@ -31,44 +31,37 @@
# include "srsepc/hdr/mme/s1ap_nas_transport.h"
# include "srsepc/hdr/mme/s1ap_nas_transport.h"
# include "srslte/common/security.h"
# include "srslte/common/security.h"
# include "srslte/common/liblte_security.h"
# include "srslte/common/liblte_security.h"
# include "srslte/common/int_helpers.h"
namespace srsepc {
namespace srsepc {
s1ap_nas_transport * s1ap_nas_transport : : m_instance = NULL ;
s1ap_nas_transport * s1ap_nas_transport : : m_instance = NULL ;
pthread_mutex_t s1ap_nas_transport_instance_mutex = PTHREAD_MUTEX_INITIALIZER ;
pthread_mutex_t s1ap_nas_transport_instance_mutex = PTHREAD_MUTEX_INITIALIZER ;
s1ap_nas_transport : : s1ap_nas_transport ( )
s1ap_nas_transport : : s1ap_nas_transport ( ) { }
{
s1ap_nas_transport : : ~ s1ap_nas_transport ( ) { }
}
s1ap_nas_transport : : ~ s1ap_nas_transport ( )
{
}
s1ap_nas_transport *
s1ap_nas_transport * s1ap_nas_transport : : get_instance ( void )
s1ap_nas_transport : : get_instance ( void )
{
{
pthread_mutex_lock ( & s1ap_nas_transport_instance_mutex ) ;
pthread_mutex_lock ( & s1ap_nas_transport_instance_mutex ) ;
if ( NULL = = m_instance ) {
if ( NULL = = m_instance ) {
m_instance = new s1ap_nas_transport ( ) ;
m_instance = new s1ap_nas_transport ( ) ;
}
}
pthread_mutex_unlock ( & s1ap_nas_transport_instance_mutex ) ;
pthread_mutex_unlock ( & s1ap_nas_transport_instance_mutex ) ;
return ( m_instance ) ;
return ( m_instance ) ;
}
}
void
void s1ap_nas_transport : : cleanup ( void )
s1ap_nas_transport : : cleanup ( void )
{
{
pthread_mutex_lock ( & s1ap_nas_transport_instance_mutex ) ;
pthread_mutex_lock ( & s1ap_nas_transport_instance_mutex ) ;
if ( NULL ! = m_instance ) {
if ( NULL ! = m_instance ) {
delete m_instance ;
delete m_instance ;
m_instance = NULL ;
m_instance = NULL ;
}
}
pthread_mutex_unlock ( & s1ap_nas_transport_instance_mutex ) ;
pthread_mutex_unlock ( & s1ap_nas_transport_instance_mutex ) ;
}
}
void
void s1ap_nas_transport : : init ( hss_interface_nas * hss_ )
s1ap_nas_transport : : init ( hss_interface_nas * hss_ )
{
{
m_s1ap = s1ap : : get_instance ( ) ;
m_s1ap = s1ap : : get_instance ( ) ;
m_s1ap_log = m_s1ap - > m_s1ap_log ;
m_s1ap_log = m_s1ap - > m_s1ap_log ;
@ -78,9 +71,9 @@ s1ap_nas_transport::init(hss_interface_nas * hss_)
m_mme_gtpc = mme_gtpc : : get_instance ( ) ;
m_mme_gtpc = mme_gtpc : : get_instance ( ) ;
}
}
bool s1ap_nas_transport : : handle_initial_ue_message ( LIBLTE_S1AP_MESSAGE_INITIALUEMESSAGE_STRUCT * init_ue ,
bool
struct sctp_sndrcvinfo * enb_sri , srslte : : byte_buffer_t * reply_buffer ,
s1ap_nas_transport : : handle_initial_ue_message ( LIBLTE_S1AP_MESSAGE_INITIALUEMESSAGE_STRUCT * init_ue , struct sctp_sndrcvinfo * enb_sri , srslte : : byte_buffer_t * reply_buffer , bool * reply_flag )
bool * reply_flag )
{
{
bool err , mac_valid ;
bool err , mac_valid ;
uint8_t pd , msg_type , sec_hdr_type ;
uint8_t pd , msg_type , sec_hdr_type ;
@ -104,36 +97,37 @@ s1ap_nas_transport::handle_initial_ue_message(LIBLTE_S1AP_MESSAGE_INITIALUEMESSA
nas_init . tac = m_s1ap - > m_s1ap_args . tac ;
nas_init . tac = m_s1ap - > m_s1ap_args . tac ;
nas_init . apn = m_s1ap - > m_s1ap_args . mme_apn ;
nas_init . apn = m_s1ap - > m_s1ap_args . mme_apn ;
nas_init . dns = m_s1ap - > m_s1ap_args . dns_addr ;
nas_init . dns = m_s1ap - > m_s1ap_args . dns_addr ;
nas_init . integ_algo = m_s1ap - > m_s1ap_args . integrity_algo ;
nas_init . cipher_algo = m_s1ap - > m_s1ap_args . encryption_algo ;
if ( init_ue - > S_TMSI_present ) {
if ( init_ue - > S_TMSI_present ) {
m_tmsi = ntohl ( * ( ( uint32_t * ) & init_ue - > S_TMSI . m_TMSI . buffer ) ) ;
srslte: : uint8_to_uint32 ( init_ue - > S_TMSI . m_TMSI . buffer , & m_tmsi ) ;
}
}
switch ( msg_type )
switch ( msg_type ) {
{
case LIBLTE_MME_MSG_TYPE_ATTACH_REQUEST :
case LIBLTE_MME_MSG_TYPE_ATTACH_REQUEST :
m_s1ap_log - > console ( " Received Initial UE message -- Attach Request \n " ) ;
m_s1ap_log - > console ( " Received Initial UE message -- Attach Request \n " ) ;
m_s1ap_log - > info ( " Received Initial UE message -- Attach Request \n " ) ;
m_s1ap_log - > info ( " Received Initial UE message -- Attach Request \n " ) ;
err = nas : : handle_attach_request ( enb_ue_s1ap_id , enb_sri , nas_msg , nas_init ,
err = nas : : handle_attach_request ( enb_ue_s1ap_id , enb_sri , nas_msg , nas_init , m_s1ap , m_mme_gtpc , m_hss ,
m_s1ap , m_mme_gtpc , m_hss , m_s1ap - > m_nas_log ) ;
m_s1ap - > m_nas_log ) ;
break ;
break ;
case LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST :
case LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST :
m_s1ap_log - > console ( " Received Initial UE message -- Service Request \n " ) ;
m_s1ap_log - > console ( " Received Initial UE message -- Service Request \n " ) ;
m_s1ap_log - > info ( " Received Initial UE message -- Service Request \n " ) ;
m_s1ap_log - > info ( " Received Initial UE message -- Service Request \n " ) ;
err = nas : : handle_service_request ( m_tmsi , enb_ue_s1ap_id , enb_sri , nas_msg , nas_init ,
err = nas : : handle_service_request ( m_tmsi , enb_ue_s1ap_id , enb_sri , nas_msg , nas_init , m_s1ap , m_mme_gtpc , m_hss ,
m_s1ap , m_mme_gtpc , m_hss , m_s1ap - > m_nas_log ) ;
m_s1ap - > m_nas_log ) ;
break ;
break ;
case LIBLTE_MME_MSG_TYPE_DETACH_REQUEST :
case LIBLTE_MME_MSG_TYPE_DETACH_REQUEST :
m_s1ap_log - > console ( " Received Initial UE message -- Detach Request \n " ) ;
m_s1ap_log - > console ( " Received Initial UE message -- Detach Request \n " ) ;
m_s1ap_log - > info ( " Received Initial UE message -- Detach Request \n " ) ;
m_s1ap_log - > info ( " Received Initial UE message -- Detach Request \n " ) ;
err = nas : : handle_detach_request ( m_tmsi , enb_ue_s1ap_id , enb_sri , nas_msg , nas_init ,
err = nas : : handle_detach_request ( m_tmsi , enb_ue_s1ap_id , enb_sri , nas_msg , nas_init , m_s1ap , m_mme_gtpc , m_hss ,
m_s1ap , m_mme_gtpc , m_hss , m_s1ap - > m_nas_log ) ;
m_s1ap - > m_nas_log ) ;
break ;
break ;
case LIBLTE_MME_MSG_TYPE_TRACKING_AREA_UPDATE_REQUEST :
case LIBLTE_MME_MSG_TYPE_TRACKING_AREA_UPDATE_REQUEST :
m_s1ap_log - > console ( " Received Initial UE message -- Tracking Area Update Request \n " ) ;
