For Sync only, still problem with NAS COUNT (TODO) and MAC-I (check on real PFT SIM)

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@5311 818b1a75-f10b-46b9-bf7c-635c3b92a50f

openair-cn/COMMON/mme_app_messages_types.h

@@ -26,6 +26,9 @@ typedef struct mme_app_connection_establishment_cnf_s {
     pre_emp_capability_t    bearer_qos_pre_emp_capability;
     ambr_t                  ambr;
 
+    /* Key eNB */
+    uint8_t                 keNB[32];
+
     nas_conn_est_cnf_t       nas_conn_est_cnf;
 } mme_app_connection_establishment_cnf_t;
 

openair-cn/COMMON/nas_messages_types.h

@@ -170,7 +170,7 @@ typedef struct nas_pdn_connectivity_rsp_s {
     uint32_t                mme_ue_s1ap_id;
 
     /* Key eNB */
-    uint8_t                 keNB[32];
+    //uint8_t                 keNB[32];
 
     ambr_t                  ambr;
     ambr_t                  apn_ambr;

openair-cn/MME_APP/mme_app_bearer.c

@@ -289,6 +289,7 @@ mme_app_handle_conn_est_cnf(
     mme_app_connection_establishment_cnf_t *establishment_cnf_p = NULL;
     bearer_context_t                       *current_bearer_p    = NULL;
     ebi_t                                   bearer_id           = 0;
+    uint8_t                                *keNB                = NULL;
 
     MME_APP_DEBUG("Received NAS_CONNECTION_ESTABLISHMENT_CNF from NAS\n");
 
@@ -332,6 +333,11 @@ mme_app_handle_conn_est_cnf(
     establishment_cnf_p->bearer_qos_pre_emp_capability     = current_bearer_p->pre_emp_capability;
     establishment_cnf_p->ambr                              = ue_context_p->used_ambr;
 
+    MME_APP_DEBUG("Derive keNB with UL NAS COUNT %x\n", nas_conn_est_cnf_pP->ul_nas_count);
+    derive_keNB(ue_context_p->vector_in_use->kasme, nas_conn_est_cnf_pP->ul_nas_count, &keNB); //156
+    memcpy(establishment_cnf_p->keNB, keNB, 32);
+    free(keNB);
+
     itti_send_msg_to_task(TASK_S1AP, INSTANCE_DEFAULT, message_p);
 }
 
@@ -471,17 +477,18 @@ mme_app_handle_create_sess_resp(
     mme_app_dump_ue_contexts(&mme_app_desc.mme_ue_contexts);
 
     {
-        uint8_t *keNB = NULL;
+        //uint8_t *keNB = NULL;
 
         message_p = itti_alloc_new_message(TASK_MME_APP, NAS_PDN_CONNECTIVITY_RSP);
         memset((void*)&message_p->ittiMsg.nas_pdn_connectivity_rsp,
                 0,
                 sizeof(nas_pdn_connectivity_rsp_t));
 
-        derive_keNB(ue_context_p->vector_in_use->kasme, 156, &keNB);
-        memcpy(NAS_PDN_CONNECTIVITY_RSP(message_p).keNB, keNB, 32);
+        // moved to NAS_CONNECTION_ESTABLISHMENT_CONF, keNB not handled in NAS MME
+        //derive_keNB(ue_context_p->vector_in_use->kasme, 156, &keNB);
+        //memcpy(NAS_PDN_CONNECTIVITY_RSP(message_p).keNB, keNB, 32);
 
-        free(keNB);
+        //free(keNB);
 
         NAS_PDN_CONNECTIVITY_RSP(message_p).pti            = ue_context_p->pending_pdn_connectivity_req_pti;   // NAS internal ref
         NAS_PDN_CONNECTIVITY_RSP(message_p).ue_id          = ue_context_p->pending_pdn_connectivity_req_ue_id; // NAS internal ref

openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.h

@@ -23,6 +23,9 @@ Description Defines the layer 3 messages supported by the NAS sublayer
 
 #include "commonDef.h"
 #include "emm_msg.h"
+#if defined(EPC_BUILD)
+#include "emmData.h"
+#endif
 #include "esm_msg.h"
 
 /****************************************************************************/
@@ -78,14 +81,29 @@ typedef union {
 /******************  E X P O R T E D    F U N C T I O N S  ******************/
 /****************************************************************************/
 
-int nas_message_encrypt(const char *inbuf, char *outbuf,
-                        const nas_message_security_header_t *header, int length);
-
-int nas_message_decrypt(const char *inbuf, char *outbuf,
-                        nas_message_security_header_t *header, int length);
-
-int nas_message_decode(const char * const buffer, nas_message_t *msg, int length);
-
-int nas_message_encode(char *buffer, const nas_message_t * const msg, int length);
+int nas_message_encrypt(
+    const char                          *inbuf,
+    char                                *outbuf,
+    const nas_message_security_header_t *header,
+    int                                  length,
+    void                                *security);
+
+int nas_message_decrypt(const char *inbuf,
+    char                           *outbuf,
+    nas_message_security_header_t  *header,
+    int                             length,
+    void                           *security);
+
+int nas_message_decode(
+    const char * const  buffer,
+    nas_message_t      *msg,
+    int                 length,
+    void               *security);
+
+int nas_message_encode(
+    char                       *buffer,
+    const nas_message_t * const msg,
+    int                         length,
+    void                       *security);
 
 #endif /* __NAS_MESSAGE_H__*/

openair-cn/NAS/EURECOM-NAS/src/emm/Attach.c

@@ -45,6 +45,8 @@ Description Defines the attach related EMM procedure executed by the
 #include "esm_sap.h"
 #include "emm_cause.h"
 
+#include "NasSecurityAlgorithms.h"
+
 #ifdef NAS_MME
 #include "mme_api.h"
 # if defined(EPC_BUILD)
@@ -1133,6 +1135,17 @@ int emm_proc_attach_request(unsigned int ueid, emm_proc_attach_type_t type,
 #if defined(EPC_BUILD)
         emm_data_context_add(&_emm_data, *(emm_ctx));
 #endif
+
+#warning "TRICK TO SET TAC, BUT LOOK AT SPEC"
+        if (tai){
+            LOG_TRACE(WARNING,
+                "EMM-PROC  - Set tac %u in context %u ",
+                tai->tac);
+            (*emm_ctx)->tac = tai->tac;
+        } else {
+            LOG_TRACE(WARNING,
+                "EMM-PROC  - Could not set tac in context, cause tai is NULL ");
+        }
     }
 
     /* Update the EMM context with the current attach procedure parameters */
@@ -2040,6 +2053,8 @@ static int _emm_attach_security(void *args)
     if (emm_ctx->security) {
         memset(emm_ctx->security, 0, sizeof(emm_security_context_t));
         emm_ctx->security->type = EMM_KSI_NOT_AVAILABLE;
+        emm_ctx->security->selected_algorithms.encryption = NAS_SECURITY_ALGORITHMS_EEA0;
+        emm_ctx->security->selected_algorithms.integrity  = NAS_SECURITY_ALGORITHMS_EIA0;
     } else {
         LOG_TRACE(WARNING, "EMM-PROC  - Failed to create security context");
         emm_ctx->emm_cause = EMM_CAUSE_ILLEGAL_UE;
@@ -2309,62 +2324,63 @@ static int _emm_attach_have_changed(const emm_data_context_t *ctx,
                                     GUTI_t *guti, imsi_t *imsi, imei_t *imei,
                                     int eea, int eia)
 {
+    LOG_FUNC_IN;
     /* Emergency bearer services indicator */
     if ( (type == EMM_ATTACH_TYPE_EMERGENCY) != ctx->is_emergency) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     /* Security key set identifier */
     if (ksi != ctx->ksi) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     /* Supported EPS encryption algorithms */
     if (eea != ctx->eea) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     /* Supported EPS integrity algorithms */
     if (eia != ctx->eia) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     /* The GUTI if provided by the UE */
     if ( (guti) && (ctx->guti == NULL) ) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     if ( (guti == NULL) && (ctx->guti) ) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     if ( (guti) && (ctx->guti) ) {
         if (guti->m_tmsi != ctx->guti->m_tmsi) {
-            return (TRUE);
+            LOG_FUNC_RETURN (TRUE);
         }
         if ( memcmp(&guti->gummei, &ctx->guti->gummei, sizeof(gummei_t)) != 0 ) {
-            return (TRUE);
+            LOG_FUNC_RETURN (TRUE);
         }
     }
     /* The IMSI if provided by the UE */
     if ( (imsi) && (ctx->imsi == NULL) ) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     if ( (imsi == NULL) && (ctx->imsi) ) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     if ( (imsi) && (ctx->imsi) ) {
         if ( memcmp(imsi, ctx->imsi, sizeof(imsi_t)) != 0 ) {
-            return (TRUE);
+            LOG_FUNC_RETURN (TRUE);
         }
     }
     /* The IMEI if provided by the UE */
     if ( (imei) && (ctx->imei == NULL) ) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     if ( (imei == NULL) && (ctx->imei) ) {
-        return (TRUE);
+        LOG_FUNC_RETURN (TRUE);
     }
     if ( (imei) && (ctx->imei) ) {
         if ( memcmp(imei, ctx->imei, sizeof(imei_t)) != 0 ) {
-            return (TRUE);
+            LOG_FUNC_RETURN (TRUE);
         }
     }
-    return (FALSE);
+    LOG_FUNC_RETURN (FALSE);
 }
 
