UE Authentication refactor

8681c20d · aligungr · 77507ca2 · 8681c20d · 8681c20d · 8681c20d
Commit 8681c20d authored Apr 26, 2021 by aligungr
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 10 deletions

src/ue/nas/mm/auth.cpp src/ue/nas/mm/auth.cpp +9 -9

src/ue/nas/mm/security.cpp src/ue/nas/mm/security.cpp +1 -1

src/ue/nas/usim.cpp src/ue/nas/usim.cpp +2 -0

No files found.
--- a/src/ue/nas/mm/auth.cpp
+++ b/src/ue/nas/mm/auth.cpp
@@ -223,7 +223,7 @@ void NasMm::receiveAuthenticationRequestEap(const nas::AuthenticationRequest &ms
 void NasMm::receiveAuthenticationRequest5gAka(const nas::AuthenticationRequest &msg)
 {
    auto sendFailure = [this](nas::EMmCause cause) {
-        m_logger->err("Rejecting Authentication Request with cause: %s", nas::utils::EnumToString(cause));
+        m_logger->err("Sending Authentication Failure with cause [%s]", nas::utils::EnumToString(cause));
        nas::AuthenticationFailure resp{};
        resp.mmCause.value = cause;
        sendNasMessage(resp);
@@ -384,6 +384,13 @@ EAutnValidationRes NasMm::validateAutn(const OctetString &ak, const OctetString
    OctetString receivedAMF = autn.subCopy(6, 2);
    OctetString receivedMAC = autn.subCopy(8, 8);

+    // Verify that the received sequence number SQN is in the correct range
+    if (!checkSqn(receivedSQN))
+    {
+        m_logger->debug("AUTN validation SQN not acceptable");
+        return EAutnValidationRes::SYNCHRONISATION_FAILURE;
+    }
+
    // Check MAC
    if (receivedMAC != mac)
    {
@@ -400,17 +407,10 @@ EAutnValidationRes NasMm::validateAutn(const OctetString &ak, const OctetString
        return EAutnValidationRes::AMF_SEPARATION_BIT_FAILURE;
    }

-    // Verify that the received sequence number SQN is in the correct range
-    if (!checkSqn(receivedSQN))
-    {
-        m_logger->err("AUTN validation SQN not acceptable");
-        return EAutnValidationRes::SYNCHRONISATION_FAILURE;
-    }
-
    return EAutnValidationRes::OK;
 }

-bool NasMm::checkSqn(const OctetString &)
+bool NasMm::checkSqn(const OctetString &sqn)
 {
    // TODO:
    //  Verify the freshness of sequence numbers to determine whether the specified sequence number is

--- a/src/ue/nas/mm/security.cpp
+++ b/src/ue/nas/mm/security.cpp
@@ -59,7 +59,7 @@ void NasMm::receiveSecurityModeCommand(const nas::SecurityModeCommand &msg)
        nas::SecurityModeReject resp;
        resp.mmCause.value = cause;
        sendNasMessage(resp);
-        m_logger->err("Rejecting Security Mode Command with cause: %s", nas::utils::EnumToString(cause));
+        m_logger->err("Rejecting Security Mode Command with cause [%s]", nas::utils::EnumToString(cause));
    };

    // ============================== Check the received ngKSI ==============================

--- a/src/ue/nas/usim.cpp
+++ b/src/ue/nas/usim.cpp
@@ -19,6 +19,8 @@ void ue::Usim::initialize(bool hasSupi, const UeConfig::Initials &initials)

    m_defConfiguredNssai = initials.defaultConfiguredNssai;
    m_configuredNssai = initials.configuredNssai;
+
+    m_sqn = OctetString::FromSpare(6);
 }

 bool Usim::isValid()