Configurable sec algo preference list

master
David Rupprecht 6 years ago committed by Andre Puschmann
parent fd34e22c84
commit 39c49ab1ef

@ -155,6 +155,8 @@ nof_ctrl_symbols = 3
# enable_mbsfn: Enable MBMS transmission in the eNB # enable_mbsfn: Enable MBMS transmission in the eNB
# m1u_multiaddr: Multicast addres the M1-U socket will register to # m1u_multiaddr: Multicast addres the M1-U socket will register to
# m1u_if_addr: Address of the inteferface the M1-U interface will listen for multicast packets. # m1u_if_addr: Address of the inteferface the M1-U interface will listen for multicast packets.
# eea_pref_list: Ordered preference list for the selection of encryption algorithm (EEA) (default: EEA0, EEA2, EEA1).
# eia_pref_list: Ordered preference list for the selection of integrity algorithm (EIA) (default: EIA2, EIA1, EIA0).
# #
##################################################################### #####################################################################
[expert] [expert]
@ -172,3 +174,5 @@ nof_ctrl_symbols = 3
#enable_mbsfn = false #enable_mbsfn = false
#m1u_multiaddr = 239.255.0.1 #m1u_multiaddr = 239.255.0.1
#m1u_if_addr = 127.0.1.201 #m1u_if_addr = 127.0.1.201
#eea_pref_list = EEA0, EEA2, EEA1
#eia_pref_list = EIA2, EIA1, EIA0

@ -47,6 +47,7 @@
#include "srslte/radio/radio.h" #include "srslte/radio/radio.h"
#include "srslte/common/security.h"
#include "srslte/common/bcd_helpers.h" #include "srslte/common/bcd_helpers.h"
#include "srslte/common/buffer_pool.h" #include "srslte/common/buffer_pool.h"
#include "srslte/interfaces/ue_interfaces.h" #include "srslte/interfaces/ue_interfaces.h"
@ -132,6 +133,8 @@ typedef struct {
bool print_buffer_state; bool print_buffer_state;
std::string m1u_multiaddr; std::string m1u_multiaddr;
std::string m1u_if_addr; std::string m1u_if_addr;
std::string eia_pref_list;
std::string eea_pref_list;
}expert_args_t; }expert_args_t;
typedef struct { typedef struct {

@ -90,7 +90,11 @@ typedef struct {
srslte_cell_t cell; srslte_cell_t cell;
bool enable_mbsfn; bool enable_mbsfn;
uint32_t inactivity_timeout_ms; uint32_t inactivity_timeout_ms;
}rrc_cfg_t; srslte::CIPHERING_ALGORITHM_ID_ENUM
eea_preference_list[srslte::CIPHERING_ALGORITHM_ID_N_ITEMS];
srslte::INTEGRITY_ALGORITHM_ID_ENUM
eia_preference_list[srslte::INTEGRITY_ALGORITHM_ID_N_ITEMS];
} rrc_cfg_t;
static const char rrc_state_text[RRC_STATE_N_ITEMS][100] = {"IDLE", static const char rrc_state_text[RRC_STATE_N_ITEMS][100] = {"IDLE",
"WAIT FOR CON SETUP COMPLETE", "WAIT FOR CON SETUP COMPLETE",

@ -179,6 +179,56 @@ bool enb::init(all_args_t *args_)
rrc_cfg.inactivity_timeout_ms = args->expert.rrc_inactivity_timer; rrc_cfg.inactivity_timeout_ms = args->expert.rrc_inactivity_timer;
rrc_cfg.enable_mbsfn = args->expert.enable_mbsfn; rrc_cfg.enable_mbsfn = args->expert.enable_mbsfn;
// Parse EEA preference list
std::vector<std::string> eea_pref_list;
boost::split(eea_pref_list, args->expert.eea_pref_list,
boost::is_any_of(","));
int i = 0;
for (std::vector<std::string>::iterator it = eea_pref_list.begin();
it != eea_pref_list.end() && i < srslte::CIPHERING_ALGORITHM_ID_N_ITEMS;
it++) {
boost::trim_left(*it);
if ((*it).compare("EEA0") == 0) {
rrc_cfg.eea_preference_list[i] = srslte::CIPHERING_ALGORITHM_ID_EEA0;
i++;
} else if ((*it).compare("EEA1") == 0) {
rrc_cfg.eea_preference_list[i] = srslte::CIPHERING_ALGORITHM_ID_128_EEA1;
i++;
} else if ((*it).compare("EEA2") == 0) {
rrc_cfg.eea_preference_list[i] = srslte::CIPHERING_ALGORITHM_ID_128_EEA2;
i++;
} else {
fprintf(stderr, "Failed to parse EEA prefence list %s \n",
args->expert.eea_pref_list.c_str());
return false;
}
}
// Parse EIA preference list
std::vector<std::string> eia_pref_list;
boost::split(eia_pref_list, args->expert.eia_pref_list,
boost::is_any_of(","));
i = 0;
for (std::vector<std::string>::iterator it = eia_pref_list.begin();
it != eia_pref_list.end() && i < srslte::INTEGRITY_ALGORITHM_ID_N_ITEMS;
it++) {
boost::trim_left(*it);
if ((*it).compare("EIA0") == 0) {
rrc_cfg.eia_preference_list[i] = srslte::INTEGRITY_ALGORITHM_ID_EIA0;
i++;
} else if ((*it).compare("EIA1") == 0) {
rrc_cfg.eia_preference_list[i] = srslte::INTEGRITY_ALGORITHM_ID_128_EIA1;
i++;
} else if ((*it).compare("EIA2") == 0) {
rrc_cfg.eia_preference_list[i] = srslte::INTEGRITY_ALGORITHM_ID_128_EIA2;
i++;
} else {
fprintf(stderr, "Failed to parse EIA prefence list %s \n",
args->expert.eia_pref_list.c_str());
return false;
}
}
// Copy cell struct to rrc and phy // Copy cell struct to rrc and phy
memcpy(&rrc_cfg.cell, &cell_cfg, sizeof(srslte_cell_t)); memcpy(&rrc_cfg.cell, &cell_cfg, sizeof(srslte_cell_t));
memcpy(&phy_cfg.cell, &cell_cfg, sizeof(srslte_cell_t)); memcpy(&phy_cfg.cell, &cell_cfg, sizeof(srslte_cell_t));

@ -155,6 +155,8 @@ void parse_args(all_args_t *args, int argc, char* argv[]) {
("expert.print_buffer_state", bpo::value<bool>(&args->expert.print_buffer_state)->default_value(false), "Prints on the console the buffer state every 10 seconds") ("expert.print_buffer_state", bpo::value<bool>(&args->expert.print_buffer_state)->default_value(false), "Prints on the console the buffer state every 10 seconds")
("expert.m1u_multiaddr", bpo::value<string>(&args->expert.m1u_multiaddr)->default_value("239.255.0.1"), "M1-U Multicast address the eNB joins.") ("expert.m1u_multiaddr", bpo::value<string>(&args->expert.m1u_multiaddr)->default_value("239.255.0.1"), "M1-U Multicast address the eNB joins.")
("expert.m1u_if_addr", bpo::value<string>(&args->expert.m1u_if_addr)->default_value("127.0.1.201"), "IP address of the interface the eNB will listen for M1-U traffic.") ("expert.m1u_if_addr", bpo::value<string>(&args->expert.m1u_if_addr)->default_value("127.0.1.201"), "IP address of the interface the eNB will listen for M1-U traffic.")
("expert.eea_pref_list", bpo::value<string>(&args->expert.eea_pref_list)->default_value("EEA0, EEA2, EEA1"), "Ordered preference list for the selection of encryption algorithm (EEA) (default: EEA0, EEA2, EEA1).")
("expert.eia_pref_list", bpo::value<string>(&args->expert.eia_pref_list)->default_value("EIA2, EIA1, EIA0"), "Ordered preference list for the selection of integrity algorithm (EIA) (default: EIA2, EIA1, EIA0).")
; ;
// Positional options - config file location // Positional options - config file location

