Fix issue for UE Security Capability

src/amf-app/amf_n1.cpp

@@ -1009,14 +1009,22 @@ void amf_n1::registration_request_handle(
 
   // Get UE Security Capability IE (optional), not included for periodic
   // registration updating procedure
-  uint8_t encrypt_alg   = {0};
-  uint8_t integrity_alg = {0};
-  if (!regReq->getUeSecurityCapability(encrypt_alg, integrity_alg)) {
+  uint8_t encrypt_alg      = {0};
+  uint8_t integrity_alg    = {0};
+  uint8_t security_cap_eea = {0};
+  uint8_t security_cap_eia = {0};
+
+  if (!regReq->getUeSecurityCapability(
+          encrypt_alg, integrity_alg, security_cap_eea, security_cap_eia)) {
     Logger::amf_n1().warn("No Optional IE UESecurityCapability available");
   }
   nc.get()->ueSecurityCapEnc = encrypt_alg;
   nc.get()->ueSecurityCapInt = integrity_alg;
-  nc.get()->ueSecurityCaplen = regReq->ie_ue_security_capability->getLenght();
+
+  nc.get()->ueSecurityCapEEA = security_cap_eea;
+  nc.get()->ueSecurityCapEIA = security_cap_eia;
+
+  nc.get()->ueSecurityCaplen = regReq->ie_ue_security_capability->getLength();
 
   // Get Requested NSSAI (Optional IE), if provided
   std::vector<SNSSAI_t> requestedNssai = {};
@@ -1938,10 +1946,17 @@ bool amf_n1::start_security_mode_control_procedure(
   smc->setNAS_Security_Algorithms(amf_nea, amf_nia);
   Logger::amf_n1().debug("Encoded ngKSI 0x%x", nc.get()->ngKsi);
   smc->setngKSI(NAS_KEY_SET_IDENTIFIER_NATIVE, nc.get()->ngKsi & 0x07);
-  smc->setUE_Security_Capability(
-      nc.get()->ueSecurityCapEnc, nc.get()->ueSecurityCapInt);
+  if (nc.get()->ueSecurityCaplen >= 4) {
+    smc->setUE_Security_Capability(
+        nc.get()->ueSecurityCapEnc, nc.get()->ueSecurityCapInt,
+        nc.get()->ueSecurityCapEEA, nc.get()->ueSecurityCapEIA);
+  } else {
+    smc->setUE_Security_Capability(
+        nc.get()->ueSecurityCapEnc, nc.get()->ueSecurityCapInt);
+  }
+
   if (smc->ie_ue_security_capability != NULL) {
-    smc->ie_ue_security_capability->setLenght(nc.get()->ueSecurityCaplen);
+    smc->ie_ue_security_capability->setLength(nc.get()->ueSecurityCaplen);
   } else {
     Logger::amf_n1().error("smc->ie_ue_security_capability is NULL");
   }

src/contexts/nas_context.cpp

@@ -45,6 +45,8 @@ nas_context::nas_context() : _vector(), _5g_he_av(), _5g_av(), kamf() {
   mmCapability                                          = 0;
   ueSecurityCapEnc                                      = 0;
   ueSecurityCapInt                                      = 0;
+  ueSecurityCapEEA                                      = 0;
+  ueSecurityCapEIA                                      = 0;
   requestedNssai                                        = {};
   is_specific_procedure_for_registration_running        = false;
   is_specific_procedure_for_deregistration_running      = false;

src/contexts/nas_context.hpp

@@ -77,6 +77,10 @@ class nas_context {
   uint8_t ueSecurityCaplen;
   uint8_t ueSecurityCapEnc;
   uint8_t ueSecurityCapInt;
+
+  uint8_t ueSecurityCapEEA;
+  uint8_t ueSecurityCapEIA;
+
   std::vector<nas::SNSSAI_t> requestedNssai;
   std::string serving_network;
   bstring auts;

src/nas/ies/UESecurityCapability.cpp

@@ -59,6 +59,18 @@ UESecurityCapability::UESecurityCapability(
   length    = 2;
 }
 
+//------------------------------------------------------------------------------
+UESecurityCapability::UESecurityCapability(
+    const uint8_t iei, uint8_t _5gg_EASel, uint8_t _5gg_IASel, uint8_t _EEASel,
+    uint8_t _EIASel) {
+  _iei      = iei;
+  _5g_EASel = _5gg_EASel;
+  _5g_IASel = _5gg_IASel;
+  EEASel    = _EEASel;
+  EIASel    = _EIASel;
+  length    = 4;
+}
+
 //------------------------------------------------------------------------------
 void UESecurityCapability::setEASel(uint8_t sel) {
   _5g_EASel = sel;
@@ -69,6 +81,16 @@ void UESecurityCapability::setIASel(uint8_t sel) {
   _5g_IASel = sel;
 }
 
