Security type header fixed for De-registration request

0221f426 · aligungr · 2f18caeb · 0221f426 · 0221f426 · 0221f426
Commit 0221f426 authored Dec 02, 2021 by aligungr
Hide whitespace changes
Inline Side-by-side

Showing with 22 additions and 21 deletions

src/ue/nas/enc.cpp src/ue/nas/enc.cpp +17 -16

src/ue/nas/enc.hpp src/ue/nas/enc.hpp +1 -1

src/ue/nas/mm/messaging.cpp src/ue/nas/mm/messaging.cpp +4 -4

No files found.
--- a/src/ue/nas/enc.cpp
+++ b/src/ue/nas/enc.cpp
@@ -15,25 +15,25 @@ namespace nr::ue::nas_enc
 {

 static nas::ESecurityHeaderType MakeSecurityHeaderType(const NasSecurityContext &ctx, nas::EMessageType msgType,
-                                                       bool bypassCiphering)
+                                                       bool noCipheredHeader)
 {
-    auto &encKey = ctx.keys.kNasEnc;
-    auto &intKey = ctx.keys.kNasInt;
-
-    bool ciphered = !bypassCiphering && encKey.length() > 0;
-    bool integrityProtected = intKey.length() > 0;
-
-    if (!ciphered && !integrityProtected)
-        return nas::ESecurityHeaderType::NOT_PROTECTED;
-
    if (msgType == nas::EMessageType::SECURITY_MODE_COMPLETE)
        return nas::ESecurityHeaderType::INTEGRITY_PROTECTED_AND_CIPHERED_WITH_NEW_SECURITY_CONTEXT;

    if (msgType == nas::EMessageType::SECURITY_MODE_COMMAND)
        return nas::ESecurityHeaderType::INTEGRITY_PROTECTED_WITH_NEW_SECURITY_CONTEXT;

-    return ciphered ? nas::ESecurityHeaderType::INTEGRITY_PROTECTED_AND_CIPHERED
-                    : nas::ESecurityHeaderType::INTEGRITY_PROTECTED;
+    auto &intKey = ctx.keys.kNasInt;
+    auto &encKey = ctx.keys.kNasEnc;
+
+    bool integrityProtected = intKey.length() > 0;
+    bool ciphered = encKey.length() > 0;
+
+    if (!integrityProtected)
+        return nas::ESecurityHeaderType::NOT_PROTECTED;
+    if (!ciphered || noCipheredHeader)
+        return nas::ESecurityHeaderType::INTEGRITY_PROTECTED;
+    return nas::ESecurityHeaderType::INTEGRITY_PROTECTED_AND_CIPHERED;
 }

 static OctetString EncryptData(nas::ETypeOfCipheringAlgorithm alg, const NasCount &count, bool is3gppAccess,
@@ -65,7 +65,8 @@ static OctetString EncryptData(nas::ETypeOfCipheringAlgorithm alg, const NasCoun
 }

 static std::unique_ptr<nas::SecuredMmMessage> Encrypt(NasSecurityContext &ctx, OctetString &&plainNasMessage,
-                                                      nas::EMessageType msgType, bool bypassCiphering)
+                                                      nas::EMessageType msgType, bool bypassCiphering,
+                                                      bool noCipheredHeader)
 {
    auto count = ctx.uplinkCount;
    auto is3gppAccess = ctx.is3gppAccess;
@@ -80,7 +81,7 @@ static std::unique_ptr<nas::SecuredMmMessage> Encrypt(NasSecurityContext &ctx, O

    auto secured = std::make_unique<nas::SecuredMmMessage>();
    secured->epd = nas::EExtendedProtocolDiscriminator::MOBILITY_MANAGEMENT_MESSAGES;
-    secured->sht = MakeSecurityHeaderType(ctx, msgType, bypassCiphering);
+    secured->sht = MakeSecurityHeaderType(ctx, msgType, noCipheredHeader);
    secured->messageAuthenticationCode = octet4{mac};
    secured->sequenceNumber = count.sqn;
    secured->plainNasMessage = std::move(encryptedData);
@@ -123,14 +124,14 @@ static OctetString DecryptData(nas::ETypeOfCipheringAlgorithm alg, const NasCoun
 }

 std::unique_ptr<nas::SecuredMmMessage> Encrypt(NasSecurityContext &ctx, const nas::PlainMmMessage &msg,
-                                               bool bypassCiphering)
+                                               bool bypassCiphering, bool noCipheredHeader)
 {
    nas::EMessageType msgType = msg.messageType;

    OctetString stream;
    nas::EncodeNasMessage(msg, stream);

-    return Encrypt(ctx, std::move(stream), msgType, bypassCiphering);
+    return Encrypt(ctx, std::move(stream), msgType, bypassCiphering, noCipheredHeader);
 }

 std::unique_ptr<nas::NasMessage> Decrypt(NasSecurityContext &ctx, const nas::SecuredMmMessage &msg)

--- a/src/ue/nas/enc.hpp
+++ b/src/ue/nas/enc.hpp
@@ -15,7 +15,7 @@ namespace nr::ue::nas_enc
 {

 std::unique_ptr<nas::SecuredMmMessage> Encrypt(NasSecurityContext &ctx, const nas::PlainMmMessage &msg,
-                                               bool bypassCiphering);
+                                               bool bypassCiphering, bool noCipheredHeader);
 std::unique_ptr<nas::NasMessage> Decrypt(NasSecurityContext &ctx, const nas::SecuredMmMessage &msg);

 uint32_t ComputeMac(nas::ETypeOfIntegrityProtectionAlgorithm alg, NasCount count, bool is3gppAccess, bool isUplink,

--- a/src/ue/nas/mm/messaging.cpp
+++ b/src/ue/nas/mm/messaging.cpp
@@ -147,23 +147,23 @@ EProcRc NasMm::sendNasMessage(const nas::PlainMmMessage &msg)
                auto copy = nas::utils::DeepCopyMsg(msg);
                RemoveCleartextIEs((nas::PlainMmMessage &)*copy, std::move(originalPdu));

-                auto copySecured = nas_enc::Encrypt(*m_usim->m_currentNsCtx, (nas::PlainMmMessage &)*copy, true);
+                auto copySecured = nas_enc::Encrypt(*m_usim->m_currentNsCtx, (nas::PlainMmMessage &)*copy, true, true);
                nas::EncodeNasMessage(*copySecured, pdu);
            }
            else
            {
-                auto secured = nas_enc::Encrypt(*m_usim->m_currentNsCtx, msg, true);
+                auto secured = nas_enc::Encrypt(*m_usim->m_currentNsCtx, msg, true, false);
                nas::EncodeNasMessage(*secured, pdu);
            }
        }
        else if (msg.messageType == nas::EMessageType::DEREGISTRATION_REQUEST_UE_ORIGINATING)
        {
-            auto secured = nas_enc::Encrypt(*m_usim->m_currentNsCtx, msg, true);
+            auto secured = nas_enc::Encrypt(*m_usim->m_currentNsCtx, msg, true, false);
            nas::EncodeNasMessage(*secured, pdu);
        }
        else
        {
-            auto secured = nas_enc::Encrypt(*m_usim->m_currentNsCtx, msg, false);
+            auto secured = nas_enc::Encrypt(*m_usim->m_currentNsCtx, msg, false, false);
            nas::EncodeNasMessage(*secured, pdu);
        }
    }