 /****************************************************************************
@@ -2396,6 +2412,7 @@ static int _emm_attach_update(emm_data_context_t *ctx, unsigned int ueid,
                               GUTI_t *guti, imsi_t *imsi, imei_t *imei,
                               int eea, int eia, const OctetString *esm_msg)
 {
+    LOG_FUNC_IN;
     /* UE identifier */
     ctx->ueid = ueid;
     /* Emergency bearer services indicator */
@@ -2414,7 +2431,7 @@ static int _emm_attach_update(emm_data_context_t *ctx, unsigned int ueid,
         if (ctx->guti != NULL) {
             memcpy(ctx->guti, guti, sizeof(GUTI_t));
         } else {
-            return (RETURNerror);
+            LOG_FUNC_RETURN (RETURNerror);
         }
     } else {
         if (ctx->guti == NULL) {
@@ -2422,6 +2439,7 @@ static int _emm_attach_update(emm_data_context_t *ctx, unsigned int ueid,
         }
         if (ctx->guti != NULL) {
             /* TODO: FIXME */
+            LOG_TRACE(WARNING, "EMM-PROC  - Assign hardcoded PLMN 208.92 and tac 0001 to emm_data_context");
             ctx->guti->gummei.plmn.MCCdigit1 = 2;
             ctx->guti->gummei.plmn.MCCdigit2 = 0;
             ctx->guti->gummei.plmn.MCCdigit3 = 8;
@@ -2433,8 +2451,10 @@ static int _emm_attach_update(emm_data_context_t *ctx, unsigned int ueid,
             ctx->guti->gummei.MMEgid  = 0;
 
             ctx->guti->m_tmsi = (uint32_t) ctx;
+
+            ctx->tac          = 1;
         } else {
-            return (RETURNerror);
+            LOG_FUNC_RETURN (RETURNerror);
         }
     }
     /* The IMSI if provided by the UE */
@@ -2445,7 +2465,7 @@ static int _emm_attach_update(emm_data_context_t *ctx, unsigned int ueid,
         if (ctx->imsi != NULL) {
             memcpy(ctx->imsi, imsi, sizeof(imsi_t));
         } else {
-            return (RETURNerror);
+            LOG_FUNC_RETURN (RETURNerror);
         }
     }
     /* The IMEI if provided by the UE */
@@ -2456,7 +2476,7 @@ static int _emm_attach_update(emm_data_context_t *ctx, unsigned int ueid,
         if (ctx->imei != NULL) {
             memcpy(ctx->imei, imei, sizeof(imei_t));
         } else {
-            return (RETURNerror);
+            LOG_FUNC_RETURN (RETURNerror);
         }
     }
     /* The ESM message contained within the attach request */
@@ -2468,14 +2488,14 @@ static int _emm_attach_update(emm_data_context_t *ctx, unsigned int ueid,
             strncpy((char *)ctx->esm_msg.value,
                     (char *)esm_msg->value, esm_msg->length);
         } else {
-            return (RETURNerror);
+            LOG_FUNC_RETURN (RETURNerror);
         }
     }
     ctx->esm_msg.length = esm_msg->length;
     /* Attachment indicator */
     ctx->is_attached = FALSE;
 
-    return (RETURNok);
+    LOG_FUNC_RETURN (RETURNok);
 }
 
 #endif // NAS_MME

openair-cn/NAS/EURECOM-NAS/src/emm/Authentication.c

@@ -670,6 +670,8 @@ int emm_proc_authentication_complete(unsigned int ueid, int emm_cause,
             /* RES does not match the XRES parameter */
             LOG_TRACE(WARNING, "EMM-PROC  - Failed to authentify the UE");
             emm_cause = EMM_CAUSE_ILLEGAL_UE;
+        } else {
+            LOG_TRACE(DEBUG, "EMM-PROC  - Success to authentify the UE  RESP XRES == XRES UE CONTEXT");
         }
     }
 

openair-cn/NAS/EURECOM-NAS/src/emm/LowerLayer.c

@@ -30,6 +30,7 @@ Description Defines EMM procedures executed by the Non-Access Stratum
 
 #include "emm_sap.h"
 #include "esm_sap.h"
+#include "nas_log.h"
 
 #include <string.h> // memset
 
@@ -457,6 +458,14 @@ void emm_as_set_security_data(emm_as_security_data_t *data, const void *args,
          * into use, UE and MME shall cipher and integrity protect all
          * NAS signalling messages with the selected NAS ciphering and
          * NAS integrity algorithms */
+        LOG_TRACE(WARNING,
+            "EPS security context exists is new %u KSI %u SQN %u count %u knas_int %s",
+            is_new,
+            context->eksi,
+            context->ul_count.seq_num,
+            *(UInt32_t *)(&context->ul_count),
+            context->knas_int.value
+            );
         data->is_new = is_new;
         data->ksi = context->eksi;
         data->sqn = context->ul_count.seq_num;
@@ -473,9 +482,14 @@ void emm_as_set_security_data(emm_as_security_data_t *data, const void *args,
             /* 3GPP TS 24.301, section 5.4.3.2
              * The MME shall send the SECURITY MODE COMMAND message integrity
              * protected and unciphered */
+            LOG_TRACE(WARNING,
+                "EPS security context exists knas_enc %s",
+                context->knas_enc.value
+                );
             data->k_enc = &context->knas_enc;
         }
     } else {
+        LOG_TRACE(WARNING, "EMM_AS_NO_KEY_AVAILABLE");
         /* No valid EPS security context exists */
         data->ksi = EMM_AS_NO_KEY_AVAILABLE;
     }

openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c

@@ -46,6 +46,7 @@ Description Defines the security mode control EMM procedure executed by the
 #if defined(ENABLE_ITTI)
 # include "assertions.h"
 #endif
+#include "secu_defs.h"
 
 /****************************************************************************/
 /****************  E X T E R N A L    D E F I N I T I O N S  ****************/
@@ -98,7 +99,11 @@ static void *_security_t3460_handler(void *);
  * retransmission timer counter is exceed
  */
 static int _security_abort(void *);
-
+static int _security_select_algorithms(
+    const int   ue_eiaP,
+    const int   ue_eeaP,
+    int * const mme_eiaP,
+    int * const mme_eeaP);
 /*
  * Internal data used for security mode control procedure
  */
@@ -109,6 +114,8 @@ typedef struct {
     int ksi;                /* NAS key set identifier               */
     int eea;                /* Replayed EPS encryption algorithms   */
     int eia;                /* Replayed EPS integrity algorithms    */
+    int selected_eea;       /* Replayed EPS encryption algorithms   */
+    int selected_eia;       /* Replayed EPS integrity algorithms    */
     int notify_failure;     /* Indicates whether the security mode control
                              * procedure failure shall be notified to the
                              * ongoing EMM procedure        */
@@ -332,6 +339,8 @@ int emm_proc_security_mode_command(int native_ksi, int ksi,
  * --------------------------------------------------------------------------
  */
 #ifdef NAS_MME
+
+
 /****************************************************************************
  **                                                                        **
  ** Name:    emm_proc_security_mode_control()                          **
@@ -372,14 +381,16 @@ int emm_proc_security_mode_control(unsigned int ueid, int ksi, int eea, int eia,
 {
     int rc = RETURNerror;
     int security_context_is_new = FALSE;
-
+    int mme_eea                 = NAS_SECURITY_ALGORITHMS_EEA0;
+    int mme_eia                 = NAS_SECURITY_ALGORITHMS_EIA0;
     /* Get the UE context */
     emm_data_context_t *emm_ctx = NULL;
 
     LOG_FUNC_IN;
 
     LOG_TRACE(INFO, "EMM-PROC  - Initiate security mode control procedure "
-              "KSI = %d", ksi);
+              "KSI = %d EEA = %d EIA = %d",
+              ksi, eea, eia);
 
 #if defined(EPC_BUILD)
     if (ueid > 0) {
@@ -402,6 +413,52 @@ int emm_proc_security_mode_control(unsigned int ueid, int ksi, int eea, int eia,
             emm_ctx->security->dl_count.seq_num = 0;
 
             /* TODO !!! Compute Kasme, and NAS cyphering and integrity keys */
+            // LG: Kasme should have been received from authentication
+            //     information request (S6A)
+            // Kasme is located in emm_ctx->vector.kasme
+
+            rc = _security_select_algorithms(
+                eia,
+                eea,
+                &mme_eia,
+                &mme_eea);
+
+            emm_ctx->security->selected_algorithms.encryption = mme_eea;
+            emm_ctx->security->selected_algorithms.integrity  = mme_eia;
+
+            if (rc == RETURNerror) {
+                LOG_TRACE(WARNING,
+                    "EMM-PROC  - Failed to select security algorithms");
+                LOG_FUNC_RETURN (RETURNerror);
+            }
+
+            if ( ! emm_ctx->security->knas_int.value) {
+                emm_ctx->security->knas_int.value = malloc(AUTH_KNAS_INT_SIZE);
+            } else {
+                AssertFatal(
+                    emm_ctx->security->knas_int.length >= AUTH_KNAS_INT_SIZE,
+                    " TODO realloc emm_ctx->security->knas_int OctetString");
+            }
+            emm_ctx->security->knas_int.length = AUTH_KNAS_INT_SIZE;
+            derive_key_nas(
+                NAS_INT_ALG,
+                emm_ctx->security->selected_algorithms.integrity,
+                emm_ctx->vector.kasme,
+                &emm_ctx->security->knas_int.value);
+
+            if ( ! emm_ctx->security->knas_enc.value) {
+                emm_ctx->security->knas_enc.value = malloc(AUTH_KNAS_ENC_SIZE);
+            } else {
+                AssertFatal(
+                    emm_ctx->security->knas_enc.length >= AUTH_KNAS_ENC_SIZE,
+                    " TODO realloc emm_ctx->security->knas_enc OctetString");
+            }
+            emm_ctx->security->knas_enc.length = AUTH_KNAS_ENC_SIZE;
+            derive_key_nas(
+                NAS_ENC_ALG,
+                emm_ctx->security->selected_algorithms.encryption,
+                emm_ctx->vector.kasme,
+                &emm_ctx->security->knas_enc.value);
 
             /* Set new security context indicator */
             security_context_is_new = TRUE;
@@ -434,6 +491,10 @@ int emm_proc_security_mode_control(unsigned int ueid, int ksi, int eea, int eia,
         data->eea = eea;
         /* Set the EPS integrity algorithms to be replayed to the UE */
         data->eia = eia;
+        /* Set the EPS encryption algorithms to be replayed to the UE */
+        data->selected_eea = emm_ctx->security->selected_algorithms.encryption;
+        /* Set the EPS integrity algorithms to be replayed to the UE */
+        data->selected_eia = emm_ctx->security->selected_algorithms.integrity;
         /* Set the failure notification indicator */
         data->notify_failure = FALSE;
         /* Send security mode command message to the UE */
@@ -891,6 +952,8 @@ int _security_request(security_data_t *data, int is_new)
     emm_sap.u.emm_as.u.security.ksi          = data->ksi;
     emm_sap.u.emm_as.u.security.eea          = data->eea;
     emm_sap.u.emm_as.u.security.eia          = data->eia;
+    emm_sap.u.emm_as.u.security.selected_eea = data->selected_eea;
+    emm_sap.u.emm_as.u.security.selected_eia = data->selected_eia;
 
 #if defined(EPC_BUILD)
     if (data->ueid > 0) {
@@ -976,5 +1039,64 @@ static int _security_abort(void *args)
     LOG_FUNC_RETURN (rc);
 }
 
+
+/****************************************************************************
+ **                                                                        **
+ ** Name:    _security_select_algorithms()                                 **
+ **                                                                        **
+ ** Description: Select int and enc algorithms based on UE capabilities and**
+ **      MME capabilities and MME preferences                              **
+ **                                                                        **
+ ** Inputs:  ue_eia:      integrity algorithms supported by UE             **
+ **          ue_eea:      ciphering algorithms supported by UE             **
+ **                                                                        **
+ ** Outputs: mme_eia:     integrity algorithms supported by MME            **
+ **          mme_eea:     ciphering algorithms supported by MME            **
+ **                                                                        **
+ **      Return:    RETURNok, RETURNerror                                  **
+ **      Others:    None                                                   **
+ **                                                                        **
+ ***************************************************************************/
+static int _security_select_algorithms(
+    const int   ue_eiaP,
+    const int   ue_eeaP,
+    int * const mme_eiaP,
+    int * const mme_eeaP)
+{
+    LOG_FUNC_IN;
+
+    int rc            = RETURNerror;
+
+    /* TODO work with loaded preferences from config file */
+
+    if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA2)) {
+        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EIA0");
+        *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0;
+    } else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA1)) {
+        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EIA1");
+        *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA1;
+    } else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA0)) {
+        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EIA0");
+        *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0;
+    } else {
+        LOG_FUNC_RETURN (rc);
+    }
+
+    if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA0)) {
+        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EEA0");
+        *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0;
+    } else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA2)) {
+        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EEA2");
+        *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA2;
+    } else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA1)) {
+        LOG_TRACE(DEBUG,"Selected  NAS_SECURITY_ALGORITHMS_EEA1");
+        *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA1;
+    } else {
+        LOG_FUNC_RETURN (rc);
+    }
+
+    LOG_FUNC_RETURN (RETURNok);
+}
+
 #endif // NAS_MME
 

openair-cn/NAS/EURECOM-NAS/src/emm/emmData.h

@@ -113,6 +113,10 @@ typedef struct {
         UInt8_t encryption:4;   /* algorithm used for ciphering        */
         UInt8_t integrity:4;    /* algorithm used for integrity protection */
     } capability;       /* UE network capability           */
+    struct {
+        UInt8_t encryption:4;   /* algorithm used for ciphering           */
+        UInt8_t integrity:4;    /* algorithm used for integrity protection */
+    } selected_algorithms;       /* MME selected algorithms                */
 } emm_security_context_t;
 
 /*

openair-cn/NAS/EURECOM-NAS/src/emm/sap/emm_asDef.h

@@ -98,6 +98,10 @@ typedef struct {
     UInt8_t eea;        /* Replayed EPS encryption algorithms   */
     UInt8_t eia;        /* Replayed EPS integrity algorithms    */
 
+    // Added by LG
+    UInt8_t selected_eea; /* Selected EPS encryption algorithms   */
+    UInt8_t selected_eia; /* Selected EPS integrity algorithms    */
+
 #define EMM_AS_MSG_TYPE_IDENT   0x01    /* Identification message   */
 #define EMM_AS_MSG_TYPE_AUTH    0x02    /* Authentication message   */
 #define EMM_AS_MSG_TYPE_SMC 0x03    /* Security Mode Command    */

openair-cn/NAS/EURECOM-NAS/src/emm/sap/emm_cn.c

@@ -101,8 +101,11 @@ static int _emm_cn_authentication_res(const emm_cn_auth_res_t *msg)
      * and NAS security setup to activate integrity protection and NAS
      * ciphering are mandatory.
      */
-    rc = emm_proc_authentication(emm_ctx, emm_ctx->ueid, 0, // TODO: eksi != 0
-                                 &loc_rand, &autn,
+    rc = emm_proc_authentication(emm_ctx,
+        emm_ctx->ueid,
+        0, // TODO: eksi != 0
+        &loc_rand,
+        &autn,
         emm_attach_security,
         NULL,
         NULL);

openair-cn/NAS/EURECOM-NAS/src/emm/sap/emm_recv.c

@@ -983,7 +983,9 @@ int emm_recv_authentication_failure(unsigned int ueid,
  **      Others:    None                                       **
  **                                                                        **
  ***************************************************************************/
-int emm_recv_security_mode_complete(unsigned int ueid,
+int
+emm_recv_security_mode_complete(
+    unsigned int                ueid,
     security_mode_complete_msg *msg,
     int                        *emm_cause)
 {

openair-cn/NAS/EURECOM-NAS/src/emm/sap/emm_send.c

@@ -1205,9 +1205,9 @@ int emm_send_security_mode_command(const emm_as_security_t *msg,
     /* Selected NAS security algorithms */
     size += NAS_SECURITY_ALGORITHMS_MAXIMUM_LENGTH;
     emm_msg->selectednassecurityalgorithms.typeofcipheringalgorithm =
-        NAS_SECURITY_ALGORITHMS_EEA0;
+        msg->selected_eea;
     emm_msg->selectednassecurityalgorithms.typeofintegrityalgorithm =
-        NAS_SECURITY_ALGORITHMS_EIA0;
+        msg->selected_eia;
 
     /* NAS key set identifier */
     size += NAS_KEY_SET_IDENTIFIER_MAXIMUM_LENGTH;

openair-cn/NAS/EURECOM-NAS/src/include/securityDef.h

@@ -48,8 +48,8 @@ Description Contains global security definitions
 #define AUTH_RES_SIZE   16 /* Authentication response:      128 bits */
 #define AUTH_SNID_SIZE  3  /* Serving network's identity:   24 bits  */
 #define AUTH_KASME_SIZE 32 /* KASME security key:        256 bits    */
-#define AUTH_KNAS_INT_SIZE  AUTH_KASME_SIZE /* NAS integrity key     */
-#define AUTH_KNAS_ENC_SIZE  AUTH_KASME_SIZE /* NAS cyphering key     */
+#define AUTH_KNAS_INT_SIZE  16 /* NAS integrity key     */
+#define AUTH_KNAS_ENC_SIZE  16 /* NAS cyphering key     */
 #define AUTH_KENB_SIZE      AUTH_KASME_SIZE /* eNodeB security key   */
 
 /* "Separation bit" of AMF field */

openair-cn/NAS/Makefile.am

@@ -8,6 +8,7 @@ AM_CFLAGS =											\
 	-DEPC_BUILD										\
 	-DENABLE_ITTI									\
 	-I$(top_srcdir)/COMMON							\
+	-I$(top_srcdir)/SECU							\
 	-I$(top_srcdir)/INTERTASK_INTERFACE				\
 	-I$(top_srcdir)/NAS/EURECOM-NAS/src/api/user	\
 	-I$(top_srcdir)/NAS/EURECOM-NAS/src/api/mme		\

openair-cn/S1AP/s1ap_mme_nas_procedures.c

@@ -653,12 +653,18 @@ void s1ap_handle_conn_est_cnf(const mme_app_connection_establishment_cnf_t * con
     initialContextSetupRequest_p->ueSecurityCapabilities.integrityProtectionAlgorithms.bits_unused
         = 0;
 
-//    initialContextSetupRequest_p->securityKey.buf  = initial_p->keNB; /* 256 bits length */
-    uint8_t keNB[32];
-    memset(keNB, 0, sizeof(keNB));
+    if (conn_est_cnf_pP->keNB) {
+        initialContextSetupRequest_p->securityKey.buf = malloc(32);
+        memcpy(initialContextSetupRequest_p->securityKey.buf,
+            conn_est_cnf_pP->keNB,
+            32);
 
