Cleanup for UE Security Capability (UE context)

14734b50 · Tien Thinh NGUYEN · c42c38bf · 14734b50 · 14734b50 · 14734b50
Commit 14734b50 authored Mar 10, 2023 by Tien Thinh NGUYEN
9 changed files
--- a/src/amf-app/amf_n1.cpp
+++ b/src/amf-app/amf_n1.cpp
@@ -1333,29 +1333,15 @@ void amf_n1::registration_request_handle(
  if (!registration_request->Get5gmmCapability(_5g_mm_cap)) {
    Logger::amf_n1().warn("No Optional IE 5GMMCapability available");
  }
-  nc->mmCapability = _5g_mm_cap;
+  nc->_5gmm_capability[0] = _5g_mm_cap;

  // Get UE Security Capability IE (optional), not included for periodic
  // registration updating procedure
-  uint8_t encrypt_alg      = {0};
-  uint8_t integrity_alg    = {0};
-  uint8_t security_cap_eea = {0};
-  uint8_t security_cap_eia = {0};
-
-  if (!registration_request->GetUeSecurityCapability(
-          encrypt_alg, integrity_alg, security_cap_eea, security_cap_eia)) {
-    Logger::amf_n1().warn("No Optional IE UESecurityCapability available");
-  } else {
-    nc->ueSecurityCaplen =
-        registration_request->ie_ue_security_capability->GetLengthIndicator();
+  auto ue_security_capability = registration_request->GetUeSecurityCapability();
+  if (ue_security_capability.has_value()) {
+    nc->ue_security_capability = ue_security_capability.value();
  }

-  nc->ueSecurityCapEnc = encrypt_alg;
-  nc->ueSecurityCapInt = integrity_alg;
-
-  nc->ueSecurityCapEEA = security_cap_eea;
-  nc->ueSecurityCapEIA = security_cap_eia;
-
  // Get Requested NSSAI (Optional IE), if provided
  if (!registration_request->GetRequestedNssai(nc->requestedNssai)) {
    Logger::amf_n1().debug("No Optional IE RequestedNssai available");
@@ -2425,7 +2411,8 @@ bool amf_n1::start_security_mode_control_procedure(
    secu_ctx->ul_count.overflow = 0;
    secu_ctx->ul_count.seq_num  = 0;
    security_select_algorithms(
-        nc->ueSecurityCapEnc, nc->ueSecurityCapInt, amf_nea, amf_nia);
+        nc->ue_security_capability.GetEa(), nc->ue_security_capability.GetIa(),
+        amf_nea, amf_nia);
    secu_ctx->nas_algs.integrity  = amf_nia;
    secu_ctx->nas_algs.encryption = amf_nea;
    secu_ctx->sc_type             = SECURITY_CTX_TYPE_FULL_NATIVE;
@@ -2445,17 +2432,7 @@ bool amf_n1::start_security_mode_control_procedure(
  smc->SetNasSecurityAlgorithms(amf_nea, amf_nia);
  Logger::amf_n1().debug("Encoded ngKSI 0x%x", nc->ngksi);
  smc->SetNgKsi(NAS_KEY_SET_IDENTIFIER_NATIVE, nc->ngksi & 0x07);
-  if (nc->ueSecurityCaplen >= 4) {
-    smc->SetUeSecurityCapability(
-        nc->ueSecurityCapEnc, nc->ueSecurityCapInt, nc->ueSecurityCapEEA,
-        nc->ueSecurityCapEIA);
-  } else {
-    smc->SetUeSecurityCapability(nc->ueSecurityCapEnc, nc->ueSecurityCapInt);
-  }
-
-  // TODO: remove
-  // smc->ie_ue_security_capability->SetLengthIndicator(nc->ueSecurityCaplen);
-
+  smc->SetUeSecurityCapability(nc->ue_security_capability);
  smc->SetImeisvRequest(0xe1);  // TODO: remove hardcoded value
  smc->SetAdditional5gSecurityInformation(true, false);
  uint8_t buffer[BUFFER_SIZE_1024];

--- a/src/contexts/nas_context.cpp
+++ b/src/contexts/nas_context.cpp
@@ -22,7 +22,8 @@
 #include "nas_context.hpp"

 //------------------------------------------------------------------------------
-nas_context::nas_context() : _vector(), _5g_he_av(), _5g_av(), kamf() {
+nas_context::nas_context()
+    : _vector(), _5g_he_av(), _5g_av(), kamf(), _5gmm_capability() {
  security_ctx              = nullptr;
  is_imsi_present           = false;
  is_stacs_available        = false;
@@ -35,11 +36,7 @@ nas_context::nas_context() : _vector(), _5g_he_av(), _5g_av(), kamf() {
  registration_type         = 0;
  follow_on_req_pending_ind = false;
  ngksi                     = 0;
-  mmCapability              = 0;
-  ueSecurityCapEnc          = 0;
-  ueSecurityCapInt          = 0;
-  ueSecurityCapEEA          = 0;
-  ueSecurityCapEIA          = 0;
+  ue_security_capability    = {};
  //  requestedNssai                                        = {};
  is_specific_procedure_for_registration_running        = false;
  is_specific_procedure_for_deregistration_running      = false;
@@ -56,8 +53,8 @@ nas_context::nas_context() : _vector(), _5g_he_av(), _5g_av(), kamf() {
  is_5g_guti_present                                    = false;
  is_auth_vectors_present                               = false;
  to_be_register_by_new_suci                            = false;
-  ueSecurityCaplen                                      = 0;
  registration_request_is_set                           = false;
+  registration_request                                  = nullptr;
  nas_status                                            = CM_IDLE;
  is_mobile_reachable_timer_timeout                     = false;
  mobile_reachable_timer                                = ITTI_INVALID_TIMER_ID;

--- a/src/contexts/nas_context.hpp
+++ b/src/contexts/nas_context.hpp
@@ -31,6 +31,7 @@
 #include "nas_security_context.hpp"
 #include "security_def.hpp"
 #include "struct.hpp"
+#include "UESecurityCapability.hpp"

 typedef enum {
  _5GMM_STATE_MIN     = 0,
@@ -84,13 +85,8 @@ class nas_context {
  uint8_t ngksi;  // 4 bits

  std::string imsi;
-  uint8_t mmCapability;  // TODO: multiple octets
-  uint8_t ueSecurityCaplen;
-  uint8_t ueSecurityCapEnc;
-  uint8_t ueSecurityCapInt;
-
-  uint8_t ueSecurityCapEEA;
-  uint8_t ueSecurityCapEIA;
+  std::uint8_t _5gmm_capability[13];
+  nas::UESecurityCapability ue_security_capability;

  std::vector<nas::SNSSAI_t>
      requestedNssai;  // TODO: update with naming convention

--- a/src/nas/ies/UESecurityCapability.cpp
+++ b/src/nas/ies/UESecurityCapability.cpp
@@ -87,6 +87,23 @@ UESecurityCapability::UESecurityCapability(
 //------------------------------------------------------------------------------
 UESecurityCapability::~UESecurityCapability() {}

+void UESecurityCapability::operator=(
+    const UESecurityCapability& ue_security_capability) {
+  UESecurityCapability m_ue_security_capability;
+  _5g_ea_     = ue_security_capability.GetEa();
+  _5g_ia_     = ue_security_capability.GetIa();
+  uint8_t eea = 0;
+  uint8_t eia = 0;
+
+  if (ue_security_capability.GetEea(eea)) {
+    eea_ = std::make_optional<uint8_t>(eea);
+  }
+
+  if (ue_security_capability.GetEia(eia)) {
+    eia_ = std::make_optional<uint8_t>(eia);
+  }
+}
+
 //------------------------------------------------------------------------------
 void UESecurityCapability::SetEa(uint8_t value) {
  _5g_ea_ = value;

--- a/src/nas/ies/UESecurityCapability.hpp
+++ b/src/nas/ies/UESecurityCapability.hpp
@@ -41,6 +41,7 @@ class UESecurityCapability : public Type4NasIe {
  UESecurityCapability(
      uint8_t _5g_ea, uint8_t _5g_ia, uint8_t eea, uint8_t eia);
  ~UESecurityCapability();
+  void operator=(const UESecurityCapability& ue_security_capability);

  static std::string GetIeName() { return kUeSecurityCapabilityIeName; }


--- a/src/nas/msgs/RegistrationRequest.cpp
+++ b/src/nas/msgs/RegistrationRequest.cpp
@@ -251,6 +251,12 @@ bool RegistrationRequest::GetUeSecurityCapability(
  return true;
 }

+//------------------------------------------------------------------------------
+std::optional<UESecurityCapability>
+RegistrationRequest::GetUeSecurityCapability() const {
+  return ie_ue_security_capability;
+}
+
 //------------------------------------------------------------------------------
 void RegistrationRequest::SetRequestedNssai(
    const std::vector<struct SNSSAI_s>& nssai) {

--- a/src/nas/msgs/RegistrationRequest.hpp
+++ b/src/nas/msgs/RegistrationRequest.hpp
@@ -74,6 +74,7 @@ class RegistrationRequest : public NasMmPlainHeader {
  void SetNonCurrentNativeNasKSI(uint8_t tsc, uint8_t key_set_id);
  bool GetNonCurrentNativeNasKSI(uint8_t& value) const;

+  // TODO: 5GMM Capability as an array[]
  void Set5gmmCapability(uint8_t value);
  bool Get5gmmCapability(uint8_t& value) const;

@@ -84,6 +85,7 @@ class RegistrationRequest : public NasMmPlainHeader {
  // TODO: use std::optional for optional fields eea,eia
  bool GetUeSecurityCapability(
      uint8_t& ea, uint8_t& ia, uint8_t& eea, uint8_t& eia) const;
+  std::optional<UESecurityCapability> GetUeSecurityCapability() const;

  void SetRequestedNssai(const std::vector<struct SNSSAI_s>& nssai);
  bool GetRequestedNssai(std::vector<struct SNSSAI_s>& nssai) const;

--- a/src/nas/msgs/SecurityModeCommand.cpp
+++ b/src/nas/msgs/SecurityModeCommand.cpp
@@ -65,6 +65,22 @@ void SecurityModeCommand::SetUeSecurityCapability(
  ie_ue_security_capability.Set(ea, ia, eea, eia);
 }

+//------------------------------------------------------------------------------
+void SecurityModeCommand::SetUeSecurityCapability(
+    const UESecurityCapability& ue_security_capability) {
+  uint8_t eea = 0;
+  uint8_t eia = 0;
+  if (ue_security_capability.GetEea(eea) &&
+      ue_security_capability.GetEia(eia)) {
+    ie_ue_security_capability.Set(
+        ue_security_capability.GetEa(), ue_security_capability.GetIa(), eea,
+        eia);
+  } else {
+    ie_ue_security_capability.Set(
+        ue_security_capability.GetEa(), ue_security_capability.GetIa());
+  }
+}
+
 //------------------------------------------------------------------------------
 void SecurityModeCommand::SetImeisvRequest(uint8_t value) {
  ie_imeisv_request = std::make_optional<ImeisvRequest>(value);

--- a/src/nas/msgs/SecurityModeCommand.hpp
+++ b/src/nas/msgs/SecurityModeCommand.hpp
@@ -47,6 +47,8 @@ class SecurityModeCommand : public NasMmPlainHeader {
  void SetUeSecurityCapability(
      uint8_t ea, uint8_t ia, uint8_t eea, uint8_t eia);
  // TODO: Get
+  void SetUeSecurityCapability(
+      const UESecurityCapability& ue_security_capability);

  void SetImeisvRequest(uint8_t value);
  // TODO: Get