Commit 857b1cde authored by aligungr's avatar aligungr

NAS replay protection bug fix

parent 8bf2f54b
......@@ -363,13 +363,18 @@ bool NasMm::checkForReplay(const nas::SecuredMmMessage &msg)
{
int n = static_cast<int>(msg.sequenceNumber);
for (int seq : m_lastNasSequenceNums)
if (m_usim->m_currentNsCtx)
{
auto &lastNasSequenceNums = m_usim->m_currentNsCtx->lastNasSequenceNums;
for (int seq : lastNasSequenceNums)
if (seq == n)
return false;
m_lastNasSequenceNums.push_back(n);
while (m_lastNasSequenceNums.size() > 16)
m_lastNasSequenceNums.pop_front();
lastNasSequenceNums.push_back(n);
while (lastNasSequenceNums.size() > 16)
lastNasSequenceNums.pop_front();
}
return true;
}
......
......@@ -65,8 +65,6 @@ class NasMm
int64_t m_lastTimePlmnSearchFailureLogged{};
// Last time MM state changed
int64_t m_lastTimeMmStateChange{};
// Received NAS sequence numbers for replay protection
std::deque<int> m_lastNasSequenceNums{};
friend class UeCmdHandler;
friend class NasSm;
......
......@@ -423,6 +423,8 @@ struct NasSecurityContext
nas::ETypeOfIntegrityProtectionAlgorithm integrity{};
nas::ETypeOfCipheringAlgorithm ciphering{};
std::deque<int> lastNasSequenceNums{};
void updateDownlinkCount(const NasCount &validatedCount)
{
downlinkCount.overflow = validatedCount.overflow;
......@@ -476,6 +478,7 @@ struct NasSecurityContext
ctx.keys = keys.deepCopy();
ctx.integrity = integrity;
ctx.ciphering = ciphering;
ctx.lastNasSequenceNums = lastNasSequenceNums;
return ctx;
}
};
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment