Commit 4ffa1ddc authored by Lionel Gauthier's avatar Lionel Gauthier

Licence file

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@5548 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent fc306019
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
...@@ -254,9 +254,21 @@ int nas_message_decrypt( ...@@ -254,9 +254,21 @@ int nas_message_decrypt(
SECU_DIRECTION_DOWNLINK, SECU_DIRECTION_DOWNLINK,
#endif #endif
emm_security_context); emm_security_context);
/* Check NAS message integrity */ /* Check NAS message integrity */
if (mac != header->message_authentication_code) { if (mac != header->message_authentication_code) {
#if defined(NAS_MME)
LOG_FUNC_RETURN (TLV_DECODE_MAC_MISMATCH); LOG_FUNC_RETURN (TLV_DECODE_MAC_MISMATCH);
#else
#warning "added test on integrity algorithm because of SECURITY_MODE_COMMAND not correctly handled in UE (check integrity)"
if (emm_security_context->selected_algorithms.integrity !=
NAS_SECURITY_ALGORITHMS_EIA0) {
LOG_FUNC_RETURN (TLV_DECODE_MAC_MISMATCH);
} else {
LOG_TRACE(WARNING,
"MAC failure but continue due to EIA0 selected");
}
#endif
} }
/* Decrypt the security protected NAS message */ /* Decrypt the security protected NAS message */
...@@ -336,6 +348,10 @@ int nas_message_decode( ...@@ -336,6 +348,10 @@ int nas_message_decode(
/* Check NAS message integrity */ /* Check NAS message integrity */
if (mac != msg->header.message_authentication_code) { if (mac != msg->header.message_authentication_code) {
LOG_TRACE(DEBUG,
"msg->header.message_authentication_code = %04X computed = %04X",
msg->header.message_authentication_code,
mac);
LOG_FUNC_RETURN (TLV_DECODE_MAC_MISMATCH); LOG_FUNC_RETURN (TLV_DECODE_MAC_MISMATCH);
} }
...@@ -940,6 +956,11 @@ static UInt32_t _nas_message_get_mac( ...@@ -940,6 +956,11 @@ static UInt32_t _nas_message_get_mac(
UInt32_t count; UInt32_t count;
UInt32_t *mac32; UInt32_t *mac32;
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA1 dir %d ul_count.seq_num %d dl_count.seq_num %d",
direction,
emm_security_context->ul_count.seq_num,
emm_security_context->dl_count.seq_num);
if (direction == SECU_DIRECTION_UPLINK) { if (direction == SECU_DIRECTION_UPLINK) {
count = 0x00000000 || count = 0x00000000 ||
((emm_security_context->ul_count.overflow && 0x0000FFFF) << 8) || ((emm_security_context->ul_count.overflow && 0x0000FFFF) << 8) ||
...@@ -974,6 +995,11 @@ static UInt32_t _nas_message_get_mac( ...@@ -974,6 +995,11 @@ static UInt32_t _nas_message_get_mac(
UInt32_t count; UInt32_t count;
UInt32_t *mac32; UInt32_t *mac32;
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA2 dir %d ul_count.seq_num %d dl_count.seq_num %d",
direction,
emm_security_context->ul_count.seq_num,
emm_security_context->dl_count.seq_num);
if (direction == SECU_DIRECTION_UPLINK) { if (direction == SECU_DIRECTION_UPLINK) {
count = 0x00000000 || count = 0x00000000 ||
((emm_security_context->ul_count.overflow && 0x0000FFFF) << 8) || ((emm_security_context->ul_count.overflow && 0x0000FFFF) << 8) ||
...@@ -1003,6 +1029,11 @@ static UInt32_t _nas_message_get_mac( ...@@ -1003,6 +1029,11 @@ static UInt32_t _nas_message_get_mac(
}break; }break;
case NAS_SECURITY_ALGORITHMS_EIA0: case NAS_SECURITY_ALGORITHMS_EIA0:
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA0 dir %d ul_count.seq_num %d dl_count.seq_num %d",
direction,
emm_security_context->ul_count.seq_num,
emm_security_context->dl_count.seq_num);
#if defined(EPC_BUILD) || defined(UE_BUILD) #if defined(EPC_BUILD) || defined(UE_BUILD)
LOG_FUNC_RETURN (0); LOG_FUNC_RETURN (0);
#else #else
......
