From 39c49ab1ef56c64973f6504a2ff0f7eb5c81e20f Mon Sep 17 00:00:00 2001 From: David Rupprecht Date: Fri, 15 Feb 2019 13:45:00 +0100 Subject: [PATCH] Configurable sec algo preference list --- srsenb/enb.conf.example | 4 ++++ srsenb/hdr/enb.h | 3 +++ srsenb/hdr/upper/rrc.h | 6 ++++- srsenb/src/enb.cc | 50 +++++++++++++++++++++++++++++++++++++++++ srsenb/src/main.cc | 2 ++ srsenb/src/upper/rrc.cc | 30 ++++++++----------------- 6 files changed, 73 insertions(+), 22 deletions(-) diff --git a/srsenb/enb.conf.example b/srsenb/enb.conf.example index b26161e97..370ac692c 100644 --- a/srsenb/enb.conf.example +++ b/srsenb/enb.conf.example @@ -155,6 +155,8 @@ nof_ctrl_symbols = 3 # enable_mbsfn: Enable MBMS transmission in the eNB # m1u_multiaddr: Multicast addres the M1-U socket will register to # m1u_if_addr: Address of the inteferface the M1-U interface will listen for multicast packets. +# eea_pref_list: Ordered preference list for the selection of encryption algorithm (EEA) (default: EEA0, EEA2, EEA1). +# eia_pref_list: Ordered preference list for the selection of integrity algorithm (EIA) (default: EIA2, EIA1, EIA0). # ##################################################################### [expert] @@ -172,3 +174,5 @@ nof_ctrl_symbols = 3 #enable_mbsfn = false #m1u_multiaddr = 239.255.0.1 #m1u_if_addr = 127.0.1.201 +#eea_pref_list = EEA0, EEA2, EEA1 +#eia_pref_list = EIA2, EIA1, EIA0 \ No newline at end of file diff --git a/srsenb/hdr/enb.h b/srsenb/hdr/enb.h index b975ce7e4..0e400ceaf 100644 --- a/srsenb/hdr/enb.h +++ b/srsenb/hdr/enb.h @@ -47,6 +47,7 @@ #include "srslte/radio/radio.h" +#include "srslte/common/security.h" #include "srslte/common/bcd_helpers.h" #include "srslte/common/buffer_pool.h" #include "srslte/interfaces/ue_interfaces.h" @@ -132,6 +133,8 @@ typedef struct { bool print_buffer_state; std::string m1u_multiaddr; std::string m1u_if_addr; + std::string eia_pref_list; + std::string eea_pref_list; }expert_args_t; typedef struct { diff --git a/srsenb/hdr/upper/rrc.h b/srsenb/hdr/upper/rrc.h index bc9f0a68a..dfe992302 100644 --- a/srsenb/hdr/upper/rrc.h +++ b/srsenb/hdr/upper/rrc.h @@ -90,7 +90,11 @@ typedef struct { srslte_cell_t cell; bool enable_mbsfn; uint32_t inactivity_timeout_ms; -}rrc_cfg_t; + srslte::CIPHERING_ALGORITHM_ID_ENUM + eea_preference_list[srslte::CIPHERING_ALGORITHM_ID_N_ITEMS]; + srslte::INTEGRITY_ALGORITHM_ID_ENUM + eia_preference_list[srslte::INTEGRITY_ALGORITHM_ID_N_ITEMS]; +} rrc_cfg_t; static const char rrc_state_text[RRC_STATE_N_ITEMS][100] = {"IDLE", "WAIT FOR CON SETUP COMPLETE", diff --git a/srsenb/src/enb.cc b/srsenb/src/enb.cc index 32cc0ab27..6ad92d461 100644 --- a/srsenb/src/enb.cc +++ b/srsenb/src/enb.cc @@ -179,6 +179,56 @@ bool enb::init(all_args_t *args_) rrc_cfg.inactivity_timeout_ms = args->expert.rrc_inactivity_timer; rrc_cfg.enable_mbsfn = args->expert.enable_mbsfn; + // Parse EEA preference list + std::vector