5g-team
/
srsRAN_4G
mirror of https://github.com/pvnis/srsRAN_4G.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NAS-plane encryption working (thanks to David Rupprecht)

Browse Source
master
Paul Sutton 7 years ago
parent 46f15c19e6
commit 84724d2ab1
33 changed files with 1536 additions and 258 deletions
Show Stats Download Patch File Download Diff File

3
lib/include/srslte/asn1/liblte_mme.h
Unescape Escape View File

@ -2545,6 +2545,9 @@ LIBLTE_ERROR_ENUM liblte_mme_unpack_transaction_identifier_ie(uint8
// Enums
// Structs
// Functions
LIBLTE_ERROR_ENUM liblte_mme_parse_msg_sec_header(LIBLTE_BYTE_MSG_STRUCT *msg,
uint8 *pd,
uint8 *sec_hdr_type);
LIBLTE_ERROR_ENUM liblte_mme_parse_msg_header(LIBLTE_BYTE_MSG_STRUCT *msg,
uint8 *pd,
uint8 *msg_type);

29
lib/include/srslte/common/common.h
Unescape Escape View File

@ -96,6 +96,35 @@ static const char error_text[ERROR_N_ITEMS][20] = { "None",
"Can't start",
"Already started"};
// Radio bearers
typedef enum{
RB_ID_SRB0 = 0,
RB_ID_SRB1,
RB_ID_SRB2,
RB_ID_DRB1,
RB_ID_DRB2,
RB_ID_DRB3,
RB_ID_DRB4,
RB_ID_DRB5,
RB_ID_DRB6,
RB_ID_DRB7,
RB_ID_DRB8,
RB_ID_MAX
} rb_id_t;
static const char rb_id_str[RB_ID_MAX][8] = {"SRB0", "SRB1", "SRB2",
"DRB1", "DRB2", "DRB3",
"DRB4", "DRB5", "DRB6",
"DRB7", "DRB8"};
inline const char* get_rb_name(uint32_t lcid) {
if (lcid < RB_ID_MAX) {
return rb_id_str[lcid];
} else {
return "INVALID_RB";
}
}
/******************************************************************************
* Byte and Bit buffers
*

10
lib/include/srslte/common/interfaces_common.h
Unescape Escape View File

@ -52,14 +52,12 @@ public:
:direction(direction_)
,is_control(is_control_)
,is_data(is_data_)
,do_security(false)
,sn_len(12) {}
uint8_t direction;
bool is_control;
bool is_data;
bool do_security;
uint8_t sn_len;
uint8_t direction;
bool is_control;
bool is_data;
uint8_t sn_len;
// TODO: Support the following configurations
// bool do_rohc;

67
lib/include/srslte/common/liblte_security.h
Unescape Escape View File

@ -185,6 +185,73 @@ LIBLTE_ERROR_ENUM liblte_security_128_eia2(uint8 *key,
LIBLTE_BIT_MSG_STRUCT *msg,
uint8 *mac);
/*********************************************************************
Name: liblte_security_encryption_eea1
Description: 128-bit encryption algorithm EEA1.
Document Reference: 33.401 v13.1.0 Annex B.1.2
35.215 v13.0.0 References
Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D1 v2.1
*********************************************************************/
LIBLTE_ERROR_ENUM liblte_security_encryption_eea1(uint8 *key,
uint32 count,
uint8 bearer,
uint8 direction,
uint8 *msg,
uint32 msg_len,
uint8 *out);
/*********************************************************************
Name: liblte_security_decryption_eea1
Description: 128-bit decryption algorithm EEA1.
Document Reference: 33.401 v13.1.0 Annex B.1.2
35.215 v13.0.0 References
Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D1 v2.1
*********************************************************************/
LIBLTE_ERROR_ENUM liblte_security_decryption_eea1(uint8 *key,
uint32 count,
uint8 bearer,
uint8 direction,
uint8 *ct,
uint32 ct_len,
uint8 *out);
/*********************************************************************
Name: liblte_security_encryption_eea2
Description: 128-bit encryption algorithm EEA2.
Document Reference: 33.401 v13.1.0 Annex B.1.3
*********************************************************************/
LIBLTE_ERROR_ENUM liblte_security_encryption_eea2(uint8 *key,
uint32 count,
uint8 bearer,
uint8 direction,
uint8 *msg,
uint32 msg_len,
uint8 *out);
/*********************************************************************
Name: liblte_security_decryption_eea2
Description: 128-bit decryption algorithm EEA2.
Document Reference: 33.401 v13.1.0 Annex B.1.3
*********************************************************************/
LIBLTE_ERROR_ENUM liblte_security_decryption_eea2(uint8 *key,
uint32 count,
uint8 bearer,
uint8 direction,
uint8 *ct,
uint32 ct_len,
uint8 *out);
/*********************************************************************
Name: liblte_security_milenage_f1

12
lib/include/srslte/common/liblte_ssl.h
Unescape Escape View File

@ -38,6 +38,18 @@ int aes_crypt_ecb( aes_context *ctx,
return mbedtls_aes_crypt_ecb(ctx, mode, input, output);
}
int aes_crypt_ctr(aes_context *ctx,
size_t length,
size_t *nc_off,
unsigned char nonce_counter[16],
unsigned char stream_block[16],
const unsigned char *input,
unsigned char *output )
{
return mbedtls_aes_crypt_ctr(ctx, length, nc_off, nonce_counter,
stream_block, input, output);
}
void sha256(const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char output[32], int is224 )

25
lib/include/srslte/common/nas_pcap.h
Unescape Escape View File

@ -0,0 +1,25 @@
#ifndef NAS_PCAP_H
#define NAS_PCAP_H
#include "srslte/common/pcap.h"
namespace srslte {
class nas_pcap
{
public:
nas_pcap() {enable_write=false; ue_id=0; pcap_file = NULL; }
void enable();
void open(const char *filename, uint32_t ue_id=0);
void close();
void write_nas(uint8_t *pdu, uint32_t pdu_len_bytes);
private:
bool enable_write;
FILE *pcap_file;
uint32_t ue_id;
void pack_and_write(uint8_t* pdu, uint32_t pdu_len_bytes);
};
} //namespace srsue
#endif // NAS_PCAP_H

72
lib/include/srslte/common/pcap.h
Unescape Escape View File

@ -33,6 +33,8 @@
#include <sys/time.h>
#define MAC_LTE_DLT 147
#define RRC_LTE_DLT 148
#define NAS_LTE_DLT 149
/* This structure gets written to the start of the file */
@ -113,7 +115,10 @@ typedef struct MAC_Context_Info_t {
} MAC_Context_Info_t;
/* Context information for every NAS PDU that will be logged */
typedef struct NAS_Context_Info_s {
// No Context yet
} NAS_Context_Info_t;
/**************************************************************************/
@ -218,4 +223,69 @@ inline void MAC_LTE_PCAP_Close(FILE *fd)
fclose(fd);
}
/**************************************************************************/
/* API functions for opening/writing/closing NAS-LTE PCAP files */
/* Open the file and write file header */
inline FILE *NAS_LTE_PCAP_Open(const char *fileName)
{
pcap_hdr_t file_header =
{
0xa1b2c3d4, /* magic number */
2, 4, /* version number is 2.4 */
0, /* timezone */
0, /* sigfigs - apparently all tools do this */
65535, /* snaplen - this should be long enough */
NAS_LTE_DLT /* Data Link Type (DLT). Set as unused value 149 for now */
};
FILE *fd = fopen(fileName, "w");
if (fd == NULL) {
printf("Failed to open file \"%s\" for writing\n", fileName);
return NULL;
}
/* Write the file header */
fwrite(&file_header, sizeof(pcap_hdr_t), 1, fd);
return fd;
}
/* Write an individual PDU (PCAP packet header + mac-context + mac-pdu) */
inline int NAS_LTE_PCAP_WritePDU(FILE *fd, NAS_Context_Info_t *context,
const unsigned char *PDU, unsigned int length)
{
pcaprec_hdr_t packet_header;
/* Can't write if file wasn't successfully opened */
if (fd == NULL) {
printf("Error: Can't write to empty file handle\n");
return 0;
}
/****************************************************************/
/* PCAP Header */
struct timeval t;
gettimeofday(&t, NULL);
packet_header.ts_sec = t.tv_sec;
packet_header.ts_usec = t.tv_usec;
packet_header.incl_len = length;
packet_header.orig_len = length;
/***************************************************************/
/* Now write everything to the file */
fwrite(&packet_header, sizeof(pcaprec_hdr_t), 1, fd);
fwrite(PDU, 1, length, fd);
return 1;
}
/* Close the PCAP file */
inline void NAS_LTE_PCAP_Close(FILE *fd)
{
if(fd)
fclose(fd);
}
#endif /* UEPCAP_H */

20
lib/include/srslte/common/security.h
Unescape Escape View File

@ -114,6 +114,26 @@ uint8_t security_128_eia2( uint8_t *key,
uint32_t msg_len,
uint8_t *mac);
/******************************************************************************
* Encryption / Decryption
*****************************************************************************/
uint8_t security_128_eea1( uint8_t *key,
uint32_t count,
uint8_t bearer,
uint8_t direction,
uint8_t *msg,
uint32_t msg_len,
uint8_t *msg_out);
uint8_t security_128_eea2(uint8_t *key,
uint32_t count,
uint8_t bearer,
uint8_t direction,
uint8_t *msg,
uint32_t msg_len,
uint8_t *msg_out);
/******************************************************************************
* Authentication
*****************************************************************************/

10
lib/include/srslte/interfaces/ue_interfaces.h
Unescape Escape View File

@ -118,15 +118,15 @@ public:
class nas_interface_ue
{
public:
virtual void attach_request() = 0;
virtual void deattach_request() = 0;
virtual void attach_request() = 0;
virtual void deattach_request() = 0;
};
// NAS interface for UE
class nas_interface_gw
{
public:
virtual void attach_request() = 0;
virtual void attach_request() = 0;
};
// RRC interface for MAC
@ -162,7 +162,6 @@ public:
virtual void enable_capabilities() = 0;
virtual void plmn_search() = 0;
virtual void plmn_select(LIBLTE_RRC_PLMN_IDENTITY_STRUCT plmn_id) = 0;
virtual std::string get_rb_name(uint32_t lcid) = 0;
};
// RRC interface for PDCP
@ -173,7 +172,6 @@ public:
virtual void write_pdu_bcch_bch(srslte::byte_buffer_t *pdu) = 0;
virtual void write_pdu_bcch_dlsch(srslte::byte_buffer_t *pdu) = 0;
virtual void write_pdu_pcch(srslte::byte_buffer_t *pdu) = 0;
virtual std::string get_rb_name(uint32_t lcid) = 0;
};
// RRC interface for RLC
@ -181,7 +179,6 @@ class rrc_interface_rlc
{
public:
virtual void max_retx_attempted() = 0;
virtual std::string get_rb_name(uint32_t lcid) = 0;
};
// PDCP interface for GW
@ -204,6 +201,7 @@ public:
uint8_t *k_rrc_int_,
srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0;
virtual void enable_encryption(uint32_t lcid) = 0;
};
// PDCP interface for RLC

1
lib/include/srslte/upper/pdcp.h
Unescape Escape View File

@ -62,6 +62,7 @@ public:
uint8_t *k_rrc_int,
CIPHERING_ALGORITHM_ID_ENUM cipher_algo,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo);
void enable_encryption(uint32_t lcid);
// RLC interface
void write_pdu(uint32_t lcid, byte_buffer_t *sdu);

33
lib/include/srslte/upper/pdcp_entity.h
Unescape Escape View File

@ -32,6 +32,8 @@
#include "srslte/common/common.h"
#include "srslte/interfaces/ue_interfaces.h"
#include "srslte/common/security.h"
#include "srslte/common/msg_queue.h"
#include "srslte/common/threads.h"
namespace srslte {
@ -59,6 +61,7 @@ static const char pdcp_d_c_text[PDCP_D_C_N_ITEMS][20] = {"Control PDU",
* Common interface for all PDCP entities
***************************************************************************/
class pdcp_entity
:public thread
{
public:
pdcp_entity();
@ -68,6 +71,7 @@ public:
srslte::log *log_,
uint32_t lcid_,
srslte_pdcp_config_t cfg_);
void stop();
void reset();
bool is_active();
@ -78,6 +82,7 @@ public:
uint8_t *k_rrc_int_,
CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo_);
void enable_encryption();
// RLC interface
void write_pdu(byte_buffer_t *pdu);
@ -90,9 +95,15 @@ private:
srsue::rrc_interface_pdcp *rrc;
srsue::gw_interface_pdcp *gw;
static const int PDCP_THREAD_PRIO = 7;
srslte::msg_queue rx_pdu_queue;
bool running;
bool active;
uint32_t lcid;
srslte_pdcp_config_t cfg;
bool do_integrity;
bool do_encryption;
uint32_t rx_count;
uint32_t tx_count;
@ -102,14 +113,26 @@ private:
CIPHERING_ALGORITHM_ID_ENUM cipher_algo;
INTEGRITY_ALGORITHM_ID_ENUM integ_algo;
void integrity_generate(uint8_t *key_128,
uint32_t count,
uint8_t rb_id,
uint8_t direction,
uint8_t *msg,
void integrity_generate(uint8_t *msg,
uint32_t msg_len,
uint8_t *mac);
bool integrity_verify(uint8_t *msg,
uint32_t count,
uint32_t msg_len,
uint8_t *mac);
void cipher_encrypt(uint8_t *msg,
uint32_t msg_len,
uint8_t *ct);
void cipher_decrypt(uint8_t *ct,
uint32_t count,
uint32_t ct_len,
uint8_t *msg);
void run_thread();
};
/****************************************************************************

1
lib/include/srslte/upper/rlc.h
Unescape Escape View File

@ -64,7 +64,6 @@ public:
// PDCP interface
void write_sdu(uint32_t lcid, byte_buffer_t *sdu);
std::string get_rb_name(uint32_t lcid);
// MAC interface
uint32_t get_buffer_state(uint32_t lcid);

26
lib/src/asn1/liblte_mme.cc
Unescape Escape View File

@ -4922,6 +4922,32 @@ LIBLTE_ERROR_ENUM liblte_mme_unpack_transaction_identifier_ie(uint8
MESSAGE FUNCTIONS
*******************************************************************************/
/*********************************************************************
Message Name: Security Message Header (Plain NAS Message)
Description: Security header for NAS messages.
Document Reference: 24.301 v10.2.0 Section 9.1
*********************************************************************/
LIBLTE_ERROR_ENUM liblte_mme_parse_msg_sec_header(LIBLTE_BYTE_MSG_STRUCT *msg,
uint8 *pd,
uint8 *sec_hdr_type)
{
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
if (msg != NULL &&
pd != NULL &&
sec_hdr_type != NULL)
{
*sec_hdr_type = (uint8) ((msg->msg[0] & 0xF0) >> 4);
err = LIBLTE_SUCCESS;
}
return(err);
}
/*********************************************************************
Message Name: Message Header (Plain NAS Message)

632
lib/src/common/liblte_security.cc
Unescape Escape View File

@ -55,6 +55,11 @@ typedef struct{
uint8 state[4][4];
}STATE_STRUCT;
typedef struct{
uint32 * lfsr;
uint32 * fsm;
}S3G_STATE;
/*******************************************************************************
GLOBAL VARIABLES
*******************************************************************************/
@ -76,6 +81,35 @@ static const uint8 S[256] = { 99,124,119,123,242,107,111,197, 48, 1,103, 43,254
225,248,152, 17,105,217,142,148,155, 30,135,233,206, 85, 40,223,
140,161,137, 13,191,230, 66,104, 65,153, 45, 15,176, 84,187, 22};
/* S-box SQ */
static const uint8 SQ[256] = { 0x25, 0x24, 0x73, 0x67, 0xD7, 0xAE,
0x5C, 0x30, 0xA4, 0xEE, 0x6E, 0xCB, 0x7D, 0xB5, 0x82, 0xDB,
0xE4, 0x8E, 0x48, 0x49, 0x4F, 0x5D, 0x6A, 0x78, 0x70, 0x88,
0xE8, 0x5F, 0x5E, 0x84, 0x65, 0xE2, 0xD8, 0xE9, 0xCC, 0xED,
0x40, 0x2F, 0x11, 0x28, 0x57, 0xD2, 0xAC, 0xE3, 0x4A, 0x15,
0x1B, 0xB9, 0xB2, 0x80, 0x85, 0xA6, 0x2E, 0x02, 0x47, 0x29,
0x07, 0x4B, 0x0E, 0xC1, 0x51, 0xAA, 0x89, 0xD4, 0xCA, 0x01,
0x46, 0xB3, 0xEF, 0xDD, 0x44, 0x7B, 0xC2, 0x7F, 0xBE, 0xC3,
0x9F, 0x20, 0x4C, 0x64, 0x83, 0xA2, 0x68, 0x42, 0x13, 0xB4,
0x41, 0xCD, 0xBA, 0xC6, 0xBB, 0x6D, 0x4D, 0x71, 0x21, 0xF4,
0x8D, 0xB0, 0xE5, 0x93, 0xFE, 0x8F, 0xE6, 0xCF, 0x43, 0x45,
0x31, 0x22, 0x37, 0x36, 0x96, 0xFA, 0xBC, 0x0F, 0x08, 0x52,
0x1D, 0x55, 0x1A, 0xC5, 0x4E, 0x23, 0x69, 0x7A, 0x92, 0xFF,
0x5B, 0x5A, 0xEB, 0x9A, 0x1C, 0xA9, 0xD1, 0x7E, 0x0D, 0xFC,
0x50, 0x8A, 0xB6, 0x62, 0xF5, 0x0A, 0xF8, 0xDC, 0x03, 0x3C,
0x0C, 0x39, 0xF1, 0xB8, 0xF3, 0x3D, 0xF2, 0xD5, 0x97, 0x66,
0x81, 0x32, 0xA0, 0x00, 0x06, 0xCE, 0xF6, 0xEA, 0xB7, 0x17,
0xF7, 0x8C, 0x79, 0xD6, 0xA7, 0xBF, 0x8B, 0x3F, 0x1F, 0x53,
0x63, 0x75, 0x35, 0x2C, 0x60, 0xFD, 0x27, 0xD3, 0x94, 0xA5,
0x7C, 0xA1, 0x05, 0x58, 0x2D, 0xBD, 0xD9, 0xC7, 0xAF, 0x6B,
0x54, 0x0B, 0xE0, 0x38, 0x04, 0xC8, 0x9D, 0xE7, 0x14, 0xB1,
0x87, 0x9C, 0xDF, 0x6F, 0xF9, 0xDA, 0x2A, 0xC4, 0x59, 0x16,
0x74, 0x91, 0xAB, 0x26, 0x61, 0x76, 0x34, 0x2B, 0xAD, 0x99,
0xFB, 0x72, 0xEC, 0x33, 0x12, 0xDE, 0x98, 0x3B, 0xC0, 0x9B,
0x3E, 0x18, 0x10, 0x3A, 0x56, 0xE1, 0x77, 0xC9, 0x1E, 0x9E,
0x95, 0xA3, 0x90, 0x19, 0xA8, 0x6C, 0x09, 0xD0, 0xF0, 0x86 };
static const uint8 X_TIME[256] = { 0, 2, 4, 6, 8, 10, 12, 14, 16, 18, 20, 22, 24, 26, 28, 30,
32, 34, 36, 38, 40, 42, 44, 46, 48, 50, 52, 54, 56, 58, 60, 62,
64, 66, 68, 70, 72, 74, 76, 78, 80, 82, 84, 86, 88, 90, 92, 94,
@ -195,6 +229,136 @@ void shift_row(STATE_STRUCT *state);
// Functions
void mix_column(STATE_STRUCT *state);
/*********************************************************************
Name: zero_tailing_bits
Description: Fill tailing bits with zeros.
Document Reference: -
*********************************************************************/
void zero_tailing_bits(uint8 * data, uint32 length_bits);
/*********************************************************************
Name: s3g_mul_x
Description: Multiplication with reduction.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.1.1
*********************************************************************/
uint8 s3g_mul_x(uint8 v, uint8 c);
/*********************************************************************
Name: s3g_mul_x_pow
Description: Recursive multiplication with reduction.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.1.2
*********************************************************************/
uint8 s3g_mul_x_pow(uint8 v, uint8 i, uint8 c);
/*********************************************************************
Name: s3g_mul_alpha
Description: Multiplication with alpha.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.4.2
*********************************************************************/
uint32 s3g_mul_alpha(uint8 c);
/*********************************************************************
Name: s3g_div_alpha
Description: Division by alpha.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.4.3
*********************************************************************/
uint32 s3g_div_alpha(uint8 c);
/*********************************************************************
Name: s3g_s1
Description: S-Box S1.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.3.1
*********************************************************************/
uint32 s3g_s1(uint32 w);
/*********************************************************************
Name: s3g_s2
Description: S-Box S2.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.3.2
*********************************************************************/
uint32 s3g_s2(uint32 w);
/*********************************************************************
Name: s3g_clock_lfsr
Description: Clocking LFSR.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.4.4 and Section 3.4.5
*********************************************************************/
void s3g_clock_lfsr(S3G_STATE * state, uint32 f);
/*********************************************************************
Name: s3g_clock_fsm
Description: Clocking FSM.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.4.6
*********************************************************************/
uint32 s3g_clock_fsm(S3G_STATE * state);
/*********************************************************************
Name: s3g_initialize
Description: Initialization.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 4.1
*********************************************************************/
void s3g_initialize(S3G_STATE * state, uint32 k[4], uint32 iv[4]);
/*********************************************************************
Name: s3g_deinitialize
Description: Deinitialization.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
*********************************************************************/
void s3g_deinitialize(S3G_STATE * state);
/*********************************************************************
Name: s3g_generate_keystream
Description: Generation of Keystream.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 4.2
*********************************************************************/
void s3g_generate_keystream(S3G_STATE * state, uint32 n, uint32 *ks);
/*******************************************************************************
FUNCTIONS
*******************************************************************************/
@ -682,6 +846,184 @@ LIBLTE_ERROR_ENUM liblte_security_128_eia2(uint8 *key,
return(err);
}
/*********************************************************************
Name: liblte_security_encryption_eea1
Description: 128-bit encryption algorithm EEA1.
Document Reference: 33.401 v13.1.0 Annex B.1.2
35.215 v13.0.0 References
Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D1 v2.1
*********************************************************************/
LIBLTE_ERROR_ENUM liblte_security_encryption_eea1(uint8 *key,
uint32 count,
uint8 bearer,
uint8 direction,
uint8 *msg,
uint32 msg_len,
uint8 *out)
{
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
S3G_STATE state, *state_ptr;
uint32 k[] = {0,0,0,0};
uint32 iv[] = {0,0,0,0};
uint32 *ks;
int32 i;
uint32 msg_len_block_8, msg_len_block_32, m;
if (key != NULL &&
msg != NULL &&
out != NULL)
{
state_ptr = &state;
msg_len_block_8 = (msg_len + 7) / 8;
msg_len_block_32 = (msg_len + 31) / 32;
// Transform key
for (i = 3; i >= 0; i--) {
k[i] = (key[4 * (3 - i) + 0] << 24) |
(key[4 * (3 - i) + 1] << 16) |
(key[4 * (3 - i) + 2] << 8) |
(key[4 * (3 - i) + 3]);
}
// Construct iv
iv[3] = count;
iv[2] = ((bearer & 0x1F) << 27) | ((direction & 0x01) << 26);
iv[1] = iv[3];
iv[0] = iv[2];
// Initialize keystream
s3g_initialize(state_ptr, k, iv);
// Generate keystream
ks = (uint32 *) calloc(msg_len_block_32, sizeof(uint32));
s3g_generate_keystream(state_ptr, msg_len_block_32, ks);
// Generate output except last block
for (i = 0; i < msg_len_block_32 - 1; i++) {
out[4 * i + 0] = msg[4 * i + 0] ^ ((ks[i] >> 24) & 0xFF);
out[4 * i + 1] = msg[4 * i + 1] ^ ((ks[i] >> 16) & 0xFF);
out[4 * i + 2] = msg[4 * i + 2] ^ ((ks[i] >> 8) & 0xFF);
out[4 * i + 3] = msg[4 * i + 3] ^ ((ks[i] & 0xFF));
}
// Process last bytes
for (i = (msg_len_block_32 - 1) * 4; i < msg_len_block_8;
i++) {
out[i] = msg[i] ^ ((ks[i / 4] >> ((3 - (i % 4)) * 8)) & 0xFF);
}
// Zero tailing bits
zero_tailing_bits(out, msg_len);
// Clean up
free(ks);
s3g_deinitialize(state_ptr);
err = LIBLTE_SUCCESS;
}
return(err);
}
/*********************************************************************
Name: liblte_security_decryption_eea1
Description: 128-bit decryption algorithm EEA1.
Document Reference: 33.401 v13.1.0 Annex B.1.2
35.215 v13.0.0 References
Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D1 v2.1
*********************************************************************/
LIBLTE_ERROR_ENUM liblte_security_decryption_eea1(uint8 *key,
uint32 count,
uint8 bearer,
uint8 direction,
uint8 *ct,
uint32 ct_len,
uint8 *out) {
return liblte_security_encryption_eea1(key, count, bearer,
direction, ct, ct_len, out);
}
/*********************************************************************
Name: liblte_security_encryption_eea2
Description: 128-bit encryption algorithm EEA2.
Document Reference: 33.401 v13.1.0 Annex B.1.3
*********************************************************************/
LIBLTE_ERROR_ENUM liblte_security_encryption_eea2(uint8 *key,
uint32 count,
uint8 bearer,
uint8 direction,
uint8 *msg,
uint32 msg_len,
uint8 *out)
{
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
aes_context ctx;
unsigned char stream_blk[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
unsigned char nonce_cnt[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
int32 i;
int ret;
size_t nc_off = 0;
if(key != NULL &&
msg != NULL &&
out != NULL)
{
ret = aes_setkey_enc(&ctx, key, 128);
if (ret == 0) {
// Construct nonce
nonce_cnt[0] = (count >> 24) & 0xFF;
nonce_cnt[1] = (count >> 16) & 0xFF;
nonce_cnt[2] = (count >> 8) & 0xFF;
nonce_cnt[3] = (count) & 0xFF;
nonce_cnt[4] = ((bearer & 0x1F) << 3) |
((direction & 0x01) << 2);
// Encryption
ret = aes_crypt_ctr(&ctx, (msg_len + 7) / 8, &nc_off, nonce_cnt,
stream_blk, msg, out);
}
if (ret == 0) {
// Zero tailing bits
zero_tailing_bits(out, msg_len);
err = LIBLTE_SUCCESS;
}
}
return(err);
}
/*********************************************************************
Name: liblte_security_decryption_eea2
Description: 128-bit decryption algorithm EEA2.
Document Reference: 33.401 v13.1.0 Annex B.1.3
*********************************************************************/
LIBLTE_ERROR_ENUM liblte_security_decryption_eea2(uint8 *key,
uint32 count,
uint8 bearer,
uint8 direction,
uint8 *ct,
uint32 ct_len,
uint8 *out)
{
return liblte_security_encryption_eea2(key, count, bearer,
direction, ct, ct_len, out);
}
/*********************************************************************
Name: liblte_security_milenage_f1
@ -1243,3 +1585,293 @@ void mix_column(STATE_STRUCT *state)
state->state[3][i] ^= temp ^ tmp;
}
}
/*********************************************************************
Name: zero_tailing_bits
Description: Fill tailing bits with zeros.
Document Reference: -
*********************************************************************/
void zero_tailing_bits(uint8 * data, uint32 length_bits) {
uint8 bits = (8 - (length_bits & 0x07)) & 0x07;
data[(length_bits + 7) / 8 - 1] &= (uint8) (0xFF << bits);
}
/*********************************************************************
Name: s3g_mul_x
Description: Multiplication with reduction.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.1.1
*********************************************************************/
uint8 s3g_mul_x(uint8 v, uint8 c) {
if (v & 0x80)
return ((v << 1) ^ c);
else
return (v << 1);
}
/*********************************************************************
Name: s3g_mul_x_pow
Description: Recursive multiplication with reduction.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.1.2
*********************************************************************/
uint8 s3g_mul_x_pow(uint8 v, uint8 i, uint8 c) {
if (i == 0)
return v;
else
return s3g_mul_x(s3g_mul_x_pow(v, i - 1, c), c);
}
/*********************************************************************
Name: s3g_mul_alpha
Description: Multiplication with alpha.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.4.2
*********************************************************************/
uint32 s3g_mul_alpha(uint8 c) {
return ((((uint32) s3g_mul_x_pow(c, 23, 0xa9)) << 24) |
(((uint32) s3g_mul_x_pow(c, 245, 0xa9)) << 16) |
(((uint32) s3g_mul_x_pow(c, 48, 0xa9)) << 8) |
(((uint32) s3g_mul_x_pow(c, 239, 0xa9))));
}
/*********************************************************************
Name: s3g_div_alpha
Description: Division by alpha.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.4.3
*********************************************************************/
uint32 s3g_div_alpha(uint8 c) {
return ((((uint32) s3g_mul_x_pow(c, 16, 0xa9)) << 24) |
(((uint32) s3g_mul_x_pow(c, 39, 0xa9)) << 16) |
(((uint32) s3g_mul_x_pow(c, 6, 0xa9)) << 8) |
(((uint32) s3g_mul_x_pow(c, 64, 0xa9))));
}
/*********************************************************************
Name: s3g_s1
Description: S-Box S1.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.3.1
*********************************************************************/
uint32 s3g_s1(uint32 w) {
uint8 r0 = 0, r1 = 0, r2 = 0, r3 = 0;
uint8 srw0 = S[(uint8) ((w >> 24) & 0xff)];
uint8 srw1 = S[(uint8) ((w >> 16) & 0xff)];
uint8 srw2 = S[(uint8) ((w >> 8) & 0xff)];
uint8 srw3 = S[(uint8) ((w) & 0xff)];
r0 = ((s3g_mul_x(srw0, 0x1b)) ^
(srw1) ^
(srw2) ^
((s3g_mul_x(srw3, 0x1b)) ^ srw3));
r1 = (((s3g_mul_x(srw0, 0x1b)) ^ srw0) ^
(s3g_mul_x(srw1, 0x1b)) ^
(srw2) ^
(srw3));
r2 = ((srw0) ^
((s3g_mul_x(srw1, 0x1b)) ^ srw1) ^
(s3g_mul_x(srw2, 0x1b)) ^
(srw3));
r3 = ((srw0) ^
(srw1) ^
((s3g_mul_x(srw2, 0x1b)) ^ srw2) ^
(s3g_mul_x(srw3, 0x1b)));
return ((((uint32) r0) << 24) |
(((uint32) r1) << 16) |
(((uint32) r2) << 8) |
(((uint32) r3)));
}
/*********************************************************************
Name: s3g_s2
Description: S-Box S2.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.3.2
*********************************************************************/
uint32 s3g_s2(uint32 w) {
uint8 r0 = 0, r1 = 0, r2 = 0, r3 = 0;
uint8 sqw0 = SQ[(uint8) ((w >> 24) & 0xff)];
uint8 sqw1 = SQ[(uint8) ((w >> 16) & 0xff)];
uint8 sqw2 = SQ[(uint8) ((w >> 8) & 0xff)];
uint8 sqw3 = SQ[(uint8) ((w) & 0xff)];
r0 = ((s3g_mul_x(sqw0, 0x69)) ^
(sqw1) ^
(sqw2) ^
((s3g_mul_x(sqw3, 0x69)) ^ sqw3));
r1 = (((s3g_mul_x(sqw0, 0x69)) ^ sqw0) ^
(s3g_mul_x(sqw1, 0x69)) ^
(sqw2) ^
(sqw3));
r2 = ((sqw0) ^
((s3g_mul_x(sqw1, 0x69)) ^ sqw1) ^
(s3g_mul_x(sqw2, 0x69)) ^
(sqw3));
r3 = ((sqw0) ^
(sqw1) ^
((s3g_mul_x(sqw2, 0x69)) ^ sqw2) ^
(s3g_mul_x(sqw3, 0x69)));
return ((((uint32) r0) << 24) |
(((uint32) r1) << 16) |
(((uint32) r2) << 8) |
(((uint32) r3)));
}
/*********************************************************************
Name: s3g_clock_lfsr
Description: Clocking LFSR.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.4.4 and Section 3.4.5
*********************************************************************/
void s3g_clock_lfsr(S3G_STATE * state, uint32 f) {
uint32 v = (
((state->lfsr[0] << 8) & 0xffffff00) ^
(s3g_mul_alpha((uint8) ((state->lfsr[0] >> 24) & 0xff))) ^
(state->lfsr[2]) ^
((state->lfsr[11] >> 8) & 0x00ffffff) ^
(s3g_div_alpha((uint8) ((state->lfsr[11]) & 0xff))) ^
(f)
);
uint8 i;
for (i = 0; i < 15; i++) {
state->lfsr[i] = state->lfsr[i + 1];
}
state->lfsr[15] = v;
}
/*********************************************************************
Name: s3g_clock_fsm
Description: Clocking FSM.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 3.4.6
*********************************************************************/
uint32 s3g_clock_fsm(S3G_STATE * state) {
uint32 f = ((state->lfsr[15] + state->fsm[0]) & 0xffffffff) ^
state->fsm[1];
uint32 r = (state->fsm[1] + (state->fsm[2] ^ state->lfsr[5])) &
0xffffffff;
state->fsm[2] = s3g_s2(state->fsm[1]);
state->fsm[1] = s3g_s1(state->fsm[0]);
state->fsm[0] = r;
return f;
}
/*********************************************************************
Name: s3g_initialize
Description: Initialization.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 4.1
*********************************************************************/
void s3g_initialize(S3G_STATE * state, uint32 k[4], uint32 iv[4]) {
uint8 i = 0;
uint32 f = 0x0;
state->lfsr = (uint32 *) calloc(16, sizeof(uint32));
state->fsm = (uint32 *) calloc( 3, sizeof(uint32));
state->lfsr[15] = k[3] ^ iv[0];
state->lfsr[14] = k[2];
state->lfsr[13] = k[1];
state->lfsr[12] = k[0] ^ iv[1];
state->lfsr[11] = k[3] ^ 0xffffffff;
state->lfsr[10] = k[2] ^ 0xffffffff ^ iv[2];
state->lfsr[ 9] = k[1] ^ 0xffffffff ^ iv[3];
state->lfsr[ 8] = k[0] ^ 0xffffffff;
state->lfsr[ 7] = k[3];
state->lfsr[ 6] = k[2];
state->lfsr[ 5] = k[1];
state->lfsr[ 4] = k[0];
state->lfsr[ 3] = k[3] ^ 0xffffffff;
state->lfsr[ 2] = k[2] ^ 0xffffffff;
state->lfsr[ 1] = k[1] ^ 0xffffffff;
state->lfsr[ 0] = k[0] ^ 0xffffffff;
state->fsm[0] = 0x0;
state->fsm[1] = 0x0;
state->fsm[2] = 0x0;
for (i = 0; i < 32; i++) {
f = s3g_clock_fsm(state);
s3g_clock_lfsr(state, f);
}
}
/*********************************************************************
Name: s3g_deinitialize
Description: Deinitialization.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
*********************************************************************/
void s3g_deinitialize(S3G_STATE * state) {
free(state->lfsr);
free(state->fsm);
}
/*********************************************************************
Name: s3g_generate_keystream
Description: Generation of Keystream.
Document Reference: Specification of the 3GPP Confidentiality and
Integrity Algorithms UEA2 & UIA2 D2 v1.1
Section 4.2
*********************************************************************/
void s3g_generate_keystream(S3G_STATE * state, uint32 n, uint32 *ks) {
uint32 t = 0;
uint32 f = 0x0;
// Clock FSM once. Discard the output.
s3g_clock_fsm(state);
// Clock LFSR in keystream mode once.
s3g_clock_lfsr(state, 0x0);
for (t = 0; t < n; t++) {
f = s3g_clock_fsm(state);
// Note that ks[t] corresponds to z_{t+1} in section 4.2
ks[t] = f ^ state->lfsr[0];
s3g_clock_lfsr(state, 0x0);
}
}

