Commit 093de6df authored by Lionel Gauthier's avatar Lionel Gauthier

Security algorithms selection

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@5623 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 56458e72
...@@ -257,6 +257,9 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config, ...@@ -257,6 +257,9 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config,
int mme_api_get_emm_config(mme_api_emm_config_t *config) int mme_api_get_emm_config(mme_api_emm_config_t *config)
#endif #endif
{ {
#if defined(EPC_BUILD)
int i;
#endif
LOG_FUNC_IN; LOG_FUNC_IN;
config->gummei.plmn.MCCdigit1 = 2; config->gummei.plmn.MCCdigit1 = 2;
...@@ -275,6 +278,10 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config) ...@@ -275,6 +278,10 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config)
if (mme_config_p->unauthenticated_imsi_supported != 0) { if (mme_config_p->unauthenticated_imsi_supported != 0) {
config->features |= MME_API_UNAUTHENTICATED_IMSI; config->features |= MME_API_UNAUTHENTICATED_IMSI;
} }
for (i = 0 ; i < 8; i++) {
config->prefered_integrity_algorithm[i] = mme_config_p->nas_config.prefered_integrity_algorithm[i];
config->prefered_ciphering_algorithm[i] = mme_config_p->nas_config.prefered_ciphering_algorithm[i];
}
#else #else
config->features = MME_API_EMERGENCY_ATTACH | MME_API_UNAUTHENTICATED_IMSI; config->features = MME_API_EMERGENCY_ATTACH | MME_API_UNAUTHENTICATED_IMSI;
#endif #endif
......
...@@ -89,6 +89,8 @@ typedef enum mme_api_ip_version_e { ...@@ -89,6 +89,8 @@ typedef enum mme_api_ip_version_e {
typedef struct mme_api_emm_config_s { typedef struct mme_api_emm_config_s {
mme_api_feature_t features; /* Supported features */ mme_api_feature_t features; /* Supported features */
gummei_t gummei; /* EPS Globally Unique MME Identity */ gummei_t gummei; /* EPS Globally Unique MME Identity */
uint8_t prefered_integrity_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EIA0, etc
uint8_t prefered_ciphering_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EEA0, etc
} mme_api_emm_config_t; } mme_api_emm_config_t;
/* /*
......
...@@ -382,6 +382,7 @@ int nas_message_decode( ...@@ -382,6 +382,7 @@ int nas_message_decode(
LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT); LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT);
} }
else if (size > 1) { else if (size > 1) {
if (emm_security_context) {
#if defined(NAS_MME) #if defined(NAS_MME)
if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) { if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) {
emm_security_context->ul_count.overflow += 1; emm_security_context->ul_count.overflow += 1;
...@@ -394,6 +395,7 @@ int nas_message_decode( ...@@ -394,6 +395,7 @@ int nas_message_decode(
} }
emm_security_context->dl_count.seq_num = msg->header.sequence_number; emm_security_context->dl_count.seq_num = msg->header.sequence_number;
#endif #endif
}
/* Compute offset of the sequence number field */ /* Compute offset of the sequence number field */
int offset = size - sizeof(UInt8_t); int offset = size - sizeof(UInt8_t);
/* Compute the NAS message authentication code */ /* Compute the NAS message authentication code */
......
...@@ -1128,35 +1128,32 @@ static int _security_select_algorithms( ...@@ -1128,35 +1128,32 @@ static int _security_select_algorithms(
LOG_FUNC_IN; LOG_FUNC_IN;
int rc = RETURNerror; int rc = RETURNerror;
int preference_index;
/* TODO work with loaded preferences from config file */
if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA1)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA1");
*mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA1;
} else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA2)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA2");
*mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA2;
} else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA0)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA0");
*mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0; *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0;
} else {
LOG_FUNC_RETURN (rc);
}
if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA0)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA0");
*mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0; *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0;
} else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA1)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA1"); for (preference_index = 0; preference_index < 8; preference_index++) {
*mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA1; if (ue_eiaP & (0x80 >> _emm_data.conf.prefered_integrity_algorithm[preference_index])) {
} else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA2)) { LOG_TRACE(DEBUG,
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA2"); "Selected NAS_SECURITY_ALGORITHMS_EIA%d (choice num %d)",
*mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA2; _emm_data.conf.prefered_integrity_algorithm[preference_index],
} else { preference_index);
LOG_FUNC_RETURN (rc); *mme_eiaP = _emm_data.conf.prefered_integrity_algorithm[preference_index];
break;
}
} }
for (preference_index = 0; preference_index < 8; preference_index++) {
if (ue_eeaP & (0x80 >> _emm_data.conf.prefered_ciphering_algorithm[preference_index])) {
LOG_TRACE(DEBUG,
"Selected NAS_SECURITY_ALGORITHMS_EEA%d (choice num %d)",
_emm_data.conf.prefered_ciphering_algorithm[preference_index],
preference_index);
*mme_eeaP = _emm_data.conf.prefered_ciphering_algorithm[preference_index];
break;
}
}
LOG_FUNC_RETURN (RETURNok); LOG_FUNC_RETURN (RETURNok);
} }
......
...@@ -331,6 +331,52 @@ static int config_parse_file(mme_config_t *mme_config_p) ...@@ -331,6 +331,52 @@ static int config_parse_file(mme_config_t *mme_config_p)
free(cidr); free(cidr);
} }
} }
// NAS SETTING
setting = config_setting_get_member (setting_mme, MME_CONFIG_STRING_NAS_CONFIG);
if (setting != NULL) {
subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST);
if (subsetting != NULL) {
num = config_setting_length(subsetting);
if (num <= 8) {
for (i = 0; i < num; i++) {
astring = config_setting_get_string_elem(subsetting, i);
if (strcmp("EIA0", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA1", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA1;
else if (strcmp("EIA2", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA2;
else if (strcmp("EIA3", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA4", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA5", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA6", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA7", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
}
for (i = num; i < 8; i++) {
mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
}
}
}
subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST);
if (subsetting != NULL) {
num = config_setting_length(subsetting);
if (num <= 8) {
for (i = 0; i < num; i++) {
astring = config_setting_get_string_elem(subsetting, i);
if (strcmp("EEA0", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA1", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA1;
else if (strcmp("EEA2", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA2;
else if (strcmp("EEA3", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA4", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA5", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA6", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA7", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
}
for (i = num; i < 8; i++) {
mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
}
}
}
}
} }
setting = config_lookup(&cfg, SGW_CONFIG_STRING_SGW_CONFIG); setting = config_lookup(&cfg, SGW_CONFIG_STRING_SGW_CONFIG);
......
...@@ -76,6 +76,25 @@ ...@@ -76,6 +76,25 @@
#define MME_CONFIG_STRING_ASN1_VERBOSITY_ANNOYING "annoying" #define MME_CONFIG_STRING_ASN1_VERBOSITY_ANNOYING "annoying"
#define MME_CONFIG_STRING_ASN1_VERBOSITY_INFO "info" #define MME_CONFIG_STRING_ASN1_VERBOSITY_INFO "info"
#define MME_CONFIG_STRING_NAS_CONFIG "NAS"
#define MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST "ORDERED_SUPPORTED_INTEGRITY_ALGORITHM_LIST"
#define MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST "ORDERED_SUPPORTED_CIPHERING_ALGORITHM_LIST"
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA0 0b000
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA1 0b001
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA2 0b010
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA3 0b011
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA4 0b100
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA5 0b101
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA6 0b110
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA7 0b111
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA0 0b000
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA1 0b001
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA2 0b010
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA3 0b011
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA4 0b100
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA5 0b101
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA6 0b110
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA7 0b111
typedef struct mme_config_s { typedef struct mme_config_s {
/* Reader/writer lock for this configuration */ /* Reader/writer lock for this configuration */
...@@ -140,6 +159,12 @@ typedef struct mme_config_s { ...@@ -140,6 +159,12 @@ typedef struct mme_config_s {
uint32_t queue_size; uint32_t queue_size;
char *log_file; char *log_file;
} itti_config; } itti_config;
struct {
uint8_t prefered_integrity_algorithm[8];
uint8_t prefered_ciphering_algorithm[8];
} nas_config;
} mme_config_t; } mme_config_t;
extern mme_config_t mme_config; extern mme_config_t mme_config;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment