Commit 35679abc authored by rmagueta's avatar rmagueta

Merge remote-tracking branch 'origin/nr-pdcp-security-w34' into bandwidth-testing-abs

# Conflicts:
#	ci-scripts/conf_files/gnb.band78.sa.fr1.106PRB.usrpn310.conf
#	openair2/LAYER2/nr_pdcp/nr_pdcp_oai_api.c
parents 24ec687a 608579c3
......@@ -270,6 +270,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -259,6 +259,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -276,6 +276,23 @@ security = {
integrity_algorithms = ( "nia0" );
};
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -19,19 +19,19 @@ gNBs =
mcc = 208;
mnc = 97;
mnc_length = 2;
snssaiList = (
{
snssaiList = (
{
sst = 1;
sd = 0x010203; // 0 false, else true
sd = 0x010203; // 0 false, else true
},
{
{
sst = 1;
sd = 0x112233; // 0 false, else true
}
);
});
nr_cellid = 12345678L
nr_cellid = 12345678L
# tr_s_preference = "local_mac"
......@@ -60,9 +60,9 @@ gNBs =
#absoluteFrequencySSB = 620640;
# this is 3300.60 MHz + 53*12*30e-3 MHz = 3319.68
absoluteFrequencySSB = 621312;
# this is 3503.28 MHz + 22*12*30e-3 MHz = 3511.2
# this is 3503.28 MHz + 22*12*30e-3 MHz = 3511.2
#absoluteFrequencySSB = 634080;
# this is 3600.48 MHz
# this is 3600.48 MHz
#absoluteFrequencySSB = 640032;
#dl_frequencyBand = 78;
# this is 3301.68 MHz
......@@ -76,7 +76,7 @@ gNBs =
#scs-SpecificCarrierList
dl_offstToCarrier = 0;
# subcarrierSpacing
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
dl_subcarrierSpacing = 1;
dl_carrierBandwidth = 106;
#initialDownlinkBWP
......@@ -84,7 +84,7 @@ gNBs =
# this is RBstart=0,L=106 (275*(L-1))+RBstart
initialDLBWPlocationAndBandwidth = 28875;
# subcarrierSpacing
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
initialDLBWPsubcarrierSpacing = 1;
#pdcch-ConfigCommon
initialDLBWPcontrolResourceSetZero = 11;
......@@ -103,13 +103,13 @@ gNBs =
#this is SS=1,L=5
initialDLBWPstartSymbolAndLength_1 = 57;
#uplinkConfigCommon
#uplinkConfigCommon
#frequencyInfoUL
ul_frequencyBand = 78;
#scs-SpecificCarrierList
ul_offstToCarrier = 0;
# subcarrierSpacing
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
ul_subcarrierSpacing = 1;
ul_carrierBandwidth = 106;
pMax = 20;
......@@ -117,7 +117,7 @@ gNBs =
#genericParameters
initialULBWPlocationAndBandwidth = 28875;
# subcarrierSpacing
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
initialULBWPsubcarrierSpacing = 1;
#rach-ConfigCommon
#rach-ConfigGeneric
......@@ -150,7 +150,7 @@ gNBs =
prach_RootSequenceIndex_PR = 2;
prach_RootSequenceIndex = 1;
# SCS for msg1, can only be 15 for 30 kHz < 6 GHz, takes precendence over the one derived from prach-ConfigIndex
#
#
msg1_SubcarrierSpacing = 1,
# restrictedSetConfig
# 0=unrestricted, 1=restricted type A, 2=restricted type B
......@@ -187,7 +187,7 @@ gNBs =
ssb_PositionsInBurst_Bitmap = 1;
# ssb_periodicityServingCell
# 0 = ms5, 1=ms10, 2=ms20, 3=ms40, 4=ms80, 5=ms160, 6=spare2, 7=spare1
# 0 = ms5, 1=ms10, 2=ms20, 3=ms40, 4=ms80, 5=ms160, 6=spare2, 7=spare1
ssb_periodicityServingCell = 2;
# dmrs_TypeA_position
......@@ -195,15 +195,15 @@ gNBs =
dmrs_TypeA_Position = 0;
# subcarrierSpacing
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
subcarrierSpacing = 1;
#tdd-UL-DL-ConfigurationCommon
# subcarrierSpacing
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
# 0=kHz15, 1=kHz30, 2=kHz60, 3=kHz120
referenceSubcarrierSpacing = 1;
# pattern1
# pattern1
# dl_UL_TransmissionPeriodicity
# 0=ms0p5, 1=ms0p625, 2=ms1, 3=ms1p25, 4=ms2, 5=ms2p5, 6=ms5, 7=ms10
dl_UL_TransmissionPeriodicity = 6;
......@@ -265,11 +265,11 @@ L1s = (
pusch_proc_threads = 2;
prach_dtx_threshold = 120;
pucch0_dtx_threshold = 150;
}
}
);
RUs = (
{
{
local_rf = "yes"
nb_tx = 2
nb_rx = 2
......@@ -290,7 +290,7 @@ RUs = (
sdr_addrs = "mgmt_addr=192.168.18.240,addr=192.168.10.2,second_addr=192.168.20.2,clock_source=internal,time_source=internal"
}
);
);
THREAD_STRUCT = (
{
......@@ -301,6 +301,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
#fff ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -257,6 +257,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -262,6 +262,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -272,6 +272,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -275,6 +275,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -712,83 +712,86 @@ void RCconfig_nr_macrlc() {
void config_security(gNB_RRC_INST *rrc)
{
paramdef_t logparams_defaults[] = SECURITY_GLOBALPARAMS_DESC;
int ret = config_get(logparams_defaults,
sizeof(logparams_defaults) / sizeof(paramdef_t),
paramdef_t sec_params[] = SECURITY_GLOBALPARAMS_DESC;
int ret = config_get(sec_params,
sizeof(sec_params) / sizeof(paramdef_t),
CONFIG_STRING_SECURITY);
int i;
if (ret < 0) {
LOG_W(RRC, "configuration file does not contain a \"security\" section, applying default parameters (no security)\n");
LOG_W(RRC, "configuration file does not contain a \"security\" section, applying default parameters (nia2 nea0, integrity disabled for DRBs)\n");
rrc->security.ciphering_algorithms[0] = 0; /* nea0 = no ciphering */
rrc->security.ciphering_algorithms_count = 1;
rrc->security.integrity_algorithms[0] = 0; /* nia0 = no integrity */
rrc->security.integrity_algorithms_count = 1;
rrc->security.integrity_algorithms[0] = 2; /* nia2 */
rrc->security.integrity_algorithms[1] = 0; /* nia0 = no integrity, as a fallback (but nia2 should be supported by all UEs) */
rrc->security.integrity_algorithms_count = 2;
rrc->security.do_drb_ciphering = 1; /* even if nea0 let's activate so that we don't generate cipheringDisabled in pdcp_Config */
rrc->security.do_drb_integrity = 0;
return;
}
if (logparams_defaults[SECURITY_CONFIG_CIPHERING_IDX].numelt > 4) {
if (sec_params[SECURITY_CONFIG_CIPHERING_IDX].numelt > 4) {
LOG_E(RRC, "too much ciphering algorithms in section \"security\" of the configuration file, maximum is 4\n");
exit(1);
}
if (logparams_defaults[SECURITY_CONFIG_INTEGRITY_IDX].numelt > 4) {
if (sec_params[SECURITY_CONFIG_INTEGRITY_IDX].numelt > 4) {
LOG_E(RRC, "too much integrity algorithms in section \"security\" of the configuration file, maximum is 4\n");
exit(1);
}
/* get ciphering algorithms */
rrc->security.ciphering_algorithms_count = 0;
for (i = 0; i < logparams_defaults[SECURITY_CONFIG_CIPHERING_IDX].numelt; i++) {
if (!strcmp(logparams_defaults[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i], "nea0")) {
for (i = 0; i < sec_params[SECURITY_CONFIG_CIPHERING_IDX].numelt; i++) {
if (!strcmp(sec_params[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i], "nea0")) {
rrc->security.ciphering_algorithms[rrc->security.ciphering_algorithms_count] = 0;
rrc->security.ciphering_algorithms_count++;
continue;
}
if (!strcmp(logparams_defaults[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i], "nea1")) {
if (!strcmp(sec_params[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i], "nea1")) {
rrc->security.ciphering_algorithms[rrc->security.ciphering_algorithms_count] = 1;
rrc->security.ciphering_algorithms_count++;
continue;
}
if (!strcmp(logparams_defaults[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i], "nea2")) {
if (!strcmp(sec_params[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i], "nea2")) {
rrc->security.ciphering_algorithms[rrc->security.ciphering_algorithms_count] = 2;
rrc->security.ciphering_algorithms_count++;
continue;
}
if (!strcmp(logparams_defaults[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i], "nea3")) {
if (!strcmp(sec_params[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i], "nea3")) {
rrc->security.ciphering_algorithms[rrc->security.ciphering_algorithms_count] = 3;
rrc->security.ciphering_algorithms_count++;
continue;
}
LOG_E(RRC, "unknown ciphering algorithm \"%s\" in section \"security\" of the configuration file\n",
logparams_defaults[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i]);
sec_params[SECURITY_CONFIG_CIPHERING_IDX].strlistptr[i]);
exit(1);
}
/* get integrity algorithms */
rrc->security.integrity_algorithms_count = 0;
for (i = 0; i < logparams_defaults[SECURITY_CONFIG_INTEGRITY_IDX].numelt; i++) {
if (!strcmp(logparams_defaults[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i], "nia0")) {
for (i = 0; i < sec_params[SECURITY_CONFIG_INTEGRITY_IDX].numelt; i++) {
if (!strcmp(sec_params[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i], "nia0")) {
rrc->security.integrity_algorithms[rrc->security.integrity_algorithms_count] = 0;
rrc->security.integrity_algorithms_count++;
continue;
}
if (!strcmp(logparams_defaults[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i], "nia1")) {
if (!strcmp(sec_params[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i], "nia1")) {
rrc->security.integrity_algorithms[rrc->security.integrity_algorithms_count] = 1;
rrc->security.integrity_algorithms_count++;
continue;
}
if (!strcmp(logparams_defaults[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i], "nia2")) {
if (!strcmp(sec_params[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i], "nia2")) {
rrc->security.integrity_algorithms[rrc->security.integrity_algorithms_count] = 2;
rrc->security.integrity_algorithms_count++;
continue;
}
if (!strcmp(logparams_defaults[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i], "nia3")) {
if (!strcmp(sec_params[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i], "nia3")) {
rrc->security.integrity_algorithms[rrc->security.integrity_algorithms_count] = 3;
rrc->security.integrity_algorithms_count++;
continue;
}
LOG_E(RRC, "unknown integrity algorithm \"%s\" in section \"security\" of the configuration file\n",
logparams_defaults[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i]);
sec_params[SECURITY_CONFIG_INTEGRITY_IDX].strlistptr[i]);
exit(1);
}
......@@ -799,9 +802,30 @@ void config_security(gNB_RRC_INST *rrc)
}
if (rrc->security.integrity_algorithms_count == 0) {
LOG_W(RRC, "no preferred integrity algorithm set in configuration file, applying default parameters (no security)\n");
rrc->security.integrity_algorithms[0] = 0; /* nia0 = no integrity */
rrc->security.integrity_algorithms_count = 1;
LOG_W(RRC, "no preferred integrity algorithm set in configuration file, applying default parameters (nia2)\n");
rrc->security.integrity_algorithms[0] = 2; /* nia2 */
rrc->security.integrity_algorithms[1] = 0; /* nia0 = no integrity */
rrc->security.integrity_algorithms_count = 2;
}
if (!strcmp(*sec_params[SECURITY_CONFIG_DO_DRB_CIPHERING_IDX].strptr, "yes")) {
rrc->security.do_drb_ciphering = 1;
} else if (!strcmp(*sec_params[SECURITY_CONFIG_DO_DRB_CIPHERING_IDX].strptr, "no")) {
rrc->security.do_drb_ciphering = 0;
} else {
LOG_E(RRC, "in configuration file, bad drb_ciphering value '%s', only 'yes' and 'no' allowed\n",
*sec_params[SECURITY_CONFIG_DO_DRB_CIPHERING_IDX].strptr);
exit(1);
}
if (!strcmp(*sec_params[SECURITY_CONFIG_DO_DRB_INTEGRITY_IDX].strptr, "yes")) {
rrc->security.do_drb_integrity = 1;
} else if (!strcmp(*sec_params[SECURITY_CONFIG_DO_DRB_INTEGRITY_IDX].strptr, "no")) {
rrc->security.do_drb_integrity = 0;
} else {
LOG_E(RRC, "in configuration file, bad drb_integrity value '%s', only 'yes' and 'no' allowed\n",
*sec_params[SECURITY_CONFIG_DO_DRB_INTEGRITY_IDX].strptr);
exit(1);
}
}
......
