Fix naked ptr for NAS security context

54e7660f · Tien Thinh NGUYEN · f4b85dff · 54e7660f · 54e7660f · 54e7660f
Commit 54e7660f authored Mar 14, 2023 by Tien Thinh NGUYEN
5 changed files
--- a/src/amf-app/amf_n1.cpp
+++ b/src/amf-app/amf_n1.cpp
--- a/src/amf-app/amf_n1.hpp
+++ b/src/amf-app/amf_n1.hpp
@@ -366,7 +366,7 @@ class amf_n1 {

  /*
   * Encode the NAS message with corresponding integrity and ciphered algorithms
-   * @param [nas_secu_ctx*] nsc: NAS Security context
+   * @param [nas_secu_ctx&] nsc: NAS Security context
   * @param [bool] is_secu_ctx_new: indicate the status of the security context
   * (new/old)
   * @param [uint8_t] security_header_type: Security Header Type
@@ -377,13 +377,13 @@ class amf_n1 {
   * @return void
   */
  void encode_nas_message_protected(
-      nas_secu_ctx* nsc, bool is_secu_ctx_new, uint8_t security_header_type,
+      nas_secu_ctx& nsc, bool is_secu_ctx_new, uint8_t security_header_type,
      uint8_t direction, uint8_t* input_nas_buf, int input_nas_len,
      bstring& encrypted_nas);

  /*
   * Encrypt with integrity algorithm
-   * @param [nas_secu_ctx*] nsc: NAS Security context
+   * @param [nas_secu_ctx&] nsc: NAS Security context
   * @param [uint8_t] direction: Direction
   * @param [uint8_t*] input_nas_buf: Buffer of the input NAS
   * @param [int] input_nas_les: Length of the buffer
@@ -391,19 +391,19 @@ class amf_n1 {
   * @return true if MAC can be calculated successfully, otherwise return false
   */
  bool nas_message_integrity_protected(
-      nas_secu_ctx* nsc, uint8_t direction, uint8_t* input_nas,
+      nas_secu_ctx& nsc, uint8_t direction, uint8_t* input_nas,
      int input_nas_len, uint32_t& mac);

  /*
   * Cipher NAS message with the corresponding ciphered algorithm
-   * @param [nas_secu_ctx*] nsc: NAS Security context
+   * @param [nas_secu_ctx&] nsc: NAS Security context
   * @param [uint8_t] direction: Direction
   * @param [bstring] input_nas: Input NAS message
   * @param [bstring&] output_nas: Output NAS message
   * @return true if message is successfully ciphered, otherwise return false
   */
  bool nas_message_cipher_protected(
-      nas_secu_ctx* nsc, uint8_t direction, bstring input_nas,
+      nas_secu_ctx& nsc, uint8_t direction, bstring input_nas,
      bstring& output_nas);

  // NOTE: All the MySQL-related functions are currently implemented in

--- a/src/amf-app/amf_n2.cpp
+++ b/src/amf-app/amf_n2.cpp
@@ -1581,16 +1581,18 @@ bool amf_n2::handle_itti_message(itti_handover_required& itti_msg) {
    return false;
  }

-  nas_secu_ctx* secu = nc->security_ctx;
-  if (!secu) {
+  if (!nc->security_ctx.has_value()) {
    Logger::amf_n2().error("No Security Context found");
    return false;
  }
-  uint8_t* kamf = nc->kamf[secu->vector_pointer];
+  nas_secu_ctx security_ctx = nc->security_ctx.value();
+
+  uint8_t* kamf = nc->kamf[security_ctx.vector_pointer];
  uint8_t kgnb[32];
-  uint32_t ulcount = secu->ul_count.seq_num | (secu->ul_count.overflow << 8);
+  uint32_t ulcount =
+      security_ctx.ul_count.seq_num | (security_ctx.ul_count.overflow << 8);
  Logger::amf_n2().debug(
-      "Handover Required, Uplink count (%d)", secu->ul_count.seq_num);
+      "Handover Required, Uplink count (%d)", security_ctx.ul_count.seq_num);
  uint8_t knh[32];
  Authentication_5gaka::handover_ncc_derive_knh(
      ulcount, 0x01, kamf, kgnb, knh, unc->ncc);

--- a/src/contexts/nas_context.cpp
+++ b/src/contexts/nas_context.cpp
@@ -24,7 +24,6 @@
 //------------------------------------------------------------------------------
 nas_context::nas_context()
    : _vector(), _5g_he_av(), _5g_av(), kamf(), _5gmm_capability() {
-  security_ctx                                          = nullptr;
  is_imsi_present                                       = false;
  is_stacs_available                                    = false;
  is_auth_vectors_present                               = false;
@@ -44,7 +43,7 @@ nas_context::nas_context()
  is_common_procedure_for_identification_running        = false;
  is_common_procedure_for_security_mode_control_running = false;
  is_common_procedure_for_nas_transport_running         = false;
-  security_ctx                                          = nullptr;
+  security_ctx                                          = std::nullopt;
  is_current_security_available                         = false;
  registration_attempt_counter                          = 0;
  is_imsi_present                                       = false;

--- a/src/contexts/nas_context.hpp
+++ b/src/contexts/nas_context.hpp
@@ -117,7 +117,7 @@ class nas_context {
  _5G_AV_t _5g_av[MAX_5GS_AUTH_VECTORS];        // generated by AUSF
  std::string href;
  uint8_t kamf[MAX_5GS_AUTH_VECTORS][32];
-  nas_secu_ctx* security_ctx;  // TODO: avoid using naked ptr
+  std::optional<nas_secu_ctx> security_ctx;
  bool is_current_security_available;
  int registration_attempt_counter;  // used to limit the subsequently reject
                                     // registration