2
lib/src/common/mac_pcap.cc
Unescape Escape View File

@ -46,7 +46,7 @@ void mac_pcap::open(const char* filename, uint32_t ue_id)
}
void mac_pcap::close()
{
fprintf(stdout, "Saving PCAP file\n");
fprintf(stdout, "Saving MAC PCAP file\n");
MAC_LTE_PCAP_Close(pcap_file);
}

35
lib/src/common/nas_pcap.cc
Unescape Escape View File

@ -0,0 +1,35 @@
#include <stdint.h>
#include "srslte/srslte.h"
#include "srslte/common/pcap.h"
#include "srslte/common/nas_pcap.h"
namespace srslte {
void nas_pcap::enable()
{
enable_write = true;
}
void nas_pcap::open(const char* filename, uint32_t ue_id)
{
pcap_file = NAS_LTE_PCAP_Open(filename);
ue_id = ue_id;
enable_write = true;
}
void nas_pcap::close()
{
fprintf(stdout, "Saving NAS PCAP file\n");
MAC_LTE_PCAP_Close(pcap_file);
}
void nas_pcap::write_nas(uint8_t *pdu, uint32_t pdu_len_bytes)
{
if (enable_write) {
NAS_Context_Info_t context;
if (pdu) {
NAS_LTE_PCAP_WritePDU(pcap_file, &context, pdu, pdu_len_bytes);
}
}
}
}

40
lib/src/common/security.cc
Unescape Escape View File

@ -146,6 +146,46 @@ uint8_t security_128_eia2( uint8_t *key,
mac);
}
/******************************************************************************
* Encryption / Decryption
*****************************************************************************/
uint8_t security_128_eea1(uint8_t *key,
uint32_t count,
uint8_t bearer,
uint8_t direction,
uint8_t *msg,
uint32_t msg_len,
uint8_t *msg_out){
return liblte_security_encryption_eea1(key,
count,
bearer,
direction,
msg,
msg_len * 8,
msg_out);
}
uint8_t security_128_eea2(uint8_t *key,
uint32_t count,
uint8_t bearer,
uint8_t direction,
uint8_t *msg,
uint32_t msg_len,
uint8_t *msg_out){
return liblte_security_encryption_eea2(key,
count,
bearer,
direction,
msg,
msg_len * 8,
msg_out);
}
/******************************************************************************
* Authentication
*****************************************************************************/