This diff is collapsed.
This diff is collapsed.
...@@ -137,7 +137,7 @@ void f2345 ( u8 k_pP[16], u8 rand_pP[16], ...@@ -137,7 +137,7 @@ void f2345 ( u8 k_pP[16], u8 rand_pP[16],
for (i=0; i<16; i++) for (i=0; i<16; i++)
ck_pP[i] = out[i]; ck_pP[i] = out[i];
LOG_TRACE(DEBUG, LOG_TRACE(DEBUG,
"USIM-API - f2345 : out f3 ik_pP[0..7]=%02X%02X%02X%02X%02X%02X%02X%02", "USIM-API - f2345 : out f3 ck_pP[0..7]=%02X%02X%02X%02X%02X%02X%02X%02X",
ck_pP[0],ck_pP[1],ck_pP[2], ck_pP[3], ck_pP[4], ck_pP[5], ck_pP[6], ck_pP[7]); ck_pP[0],ck_pP[1],ck_pP[2], ck_pP[3], ck_pP[4], ck_pP[5], ck_pP[6], ck_pP[7]);
/* To obtain output block OUT4: XOR OPc and TEMP, * /* To obtain output block OUT4: XOR OPc and TEMP, *
* rotate by r4=64, and XOR on the constant c4 (which * * rotate by r4=64, and XOR on the constant c4 (which *
......
This diff is collapsed.
/***************************************************************************** /*******************************************************************************
Eurecom OpenAirInterface 3 OpenAirInterface
Copyright(c) 2012 Eurecom Copyright(c) 1999 - 2014 Eurecom
OpenAirInterface is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
OpenAirInterface is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with OpenAirInterface.The full GNU General Public License is
included in this distribution in the file called "COPYING". If not,
see <http://www.gnu.org/licenses/>.
Contact Information
OpenAirInterface Admin: openair_admin@eurecom.fr
OpenAirInterface Tech : openair_tech@eurecom.fr
OpenAirInterface Dev : openair4g-devel@eurecom.fr
Address : Eurecom, Compus SophiaTech 450, route des chappes, 06451 Biot, France.
*******************************************************************************/
/*****************************************************************************
Source SecurityModeControl.c Source SecurityModeControl.c
Version 0.1 Version 0.1
...@@ -136,31 +161,31 @@ static int _security_request(security_data_t *data, int is_new); ...@@ -136,31 +161,31 @@ static int _security_request(security_data_t *data, int is_new);
#ifdef NAS_UE #ifdef NAS_UE
/**************************************************************************** /****************************************************************************
** ** ** **
** Name: emm_proc_security_mode_command() ** ** Name: emm_proc_security_mode_command() **
** ** ** **
** Description: Performs the MME requested security mode control proce- ** ** Description: Performs the MME requested security mode control proce- **
** dure. ** ** dure. **
** ** ** **
** 3GPP TS 24.301, section 5.4.3.3 ** ** 3GPP TS 24.301, section 5.4.3.3 **
** Upon receiving the SECURITY MODE COMMAND message, the UE ** ** Upon receiving the SECURITY MODE COMMAND message, the UE **
** shall check whether the message can be accepted or not. ** ** shall check whether the message can be accepted or not. **
** If accepted the UE shall send a SECURITY MODE COMPLETE ** ** If accepted the UE shall send a SECURITY MODE COMPLETE **
** message integrity protected with the selected NAS inte- ** ** message integrity protected with the selected NAS inte- **
** grity algorithm and ciphered with the selected NAS ciphe- ** ** grity algorithm and ciphered with the selected NAS ciphe- **
** ring algorithm. ** ** ring algorithm. **
** ** ** **
** Inputs: native_ksi: TRUE if the security context