......@@ -466,10 +466,12 @@ typedef enum {
/*----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------*/
/* security configuration */
/*----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------*/
#define CONFIG_STRING_SECURITY "security"
#define CONFIG_STRING_SECURITY "security"
#define SECURITY_CONFIG_CIPHERING "ciphering_algorithms"
#define SECURITY_CONFIG_INTEGRITY "integrity_algorithms"
#define SECURITY_CONFIG_CIPHERING "ciphering_algorithms"
#define SECURITY_CONFIG_INTEGRITY "integrity_algorithms"
#define SECURITY_CONFIG_DO_DRB_CIPHERING "drb_ciphering"
#define SECURITY_CONFIG_DO_DRB_INTEGRITY "drb_integrity"
/*----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------*/
/* security configuration */
......@@ -478,10 +480,15 @@ typedef enum {
#define SECURITY_GLOBALPARAMS_DESC { \
{SECURITY_CONFIG_CIPHERING, "preferred ciphering algorithms\n", 0, strlistptr:NULL, defstrlistval:NULL, TYPE_STRINGLIST, 0}, \
{SECURITY_CONFIG_INTEGRITY, "preferred integrity algorithms\n", 0, strlistptr:NULL, defstrlistval:NULL, TYPE_STRINGLIST, 0}, \
{SECURITY_CONFIG_DO_DRB_CIPHERING, "use ciphering for DRBs", 0, strptr:NULL, defstrval:"yes", TYPE_STRING, 0}, \
{SECURITY_CONFIG_DO_DRB_INTEGRITY, "use integrity for DRBs", 0, strptr:NULL, defstrval:"no", TYPE_STRING, 0}, \
}
#define SECURITY_CONFIG_CIPHERING_IDX 0
#define SECURITY_CONFIG_INTEGRITY_IDX 1
#define SECURITY_CONFIG_CIPHERING_IDX 0
#define SECURITY_CONFIG_INTEGRITY_IDX 1
#define SECURITY_CONFIG_DO_DRB_CIPHERING_IDX 2
#define SECURITY_CONFIG_DO_DRB_INTEGRITY_IDX 3
/*----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------*/
#endif
......@@ -102,6 +102,7 @@ static void nr_pdcp_entity_recv_pdu(nr_pdcp_entity_t *entity,
entity->rb_id, rcvd_count, entity->is_gnb ? 0 : 1);
if (memcmp(integrity, buffer + size - integrity_size, 4) != 0) {
LOG_E(PDCP, "discard NR PDU, integrity failed\n");
return;
}
}
......
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#include "nr_pdcp_entity_srb.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void nr_pdcp_entity_srb_recv_pdu(nr_pdcp_entity_t *_entity, char *buffer, int size)
{
nr_pdcp_entity_srb_t *entity = (nr_pdcp_entity_srb_t *)_entity;
if (size < 2) abort();
entity->common.deliver_sdu(entity->common.deliver_sdu_data,
(nr_pdcp_entity_t *)entity, buffer+2, size-6);
}
void nr_pdcp_entity_srb_recv_sdu(nr_pdcp_entity_t *_entity, char *buffer, int size,
int sdu_id)
{
nr_pdcp_entity_srb_t *entity = (nr_pdcp_entity_srb_t *)_entity;
int sn;
char buf[size+6];
sn = entity->common.next_nr_pdcp_tx_sn;
entity->common.next_nr_pdcp_tx_sn++;
if (entity->common.next_nr_pdcp_tx_sn > entity->common.maximum_nr_pdcp_sn) {
entity->common.next_nr_pdcp_tx_sn = 0;
entity->common.tx_hfn++;
}
buf[0] = (sn >> 8) & 0x0f;
buf[1] = sn & 0xff;
memcpy(buf+2, buffer, size);
/* For now use padding for the MAC-I bytes (normally carrying message authentication code)
* which come after the data payload bytes (38.323, section 6.2.2.1) */
for (int i=size+2; i<size+6; i++)
buf[i] = 0x11*(i-size-1);
entity->common.deliver_pdu(entity->common.deliver_pdu_data,
(nr_pdcp_entity_t *)entity, buf, size+6, sdu_id);
}
void nr_pdcp_entity_srb_set_integrity_key(nr_pdcp_entity_t *_entity, char *key)
{
/* nothing to do */
}
void nr_pdcp_entity_srb_delete(nr_pdcp_entity_t *_entity)
{
nr_pdcp_entity_srb_t *entity = (nr_pdcp_entity_srb_t *)_entity;
free(entity);
}
/*
* Licensed to the OpenAirInterface (OAI) Software Alliance under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The OpenAirInterface Software Alliance licenses this file to You under
* the OAI Public License, Version 1.1 (the "License"); you may not use this file
* except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.openairinterface.org/?page_id=698
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*-------------------------------------------------------------------------------
* For more information about the OpenAirInterface (OAI) Software Alliance:
* contact@openairinterface.org
*/
#ifndef _NR_PDCP_ENTITY_SRB_H_
#define _NR_PDCP_ENTITY_SRB_H_
#include "nr_pdcp_entity.h"
typedef struct {
nr_pdcp_entity_t common;
int srb_id;
} nr_pdcp_entity_srb_t;
void nr_pdcp_entity_srb_recv_pdu(nr_pdcp_entity_t *_entity, char *buffer, int size);
void nr_pdcp_entity_srb_recv_sdu(nr_pdcp_entity_t *_entity, char *buffer, int size, int sdu_id);
void nr_pdcp_entity_srb_set_integrity_key(nr_pdcp_entity_t *_entity, char *key);
void nr_pdcp_entity_srb_delete(nr_pdcp_entity_t *_entity);
#endif /* _NR_PDCP_ENTITY_SRB_H_ */
......@@ -737,7 +737,11 @@ void pdcp_run(const protocol_ctxt_t *const ctxt_pP)
}
}
static void add_srb(int is_gnb, int rnti, struct NR_SRB_ToAddMod *s)
static void add_srb(int is_gnb, int rnti, struct NR_SRB_ToAddMod *s,
int ciphering_algorithm,
int integrity_algorithm,
unsigned char *ciphering_key,
unsigned char *integrity_key)
{
nr_pdcp_entity_t *pdcp_srb;
nr_pdcp_ue_t *ue;
......@@ -754,21 +758,14 @@ static void add_srb(int is_gnb, int rnti, struct NR_SRB_ToAddMod *s)
LOG_D(PDCP, "%s:%d:%s: warning SRB %d already exist for ue %d, do nothing\n",
__FILE__, __LINE__, __FUNCTION__, srb_id, rnti);
} else {
if(ue->srb[0] != NULL) {
pdcp_srb = new_nr_pdcp_entity(NR_PDCP_SRB, is_gnb, srb_id,
0, 0, 0, 0, // sdap parameters
deliver_sdu_srb, ue, deliver_pdu_srb, ue,
12, t_Reordering, -1,
ue->srb[0]->ciphering_algorithm, ue->srb[0]->integrity_algorithm,
ue->srb[0]->ciphering_key, ue->srb[0]->integrity_key);
} else {
pdcp_srb = new_nr_pdcp_entity(NR_PDCP_SRB, is_gnb, srb_id,
0, 0, 0, 0, // sdap parameters
deliver_sdu_srb, ue, deliver_pdu_srb, ue,
12, t_Reordering, -1,
0, 0,
NULL, NULL);
}
pdcp_srb = new_nr_pdcp_entity(NR_PDCP_SRB, is_gnb, srb_id,
0, 0, 0, 0, // sdap parameters
deliver_sdu_srb, ue, deliver_pdu_srb, ue,
12, t_Reordering, -1,
ciphering_algorithm,
integrity_algorithm,
ciphering_key,
integrity_key);
nr_pdcp_ue_add_srb_pdcp_entity(ue, srb_id, pdcp_srb);
LOG_D(PDCP, "%s:%d:%s: added srb %d to ue rnti %x\n", __FILE__, __LINE__, __FUNCTION__, srb_id, rnti);
......@@ -790,12 +787,27 @@ static void add_drb_am(int is_gnb, int rnti, struct NR_DRB_ToAddMod *s,
int sn_size_dl = decode_sn_size_dl(*s->pdcp_Config->drb->pdcp_SN_SizeDL);
int discard_timer = decode_discard_timer(*s->pdcp_Config->drb->discardTimer);
int has_integrity;
int has_ciphering;
/* if pdcp_Config->t_Reordering is not present, it means infinity (-1) */
int t_reordering = -1;
if (s->pdcp_Config->t_Reordering != NULL) {
t_reordering = decode_t_reordering(*s->pdcp_Config->t_Reordering);
}
if (s->pdcp_Config->drb != NULL
&& s->pdcp_Config->drb->integrityProtection != NULL)
has_integrity = 1;
else
has_integrity = 0;
if (s->pdcp_Config->ext1 != NULL
&& s->pdcp_Config->ext1->cipheringDisabled != NULL)
has_ciphering = 0;
else
has_ciphering = 1;
if ((!s->cnAssociation) || s->cnAssociation->present == NR_DRB_ToAddMod__cnAssociation_PR_NOTHING) {
LOG_E(PDCP,"%s:%d:%s: fatal, cnAssociation is missing or present is NR_DRB_ToAddMod__cnAssociation_PR_NOTHING\n",__FILE__,__LINE__,__FUNCTION__);
exit(-1);
......@@ -837,15 +849,17 @@ static void add_drb_am(int is_gnb, int rnti, struct NR_DRB_ToAddMod *s,
nr_pdcp_manager_lock(nr_pdcp_ue_manager);
ue = nr_pdcp_manager_get_ue(nr_pdcp_ue_manager, rnti);
if (ue->drb[drb_id-1] != NULL) {
LOG_D(PDCP, "%s:%d:%s: warning DRB %d already exist for ue %d, do nothing\n",
LOG_W(PDCP, "%s:%d:%s: warning DRB %d already exist for ue %d, do nothing\n",
__FILE__, __LINE__, __FUNCTION__, drb_id, rnti);
} else {
pdcp_drb = new_nr_pdcp_entity(NR_PDCP_DRB_AM, is_gnb, drb_id,pdusession_id,has_sdap,
has_sdapULheader,has_sdapDLheader,
deliver_sdu_drb, ue, deliver_pdu_drb, ue,
sn_size_dl, t_reordering, discard_timer,
ciphering_algorithm, integrity_algorithm,
ciphering_key, integrity_key);
has_ciphering ? ciphering_algorithm : 0,
has_integrity ? integrity_algorithm : 0,
has_ciphering ? ciphering_key : NULL,
has_integrity ? integrity_key : NULL);
nr_pdcp_ue_add_drb_pdcp_entity(ue, drb_id, pdcp_drb);
LOG_D(PDCP, "%s:%d:%s: added drb %d to ue rnti %x\n", __FILE__, __LINE__, __FUNCTION__, drb_id, rnti);
......@@ -919,7 +933,9 @@ boolean_t nr_rrc_pdcp_config_asn1_req(
if (srb2add_list != NULL) {
for (i = 0; i < srb2add_list->list.count; i++) {
add_srb(ctxt_pP->enb_flag,rnti, srb2add_list->list.array[i]);
add_srb(ctxt_pP->enb_flag,rnti, srb2add_list->list.array[i],
security_modeP & 0x0f, (security_modeP >> 4) & 0x0f,
kRRCenc, kRRCint);
}
}
......