16
lib/src/upper/pdcp.cc
Unescape Escape View File

@ -51,7 +51,11 @@ void pdcp::init(srsue::rlc_interface_pdcp *rlc_, srsue::rrc_interface_pdcp *rrc_
}
void pdcp::stop()
{}
{
for(uint32_t i=0;i<SRSLTE_N_RADIO_BEARERS;i++) {
pdcp_array[i].stop();
}
}
void pdcp::reset()
{
@ -88,9 +92,9 @@ void pdcp::add_bearer(uint32_t lcid, srslte_pdcp_config_t cfg)
}
if (!pdcp_array[lcid].is_active()) {
pdcp_array[lcid].init(rlc, rrc, gw, pdcp_log, lcid, cfg);
pdcp_log->info("Added bearer %s\n", rrc->get_rb_name(lcid).c_str());
pdcp_log->info("Added bearer %s\n", get_rb_name(lcid));
} else {
pdcp_log->warning("Bearer %s already configured. Reconfiguration not supported\n", rrc->get_rb_name(lcid).c_str());
pdcp_log->warning("Bearer %s already configured. Reconfiguration not supported\n", get_rb_name(lcid));
}
}
@ -104,6 +108,12 @@ void pdcp::config_security(uint32_t lcid,
pdcp_array[lcid].config_security(k_rrc_enc, k_rrc_int, cipher_algo, integ_algo);
}
void pdcp::enable_encryption(uint32_t lcid)
{
if(valid_lcid(lcid))
pdcp_array[lcid].enable_encryption();
}
/*******************************************************************************
RLC interface
*******************************************************************************/

297
lib/src/upper/pdcp_entity.cc
Unescape Escape View File

@ -45,25 +45,37 @@ void pdcp_entity::init(srsue::rlc_interface_pdcp *rlc_,
uint32_t lcid_,
srslte_pdcp_config_t cfg_)
{
rlc = rlc_;
rrc = rrc_;
gw = gw_;
log = log_;
lcid = lcid_;
cfg = cfg_;
active = true;
tx_count = 0;
rx_count = 0;
rlc = rlc_;
rrc = rrc_;
gw = gw_;
log = log_;
lcid = lcid_;
cfg = cfg_;
active = true;
tx_count = 0;
rx_count = 0;
do_integrity = false;
do_encryption = false;
start(PDCP_THREAD_PRIO);
log->debug("Init %s\n", get_rb_name(lcid));
}
log->debug("Init %s\n", rrc->get_rb_name(lcid).c_str());
void pdcp_entity::stop()
{
if(running) {
running = false;
thread_cancel();
wait_thread_finish();
}
}
void pdcp_entity::reset()
{
active = false;
if(log)
log->debug("Reset %s\n", rrc->get_rb_name(lcid).c_str());
log->debug("Reset %s\n", get_rb_name(lcid));
}
bool pdcp_entity::is_active()
@ -74,17 +86,15 @@ bool pdcp_entity::is_active()
// RRC interface
void pdcp_entity::write_sdu(byte_buffer_t *sdu)
{
log->info_hex(sdu->msg, sdu->N_bytes, "TX %s SDU, do_security = %s", rrc->get_rb_name(lcid).c_str(), (cfg.do_security)?"true":"false");
log->info_hex(sdu->msg, sdu->N_bytes,
"TX %s SDU, do_integrity = %s, do_encryption = %s", get_rb_name(lcid),
(do_integrity) ? "true" : "false", (do_encryption) ? "true" : "false");
if (cfg.is_control) {
pdcp_pack_control_pdu(tx_count, sdu);
if(cfg.do_security)
if(do_integrity)
{
integrity_generate(&k_rrc_int[16],
tx_count,
lcid-1,
cfg.direction,
sdu->msg,
integrity_generate(sdu->msg,
sdu->N_bytes-4,
&sdu->msg[sdu->N_bytes-4]);
}
@ -107,7 +117,7 @@ void pdcp_entity::config_security(uint8_t *k_rrc_enc_,
CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo_)
{
cfg.do_security = true;
do_integrity = true;
for(int i=0; i<32; i++)
{
k_rrc_enc[i] = k_rrc_enc_[i];
@ -117,43 +127,18 @@ void pdcp_entity::config_security(uint8_t *k_rrc_enc_,
integ_algo = integ_algo_;
}
void pdcp_entity::enable_encryption()
{
do_encryption = true;
}
// RLC interface
void pdcp_entity::write_pdu(byte_buffer_t *pdu)
{
if (cfg.is_data) {
uint32_t sn;
if(12 == cfg.sn_len)
{
pdcp_unpack_data_pdu_long_sn(pdu, &sn);
} else {
pdcp_unpack_data_pdu_short_sn(pdu, &sn);
}
log->info_hex(pdu->msg, pdu->N_bytes, "RX %s PDU: %d", rrc->get_rb_name(lcid).c_str(), sn);
gw->write_pdu(lcid, pdu);
} else {
if (cfg.is_control) {
uint32_t sn;
pdcp_unpack_control_pdu(pdu, &sn);
log->info_hex(pdu->msg, pdu->N_bytes, "RX %s SDU SN: %d",
rrc->get_rb_name(lcid).c_str(), sn);
} else {
log->info_hex(pdu->msg, pdu->N_bytes, "RX %s PDU", rrc->get_rb_name(lcid).c_str());
}
// pass to RRC
rrc->write_pdu(lcid, pdu);
}
rx_pdu_queue.write(pdu);
}
void pdcp_entity::integrity_generate( uint8_t *key_128,
uint32_t count,
uint8_t rb_id,
uint8_t direction,
uint8_t *msg,
void pdcp_entity::integrity_generate( uint8_t *msg,
uint32_t msg_len,
uint8_t *mac)
{
@ -162,19 +147,19 @@ void pdcp_entity::integrity_generate( uint8_t *key_128,
case INTEGRITY_ALGORITHM_ID_EIA0:
break;
case INTEGRITY_ALGORITHM_ID_128_EIA1:
security_128_eia1(key_128,
count,
rb_id,
direction,
security_128_eia1(&k_rrc_int[16],
tx_count,
lcid-1,
cfg.direction,
msg,
msg_len,
mac);
break;
case INTEGRITY_ALGORITHM_ID_128_EIA2:
security_128_eia2(key_128,
count,
rb_id,
direction,
security_128_eia2(&k_rrc_int[16],
tx_count,
lcid-1,
cfg.direction,
msg,
msg_len,
mac);
@ -184,6 +169,198 @@ void pdcp_entity::integrity_generate( uint8_t *key_128,
}
}
bool pdcp_entity::integrity_verify(uint8_t *msg,
uint32_t count,
uint32_t msg_len,
uint8_t *mac)
{
uint8_t mac_exp[4] = {0x00};
uint8_t i = 0;
bool isValid = true;
switch(integ_algo)
{
case INTEGRITY_ALGORITHM_ID_EIA0:
break;
case INTEGRITY_ALGORITHM_ID_128_EIA1:
security_128_eia1(&k_rrc_int[16],
count,
lcid-1,
( cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) : (SECURITY_DIRECTION_DOWNLINK),
msg,
msg_len,
mac_exp);
break;
case INTEGRITY_ALGORITHM_ID_128_EIA2:
security_128_eia2(&k_rrc_int[16],
count,
lcid-1,
( cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) : (SECURITY_DIRECTION_DOWNLINK),
msg,
msg_len,
mac_exp);
break;
default:
break;
}
switch(integ_algo)
{
case INTEGRITY_ALGORITHM_ID_EIA0:
break;
case INTEGRITY_ALGORITHM_ID_128_EIA1: // Intentional fall-through
case INTEGRITY_ALGORITHM_ID_128_EIA2:
for(i=0; i<4; i++){
if(mac[i] != mac_exp[i]){
log->error_hex(mac_exp, 4, "MAC mismatch (expected)");
log->error_hex(mac, 4, "MAC mismatch (found)");
isValid = false;
break;
}
}
if (isValid){
log->info_hex(mac_exp, 4, "MAC match (expected)");
log->info_hex(mac, 4, "MAC match (found)");
}
break;
default:
break;
}
return isValid;
}
void pdcp_entity::cipher_encrypt(uint8_t *msg,
uint32_t msg_len,
uint8_t *ct)
{
byte_buffer_t ct_tmp;
switch(cipher_algo)
{
case CIPHERING_ALGORITHM_ID_EEA0:
break;
case CIPHERING_ALGORITHM_ID_128_EEA1:
security_128_eea1(&(k_rrc_enc[16]),
tx_count,
lcid - 1,
cfg.direction,
msg,
msg_len,
ct_tmp.msg);
memcpy(ct, ct_tmp.msg, msg_len);
break;
case CIPHERING_ALGORITHM_ID_128_EEA2:
security_128_eea2(&(k_rrc_enc[16]),
tx_count,
lcid - 1,
cfg.direction,
msg,
msg_len,
ct_tmp.msg);
memcpy(ct, ct_tmp.msg, msg_len);
break;
default:
break;
}
}
void pdcp_entity::cipher_decrypt(uint8_t *ct,
uint32_t count,
uint32_t ct_len,
uint8_t *msg)
{
byte_buffer_t msg_tmp;
switch(cipher_algo)
{
case CIPHERING_ALGORITHM_ID_EEA0:
break;
case CIPHERING_ALGORITHM_ID_128_EEA1:
security_128_eea1(&(k_rrc_enc[16]),
count,
lcid - 1,
( cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) : (SECURITY_DIRECTION_DOWNLINK),
ct,
ct_len,
msg_tmp.msg);
break;
case CIPHERING_ALGORITHM_ID_128_EEA2:
security_128_eea2(&(k_rrc_enc[16]),
count,
lcid - 1,
( cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) : (SECURITY_DIRECTION_DOWNLINK),
ct,
ct_len,
msg_tmp.msg);
memcpy(msg, msg_tmp.msg, ct_len);
break;
default:
break;
}
}
void pdcp_entity::run_thread()
{
byte_buffer_t *pdu;
running = true;
while(running) {
rx_pdu_queue.read(&pdu);
// Handle SRB messages
switch(lcid)
{
case RB_ID_SRB0:
// Simply pass on to RRC
log->info_hex(pdu->msg, pdu->N_bytes, "RX %s PDU", get_rb_name(lcid));
rrc->write_pdu(RB_ID_SRB0, pdu);
break;
case RB_ID_SRB1: // Intentional fall-through
case RB_ID_SRB2:
uint32_t sn;
log->info_hex(pdu->msg, pdu->N_bytes, "RX %s PDU", get_rb_name(lcid));
if (do_encryption) {
cipher_decrypt(&(pdu->msg[1]),
pdu->msg[0],
pdu->N_bytes - 1,
&(pdu->msg[1]));
log->info_hex(pdu->msg, pdu->N_bytes, "RX %s PDU (decrypted)", get_rb_name(lcid));
}
if (do_integrity) {
integrity_verify(pdu->msg,
pdu->msg[0],
pdu->N_bytes - 4,
&(pdu->msg[pdu->N_bytes - 4]));
}
pdcp_unpack_control_pdu(pdu, &sn);
log->info_hex(pdu->msg, pdu->N_bytes, "RX %s SDU SN: %d",
get_rb_name(lcid), sn);
rrc->write_pdu(lcid, pdu);
break;
}
// Handle DRB messages
if(lcid >= RB_ID_DRB1)
{
uint32_t sn;
if(12 == cfg.sn_len)
{
pdcp_unpack_data_pdu_long_sn(pdu, &sn);
} else {
pdcp_unpack_data_pdu_short_sn(pdu, &sn);
}
log->info_hex(pdu->msg, pdu->N_bytes, "RX %s PDU: %d", get_rb_name(lcid), sn);
gw->write_pdu(lcid, pdu);
}
}
}
/****************************************************************************
* Pack/Unpack helper functions
* Ref: 3GPP TS 36.323 v10.1.0

14
lib/src/upper/rlc.cc
Unescape Escape View File

@ -123,11 +123,6 @@ void rlc::write_sdu(uint32_t lcid, byte_buffer_t *sdu)
}
}
std::string rlc::get_rb_name(uint32_t lcid)
{
return rrc->get_rb_name(lcid);
}
/*******************************************************************************
MAC interface
*******************************************************************************/
@ -217,11 +212,10 @@ void rlc::add_bearer(uint32_t lcid)
cnfg.dl_am_rlc.t_status_prohibit = LIBLTE_RRC_T_STATUS_PROHIBIT_MS0;
add_bearer(lcid, srslte_rlc_config_t(&cnfg));
} else {
rlc_log->warning("Bearer %s already configured. Reconfiguration not supported\n", get_rb_name(lcid).c_str());
rlc_log->warning("Bearer %s already configured. Reconfiguration not supported\n", get_rb_name(lcid));
}
}else{
rlc_log->error("Radio bearer %s does not support default RLC configuration.\n",
get_rb_name(lcid).c_str());
rlc_log->error("Radio bearer %s does not support default RLC configuration.\n", get_rb_name(lcid));
}
}
@ -234,7 +228,7 @@ void rlc::add_bearer(uint32_t lcid, srslte_rlc_config_t cnfg)
if (!rlc_array[lcid].active()) {
rlc_log->info("Adding radio bearer %s with mode %s\n",
get_rb_name(lcid).c_str(), liblte_rrc_rlc_mode_text[cnfg.rlc_mode]);
get_rb_name(lcid), liblte_rrc_rlc_mode_text[cnfg.rlc_mode]);
switch(cnfg.rlc_mode)
{
case LIBLTE_RRC_RLC_MODE_AM:
@ -254,7 +248,7 @@ void rlc::add_bearer(uint32_t lcid, srslte_rlc_config_t cnfg)
return;
}
} else {
rlc_log->warning("Bearer %s already created.\n", get_rb_name(lcid).c_str());
rlc_log->warning("Bearer %s already created.\n", get_rb_name(lcid));
}
rlc_array[lcid].configure(cnfg);