@ -1214,7 +1214,7 @@ void rrc::ue::set_security_key(uint8_t* key, uint32_t length)
// Selects security algorithms (cipher_algo and integ_algo) based on capabilities and config preferences // Selects security algorithms (cipher_algo and integ_algo) based on capabilities and config preferences
select_security_algorithms(); select_security_algorithms();
parent->rrc_log->info("Selected security algorithms EEA: EEA-%d EIA: EIA-%d\n", cipher_algo, integ_algo); parent->rrc_log->info("Selected security algorithms EEA: EEA%d EIA: EIA%d\n", cipher_algo, integ_algo);
// Generate K_rrc_enc and K_rrc_int // Generate K_rrc_enc and K_rrc_int
srslte::security_generate_k_rrc(k_enb, cipher_algo, integ_algo, k_rrc_enc, k_rrc_int); srslte::security_generate_k_rrc(k_enb, cipher_algo, integ_algo, k_rrc_enc, k_rrc_int);
@ -1903,26 +1903,14 @@ void rrc::ue::send_ue_cap_enquiry()
/********************** HELPERS ***************************/ /********************** HELPERS ***************************/
bool rrc::ue::select_security_algorithms() bool rrc::ue::select_security_algorithms() {
{
srslte::CIPHERING_ALGORITHM_ID_ENUM
enc_algo_preference[srslte::CIPHERING_ALGORITHM_ID_N_ITEMS] = {
srslte::CIPHERING_ALGORITHM_ID_128_EEA2,
srslte::CIPHERING_ALGORITHM_ID_128_EEA1,
srslte::CIPHERING_ALGORITHM_ID_EEA0};
srslte::INTEGRITY_ALGORITHM_ID_ENUM
intgrity_algo_preference[srslte::INTEGRITY_ALGORITHM_ID_N_ITEMS] = {
srslte::INTEGRITY_ALGORITHM_ID_128_EIA2,
srslte::INTEGRITY_ALGORITHM_ID_128_EIA1,
srslte::INTEGRITY_ALGORITHM_ID_EIA0};
// Each position in the bitmap represents an encryption algorithm: // Each position in the bitmap represents an encryption algorithm:
// “all bits equal to 0” UE supports no other algorithm than EEA0, // “all bits equal to 0” UE supports no other algorithm than EEA0,
// “first bit” 128-EEA1, // “first bit” 128-EEA1,
// “second bit” 128-EEA2, // “second bit” 128-EEA2,
// “third bit” 128-EEA3, // “third bit” 128-EEA3,
// other bits reserved for future use. Value 1 indicates support and value 0 indicates no support of the algorithm. // other bits reserved for future use. Value 1 indicates support and value
// 0 indicates no support of the algorithm.
// Algorithms are defined in TS 33.401 [15]. // Algorithms are defined in TS 33.401 [15].
// Note: information missing // Note: information missing
@ -1931,7 +1919,7 @@ bool rrc::ue::select_security_algorithms()
bool zero_vector = true; bool zero_vector = true;
int i = 0; int i = 0;
for (i = 0; i < srslte::CIPHERING_ALGORITHM_ID_N_ITEMS; i++) { for (i = 0; i < srslte::CIPHERING_ALGORITHM_ID_N_ITEMS; i++) {
switch (enc_algo_preference[i]) { switch (parent->cfg.eea_preference_list[i]) {
case srslte::CIPHERING_ALGORITHM_ID_EEA0: case srslte::CIPHERING_ALGORITHM_ID_EEA0:
// “all bits equal to 0” UE supports no other algorithm than EEA0, // “all bits equal to 0” UE supports no other algorithm than EEA0,
zero_vector = true; zero_vector = true;
@ -1974,7 +1962,7 @@ bool rrc::ue::select_security_algorithms()
} }
for (i = 0; i < srslte::INTEGRITY_ALGORITHM_ID_N_ITEMS; i++) { for (i = 0; i < srslte::INTEGRITY_ALGORITHM_ID_N_ITEMS; i++) {
switch (intgrity_algo_preference[i]) { switch (parent->cfg.eia_preference_list[i]) {
case srslte::INTEGRITY_ALGORITHM_ID_EIA0: case srslte::INTEGRITY_ALGORITHM_ID_EIA0:
// “all bits equal to 0” UE supports no other algorithm than EEA0, // “all bits equal to 0” UE supports no other algorithm than EEA0,
zero_vector = true; zero_vector = true;
@ -2015,7 +2003,7 @@ bool rrc::ue::select_security_algorithms()
} }
} }
if(integ_algo_found == false || enc_algo_found == false){ if (integ_algo_found == false || enc_algo_found == false) {
// TODO: if no security algorithm found abort radio connection and issue // TODO: if no security algorithm found abort radio connection and issue
// cryption-and-or-integrity-protection-algorithms-not-supported message // cryption-and-or-integrity-protection-algorithms-not-supported message
return false; return false;

Loading…
Cancel
Save