-    initialContextSetupRequest_p->securityKey.buf = keNB;
         initialContextSetupRequest_p->securityKey.size = 32;
+    } else {
+        S1AP_DEBUG("No keNB\n");
+        initialContextSetupRequest_p->securityKey.buf = NULL;
+        initialContextSetupRequest_p->securityKey.size = 0;
+    }
     initialContextSetupRequest_p->securityKey.bits_unused = 0;
 
     if (s1ap_mme_encode_pdu(&message, &buffer_p, &length) < 0) {

openair-cn/SECU/nas_stream_eia2.c

@@ -9,10 +9,15 @@
 #include <openssl/cmac.h>
 #include <openssl/evp.h>
 
+// test
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+
 #include "assertions.h"
 #include "conversions.h"
 
-// #define SECU_DEBUG
+#define SECU_DEBUG
 
 /*!
  * @brief Create integrity cmac t for a given message.
@@ -21,19 +26,19 @@
  */
 int nas_stream_encrypt_eia2(nas_stream_cipher_t *stream_cipher, uint8_t out[4])
 {
-    uint8_t  *m;
+    uint8_t          *m            = NULL;
     uint32_t          local_count;
     size_t            size         = 4;
-
     uint8_t           data[16];
-
-    CMAC_CTX *cmac_ctx;
-
+    CMAC_CTX         *cmac_ctx     = NULL;
+    const EVP_CIPHER *cipher       = EVP_aes_128_cbc();
     uint32_t          zero_bit     = 0;
     uint32_t          m_length;
+    int               ret;
 
     DevAssert(stream_cipher != NULL);
     DevAssert(stream_cipher->key != NULL);
+    DevAssert(stream_cipher->key_length > 0);
     DevAssert(out != NULL);
 
     memset(data, 0, 16);
@@ -59,24 +64,36 @@ int nas_stream_encrypt_eia2(nas_stream_cipher_t *stream_cipher, uint8_t out[4])
         printf("Byte length: %u, Zero bits: %u\nm: ", m_length + 8, zero_bit);
         for (i = 0; i < m_length + 8; i++)
             printf("%02x", m[i]);
+        printf("\nKey:");
+        for (i = 0; i < stream_cipher->key_length; i++)
+            printf("%02x", stream_cipher->key[i]);
+        printf("\nMessage:");
+        for (i = 0; i < m_length; i++)
+            printf("%02x", stream_cipher->message[i]);
         printf("\n");
     }
 #endif
 
     cmac_ctx = CMAC_CTX_new();
-
-    CMAC_Init(cmac_ctx, stream_cipher->key, stream_cipher->key_length, EVP_aes_128_cbc(), NULL);
-    CMAC_Update(cmac_ctx, m, m_length + 8);
-
+    ret = CMAC_Init(cmac_ctx, stream_cipher->key, stream_cipher->key_length, cipher, NULL);
+#if defined(SECU_DEBUG)
+    printf("CMAC_Init returned %d\n", ret);
+#endif
+    ret = CMAC_Update(cmac_ctx, m, m_length + 8);
+#if defined(SECU_DEBUG)
+    printf("CMAC_Update returned %d\n", ret);
+#endif
     CMAC_Final(cmac_ctx, data, &size);
-
+#if defined(SECU_DEBUG)
+    printf("CMAC_Final returned %d, size = %u\n", ret, size);
+#endif
     CMAC_CTX_free(cmac_ctx);
 
 #if defined(SECU_DEBUG)
     {
         int i;
         printf("out: ");
-        for (i = 0; i < 16; i++)
+        for (i = 0; i < size; i++)
             printf("%02x", data[i]);
         printf("\n");
     }

openair-cn/SECU/secu_defs.h

@@ -7,6 +7,13 @@
 #define EIA1_128_ALG_ID 0x01
 #define EIA2_128_ALG_ID 0x02
 
+#define EEA0_ALG_ID     0x00
+#define EEA1_128_ALG_ID 0x01
+#define EEA2_128_ALG_ID 0x02
+
+#define SECU_DIRECTION_UPLINK   0
+#define SECU_DIRECTION_DOWNLINK 1
+
 inline
 void kdf(const uint8_t *s, const uint32_t s_length, const uint8_t *key,
          const uint32_t key_length, uint8_t **out, uint32_t out_length);