtpc_pdn_address_allocation_ie *paa, srslte::byte_buffer_t *nas_buffer);
/* Security functions */
bool integrity_check( emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu);
bool short_integrity_check( emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu);
bool integrity_check (srslte::byte_buffer_t *pdu);
bool short_integrity_check (srslte::byte_buffer_t *pdu);
/* UE Context*/
emm_ctx_t m_emm_ctx;

@ -385,73 +385,6 @@ nas::handle_tracking_area_update_request(srslte::byte_buffer_t *nas_msg, ue_ctx_
return true;
}
/************************
*
* Security Functions
*
************************/
bool
nas::short_integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu)
{
uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[2];
int i;
srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16],
emm_ctx->security_ctxt.ul_nas_count,
0,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[0],
2,
&exp_mac[0]);
// Check if expected mac equals the sent mac
for(i=0; i<2; i++){
if(exp_mac[i+2] != mac[i]){
m_s1ap_log->warning("Short integrity check failure. Local: count=%d, [%02x %02x %02x %02x], "
"Received: count=%d, [%02x %02x]\n",
emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
pdu->msg[1] & 0x1F, mac[0], mac[1]);
return false;
}
}
m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
emm_ctx->security_ctxt.ul_nas_count, pdu->msg[1] & 0x1F);
return true;
}
bool
nas::integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu)
{
uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[1];
int i;
srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16],
emm_ctx->security_ctxt.ul_nas_count,
0,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[5],
pdu->N_bytes-5,
&exp_mac[0]);
// Check if expected mac equals the sent mac
for(i=0; i<4; i++){
if(exp_mac[i] != mac[i]){
m_s1ap_log->warning("Integrity check failure. UL Local: count=%d, [%02x %02x %02x %02x], "
"Received: UL count=%d, [%02x %02x %02x %02x]\n",
emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
pdu->msg[5], mac[0], mac[1], mac[2], mac[3]);
return false;
}
}
m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
emm_ctx->security_ctxt.ul_nas_count, pdu->msg[5]);
return true;
}
bool
nas::handle_authentication_failure(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag)
@ -1079,7 +1012,7 @@ nas::pack_emm_information( ue_ctx_t *ue_ctx, srslte::byte_buffer_t *reply_msg)
}
bool
s1ap_nas_transport::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_t emm_cause, uint32_t enb_ue_s1ap_id)
nas::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_t emm_cause, uint32_t enb_ue_s1ap_id)
{
srslte::byte_buffer_t *nas_buffer = m_pool->allocate();
@ -1130,4 +1063,71 @@ s1ap_nas_transport::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_
return true;
}
/************************
*
* Security Functions
*
************************/
bool
nas::short_integrity_check(srslte::byte_buffer_t *pdu)
{
uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[2];
int i;
srslte::security_128_eia1(&m_sec_ctx.k_nas_int[16],
m_sec_ctx.ul_nas_count,
0,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[0],
2,
&exp_mac[0]);
// Check if expected mac equals the sent mac
for(i=0; i<2; i++){
if(exp_mac[i+2] != mac[i]){
m_s1ap_log->warning("Short integrity check failure. Local: count=%d, [%02x %02x %02x %02x], "
"Received: count=%d, [%02x %02x]\n",
m_sec_ctx->ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
pdu->msg[1] & 0x1F, mac[0], mac[1]);
return false;
}
}
m_nas_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
m_sec_ctx.ul_nas_count, pdu->msg[1] & 0x1F);
return true;
}
bool
nas::integrity_check(srslte::byte_buffer_t *pdu)
{
uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[1];
int i;
srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16],
emm_ctx->security_ctxt.ul_nas_count,
0,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[5],
pdu->N_bytes-5,
&exp_mac[0]);
// Check if expected mac equals the sent mac
for(i=0; i<4; i++){
if(exp_mac[i] != mac[i]){
m_s1ap_log->warning("Integrity check failure. UL Local: count=%d, [%02x %02x %02x %02x], "
"Received: UL count=%d, [%02x %02x %02x %02x]\n",
emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
pdu->msg[5], mac[0], mac[1], mac[2], mac[3]);
return false;
}
}
m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
emm_ctx->security_ctxt.ul_nas_count, pdu->msg[5]);
return true;
}
} //namespace srsepc

@ -265,9 +265,9 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
case LIBLTE_MME_MSG_TYPE_SECURITY_MODE_COMPLETE:
m_s1ap_log->info("Uplink NAS: Received Security Mode Complete\n");
m_s1ap_log->console("Uplink NAS: Received Security Mode Complete\n");
emm_ctx->security_ctxt.ul_nas_count = 0;
emm_ctx->security_ctxt.dl_nas_count = 0;
mac_valid = nas->integrity_check(nas_msg);
sec_ctx->ul_nas_count = 0;
sec_ctx->dl_nas_count = 0;
mac_valid = nas_ctx->integrity_check(nas_msg);
if(mac_valid){
nas_ctx->handle_nas_security_mode_complete(nas_msg, reply_buffer, reply_flag);
} else {
@ -282,8 +282,8 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
else if(sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY || sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED)
{
//Integrity protected NAS message, possibly ciphered.
emm_ctx->security_ctxt.ul_nas_count++;
mac_valid = nas->integrity_check(nas_msg);
sec_ctx->ul_nas_count++;
mac_valid = nas_ctx->integrity_check(nas_msg);
if(!mac_valid){
m_s1ap_log->warning("Invalid MAC in NAS message type 0x%x.\n", msg_type);
m_pool->deallocate(nas_msg);
@ -331,8 +331,8 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
if(*reply_flag == true)
{
m_s1ap_log->console("DL NAS: Sent Downlink NAS Message. DL NAS Count=%d, UL NAS count=%d\n",emm_ctx->security_ctxt.dl_nas_count,emm_ctx->security_ctxt.ul_nas_count );
m_s1ap_log->info("DL NAS: Sent Downlink NAS message. DL NAS Count=%d, UL NAS count=%d\n",emm_ctx->security_ctxt.dl_nas_count, emm_ctx->security_ctxt.ul_nas_count);
m_s1ap_log->console("DL NAS: Sent Downlink NAS Message. DL NAS Count=%d, UL NAS count=%d\n", sec_ctx->dl_nas_count, sec_ctx->ul_nas_count);
m_s1ap_log->info("DL NAS: Sent Downlink NAS message. DL NAS Count=%d, UL NAS count=%d\n", sec_ctx->dl_nas_count, sec_ctx->ul_nas_count);
m_s1ap_log->info("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id);
m_s1ap_log->console("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id);
}
@ -366,20 +366,15 @@ s1ap_nas_transport::handle_nas_attach_request(uint32_t enb_ue_s1ap_id,
}
//Get attach type from attach request
if(attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI)
{
if (attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI) {
m_s1ap_log->console("Attach Request -- IMSI-style attach request\n");
m_s1ap_log->info("Attach Request -- IMSI-style attach request\n");
handle_nas_imsi_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, reply_buffer, reply_flag, enb_sri);
}
else if(attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_GUTI)
{
} else if (attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_GUTI) {
m_s1ap_log->console("Attach Request -- GUTI-style attach request\n");
m_s1ap_log->info("Attach Request -- GUTI-style attach request\n");
handle_nas_guti_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, nas_msg, reply_buffer, reply_flag, enb_sri);
}
else
{
} else {
m_s1ap_log->error("Unhandled Mobile Id type in attach request\n");
return false;
}

Loading…
Cancel
Save