......@@ -470,6 +470,10 @@ typedef struct {
/* nia0 = 0, nia1 = 1, ... */
int integrity_algorithms[4];
int integrity_algorithms_count;
/* flags to enable/disable ciphering and integrity for DRBs */
int do_drb_ciphering;
int do_drb_integrity;
} nr_security_configuration_t;
//---NR---(completely change)---------------------
......
......@@ -414,7 +414,7 @@ void apply_pdcp_config(rrc_gNB_ue_context_t *const ue_context_pP,
ue_context_pP->ue_context.SRB_configList,
NULL,
NULL,
0xff,
0,
NULL,
NULL,
NULL,
......@@ -465,7 +465,7 @@ rrc_gNB_generate_RRCSetup(
ue_context_pP->ue_context.SRB_configList,
NULL,
NULL,
0xff,
0,
NULL,
NULL,
NULL,
......@@ -945,6 +945,7 @@ rrc_gNB_generate_dedicatedRRCReconfiguration(
)
//-----------------------------------------------------------------------------
{
gNB_RRC_INST *rrc = RC.nrrrc[ctxt_pP->module_id];
NR_DRB_ToAddMod_t *DRB_config = NULL;
NR_SRB_ToAddMod_t *SRB2_config = NULL;
NR_SDAP_Config_t *sdap_config = NULL;
......@@ -1045,6 +1046,17 @@ rrc_gNB_generate_dedicatedRRCReconfiguration(
*DRB_config->pdcp_Config->t_Reordering = NR_PDCP_Config__t_Reordering_ms750;
DRB_config->pdcp_Config->ext1 = NULL;
if (rrc->security.do_drb_integrity) {
DRB_config->pdcp_Config->drb->integrityProtection = calloc(1, sizeof(*DRB_config->pdcp_Config->drb->integrityProtection));
*DRB_config->pdcp_Config->drb->integrityProtection = NR_PDCP_Config__drb__integrityProtection_enabled;
}
if (!rrc->security.do_drb_ciphering) {
DRB_config->pdcp_Config->ext1 = calloc(1, sizeof(*DRB_config->pdcp_Config->ext1));
DRB_config->pdcp_Config->ext1->cipheringDisabled = calloc(1, sizeof(*DRB_config->pdcp_Config->ext1->cipheringDisabled));
*DRB_config->pdcp_Config->ext1->cipheringDisabled = NR_PDCP_Config__ext1__cipheringDisabled_true;
}
// Reference TS23501 Table 5.7.4-1: Standardized 5QI to QoS characteristics mapping
for (qos_flow_index = 0; qos_flow_index < ue_context_pP->ue_context.pduSession[i].param.nb_qos; qos_flow_index++) {
switch (ue_context_pP->ue_context.pduSession[i].param.qos[qos_flow_index].fiveQI) {
......@@ -1283,6 +1295,7 @@ rrc_gNB_process_RRCReconfigurationComplete(
uint8_t *kRRCenc = NULL;
uint8_t *kRRCint = NULL;
uint8_t *kUPenc = NULL;
uint8_t *kUPint = NULL;
NR_DRB_ToAddModList_t *DRB_configList = ue_context_pP->ue_context.DRB_configList2[xid];
NR_SRB_ToAddModList_t *SRB_configList = ue_context_pP->ue_context.SRB_configList2[xid];
NR_DRB_ToReleaseList_t *DRB_Release_configList2 = ue_context_pP->ue_context.DRB_Release_configList2[xid];
......@@ -1293,19 +1306,49 @@ rrc_gNB_process_RRCReconfigurationComplete(
ue_context_pP->ue_context.ue_reestablishment_timer = 0;
#ifndef PHYSIM
uint8_t *k_kdf = NULL;
/* Derive the keys from kgnb */
if (DRB_configList != NULL) {
derive_key_up_enc(ue_context_pP->ue_context.ciphering_algorithm,
ue_context_pP->ue_context.kgnb,
&kUPenc);
k_kdf = NULL;
nr_derive_key_up_enc(ue_context_pP->ue_context.ciphering_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kUPenc: last 128 bits of key derivation function which returns 256 bits */
kUPenc = malloc(16);
if (kUPenc == NULL) exit(1);
memcpy(kUPenc, k_kdf+16, 16);
free(k_kdf);
k_kdf = NULL;
nr_derive_key_up_int(ue_context_pP->ue_context.integrity_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kUPint: last 128 bits of key derivation function which returns 256 bits */
kUPint = malloc(16);
if (kUPint == NULL) exit(1);
memcpy(kUPint, k_kdf+16, 16);
free(k_kdf);
}
derive_key_rrc_enc(ue_context_pP->ue_context.ciphering_algorithm,
ue_context_pP->ue_context.kgnb,
&kRRCenc);
derive_key_rrc_int(ue_context_pP->ue_context.integrity_algorithm,
ue_context_pP->ue_context.kgnb,
&kRRCint);
k_kdf = NULL;
nr_derive_key_rrc_enc(ue_context_pP->ue_context.ciphering_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kRRCenc: last 128 bits of key derivation function which returns 256 bits */
kRRCenc = malloc(16);
if (kRRCenc == NULL) exit(1);
memcpy(kRRCenc, k_kdf+16, 16);
free(k_kdf);
k_kdf = NULL;
nr_derive_key_rrc_int(ue_context_pP->ue_context.integrity_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kRRCint: last 128 bits of key derivation function which returns 256 bits */
kRRCint = malloc(16);
if (kRRCint == NULL) exit(1);
memcpy(kRRCint, k_kdf+16, 16);
free(k_kdf);
#endif
/* Refresh SRBs/DRBs */
MSC_LOG_TX_MESSAGE(MSC_RRC_GNB, MSC_PDCP_ENB, NULL, 0, MSC_AS_TIME_FMT" CONFIG_REQ UE %x DRB (security unchanged)",
......@@ -1319,11 +1362,12 @@ rrc_gNB_process_RRCReconfigurationComplete(
SRB_configList, // NULL,
DRB_configList,
DRB_Release_configList2,
0, // already configured during the securitymodecommand
(ue_context_pP->ue_context.integrity_algorithm << 4)
| ue_context_pP->ue_context.ciphering_algorithm,
kRRCenc,
kRRCint,
kUPenc,
NULL,
kUPint,
NULL,
NULL,
get_softmodem_params()->sa ? ue_context_pP->ue_context.masterCellGroup->rlc_BearerToAddModList : NULL);
......@@ -1713,7 +1757,7 @@ rrc_gNB_process_RRCConnectionReestablishmentComplete(
nr_rrc_pdcp_config_security(
ctxt_pP,
ue_context_pP,
send_security_mode_command);
send_security_mode_command ? 0 : 1);
LOG_D(NR_RRC, "set security successfully \n");
}
......@@ -2489,6 +2533,9 @@ rrc_gNB_decode_dcch(
xer_fprint(stdout, &asn_DEF_NR_UL_DCCH_Message, (void *)ul_dcch_msg);
}
/* configure ciphering */
nr_rrc_pdcp_config_security(ctxt_pP, ue_context_p, 1);
rrc_gNB_generate_UECapabilityEnquiry(ctxt_pP, ue_context_p);
//rrc_gNB_generate_defaultRRCReconfiguration(ctxt_pP, ue_context_p);
break;
......
......@@ -297,7 +297,7 @@ void
nr_rrc_pdcp_config_security(
const protocol_ctxt_t *const ctxt_pP,
rrc_gNB_ue_context_t *const ue_context_pP,
const uint8_t send_security_mode_command
const uint8_t enable_ciphering
)
//------------------------------------------------------------------------------
{
......@@ -364,10 +364,11 @@ nr_rrc_pdcp_config_security(
NULL, /* pdcp_pP not used anymore in NR */
DCCH,
DCCH+2,
(send_security_mode_command == TRUE) ?
0 | (ue_context_pP->ue_context.integrity_algorithm << 4) :
(ue_context_pP->ue_context.ciphering_algorithm ) |
(ue_context_pP->ue_context.integrity_algorithm << 4),
enable_ciphering ?
ue_context_pP->ue_context.ciphering_algorithm
| (ue_context_pP->ue_context.integrity_algorithm << 4)
: 0
| (ue_context_pP->ue_context.integrity_algorithm << 4),
kRRCenc,
kRRCint,
kUPenc);
......@@ -601,21 +602,17 @@ rrc_gNB_process_NGAP_INITIAL_CONTEXT_SETUP_REQ(
ue_context_p,
NGAP_INITIAL_CONTEXT_SETUP_REQ(msg_p).security_key);
uint8_t send_security_mode_command = TRUE;
/* configure only integrity, ciphering comes after receiving SecurityModeComplete */
nr_rrc_pdcp_config_security(
&ctxt,
ue_context_p,
send_security_mode_command);
0);
uint8_t send_security_mode_command = TRUE;
if (send_security_mode_command) {
rrc_gNB_generate_SecurityModeCommand (&ctxt, ue_context_p);
send_security_mode_command = FALSE;
nr_rrc_pdcp_config_security(
&ctxt,
ue_context_p,
send_security_mode_command);
} else {
/* rrc_gNB_generate_UECapabilityEnquiry */
rrc_gNB_generate_UECapabilityEnquiry(&ctxt, ue_context_p);
......@@ -687,43 +684,76 @@ rrc_gNB_send_NGAP_INITIAL_CONTEXT_SETUP_RESP(
itti_send_msg_to_task (TASK_NGAP, ctxt_pP->instance, msg_p);
}
static NR_CipheringAlgorithm_t rrc_gNB_select_ciphering(uint16_t algorithms) {
return NR_CipheringAlgorithm_nea0;
if (algorithms & NGAP_ENCRYPTION_NEA3_MASK) {
return NR_CipheringAlgorithm_nea3;
}
if (algorithms & NGAP_ENCRYPTION_NEA2_MASK) {
return NR_CipheringAlgorithm_nea2;
static NR_CipheringAlgorithm_t rrc_gNB_select_ciphering(
const protocol_ctxt_t *const ctxt_pP,
uint16_t algorithms)
{
gNB_RRC_INST *rrc = RC.nrrrc[ctxt_pP->module_id];
int i;
/* preset nea0 as fallback */
int ret = 0;
/* Select ciphering algorithm based on gNB configuration file and
* UE's supported algorithms.
* We take the first from the list that is supported by the UE.
* The ordering of the list comes from the configuration file.
