Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
U
UERANSIM
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Libraries
UERANSIM
Commits
2944a009
Commit
2944a009
authored
Apr 25, 2021
by
aligungr
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Security mode command procedure improvement
parent
1e368383
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
23 additions
and
8 deletions
+23
-8
src/ue/nas/keys.hpp
src/ue/nas/keys.hpp
+5
-0
src/ue/nas/mm/security.cpp
src/ue/nas/mm/security.cpp
+18
-8
No files found.
src/ue/nas/keys.hpp
View file @
2944a009
...
...
@@ -28,6 +28,11 @@ void DeriveNasKeys(NasSecurityContext &securityContext);
*/
std
::
string
ConstructServingNetworkName
(
const
Plmn
&
plmn
);
/**
* Derives kAMF to kAMF' in mobility 33.501/A.13
*/
OctetString
DeriveAmfPrimeInMobility
(
bool
isUplink
,
const
NasCount
&
count
,
const
OctetString
&
kAmf
);
/**
* Calculates K_AUSF for 5G-AKA according to given parameters as specified in 3GPP TS 33.501 Annex A.2
*/
...
...
src/ue/nas/mm/security.cpp
View file @
2944a009
...
...
@@ -135,6 +135,9 @@ void NasMm::receiveSecurityModeCommand(const nas::SecurityModeCommand &msg)
// ======================== Check the integrity with new security context ========================
bool
clearNasCount
=
false
;
bool
horizontalDeriveNeeded
=
msg
.
additional5gSecurityInformation
.
has_value
()
&&
msg
.
additional5gSecurityInformation
->
hdp
==
nas
::
EHorizontalDerivationParameter
::
REQUIRED
;
if
(
msg
.
selectedNasSecurityAlgorithms
.
integrity
!=
nas
::
ETypeOfIntegrityProtectionAlgorithm
::
IA0
)
{
...
...
@@ -142,10 +145,15 @@ void NasMm::receiveSecurityModeCommand(const nas::SecurityModeCommand &msg)
tmpCtx
.
integrity
=
msg
.
selectedNasSecurityAlgorithms
.
integrity
;
tmpCtx
.
ciphering
=
msg
.
selectedNasSecurityAlgorithms
.
ciphering
;
// Before deriving the keys for temporary NAS security context, concern the horizontal derivation case
// Because 33.501/6.9.3 says integrity check should be performed with the new key
if
(
horizontalDeriveNeeded
)
tmpCtx
.
keys
.
kAmf
=
keys
::
DeriveAmfPrimeInMobility
(
true
,
tmpCtx
.
uplinkCount
,
tmpCtx
.
keys
.
kAmf
);
keys
::
DeriveNasKeys
(
tmpCtx
);
uint32_t
calculatedMac
=
nr
::
ue
::
nas_enc
::
ComputeMac
(
tmpCtx
.
integrity
,
tmpCtx
.
downlinkCount
,
tmpCtx
.
is3gppAccess
,
false
,
uint32_t
calculatedMac
=
nas_enc
::
ComputeMac
(
tmpCtx
.
integrity
,
tmpCtx
.
downlinkCount
,
tmpCtx
.
is3gppAccess
,
false
,
tmpCtx
.
keys
.
kNasInt
,
msg
.
_originalPlainNasPdu
);
// First check with the last estimated NAS COUNT
...
...
@@ -156,8 +164,8 @@ void NasMm::receiveSecurityModeCommand(const nas::SecurityModeCommand &msg)
tmpCtx
.
downlinkCount
=
{};
// assign NAS COUNT=0
calculatedMac
=
n
r
::
ue
::
nas_enc
::
ComputeMac
(
tmpCtx
.
integrity
,
tmpCtx
.
downlinkCount
,
tmpCtx
.
is3gppAccess
,
false
,
tmpCtx
.
keys
.
kNasInt
,
msg
.
_originalPlainNasPdu
);
calculatedMac
=
n
as_enc
::
ComputeMac
(
tmpCtx
.
integrity
,
tmpCtx
.
downlinkCount
,
tmpCtx
.
is3gppAccess
,
false
,
tmpCtx
.
keys
.
kNasInt
,
msg
.
_originalPlainNasPdu
);
if
(
calculatedMac
!=
static_cast
<
uint32_t
>
(
msg
.
_macForNewSC
))
{
...
...
@@ -189,10 +197,12 @@ void NasMm::receiveSecurityModeCommand(const nas::SecurityModeCommand &msg)
nsCtx
->
keys
.
abba
=
msg
.
abba
->
rawData
.
copy
();
// Handle horizontal derivation
if
(
msg
.
additional5gSecurityInformation
.
has_value
()
&&
msg
.
additional5gSecurityInformation
->
hdp
==
nas
::
EHorizontalDerivationParameter
::
REQUIRED
)
if
(
horizontalDeriveNeeded
)
{
// TODO
m_logger
->
debug
(
"Performing kAMF' derivation from kAMF in mobility"
);
nsCtx
->
keys
.
kAmf
=
keys
::
DeriveAmfPrimeInMobility
(
true
,
nsCtx
->
uplinkCount
,
nsCtx
->
keys
.
kAmf
);
nsCtx
->
uplinkCount
=
{};
nsCtx
->
downlinkCount
=
{};
}
// Assign selected algorithms to security context, and derive NAS keys
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment