Enable encryption in reconfiguration and after security mode command (NOT TEST)

6 years ago · b84e49310e
parent eb3a83ac45
commit b84e49310e
5 changed files with 39 additions and 5 deletions
--- a/lib/include/srslte/interfaces/enb_interfaces.h
+++ b/lib/include/srslte/interfaces/enb_interfaces.h
@ -203,6 +203,8 @@ public:
                               uint8_t *k_up_enc_,
                               srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
                               srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0;
+  virtual void enable_integrity(uint16_t rnti, uint32_t lcid) = 0;
+  virtual void enable_encryption(uint16_t rnti, uint32_t lcid) = 0;
 };

 // PDCP interface for RLC
--- a/srsenb/hdr/upper/pdcp.h
+++ b/srsenb/hdr/upper/pdcp.h
@ -60,7 +60,8 @@ public:
                       uint8_t *k_up_enc_,
                       srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
                       srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_);
-  
+  void enable_integrity(uint16_t rnti, uint32_t lcid);
+  void enable_encryption(uint16_t rnti, uint32_t lcid);
 private: 
  
  class user_interface_rlc : public srsue::rlc_interface_pdcp
--- a/srsenb/hdr/upper/rrc.h
+++ b/srsenb/hdr/upper/rrc.h
@ -337,7 +337,8 @@ private:
                          uint8_t *k_up_int,
                          srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo,
                          srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo);
-
+  void enable_integrity(uint16_t rnti, uint32_t lcid);
+  void enable_encryption(uint16_t rnti, uint32_t lcid);
  srslte::byte_buffer_pool* pool;
  srslte::byte_buffer_t     byte_buf_paging;

--- a/srsenb/src/upper/pdcp.cc
+++ b/srsenb/src/upper/pdcp.cc
@ -117,12 +117,24 @@ void pdcp::config_security(uint16_t rnti, uint32_t lcid, uint8_t* k_rrc_enc_, ui
  pthread_rwlock_rdlock(&rwlock);
  if (users.count(rnti)) {
    users[rnti].pdcp->config_security(lcid, k_rrc_enc_, k_rrc_int_, k_up_enc_, cipher_algo_, integ_algo_);
-    users[rnti].pdcp->enable_integrity(lcid);
-    users[rnti].pdcp->enable_encryption(lcid);
  }
  pthread_rwlock_unlock(&rwlock);
 }

+void pdcp::enable_integrity(uint16_t rnti, uint32_t lcid)
+{
+  pthread_rwlock_rdlock(&rwlock);
+  users[rnti].pdcp->enable_integrity(lcid);
+  pthread_rwlock_unlock(&rwlock);
+}
+
+void pdcp::enable_encryption(uint16_t rnti, uint32_t lcid)
+{
+  pthread_rwlock_rdlock(&rwlock);
+  users[rnti].pdcp->enable_encryption(lcid);
+  pthread_rwlock_unlock(&rwlock);
+}
+
 void pdcp::write_pdu(uint16_t rnti, uint32_t lcid, srslte::byte_buffer_t* sdu)
 {
  pthread_rwlock_rdlock(&rwlock);
--- a/srsenb/src/upper/rrc.cc
+++ b/srsenb/src/upper/rrc.cc
@ -807,6 +807,16 @@ void rrc::configure_security(uint16_t rnti,
  pdcp->config_security(rnti, lcid, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
 }

+void rrc::enable_integrity(uint16_t rnti, uint32_t lcid)
+{
+  pdcp->enable_integrity(rnti, lcid);
+}
+
+void rrc::enable_encryption(uint16_t rnti, uint32_t lcid)
+{
+  pdcp->enable_encryption(rnti, lcid);
+}
+
 /*******************************************************************************
  RRC thread
 *******************************************************************************/
@ -1156,6 +1166,7 @@ void rrc::ue::handle_rrc_reconf_complete(rrc_conn_recfg_complete_s* msg, srslte:
 void rrc::ue::handle_security_mode_complete(security_mode_complete_s* msg)
 {
  parent->rrc_log->info("SecurityModeComplete transaction ID: %d\n", msg->rrc_transaction_id);
+  parent->enable_encryption(rnti, RB_ID_SRB1);
 }

 void rrc::ue::handle_security_mode_failure(security_mode_fail_s* msg)
@ -1219,6 +1230,8 @@ void rrc::ue::set_security_key(uint8_t* key, uint32_t length)
                             k_up_enc,  k_up_int,
                             cipher_algo, integ_algo);

+  parent->enable_integrity(rnti, RB_ID_SRB1);
+
  parent->rrc_log->info_hex(k_rrc_enc, 32, "RRC Encryption Key (k_rrc_enc)");
  parent->rrc_log->info_hex(k_rrc_int, 32, "RRC Integrity Key (k_rrc_int)");
  parent->rrc_log->info_hex(k_up_enc, 32, "RRC Encryption Key (k_rrc_enc)");
@ -1750,6 +1763,9 @@ void rrc::ue::send_connection_reconf(srslte::byte_buffer_t *pdu)
  pdcp_cnfg.is_control = true;
  pdcp_cnfg.is_data = false;
  parent->pdcp->add_bearer(rnti, 2, pdcp_cnfg);
+  parent->pdcp->config_security(rnti, 2, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
+  parent->pdcp->enable_integrity(rnti, 2);
+  parent->pdcp->enable_encryption(rnti, 2);

  // Configure DRB1 in RLC
  parent->rlc->add_bearer(rnti, 3, &conn_reconf->rr_cfg_ded.drb_to_add_mod_list[0].rlc_cfg);
@ -1764,7 +1780,9 @@ void rrc::ue::send_connection_reconf(srslte::byte_buffer_t *pdu)
    }
  }
  parent->pdcp->add_bearer(rnti, 3, pdcp_cnfg);
-
+  parent->pdcp->config_security(rnti, 3, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
+  parent->pdcp->enable_integrity(rnti, 3);
+  parent->pdcp->enable_encryption(rnti, 3);
  // DRB1 has already been configured in GTPU through bearer setup

  // Add NAS Attach accept