drop all integrity protected NAS messages whose check is failing

- also enables integrity check for messages that are only integrity
  protected but not ciphered
master
Andre Puschmann 6 years ago
parent b577c9ac8c
commit 8697640945

@ -308,7 +308,6 @@ void nas::write_pdu(uint32_t lcid, byte_buffer_t *pdu) {
uint8 pd = 0; uint8 pd = 0;
uint8 msg_type = 0; uint8 msg_type = 0;
uint8 sec_hdr_type = 0; uint8 sec_hdr_type = 0;
bool mac_valid = false;
nas_log->info_hex(pdu->msg, pdu->N_bytes, "DL %s PDU", rrc->get_rb_name(lcid).c_str()); nas_log->info_hex(pdu->msg, pdu->N_bytes, "DL %s PDU", rrc->get_rb_name(lcid).c_str());
@ -319,11 +318,13 @@ void nas::write_pdu(uint32_t lcid, byte_buffer_t *pdu) {
case LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS: case LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS:
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_WITH_NEW_EPS_SECURITY_CONTEXT: case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_WITH_NEW_EPS_SECURITY_CONTEXT:
case LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST: case LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST:
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY:
break; break;
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY:
case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED: case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED:
if((mac_valid = integrity_check(pdu))) { if((integrity_check(pdu))) {
if (sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED) {
cipher_decrypt(pdu); cipher_decrypt(pdu);
}
break; break;
} else { } else {
nas_log->error("Not handling NAS message with integrity check error\n"); nas_log->error("Not handling NAS message with integrity check error\n");

Loading…
Cancel
Save