From d3b682808230ad65a3aa0153e259549171369345 Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Wed, 17 Jul 2019 13:29:20 +0100 Subject: [PATCH] Changed PDCP configuration to explicitly have tx and rx direction. Decrypt on PDCP NR seems fine. --- lib/include/srslte/common/interfaces_common.h | 9 ++- lib/include/srslte/upper/pdcp_entity_base.h | 3 +- lib/src/upper/pdcp_entity_base.cc | 61 +++++++------------ lib/test/upper/pdcp_nr_test.cc | 6 +- srsenb/src/stack/rrc/rrc.cc | 45 ++++++++------ srsue/src/stack/rrc/rrc.cc | 6 +- 6 files changed, 61 insertions(+), 69 deletions(-) diff --git a/lib/include/srslte/common/interfaces_common.h b/lib/include/srslte/common/interfaces_common.h index 8dabb7a8f..9d456a01c 100644 --- a/lib/include/srslte/common/interfaces_common.h +++ b/lib/include/srslte/common/interfaces_common.h @@ -77,10 +77,12 @@ typedef enum { PDCP_RB_IS_SRB, PDCP_RB_IS_DRB } pdcp_rb_type_t; class srslte_pdcp_config_t { public: - srslte_pdcp_config_t(uint8_t bearer_id_, pdcp_rb_type_t rb_type_, uint8_t direction_, uint8_t sn_len_) : + srslte_pdcp_config_t( + uint8_t bearer_id_, pdcp_rb_type_t rb_type_, uint8_t tx_direction_, uint8_t rx_direction_, uint8_t sn_len_) : bearer_id(bearer_id_), rb_type(rb_type_), - direction(direction_), + tx_direction(tx_direction_), + rx_direction(rx_direction_), sn_len(sn_len_) { hdr_len_bytes = ceil((float)sn_len / 8); @@ -88,7 +90,8 @@ public: uint8_t bearer_id; pdcp_rb_type_t rb_type; - uint8_t direction; + uint8_t tx_direction; + uint8_t rx_direction; uint8_t sn_len; uint8_t hdr_len_bytes; diff --git a/lib/include/srslte/upper/pdcp_entity_base.h b/lib/include/srslte/upper/pdcp_entity_base.h index 484900405..2d2cd369a 100644 --- a/lib/include/srslte/upper/pdcp_entity_base.h +++ b/lib/include/srslte/upper/pdcp_entity_base.h @@ -93,7 +93,8 @@ protected: bool do_integrity = false; bool do_encryption = false; - srslte_pdcp_config_t cfg = {1, PDCP_RB_IS_DRB, SECURITY_DIRECTION_UPLINK, PDCP_SN_LEN_12}; + srslte_pdcp_config_t cfg = { + 1, PDCP_RB_IS_DRB, SECURITY_DIRECTION_DOWNLINK, SECURITY_DIRECTION_UPLINK, PDCP_SN_LEN_12}; std::mutex mutex; diff --git a/lib/src/upper/pdcp_entity_base.cc b/lib/src/upper/pdcp_entity_base.cc index c5d158df2..0d41efd9d 100644 --- a/lib/src/upper/pdcp_entity_base.cc +++ b/lib/src/upper/pdcp_entity_base.cc @@ -45,6 +45,15 @@ void pdcp_entity_base::config_security(uint8_t* k_rrc_enc_, } cipher_algo = cipher_algo_; integ_algo = integ_algo_; + + log->info("Configuring security with %s and %s\n", + integrity_algorithm_id_text[integ_algo], + ciphering_algorithm_id_text[cipher_algo]); + + log->debug_hex(k_rrc_enc, 32,"K_rrc_enc"); + log->debug_hex(k_up_enc, 32,"K_up_enc"); + log->debug_hex(k_rrc_int, 32,"K_rrc_int"); + log->debug_hex(k_up_int, 32,"K_up_int"); } @@ -70,7 +79,7 @@ void pdcp_entity_base::integrity_generate(uint8_t* msg, uint32_t msg_len, uint32 security_128_eia1(&k_int[16], count, cfg.bearer_id - 1, - cfg.direction, + cfg.tx_direction, msg, msg_len, mac); @@ -79,7 +88,7 @@ void pdcp_entity_base::integrity_generate(uint8_t* msg, uint32_t msg_len, uint32 security_128_eia2(&k_int[16], count, cfg.bearer_id - 1, - cfg.direction, + cfg.tx_direction, msg, msg_len, mac); @@ -91,7 +100,7 @@ void pdcp_entity_base::integrity_generate(uint8_t* msg, uint32_t msg_len, uint32 log->debug("Integrity gen input: COUNT %d, Bearer ID %d, Direction %s\n", count, cfg.bearer_id, - (cfg.direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink")); + (cfg.tx_direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink")); log->debug_hex(msg, msg_len, "Integrity gen input msg:"); log->debug_hex(mac, 4, "MAC (generated)"); } @@ -113,24 +122,10 @@ bool pdcp_entity_base::integrity_verify(uint8_t* msg, uint32_t msg_len, uint32_t case INTEGRITY_ALGORITHM_ID_EIA0: break; case INTEGRITY_ALGORITHM_ID_128_EIA1: - security_128_eia1(&k_int[16], - count, - cfg.bearer_id - 1, - (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) - : (SECURITY_DIRECTION_DOWNLINK), - msg, - msg_len, - mac_exp); + security_128_eia1(&k_int[16], count, cfg.bearer_id - 1, cfg.rx_direction, msg, msg_len, mac_exp); break; case INTEGRITY_ALGORITHM_ID_128_EIA2: - security_128_eia2(&k_int[16], - count, - cfg.bearer_id - 1, - (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) - : (SECURITY_DIRECTION_DOWNLINK), - msg, - msg_len, - mac_exp); + security_128_eia2(&k_int[16], count, cfg.bearer_id - 1, cfg.rx_direction, msg, msg_len, mac_exp); break; default: break; @@ -139,7 +134,7 @@ bool pdcp_entity_base::integrity_verify(uint8_t* msg, uint32_t msg_len, uint32_t log->debug("Integrity check input: COUNT %d, Bearer ID %d, Direction %s\n", count, cfg.bearer_id, - (cfg.direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink")); + cfg.rx_direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink"); log->debug_hex(msg, msg_len, "Integrity check input msg:"); if (integ_algo != INTEGRITY_ALGORITHM_ID_EIA0) { @@ -174,18 +169,18 @@ void pdcp_entity_base::cipher_encrypt(uint8_t* msg, uint32_t msg_len, uint32_t c log->debug("Cipher encrypt input: COUNT: %d, Bearer ID: %d, Direction %s\n", count, cfg.bearer_id, - (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? "Downlink" : "Uplink"); + cfg.tx_direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink"); log->debug_hex(msg, msg_len, "Cipher encrypt input msg"); switch (cipher_algo) { case CIPHERING_ALGORITHM_ID_EEA0: break; case CIPHERING_ALGORITHM_ID_128_EEA1: - security_128_eea1(&(k_enc[16]), count, cfg.bearer_id - 1, cfg.direction, msg, msg_len, ct_tmp.msg); + security_128_eea1(&(k_enc[16]), count, cfg.bearer_id - 1, cfg.tx_direction, msg, msg_len, ct_tmp.msg); memcpy(ct, ct_tmp.msg, msg_len); break; case CIPHERING_ALGORITHM_ID_128_EEA2: - security_128_eea2(&(k_enc[16]), count, cfg.bearer_id - 1, cfg.direction, msg, msg_len, ct_tmp.msg); + security_128_eea2(&(k_enc[16]), count, cfg.bearer_id - 1, cfg.tx_direction, msg, msg_len, ct_tmp.msg); memcpy(ct, ct_tmp.msg, msg_len); break; default: @@ -209,7 +204,7 @@ void pdcp_entity_base::cipher_decrypt(uint8_t* ct, uint32_t ct_len, uint32_t cou log->debug("Cipher decrypt input: COUNT: %d, Bearer ID: %d, Direction %s\n", count, cfg.bearer_id, - (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? "Downlink" : "Uplink"); + (cfg.rx_direction == SECURITY_DIRECTION_DOWNLINK) ? "Downlink" : "Uplink"); log->debug_hex(ct, ct_len, "Cipher decrypt input msg"); switch(cipher_algo) @@ -217,25 +212,11 @@ void pdcp_entity_base::cipher_decrypt(uint8_t* ct, uint32_t ct_len, uint32_t cou case CIPHERING_ALGORITHM_ID_EEA0: break; case CIPHERING_ALGORITHM_ID_128_EEA1: - security_128_eea1(&(k_enc[16]), - count, - cfg.bearer_id - 