Commit cd210a3d authored by Lionel Gauthier's avatar Lionel Gauthier

Security algorithms selection

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@5623 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 16809152
......@@ -257,6 +257,9 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config,
int mme_api_get_emm_config(mme_api_emm_config_t *config)
#endif
{
#if defined(EPC_BUILD)
int i;
#endif
LOG_FUNC_IN;
config->gummei.plmn.MCCdigit1 = 2;
......@@ -275,6 +278,10 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config)
if (mme_config_p->unauthenticated_imsi_supported != 0) {
config->features |= MME_API_UNAUTHENTICATED_IMSI;
}
for (i = 0 ; i < 8; i++) {
config->prefered_integrity_algorithm[i] = mme_config_p->nas_config.prefered_integrity_algorithm[i];
config->prefered_ciphering_algorithm[i] = mme_config_p->nas_config.prefered_ciphering_algorithm[i];
}
#else
config->features = MME_API_EMERGENCY_ATTACH | MME_API_UNAUTHENTICATED_IMSI;
#endif
......
......@@ -89,6 +89,8 @@ typedef enum mme_api_ip_version_e {
typedef struct mme_api_emm_config_s {
mme_api_feature_t features; /* Supported features */
gummei_t gummei; /* EPS Globally Unique MME Identity */
uint8_t prefered_integrity_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EIA0, etc
uint8_t prefered_ciphering_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EEA0, etc
} mme_api_emm_config_t;
/*
......
......@@ -382,18 +382,20 @@ int nas_message_decode(
LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT);
}
else if (size > 1) {
if (emm_security_context) {
#if defined(NAS_MME)
if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) {
emm_security_context->ul_count.overflow += 1;
}
emm_security_context->ul_count.seq_num = msg->header.sequence_number;
if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) {
emm_security_context->ul_count.overflow += 1;
}
emm_security_context->ul_count.seq_num = msg->header.sequence_number;
#else
if (emm_security_context->dl_count.seq_num > msg->header.sequence_number) {
emm_security_context->dl_count.overflow += 1;
}
emm_security_context->dl_count.seq_num = msg->header.sequence_number;
if (emm_security_context->dl_count.seq_num > msg->header.sequence_number) {
emm_security_context->dl_count.overflow += 1;
}
emm_security_context->dl_count.seq_num = msg->header.sequence_number;
#endif
}
/* Compute offset of the sequence number field */
int offset = size - sizeof(UInt8_t);
/* Compute the NAS message authentication code */
......
......@@ -1127,36 +1127,33 @@ static int _security_select_algorithms(
{
LOG_FUNC_IN;
int rc = RETURNerror;
/* TODO work with loaded preferences from config file */
if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA1)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA1");
*mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA1;
} else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA2)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA2");
*mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA2;
} else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA0)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA0");
*mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0;
} else {
LOG_FUNC_RETURN (rc);
int rc = RETURNerror;
int preference_index;
*mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0;
*mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0;
for (preference_index = 0; preference_index < 8; preference_index++) {
if (ue_eiaP & (0x80 >> _emm_data.conf.prefered_integrity_algorithm[preference_index])) {
LOG_TRACE(DEBUG,
"Selected NAS_SECURITY_ALGORITHMS_EIA%d (choice num %d)",
_emm_data.conf.prefered_integrity_algorithm[preference_index],
preference_index);
*mme_eiaP = _emm_data.conf.prefered_integrity_algorithm[preference_index];
break;
}
}
if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA0)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA0");
*mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0;
} else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA1)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA1");
*mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA1;
} else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA2)) {
LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA2");
*mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA2;
} else {
LOG_FUNC_RETURN (rc);
for (preference_index = 0; preference_index < 8; preference_index++) {
if (ue_eeaP & (0x80 >> _emm_data.conf.prefered_ciphering_algorithm[preference_index])) {
LOG_TRACE(DEBUG,
"Selected NAS_SECURITY_ALGORITHMS_EEA%d (choice num %d)",
_emm_data.conf.prefered_ciphering_algorithm[preference_index],
preference_index);
*mme_eeaP = _emm_data.conf.prefered_ciphering_algorithm[preference_index];
break;
}
}
LOG_FUNC_RETURN (RETURNok);
}
......
......@@ -331,6 +331,52 @@ static int config_parse_file(mme_config_t *mme_config_p)
free(cidr);
}
}
// NAS SETTING
setting = config_setting_get_member (setting_mme, MME_CONFIG_STRING_NAS_CONFIG);
if (setting != NULL) {
subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST);
if (subsetting != NULL) {
num = config_setting_length(subsetting);
if (num <= 8) {
for (i = 0; i < num; i++) {
astring = config_setting_get_string_elem(subsetting, i);
if (strcmp("EIA0", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA1", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA1;
else if (strcmp("EIA2", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA2;
else if (strcmp("EIA3", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA4", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA5", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA6", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
else if (strcmp("EIA7", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
}
for (i = num; i < 8; i++) {
mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
}
}
}
subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST);
if (subsetting != NULL) {
num = config_setting_length(subsetting);
if (num <= 8) {
for (i = 0; i < num; i++) {
astring = config_setting_get_string_elem(subsetting, i);
if (strcmp("EEA0", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA1", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA1;
else if (strcmp("EEA2", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA2;
else if (strcmp("EEA3", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA4", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA5", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA6", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
else if (strcmp("EEA7", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
}
for (i = num; i < 8; i++) {
mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
}
}
}
}
}
setting = config_lookup(&cfg, SGW_CONFIG_STRING_SGW_CONFIG);
......
......@@ -76,6 +76,25 @@
#define MME_CONFIG_STRING_ASN1_VERBOSITY_ANNOYING "annoying"
#define MME_CONFIG_STRING_ASN1_VERBOSITY_INFO "info"
#define MME_CONFIG_STRING_NAS_CONFIG "NAS"
#define MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST "ORDERED_SUPPORTED_INTEGRITY_ALGORITHM_LIST"
#define MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST "ORDERED_SUPPORTED_CIPHERING_ALGORITHM_LIST"
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA0 0b000
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA1 0b001
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA2 0b010
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA3 0b011
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA4 0b100
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA5 0b101
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA6 0b110
#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA7 0b111
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA0 0b000
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA1 0b001
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA2 0b010
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA3 0b011
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA4 0b100
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA5 0b101
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA6 0b110
#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA7 0b111
typedef struct mme_config_s {
/* Reader/writer lock for this configuration */
......@@ -140,6 +159,12 @@ typedef struct mme_config_s {
uint32_t queue_size;
char *log_file;
} itti_config;
struct {
uint8_t prefered_integrity_algorithm[8];
uint8_t prefered_ciphering_algorithm[8];
} nas_config;
} mme_config_t;
extern mme_config_t mme_config;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment