diff --git a/srsue/hdr/stack/upper/nas.h b/srsue/hdr/stack/upper/nas.h index 40fb15aff..ec28d3c0c 100644 --- a/srsue/hdr/stack/upper/nas.h +++ b/srsue/hdr/stack/upper/nas.h @@ -66,6 +66,31 @@ protected: // PCAP srslte::nas_pcap* pcap = nullptr; + + // Security context + uint8_t k_nas_enc[32] = { }; + uint8_t k_nas_int[32] = { }; + + struct nas_sec_ctxt { + uint8_t ksi; + uint8_t k_asme[32]; + uint32_t tx_count; + uint32_t rx_count; + uint32_t k_enb_count; + srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo; + srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo; + LIBLTE_MME_EPS_MOBILE_ID_GUTI_STRUCT guti; + } ctxt = { }; + + void integrity_generate(uint8_t* key_128, uint32_t count, uint8_t direction, + uint8_t* msg, uint32_t msg_len, uint8_t* mac); + bool integrity_check(srslte::byte_buffer_t* pdu); + + void cipher_encrypt(srslte::byte_buffer_t* pdu); + void cipher_decrypt(srslte::byte_buffer_t* pdu); + + void set_k_enb_count(uint32_t count); + uint32_t get_k_enb_count(); }; class nas : public nas_base @@ -83,7 +108,6 @@ public: bool paging(srslte::s_tmsi_t* ue_identity) override; void set_barring(srslte::barring_t barring) override; void write_pdu(uint32_t lcid, srslte::unique_byte_buffer_t pdu) override; - uint32_t get_k_enb_count() override; bool is_attached() override; bool get_k_asme(uint8_t* k_asme_, uint32_t n) override; uint32_t get_ipv4_addr() override; @@ -113,18 +137,6 @@ private: std::vector known_plmns; - // Security context - struct nas_sec_ctxt { - uint8_t ksi; - uint8_t k_asme[32]; - uint32_t tx_count; - uint32_t rx_count; - uint32_t k_enb_count; - srslte::CIPHERING_ALGORITHM_ID_ENUM cipher_algo; - srslte::INTEGRITY_ALGORITHM_ID_ENUM integ_algo; - LIBLTE_MME_EPS_MOBILE_ID_GUTI_STRUCT guti; - }; - typedef enum { DEFAULT_EPS_BEARER = 0, DEDICATED_EPS_BEARER } eps_bearer_type_t; typedef struct { @@ -139,7 +151,6 @@ private: bool have_guti = false; bool have_ctxt = false; - nas_sec_ctxt ctxt = {}; bool auth_request = false; uint8_t current_sec_hdr = LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS; @@ -175,8 +186,6 @@ private: // Security bool eia_caps[8] = {}; bool eea_caps[8] = {}; - uint8_t k_nas_enc[32] = {}; - uint8_t k_nas_int[32] = {}; // Airplane mode simulation typedef enum { DISABLED = 0, ENABLED } airplane_mode_state_t; @@ -187,16 +196,9 @@ private: bool running = false; - void - integrity_generate(uint8_t* key_128, uint32_t count, uint8_t direction, uint8_t* msg, uint32_t msg_len, uint8_t* mac); - bool integrity_check(srslte::byte_buffer_t* pdu); - void cipher_encrypt(srslte::byte_buffer_t* pdu); - void cipher_decrypt(srslte::byte_buffer_t* pdu); int apply_security_config(srslte::unique_byte_buffer_t& pdu, uint8_t sec_hdr_type); void reset_security_context(); - void set_k_enb_count(uint32_t count); - bool check_cap_replay(LIBLTE_MME_UE_SECURITY_CAPABILITIES_STRUCT* caps); void select_plmn(); diff --git a/srsue/hdr/stack/upper/nas_ext.h b/srsue/hdr/stack/upper/nas_ext.h index cb20575d9..78b0bbd0c 100644 --- a/srsue/hdr/stack/upper/nas_ext.h +++ b/srsue/hdr/stack/upper/nas_ext.h @@ -58,7 +58,6 @@ public: bool paging(srslte::s_tmsi_t* ue_identity); void set_barring(srslte::barring_t barring); void write_pdu(uint32_t lcid, srslte::unique_byte_buffer_t pdu); - uint32_t get_k_enb_count(); bool is_attached(); bool get_k_asme(uint8_t* k_asme_, uint32_t n); uint32_t get_ipv4_addr(); diff --git a/srsue/src/stack/upper/nas.cc b/srsue/src/stack/upper/nas.cc index e55909657..f16f8ca2f 100644 --- a/srsue/src/stack/upper/nas.cc +++ b/srsue/src/stack/upper/nas.cc @@ -713,14 +713,14 @@ void nas::write_pdu(uint32_t lcid, unique_byte_buffer_t pdu) } } -void nas::set_k_enb_count(uint32_t count) +void nas_base::set_k_enb_count(uint32_t count) { // UL count for RRC key derivation depends on UL Count of the Attach Request or Service Request. // On the case of an Authentication Request, the UL count used to generate K_enb must be reset to zero. ctxt.k_enb_count = count; } -uint32_t nas::get_k_enb_count() +uint32_t nas_base::get_k_enb_count() { return ctxt.k_enb_count; } @@ -768,12 +768,12 @@ void nas_base::start_pcap(srslte::nas_pcap* pcap_) * Security ******************************************************************************/ -void nas::integrity_generate(uint8_t* key_128, - uint32_t count, - uint8_t direction, - uint8_t* msg, - uint32_t msg_len, - uint8_t* mac) +void nas_base::integrity_generate(uint8_t* key_128, + uint32_t count, + uint8_t direction, + uint8_t* msg, + uint32_t msg_len, + uint8_t* mac) { switch (ctxt.integ_algo) { case INTEGRITY_ALGORITHM_ID_EIA0: @@ -812,7 +812,7 @@ void nas::integrity_generate(uint8_t* key_128, // This function depends to a valid k_nas_int. // This key is generated in the security mode command. -bool nas::integrity_check(byte_buffer_t* pdu) +bool nas_base::integrity_check(byte_buffer_t* pdu) { if (pdu == nullptr) { nas_log->error("Invalid PDU\n"); @@ -866,7 +866,7 @@ bool nas::integrity_check(byte_buffer_t* pdu) } } -void nas::cipher_encrypt(byte_buffer_t* pdu) +void nas_base::cipher_encrypt(byte_buffer_t* pdu) { byte_buffer_t pdu_tmp; switch (ctxt.cipher_algo) { @@ -908,7 +908,7 @@ void nas::cipher_encrypt(byte_buffer_t* pdu) } } -void nas::cipher_decrypt(byte_buffer_t* pdu) +void nas_base::cipher_decrypt(byte_buffer_t* pdu) { byte_buffer_t tmp_pdu; switch (ctxt.cipher_algo) { diff --git a/srsue/src/stack/upper/nas_ext.cc b/srsue/src/stack/upper/nas_ext.cc index 47c56ab2e..2d29aca5f 100644 --- a/srsue/src/stack/upper/nas_ext.cc +++ b/srsue/src/stack/upper/nas_ext.cc @@ -387,12 +387,6 @@ void nas_ext::write_pdu(uint32_t lcid, srslte::unique_byte_buffer_t pdu) iface->write(msg); } -uint32_t nas_ext::get_k_enb_count() -{ - // FIXME: we probably need to maintain a security context - return 0; // return a dummy value for now -} - bool nas_ext::is_attached() { // FIXME: we probably need to maintain the state