is of type ** ** Inputs: native_ksi: TRUE if the security context is of type **
** native (for KSIASME) ** ** native (for KSIASME) **
** ksi: The NAS ket sey identifier ** ** ksi: The NAS ket sey identifier **
** seea: Selected EPS cyphering algorithm ** ** seea: Selected EPS cyphering algorithm **
** seia: Selected EPS integrity algorithm ** ** seia: Selected EPS integrity algorithm **
** reea: Replayed EPS cyphering algorithm ** ** reea: Replayed EPS cyphering algorithm **
** reia: Replayed EPS integrity algorithm ** ** reia: Replayed EPS integrity algorithm **
** Others: None ** ** Others: None **
** ** ** **
** Outputs: None ** ** Outputs: None **
** Return: RETURNok, RETURNerror ** ** Return: RETURNok, RETURNerror **
** Others: None ** ** Others: None **
** ** ** **
***************************************************************************/ ***************************************************************************/
int emm_proc_security_mode_command(int native_ksi, int ksi, int emm_proc_security_mode_command(int native_ksi, int ksi,
...@@ -206,6 +231,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi, ...@@ -206,6 +231,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi,
* Update the non-current EPS security context * Update the non-current EPS security context
*/ */
else { else {
LOG_TRACE(INFO, "EMM-PROC - Update the non-current EPS security context seea=%u seia=%u", seea, seia);
/* Update selected cyphering and integrity algorithms */ /* Update selected cyphering and integrity algorithms */
_emm_data.non_current->capability.encryption = seea; _emm_data.non_current->capability.encryption = seea;
_emm_data.non_current->capability.integrity = seia; _emm_data.non_current->capability.integrity = seia;
...@@ -217,6 +243,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi, ...@@ -217,6 +243,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi,
_emm_data.non_current->knas_enc.length = AUTH_KNAS_ENC_SIZE; _emm_data.non_current->knas_enc.length = AUTH_KNAS_ENC_SIZE;
} }
if (_emm_data.non_current->knas_enc.value != NULL) { if (_emm_data.non_current->knas_enc.value != NULL) {
LOG_TRACE(INFO, "EMM-PROC - Update the non-current EPS security context knas_enc");
rc = _security_knas_enc(&_emm_data.non_current->kasme, rc = _security_knas_enc(&_emm_data.non_current->kasme,
&_emm_data.non_current->knas_enc, seea); &_emm_data.non_current->knas_enc, seea);
} }
...@@ -228,6 +255,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi, ...@@ -228,6 +255,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi,
} }
if (_emm_data.non_current->knas_int.value != NULL) { if (_emm_data.non_current->knas_int.value != NULL) {
if (rc != RETURNerror) { if (rc != RETURNerror) {
LOG_TRACE(INFO, "EMM-PROC - Update the non-current EPS security context knas_int");
rc = _security_knas_int(&_emm_data.non_current->kasme, rc = _security_knas_int(&_emm_data.non_current->kasme,
&_emm_data.non_current->knas_int, seea); &_emm_data.non_current->knas_int, seea);
} }
...@@ -239,6 +267,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi, ...@@ -239,6 +267,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi,
} }
if (_security_data.kenb.value != NULL) { if (_security_data.kenb.value != NULL) {
if (rc != RETURNerror) { if (rc != RETURNerror) {
LOG_TRACE(INFO, "EMM-PROC - Update the non-current EPS security context kenb");
