5g-team
/
srsRAN_4G
mirror of https://github.com/pvnis/srsRAN_4G.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changing integrity functions in nas.cc

Browse Source
master
Pedro Alvarez 6 years ago
parent 5fd337a7ad
commit 1bad88a432
3 changed files with 80 additions and 85 deletions
Show Stats Download Patch File Download Diff File

4
srsepc/hdr/mme/nas.h
Unescape Escape View File

@ -193,8 +193,8 @@ public:
bool pack_attach_accept( emm_ctx_t *ue_emm_ctx, ecm_ctx_t *ue_ecm_ctx, LIBLTE_S1AP_E_RABTOBESETUPITEMCTXTSUREQ_STRUCT *erab_ctxt, struct srslte::gtpc_pdn_address_allocation_ie *paa, srslte::byte_buffer_t *nas_buffer); bool pack_attach_accept( emm_ctx_t *ue_emm_ctx, ecm_ctx_t *ue_ecm_ctx, LIBLTE_S1AP_E_RABTOBESETUPITEMCTXTSUREQ_STRUCT *erab_ctxt, struct srslte::gtpc_pdn_address_allocation_ie *paa, srslte::byte_buffer_t *nas_buffer);
/* Security functions */ /* Security functions */
bool integrity_check( emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu); bool integrity_check (srslte::byte_buffer_t *pdu);
bool short_integrity_check( emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu); bool short_integrity_check (srslte::byte_buffer_t *pdu);
/* UE Context*/ /* UE Context*/
emm_ctx_t m_emm_ctx; emm_ctx_t m_emm_ctx;

136
srsepc/src/mme/nas.cc
Unescape Escape View File

@ -385,73 +385,6 @@ nas::handle_tracking_area_update_request(srslte::byte_buffer_t *nas_msg, ue_ctx_
return true; return true;
} }
/************************
*
* Security Functions
*
************************/
bool
nas::short_integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu)
{
uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[2];
int i;
srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16],
emm_ctx->security_ctxt.ul_nas_count,
0,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[0],
2,
&exp_mac[0]);
// Check if expected mac equals the sent mac
for(i=0; i<2; i++){
if(exp_mac[i+2] != mac[i]){
m_s1ap_log->warning("Short integrity check failure. Local: count=%d, [%02x %02x %02x %02x], "
"Received: count=%d, [%02x %02x]\n",
emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
pdu->msg[1] & 0x1F, mac[0], mac[1]);
return false;
}
}
m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
emm_ctx->security_ctxt.ul_nas_count, pdu->msg[1] & 0x1F);
return true;
}
bool
nas::integrity_check(ue_emm_ctx_t *emm_ctx, srslte::byte_buffer_t *pdu)
{
uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[1];
int i;
srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16],
emm_ctx->security_ctxt.ul_nas_count,
0,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[5],
pdu->N_bytes-5,
&exp_mac[0]);
// Check if expected mac equals the sent mac
for(i=0; i<4; i++){
if(exp_mac[i] != mac[i]){
m_s1ap_log->warning("Integrity check failure. UL Local: count=%d, [%02x %02x %02x %02x], "
"Received: UL count=%d, [%02x %02x %02x %02x]\n",
emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
pdu->msg[5], mac[0], mac[1], mac[2], mac[3]);
return false;
}
}
m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
emm_ctx->security_ctxt.ul_nas_count, pdu->msg[5]);
return true;
}
bool bool
nas::handle_authentication_failure(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag) nas::handle_authentication_failure(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag)
@ -1079,7 +1012,7 @@ nas::pack_emm_information( ue_ctx_t *ue_ctx, srslte::byte_buffer_t *reply_msg)
} }
bool bool
s1ap_nas_transport::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_t emm_cause, uint32_t enb_ue_s1ap_id) nas::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_t emm_cause, uint32_t enb_ue_s1ap_id)
{ {
srslte::byte_buffer_t *nas_buffer = m_pool->allocate(); srslte::byte_buffer_t *nas_buffer = m_pool->allocate();
@ -1130,4 +1063,71 @@ s1ap_nas_transport::pack_service_reject(srslte::byte_buffer_t *reply_msg, uint8_
return true; return true;
} }
/************************
*
* Security Functions
*
************************/
bool
nas::short_integrity_check(srslte::byte_buffer_t *pdu)
{
uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[2];
int i;
srslte::security_128_eia1(&m_sec_ctx.k_nas_int[16],
m_sec_ctx.ul_nas_count,
0,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[0],
2,
&exp_mac[0]);
// Check if expected mac equals the sent mac
for(i=0; i<2; i++){
if(exp_mac[i+2] != mac[i]){
m_s1ap_log->warning("Short integrity check failure. Local: count=%d, [%02x %02x %02x %02x], "
"Received: count=%d, [%02x %02x]\n",
m_sec_ctx->ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
pdu->msg[1] & 0x1F, mac[0], mac[1]);
return false;
}
}
m_nas_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
m_sec_ctx.ul_nas_count, pdu->msg[1] & 0x1F);
return true;
}
bool
nas::integrity_check(srslte::byte_buffer_t *pdu)
{
uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[1];
int i;
srslte::security_128_eia1(&emm_ctx->security_ctxt.k_nas_int[16],
emm_ctx->security_ctxt.ul_nas_count,
0,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[5],
pdu->N_bytes-5,
&exp_mac[0]);
// Check if expected mac equals the sent mac
for(i=0; i<4; i++){
if(exp_mac[i] != mac[i]){
m_s1ap_log->warning("Integrity check failure. UL Local: count=%d, [%02x %02x %02x %02x], "
"Received: UL count=%d, [%02x %02x %02x %02x]\n",
emm_ctx->security_ctxt.ul_nas_count, exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3],
pdu->msg[5], mac[0], mac[1], mac[2], mac[3]);
return false;
}
}
m_s1ap_log->info("Integrity check ok. Local: count=%d, Received: count=%d\n",
emm_ctx->security_ctxt.ul_nas_count, pdu->msg[5]);
return true;
}
} //namespace srsepc } //namespace srsepc