76
lib/src/upper/rlc_am.cc
Unescape Escape View File

@ -79,7 +79,7 @@ void rlc_am::configure(srslte_rlc_config_t cfg_)
cfg = cfg_.am;
log->info("%s configured: t_poll_retx=%d, poll_pdu=%d, poll_byte=%d, max_retx_thresh=%d, "
"t_reordering=%d, t_status_prohibit=%d\n",
rrc->get_rb_name(lcid).c_str(), cfg.t_poll_retx, cfg.poll_pdu, cfg.poll_byte, cfg.max_retx_thresh,
get_rb_name(lcid), cfg.t_poll_retx, cfg.poll_pdu, cfg.poll_byte, cfg.max_retx_thresh,
cfg.t_reordering, cfg.t_status_prohibit);
}
@ -175,7 +175,7 @@ uint32_t rlc_am::get_bearer()
void rlc_am::write_sdu(byte_buffer_t *sdu)
{
log->info_hex(sdu->msg, sdu->N_bytes, "%s Tx SDU", rrc->get_rb_name(lcid).c_str());
log->info_hex(sdu->msg, sdu->N_bytes, "%s Tx SDU", get_rb_name(lcid));
tx_sdu_queue.write(sdu);
}
@ -359,7 +359,7 @@ void rlc_am::check_reordering_timeout()
if(reordering_timeout.is_running() && reordering_timeout.expired())
{
reordering_timeout.reset();
log->debug("%s reordering timeout expiry - updating vr_ms\n", rrc->get_rb_name(lcid).c_str());
log->debug("%s reordering timeout expiry - updating vr_ms\n", get_rb_name(lcid));
// 36.322 v10 Section 5.1.3.2.4
vr_ms = vr_x;
@ -433,7 +433,7 @@ int rlc_am::build_status_pdu(uint8_t *payload, uint32_t nof_bytes)
if(pdu_len > 0 && nof_bytes >= (uint32_t)pdu_len)
{
log->info("%s Tx status PDU - %s\n",
rrc->get_rb_name(lcid).c_str(), rlc_am_to_string(&status).c_str());
get_rb_name(lcid), rlc_am_to_string(&status).c_str());
do_status = false;
poll_received = false;
@ -444,7 +444,7 @@ int rlc_am::build_status_pdu(uint8_t *payload, uint32_t nof_bytes)
return rlc_am_write_status_pdu(&status, payload);
}else{
log->warning("%s Cannot tx status PDU - %d bytes available, %d bytes required\n",
rrc->get_rb_name(lcid).c_str(), nof_bytes, pdu_len);
get_rb_name(lcid), nof_bytes, pdu_len);
return 0;
}
}
@ -478,7 +478,7 @@ int rlc_am::build_retx_pdu(uint8_t *payload, uint32_t nof_bytes)
return -1;
}
if(retx.is_segment || req_size > (int)nof_bytes) {
log->debug("%s build_retx_pdu - resegmentation required\n", rrc->get_rb_name(lcid).c_str());
log->debug("%s build_retx_pdu - resegmentation required\n", get_rb_name(lcid));
return build_segment(payload, nof_bytes, retx);
}
@ -503,7 +503,7 @@ int rlc_am::build_retx_pdu(uint8_t *payload, uint32_t nof_bytes)
if(tx_window[retx.sn].retx_count >= cfg.max_retx_thresh)
rrc->max_retx_attempted();
log->info("%s Retx PDU scheduled for tx. SN: %d, retx count: %d\n",
rrc->get_rb_name(lcid).c_str(), retx.sn, tx_window[retx.sn].retx_count);
get_rb_name(lcid), retx.sn, tx_window[retx.sn].retx_count);
debug_state();
return (ptr-payload) + tx_window[retx.sn].buf->N_bytes;
@ -540,7 +540,7 @@ int rlc_am::build_segment(uint8_t *payload, uint32_t nof_bytes, rlc_amd_retx_t r
if(nof_bytes <= head_len)
{
log->warning("%s Cannot build a PDU segment - %d bytes available, %d bytes required for header\n",
rrc->get_rb_name(lcid).c_str(), nof_bytes, head_len);
get_rb_name(lcid), nof_bytes, head_len);
return 0;
}
pdu_space = nof_bytes-head_len;
@ -606,15 +606,15 @@ int rlc_am::build_segment(uint8_t *payload, uint32_t nof_bytes, rlc_amd_retx_t r
memcpy(ptr, data, len);
log->info("%s Retx PDU segment scheduled for tx. SN: %d, SO: %d\n",
rrc->get_rb_name(lcid).c_str(), retx.sn, retx.so_start);
get_rb_name(lcid), retx.sn, retx.so_start);
debug_state();
int pdu_len = (ptr-payload) + len;
if(pdu_len > (int)nof_bytes) {
log->error("%s Retx PDU segment length error. Available: %d, Used: %d\n",
rrc->get_rb_name(lcid).c_str(), nof_bytes, pdu_len);
get_rb_name(lcid), nof_bytes, pdu_len);
log->debug("%s Retx PDU segment length error. Header len: %d, Payload len: %d, N_li: %d\n",
rrc->get_rb_name(lcid).c_str(), (ptr-payload), len, new_header.N_li);
get_rb_name(lcid), (ptr-payload), len, new_header.N_li);
}
return pdu_len;
@ -662,13 +662,13 @@ int rlc_am::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
if(pdu_space <= head_len + 1)
{
log->warning("%s Cannot build a PDU - %d bytes available, %d bytes required for header\n",
rrc->get_rb_name(lcid).c_str(), nof_bytes, head_len);
get_rb_name(lcid), nof_bytes, head_len);
pool->deallocate(pdu);
return 0;
}
log->debug("%s Building PDU - pdu_space: %d, head_len: %d \n",
rrc->get_rb_name(lcid).c_str(), pdu_space, head_len);
get_rb_name(lcid), pdu_space, head_len);
// Check for SDU segment
if(tx_sdu)
@ -683,7 +683,7 @@ int rlc_am::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
if(tx_sdu->N_bytes == 0)
{
log->info("%s Complete SDU scheduled for tx. Stack latency: %ld us\n",
rrc->get_rb_name(lcid).c_str(), tx_sdu->get_latency_us());
get_rb_name(lcid), tx_sdu->get_latency_us());
pool->deallocate(tx_sdu);
tx_sdu = NULL;
}
@ -694,7 +694,7 @@ int rlc_am::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
header.fi |= RLC_FI_FIELD_NOT_START_ALIGNED; // First byte does not correspond to first byte of SDU
log->debug("%s Building PDU - added SDU segment (len:%d) - pdu_space: %d, head_len: %d \n",
rrc->get_rb_name(lcid).c_str(), to_move, pdu_space, head_len);
get_rb_name(lcid), to_move, pdu_space, head_len);
}
// Pull SDUs from queue
@ -718,7 +718,7 @@ int rlc_am::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
if(tx_sdu->N_bytes == 0)
{
log->info("%s Complete SDU scheduled for tx. Stack latency: %ld us\n",
rrc->get_rb_name(lcid).c_str(), tx_sdu->get_latency_us());
get_rb_name(lcid), tx_sdu->get_latency_us());
pool->deallocate(tx_sdu);
tx_sdu = NULL;
}
@ -728,7 +728,7 @@ int rlc_am::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
pdu_space = 0;
log->debug("%s Building PDU - added SDU segment (len:%d) - pdu_space: %d, head_len: %d \n",
rrc->get_rb_name(lcid).c_str(), to_move, pdu_space, head_len);
get_rb_name(lcid), to_move, pdu_space, head_len);
}
if(tx_sdu)
@ -737,11 +737,11 @@ int rlc_am::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
// Set Poll bit
pdu_without_poll++;
byte_without_poll += (pdu->N_bytes + head_len);
log->debug("%s pdu_without_poll: %d\n", rrc->get_rb_name(lcid).c_str(), pdu_without_poll);
log->debug("%s byte_without_poll: %d\n", rrc->get_rb_name(lcid).c_str(), byte_without_poll);
log->debug("%s pdu_without_poll: %d\n", get_rb_name(lcid), pdu_without_poll);
log->debug("%s byte_without_poll: %d\n", get_rb_name(lcid), byte_without_poll);
if(poll_required())
{
log->debug("%s setting poll bit to request status\n", rrc->get_rb_name(lcid).c_str());
log->debug("%s setting poll bit to request status\n", get_rb_name(lcid));
header.p = 1;
poll_sn = vt_s;
pdu_without_poll = 0;
@ -752,7 +752,7 @@ int rlc_am::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
// Set SN
header.sn = vt_s;
vt_s = (vt_s + 1)%MOD;
log->info("%s PDU scheduled for tx. SN: %d\n", rrc->get_rb_name(lcid).c_str(), header.sn);
log->info("%s PDU scheduled for tx. SN: %d\n", get_rb_name(lcid), header.sn);
// Place PDU in tx_window, write header and TX
tx_window[header.sn].buf = pdu;
@ -773,26 +773,26 @@ void rlc_am::handle_data_pdu(uint8_t *payload, uint32_t nof_bytes, rlc_amd_pdu_h
std::map<uint32_t, rlc_amd_rx_pdu_t>::iterator it;
log->info_hex(payload, nof_bytes, "%s Rx data PDU SN: %d",
rrc->get_rb_name(lcid).c_str(), header.sn);
get_rb_name(lcid), header.sn);
if(!inside_rx_window(header.sn)) {
if(header.p) {
log->info("%s Status packet requested through polling bit\n", rrc->get_rb_name(lcid).c_str());
log->info("%s Status packet requested through polling bit\n", get_rb_name(lcid));
do_status = true;
}
log->info("%s SN: %d outside rx window [%d:%d] - discarding\n",
rrc->get_rb_name(lcid).c_str(), header.sn, vr_r, vr_mr);
get_rb_name(lcid), header.sn, vr_r, vr_mr);
return;
}
it = rx_window.find(header.sn);
if(rx_window.end() != it) {
if(header.p) {
log->info("%s Status packet requested through polling bit\n", rrc->get_rb_name(lcid).c_str());
log->info("%s Status packet requested through polling bit\n", get_rb_name(lcid));
do_status = true;
}
log->info("%s Discarding duplicate SN: %d\n",
rrc->get_rb_name(lcid).c_str(), header.sn);
get_rb_name(lcid), header.sn);
return;
}
@ -825,7 +825,7 @@ void rlc_am::handle_data_pdu(uint8_t *payload, uint32_t nof_bytes, rlc_amd_pdu_h
// Check poll bit
if(header.p)
{
log->info("%s Status packet requested through polling bit\n", rrc->get_rb_name(lcid).c_str());
log->info("%s Status packet requested through polling bit\n", get_rb_name(lcid));
poll_received = true;
// 36.322 v10 Section 5.2.3
@ -870,16 +870,16 @@ void rlc_am::handle_data_pdu_segment(uint8_t *payload, uint32_t nof_bytes, rlc_a
std::map<uint32_t, rlc_amd_rx_pdu_segments_t>::iterator it;
log->info_hex(payload, nof_bytes, "%s Rx data PDU segment. SN: %d, SO: %d",
rrc->get_rb_name(lcid).c_str(), header.sn, header.so);
get_rb_name(lcid), header.sn, header.so);
// Check inside rx window
if(!inside_rx_window(header.sn)) {
if(header.p) {
log->info("%s Status packet requested through polling bit\n", rrc->get_rb_name(lcid).c_str());
log->info("%s Status packet requested through polling bit\n", get_rb_name(lcid));
do_status = true;
}
log->info("%s SN: %d outside rx window [%d:%d] - discarding\n",
rrc->get_rb_name(lcid).c_str(), header.sn, vr_r, vr_mr);
get_rb_name(lcid), header.sn, vr_r, vr_mr);
return;
}
@ -898,7 +898,7 @@ void rlc_am::handle_data_pdu_segment(uint8_t *payload, uint32_t nof_bytes, rlc_a
if(rx_segments.end() != it) {
if(header.p) {
log->info("%s Status packet requested through polling bit\n", rrc->get_rb_name(lcid).c_str());
log->info("%s Status packet requested through polling bit\n", get_rb_name(lcid));
do_status = true;
}
@ -928,7 +928,7 @@ void rlc_am::handle_data_pdu_segment(uint8_t *payload, uint32_t nof_bytes, rlc_a
// Check poll bit
if(header.p)
{
log->info("%s Status packet requested through polling bit\n", rrc->get_rb_name(lcid).c_str());
log->info("%s Status packet requested through polling bit\n", get_rb_name(lcid));
poll_received = true;
// 36.322 v10 Section 5.2.3
@ -946,12 +946,12 @@ void rlc_am::handle_data_pdu_segment(uint8_t *payload, uint32_t nof_bytes, rlc_a
void rlc_am::handle_control_pdu(uint8_t *payload, uint32_t nof_bytes)
{
log->info_hex(payload, nof_bytes, "%s Rx control PDU", rrc->get_rb_name(lcid).c_str());
log->info_hex(payload, nof_bytes, "%s Rx control PDU", get_rb_name(lcid));
rlc_status_pdu_t status;
rlc_am_read_status_pdu(payload, nof_bytes, &status);
log->info("%s Rx Status PDU: %s\n", rrc->get_rb_name(lcid).c_str(), rlc_am_to_string(&status).c_str());
log->info("%s Rx Status PDU: %s\n", get_rb_name(lcid), rlc_am_to_string(&status).c_str());
poll_retx_timeout.reset();
@ -989,7 +989,7 @@ void rlc_am::handle_control_pdu(uint8_t *payload, uint32_t nof_bytes)
}
} else {
log->warning("%s invalid segment NACK received for SN %d. so_start: %d, so_end: %d, N_bytes: %d\n",
rrc->get_rb_name(lcid).c_str(), i, status.nacks[j].so_start, status.nacks[j].so_end, it->second.buf->N_bytes);
get_rb_name(lcid), i, status.nacks[j].so_start, status.nacks[j].so_end, it->second.buf->N_bytes);
}
}
@ -1043,7 +1043,7 @@ void rlc_am::reassemble_rx_sdus()
rx_sdu->N_bytes += len;
rx_window[vr_r].buf->msg += len;
rx_window[vr_r].buf->N_bytes -= len;
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU", rrc->get_rb_name(lcid).c_str());
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU", get_rb_name(lcid));
rx_sdu->set_timestamp();
pdcp->write_pdu(lcid, rx_sdu);
rx_sdu = pool_allocate;
@ -1059,7 +1059,7 @@ void rlc_am::reassemble_rx_sdus()
rx_sdu->N_bytes += rx_window[vr_r].buf->N_bytes;
if(rlc_am_end_aligned(rx_window[vr_r].header.fi))
{
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU", rrc->get_rb_name(lcid).c_str());
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU", get_rb_name(lcid));
rx_sdu->set_timestamp();
pdcp->write_pdu(lcid, rx_sdu);
rx_sdu = pool_allocate;
@ -1103,7 +1103,7 @@ void rlc_am::debug_state()
{
log->debug("%s vt_a = %d, vt_ms = %d, vt_s = %d, poll_sn = %d "
"vr_r = %d, vr_mr = %d, vr_x = %d, vr_ms = %d, vr_h = %d\n",
rrc->get_rb_name(lcid).c_str(), vt_a, vt_ms, vt_s, poll_sn,
get_rb_name(lcid), vt_a, vt_ms, vt_s, poll_sn,
vr_r, vr_mr, vr_x, vr_ms, vr_h);
}