1, - (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) - : (SECURITY_DIRECTION_DOWNLINK), - ct, - ct_len, - msg_tmp.msg); + security_128_eea1(&k_enc[16], count, cfg.bearer_id - 1, cfg.rx_direction, ct, ct_len, msg_tmp.msg); memcpy(msg, msg_tmp.msg, ct_len); break; case CIPHERING_ALGORITHM_ID_128_EEA2: - security_128_eea2(&(k_enc[16]), - count, - cfg.bearer_id - 1, - (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) - : (SECURITY_DIRECTION_DOWNLINK), - ct, - ct_len, - msg_tmp.msg); + security_128_eea2(&k_enc[16], count, cfg.bearer_id - 1, cfg.rx_direction, ct, ct_len, msg_tmp.msg); memcpy(msg, msg_tmp.msg, ct_len); break; default: diff --git a/lib/test/upper/pdcp_nr_test.cc b/lib/test/upper/pdcp_nr_test.cc index c138fabd7..1082612d1 100644 --- a/lib/test/upper/pdcp_nr_test.cc +++ b/lib/test/upper/pdcp_nr_test.cc @@ -107,7 +107,7 @@ private: int test_tx_basic(srslte::byte_buffer_pool* pool, srslte::log* log) { srslte::pdcp_entity_nr pdcp; - srslte::srslte_pdcp_config_t cfg = {1, srslte::PDCP_RB_IS_DRB, SECURITY_DIRECTION_UPLINK, srslte::PDCP_SN_LEN_12}; + srslte::srslte_pdcp_config_t cfg = {1, srslte::PDCP_RB_IS_DRB, SECURITY_DIRECTION_UPLINK, SECURITY_DIRECTION_DOWNLINK, srslte::PDCP_SN_LEN_12}; rlc_dummy rlc(log); rrc_dummy rrc(log); @@ -149,11 +149,11 @@ int test_tx_basic(srslte::byte_buffer_pool* pool, srslte::log* log) bool test_rx_basic(srslte::byte_buffer_pool* pool, srslte::log* log) { srslte::pdcp_entity_nr pdcp; - srslte::srslte_pdcp_config_t cfg = {1, srslte::PDCP_RB_IS_DRB, SECURITY_DIRECTION_UPLINK, srslte::PDCP_SN_LEN_12}; + srslte::srslte_pdcp_config_t cfg = {1, srslte::PDCP_RB_IS_DRB, SECURITY_DIRECTION_DOWNLINK, SECURITY_DIRECTION_UPLINK, srslte::PDCP_SN_LEN_12}; rlc_dummy rlc(log); rrc_dummy rrc(log); - gw_dummy gw(log); + gw_dummy gw(log); pdcp.init(&rlc, &rrc, &gw, log, 0, cfg); pdcp.config_security(k_enc, k_int, k_enc, k_int, srslte::CIPHERING_ALGORITHM_ID_128_EEA2, srslte::INTEGRITY_ALGORITHM_ID_128_EIA2); diff --git a/srsenb/src/stack/rrc/rrc.cc b/srsenb/src/stack/rrc/rrc.cc index 0c1ede46e..a1476393a 100644 --- a/srsenb/src/stack/rrc/rrc.cc +++ b/srsenb/src/stack/rrc/rrc.cc @@ -194,10 +194,11 @@ void rrc::add_user(uint16_t rnti) if (rnti == SRSLTE_MRNTI) { srslte::srslte_pdcp_config_t cfg = { - .bearer_id = 1, - .rb_type = srslte::PDCP_RB_IS_DRB, - .sn_len = srslte::PDCP_SN_LEN_12, - .direction = SECURITY_DIRECTION_DOWNLINK, + .bearer_id = 1, + .rb_type = srslte::PDCP_RB_IS_DRB, + .tx_direction = SECURITY_DIRECTION_DOWNLINK, + .rx_direction = SECURITY_DIRECTION_UPLINK, + .sn_len = srslte::PDCP_SN_LEN_12, }; uint32_t teid_in = 1; @@ -1531,10 +1532,11 @@ void rrc::ue::send_connection_setup(bool is_setup) parent->rlc->add_bearer(rnti, 1, srslte::rlc_config_t::srb_config(1)); // Configure SRB1 in PDCP - srslte::srslte_pdcp_config_t pdcp_cnfg{.bearer_id = 1, - .rb_type = srslte::PDCP_RB_IS_DRB, - .sn_len = srslte::PDCP_SN_LEN_5, - .direction = SECURITY_DIRECTION_DOWNLINK}; + srslte::srslte_pdcp_config_t pdcp_cnfg{.bearer_id = 1, + .rb_type = srslte::PDCP_RB_IS_DRB, + .tx_direction = SECURITY_DIRECTION_DOWNLINK, + .rx_direction = SECURITY_DIRECTION_UPLINK, + .sn_len = srslte::PDCP_SN_LEN_5}; parent->pdcp->add_bearer(rnti, 1, pdcp_cnfg); // Configure PHY layer @@ -1739,10 +1741,11 @@ void rrc::ue::send_connection_reconf(srslte::unique_byte_buffer_t pdu) parent->rlc->add_bearer(rnti, 2, srslte::rlc_config_t::srb_config(2)); // Configure SRB2 in PDCP - srslte::srslte_pdcp_config_t pdcp_cnfg_srb = {.bearer_id = 2, - .rb_type = srslte::PDCP_RB_IS_SRB, - .direction = SECURITY_DIRECTION_DOWNLINK, - .sn_len = srslte::PDCP_SN_LEN_5}; + srslte::srslte_pdcp_config_t pdcp_cnfg_srb = {.bearer_id = 2, + .rb_type = srslte::PDCP_RB_IS_SRB, + .tx_direction = SECURITY_DIRECTION_DOWNLINK, + .rx_direction = SECURITY_DIRECTION_UPLINK, + .sn_len = srslte::PDCP_SN_LEN_5}; parent->pdcp->add_bearer(rnti, 2, pdcp_cnfg_srb); parent->pdcp->config_security(rnti, 2, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo); parent->pdcp->enable_integrity(rnti, 2); @@ -1752,10 +1755,11 @@ void rrc::ue::send_connection_reconf(srslte::unique_byte_buffer_t pdu) parent->rlc->add_bearer(rnti, 3, srslte::make_rlc_config_t(conn_reconf->rr_cfg_ded.drb_to_add_mod_list[0].rlc_cfg)); // Configure DRB1 in PDCP - srslte::srslte_pdcp_config_t pdcp_cnfg_drb = {.bearer_id = 1, - .rb_type = srslte::PDCP_RB_IS_DRB, - .direction = SECURITY_DIRECTION_DOWNLINK, - .sn_len = srslte::PDCP_SN_LEN_12}; + srslte::srslte_pdcp_config_t pdcp_cnfg_drb = {.bearer_id = 1, + .rb_type = srslte::PDCP_RB_IS_DRB, + .tx_direction = SECURITY_DIRECTION_DOWNLINK, + .rx_direction = SECURITY_DIRECTION_UPLINK, + .sn_len = srslte::PDCP_SN_LEN_12}; if (conn_reconf->rr_cfg_ded.drb_to_add_mod_list[0].pdcp_cfg.rlc_um_present) { if (conn_reconf->rr_cfg_ded.drb_to_add_mod_list[0].pdcp_cfg.rlc_um.pdcp_sn_size.value == pdcp_cfg_s::rlc_um_s_::pdcp_sn_size_e_::len7bits) { @@ -1820,10 +1824,11 @@ void rrc::ue::send_connection_reconf_new_bearer(LIBLTE_S1AP_E_RABTOBESETUPLISTBE // Configure DRB in PDCP srslte::srslte_pdcp_config_t pdcp_config = { - .bearer_id = (uint8_t)(drb_item.drb_id - 1), // TODO: Review all ID mapping LCID DRB ERAB EPSBID Mapping - .rb_type = srslte::PDCP_RB_IS_DRB, - .sn_len = srslte::PDCP_SN_LEN_12, - .direction = SECURITY_DIRECTION_DOWNLINK}; + .bearer_id = (uint8_t)(drb_item.drb_id - 1), // TODO: Review all ID mapping LCID DRB ERAB EPSBID Mapping + .rb_type = srslte::PDCP_RB_IS_DRB, + .tx_direction = SECURITY_DIRECTION_DOWNLINK, + .rx_direction = SECURITY_DIRECTION_UPLINK, + .sn_len = srslte::PDCP_SN_LEN_12}; parent->pdcp->add_bearer(rnti, lcid, pdcp_config); // DRB has already been configured in GTPU through bearer setup diff --git a/srsue/src/stack/rrc/rrc.cc b/srsue/src/stack/rrc/rrc.cc index 67fb7419e..ef3abb921 100644 --- a/srsue/src/stack/rrc/rrc.cc +++ b/srsue/src/stack/rrc/rrc.cc @@ -3147,7 +3147,8 @@ void rrc::add_srb(srb_to_add_mod_s* srb_cnfg) // Setup PDCP srslte_pdcp_config_t pdcp_cfg = {.bearer_id = srb_cnfg->srb_id, .rb_type = PDCP_RB_IS_SRB, - .direction = SECURITY_DIRECTION_DOWNLINK, + .tx_direction = SECURITY_DIRECTION_UPLINK, + .rx_direction = SECURITY_DIRECTION_DOWNLINK, .sn_len = PDCP_SN_LEN_5}; pdcp->add_bearer(srb_cnfg->srb_id, pdcp_cfg); if (RB_ID_SRB2 == srb_cnfg->srb_id) { @@ -3223,7 +3224,8 @@ void rrc::add_drb(drb_to_add_mod_s* drb_cnfg) // Setup PDCP srslte_pdcp_config_t pdcp_cfg = {.bearer_id = drb_cnfg->drb_id, .rb_type = PDCP_RB_IS_DRB, - .direction = SECURITY_DIRECTION_DOWNLINK, + .tx_direction = SECURITY_DIRECTION_UPLINK, + .rx_direction = SECURITY_DIRECTION_DOWNLINK, .sn_len = PDCP_SN_LEN_12}; if (drb_cnfg->pdcp_cfg.rlc_um_present) { if (drb_cnfg->pdcp_cfg.rlc_um.pdcp_sn_size == pdcp_cfg_s::rlc_um_s_::pdcp_sn_size_e_::len7bits) {