eea_pref_list; + boost::split(eea_pref_list, args->expert.eea_pref_list, + boost::is_any_of(",")); + int i = 0; + for (std::vector::iterator it = eea_pref_list.begin(); + it != eea_pref_list.end() && i < srslte::CIPHERING_ALGORITHM_ID_N_ITEMS; + it++) { + boost::trim_left(*it); + if ((*it).compare("EEA0") == 0) { + rrc_cfg.eea_preference_list[i] = srslte::CIPHERING_ALGORITHM_ID_EEA0; + i++; + } else if ((*it).compare("EEA1") == 0) { + rrc_cfg.eea_preference_list[i] = srslte::CIPHERING_ALGORITHM_ID_128_EEA1; + i++; + } else if ((*it).compare("EEA2") == 0) { + rrc_cfg.eea_preference_list[i] = srslte::CIPHERING_ALGORITHM_ID_128_EEA2; + i++; + } else { + fprintf(stderr, "Failed to parse EEA prefence list %s \n", + args->expert.eea_pref_list.c_str()); + return false; + } + } + + // Parse EIA preference list + std::vector eia_pref_list; + boost::split(eia_pref_list, args->expert.eia_pref_list, + boost::is_any_of(",")); + i = 0; + for (std::vector::iterator it = eia_pref_list.begin(); + it != eia_pref_list.end() && i < srslte::INTEGRITY_ALGORITHM_ID_N_ITEMS; + it++) { + boost::trim_left(*it); + if ((*it).compare("EIA0") == 0) { + rrc_cfg.eia_preference_list[i] = srslte::INTEGRITY_ALGORITHM_ID_EIA0; + i++; + } else if ((*it).compare("EIA1") == 0) { + rrc_cfg.eia_preference_list[i] = srslte::INTEGRITY_ALGORITHM_ID_128_EIA1; + i++; + } else if ((*it).compare("EIA2") == 0) { + rrc_cfg.eia_preference_list[i] = srslte::INTEGRITY_ALGORITHM_ID_128_EIA2; + i++; + } else { + fprintf(stderr, "Failed to parse EIA prefence list %s \n", + args->expert.eia_pref_list.c_str()); + return false; + } + } + // Copy cell struct to rrc and phy memcpy(&rrc_cfg.cell, &cell_cfg, sizeof(srslte_cell_t)); memcpy(&phy_cfg.cell, &cell_cfg, sizeof(srslte_cell_t)); diff --git a/srsenb/src/main.cc b/srsenb/src/main.cc index d471c6e17..789835943 100644 --- a/srsenb/src/main.cc +++ b/srsenb/src/main.cc @@ -155,6 +155,8 @@ void parse_args(all_args_t *args, int argc, char* argv[]) { ("expert.print_buffer_state", bpo::value(&args->expert.print_buffer_state)->default_value(false), "Prints on the console the buffer state every 10 seconds") ("expert.m1u_multiaddr", bpo::value(&args->expert.m1u_multiaddr)->default_value("239.255.0.1"), "M1-U Multicast address the eNB joins.") ("expert.m1u_if_addr", bpo::value(&args->expert.m1u_if_addr)->default_value("127.0.1.201"), "IP address of the interface the eNB will listen for M1-U traffic.") + ("expert.eea_pref_list", bpo::value(&args->expert.eea_pref_list)->default_value("EEA0, EEA2, EEA1"), "Ordered preference list for the selection of encryption algorithm (EEA) (default: EEA0, EEA2, EEA1).") + ("expert.eia_pref_list", bpo::value(&args->expert.eia_pref_list)->default_value("EIA2, EIA1, EIA0"), "Ordered preference list for the selection of integrity algorithm (EIA) (default: EIA2, EIA1, EIA0).") ; // Positional options - config file location diff --git a/srsenb/src/upper/rrc.cc b/srsenb/src/upper/rrc.cc index 9f97b6945..c5648c44e 100644 --- a/srsenb/src/upper/rrc.cc +++ b/srsenb/src/upper/rrc.cc @@ -1214,7 +1214,7 @@ void rrc::ue::set_security_key(uint8_t* key, uint32_t length) // Selects security algorithms (cipher_algo and integ_algo) based on capabilities and config preferences select_security_algorithms(); - parent->rrc_log->info("Selected security algorithms EEA: EEA-%d EIA: EIA-%d\n", cipher_algo, integ_algo); + parent->rrc_log->info("Selected security algorithms EEA: EEA%d EIA: EIA%d\n", cipher_algo, integ_algo); // Generate K_rrc_enc and K_rrc_int srslte::security_generate_k_rrc(k_enb, cipher_algo, integ_algo, k_rrc_enc, k_rrc_int); @@ -1903,35 +1903,23 @@ void rrc::ue::send_ue_cap_enquiry() /********************** HELPERS ***************************/ -bool rrc::ue::select_security_algorithms() -{ - srslte::CIPHERING_ALGORITHM_ID_ENUM - enc_algo_preference[srslte::CIPHERING_ALGORITHM_ID_N_ITEMS] = { - srslte::CIPHERING_ALGORITHM_ID_128_EEA2, - srslte::CIPHERING_ALGORITHM_ID_128_EEA1, - srslte::CIPHERING_ALGORITHM_ID_EEA0}; - - srslte::INTEGRITY_ALGORITHM_ID_ENUM - intgrity_algo_preference[srslte::INTEGRITY_ALGORITHM_ID_N_ITEMS] = { - srslte::INTEGRITY_ALGORITHM_ID_128_EIA2, - srslte::INTEGRITY_ALGORITHM_ID_128_EIA1, - srslte::INTEGRITY_ALGORITHM_ID_EIA0}; - +bool rrc::ue::select_security_algorithms() { // Each position in the bitmap represents an encryption algorithm: // “all bits equal to 0” – UE supports no other algorithm than EEA0, // “first bit” – 128-EEA1, // “second bit” – 128-EEA2, // “third bit” – 128-EEA3, - // other bits reserved for future use. Value ‘1’ indicates support and value ‘0’ indicates no support of the algorithm. + // other bits reserved for future use. Value ‘1’ indicates support and value + // ‘0’ indicates no support of the algorithm. // Algorithms are defined in TS 33.401 [15]. - // Note: information missing + // Note: information missing - bool enc_algo_found = false; + bool enc_algo_found = false; bool integ_algo_found = false; bool zero_vector = true; int i = 0; for (i = 0; i < srslte::CIPHERING_ALGORITHM_ID_N_ITEMS; i++) { - switch (enc_algo_preference[i]) { + switch (parent->cfg.eea_preference_list[i]) { case srslte::CIPHERING_ALGORITHM_ID_EEA0: // “all bits equal to 0” – UE supports no other algorithm than EEA0, zero_vector = true; @@ -1974,7 +1962,7 @@ bool rrc::ue::select_security_algorithms() } for (i = 0; i < srslte::INTEGRITY_ALGORITHM_ID_N_ITEMS; i++) { - switch (intgrity_algo_preference[i]) { + switch (parent->cfg.eia_preference_list[i]) { case srslte::INTEGRITY_ALGORITHM_ID_EIA0: // “all bits equal to 0” – UE supports no other algorithm than EEA0, zero_vector = true; @@ -2015,7 +2003,7 @@ bool rrc::ue::select_security_algorithms() } } - if(integ_algo_found == false || enc_algo_found == false){ + if (integ_algo_found == false || enc_algo_found == false) { // TODO: if no security algorithm found abort radio connection and issue // cryption-and-or-integrity-protection-algorithms-not-supported message return false;