8
lib/src/upper/rlc_tm.cc
Unescape Escape View File

@ -84,7 +84,7 @@ uint32_t rlc_tm::get_bearer()
// PDCP interface
void rlc_tm::write_sdu(byte_buffer_t *sdu)
{
log->info_hex(sdu->msg, sdu->N_bytes, "%s Tx SDU", rrc->get_rb_name(lcid).c_str());
log->info_hex(sdu->msg, sdu->N_bytes, "%s Tx SDU", get_rb_name(lcid));
ul_queue.write(sdu);
}
@ -104,7 +104,7 @@ int rlc_tm::read_pdu(uint8_t *payload, uint32_t nof_bytes)
uint32_t pdu_size = ul_queue.size_tail_bytes();
if(pdu_size > nof_bytes)
{
log->error("TX %s PDU size larger than MAC opportunity\n", rrc->get_rb_name(lcid).c_str());
log->error("TX %s PDU size larger than MAC opportunity\n", get_rb_name(lcid));
return 0;
}
byte_buffer_t *buf;
@ -112,9 +112,9 @@ int rlc_tm::read_pdu(uint8_t *payload, uint32_t nof_bytes)
pdu_size = buf->N_bytes;
memcpy(payload, buf->msg, buf->N_bytes);
log->info("%s Complete SDU scheduled for tx. Stack latency: %ld us\n",
rrc->get_rb_name(lcid).c_str(), buf->get_latency_us());
get_rb_name(lcid), buf->get_latency_us());
pool->deallocate(buf);
log->info_hex(payload, pdu_size, "TX %s, %s PDU", rrc->get_rb_name(lcid).c_str(), rlc_mode_text[RLC_MODE_TM]);
log->info_hex(payload, pdu_size, "TX %s, %s PDU", get_rb_name(lcid), rlc_mode_text[RLC_MODE_TM]);
return pdu_size;
}

40
lib/src/upper/rlc_um.cc
Unescape Escape View File

@ -75,18 +75,18 @@ void rlc_um::configure(srslte_rlc_config_t cnfg_)
case LIBLTE_RRC_RLC_MODE_UM_BI:
log->info("%s configured in %s mode: "
"t_reordering=%d ms, rx_sn_field_length=%u bits, tx_sn_field_length=%u bits\n",
rrc->get_rb_name(lcid).c_str(), liblte_rrc_rlc_mode_text[cnfg_.rlc_mode],
get_rb_name(lcid), liblte_rrc_rlc_mode_text[cnfg_.rlc_mode],
cfg.t_reordering, rlc_umd_sn_size_num[cfg.rx_sn_field_length], rlc_umd_sn_size_num[cfg.rx_sn_field_length]);
break;
case LIBLTE_RRC_RLC_MODE_UM_UNI_UL:
log->info("%s configured in %s mode: tx_sn_field_length=%u bits\n",
rrc->get_rb_name(lcid).c_str(), liblte_rrc_rlc_mode_text[cnfg_.rlc_mode],
get_rb_name(lcid), liblte_rrc_rlc_mode_text[cnfg_.rlc_mode],
rlc_umd_sn_size_num[cfg.rx_sn_field_length]);
break;
case LIBLTE_RRC_RLC_MODE_UM_UNI_DL:
log->info("%s configured in %s mode: "
"t_reordering=%d ms, rx_sn_field_length=%u bits\n",
rrc->get_rb_name(lcid).c_str(), liblte_rrc_rlc_mode_text[cnfg_.rlc_mode],
get_rb_name(lcid), liblte_rrc_rlc_mode_text[cnfg_.rlc_mode],
cfg.t_reordering, rlc_umd_sn_size_num[cfg.rx_sn_field_length]);
break;
default:
@ -153,7 +153,7 @@ uint32_t rlc_um::get_bearer()
void rlc_um::write_sdu(byte_buffer_t *sdu)
{
log->info_hex(sdu->msg, sdu->N_bytes, "%s Tx SDU", rrc->get_rb_name(lcid).c_str());
log->info_hex(sdu->msg, sdu->N_bytes, "%s Tx SDU", get_rb_name(lcid));
tx_sdu_queue.write(sdu);
}
@ -216,7 +216,7 @@ void rlc_um::timer_expired(uint32_t timeout_id)
// 36.322 v10 Section 5.1.2.2.4
log->info("%s reordering timeout expiry - updating vr_ur and reassembling\n",
rrc->get_rb_name(lcid).c_str());
get_rb_name(lcid));
log->warning("Lost PDU SN: %d\n", vr_ur);
pdu_lost = true;
@ -281,7 +281,7 @@ int rlc_um::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
{
pool->deallocate(pdu);
log->warning("%s Cannot build a PDU - %d bytes available, %d bytes required for header\n",
rrc->get_rb_name(lcid).c_str(), nof_bytes, head_len);
get_rb_name(lcid), nof_bytes, head_len);
return 0;
}
@ -291,7 +291,7 @@ int rlc_um::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
uint32_t space = pdu_space-head_len;
to_move = space >= tx_sdu->N_bytes ? tx_sdu->N_bytes : space;
log->debug("%s adding remainder of SDU segment - %d bytes of %d remaining\n",
rrc->get_rb_name(lcid).c_str(), to_move, tx_sdu->N_bytes);
get_rb_name(lcid), to_move, tx_sdu->N_bytes);
memcpy(pdu_ptr, tx_sdu->msg, to_move);
last_li = to_move;
pdu_ptr += to_move;
@ -301,7 +301,7 @@ int rlc_um::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
if(tx_sdu->N_bytes == 0)
{
log->info("%s Complete SDU scheduled for tx. Stack latency: %ld us\n",
rrc->get_rb_name(lcid).c_str(), tx_sdu->get_latency_us());
get_rb_name(lcid), tx_sdu->get_latency_us());
pool->deallocate(tx_sdu);
tx_sdu = NULL;
}
@ -320,7 +320,7 @@ int rlc_um::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
uint32_t space = pdu_space-head_len;
to_move = space >= tx_sdu->N_bytes ? tx_sdu->N_bytes : space;
log->debug("%s adding new SDU segment - %d bytes of %d remaining\n",
rrc->get_rb_name(lcid).c_str(), to_move, tx_sdu->N_bytes);
get_rb_name(lcid), to_move, tx_sdu->N_bytes);
memcpy(pdu_ptr, tx_sdu->msg, to_move);
last_li = to_move;
pdu_ptr += to_move;
@ -330,7 +330,7 @@ int rlc_um::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
if(tx_sdu->N_bytes == 0)
{
log->info("%s Complete SDU scheduled for tx. Stack latency: %ld us\n",
rrc->get_rb_name(lcid).c_str(), tx_sdu->get_latency_us());
get_rb_name(lcid), tx_sdu->get_latency_us());
pool->deallocate(tx_sdu);
tx_sdu = NULL;
}
@ -345,11 +345,11 @@ int rlc_um::build_data_pdu(uint8_t *payload, uint32_t nof_bytes)
vt_us = (vt_us + 1)%cfg.tx_mod;
// Add header and TX
log->debug("%s packing PDU with length %d\n", rrc->get_rb_name(lcid).c_str(), pdu->N_bytes);
log->debug("%s packing PDU with length %d\n", get_rb_name(lcid), pdu->N_bytes);
rlc_um_write_data_pdu_header(&header, pdu);
memcpy(payload, pdu->msg, pdu->N_bytes);
uint32_t ret = pdu->N_bytes;
log->debug("%s returning length %d\n", rrc->get_rb_name(lcid).c_str(), pdu->N_bytes);
log->debug("%s returning length %d\n", get_rb_name(lcid), pdu->N_bytes);
pool->deallocate(pdu);
debug_state();
@ -363,20 +363,20 @@ void rlc_um::handle_data_pdu(uint8_t *payload, uint32_t nof_bytes)
rlc_um_read_data_pdu_header(payload, nof_bytes, cfg.rx_sn_field_length, &header);
log->info_hex(payload, nof_bytes, "RX %s Rx data PDU SN: %d",
rrc->get_rb_name(lcid).c_str(), header.sn);
get_rb_name(lcid), header.sn);
if(RX_MOD_BASE(header.sn) >= RX_MOD_BASE(vr_uh-cfg.rx_window_size) &&
RX_MOD_BASE(header.sn) < RX_MOD_BASE(vr_ur))
{
log->info("%s SN: %d outside rx window [%d:%d] - discarding\n",
rrc->get_rb_name(lcid).c_str(), header.sn, vr_ur, vr_uh);
get_rb_name(lcid), header.sn, vr_ur, vr_uh);
return;
}
it = rx_window.find(header.sn);
if(rx_window.end() != it)
{
log->info("%s Discarding duplicate SN: %d\n",
rrc->get_rb_name(lcid).c_str(), header.sn);
get_rb_name(lcid), header.sn);
return;
}
@ -451,7 +451,7 @@ void rlc_um::reassemble_rx_sdus()
log->warning("Dropping remainder of lost PDU (lower edge middle segments, vr_ur=%d, vr_ur_in_rx_sdu=%d)\n", vr_ur, vr_ur_in_rx_sdu);
rx_sdu->reset();
} else {
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU vr_ur=%d, i=%d (lower edge middle segments)", rrc->get_rb_name(lcid).c_str(), vr_ur, i);
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU vr_ur=%d, i=%d (lower edge middle segments)", get_rb_name(lcid), vr_ur, i);
rx_sdu->set_timestamp();
pdcp->write_pdu(lcid, rx_sdu);
rx_sdu = pool_allocate;
@ -471,7 +471,7 @@ void rlc_um::reassemble_rx_sdus()
log->warning("Dropping remainder of lost PDU (lower edge last segments)\n");
rx_sdu->reset();
} else {
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU vr_ur=%d (lower edge last segments)", rrc->get_rb_name(lcid).c_str(), vr_ur);
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU vr_ur=%d (lower edge last segments)", get_rb_name(lcid), vr_ur);
rx_sdu->set_timestamp();
pdcp->write_pdu(lcid, rx_sdu);
rx_sdu = pool_allocate;
@ -505,7 +505,7 @@ void rlc_um::reassemble_rx_sdus()
log->warning("Dropping remainder of lost PDU (update vr_ur middle segments, vr_ur=%d, vr_ur_in_rx_sdu=%d)\n", vr_ur, vr_ur_in_rx_sdu);
rx_sdu->reset();
} else {
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU vr_ur=%d, i=%d, (update vr_ur middle segments)", rrc->get_rb_name(lcid).c_str(), vr_ur, i);
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU vr_ur=%d, i=%d, (update vr_ur middle segments)", get_rb_name(lcid), vr_ur, i);
rx_sdu->set_timestamp();
pdcp->write_pdu(lcid, rx_sdu);
rx_sdu = pool_allocate;
@ -534,7 +534,7 @@ void rlc_um::reassemble_rx_sdus()
log->warning("Dropping remainder of lost PDU (update vr_ur last segments)\n");
rx_sdu->reset();
} else {
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU vr_ur=%d (update vr_ur last segments)", rrc->get_rb_name(lcid).c_str(), vr_ur);
log->info_hex(rx_sdu->msg, rx_sdu->N_bytes, "%s Rx SDU vr_ur=%d (update vr_ur last segments)", get_rb_name(lcid), vr_ur);
rx_sdu->set_timestamp();
pdcp->write_pdu(lcid, rx_sdu);
rx_sdu = pool_allocate;
@ -564,7 +564,7 @@ bool rlc_um::inside_reordering_window(uint16_t sn)
void rlc_um::debug_state()
{
log->debug("%s vt_us = %d, vr_ur = %d, vr_ux = %d, vr_uh = %d \n",
rrc->get_rb_name(lcid).c_str(), vt_us, vr_ur, vr_ux, vr_uh);
get_rb_name(lcid), vt_us, vr_ur, vr_ux, vr_uh);
}

