From 1bad88a432d255800ec9bd57594db46f075b2ada Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Mon, 16 Jul 2018 19:41:27 +0100 Subject: [PATCH] Changing integrity functions in nas.cc --- srsepc/hdr/mme/nas.h | 4 +- srsepc/src/mme/nas.cc | 136 +++++++++++++-------------- srsepc/src/mme/s1ap_nas_transport.cc | 25 ++--- 3 files changed, 80 insertions(+), 85 deletions(-) diff --git a/srsepc/hdr/mme/nas.h b/srsepc/hdr/mme/nas.h index 9ac2e7ed5..45a32e868 100644 --- a/srsepc/hdr/mme/nas.h +++ b/srsepc/hdr/mme/nas.h @@ -193,8 +193,8 @@ public: bool pack_attach_accept( emm_ctx_t *ue_emm_ctx, ecm_ctx_t *ue_ecm_ctx, LIBLTE_S1AP_E_RABTOBESETUPITEMCTXTSUREQ_STRUCT *erab_ctxt, struct srslte::gtpc_pdn_address_allocation_ie *paa, srslte::byte_buffer_t *nas_buffer); /* Security functions */ - bool integrity_check( emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu); - bool short_integrity_check( emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu); + bool integrity_check (srslte::byte_buffer_t *pdu); + bool short_integrity_check (srslte::byte_buffer_t *pdu); /* UE Context*/ emm_ctx_t m_emm_ctx; diff --git a/srsepc/src/mme/nas.cc b/srsepc/src/mme/nas.cc index 5ce3ebf37..fe84de4db 100644 --- a/srsepc/src/mme/nas.cc +++ b/srsepc/src/mme/nas.cc @@ -385,73 +385,6 @@ nas::handle_tracking_area_update_request(srslte::byte_buffer_t *nas_msg, ue_ctx_ return true; } -/************************ - * - * Security Functions - * - ************************/ - -bool -nas::short_integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu) -{ - uint8_t exp_mac[4]; - uint8_t *mac = &pdu->msg[2]; - int i; - - srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16], - emm_ctx->security_ctxt.ul_nas_count, - 0, - SECURITY_DIRECTION_UPLINK, - &pdu->msg[0], - 2, - &exp_mac[0]); - - // Check if expected mac equals the sent mac - for(i=0; i<2; i++){ - if(exp_mac[i+2] != mac[i]){ - m_s1ap_log->warning("Short integrity check failure. Local: count=%d, [%02x %02x %02x %02x], " - "Received: count=%d, [%02x %02x]\n", - emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3], - pdu->msg[1] & 0x1F, mac[0], mac[1]); - return false; - } - } - m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n", - emm_ctx->security_ctxt.ul_nas_count, pdu->msg[1] & 0x1F); - return true; -} - - -bool -nas::integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu) -{ - uint8_t exp_mac[4]; - uint8_t *mac = &pdu->msg[1]; - int i; - - srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16], - emm_ctx->security_ctxt.ul_nas_count, - 0, - SECURITY_DIRECTION_UPLINK, - &pdu->msg[5], - pdu->N_bytes-5, - &exp_mac[0]); - - // Check if expected mac equals the sent mac - for(i=0; i<4; i++){ - if(exp_mac[i] != mac[i]){ - m_s1ap_log->warning("Integrity check failure. UL Local: count=%d, [%02x %02x %02x %02x], " - "Received: UL count=%d, [%02x %02x %02x %02x]\n", - emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3], - pdu->msg[5], mac[0], mac[1], mac[2], mac[3]); - return false; - } - } - m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n", - emm_ctx->security_ctxt.ul_nas_count, pdu->msg[5]); - return true; -} - bool nas::handle_authentication_failure(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag) @@ -1079,7 +1012,7 @@ nas::pack_emm_information( ue_ctx_t *ue_ctx, srslte::byte_buffer_t *reply_msg) } bool -s1ap_nas_transport::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_t emm_cause, uint32_t enb_ue_s1ap_id) +nas::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_t emm_cause, uint32_t enb_ue_s1ap_id) { srslte::byte_buffer_t *nas_buffer = m_pool->allocate(); @@ -1130,4 +1063,71 @@ s1ap_nas_transport::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_ return true; } +/************************ + * + * Security Functions + * + ************************/ + +bool +nas::short_integrity_check(srslte::byte_buffer_t *pdu) +{ + uint8_t exp_mac[4]; + uint8_t *mac = &pdu->msg[2]; + int i; + + srslte::security_128_eia1(&m_sec_ctx.k_nas_int[16], + m_sec_ctx.ul_nas_count, + 0, + SECURITY_DIRECTION_UPLINK, + &pdu->msg[0], + 2, + &exp_mac[0]); + + // Check if expected mac equals the sent mac + for(i=0; i<2; i++){ + if(exp_mac[i+2] != mac[i]){ + m_s1ap_log->warning("Short integrity check failure. Local: count=%d, [%02x %02x %02x %02x], " + "Received: count=%d, [%02x %02x]\n", + m_sec_ctx->ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3], + pdu->msg[1] & 0x1F, mac[0], mac[1]); + return false; + } + } + m_nas_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n", + m_sec_ctx.ul_nas_count, pdu->msg[1] & 0x1F); + return true; +} + + +bool +nas::integrity_check(srslte::byte_buffer_t *pdu) +{ + uint8_t exp_mac[4]; + uint8_t *mac = &pdu->msg[1]; + int i; + + srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16], + emm_ctx->security_ctxt.ul_nas_count, + 0, + SECURITY_DIRECTION_UPLINK, + &pdu->msg[5], + pdu->N_bytes-5, + &exp_mac[0]); + + // Check if expected mac equals the sent mac + for(i=0; i<4; i++){ + if(exp_mac[i] != mac[i]){ + m_s1ap_log->warning("Integrity check failure. UL Local: count=%d, [%02x %02x %02x %02x], " + "Received: UL count=%d, [%02x %02x %02x %02x]\n", + emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3], + pdu->msg[5], mac[0], mac[1], mac[2], mac[3]); + return false; + } + } + m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n", + emm_ctx->security_ctxt.ul_nas_count, pdu->msg[5]); + return true; +} + } //namespace srsepc diff --git a/srsepc/src/mme/s1ap_nas_transport.cc b/srsepc/src/mme/s1ap_nas_transport.cc index 8d9e16ef4..1ec2442ff 100644 --- a/srsepc/src/mme/s1ap_nas_transport.cc +++ b/srsepc/src/mme/s1ap_nas_transport.cc @@ -265,9 +265,9 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA case LIBLTE_MME_MSG_TYPE_SECURITY_MODE_COMPLETE: m_s1ap_log->info("Uplink NAS: Received Security Mode Complete\n"); m_s1ap_log->console("Uplink NAS: Received Security Mode Complete\n"); - emm_ctx->security_ctxt.ul_nas_count = 0; - emm_ctx->security_ctxt.dl_nas_count = 0; - mac_valid = nas->integrity_check(nas_msg); + sec_ctx->ul_nas_count = 0; + sec_ctx->dl_nas_count = 0; + mac_valid = nas_ctx->integrity_check(nas_msg); if(mac_valid){ nas_ctx->handle_nas_security_mode_complete(nas_msg, reply_buffer, reply_flag); } else { @@ -282,8 +282,8 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA else if(sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY || sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED) { //Integrity protected NAS message, possibly ciphered. - emm_ctx->security_ctxt.ul_nas_count++; - mac_valid = nas->integrity_check(nas_msg); + sec_ctx->ul_nas_count++; + mac_valid = nas_ctx->integrity_check(nas_msg); if(!mac_valid){ m_s1ap_log->warning("Invalid MAC in NAS message type 0x%x.\n", msg_type); m_pool->deallocate(nas_msg); @@ -331,8 +331,8 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA if(*reply_flag == true) { - m_s1ap_log->console("DL NAS: Sent Downlink NAS Message. DL NAS Count=%d, UL NAS count=%d\n",emm_ctx->security_ctxt.dl_nas_count,emm_ctx->security_ctxt.ul_nas_count ); - m_s1ap_log->info("DL NAS: Sent Downlink NAS message. DL NAS Count=%d, UL NAS count=%d\n",emm_ctx->security_ctxt.dl_nas_count, emm_ctx->security_ctxt.ul_nas_count); + m_s1ap_log->console("DL NAS: Sent Downlink NAS Message. DL NAS Count=%d, UL NAS count=%d\n", sec_ctx->dl_nas_count, sec_ctx->ul_nas_count); + m_s1ap_log->info("DL NAS: Sent Downlink NAS message. DL NAS Count=%d, UL NAS count=%d\n", sec_ctx->dl_nas_count, sec_ctx->ul_nas_count); m_s1ap_log->info("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id); m_s1ap_log->console("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id); } @@ -366,20 +366,15 @@ s1ap_nas_transport::handle_nas_attach_request(uint32_t enb_ue_s1ap_id, } //Get attach type from attach request - if(attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI) - { + if (attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI) { m_s1ap_log->console("Attach Request -- IMSI-style attach request\n"); m_s1ap_log->info("Attach Request -- IMSI-style attach request\n"); handle_nas_imsi_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, reply_buffer, reply_flag, enb_sri); - } - else if(attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_GUTI) - { + } else if (attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_GUTI) { m_s1ap_log->console("Attach Request -- GUTI-style attach request\n"); m_s1ap_log->info("Attach Request -- GUTI-style attach request\n"); handle_nas_guti_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, nas_msg, reply_buffer, reply_flag, enb_sri); - } - else - { + } else { m_s1ap_log->error("Unhandled Mobile Id type in attach request\n"); return false; }