User Plane key in configuration interface

master
David Rupprecht 6 years ago committed by Andre Puschmann
parent d7d461fb8c
commit eb3a83ac45

@ -200,6 +200,7 @@ public:
uint32_t lcid, uint32_t lcid,
uint8_t *k_rrc_enc_, uint8_t *k_rrc_enc_,
uint8_t *k_rrc_int_, uint8_t *k_rrc_int_,
uint8_t *k_up_enc_,
srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_, srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0; srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0;
}; };

@ -244,12 +244,14 @@ public:
virtual void add_bearer(uint32_t lcid, srslte::srslte_pdcp_config_t cnfg = srslte::srslte_pdcp_config_t()) = 0; virtual void add_bearer(uint32_t lcid, srslte::srslte_pdcp_config_t cnfg = srslte::srslte_pdcp_config_t()) = 0;
virtual void change_lcid(uint32_t old_lcid, uint32_t new_lcid) = 0; virtual void change_lcid(uint32_t old_lcid, uint32_t new_lcid) = 0;
virtual void config_security(uint32_t lcid, virtual void config_security(uint32_t lcid,
uint8_t *k_enc_, uint8_t *k_rrc_enc_,
uint8_t *k_int_, uint8_t *k_rrc_int_,
uint8_t *k_up_enc_,
srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_, srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0; srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0;
virtual void config_security_all(uint8_t *k_enc_, virtual void config_security_all(uint8_t *k_rrc_enc_,
uint8_t *k_int_, uint8_t *k_rrc_int_,
uint8_t *k_up_enc_,
srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_, srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0; srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0;
virtual void enable_integrity(uint32_t lcid) = 0; virtual void enable_integrity(uint32_t lcid) = 0;

@ -63,12 +63,14 @@ public:
void del_bearer(uint32_t lcid); void del_bearer(uint32_t lcid);
void change_lcid(uint32_t old_lcid, uint32_t new_lcid); void change_lcid(uint32_t old_lcid, uint32_t new_lcid);
void config_security(uint32_t lcid, void config_security(uint32_t lcid,
uint8_t *k_enc, uint8_t *k_rrc_enc,
uint8_t *k_int, uint8_t *k_rrc_int,
uint8_t *k_up_enc,
CIPHERING_ALGORITHM_ID_ENUM cipher_algo, CIPHERING_ALGORITHM_ID_ENUM cipher_algo,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo); INTEGRITY_ALGORITHM_ID_ENUM integ_algo);
void config_security_all(uint8_t *k_enc, void config_security_all(uint8_t *k_rrc_enc,
uint8_t *k_int, uint8_t *k_rrc_int,
uint8_t *k_up_enc,
CIPHERING_ALGORITHM_ID_ENUM cipher_algo, CIPHERING_ALGORITHM_ID_ENUM cipher_algo,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo); INTEGRITY_ALGORITHM_ID_ENUM integ_algo);
void enable_integrity(uint32_t lcid); void enable_integrity(uint32_t lcid);

@ -78,8 +78,9 @@ public:
// RRC interface // RRC interface
void write_sdu(byte_buffer_t *sdu, bool blocking); void write_sdu(byte_buffer_t *sdu, bool blocking);
void config_security(uint8_t *k_enc_, void config_security(uint8_t *k_rrc_enc_,
uint8_t *k_int_, uint8_t *k_rrc_int_,
uint8_t *k_up_enc_,
CIPHERING_ALGORITHM_ID_ENUM cipher_algo_, CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo_); INTEGRITY_ALGORITHM_ID_ENUM integ_algo_);
void enable_integrity(); void enable_integrity();
@ -107,8 +108,9 @@ private:
uint32_t rx_count; uint32_t rx_count;
uint32_t tx_count; uint32_t tx_count;
uint8_t k_enc[32]; uint8_t k_rrc_enc[32];
uint8_t k_int[32]; uint8_t k_rrc_int[32];
uint8_t k_up_enc[32];
CIPHERING_ALGORITHM_ID_ENUM cipher_algo; CIPHERING_ALGORITHM_ID_ENUM cipher_algo;
INTEGRITY_ALGORITHM_ID_ENUM integ_algo; INTEGRITY_ALGORITHM_ID_ENUM integ_algo;

@ -56,8 +56,9 @@ public:
// RRC interface // RRC interface
virtual void write_sdu(byte_buffer_t *sdu, bool blocking) = 0; virtual void write_sdu(byte_buffer_t *sdu, bool blocking) = 0;
virtual void config_security(uint8_t *k_enc_, virtual void config_security(uint8_t *k_rrc_enc_,
uint8_t *k_int_, uint8_t *k_rrc_int_,
uint8_t *k_up_enc_,
CIPHERING_ALGORITHM_ID_ENUM cipher_algo_, CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0; INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) = 0;
virtual void enable_integrity() = 0; virtual void enable_integrity() = 0;

@ -216,26 +216,25 @@ exit:
} }
void pdcp::config_security(uint32_t lcid, void pdcp::config_security(uint32_t lcid,
uint8_t *k_enc, uint8_t *k_rrc_enc,
uint8_t *k_int, uint8_t *k_rrc_int,
uint8_t *k_up_enc,
CIPHERING_ALGORITHM_ID_ENUM cipher_algo, CIPHERING_ALGORITHM_ID_ENUM cipher_algo,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo) INTEGRITY_ALGORITHM_ID_ENUM integ_algo)
{ {
pthread_rwlock_rdlock(&rwlock); pthread_rwlock_rdlock(&rwlock);
if (valid_lcid(lcid)) { if (valid_lcid(lcid)) {
pdcp_array.at(lcid)->config_security(k_enc, k_int, cipher_algo, integ_algo); pdcp_array.at(lcid)->config_security(k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
} }
pthread_rwlock_unlock(&rwlock); pthread_rwlock_unlock(&rwlock);
} }
void pdcp::config_security_all(uint8_t *k_enc, void pdcp::config_security_all(uint8_t* k_rrc_enc, uint8_t* k_rrc_int, uint8_t* k_up_enc,
uint8_t *k_int, CIPHERING_ALGORITHM_ID_ENUM cipher_algo, INTEGRITY_ALGORITHM_ID_ENUM integ_algo)
CIPHERING_ALGORITHM_ID_ENUM cipher_algo,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo)
{ {
pthread_rwlock_rdlock(&rwlock); pthread_rwlock_rdlock(&rwlock);
for (pdcp_map_t::iterator it = pdcp_array.begin(); it != pdcp_array.end(); ++it) { for (pdcp_map_t::iterator it = pdcp_array.begin(); it != pdcp_array.end(); ++it) {
it->second->config_security(k_enc, k_int, cipher_algo, integ_algo); it->second->config_security(k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
} }
pthread_rwlock_unlock(&rwlock); pthread_rwlock_unlock(&rwlock);
} }

@ -157,15 +157,17 @@ void pdcp_entity::write_sdu(byte_buffer_t *sdu, bool blocking)
rlc->write_sdu(lcid, sdu, blocking); rlc->write_sdu(lcid, sdu, blocking);
} }
void pdcp_entity::config_security(uint8_t *k_enc_, void pdcp_entity::config_security(uint8_t *k_rrc_enc_,
uint8_t *k_int_, uint8_t *k_rrc_int_,
uint8_t *k_up_enc_,
CIPHERING_ALGORITHM_ID_ENUM cipher_algo_, CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) INTEGRITY_ALGORITHM_ID_ENUM integ_algo_)
{ {
for(int i=0; i<32; i++) for(int i=0; i<32; i++)
{ {
k_enc[i] = k_enc_[i]; k_rrc_enc[i] = k_rrc_enc_[i];
k_int[i] = k_int_[i]; k_rrc_int[i] = k_rrc_int_[i];
k_up_enc[i] = k_up_enc_[i];
} }
cipher_algo = cipher_algo_; cipher_algo = cipher_algo_;
integ_algo = integ_algo_; integ_algo = integ_algo_;
@ -255,7 +257,7 @@ void pdcp_entity::integrity_generate( uint8_t *msg,
case INTEGRITY_ALGORITHM_ID_EIA0: case INTEGRITY_ALGORITHM_ID_EIA0:
break; break;
case INTEGRITY_ALGORITHM_ID_128_EIA1: case INTEGRITY_ALGORITHM_ID_128_EIA1:
security_128_eia1(&k_int[16], security_128_eia1(&k_rrc_int[16],
tx_count, tx_count,
cfg.bearer_id - 1, cfg.bearer_id - 1,
cfg.direction, cfg.direction,
@ -264,7 +266,7 @@ void pdcp_entity::integrity_generate( uint8_t *msg,
mac); mac);
break; break;
case INTEGRITY_ALGORITHM_ID_128_EIA2: case INTEGRITY_ALGORITHM_ID_128_EIA2:
security_128_eia2(&k_int[16], security_128_eia2(&k_rrc_int[16],
tx_count, tx_count,
cfg.bearer_id - 1, cfg.bearer_id - 1,
cfg.direction, cfg.direction,
@ -277,7 +279,7 @@ void pdcp_entity::integrity_generate( uint8_t *msg,
} }
log->debug("Integrity gen input:\n"); log->debug("Integrity gen input:\n");
log->debug_hex(&k_int[16], 16, " K_int"); log->debug_hex(&k_rrc_int[16], 16, " K_rrc_int");
log->debug(" Local count: %d\n", tx_count); log->debug(" Local count: %d\n", tx_count);
log->debug(" Bearer ID: %d\n", cfg.bearer_id); log->debug(" Bearer ID: %d\n", cfg.bearer_id);
log->debug(" Direction: %s\n", (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? "Downlink" : "Uplink"); log->debug(" Direction: %s\n", (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? "Downlink" : "Uplink");
@ -299,7 +301,7 @@ bool pdcp_entity::integrity_verify(uint8_t *msg,
case INTEGRITY_ALGORITHM_ID_EIA0: case INTEGRITY_ALGORITHM_ID_EIA0:
break; break;
case INTEGRITY_ALGORITHM_ID_128_EIA1: case INTEGRITY_ALGORITHM_ID_128_EIA1:
security_128_eia1(&k_int[16], security_128_eia1(&k_rrc_int[16],
count, count,
cfg.bearer_id - 1, cfg.bearer_id - 1,
(cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) : (SECURITY_DIRECTION_DOWNLINK), (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) : (SECURITY_DIRECTION_DOWNLINK),
@ -308,7 +310,7 @@ bool pdcp_entity::integrity_verify(uint8_t *msg,
mac_exp); mac_exp);
break; break;
case INTEGRITY_ALGORITHM_ID_128_EIA2: case INTEGRITY_ALGORITHM_ID_128_EIA2:
security_128_eia2(&k_int[16], security_128_eia2(&k_rrc_int[16],
count, count,
cfg.bearer_id - 1, cfg.bearer_id - 1,
(cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) : (SECURITY_DIRECTION_DOWNLINK), (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? (SECURITY_DIRECTION_UPLINK) : (SECURITY_DIRECTION_DOWNLINK),
@ -321,7 +323,7 @@ bool pdcp_entity::integrity_verify(uint8_t *msg,
} }
log->debug("Integrity check input:\n"); log->debug("Integrity check input:\n");
log->debug_hex(&k_int[16], 16, " K_int"); log->debug_hex(&k_rrc_int[16], 16, " K_rrc_int");
log->debug(" Local count: %d\n", count); log->debug(" Local count: %d\n", count);
log->debug(" Bearer ID: %d\n", cfg.bearer_id); log->debug(" Bearer ID: %d\n", cfg.bearer_id);
log->debug(" Direction: %s\n", (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? "Uplink" : "Downlink"); log->debug(" Direction: %s\n", (cfg.direction == SECURITY_DIRECTION_DOWNLINK) ? "Uplink" : "Downlink");
@ -357,6 +359,15 @@ void pdcp_entity::cipher_encrypt(uint8_t *msg,
uint8_t *ct) uint8_t *ct)
{ {
byte_buffer_t ct_tmp; byte_buffer_t ct_tmp;
uint8_t *k_enc;
// If control plane use RRC encrytion key. If data use user plane key
if (cfg.is_control) {
k_enc = k_rrc_enc;
} else {
k_enc = k_up_enc;
}
switch(cipher_algo) switch(cipher_algo)
{ {
case CIPHERING_ALGORITHM_ID_EEA0: case CIPHERING_ALGORITHM_ID_EEA0:
@ -392,6 +403,14 @@ void pdcp_entity::cipher_decrypt(uint8_t *ct,
uint8_t *msg) uint8_t *msg)
{ {
byte_buffer_t msg_tmp; byte_buffer_t msg_tmp;
uint8_t *k_enc;
// If control plane use RRC encrytion key. If data use user plane key
if (cfg.is_control) {
k_enc = k_rrc_enc;
} else {
k_enc = k_up_enc;
}
switch(cipher_algo) switch(cipher_algo)
{ {
case CIPHERING_ALGORITHM_ID_EEA0: case CIPHERING_ALGORITHM_ID_EEA0:

@ -57,6 +57,7 @@ public:
uint32_t lcid, uint32_t lcid,
uint8_t *k_rrc_enc_, uint8_t *k_rrc_enc_,
uint8_t *k_rrc_int_, uint8_t *k_rrc_int_,
uint8_t *k_up_enc_,
srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_, srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_); srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_);

@ -110,13 +110,13 @@ void pdcp::reset(uint16_t rnti)
pthread_rwlock_unlock(&rwlock); pthread_rwlock_unlock(&rwlock);
} }
void pdcp::config_security(uint16_t rnti, uint32_t lcid, uint8_t* k_rrc_enc_, uint8_t* k_rrc_int_, void pdcp::config_security(uint16_t rnti, uint32_t lcid, uint8_t* k_rrc_enc_, uint8_t* k_rrc_int_, uint8_t* k_up_enc_,
srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_, srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo_,
srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_) srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo_)
{ {
pthread_rwlock_rdlock(&rwlock); pthread_rwlock_rdlock(&rwlock);
if (users.count(rnti)) { if (users.count(rnti)) {
users[rnti].pdcp->config_security(lcid, k_rrc_enc_, k_rrc_int_, cipher_algo_, integ_algo_); users[rnti].pdcp->config_security(lcid, k_rrc_enc_, k_rrc_int_, k_up_enc_, cipher_algo_, integ_algo_);
users[rnti].pdcp->enable_integrity(lcid); users[rnti].pdcp->enable_integrity(lcid);
users[rnti].pdcp->enable_encryption(lcid); users[rnti].pdcp->enable_encryption(lcid);
} }

@ -804,7 +804,7 @@ void rrc::configure_security(uint16_t rnti,
srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo) srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo)
{ {
// TODO: add k_up_enc, k_up_int support to PDCP // TODO: add k_up_enc, k_up_int support to PDCP
pdcp->config_security(rnti, lcid, k_rrc_enc, k_rrc_int, cipher_algo, integ_algo); pdcp->config_security(rnti, lcid, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
} }
/******************************************************************************* /*******************************************************************************

@ -1576,7 +1576,7 @@ bool rrc::ho_prepare()
usim->generate_as_keys_ho(mob_ctrl_info->target_pci, phy->get_current_earfcn(), ncc, k_rrc_enc, k_rrc_int, k_up_enc, usim->generate_as_keys_ho(mob_ctrl_info->target_pci, phy->get_current_earfcn(), ncc, k_rrc_enc, k_rrc_int, k_up_enc,
k_up_int, cipher_algo, integ_algo); k_up_int, cipher_algo, integ_algo);
pdcp->config_security_all(k_rrc_enc, k_rrc_int, cipher_algo, integ_algo); pdcp->config_security_all(k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
send_rrc_con_reconfig_complete(); send_rrc_con_reconfig_complete();
} }
return true; return true;
@ -2160,7 +2160,7 @@ void rrc::parse_dl_dcch(uint32_t lcid, byte_buffer_t* pdu)
security_is_activated = true; security_is_activated = true;
// Configure PDCP for security // Configure PDCP for security
pdcp->config_security(lcid, k_rrc_enc, k_rrc_int, cipher_algo, integ_algo); pdcp->config_security(lcid, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
pdcp->enable_integrity(lcid); pdcp->enable_integrity(lcid);
send_security_mode_complete(); send_security_mode_complete();
pdcp->enable_encryption(lcid); pdcp->enable_encryption(lcid);
@ -2678,7 +2678,7 @@ void rrc::add_srb(srb_to_add_mod_s* srb_cnfg)
pdcp_cfg.bearer_id = srb_cnfg->srb_id; pdcp_cfg.bearer_id = srb_cnfg->srb_id;
pdcp->add_bearer(srb_cnfg->srb_id, pdcp_cfg); pdcp->add_bearer(srb_cnfg->srb_id, pdcp_cfg);
if(RB_ID_SRB2 == srb_cnfg->srb_id) { if(RB_ID_SRB2 == srb_cnfg->srb_id) {
pdcp->config_security(srb_cnfg->srb_id, k_rrc_enc, k_rrc_int, cipher_algo, integ_algo); pdcp->config_security(srb_cnfg->srb_id, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
pdcp->enable_integrity(srb_cnfg->srb_id); pdcp->enable_integrity(srb_cnfg->srb_id);
pdcp->enable_encryption(srb_cnfg->srb_id); pdcp->enable_encryption(srb_cnfg->srb_id);
} }
@ -2747,7 +2747,7 @@ void rrc::add_drb(drb_to_add_mod_s* drb_cnfg)
} }
} }
pdcp->add_bearer(lcid, pdcp_cfg); pdcp->add_bearer(lcid, pdcp_cfg);
pdcp->config_security(lcid, k_up_enc, k_up_int, cipher_algo, integ_algo); pdcp->config_security(lcid, k_rrc_enc, k_rrc_int, k_up_enc, cipher_algo, integ_algo);
pdcp->enable_encryption(lcid); pdcp->enable_encryption(lcid);
// Setup RLC // Setup RLC

Loading…
Cancel
Save