From 244b68e76b6a1eb7de5cdb554a76cc8f35e02a46 Mon Sep 17 00:00:00 2001 From: David Rupprecht Date: Mon, 29 Jan 2018 14:01:13 +0100 Subject: [PATCH] Added authentication failure in s1ap --- srsepc/hdr/mme/s1ap_nas_transport.h | 3 +- srsepc/src/mme/s1ap_nas_transport.cc | 73 ++++++++++++++++++++++++++-- 2 files changed, 71 insertions(+), 5 deletions(-) diff --git a/srsepc/hdr/mme/s1ap_nas_transport.h b/srsepc/hdr/mme/s1ap_nas_transport.h index 2e9a1a9a7..5a457cec7 100644 --- a/srsepc/hdr/mme/s1ap_nas_transport.h +++ b/srsepc/hdr/mme/s1ap_nas_transport.h @@ -71,7 +71,8 @@ public: bool handle_esm_information_response(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag); bool handle_identity_response(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag); bool handle_tracking_area_update_request(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag); - + bool handle_authentication_failure(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag); + bool pack_authentication_request(srslte::byte_buffer_t *reply_msg, uint32_t enb_ue_s1ap_id, uint32_t next_mme_ue_s1ap_id, uint8_t *autn,uint8_t *rand); bool pack_authentication_reject(srslte::byte_buffer_t *reply_msg, uint32_t enb_ue_s1ap_id, uint32_t mme_ue_s1ap_id); bool unpack_authentication_response(LIBLTE_S1AP_MESSAGE_UPLINKNASTRANSPORT_STRUCT *ul_xport, LIBLTE_MME_AUTHENTICATION_RESPONSE_MSG_STRUCT *auth_resp); diff --git a/srsepc/src/mme/s1ap_nas_transport.cc b/srsepc/src/mme/s1ap_nas_transport.cc index 5aab70f16..e2f01f0b9 100644 --- a/srsepc/src/mme/s1ap_nas_transport.cc +++ b/srsepc/src/mme/s1ap_nas_transport.cc @@ -183,9 +183,14 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA //ue_ctx->security_ctxt.ul_nas_count++; break; case LIBLTE_MME_MSG_TYPE_TRACKING_AREA_UPDATE_REQUEST: - m_s1ap_log->info("UL NAS: Tracking Area Update Request\n"); + m_s1ap_log->info("Uplink NAS: Tracking Area Update Request\n"); handle_tracking_area_update_request(nas_msg, ue_ctx, reply_buffer, reply_flag); break; + case LIBLTE_MME_MSG_TYPE_AUTHENTICATION_FAILURE: + m_s1ap_log->info("Uplink NAS: Authentication Failure\n"); + handle_authentication_failure(nas_msg, ue_ctx, reply_buffer, reply_flag); + ue_ctx->security_ctxt.ul_nas_count++; + break; default: m_s1ap_log->warning("Unhandled NAS message 0x%x\n", msg_type ); m_s1ap_log->console("Unhandled NAS message 0x%x\n", msg_type ); @@ -590,7 +595,7 @@ s1ap_nas_transport::handle_identity_response(srslte::byte_buffer_t *nas_msg, ue_ LIBLTE_MME_ID_RESPONSE_MSG_STRUCT id_resp; LIBLTE_ERROR_ENUM err = liblte_mme_unpack_identity_response_msg((LIBLTE_BYTE_MSG_STRUCT *) nas_msg, &id_resp); if(err != LIBLTE_SUCCESS){ - m_s1ap_log->error("Error unpacking NAS authentication response. Error: %s\n", liblte_error_text[err]); + m_s1ap_log->error("Error unpacking NAS identity response. Error: %s\n", liblte_error_text[err]); return false; } @@ -615,8 +620,8 @@ s1ap_nas_transport::handle_identity_response(srslte::byte_buffer_t *nas_msg, ue_ //Send reply to eNB *reply_flag = true; - m_s1ap_log->info("Downlink NAS: Sent Athentication Request\n"); - m_s1ap_log->console("Downlink NAS: Sent Athentication Request\n"); + m_s1ap_log->info("Downlink NAS: Sent Authentication Request\n"); + m_s1ap_log->console("Downlink NAS: Sent Authentication Request\n"); //TODO Start T3460 Timer! return true; @@ -696,6 +701,66 @@ s1ap_nas_transport::handle_tracking_area_update_request(srslte::byte_buffer_t *n } +bool +s1ap_nas_transport::handle_authentication_failure(srslte::byte_buffer_t *nas_msg, ue_ctx_t* ue_ctx, srslte::byte_buffer_t *reply_msg, bool *reply_flag) +{ + uint8_t autn[16]; + uint8_t rand[16]; + uint8_t xres[8]; + + LIBLTE_MME_AUTHENTICATION_FAILURE_MSG_STRUCT auth_fail; + LIBLTE_ERROR_ENUM err = liblte_mme_unpack_authentication_failure_msg((LIBLTE_BYTE_MSG_STRUCT *) nas_msg, &auth_fail); + if(err != LIBLTE_SUCCESS){ + m_s1ap_log->error("Error unpacking NAS authentication failure. Error: %s\n", liblte_error_text[err]); + return false; + } + + + switch(auth_fail.emm_cause){ + case 20: + m_s1ap_log->console("MAC code failure\n"); + m_s1ap_log->info("MAC code failure\n"); + break; + case 26: + m_s1ap_log->console("Non-EPS authentication unacceptable\n"); + m_s1ap_log->info("Non-EPS authentication unacceptable\n"); + break; + case 21: + m_s1ap_log->console("Sequence number synch failure\n"); + m_s1ap_log->info("Sequence number synch failure\n"); + if(auth_fail.auth_fail_param_present == false){ + m_s1ap_log->error("Missing fail parameter\n"); + return false; + } + if(!m_hss->resync_sqn(ue_ctx->imsi, auth_fail.auth_fail_param)) + { + m_s1ap_log->console("Resynchronization failed. IMSI %015lu\n", ue_ctx->imsi); + m_s1ap_log->info("Resynchronization failed. IMSI %015lu\n", ue_ctx->imsi); + return false; + } + //Get Authentication Vectors from HSS + if(!m_hss->gen_auth_info_answer(ue_ctx->imsi, ue_ctx->security_ctxt.k_asme, autn, rand, ue_ctx->security_ctxt.xres)) + { + m_s1ap_log->console("User not found. IMSI %015lu\n", ue_ctx->imsi); + m_s1ap_log->info("User not found. IMSI %015lu\n", ue_ctx->imsi); + return false; + } + + //Pack NAS Authentication Request in Downlink NAS Transport msg + pack_authentication_request(reply_msg, ue_ctx->enb_ue_s1ap_id, ue_ctx->mme_ue_s1ap_id, autn, rand); + + //Send reply to eNB + *reply_flag = true; + m_s1ap_log->info("Downlink NAS: Sent Authentication Request\n"); + m_s1ap_log->console("Downlink NAS: Sent Authentication Request\n"); + //TODO Start T3460 Timer! + + break; + } + return true; + +} + /*Packing/Unpacking helper functions*/ bool s1ap_nas_transport::pack_authentication_request(srslte::byte_buffer_t *reply_msg, uint32_t enb_ue_s1ap_id, uint32_t next_mme_ue_s1ap_id, uint8_t *autn, uint8_t *rand)