Security mode command procedure improvement

2944a009 · aligungr · 1e368383 · 2944a009 · 2944a009
Commit 2944a009 authored Apr 25, 2021 by aligungr
Show whitespace changes
Inline Side-by-side

Showing with 23 additions and 8 deletions

src/ue/nas/keys.hpp src/ue/nas/keys.hpp +5 -0

src/ue/nas/mm/security.cpp src/ue/nas/mm/security.cpp +18 -8

No files found.
--- a/src/ue/nas/keys.hpp
+++ b/src/ue/nas/keys.hpp
@@ -28,6 +28,11 @@ void DeriveNasKeys(NasSecurityContext &securityContext);
 */
 std::string ConstructServingNetworkName(const Plmn &plmn);
+/**
+ * Derives kAMF to kAMF' in mobility 33.501/A.13
+ */
+OctetString DeriveAmfPrimeInMobility(bool isUplink, const NasCount &count, const OctetString &kAmf);
 /**
 * Calculates K_AUSF for 5G-AKA according to given parameters as specified in 3GPP TS 33.501 Annex A.2
 */

--- a/src/ue/nas/mm/security.cpp
+++ b/src/ue/nas/mm/security.cpp
@@ -135,6 +135,9 @@ void NasMm::receiveSecurityModeCommand(const nas::SecurityModeCommand &msg)
    // ======================== Check the integrity with new security context ========================
    bool clearNasCount = false;
+    bool horizontalDeriveNeeded =
+        msg.additional5gSecurityInformation.has_value() &&
+        msg.additional5gSecurityInformation->hdp == nas::EHorizontalDerivationParameter::REQUIRED;
    if (msg.selectedNasSecurityAlgorithms.integrity != nas::ETypeOfIntegrityProtectionAlgorithm::IA0)
    {
@@ -142,10 +145,15 @@ void NasMm::receiveSecurityModeCommand(const nas::SecurityModeCommand &msg)
        tmpCtx.integrity = msg.selectedNasSecurityAlgorithms.integrity;
        tmpCtx.ciphering = msg.selectedNasSecurityAlgorithms.ciphering;
+        // Before deriving the keys for temporary NAS security context, concern the horizontal derivation case
+        //  Because 33.501/6.9.3 says integrity check should be performed with the new key
+        if (horizontalDeriveNeeded)
+            tmpCtx.keys.kAmf = keys::DeriveAmfPrimeInMobility(true, tmpCtx.uplinkCount, tmpCtx.keys.kAmf);
        keys::DeriveNasKeys(tmpCtx);
-        uint32_t calculatedMac =
+        uint32_t calculatedMac = nas_enc::ComputeMac(tmpCtx.integrity, tmpCtx.downlinkCount, tmpCtx.is3gppAccess, false,
-            nr::ue::nas_enc::ComputeMac(tmpCtx.integrity, tmpCtx.downlinkCount, tmpCtx.is3gppAccess, false,
                                                     tmpCtx.keys.kNasInt, msg._originalPlainNasPdu);
        // First check with the last estimated NAS COUNT
@@ -156,8 +164,8 @@ void NasMm::receiveSecurityModeCommand(const nas::SecurityModeCommand &msg)
            tmpCtx.downlinkCount = {}; // assign NAS COUNT=0
-            calculatedMac = nr::ue::nas_enc::ComputeMac(tmpCtx.integrity, tmpCtx.downlinkCount, tmpCtx.is3gppAccess,
+            calculatedMac = nas_enc::ComputeMac(tmpCtx.integrity, tmpCtx.downlinkCount, tmpCtx.is3gppAccess, false,
-                                                        false, tmpCtx.keys.kNasInt, msg._originalPlainNasPdu);
+                                                tmpCtx.keys.kNasInt, msg._originalPlainNasPdu);
            if (calculatedMac != static_cast<uint32_t>(msg._macForNewSC))
            {
@@ -189,10 +197,12 @@ void NasMm::receiveSecurityModeCommand(const nas::SecurityModeCommand &msg)
        nsCtx->keys.abba = msg.abba->rawData.copy();
    // Handle horizontal derivation
-    if (msg.additional5gSecurityInformation.has_value() &&
+    if (horizontalDeriveNeeded)
-        msg.additional5gSecurityInformation->hdp == nas::EHorizontalDerivationParameter::REQUIRED)
    {
-        // TODO
+        m_logger->debug("Performing kAMF' derivation from kAMF in mobility");
+        nsCtx->keys.kAmf = keys::DeriveAmfPrimeInMobility(true, nsCtx->uplinkCount, nsCtx->keys.kAmf);
+        nsCtx->uplinkCount = {};
+        nsCtx->downlinkCount = {};
    }
    // Assign selected algorithms to security context, and derive NAS keys