+//------------------------------------------------------------------------------
+void UESecurityCapability::setEEASel(uint8_t sel) {
+  EEASel = sel;
+}
+
+//------------------------------------------------------------------------------
+void UESecurityCapability::setEIASel(uint8_t sel) {
+  EIASel = sel;
+}
+
 //------------------------------------------------------------------------------
 uint8_t UESecurityCapability::getEASel() {
   return _5g_EASel;
@@ -80,18 +102,28 @@ uint8_t UESecurityCapability::getIASel() {
 }
 
 //------------------------------------------------------------------------------
-void UESecurityCapability::setLenght(uint8_t len) {
+uint8_t UESecurityCapability::getEEASel() {
+  return EEASel;
+}
+
+//------------------------------------------------------------------------------
+uint8_t UESecurityCapability::getEIASel() {
+  return EIASel;
+}
+
+//------------------------------------------------------------------------------
+void UESecurityCapability::setLength(uint8_t len) {
   if ((len > 0) && (len <= 4)) {
     length = len;
   } else {
-    Logger::nas_mm().debug("Set UESecurityCapability Lenght faile %d", len);
+    Logger::nas_mm().debug("Set UESecurityCapability Length fail %d", len);
     Logger::nas_mm().debug(
-        "UESecurityCapability Lenght is set to the default value %d", length);
+        "UESecurityCapability Length is set to the default value %d", length);
   }
 }
 
 //------------------------------------------------------------------------------
-uint8_t UESecurityCapability::getLenght() {
+uint8_t UESecurityCapability::getLength() {
   return length;
 }
 
@@ -113,9 +145,9 @@ int UESecurityCapability::encode2buffer(uint8_t* buf, int len) {
     *(buf + encoded_size) = _5g_IASel;
     encoded_size++;
     if (length == 4) {
-      *(buf + encoded_size) = 0xf0;
+      *(buf + encoded_size) = EEASel;  // 0xf0; //TODO: remove hardcoded value
       encoded_size++;
-      *(buf + encoded_size) = 0xf0;
+      *(buf + encoded_size) = EIASel;  // 0x70; //TODO: remove hardcoded value
       encoded_size++;
     }
 
@@ -127,9 +159,9 @@ int UESecurityCapability::encode2buffer(uint8_t* buf, int len) {
     *(buf + encoded_size) = _5g_IASel;
     encoded_size++;
     if (length == 4) {
-      *(buf + encoded_size) = 0xf0;
+      *(buf + encoded_size) = EEASel;  // 0xf0; //TODO: remove hardcoded value
       encoded_size++;
-      *(buf + encoded_size) = 0xf0;
+      *(buf + encoded_size) = EIASel;  // 0x70; //TODO: remove hardcoded value
       encoded_size++;
     }
   }
@@ -151,9 +183,16 @@ int UESecurityCapability::decodefrombuffer(
   decoded_size++;
   _5g_IASel = *(buf + decoded_size);
   decoded_size++;
-  if (length >= 4) decoded_size += (length - 2);  // TODO: decoding EEA EIA
+
+  if (length >= 4) {
+    EEASel = *(buf + decoded_size);
+    decoded_size++;
+    EIASel = *(buf + decoded_size);
+    decoded_size++;
+    decoded_size += (length - 4);  // TODO: decoding EEA EIA
+  }
   Logger::nas_mm().debug(
-      "UESecurityCapability (length %d) EA 0x%x,IA 0x%x", length, _5g_EASel,
-      _5g_IASel);
+      "UESecurityCapability (length %d) EA 0x%x,IA 0x%x, EEA 0x%x, EIA 0x%x,",
+      length, _5g_EASel, _5g_IASel, EEASel, EIASel);
   return decoded_size;
 }

src/nas/ies/UESecurityCapability.hpp

@@ -40,12 +40,21 @@ class UESecurityCapability {
   ~UESecurityCapability();
   UESecurityCapability(
       const uint8_t iei, uint8_t _5gg_EASel, uint8_t _5gg_IASel);
+  UESecurityCapability(
+      const uint8_t iei, uint8_t _5gg_EASel, uint8_t _5gg_IASel, uint8_t EEASel,
+      uint8_t EIASel);
   void setEASel(uint8_t sel);
   void setIASel(uint8_t sel);
   uint8_t getEASel();
   uint8_t getIASel();
-  void setLenght(uint8_t len);
-  uint8_t getLenght();
+
+  void setEEASel(uint8_t sel);
+  void setEIASel(uint8_t sel);
+  uint8_t getEEASel();
+  uint8_t getEIASel();
+
+  void setLength(uint8_t len);
+  uint8_t getLength();
   int encode2buffer(uint8_t* buf, int len);
   int decodefrombuffer(uint8_t* buf, int len, bool is_option);
 
@@ -54,6 +63,8 @@ class UESecurityCapability {
   uint8_t length;
   uint8_t _5g_EASel;
   uint8_t _5g_IASel;
+  uint8_t EEASel;
+  uint8_t EIASel;
 };
 
 }  // namespace nas

src/nas/msgs/RegistrationRequest.cpp

@@ -226,6 +226,13 @@ void RegistrationRequest::setUE_Security_Capability(
   ie_ue_security_capability = new UESecurityCapability(0x2E, g_EASel, g_IASel);
 }
 
+//------------------------------------------------------------------------------
+void RegistrationRequest::setUE_Security_Capability(
+    uint8_t g_EASel, uint8_t g_IASel, uint8_t EEASel, uint8_t EIASel) {
+  ie_ue_security_capability =
+      new UESecurityCapability(0x2E, g_EASel, g_IASel, EEASel, EIASel);
+}
+
 //------------------------------------------------------------------------------
 bool RegistrationRequest::getUeSecurityCapability(uint8_t& ea, uint8_t& ia) {
   if (ie_ue_security_capability) {
@@ -237,6 +244,22 @@ bool RegistrationRequest::getUeSecurityCapability(uint8_t& ea, uint8_t& ia) {
   return true;
 }
 
+//------------------------------------------------------------------------------
+bool RegistrationRequest::getUeSecurityCapability(
+    uint8_t& ea, uint8_t& ia, uint8_t& eea, uint8_t& eia) {
+  if (ie_ue_security_capability) {
+    ea = ie_ue_security_capability->getEASel();
+    ia = ie_ue_security_capability->getIASel();
+    if (ie_ue_security_capability->getLength() >= 4) {
+      eea = ie_ue_security_capability->getEEASel();
+      eia = ie_ue_security_capability->getEIASel();
+    }
+  } else {
+    return -1;
+  }
+  return true;
+}
+
 //------------------------------------------------------------------------------
 void RegistrationRequest::setRequested_NSSAI(
     std::vector<struct SNSSAI_s> nssai) {

src/nas/msgs/RegistrationRequest.hpp

@@ -67,6 +67,8 @@ class RegistrationRequest {
   void setNon_current_native_nas_ksi(uint8_t tsc, uint8_t key_set_id);
   void set5G_MM_capability(uint8_t value);
   void setUE_Security_Capability(uint8_t g_EASel, uint8_t g_IASel);
+  void setUE_Security_Capability(
+      uint8_t g_EASel, uint8_t g_IASel, uint8_t EEASel, uint8_t EIASel);
   void setRequested_NSSAI(std::vector<struct SNSSAI_s> nssai);
   void setUENetworkCapability(uint8_t g_EEASel, uint8_t g_EIASel);
 
@@ -98,6 +100,8 @@ class RegistrationRequest {
   uint8_t getNonCurrentNativeNasKSI();
   uint8_t get5GMMCapability();
   bool getUeSecurityCapability(uint8_t& ea, uint8_t& ia);
+  bool getUeSecurityCapability(
+      uint8_t& ea, uint8_t& ia, uint8_t& eea, uint8_t& eia);
   bool getRequestedNssai(std::vector<struct SNSSAI_s>& nssai);
   bool getS1UeNetworkCapability(uint8_t& eea, uint8_t& eia);
   uint16_t getUplinkDataStatus();

src/nas/msgs/SecurityModeCommand.cpp

@@ -75,6 +75,13 @@ void SecurityModeCommand::setUE_Security_Capability(
   ie_ue_security_capability = new UESecurityCapability(0x00, g_EASel, g_IASel);
 }
 
+//------------------------------------------------------------------------------
+void SecurityModeCommand::setUE_Security_Capability(
+    uint8_t g_EASel, uint8_t g_IASel, uint8_t EEASel, uint8_t EIASel) {
+  ie_ue_security_capability =
+      new UESecurityCapability(0x00, g_EASel, g_IASel, EEASel, EIASel);
+}
+
 //------------------------------------------------------------------------------
 void SecurityModeCommand::setIMEISV_Request(uint8_t value) {
   ie_imeisv_request = new IMEISV_Request(0x0E, value);

src/nas/msgs/SecurityModeCommand.hpp

@@ -43,6 +43,8 @@ class SecurityModeCommand {
   void setNAS_Security_Algorithms(uint8_t ciphering, uint8_t integrity);
   void setngKSI(uint8_t tsc, uint8_t key_set_id);
   void setUE_Security_Capability(uint8_t g_EASel, uint8_t g_IASel);
+  void setUE_Security_Capability(
+      uint8_t g_EASel, uint8_t g_IASel, uint8_t EEASel, uint8_t EIASel);
   void setIMEISV_Request(uint8_t value);
   void setEPS_NAS_Security_Algorithms(uint8_t ciphering, uint8_t integrity);
   void setAdditional_5G_Security_Information(bool rinmr, bool hdp);