m_s1ap_log - > console ( " Received Initial UE message -- Tracking Area Update Request \n " ) ;
m_s1ap_log - > info ( " Received Initial UE message -- Tracking Area Update Request \n " ) ;
m_s1ap_log - > info ( " Received Initial UE message -- Tracking Area Update Request \n " ) ;
err = nas : : handle_tracking_area_update_request ( m_tmsi , enb_ue_s1ap_id , enb_sri , nas_msg , nas_init ,
err = nas : : handle_tracking_area_update_request ( m_tmsi , enb_ue_s1ap_id , enb_sri , nas_msg , nas_init , m_s1ap ,
m_s1ap , m_mme_gtpc , m_hss , m_s1ap - > m_nas_log ) ;
m_mme_gtpc , m_hss , m_s1ap - > m_nas_log ) ;
break ;
break ;
default :
default :
m_s1ap_log - > info ( " Unhandled Initial UE Message 0x%x \n " , msg_type ) ;
m_s1ap_log - > info ( " Unhandled Initial UE Message 0x%x \n " , msg_type ) ;
@ -144,35 +138,76 @@ s1ap_nas_transport::handle_initial_ue_message(LIBLTE_S1AP_MESSAGE_INITIALUEMESSA
return err ;
return err ;
}
}
bool
bool s1ap_nas_transport : : handle_uplink_nas_transport ( LIBLTE_S1AP_MESSAGE_UPLINKNASTRANSPORT_STRUCT * ul_xport ,
s1ap_nas_transport : : handle_uplink_nas_transport ( LIBLTE_S1AP_MESSAGE_UPLINKNASTRANSPORT_STRUCT * ul_xport , struct sctp_sndrcvinfo * enb_sri , srslte : : byte_buffer_t * reply_buffer , bool * reply_flag )
struct sctp_sndrcvinfo * enb_sri ,
srslte : : byte_buffer_t * reply_buffer , bool * reply_flag )
{
{
uint8_t pd , msg_type , sec_hdr_type ;
uint8_t pd , msg_type , sec_hdr_type ;
uint32_t enb_ue_s1ap_id = ul_xport - > eNB_UE_S1AP_ID . ENB_UE_S1AP_ID ;
uint32_t enb_ue_s1ap_id = ul_xport - > eNB_UE_S1AP_ID . ENB_UE_S1AP_ID ;
uint32_t mme_ue_s1ap_id = ul_xport - > MME_UE_S1AP_ID . MME_UE_S1AP_ID ;
uint32_t mme_ue_s1ap_id = ul_xport - > MME_UE_S1AP_ID . MME_UE_S1AP_ID ;
bool mac_valid = false ;
bool mac_valid = false ;
bool increase_ul_nas_cnt = true ;
// Get UE ECM context
// Get UE NAS context
nas * nas_ctx = m_s1ap - > find_nas_ctx_from_mme_ue_s1ap_id ( mme_ue_s1ap_id ) ;
nas * nas_ctx = m_s1ap - > find_nas_ctx_from_mme_ue_s1ap_id ( mme_ue_s1ap_id ) ;
if ( nas_ctx = = NULL ) {
if ( nas_ctx = = NULL ) {
m_s1ap_log - > warning ( " Received uplink NAS, but could not find UE NAS context. MME-UE S1AP id: %d \n " , mme_ue_s1ap_id ) ;
m_s1ap_log - > warning ( " Received uplink NAS, but could not find UE NAS context. MME-UE S1AP id: %d \n " , mme_ue_s1ap_id ) ;
return false ;
return false ;
}
}
m_s1ap_log - > debug ( " Received uplink NAS and found UE NAS context. MME-UE S1AP id: %d \n " , mme_ue_s1ap_id ) ;
m_s1ap_log - > debug ( " Received uplink NAS and found UE NAS context. MME-UE S1AP id: %d \n " , mme_ue_s1ap_id ) ;
emm_ctx_t * emm_ctx = & nas_ctx - > m_emm_ctx ;
emm_ctx_t * emm_ctx = & nas_ctx - > m_emm_ctx ;
ecm_ctx_t * ecm_ctx = & nas_ctx - > m_ecm_ctx ;
ecm_ctx_t * ecm_ctx = & nas_ctx - > m_ecm_ctx ;
sec_ctx_t * sec_ctx = & nas_ctx - > m_sec_ctx ;
sec_ctx_t * sec_ctx = & nas_ctx - > m_sec_ctx ;
// Parse NAS message header
// Parse NAS message header
srslte : : byte_buffer_t * nas_msg = m_pool - > allocate ( ) ;
srslte : : byte_buffer_t * nas_msg = m_pool - > allocate ( ) ;
