Remove naked ptr for Kamf

src/amf-app/amf_n1.cpp

@@ -220,7 +220,7 @@ void amf_n1::handle_itti_message(itti_downlink_nas_transfer& itti_msg) {
   }
 
   if (!nc->security_ctx.has_value()) {
-    Logger::amf_n2().error("No Security Context found");
+    Logger::amf_n1().error("No Security Context found");
     return;
   }
 
@@ -316,12 +316,18 @@ void amf_n1::handle_itti_message(itti_downlink_nas_transfer& itti_msg) {
         }
       } else {
         // send using InitialContextSetupRequest
-        uint8_t* kamf = nc->kamf[nc->security_ctx.value().vector_pointer];
-        uint8_t kgnb[32];
+        uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS];
+        uint8_t kgnb[AUTH_VECTOR_LENGTH_OCTETS];
+        if (!nc->get_kamf(nc->security_ctx.value().vector_pointer, kamf)) {
+          Logger::amf_n1().warn("No Kamf found");
+          return;
+        }
         uint32_t ulcount = nc->security_ctx.value().ul_count.seq_num |
                            (nc->security_ctx.value().ul_count.overflow << 8);
-        Authentication_5gaka::derive_kgnb(0, 0x01, kamf, kgnb);
-        output_wrapper::print_buffer("amf_n1", "Kamf", kamf, 32);
+        Authentication_5gaka::derive_kgnb(
+            0, 0x01, kamf, kgnb);  // TODO: remove hardcoded value
+        output_wrapper::print_buffer(
+            "amf_n1", "Kamf", kamf, AUTH_VECTOR_LENGTH_OCTETS);
 
         std::shared_ptr<itti_initial_context_setup_request> csr =
             std::make_shared<itti_initial_context_setup_request>(
@@ -592,7 +598,7 @@ void amf_n1::nas_signalling_establishment_request_handle(
         }
          */
       if (nc && nc->security_ctx.has_value())
-        nc->security_ctx->ul_count.seq_num = ulCount;
+        nc->security_ctx.value().ul_count.seq_num = ulCount;
 
       service_request_handle(nc, ran_ue_ngap_id, amf_ue_ngap_id, plain_msg);
     } break;
@@ -883,7 +889,7 @@ void amf_n1::service_request_handle(
   set_amf_ue_ngap_id_2_nas_context(amf_ue_ngap_id, nc);
 
   if (!nc->security_ctx.has_value()) {
-    Logger::amf_n2().error("No Security Context found");
+    Logger::amf_n1().error("No Security Context found");
     return;
   }
 
@@ -989,14 +995,21 @@ void amf_n1::service_request_handle(
     encode_nas_message_protected(
         nc->security_ctx.value(), false, INTEGRITY_PROTECTED_AND_CIPHERED,
         NAS_MESSAGE_DOWNLINK, buffer, encoded_size, protected_nas);
-    uint8_t* kamf = nc->kamf[nc->security_ctx.value().vector_pointer];
-    uint8_t kgnb[32];
+
+    uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS];
+    uint8_t kgnb[AUTH_VECTOR_LENGTH_OCTETS];
+    if (!nc->get_kamf(nc->security_ctx.value().vector_pointer, kamf)) {
+      Logger::amf_n1().warn("No Kamf found");
+      return;
+    }
     uint32_t ulcount = nc->security_ctx.value().ul_count.seq_num |
                        (nc->security_ctx.value().ul_count.overflow << 8);
     Logger::amf_n1().debug(
         "uplink count(%d)", nc->security_ctx.value().ul_count.seq_num);
-    output_wrapper::print_buffer("amf_n1", "Kamf", kamf, 32);
-    Authentication_5gaka::derive_kgnb(ulcount, 0x01, kamf, kgnb);
+    output_wrapper::print_buffer(
+        "amf_n1", "Kamf", kamf, AUTH_VECTOR_LENGTH_OCTETS);
+    Authentication_5gaka::derive_kgnb(
+        ulcount, 0x01, kamf, kgnb);  // TODO: remove hardcoded value
 
     std::shared_ptr<itti_initial_context_setup_request> itti_msg =
         std::make_shared<itti_initial_context_setup_request>(
@@ -1040,14 +1053,21 @@ void amf_n1::service_request_handle(
     encode_nas_message_protected(
         nc->security_ctx.value(), false, INTEGRITY_PROTECTED_AND_CIPHERED,
         NAS_MESSAGE_DOWNLINK, buffer, encoded_size, protected_nas);
-    uint8_t* kamf = nc->kamf[nc->security_ctx.value().vector_pointer];
-    uint8_t kgnb[32];
+
+    uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS];
+    uint8_t kgnb[AUTH_VECTOR_LENGTH_OCTETS];
+    if (!nc->get_kamf(nc->security_ctx.value().vector_pointer, kamf)) {
+      Logger::amf_n1().warn("No Kamf found");
+      return;
+    }
     uint32_t ulcount = nc->security_ctx.value().ul_count.seq_num |
                        (nc->security_ctx.value().ul_count.overflow << 8);
     Logger::amf_n1().debug(
         "uplink count(%d)", nc->security_ctx.value().ul_count.seq_num);
-    output_wrapper::print_buffer("amf_n1", "Kamf", kamf, 32);
-    Authentication_5gaka::derive_kgnb(ulcount, 0x01, kamf, kgnb);
+    output_wrapper::print_buffer(
+        "amf_n1", "Kamf", kamf, AUTH_VECTOR_LENGTH_OCTETS);
+    Authentication_5gaka::derive_kgnb(
+        ulcount, 0x01, kamf, kgnb);  // TODO: remove hardcoded value
 
     std::shared_ptr<itti_initial_context_setup_request> itti_msg =
         std::make_shared<itti_initial_context_setup_request>(
@@ -1745,6 +1765,7 @@ bool amf_n1::auth_vectors_generator(std::shared_ptr<nas_context>& nc) {
       Authentication_5gaka::derive_kamf(
           nc->imsi, nc->_5g_av[i].kseaf, nc->kamf[i],
           0x0000);  // second parameter: abba
+                    // TODO: remove hardcoded value
     }
   }
   return true;
@@ -2708,14 +2729,18 @@ void amf_n1::security_mode_complete_handle(
   } else {
     // use InitialContextSetupRequest (NGAP message) to convey Registration
     // Accept
-
-    uint8_t* kamf = nc->kamf[nc->security_ctx.value().vector_pointer];
-    uint8_t kgnb[32];
+    uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS];
+    uint8_t kgnb[AUTH_VECTOR_LENGTH_OCTETS];
+    if (!nc->get_kamf(nc->security_ctx.value().vector_pointer, kamf)) {
+      Logger::amf_n1().warn("No Kamf found");
+      return;
+    }
     uint32_t ulcount = nc->security_ctx.value().ul_count.seq_num |
                        (nc->security_ctx.value().ul_count.overflow << 8);
-    Authentication_5gaka::derive_kgnb(0, 0x01, kamf, kgnb);
-    output_wrapper::print_buffer("amf_n1", "Kamf", kamf, 32);
-    // Authentication_5gaka::derive_kgnb(ulcount, 0x01, kamf, kgnb);
+    Authentication_5gaka::derive_kgnb(
+        0, 0x01, kamf, kgnb);  // TODO: remove harcoded value
+    output_wrapper::print_buffer(
+        "amf_n1", "Kamf", kamf, AUTH_VECTOR_LENGTH_OCTETS);
 
     std::shared_ptr<itti_initial_context_setup_request> itti_msg =
         std::make_shared<itti_initial_context_setup_request>(
@@ -3443,17 +3468,18 @@ void amf_n1::run_mobility_registration_update_procedure(
     uc->find_pdu_session_context(pdu_session_to_be_activated[0], psc);
   }
 
-  uint8_t* kamf = nc->kamf[nc->security_ctx.value().vector_pointer];
-  if (!kamf) {
-    Logger::amf_n1().error("No Kamf found");
+  uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS];
+  uint8_t kgnb[AUTH_VECTOR_LENGTH_OCTETS];
+  if (!nc->get_kamf(nc->security_ctx.value().vector_pointer, kamf)) {
+    Logger::amf_n1().warn("No Kamf found");
     return;
   }
-
-  uint8_t kgnb[32];
   uint32_t ulcount = nc->security_ctx.value().ul_count.seq_num |
                      (nc->security_ctx.value().ul_count.overflow << 8);
-  Authentication_5gaka::derive_kgnb(ulcount, 0x01, kamf, kgnb);
-  output_wrapper::print_buffer("amf_n1", "Kamf", kamf, 32);
+  Authentication_5gaka::derive_kgnb(
+      ulcount, 0x01, kamf, kgnb);  // TODO: remove hardcoded value
+  output_wrapper::print_buffer(
+      "amf_n1", "Kamf", kamf, AUTH_VECTOR_LENGTH_OCTETS);
 
   std::shared_ptr<itti_initial_context_setup_request> itti_msg =
       std::make_shared<itti_initial_context_setup_request>(

src/amf-app/amf_n2.cpp

@@ -1586,16 +1586,21 @@ bool amf_n2::handle_itti_message(itti_handover_required& itti_msg) {
     return false;
   }
 
-  uint8_t* kamf = nc->kamf[nc->security_ctx.value().vector_pointer];
-  uint8_t kgnb[32];
+  uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS];
+  uint8_t kgnb[AUTH_VECTOR_LENGTH_OCTETS];
+  if (!nc->get_kamf(nc->security_ctx.value().vector_pointer, kamf)) {
+    Logger::amf_n1().warn("No Kamf found");
+    return false;
+  }
   uint32_t ulcount = nc->security_ctx.value().ul_count.seq_num |
                      (nc->security_ctx.value().ul_count.overflow << 8);
   Logger::amf_n2().debug(
       "Handover Required, Uplink count (%d)",
       nc->security_ctx.value().ul_count.seq_num);
-  uint8_t knh[32];
+  uint8_t knh[AUTH_VECTOR_LENGTH_OCTETS];
   Authentication_5gaka::handover_ncc_derive_knh(
-      ulcount, 0x01, kamf, kgnb, knh, unc->ncc);
+      ulcount, 0x01, kamf, kgnb, knh,
+      unc->ncc);  // TODO: remove hardcoded value
   bstring knh_bs = blk2bstr(knh, 32);
   handover_request->setSecurityContext(unc->ncc /*NCC count*/, knh_bs);
 

src/contexts/nas_context.cpp

@@ -61,3 +61,13 @@ nas_context::nas_context()
 