1
srsue/hdr/ue.h
Unescape Escape View File

@ -88,6 +88,7 @@ private:
srsue::phy phy;
srsue::mac mac;
srslte::mac_pcap mac_pcap;
srslte::nas_pcap nas_pcap;
srslte::rlc rlc;
srslte::pdcp pdcp;
srsue::rrc rrc;

2
srsue/hdr/ue_base.h
Unescape Escape View File

@ -69,6 +69,8 @@ typedef struct {
typedef struct {
bool enable;
std::string filename;
bool nas_enable;
std::string nas_filename;
}pcap_args_t;
typedef struct {

21
srsue/hdr/upper/nas.h
Unescape Escape View File

@ -33,6 +33,7 @@
#include "srslte/interfaces/ue_interfaces.h"
#include "srslte/common/security.h"
#include "srslte/asn1/liblte_mme.h"
#include "srslte/common/nas_pcap.h"
using srslte::byte_buffer_t;
@ -57,8 +58,8 @@ static const char emm_state_text[EMM_STATE_N_ITEMS][100] = {"NULL",
"DEREGISTERED INITIATED",
"TRACKING AREA UPDATE INITIATED"};
static const bool eia_caps[8] = {false, true, true, false, false, false, false, false};
static const bool eea_caps[8] = {true, false, false, false, false, false, false, false};
static const bool eia_caps[8] = {false, true, true, false, false, false, false, false};
static const bool eea_caps[8] = {true, true, true, false, false, false, false, false};
typedef enum {
PLMN_NOT_SELECTED = 0,
@ -96,6 +97,9 @@ public:
void attach_request();
void deattach_request();
// PCAP
void start_pcap(srslte::nas_pcap *pcap_);
private:
srslte::byte_buffer_pool *pool;
srslte::log *nas_log;
@ -140,17 +144,20 @@ private:
uint8_t k_nas_enc[32];
uint8_t k_nas_int[32];
void integrity_generate(uint8_t integ_algo,
uint8_t *key_128,
// PCAP
srslte::nas_pcap *pcap = NULL;
void integrity_generate(uint8_t *key_128,
uint32_t count,
uint8_t rb_id,
uint8_t direction,
uint8_t *msg,
uint32_t msg_len,
uint8_t *mac);
void integrity_check();
void cipher_encrypt();
void cipher_decrypt();
bool integrity_check(uint32 lcid, byte_buffer_t *pdu);
void cipher_encrypt(uint32 lcid, byte_buffer_t *pdu);
void cipher_decrypt(uint32 lcid, byte_buffer_t *pdu);
bool check_cap_replay(LIBLTE_MME_UE_SECURITY_CAPABILITIES_STRUCT *caps);
// Parsers

29
srsue/hdr/upper/rrc.h
Unescape Escape View File

@ -50,11 +50,6 @@ using srslte::byte_buffer_t;
namespace srsue {
static std::string rb_id_str[] = {"SRB0", "SRB1", "SRB2",
"DRB1","DRB2","DRB3",
"DRB4","DRB5","DRB6",
"DRB7","DRB8"};
class rrc
:public rrc_interface_nas
,public rrc_interface_phy
@ -208,30 +203,6 @@ private:
void write_pdu_bcch_dlsch(byte_buffer_t *pdu);
void write_pdu_pcch(byte_buffer_t *pdu);
// Radio bearers
typedef enum{
RB_ID_SRB0 = 0,
RB_ID_SRB1,
RB_ID_SRB2,
RB_ID_DRB1,
RB_ID_DRB2,
RB_ID_DRB3,
RB_ID_DRB4,
RB_ID_DRB5,
RB_ID_DRB6,
RB_ID_DRB7,
RB_ID_DRB8,
RB_ID_MAX
} rb_id_t;
std::string get_rb_name(uint32_t lcid) {
if (lcid < RB_ID_MAX) {
return rb_id_str[lcid];
} else {
return std::string("INVALID_RB");
}
}
// RLC interface
void max_retx_attempted();

6
srsue/src/main.cc
Unescape Escape View File

@ -82,9 +82,11 @@ void parse_args(all_args_t *args, int argc, char *argv[]) {
("rrc.ue_category", bpo::value<string>(&args->ue_category_str)->default_value("4"), "UE Category (1 to 5)")
("pcap.enable", bpo::value<bool>(&args->pcap.enable)->default_value(false),
"Enable MAC packet captures for wireshark")
("pcap.enable", bpo::value<bool>(&args->pcap.enable)->default_value(false), "Enable MAC packet captures for wireshark")
("pcap.filename", bpo::value<string>(&args->pcap.filename)->default_value("ue.pcap"), "MAC layer capture filename")
("pcap.nas_enable", bpo::value<bool>(&args->pcap.nas_enable)->default_value(false), "Enable NAS packet captures for wireshark")
("pcap.nas_filename", bpo::value<string>(&args->pcap.nas_filename)->default_value("ue_nas.pcap"), "NAS layer capture filename (useful when NAS encryption is enabled)")
("trace.enable", bpo::value<bool>(&args->trace.enable)->default_value(false), "Enable PHY and radio timing traces")
("trace.phy_filename", bpo::value<string>(&args->trace.phy_filename)->default_value("ue.phy_trace"),

22
srsue/src/ue.cc
Unescape Escape View File

@ -104,13 +104,15 @@ bool ue::init(all_args_t *args_)
usim_log.set_hex_limit(args->log.usim_hex_limit);
// Set up pcap and trace
if(args->pcap.enable)
{
if(args->pcap.enable) {
mac_pcap.open(args->pcap.filename.c_str());
mac.start_pcap(&mac_pcap);
}
if(args->trace.enable)
{
if(args->pcap.nas_enable) {
nas_pcap.open(args->pcap.nas_filename.c_str());
nas.start_pcap(&nas_pcap);
}
if(args->trace.enable) {
phy.start_trace();
radio.start_trace();
}
@ -137,8 +139,7 @@ bool ue::init(all_args_t *args_)
}
printf("Opening RF device with %d RX antennas...\n", args->rf.nof_rx_ant);
if(!radio.init_multi(args->rf.nof_rx_ant, dev_args, dev_name))
{
if(!radio.init_multi(args->rf.nof_rx_ant, dev_args, dev_name)) {
printf("Failed to find device %s with args %s\n",
args->rf.device_name.c_str(), args->rf.device_args.c_str());
return false;
@ -244,12 +245,13 @@ void ue::stop()
radio.stop();
usleep(1e5);
if(args->pcap.enable)
{
if(args->pcap.enable) {
mac_pcap.close();
}
if(args->trace.enable)
{
if(args->pcap.nas_enable) {
nas_pcap.close();
}
if(args->trace.enable) {
phy.write_trace(args->trace.phy_filename);
radio.write_trace(args->trace.radio_filename);
}

223
srsue/src/upper/nas.cc
Unescape Escape View File

@ -32,6 +32,7 @@
#include <sstream>
#include "srslte/asn1/liblte_rrc.h"
#include "upper/nas.h"
#include "srslte/common/security.h"
#include "srslte/common/bcd_helpers.h"
using namespace srslte;
@ -190,11 +191,42 @@ void nas::notify_connection_setup() {
void nas::write_pdu(uint32_t lcid, byte_buffer_t *pdu) {
uint8 pd;
uint8 msg_type;
uint8 sec_hdr_type;
bool mac_valid = false;
nas_log->info_hex(pdu->msg, pdu->N_bytes, "DL %s PDU", rrc->get_rb_name(lcid).c_str());
nas_log->info_hex(pdu->msg, pdu->N_bytes, "DL %s PDU", get_rb_name(lcid));
// Parse the message
// Parse the message security header
liblte_mme_parse_msg_sec_header((LIBLTE_BYTE_MSG_STRUCT*)pdu, &pd, &sec_hdr_type);
switch(sec_hdr_type)
{
case LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS:
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_WITH_NEW_EPS_SECURITY_CONTEXT:
case LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST:
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY:
break;
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED:
mac_valid = integrity_check(lcid, pdu);
cipher_decrypt(lcid, pdu);
break;
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT:
break;
default:
nas_log->error("Not handling NAS message with SEC_HDR_TYPE=%02X\n",msg_type);
pool->deallocate(pdu);
break;
}
// Write NAS pcap
if(pcap != NULL) {
pcap->write_nas(pdu->msg, pdu->N_bytes);
}
// Parse the message header
liblte_mme_parse_msg_header((LIBLTE_BYTE_MSG_STRUCT *) pdu, &pd, &msg_type);
nas_log->info_hex(pdu->msg, pdu->N_bytes, "DL %s Decrypted PDU", get_rb_name(lcid));
// TODO: Check if message type requieres specical security header type and if it isvalid
switch (msg_type) {
case LIBLTE_MME_MSG_TYPE_ATTACH_ACCEPT:
parse_attach_accept(lcid, pdu);
@ -258,19 +290,27 @@ bool nas::get_k_asme(uint8_t *k_asme_, uint32_t n) {
return true;
}
/*******************************************************************************
PCAP
*******************************************************************************/
void nas::start_pcap(srslte::nas_pcap *pcap_)
{
pcap = pcap_;
}
/*******************************************************************************
* Security
******************************************************************************/
void nas::integrity_generate(uint8_t integ_algo,
uint8_t *key_128,
void nas::integrity_generate(uint8_t *key_128,
uint32_t count,
uint8_t rb_id,
uint8_t direction,
uint8_t *msg,
uint32_t msg_len,
uint8_t *mac) {
switch (integ_algo) {
switch (ctxt.integ_algo) {
case INTEGRITY_ALGORITHM_ID_EIA0:
break;
case INTEGRITY_ALGORITHM_ID_128_EIA1:
@ -296,16 +336,102 @@ void nas::integrity_generate(uint8_t integ_algo,
}
}
void nas::integrity_check() {
}
// This function depends to a valid k_nas_int.
// This key is generated in the security mode command.
void nas::cipher_encrypt() {
bool nas::integrity_check(uint32 lcid,
byte_buffer_t *pdu)
{
uint8_t exp_mac[4];
uint8_t *mac = &pdu->msg[1];
int i;
integrity_generate(&k_nas_int[16],
ctxt.rx_count,
lcid-1,
SECURITY_DIRECTION_DOWNLINK,
&pdu->msg[5],
pdu->N_bytes-5,
&exp_mac[0]);
// Check if expected mac equals the sent mac
for(i=0; i<4; i++){
if(exp_mac[i] != mac[i]){
nas_log->warning("Expected MAC [%02x %02x %02x %02x] does not match sent MAC [%02x %02x %02x %02x]\n", exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3], mac[0], mac[1], mac[2], mac[3]);
return false;
}
}
nas_log->info("Expected MAC [%02x %02x %02x %02x] equals sent MAC [%02x %02x %02x %02x]\n", exp_mac[0], exp_mac[1], exp_mac[2], exp_mac[3], mac[0], mac[1], mac[2], mac[3]);
return true;
}
void nas::cipher_decrypt() {
void nas::cipher_encrypt(uint32 lcid,
byte_buffer_t *pdu)
{
byte_buffer_t pdu_tmp;
switch(ctxt.cipher_algo)
{
case CIPHERING_ALGORITHM_ID_EEA0:
break;
case CIPHERING_ALGORITHM_ID_128_EEA1:
security_128_eea1(&k_nas_enc[16],
pdu->msg[5],
lcid-1,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[6],
pdu->N_bytes-6,
&pdu_tmp.msg[6]);
memcpy(&pdu->msg[6], &pdu_tmp.msg[6], pdu->N_bytes-6);
break;
case CIPHERING_ALGORITHM_ID_128_EEA2:
security_128_eea2(&k_nas_enc[16],
pdu->msg[5],
lcid-1,
SECURITY_DIRECTION_UPLINK,
&pdu->msg[6],
pdu->N_bytes-6,
&pdu_tmp.msg[6]);
memcpy(&pdu->msg[6], &pdu_tmp.msg[6], pdu->N_bytes-6);
break;
default:
nas_log->error("Ciphering algorithmus not known");
break;
}
}
void nas::cipher_decrypt(uint32 lcid,
byte_buffer_t *pdu)
{
byte_buffer_t tmp_pdu;
switch(ctxt.cipher_algo)
{
case CIPHERING_ALGORITHM_ID_EEA0:
break;
case CIPHERING_ALGORITHM_ID_128_EEA1:
security_128_eea1(&k_nas_enc[16],
pdu->msg[5],
lcid-1,
SECURITY_DIRECTION_DOWNLINK,
&pdu->msg[6],
pdu->N_bytes-6,
&tmp_pdu.msg[6]);
memcpy(&pdu->msg[6], &tmp_pdu.msg[6], pdu->N_bytes-6);
break;
case CIPHERING_ALGORITHM_ID_128_EEA2:
security_128_eea2(&k_nas_enc[16],
pdu->msg[5],
lcid-1,
SECURITY_DIRECTION_DOWNLINK,
&pdu->msg[6],
pdu->N_bytes-6,
&tmp_pdu.msg[6]);
nas_log->debug_hex(tmp_pdu.msg, pdu->N_bytes, "Decrypted");
memcpy(&pdu->msg[6], &tmp_pdu.msg[6], pdu->N_bytes-6);
break;
default:
nas_log->error("Ciphering algorithmus not known");
break;
}
}
bool nas::check_cap_replay(LIBLTE_MME_UE_SECURITY_CAPABILITIES_STRUCT *caps)
@ -418,8 +544,13 @@ void nas::parse_attach_accept(uint32_t lcid, byte_buffer_t *pdu) {
LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED,
ctxt.tx_count,
(LIBLTE_BYTE_MSG_STRUCT *) pdu);
integrity_generate(ctxt.integ_algo,
&k_nas_int[16],
// Write NAS pcap
if (pcap != NULL) {
pcap->write_nas(pdu->msg, pdu->N_bytes);
}
cipher_encrypt(lcid, pdu);
integrity_generate(&k_nas_int[16],
ctxt.tx_count,
lcid - 1,
SECURITY_DIRECTION_UPLINK,
@ -489,6 +620,10 @@ void nas::parse_authentication_request(uint32_t lcid, byte_buffer_t *pdu) {
liblte_mme_pack_authentication_response_msg(&auth_res, (LIBLTE_BYTE_MSG_STRUCT *) pdu);
nas_log->info("Sending Authentication Response\n");
// Write NAS pcap
if (pcap != NULL) {
pcap->write_nas(pdu->msg, pdu->N_bytes);
}
rrc->write_sdu(lcid, pdu);
} else {
nas_log->warning("Network authentication failure\n");
@ -567,7 +702,7 @@ void nas::parse_security_mode_command(uint32_t lcid, byte_buffer_t *pdu)
return;
}
// Reset counterd (as per 24.301 5.4.3.2)
// Reset counters (as per 24.301 5.4.3.2)
ctxt.rx_count = 0;
ctxt.tx_count = 0;
@ -583,43 +718,23 @@ void nas::parse_security_mode_command(uint32_t lcid, byte_buffer_t *pdu)
}
// Generate NAS keys
usim->generate_nas_keys(ctxt.k_asme, k_nas_enc, k_nas_int, ctxt.cipher_algo, ctxt.integ_algo);
usim->generate_nas_keys(ctxt.k_asme, k_nas_enc, k_nas_int,
ctxt.cipher_algo, ctxt.integ_algo);
nas_log->debug_hex(k_nas_enc, 32, "NAS encryption key - k_nas_enc");
nas_log->debug_hex(k_nas_int, 32, "NAS integrity key - k_nas_int");
nas_log->debug("Generating integrity check. integ_algo:%d, count_dl:%d, lcid:%d\n",
ctxt.integ_algo, ctxt.rx_count, lcid);
// Check incoming MAC
uint8_t *inMAC = &pdu->msg[1];
uint8_t genMAC[4];
integrity_generate(ctxt.integ_algo,
&k_nas_int[16],
ctxt.rx_count,
lcid - 1,
SECURITY_DIRECTION_DOWNLINK,
&pdu->msg[5],
pdu->N_bytes - 5,
genMAC);
nas_log->info_hex(inMAC, 4, "Incoming PDU MAC:");
nas_log->info_hex(genMAC, 4, "Generated PDU MAC:");
ctxt.rx_count++;
bool match = true;
for (int i = 0; i < 4; i++) {
if (inMAC[i] != genMAC[i]) {
match = false;
}
}
if(!match) {
if (integrity_check(lcid, pdu) != true) {
nas_log->warning("Sending Security Mode Reject due to integrity check failure\n");
send_security_mode_reject(LIBLTE_MME_EMM_CAUSE_SECURITY_MODE_REJECTED_UNSPECIFIED);
send_security_mode_reject(LIBLTE_MME_EMM_CAUSE_MAC_FAILURE);
pool->deallocate(pdu);
return;
}
ctxt.rx_count++;
// Take security context into use
have_ctxt = true;
@ -636,11 +751,14 @@ void nas::parse_security_mode_command(uint32_t lcid, byte_buffer_t *pdu)
// Send response
byte_buffer_t *sdu = pool_allocate;
liblte_mme_pack_security_mode_complete_msg(&sec_mode_comp,
LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED,
LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT,
ctxt.tx_count,
(LIBLTE_BYTE_MSG_STRUCT *) sdu);
integrity_generate(ctxt.integ_algo,
&k_nas_int[16],
if(pcap != NULL) {
pcap->write_nas(sdu->msg, sdu->N_bytes);
}
cipher_encrypt(lcid, sdu);
integrity_generate(&k_nas_int[16],
ctxt.tx_count,
lcid - 1,
SECURITY_DIRECTION_UPLINK,
@ -649,7 +767,7 @@ void nas::parse_security_mode_command(uint32_t lcid, byte_buffer_t *pdu)
&sdu->msg[1]);
nas_log->info("Sending Security Mode Complete nas_current_ctxt.tx_count=%d, RB=%s\n",
ctxt.tx_count,
rrc->get_rb_name(lcid).c_str());
get_rb_name(lcid));
rrc->write_sdu(lcid, sdu);
ctxt.tx_count++;
pool->deallocate(pdu);
@ -726,8 +844,7 @@ void nas::send_attach_request() {
(LIBLTE_BYTE_MSG_STRUCT *) msg);
// Add MAC
integrity_generate(ctxt.integ_algo,
&k_nas_int[16],
integrity_generate(&k_nas_int[16],
ctxt.tx_count,
cfg.lcid-1,
SECURITY_DIRECTION_UPLINK,
@ -741,6 +858,10 @@ void nas::send_attach_request() {
liblte_mme_pack_attach_request_msg(&attach_req, (LIBLTE_BYTE_MSG_STRUCT *) msg);
}
if(pcap != NULL) {
pcap->write_nas(msg->msg, msg->N_bytes);
}
nas_log->info("Sending attach request\n");
rrc->write_sdu(cfg.lcid, msg);
@ -776,6 +897,10 @@ void nas::send_security_mode_reject(uint8_t cause) {
LIBLTE_MME_SECURITY_MODE_REJECT_MSG_STRUCT sec_mode_rej;
sec_mode_rej.emm_cause = cause;
liblte_mme_pack_security_mode_reject_msg(&sec_mode_rej, (LIBLTE_BYTE_MSG_STRUCT *) msg);
if(pcap != NULL) {
pcap->write_nas(msg->msg, msg->N_bytes);
}
nas_log->info("Sending security mode reject\n");
rrc->write_sdu(cfg.lcid, msg);
}
@ -792,8 +917,7 @@ void nas::send_service_request() {
msg->N_bytes++;
uint8_t mac[4];
integrity_generate(ctxt.integ_algo,
&k_nas_int[16],
integrity_generate(&k_nas_int[16],
ctxt.tx_count,
cfg.lcid-1,
SECURITY_DIRECTION_UPLINK,
@ -805,6 +929,11 @@ void nas::send_service_request() {
msg->N_bytes++;
msg->msg[3] = mac[3];
msg->N_bytes++;
if(pcap != NULL) {
pcap->write_nas(msg->msg, msg->N_bytes);
}
nas_log->info("Sending service request\n");
rrc->write_sdu(cfg.lcid, msg);
ctxt.tx_count++;

11
srsue/src/upper/rrc.cc
Unescape Escape View File

@ -1067,7 +1067,7 @@ void rrc::write_pdu_pcch(byte_buffer_t *pdu) {
*
*******************************************************************************/
void rrc::write_sdu(uint32_t lcid, byte_buffer_t *sdu) {
rrc_log->info_hex(sdu->msg, sdu->N_bytes, "RX %s SDU", get_rb_name(lcid).c_str());
rrc_log->info_hex(sdu->msg, sdu->N_bytes, "RX %s SDU", get_rb_name(lcid));
switch (state) {
case RRC_STATE_CONNECTING:
send_con_setup_complete(sdu);
@ -1082,7 +1082,7 @@ void rrc::write_sdu(uint32_t lcid, byte_buffer_t *sdu) {
}
void rrc::write_pdu(uint32_t lcid, byte_buffer_t *pdu) {
rrc_log->info_hex(pdu->msg, pdu->N_bytes, "TX %s PDU", get_rb_name(lcid).c_str());
rrc_log->info_hex(pdu->msg, pdu->N_bytes, "TX %s PDU", get_rb_name(lcid));
rrc_log->info("TX PDU Stack latency: %ld us\n", pdu->get_latency_us());
switch (lcid) {
@ -1145,7 +1145,7 @@ void rrc::parse_dl_dcch(uint32_t lcid, byte_buffer_t *pdu) {
liblte_rrc_unpack_dl_dcch_msg((LIBLTE_BIT_MSG_STRUCT *) &bit_buf, &dl_dcch_msg);
rrc_log->info("%s - Received %s\n",
get_rb_name(lcid).c_str(),
get_rb_name(lcid),
liblte_rrc_dl_dcch_msg_type_text[dl_dcch_msg.msg_type]);
// Reset and reuse pdu buffer if possible
@ -1170,6 +1170,7 @@ void rrc::parse_dl_dcch(uint32_t lcid, byte_buffer_t *pdu) {
usim->generate_as_keys(k_asme, nas->get_ul_count()-1, k_rrc_enc, k_rrc_int, k_up_enc, k_up_int, cipher_algo, integ_algo);
pdcp->config_security(lcid, k_rrc_enc, k_rrc_int, cipher_algo, integ_algo);
send_security_mode_complete(lcid, pdu);
pdcp->enable_encryption(lcid);
break;
case LIBLTE_RRC_DL_DCCH_MSG_TYPE_RRC_CON_RECONFIG:
transaction_id = dl_dcch_msg.msg.rrc_con_reconfig.rrc_transaction_id;
@ -1663,7 +1664,7 @@ void rrc::add_srb(LIBLTE_RRC_SRB_TO_ADD_MOD_STRUCT *srb_cnfg) {
}
srbs[srb_cnfg->srb_id] = *srb_cnfg;
rrc_log->info("Added radio bearer %s\n", get_rb_name(srb_cnfg->srb_id).c_str());
rrc_log->info("Added radio bearer %s\n", get_rb_name(srb_cnfg->srb_id));
}
void rrc::add_drb(LIBLTE_RRC_DRB_TO_ADD_MOD_STRUCT *drb_cnfg) {
@ -1721,7 +1722,7 @@ void rrc::add_drb(LIBLTE_RRC_DRB_TO_ADD_MOD_STRUCT *drb_cnfg) {
drbs[lcid] = *drb_cnfg;
drb_up = true;
rrc_log->info("Added radio bearer %s\n", get_rb_name(lcid).c_str());
rrc_log->info("Added radio bearer %s\n", get_rb_name(lcid));
}
void rrc::release_drb(uint8_t lcid) {

8
srsue/src/upper/usim.cc
Unescape Escape View File

@ -223,6 +223,8 @@ void usim::generate_nas_keys(uint8_t *k_asme,
integ_algo,
k_nas_enc,
k_nas_int);
}
/*******************************************************************************
@ -239,9 +241,9 @@ void usim::generate_as_keys(uint8_t *k_asme,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo)
{
// Generate K_enb
security_generate_k_enb( k_asme,
count_ul,
k_enb);
security_generate_k_enb( k_asme,
count_ul,
k_enb);
// Generate K_rrc_enc and K_rrc_int
security_generate_k_rrc( k_enb,

2
srsue/ue.conf.example
Unescape Escape View File

@ -50,6 +50,8 @@ rx_gain = 40
[pcap]
enable = false
filename = /tmp/ue.pcap
nas_enable = false
nas_filename = /tmp/nas.pcap
#####################################################################
# Log configuration

Write Preview
Loading…
Cancel
Save