25
srsepc/src/mme/s1ap_nas_transport.cc
Unescape Escape View File

@ -265,9 +265,9 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
case LIBLTE_MME_MSG_TYPE_SECURITY_MODE_COMPLETE: case LIBLTE_MME_MSG_TYPE_SECURITY_MODE_COMPLETE:
m_s1ap_log->info("Uplink NAS: Received Security Mode Complete\n"); m_s1ap_log->info("Uplink NAS: Received Security Mode Complete\n");
m_s1ap_log->console("Uplink NAS: Received Security Mode Complete\n"); m_s1ap_log->console("Uplink NAS: Received Security Mode Complete\n");
emm_ctx->security_ctxt.ul_nas_count = 0; sec_ctx->ul_nas_count = 0;
emm_ctx->security_ctxt.dl_nas_count = 0; sec_ctx->dl_nas_count = 0;
mac_valid = nas->integrity_check(nas_msg); mac_valid = nas_ctx->integrity_check(nas_msg);
if(mac_valid){ if(mac_valid){
nas_ctx->handle_nas_security_mode_complete(nas_msg, reply_buffer, reply_flag); nas_ctx->handle_nas_security_mode_complete(nas_msg, reply_buffer, reply_flag);
} else { } else {
@ -282,8 +282,8 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
else if(sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY || sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED) else if(sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY || sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED)
{ {
//Integrity protected NAS message, possibly ciphered. //Integrity protected NAS message, possibly ciphered.
emm_ctx->security_ctxt.ul_nas_count++; sec_ctx->ul_nas_count++;
mac_valid = nas->integrity_check(nas_msg); mac_valid = nas_ctx->integrity_check(nas_msg);
if(!mac_valid){ if(!mac_valid){
m_s1ap_log->warning("Invalid MAC in NAS message type 0x%x.\n", msg_type); m_s1ap_log->warning("Invalid MAC in NAS message type 0x%x.\n", msg_type);
m_pool->deallocate(nas_msg); m_pool->deallocate(nas_msg);
@ -331,8 +331,8 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
if(*reply_flag == true) if(*reply_flag == true)
{ {
m_s1ap_log->console("DL NAS: Sent Downlink NAS Message. DL NAS Count=%d, UL NAS count=%d\n",emm_ctx->security_ctxt.dl_nas_count,emm_ctx->security_ctxt.ul_nas_count ); m_s1ap_log->console("DL NAS: Sent Downlink NAS Message. DL NAS Count=%d, UL NAS count=%d\n", sec_ctx->dl_nas_count, sec_ctx->ul_nas_count);
m_s1ap_log->info("DL NAS: Sent Downlink NAS message. DL NAS Count=%d, UL NAS count=%d\n",emm_ctx->security_ctxt.dl_nas_count, emm_ctx->security_ctxt.ul_nas_count); m_s1ap_log->info("DL NAS: Sent Downlink NAS message. DL NAS Count=%d, UL NAS count=%d\n", sec_ctx->dl_nas_count, sec_ctx->ul_nas_count);
m_s1ap_log->info("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id); m_s1ap_log->info("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id);
m_s1ap_log->console("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id); m_s1ap_log->console("DL NAS: MME UE S1AP id %d\n",ecm_ctx->mme_ue_s1ap_id);
} }
@ -366,20 +366,15 @@ s1ap_nas_transport::handle_nas_attach_request(uint32_t enb_ue_s1ap_id,
} }
//Get attach type from attach request //Get attach type from attach request
if(attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI) if (attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_IMSI) {
{
m_s1ap_log->console("Attach Request -- IMSI-style attach request\n"); m_s1ap_log->console("Attach Request -- IMSI-style attach request\n");
m_s1ap_log->info("Attach Request -- IMSI-style attach request\n"); m_s1ap_log->info("Attach Request -- IMSI-style attach request\n");
handle_nas_imsi_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, reply_buffer, reply_flag, enb_sri); handle_nas_imsi_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, reply_buffer, reply_flag, enb_sri);
} } else if (attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_GUTI) {
else if(attach_req.eps_mobile_id.type_of_id == LIBLTE_MME_EPS_MOBILE_ID_TYPE_GUTI)
{
m_s1ap_log->console("Attach Request -- GUTI-style attach request\n"); m_s1ap_log->console("Attach Request -- GUTI-style attach request\n");
m_s1ap_log->info("Attach Request -- GUTI-style attach request\n"); m_s1ap_log->info("Attach Request -- GUTI-style attach request\n");
handle_nas_guti_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, nas_msg, reply_buffer, reply_flag, enb_sri); handle_nas_guti_attach_request(enb_ue_s1ap_id, attach_req, pdn_con_req, nas_msg, reply_buffer, reply_flag, enb_sri);
} } else {
else
{
m_s1ap_log->error("Unhandled Mobile Id type in attach request\n"); m_s1ap_log->error("Unhandled Mobile Id type in attach request\n");
return false; return false;
} }

Write Preview
Loading…
Cancel
Save