memcpy ( nas_msg - > msg , & ul_xport - > NAS_PDU . buffer , ul_xport - > NAS_PDU . n_octets ) ;
memcpy ( nas_msg - > msg , & ul_xport - > NAS_PDU . buffer , ul_xport - > NAS_PDU . n_octets ) ;
nas_msg - > N_bytes = ul_xport - > NAS_PDU . n_octets ;
nas_msg - > N_bytes = ul_xport - > NAS_PDU . n_octets ;
liblte_mme_parse_msg_header ( ( LIBLTE_BYTE_MSG_STRUCT * ) nas_msg , & pd , & msg_type ) ;
bool msg_encrypted = false ;
// Parse the message security header
// Parse the message security header
liblte_mme_parse_msg_sec_header ( ( LIBLTE_BYTE_MSG_STRUCT * ) nas_msg , & pd , & sec_hdr_type ) ;
liblte_mme_parse_msg_sec_header ( ( LIBLTE_BYTE_MSG_STRUCT * ) nas_msg , & pd , & sec_hdr_type ) ;
// Invalid Security Header Type simply return function
if ( ! ( sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_WITH_NEW_EPS_SECURITY_CONTEXT | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT ) )
{
m_s1ap_log - > error ( " Unhandled security header type in Uplink NAS Transport: %d \n " , sec_hdr_type ) ;
m_pool - > deallocate ( nas_msg ) ;
return false ;
}
// Todo: Check on count mismatch of uplink count and do resync nas counter...
// Check MAC if message is integrity protected
if ( sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_WITH_NEW_EPS_SECURITY_CONTEXT | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT )
{
mac_valid = nas_ctx - > integrity_check ( nas_msg ) ;
if ( mac_valid = = false ) {
m_s1ap_log - > warning ( " Invalid MAC message. Even if security header indicates integrity protection (Maybe: Identity Response or Authenticatio Response) \n " ) ;
}
}
// Decrypt message if indicated
if ( sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT )
{
m_s1ap_log - > debug_hex ( nas_msg - > msg , nas_msg - > N_bytes , " Encrypted " ) ;
nas_ctx - > cipher_decrypt ( nas_msg ) ;
msg_encrypted = true ;
m_s1ap_log - > debug_hex ( nas_msg - > msg , nas_msg - > N_bytes , " Decrypted " ) ;
}
// Now parse message header and handle message
liblte_mme_parse_msg_header ( ( LIBLTE_BYTE_MSG_STRUCT * ) nas_msg , & pd , & msg_type ) ;
//Find UE EMM context if message is security protected.
//Find UE EMM context if message is security protected.
if ( sec_hdr_type ! = LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS ) {
if ( sec_hdr_type ! = LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS ) {
//Make sure EMM context is set-up, to do integrity check/de-chiphering
//Make sure EMM context is set-up, to do integrity check/de-chiphering
@ -187,122 +222,109 @@ s1ap_nas_transport::handle_uplink_nas_transport(LIBLTE_S1AP_MESSAGE_UPLINKNASTRA
}
}
}
}
if ( sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS | |
// Handle message and check if security requirements for messages
( msg_type = = LIBLTE_MME_MSG_TYPE_IDENTITY_RESPONSE & & sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY ) | |
// 4.4.4.3 Integrity checking of NAS signalling messages in the MME
( msg_type = = LIBLTE_MME_MSG_TYPE_AUTHENTICATION_RESPONSE & & sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY ) | |
// Except the messages listed below, no NAS signalling messages shall be processed...
( msg_type = = LIBLTE_MME_MSG_TYPE_AUTHENTICATION_FAILURE & & sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY ) ) {
// - ATTACH REQUEST;
// - IDENTITY RESPONSE (if requested identification parameter is IMSI);
// - AUTHENTICATION RESPONSE;
// - AUTHENTICATION FAILURE;
// - SECURITY MODE REJECT;
// - DETACH REQUEST;
// - DETACH ACCEPT;
// - TRACKING AREA UPDATE REQUEST.
m_s1ap_log - > info ( " UL NAS: sec_hdr_type: %s, mac_vaild: %s, msg_encrypted: %s \n " ,
liblte_nas_sec_hdr_type_to_string ( sec_hdr_type ) , mac_valid = = true ? " yes " : " no " ,
msg_encrypted = = true ? " yes " : " no " ) ;
//Only identity response and authentication response are valid as plain NAS.
switch ( msg_type )
//Sometimes authentication response/failure and identity response are sent as integrity protected,
//but these messages are sent when the securty context is not setup yet, so we cannot integrity check it.
switch ( msg_type )
{
{
case LIBLTE_MME_MSG_TYPE_IDENTITY_RESPONSE :
case LIBLTE_MME_MSG_TYPE_IDENTITY_RESPONSE :
m_s1ap_log - > info ( " Uplink NAS: Received Identity Response \n " ) ;
m_s1ap_log - > info ( " UL NAS: Received Identity Response \n " ) ;
m_s1ap_log - > console ( " Uplink NAS: Received Identity Response \n " ) ;
m_s1ap_log - > console ( " U L NAS: Received Identity Response\n " ) ;
nas_ctx - > handle_identity_response ( nas_msg ) ;
nas_ctx - > handle_identity_response ( nas_msg ) ;
break ;
break ;
case LIBLTE_MME_MSG_TYPE_AUTHENTICATION_RESPONSE :
case LIBLTE_MME_MSG_TYPE_AUTHENTICATION_RESPONSE :
m_s1ap_log - > info ( " U plink NAS: Received Authentication Response\n " ) ;
m_s1ap_log - > info ( " U L NAS: Received Authentication Response\n " ) ;
m_s1ap_log - > console ( " U plink NAS: Received Authentication Response\n " ) ;
m_s1ap_log - > console ( " U L NAS: Received Authentication Response\n " ) ;
nas_ctx - > handle_authentication_response ( nas_msg ) ;
nas_ctx - > handle_authentication_response ( nas_msg ) ;
// In case of a successful authentication response, security mode command follows.
// Reset counter for incoming security mode complete
sec_ctx - > ul_nas_count = 0 ;
sec_ctx - > dl_nas_count = 0 ;
increase_ul_nas_cnt = false ;
break ;
break ;
// Authentication failure with the option sync failure can be sent not integrity protected
// Authentication failure with the option sync failure can be sent not integrity protected
case LIBLTE_MME_MSG_TYPE_AUTHENTICATION_FAILURE :
case LIBLTE_MME_MSG_TYPE_AUTHENTICATION_FAILURE :
m_s1ap_log - > info ( " Plain UL NAS: Authentication Failure \n " ) ;
m_s1ap_log - > info ( " UL NAS: Authentication Failure\n " ) ;
m_s1ap_log - > console ( " Plain UL NAS: Authentication Failure \n " ) ;
m_s1ap_log - > console ( " UL NAS: Authentication Failure\n " ) ;
nas_ctx - > handle_authentication_failure ( nas_msg ) ;
nas_ctx - > handle_authentication_failure ( nas_msg ) ;
break ;
break ;
// Detach request can be sent not integrity protected when "power off" option is used
// Detach request can be sent not integrity protected when "power off" option is used
case LIBLTE_MME_MSG_TYPE_DETACH_REQUEST :
case LIBLTE_MME_MSG_TYPE_DETACH_REQUEST :
m_s1ap_log - > info ( " Plain Protected UL NAS: Detach Request \n " ) ;
m_s1ap_log - > info ( " UL NAS: Detach Request \n " ) ;
m_s1ap_log - > console ( " Plain Protected UL NAS: Detach Request \n " ) ;
m_s1ap_log - > console ( " UL NAS: Detach Request \n " ) ;
// FIXME: check integrity protection in detach request
nas_ctx - > handle_detach_request ( nas_msg ) ;
nas_ctx - > handle_detach_request ( nas_msg ) ;
break ;
break ;
default :
m_s1ap_log - > warning ( " Unhandled Plain NAS message 0x%x \n " , msg_type ) ;
m_s1ap_log - > console ( " Unhandled Plain NAS message 0x%x \n " , msg_type ) ;
m_pool - > deallocate ( nas_msg ) ;
return false ;
}
//Increment UL NAS count.
sec_ctx - > ul_nas_count + + ;
} else if ( sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_WITH_NEW_EPS_SECURITY_CONTEXT | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT ) {
//Integrity Protected Messages, possibly chiphered, with new EPS context.
switch ( msg_type ) {
case LIBLTE_MME_MSG_TYPE_SECURITY_MODE_COMPLETE :
case LIBLTE_MME_MSG_TYPE_SECURITY_MODE_COMPLETE :
m_s1ap_log - > info ( " Uplink NAS: Received Security Mode Complete \n " ) ;
m_s1ap_log - > info ( " UL NAS: Received Security Mode Complete \n " ) ;
m_s1ap_log - > console ( " Uplink NAS: Received Security Mode Complete \n " ) ;
m_s1ap_log - > console ( " UL NAS: Received Security Mode Complete \n " ) ;
sec_ctx - > ul_nas_count = 0 ;
if ( sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT & & mac_valid = = true ) {
sec_ctx - > dl_nas_count = 0 ;
mac_valid = nas_ctx - > integrity_check ( nas_msg ) ;
if ( mac_valid ) {
nas_ctx - > handle_security_mode_complete ( nas_msg ) ;
nas_ctx - > handle_security_mode_complete ( nas_msg ) ;
} else {
} else {
m_s1ap_log - > warning ( " Invalid MAC in Security Mode Command Complete message. \n " ) ;
// Security Mode Complete was not integrity protected
m_s1ap_log - > console ( " Security Mode Complete %s. Discard message. \n " , ( mac_valid ? " not integrity protected " : " invalid integrity " ) ) ;
m_s1ap_log - > warning ( " Security Mode Complete %s. Discard message. \n " , ( mac_valid ? " not integrity protected " : " invalid integrity " ) ) ;
increase_ul_nas_cnt = false ;
}
}
break ;
break ;
default :
m_s1ap_log - > warning ( " Unhandled NAS message with new EPS security context 0x%x \n " , msg_type ) ;
m_s1ap_log - > warning ( " Unhandled NAS message with new EPS security context 0x%x \n " , msg_type ) ;
}
} else if ( sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY | |
sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED ) {
//Integrity protected NAS message, possibly ciphered.
sec_ctx - > ul_nas_count + + ;
mac_valid = nas_ctx - > integrity_check ( nas_msg ) ;
if ( ! mac_valid ) {
m_s1ap_log - > warning ( " Invalid MAC in NAS message type 0x%x. \n " , msg_type ) ;
m_pool - > deallocate ( nas_msg ) ;
return false ;
}
switch ( msg_type ) {
case LIBLTE_MME_MSG_TYPE_ATTACH_COMPLETE :
case LIBLTE_MME_MSG_TYPE_ATTACH_COMPLETE :
m_s1ap_log - > info ( " Integrity Protected UL NAS: Received Attach Complete \n " ) ;
m_s1ap_log - > info ( " UL NAS: Received Attach Complete \n " ) ;
m_s1ap_log - > console ( " Integrity Protected UL NAS: Received Attach Complete \n " ) ;
m_s1ap_log - > console ( " UL NAS: Received Attach Complete \n " ) ;
if ( sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED & & mac_valid = = true ) {
nas_ctx - > handle_attach_complete ( nas_msg ) ;
nas_ctx - > handle_attach_complete ( nas_msg ) ;
} else {
// Attach Complete was not integrity protected
m_s1ap_log - > console ( " Attach Complete not integrity protected. Discard message. \n " ) ;
m_s1ap_log - > warning ( " Attach Complete not integrity protected. Discard message. \n " ) ;
increase_ul_nas_cnt = false ;
}
break ;
break ;
case LIBLTE_MME_MSG_TYPE_ESM_INFORMATION_RESPONSE :
case LIBLTE_MME_MSG_TYPE_ESM_INFORMATION_RESPONSE :
m_s1ap_log - > info ( " Integrity Protected UL NAS: Received ESM Information Response \n " ) ;
m_s1ap_log - > info ( " UL NAS: Received ESM Information Response \n " ) ;
m_s1ap_log - > console ( " Integrity Protected UL NAS: Received ESM Information Response \n " ) ;
m_s1ap_log - > console ( " UL NAS: Received ESM Information Response \n " ) ;
if ( sec_hdr_type = = LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED & & mac_valid = = true ) {
nas_ctx - > handle_esm_information_response ( nas_msg ) ;
nas_ctx - > handle_esm_information_response ( nas_msg ) ;
} else {
// Attach Complete was not integrity protected
m_s1ap_log - > console ( " ESM Information Response %s. Discard message. \n " , ( mac_valid ? " not integrity protected " : " invalid integrity " ) ) ;
m_s1ap_log - > warning ( " ESM Information Response %s. Discard message. \n " , ( mac_valid ? " not integrity protected " : " invalid integrity " ) ) ;
increase_ul_nas_cnt = false ;
}
break ;
break ;
case LIBLTE_MME_MSG_TYPE_TRACKING_AREA_UPDATE_REQUEST :
case LIBLTE_MME_MSG_TYPE_TRACKING_AREA_UPDATE_REQUEST :
m_s1ap_log - > info ( " Integrity Protected UL NAS: Tracking Area Update Request \n " ) ;
m_s1ap_log - > info ( " UL NAS: Tracking Area Update Request\n " ) ;
m_s1ap_log - > console ( " Integrity Protected UL NAS: Tracking Area Update Request \n " ) ;
m_s1ap_log - > console ( " UL NAS: Tracking Area Update Request\n " ) ;
nas_ctx - > handle_tracking_area_update_request ( nas_msg ) ;
nas_ctx - > handle_tracking_area_update_request ( nas_msg ) ;
break ;
break ;
case LIBLTE_MME_MSG_TYPE_AUTHENTICATION_FAILURE :
m_s1ap_log - > info ( " Integrity Protected UL NAS: Authentication Failure \n " ) ;
m_s1ap_log - > console ( " Integrity Protected UL NAS: Authentication Failure \n " ) ;
nas_ctx - > handle_authentication_failure ( nas_msg ) ;
break ;
case LIBLTE_MME_MSG_TYPE_DETACH_REQUEST :
m_s1ap_log - > info ( " Integrity Protected UL NAS: Detach Request \n " ) ;
m_s1ap_log - > console ( " Integrity Protected UL NAS: Detach Request \n " ) ;
nas_ctx - > handle_detach_request ( nas_msg ) ;
break ;
default :
default :
m_s1ap_log - > warning ( " Unhandled NAS integrity protected message %s \n " , liblte_nas_msg_type_to_string ( msg_type ) ) ;
m_s1ap_log - > warning ( " Unhandled NAS integrity protected message %s \n " , liblte_nas_msg_type_to_string ( msg_type ) ) ;
m_s1ap_log - > console ( " Unhandled NAS integrity protected message %s \n " , liblte_nas_msg_type_to_string ( msg_type ) ) ;
m_s1ap_log - > console ( " Unhandled NAS integrity protected message %s \n " , liblte_nas_msg_type_to_string ( msg_type ) ) ;
m_pool - > deallocate ( nas_msg ) ;
m_pool - > deallocate ( nas_msg ) ;
return false ;
return false ;
}
}
} else {
m_s1ap_log - > error ( " Unhandled security header type in Uplink NAS Transport: %d \n " , sec_hdr_type ) ;
//Increment UL NAS count. if counter not resetted in function, e.g., DL Security mode command after Authentication response
m_pool - > deallocate ( nas_msg ) ;
if ( increase_ul_nas_cnt = = true ) {
return false ;
sec_ctx - > ul_nas_count + + ;
}
}
m_pool - > deallocate ( nas_msg ) ;
m_pool - > deallocate ( nas_msg ) ;
return true ;
return true ;
}
}
bool
bool s1ap_nas_transport : : send_downlink_nas_transport ( uint32_t enb_ue_s1ap_id , uint32_t mme_ue_s1ap_id ,
s1ap_nas_transport : : send_downlink_nas_transport ( uint32_t enb_ue_s1ap_id , uint32_t mme_ue_s1ap_id , srslte : : byte_buffer_t * nas_msg , struct sctp_sndrcvinfo enb_sri )
srslte : : byte_buffer_t * nas_msg , struct sctp_sndrcvinfo enb_sri )
{
{
//Allocate Reply buffer
//Allocate Reply buffer
srslte : : byte_buffer_t * reply_msg = m_pool - > allocate ( ) ;
srslte : : byte_buffer_t * reply_msg = m_pool - > allocate ( ) ;
@ -343,4 +365,5 @@ s1ap_nas_transport::send_downlink_nas_transport(uint32_t enb_ue_s1ap_id, uint32_
return true ;
return true ;
}
}
} //namespace srsepc
} //namespace srsepc