rc = _security_kenb(&_security_data.kenb, rc = _security_kenb(&_security_data.kenb,
&_emm_data.security->kasme, &_emm_data.security->kasme,
*(UInt32_t *)(&_emm_data.non_current->ul_count)); *(UInt32_t *)(&_emm_data.non_current->ul_count));
...@@ -249,6 +278,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi, ...@@ -249,6 +278,7 @@ int emm_proc_security_mode_command(int native_ksi, int ksi,
* NAS security mode command accepted by the UE * NAS security mode command accepted by the UE
*/ */
if (rc != RETURNerror) { if (rc != RETURNerror) {
LOG_TRACE(INFO, "EMM-PROC - NAS security mode command accepted by the UE");
/* Update the current EPS security context */ /* Update the current EPS security context */
if ( native_ksi && (_emm_data.security->type != EMM_KSI_NATIVE) ) { if ( native_ksi && (_emm_data.security->type != EMM_KSI_NATIVE) ) {
/* The type of security context flag included in the SECURITY /* The type of security context flag included in the SECURITY
...@@ -852,6 +882,7 @@ static int _security_kdf(const OctetString *kasme, OctetString *key, ...@@ -852,6 +882,7 @@ static int _security_kdf(const OctetString *kasme, OctetString *key,
/* TODO !!! Compute the derived key */ /* TODO !!! Compute the derived key */
// todo_hmac_256(key, input, kasme->value); // todo_hmac_256(key, input, kasme->value);
return (RETURNok); return (RETURNok);
} }
#endif // NAS_UE #endif // NAS_UE
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
...@@ -82,10 +82,10 @@ typedef enum ...@@ -82,10 +82,10 @@ typedef enum
# define LOG_TRACE(s, x, args...) \ # define LOG_TRACE(s, x, args...) \
do { \ do { \
switch (s) { \ switch (s) { \
case ERROR: LOG_E(NAS, " " x "\n", ##args); break; \ case ERROR: LOG_E(NAS, " %s:%d " x "\n", __FILE__, __LINE__, ##args); break; \
case WARNING: LOG_W(NAS, " " x "\n", ##args); break; \ case WARNING: LOG_W(NAS, " %s:%d " x "\n", __FILE__, __LINE__, ##args); break; \
case INFO: LOG_I(NAS, " " x "\n", ##args); break; \ case INFO: LOG_I(NAS, " %s:%d " x "\n", __FILE__, __LINE__, ##args); break; \
default: LOG_D(NAS, " " x "\n", ##args); break; \ default: LOG_D(NAS, " %s:%d " x "\n", __FILE__, __LINE__, ##args); break; \
} \ } \
} while (0) } while (0)
...@@ -100,20 +100,20 @@ do { ...@@ -100,20 +100,20 @@ do {
# define LOG_FUNC_IN \ # define LOG_FUNC_IN \
do { \ do { \
LOG_D(NAS, " %*sEntering %s()\n", nas_log_func_indent, "", __FUNCTION__); \ LOG_D(NAS, " %s:%d %*sEntering %s()\n", __FILE__, __LINE__, nas_log_func_indent, "", __FUNCTION__); \
nas_log_func_indent += 4; \ nas_log_func_indent += 4; \
} while (0) } while (0)
# define LOG_FUNC_OUT \ # define LOG_FUNC_OUT \
do { \ do { \
nas_log_func_indent -= 4; \ nas_log_func_indent -= 4; \
LOG_D(NAS, " %*sLeaving %s()\n", nas_log_func_indent, "", __FUNCTION__); \ LOG_D(NAS, " %s:%d %*sLeaving %s()\n", __FILE__, __LINE__, nas_log_func_indent, "", __FUNCTION__); \
} while (0) } while (0)
# define LOG_FUNC_RETURN(rETURNcODE) \ # define LOG_FUNC_RETURN(rETURNcODE) \
do { \ do { \
nas_log_func_indent -= 4; \ nas_log_func_indent -= 4; \
LOG_D(NAS, " %*sLeaving %s(rc = %ld)\n", nas_log_func_indent, "", \ LOG_D(NAS, " %s:%d %*sLeaving %s(rc = %ld)\n", __FILE__, __LINE__, nas_log_func_indent, "", \
__FUNCTION__, (long) rETURNcODE); \ __FUNCTION__, (long) rETURNcODE); \
return (rETURNcODE); \ return (rETURNcODE); \
} while (0) } while (0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment