Changing integrity functions in nas.cc

6 years ago · 1bad88a432
parent 5fd337a7ad
commit 1bad88a432
3 changed files with 80 additions and 85 deletions
--- a/srsepc/hdr/mme/nas.h
+++ b/srsepc/hdr/mme/nas.h
@ -193,8 +193,8 @@ public:
  bool pack_attach_accept(           emm_ctx_t *ue_emm_ctx, ecm_ctx_t *ue_ecm_ctx, LIBLTE_S1AP_E_RABTOBESETUPITEMCTXTSUREQ_STRUCT *erab_ctxt, struct srslte::gtpc_pdn_address_allocation_ie *paa, srslte::byte_buffer_t *nas_buffer);

  /* Security functions */
-  bool integrity_check(       emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu);
-  bool short_integrity_check( emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu);
+  bool integrity_check       (srslte::byte_buffer_t *pdu);
+  bool short_integrity_check (srslte::byte_buffer_t *pdu);

  /* UE Context*/
  emm_ctx_t m_emm_ctx;
--- a/srsepc/src/mme/nas.cc
+++ b/srsepc/src/mme/nas.cc
@ -385,73 +385,6 @@ nas::handle_tracking_area_update_request(srslte::byte_buffer_t *nas_msg, ue_ctx_
  return true;
 }

-/************************
- *
- * Security Functions
- *
- ************************/
-
-bool
-nas::short_integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu)
-{
-  uint8_t exp_mac[4];
-  uint8_t *mac = &pdu->msg[2];
-  int i;
-
-  srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16],
-                     emm_ctx->security_ctxt.ul_nas_count,
-                     0,
-                     SECURITY_DIRECTION_UPLINK,
-                     &pdu->msg[0],
-                     2,
-                     &exp_mac[0]);
-
-  // Check if expected mac equals the sent mac
-  for(i=0; i<2; i++){
-    if(exp_mac[i+2] != mac[i]){
-      m_s1ap_log->warning("Short integrity check failure. Local: count=%d, [%02x %02x %02x %02x], "
-                       "Received: count=%d, [%02x %02x]\n",
-                          emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
-                          pdu->msg[1] & 0x1F, mac[0], mac[1]);
-      return false;
-    }
-  }
-  m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
-                emm_ctx->security_ctxt.ul_nas_count, pdu->msg[1] & 0x1F);
-  return true;
-}
-
-
-bool
-nas::integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu)
-{
-  uint8_t exp_mac[4];
-  uint8_t *mac = &pdu->msg[1];
-  int i;
-
-  srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16],
-                     emm_ctx->security_ctxt.ul_nas_count,
-                     0,
-                     SECURITY_DIRECTION_UPLINK,
-                     &pdu->msg[5],
-                     pdu->N_bytes-5,
-                     &exp_mac[0]);
-
-  // Check if expected mac equals the sent mac
-  for(i=0; i<4; i++){
-    if(exp_mac[i] != mac[i]){
-      m_s1ap_log->warning("Integrity check failure. UL Local: count=%d, [%02x %02x %02x %02x], "
-                       "Received: UL count=%d, [%02x %02x %02x %02x]\n",
-                       emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
-                       pdu->msg[5], mac[0], mac[1], mac[2], mac[3]);
-      return false;
-    }
-  }
-  m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
-                emm_ctx->security_ctxt.ul_nas_count, pdu->msg[5]);
-    return true;
-}
-

 bool
 nas::handle_authentication_failure(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag)
@ -1079,7 +1012,7 @@ nas::pack_emm_information( ue_ctx_t *ue_ctx, srslte::byte_buffer_t *reply_msg)
 }

 bool
-s1ap_nas_transport::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_t emm_cause, uint32_t enb_ue_s1ap_id)
+nas::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_t emm_cause, uint32_t enb_ue_s1ap_id)
 {
  srslte::byte_buffer_t *nas_buffer = m_pool->allocate();

@ -1130,4 +1063,71 @@ s1ap_nas_transport::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_
  return true;
 }

+/************************
+ *
+ * Security Functions
+ *
+ ************************/
+
+bool
+nas::short_integrity_check(srslte::byte_buffer_t *pdu)
+{
+  uint8_t exp_mac[4];
+  uint8_t *mac = &pdu->msg[2];
+  int i;
+
+  srslte::security_128_eia1(&m_sec_ctx.k_nas_int[16],
+                     m_sec_ctx.ul_nas_count,
+                     0,
+                     SECURITY_DIRECTION_UPLINK,
+                     &pdu->msg[0],
+                     2,
+                     &exp_mac[0]);
+
+  // Check if expected mac equals the sent mac
+  for(i=0; i<2; i++){
+    if(exp_mac[i+2] != mac[i]){
+      m_s1ap_log->warning("Short integrity check failure. Local: count=%d, [%02x %02x %02x %02x], "
+                          "Received: count=%d, [%02x %02x]\n",
+                          m_sec_ctx->ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
+                          pdu->msg[1] & 0x1F, mac[0], mac[1]);
+      return false;
+    }
+  }
+  m_nas_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
+                  m_sec_ctx.ul_nas_count, pdu->msg[1] & 0x1F);
+  return true;
+}
+
+
+bool
+nas::integrity_check(srslte::byte_buffer_t *pdu)
+{
+  uint8_t exp_mac[4];
+  uint8_t *mac = &pdu->msg[1];
+  int i;
+
+  srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16],
+                     emm_ctx->security_ctxt.ul_nas_count,
+                     0,
+                     SECURITY_DIRECTION_UPLINK,
+                     &pdu->msg[5],
+                     pdu->N_bytes-5,
+                     &exp_mac[0]);
+
+  // Check if expected mac equals the sent mac
+  for(i=0; i<4; i++){
+    if(exp_mac[i] != mac[i]){
+      m_s1ap_log->warning("Integrity check failure. UL Local: count=%d, [%02x %02x %02x %02x], "
+                       "Received: UL count=%d, [%02x %02x %02x %02x]\n",
+                       emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
+                       pdu->msg[5], mac[0], mac[1], mac[2], mac[3]);
+      return false;
+    }
+  }
+  m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
+                emm_ctx->security_ctxt.ul_nas_count, pdu->msg[5]);
+    return true;
+}
+
 } //namespace srsepc
--- a/srsepc/src/mme/s1ap_nas_transport.cc
+++ b/srsepc/src/mme/s1ap_nas_transport.cc
@ -265,9 +265,9 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
      case  LIBLTE_MME_MSG_TYPE_SECURITY_MODE_COMPLETE:
      m_s1ap_log->info("Uplink NAS: Received Security Mode Complete\n");
      m_s1ap_log->console("Uplink NAS: Received Security Mode Complete\n");
-      emm_ctx->security_ctxt.ul_nas_count = 0;
-      emm_ctx->security_ctxt.dl_nas_count = 0;
-      mac_valid = nas->integrity_check(nas_msg);
+      sec_ctx->ul_nas_count = 0;
+      sec_ctx->dl_nas_count = 0;
+      mac_valid = nas_ctx->integrity_check(nas_msg);
      if(mac_valid){
        nas_ctx->handle_nas_security_mode_complete(nas_msg, reply_buffer, reply_flag);
      } else {
@ -282,8 +282,8 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
  else if(sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY || sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED)
  {
    //Integrity protected NAS message, possibly ciphered.
-    emm_ctx->security_ctxt.ul_nas_count++;
-    mac_valid = nas->integrity_check(nas_msg);
+    sec_ctx->ul_nas_count++;
+    mac_valid = nas_ctx->integrity_check(nas_msg);
    if(!mac_valid){
      m_s1ap_log->warning("Invalid MAC in NAS message type 0x%x.\n", msg_type);
      m_pool->deallocate(nas_msg);
@ -331,8 +331,8 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA

  if(*reply_flag == true)
  {
-    m_s1ap_log->console("DL NAS: Sent Downlink NAS Message. DL NAS Count=%d, UL NAS count=%d\n",emm_ctx->security_ctxt.dl_nas_count,emm_ctx->security_ctxt.ul_nas_count );
-    m_s1ap_log->info("DL NAS: Sent Downlink NAS message. DL NAS Count=%d, UL NAS count=%d\n",emm_ctx->security_ctxt.dl_nas_count, emm_ctx->security_ctxt.ul_nas_count);
+    m_s1ap_log->console("DL NAS: Sent Downlink NAS Message. DL NAS Count=%d, UL NAS count=%d\n", sec_ctx->dl_nas_count, sec_ctx->ul_nas_count);
+    m_s1ap_log->info("DL NAS: Sent Downlink NAS message. DL NAS Count=%d, UL NAS count=%d\n", sec_ctx->dl_nas_count, sec_ctx->ul_nas_count);
    m_s1ap_log->info("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id);
    m_s1ap_log->console("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id);
  }
@ -366,20 +366,15 @@ s1ap_nas_transport::handle_nas_attach_request(uint32_t enb_ue_s1ap_id,
  }

  //Get attach type from attach request
-  if(attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI)
-  {
+  if (attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI) {
    m_s1ap_log->console("Attach Request -- IMSI-style attach request\n");
    m_s1ap_log->info("Attach Request -- IMSI-style attach request\n");
    handle_nas_imsi_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, reply_buffer, reply_flag, enb_sri);
-  }
-  else if(attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_GUTI)
-  {
+  } else if (attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_GUTI) {
    m_s1ap_log->console("Attach Request -- GUTI-style attach request\n");
    m_s1ap_log->info("Attach Request -- GUTI-style attach request\n");
    handle_nas_guti_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, nas_msg, reply_buffer, reply_flag, enb_sri);
-  }
-  else
-  {
+  } else {
    m_s1ap_log->error("Unhandled Mobile Id type in attach request\n");
    return false;
  }