 //------------------------------------------------------------------------------
 nas_context::~nas_context() {}
+
+//------------------------------------------------------------------------------
+bool nas_context::get_kamf(
+    uint8_t index, uint8_t (&k)[AUTH_VECTOR_LENGTH_OCTETS]) const {
+  if (index >= MAX_5GS_AUTH_VECTORS) return false;
+  for (uint8_t i = 0; i++; i < AUTH_VECTOR_LENGTH_OCTETS) {
+    k[i] = kamf[index][i];
+  }
+  return true;
+}

src/contexts/nas_context.hpp

@@ -128,6 +128,8 @@ class nas_context {
   bool is_5g_guti_present;
   bool is_auth_vectors_present;
   bool to_be_register_by_new_suci;
+
+  bool get_kamf(uint8_t index, uint8_t (&k)[AUTH_VECTOR_LENGTH_OCTETS]) const;
 };
 
 #endif

src/secu_algorithms/5gaka/authentication_algorithms_with_5gaka.cpp

@@ -405,8 +405,10 @@ void Authentication_5gaka::derive_knas(
 }
 
 void Authentication_5gaka::derive_kgnb(
-    uint32_t uplinkCount, uint8_t accessType, uint8_t kamf[32], uint8_t* kgnb) {
-  Logger::amf_n1().debug("derive_kgnb ...");
+    uint32_t uplinkCount, uint8_t accessType,
+    uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS],
+    uint8_t (&kgnb)[AUTH_VECTOR_LENGTH_OCTETS]) {
+  Logger::amf_n1().debug("Derive Kgnb ...");
   uint8_t S[20];
   S[0]                 = 0x6E;
   *(uint32_t*) (S + 1) = htonl(uplinkCount);
@@ -417,13 +419,15 @@ void Authentication_5gaka::derive_kgnb(
   S[9]                 = 0x01;
   // output_wrapper::print_buffer("amf_n1", "inputstring S", S, 10);
   // output_wrapper::print_buffer("amf_n1", "key KEY", kamf, 32);
-  kdf(kamf, 32, S, 10, kgnb, 32);
+  kdf(kamf, 32, S, 10, kgnb, AUTH_VECTOR_LENGTH_OCTETS);
   // output_wrapper::print_buffer("amf_n1", "kgnb", kgnb, 32);
   // Logger::amf_n1().debug("derive kgnb finished!");
 }
 void Authentication_5gaka::handover_ncc_derive_knh(
-    uint32_t uplinkCount, uint8_t accessType, uint8_t kamf[32], uint8_t* kgnb,
-    uint8_t* knh, int ncc) {
+    uint32_t uplinkCount, uint8_t accessType,
+    uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS],
+    uint8_t (&kgnb)[AUTH_VECTOR_LENGTH_OCTETS],
+    uint8_t (&knh)[AUTH_VECTOR_LENGTH_OCTETS], int ncc) {
   Logger::amf_n1().debug("derive_handover_ncc_knh ...");
   uint8_t S[20], SS[ncc][35];
   S[0]                 = 0x6E;

src/secu_algorithms/5gaka/authentication_algorithms_with_5gaka.hpp

@@ -41,6 +41,8 @@
 #define KASME_LENGTH_OCTETS (32)
 #define MAC_S_LENGTH (8)
 
+#define AUTH_VECTOR_LENGTH_OCTETS 32
+
 typedef mpz_t random_t;
 typedef mpz_t sqn_t;
 
@@ -140,11 +142,14 @@ class Authentication_5gaka {
       algorithm_type_dist_t nas_alg_type, uint8_t nas_alg_id, uint8_t kamf[32],
       uint8_t* knas);
   static void derive_kgnb(
-      uint32_t uplinkCount, uint8_t accessType, uint8_t kamf[32],
-      uint8_t* kgnb);
+      uint32_t uplinkCount, uint8_t accessType,
+      uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS],
+      uint8_t (&kgnb)[AUTH_VECTOR_LENGTH_OCTETS]);
   static void handover_ncc_derive_knh(
-      uint32_t uplinkCount, uint8_t accessType, uint8_t kamf[32], uint8_t* kgnb,
-      uint8_t* knh, int ncc);
+      uint32_t uplinkCount, uint8_t accessType,
+      uint8_t kamf[AUTH_VECTOR_LENGTH_OCTETS],
+      uint8_t (&kgnb)[AUTH_VECTOR_LENGTH_OCTETS],
+      uint8_t (&knh)[AUTH_VECTOR_LENGTH_OCTETS], int ncc);
   static uint8_t* sqn_ms_derive(
       const uint8_t opc[16], uint8_t* key, uint8_t* auts, uint8_t* rand);