*/
for (i = 0; i < rrc->security.ciphering_algorithms_count; i++) {
int nea_mask[4] = {
0,
NGAP_ENCRYPTION_NEA1_MASK,
NGAP_ENCRYPTION_NEA2_MASK,
NGAP_ENCRYPTION_NEA3_MASK
};
if (rrc->security.ciphering_algorithms[i] == 0) {
/* nea0 */
break;
}
if (algorithms & nea_mask[rrc->security.ciphering_algorithms[i]]) {
ret = rrc->security.ciphering_algorithms[i];
break;
}
}
if (algorithms & NGAP_ENCRYPTION_NEA1_MASK) {
return NR_CipheringAlgorithm_nea1;
}
LOG_I(RRC, "selecting ciphering algorithm %d\n", ret);
return ret;
}
static e_NR_IntegrityProtAlgorithm rrc_gNB_select_integrity(uint16_t algorithms) {
//only NIA2 supported for now
return NR_IntegrityProtAlgorithm_nia2;
if (algorithms & NGAP_INTEGRITY_NIA3_MASK) {
return NR_IntegrityProtAlgorithm_nia3;
}
if (algorithms & NGAP_INTEGRITY_NIA2_MASK) {
return NR_IntegrityProtAlgorithm_nia2;
static e_NR_IntegrityProtAlgorithm rrc_gNB_select_integrity(
const protocol_ctxt_t *const ctxt_pP,
uint16_t algorithms)
{
gNB_RRC_INST *rrc = RC.nrrrc[ctxt_pP->module_id];
int i;
/* preset nia0 as fallback */
int ret = 0;
/* Select integrity algorithm based on gNB configuration file and
* UE's supported algorithms.
* We take the first from the list that is supported by the UE.
* The ordering of the list comes from the configuration file.
*/
for (i = 0; i < rrc->security.integrity_algorithms_count; i++) {
int nia_mask[4] = {
0,
NGAP_INTEGRITY_NIA1_MASK,
NGAP_INTEGRITY_NIA2_MASK,
NGAP_INTEGRITY_NIA3_MASK
};
if (rrc->security.integrity_algorithms[i] == 0) {
/* nia0 */
break;
}
if (algorithms & nia_mask[rrc->security.integrity_algorithms[i]]) {
ret = rrc->security.integrity_algorithms[i];
break;
}
}
if (algorithms & NGAP_INTEGRITY_NIA1_MASK) {
return NR_IntegrityProtAlgorithm_nia1;
}
LOG_I(RRC, "selecting integrity algorithm %d\n", ret);
return NR_IntegrityProtAlgorithm_nia0;
return ret;
}
int
......@@ -746,14 +776,14 @@ rrc_gNB_process_security(
ue_context_pP->ue_context.security_capabilities.nRintegrity_algorithms,
ue_context_pP->ue_context.integrity_algorithm);
/* Select relevant algorithms */
cipheringAlgorithm = rrc_gNB_select_ciphering (ue_context_pP->ue_context.security_capabilities.nRencryption_algorithms);
cipheringAlgorithm = rrc_gNB_select_ciphering(ctxt_pP, ue_context_pP->ue_context.security_capabilities.nRencryption_algorithms);
if (ue_context_pP->ue_context.ciphering_algorithm != cipheringAlgorithm) {
ue_context_pP->ue_context.ciphering_algorithm = cipheringAlgorithm;
changed = TRUE;
}
integrityProtAlgorithm = rrc_gNB_select_integrity (ue_context_pP->ue_context.security_capabilities.nRintegrity_algorithms);
integrityProtAlgorithm = rrc_gNB_select_integrity(ctxt_pP, ue_context_pP->ue_context.security_capabilities.nRintegrity_algorithms);
if (ue_context_pP->ue_context.integrity_algorithm != integrityProtAlgorithm) {
ue_context_pP->ue_context.integrity_algorithm = integrityProtAlgorithm;
......
......@@ -142,6 +142,7 @@ void rrc_add_nsa_user(gNB_RRC_INST *rrc,struct rrc_gNB_ue_context_s *ue_context_
gtpv1u_enb_create_tunnel_resp_t create_tunnel_resp;
protocol_ctxt_t ctxt={0};
unsigned char *kUPenc = NULL;
unsigned char *kUPint = NULL;
int i;
// NR RRCReconfiguration
AssertFatal(rrc->Nb_ue < MAX_NR_RRC_UE_CONTEXTS,"cannot add another UE\n");
......@@ -224,6 +225,16 @@ void rrc_add_nsa_user(gNB_RRC_INST *rrc,struct rrc_gNB_ue_context_s *ue_context_
memcpy(kUPenc, kUPenc_kdf+16, 16);
free(kUPenc_kdf);
unsigned char *kUPint_kdf;
nr_derive_key_up_int(ue_context_p->ue_context.integrity_algorithm,
ue_context_p->ue_context.kgnb,
&kUPint_kdf);
/* kUPint: last 128 bits of key derivation function which returns 256 bits */
kUPint = malloc(16);
if (kUPint == NULL) exit(1);
memcpy(kUPint, kUPint_kdf+16, 16);
free(kUPint_kdf);
e_NR_CipheringAlgorithm cipher_algo;
switch (ue_context_p->ue_context.ciphering_algorithm) {
case 0: cipher_algo = NR_CipheringAlgorithm_nea0; break;
......@@ -389,7 +400,7 @@ void rrc_add_nsa_user(gNB_RRC_INST *rrc,struct rrc_gNB_ue_context_s *ue_context_
NULL, /* kRRCenc - unused */
NULL, /* kRRCint - unused */
kUPenc, /* kUPenc */
NULL, /* kUPint - unused */
kUPint, /* kUPint */
NULL,
NULL,
ue_context_p->ue_context.secondaryCellGroup->rlc_BearerToAddModList);
......
......@@ -2044,12 +2044,22 @@ nr_rrc_ue_establish_srb2(
}
}
uint8_t *k_kdf = NULL;
uint8_t *kRRCenc = NULL;
uint8_t *kRRCint = NULL;
derive_key_rrc_enc(NR_UE_rrc_inst[ctxt_pP->module_id].cipheringAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &kRRCenc);
derive_key_rrc_int(NR_UE_rrc_inst[ctxt_pP->module_id].integrityProtAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &kRRCint);
nr_derive_key_rrc_enc(NR_UE_rrc_inst[ctxt_pP->module_id].cipheringAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &k_kdf);
kRRCenc = malloc(16);
if (kRRCenc == NULL) exit(1);
memcpy(kRRCenc, k_kdf + 16, 16);
free(k_kdf);
nr_derive_key_rrc_int(NR_UE_rrc_inst[ctxt_pP->module_id].integrityProtAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &k_kdf);
kRRCint = malloc(16);
if (kRRCint == NULL) exit(1);
memcpy(kRRCint, k_kdf + 16, 16);
free(k_kdf);
// Refresh SRBs
nr_rrc_pdcp_config_asn1_req(ctxt_pP,
radioBearerConfig->srb_ToAddModList,
......@@ -2130,9 +2140,24 @@ nr_rrc_ue_establish_srb2(
}
}
uint8_t *k_kdf = NULL;
uint8_t *kUPenc = NULL;
derive_key_up_enc(NR_UE_rrc_inst[ctxt_pP->module_id].cipheringAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &kUPenc);
uint8_t *kUPint = NULL;
nr_derive_key_up_enc(NR_UE_rrc_inst[ctxt_pP->module_id].cipheringAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &k_kdf);
kUPenc = malloc(16);
if (kUPenc == NULL) exit(1);
memcpy(kUPenc, k_kdf + 16, 16);
free(k_kdf);
nr_derive_key_up_int(NR_UE_rrc_inst[ctxt_pP->module_id].integrityProtAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &k_kdf);
kUPint = malloc(16);
if (kUPint == NULL) exit(1);
memcpy(kUPint, k_kdf + 16, 16);
free(k_kdf);
MSC_LOG_TX_MESSAGE(
MSC_RRC_UE,
MSC_PDCP_UE,
......@@ -2153,7 +2178,7 @@ nr_rrc_ue_establish_srb2(
NULL,
NULL,
kUPenc,
NULL,
kUPint,
NULL,
NR_UE_rrc_inst[ctxt_pP->module_id].defaultDRB,
NR_UE_rrc_inst[ctxt_pP->module_id].cell_group_config->rlc_BearerToAddModList);
......
......@@ -1127,12 +1127,11 @@ int ngap_gNB_handle_initial_context_request(uint32_t assoc_id,
BIT_STRING_to_uint16(&ie->value.choice.UESecurityCapabilities.eUTRAencryptionAlgorithms);
NGAP_INITIAL_CONTEXT_SETUP_REQ(message_p).security_capabilities.eUTRAintegrity_algorithms =
BIT_STRING_to_uint16(&ie->value.choice.UESecurityCapabilities.eUTRAintegrityProtectionAlgorithms);
/* id-SecurityKey : Copy the security key */
} else {/* ie != NULL */
return -1;
}
/* id-MobilityRestrictionList */
/* id-SecurityKey : Copy the security key */
NGAP_FIND_PROTOCOLIE_BY_ID(NGAP_InitialContextSetupRequestIEs_t, ie, container,
NGAP_ProtocolIE_ID_id_SecurityKey, true);
......@@ -1144,7 +1143,7 @@ int ngap_gNB_handle_initial_context_request(uint32_t assoc_id,
return -1;
}
/* id-NAS-PDU */
/* id-MobilityRestrictionList */
NGAP_FIND_PROTOCOLIE_BY_ID(NGAP_InitialContextSetupRequestIEs_t, ie, container,
NGAP_ProtocolIE_ID_id_MobilityRestrictionList, false);
......@@ -1160,6 +1159,7 @@ int ngap_gNB_handle_initial_context_request(uint32_t assoc_id,
}
/* id-NAS-PDU */
NGAP_FIND_PROTOCOLIE_BY_ID(NGAP_InitialContextSetupRequestIEs_t, ie, container,
NGAP_ProtocolIE_ID_id_NAS_PDU, false);
......@@ -1171,7 +1171,6 @@ int ngap_gNB_handle_initial_context_request(uint32_t assoc_id,
memcpy(NGAP_INITIAL_CONTEXT_SETUP_REQ(message_p).nas_pdu.buffer,
ie->value.choice.NAS_PDU.buf, ie->value.choice.NAS_PDU.size);
}
}
itti_send_msg_to_task(TASK_RRC_GNB, ue_desc_p->gNB_instance->instance, message_p);
......
......@@ -268,6 +268,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -252,6 +252,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -247,6 +247,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -266,6 +266,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -258,6 +258,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -258,6 +258,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -259,6 +259,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -263,6 +263,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -261,6 +261,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -306,6 +306,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -255,6 +255,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -255,6 +255,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -256,6 +256,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -271,6 +271,23 @@ THREAD_STRUCT = (
# modelname = "AWGN";
#};
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -246,6 +246,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -258,6 +258,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -256,6 +256,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -256,6 +256,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -247,6 +247,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -283,6 +283,23 @@ THREAD_STRUCT = (
}
);
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -280,6 +280,23 @@ rfsimulator :
IQfile = "/tmp/rfsimulator.iqs";
};
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -280,6 +280,23 @@ rfsimulator :
IQfile = "/tmp/rfsimulator.iqs";
};
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
......@@ -306,6 +306,23 @@ rfsimulator :
IQfile = "/tmp/rfsimulator.iqs";
};
security = {
# preferred ciphering algorithms
# the first one of the list that an UE supports in chosen
# valid values: nea0, nea1, nea2, nea3
ciphering_algorithms = ( "nea0" );
# preferred integrity algorithms
# the first one of the list that an UE supports in chosen
# valid values: nia0, nia1, nia2, nia3
integrity_algorithms = ( "nia2", "nia0" );
# setting 'drb_ciphering' to "no" disables ciphering for DRBs, no matter
# what 'ciphering_algorithms' configures; same thing for 'drb_integrity'
drb_ciphering = "yes";
drb_integrity = "no";
};
log_config :
{
global_log_level ="info";
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment