Merge branch 'master' of http://git.opensource5g.org/openxg/amf

src/amf-app/amf_n1.cpp

@@ -950,6 +950,7 @@ void amf_n1::registration_request_handle(bool isNasSig,
   }
   nc.get()->ueSecurityCapEnc = encrypt_alg;
   nc.get()->ueSecurityCapInt = integrity_alg;
+  nc.get()->ueSecurityCaplen = regReq->ie_ue_security_capability->getLenght();
 
   // Get Requested NSSAI (Optional IE), if provided
   std::vector<SNSSAI_t> requestedNssai = {};
@@ -2001,6 +2002,12 @@ bool amf_n1::start_security_mode_control_procedure(
   smc->setngKSI(NAS_KEY_SET_IDENTIFIER_NATIVE, nc.get()->ngKsi & 0x07);
   smc->setUE_Security_Capability(nc.get()->ueSecurityCapEnc,
                                  nc.get()->ueSecurityCapInt);
+  if (smc->ie_ue_security_capability != NULL) {
+    smc->ie_ue_security_capability->setLenght(nc.get()->ueSecurityCaplen);
+  } else {
+    Logger::amf_n1().error("smc->ie_ue_security_capability is NULL");
+  }
+
   smc->setIMEISV_Request(0xe1);
   smc->setAdditional_5G_Security_Information(true, false);
   uint8_t buffer[1024];
@@ -2309,12 +2316,14 @@ bool amf_n1::nas_message_integrity_protected(nas_secu_ctx *nsc,
                                              int input_nas_len,
                                              uint32_t &mac32) {
   uint32_t count = 0x00000000;
-  if (direction)
+  if (direction) {
     count = 0x00000000 | ((nsc->dl_count.overflow & 0x0000ffff) << 8) |
             ((nsc->dl_count.seq_num & 0x000000ff));
-  else
+  } else {
+    Logger::amf_n1().debug("nsc->ul_count.overflow %x", nsc->ul_count.overflow);
     count = 0x00000000 | ((nsc->ul_count.overflow & 0x0000ffff) << 8) |
             ((nsc->ul_count.seq_num & 0x000000ff));
+  }
   nas_stream_cipher_t stream_cipher = {0};
   uint8_t mac[4];
   stream_cipher.key = nsc->knas_int;
@@ -2322,6 +2331,7 @@ bool amf_n1::nas_message_integrity_protected(nas_secu_ctx *nsc,
                AUTH_KNAS_INT_SIZE);
   stream_cipher.key_length = AUTH_KNAS_INT_SIZE;
   stream_cipher.count = *(input_nas);
+  stream_cipher.bearer = 0x01;
   // stream_cipher.count = count;
   if (!direction) {
     nsc->ul_count.seq_num = stream_cipher.count;
@@ -2391,8 +2401,19 @@ bool amf_n1::nas_message_cipher_protected(nas_secu_ctx *nsc, uint8_t direction,
   } break;
   case EA1_128_5G: {
     Logger::amf_n1().debug("Cipher protected with EA1_128_5G");
-    nas_algorithms::nas_stream_encrypt_nea1(&stream_cipher,
-                                            (uint8_t *)bdata(output_nas));
+    Logger::amf_n1().debug("stream_cipher.blength %d", stream_cipher.blength);
+    Logger::amf_n1().debug("stream_cipher.message %x",
+                           stream_cipher.message[0]);
+    print_buffer("amf_n1", "stream_cipher.key ", stream_cipher.key, 16);
+    Logger::amf_n1().debug("stream_cipher.count %x", stream_cipher.count);
+
+    uint8_t *ciphered =
+        (uint8_t *)malloc(((stream_cipher.blength + 31) / 32) * 4);
+
+    nas_algorithms::nas_stream_encrypt_nea1(&stream_cipher, ciphered);
+    output_nas = blk2bstr(ciphered, ((stream_cipher.blength + 31) / 32) * 4);
+    // output_nas = blk2bstr(ciphered, blength(input_nas));
+    free(ciphered);
   } break;
   case EA2_128_5G: {
     Logger::amf_n1().debug("Cipher protected with EA2_128_5G");
@@ -2471,7 +2492,8 @@ void amf_n1::ue_initiate_de_registration_handle(uint32_t ran_ue_ngap_id,
     Logger::amf_n1().debug("5G Mobile Identity, GUTI %s",
                            deregReq->get_5g_guti().c_str());
   } break;
-  default: {}
+  default: {
+  }
   }
 
   // Prepare DeregistrationAccept

src/contexts/nas_context.cpp

@@ -42,6 +42,7 @@ nas_context::nas_context() {
   is_common_procedure_for_security_mode_control_running = false;
   is_common_procedure_for_nas_transport_running         = false;
   auts                                                  = NULL;
+  ueSecurityCaplen = 0;
 }
 
 //------------------------------------------------------------------------------

src/contexts/nas_context.hpp

@@ -73,6 +73,7 @@ class nas_context {
   // mobility identity: imsi, supi, 5g-guti, etc
   std::string imsi;
   uint8_t mmCapability;
+  uint8_t ueSecurityCaplen;
   uint8_t ueSecurityCapEnc;
   uint8_t ueSecurityCapInt;
   std::vector<nas::SNSSAI_t> requestedNssai;

src/nas/ies/UESecurityCapability.cpp

@@ -31,9 +31,7 @@
 using namespace nas;
 
 //------------------------------------------------------------------------------
-UESecurityCapability::UESecurityCapability(uint8_t iei) {
-  _iei = iei;
-}
+UESecurityCapability::UESecurityCapability(uint8_t iei) { _iei = iei; }
 
 //------------------------------------------------------------------------------
 UESecurityCapability::UESecurityCapability() {}
@@ -42,36 +40,43 @@ UESecurityCapability::UESecurityCapability() {}
 UESecurityCapability::~UESecurityCapability() {}
 
 //------------------------------------------------------------------------------
-UESecurityCapability::UESecurityCapability(
-    const uint8_t iei, uint8_t _5gg_EASel, uint8_t _5gg_IASel) {
-  _iei      = iei;
+UESecurityCapability::UESecurityCapability(const uint8_t iei,
+                                           uint8_t _5gg_EASel,
+                                           uint8_t _5gg_IASel) {
+  _iei = iei;
   _5g_EASel = _5gg_EASel;
   _5g_IASel = _5gg_IASel;
-  length    = 4;
+  length = 2;
 }
 
 //------------------------------------------------------------------------------
-void UESecurityCapability::setEASel(uint8_t sel) {
-  _5g_EASel = sel;
-}
+void UESecurityCapability::setEASel(uint8_t sel) { _5g_EASel = sel; }
 
 //------------------------------------------------------------------------------
-void UESecurityCapability::setIASel(uint8_t sel) {
-  _5g_IASel = sel;
-}
+void UESecurityCapability::setIASel(uint8_t sel) { _5g_IASel = sel; }
 
 //------------------------------------------------------------------------------
-uint8_t UESecurityCapability::getEASel() {
-  return _5g_EASel;
-}
+uint8_t UESecurityCapability::getEASel() { return _5g_EASel; }
+
+//------------------------------------------------------------------------------
+uint8_t UESecurityCapability::getIASel() { return _5g_IASel; }
 
 //------------------------------------------------------------------------------
-uint8_t UESecurityCapability::getIASel() {
-  return _5g_IASel;
+void UESecurityCapability::setLenght(uint8_t len) {
+  if ((len > 0) && (len <= 4)) {
+    length = len;
+  } else {
+    Logger::nas_mm().debug("Set UESecurityCapability Lenght faile %d", len);
+    Logger::nas_mm().debug(
+        "UESecurityCapability Lenght is set to the default value %d", length);
+  }
 }
 
 //------------------------------------------------------------------------------
-int UESecurityCapability::encode2buffer(uint8_t* buf, int len) {
+uint8_t UESecurityCapability::getLenght() { return length; }
+
+//------------------------------------------------------------------------------
+int UESecurityCapability::encode2buffer(uint8_t *buf, int len) {
   Logger::nas_mm().debug("Encoding UESecurityCapability IEI 0x%x", _iei);
   if (len < length) {
     Logger::nas_mm().error("len is less than %d", length);
@@ -81,27 +86,40 @@ int UESecurityCapability::encode2buffer(uint8_t* buf, int len) {
   if (_iei) {
     *(buf + encoded_size) = _iei;
     encoded_size++;
-    *(buf + encoded_size) = length - 2;
+    *(buf + encoded_size) = length;
     encoded_size++;
     *(buf + encoded_size) = _5g_EASel;
     encoded_size++;
     *(buf + encoded_size) = _5g_IASel;
     encoded_size++;
+    if (length == 4) {
+      *(buf + encoded_size) = 0xf0;
+      encoded_size++;
+      *(buf + encoded_size) = 0xf0;
+      encoded_size++;
+    }
+
   } else {
-    *(buf + encoded_size) = length - 2;
+    *(buf + encoded_size) = length;
     encoded_size++;
     *(buf + encoded_size) = _5g_EASel;
     encoded_size++;
     *(buf + encoded_size) = _5g_IASel;
     encoded_size++;
+    if (length == 4) {
+      *(buf + encoded_size) = 0xf0;
+      encoded_size++;
+      *(buf + encoded_size) = 0xf0;
+      encoded_size++;
+    }
   }
   Logger::nas_mm().debug("encoded UESecurityCapability (len %d)", encoded_size);
   return encoded_size;
 }
 
 //------------------------------------------------------------------------------
-int UESecurityCapability::decodefrombuffer(
-    uint8_t* buf, int len, bool is_option) {
+int UESecurityCapability::decodefrombuffer(uint8_t *buf, int len,
+                                           bool is_option) {
   Logger::nas_mm().debug("Decoding UESecurityCapability IEI 0x%x", *buf);
   int decoded_size = 0;
   if (is_option) {
@@ -112,10 +130,10 @@ int UESecurityCapability::decodefrombuffer(
   _5g_EASel = *(buf + decoded_size);
   decoded_size++;
   _5g_IASel = *(buf + decoded_size);
-  decoded_size ++;
-  if(length == 4)
-    decoded_size += 2;//to do: decoding EEA EIA
-  Logger::nas_mm().debug(
-      "UESecurityCapability EA 0x%d,IA 0x%d", _5g_EASel, _5g_IASel);
+  decoded_size++;
+  if (length == 4)
+    decoded_size += 2; // to do: decoding EEA EIA
+  Logger::nas_mm().debug("UESecurityCapability EA 0x%d,IA 0x%d", _5g_EASel,
+                         _5g_IASel);
   return decoded_size;
 }

src/nas/ies/UESecurityCapability.hpp

@@ -34,26 +34,28 @@
 namespace nas {
 
 class UESecurityCapability {
- public:
+public:
   UESecurityCapability(uint8_t iei);
   UESecurityCapability();
   ~UESecurityCapability();
-  UESecurityCapability(
-      const uint8_t iei, uint8_t _5gg_EASel, uint8_t _5gg_IASel);
+  UESecurityCapability(const uint8_t iei, uint8_t _5gg_EASel,
+                       uint8_t _5gg_IASel);
   void setEASel(uint8_t sel);
   void setIASel(uint8_t sel);
   uint8_t getEASel();
   uint8_t getIASel();
-  int encode2buffer(uint8_t* buf, int len);
-  int decodefrombuffer(uint8_t* buf, int len, bool is_option);
+  void setLenght(uint8_t len);
+  uint8_t getLenght();
+  int encode2buffer(uint8_t *buf, int len);
+  int decodefrombuffer(uint8_t *buf, int len, bool is_option);
 
- private:
+private:
   uint8_t _iei;
   uint8_t length;
   uint8_t _5g_EASel;
   uint8_t _5g_IASel;
 };
 
-}  // namespace nas
+} // namespace nas
 
 #endif