Merge remote-tracking branch 'origin/issue-404-pdcp-integrity' into develop_integration_2019_w09

Signed-off-by: Raphael Defosseux <raphael.defosseux@eurecom.fr>

Merge remote-tracking branch 'origin/issue-404-pdcp-integrity' into develop_integration_2019_w09
Signed-off-by: Raphael Defosseux <raphael.defosseux@eurecom.fr>
a729b8ab · Raphael Defosseux · aa88a303 · 8e890ebe · a729b8ab · a729b8ab
Commit a729b8ab authored Feb 28, 2019 by Raphael Defosseux
19 changed files
--- a/cmake_targets/CMakeLists.txt
+++ b/cmake_targets/CMakeLists.txt
@@ -595,7 +595,6 @@ Message("CPU_Affinity flag is ${CPU_AFFINITY}")
 ##############################################################
 #    ???!!! TO BE DOCUMENTED OPTIONS !!!???
 ##############################################################
-add_boolean_option(ENABLE_SECURITY         True  "Enable LTE integrity and ciphering between RRC UE and eNB")
 add_boolean_option(ENABLE_USE_MME          True  "eNB connected to MME (INTERFACE S1-C), not standalone eNB")
 add_boolean_option(NO_RRM                  True  "DO WE HAVE A RADIO RESSOURCE MANAGER: NO")
 add_boolean_option(RRC_DEFAULT_RAB_IS_AM False "set the RLC mode to AM for the default bearer")

--- a/cmake_targets/epc_test/CMakeLists.template
+++ b/cmake_targets/epc_test/CMakeLists.template
@@ -9,7 +9,6 @@ set (  EMIT_ASN_DEBUG False )
 set (  ENABLE_ITTI True )
 set (  ENABLE_NAS_UE_LOGGING True )
 set (  ENABLE_NEW_MULTICAST True )
-set (  ENABLE_SECURITY True )
 set (  ENABLE_STANDALONE_EPC False)
 set (  ENABLE_USE_CPU_EXECUTION_TIME True )
 set (  ENABLE_USE_MME True )

--- a/cmake_targets/oaisim_build_oai/CMakeLists.template
+++ b/cmake_targets/oaisim_build_oai/CMakeLists.template
@@ -8,7 +8,6 @@ set (  ENABLE_ITTI True )
 set (  ENABLE_NAS_UE_LOGGING True )
 set (  ENABLE_NEW_MULTICAST True )
 set (  ENABLE_RAL False )
-set (  ENABLE_SECURITY True )
 set (  ENABLE_STANDALONE_EPC False)
 set (  ENABLE_USE_CPU_EXECUTION_TIME True )
 set (  ENABLE_USE_MME True )

--- a/cmake_targets/oaisim_mme_build_oai/CMakeLists.template
+++ b/cmake_targets/oaisim_mme_build_oai/CMakeLists.template
@@ -8,7 +8,6 @@ set (  ENABLE_ITTI True )
 set (  ENABLE_NAS_UE_LOGGING False )
 set (  ENABLE_NEW_MULTICAST False )
 set (  ENABLE_RAL False )
-set (  ENABLE_SECURITY False )
 set (  ENABLE_STANDALONE_EPC False )
 set (  ENABLE_USE_CPU_EXECUTION_TIME False )
 set (  ENABLE_USE_MME False )

--- a/cmake_targets/oaisim_noS1_build_oai/CMakeLists.template
+++ b/cmake_targets/oaisim_noS1_build_oai/CMakeLists.template
@@ -7,7 +7,6 @@ set (  ENABLE_ITTI True )
 set (  ENABLE_NAS_UE_LOGGING False )
 set (  ENABLE_NEW_MULTICAST True )
 set (  ENABLE_RAL False )
-set (  ENABLE_SECURITY False )
 set (  ENABLE_STANDALONE_EPC False)
 set (  ENABLE_USE_CPU_EXECUTION_TIME True )
 set (  ENABLE_USE_MME False )

--- a/cmake_targets/s1c_mme_test/CMakeLists.template
+++ b/cmake_targets/s1c_mme_test/CMakeLists.template
@@ -9,7 +9,6 @@ set (  ENABLE_NAS_UE_LOGGING True )
 set (  ENABLE_NEW_MULTICAST True )
 set (  ENABLE_PDCP_NETLINK_FIFO False )
 set (  ENABLE_RAL False )
-set (  ENABLE_SECURITY True )
 set (  ENABLE_STANDALONE_EPC False)
 set (  ENABLE_USE_CPU_EXECUTION_TIME True )
 set (  ENABLE_USE_MME True )

--- a/openair2/LAYER2/PDCP_v10.1.0/pdcp.c
+++ b/openair2/LAYER2/PDCP_v10.1.0/pdcp.c
--- a/openair2/LAYER2/PDCP_v10.1.0/pdcp.h
+++ b/openair2/LAYER2/PDCP_v10.1.0/pdcp.h
@@ -177,13 +177,12 @@ typedef struct pdcp_s {
   */
  pdcp_sn_t next_pdcp_tx_sn;
  pdcp_sn_t next_pdcp_rx_sn;
-  pdcp_sn_t next_pdcp_rx_sn_before_integrity;
+  pdcp_sn_t maximum_pdcp_rx_sn;
  /*
   * TX and RX Hyper Frame Numbers
   */
  pdcp_hfn_t tx_hfn;
  pdcp_hfn_t rx_hfn;
-  pdcp_hfn_offset_t rx_hfn_offset; // related to sn mismatch

  /*
   * SN of the last PDCP SDU delivered to upper layers
@@ -488,14 +487,6 @@ typedef struct {
 #define REORDERING_WINDOW_SN_7BIT 64
 #define REORDERING_WINDOW_SN_12BIT 2048

-/*
- * SN size
- */
-#define PDCP_SN_5BIT  5
-#define PDCP_SN_7BIT  7
-#define PDCP_SN_12BIT 12
-
-
 signed int             pdcp_2_nas_irq;
 pdcp_stats_t              UE_pdcp_stats[MAX_MOBILES_PER_ENB];
 pdcp_stats_t              eNB_pdcp_stats[NUMBER_OF_eNB_MAX];

--- a/openair2/LAYER2/PDCP_v10.1.0/pdcp_primitives.h
+++ b/openair2/LAYER2/PDCP_v10.1.0/pdcp_primitives.h
@@ -173,7 +173,6 @@ int pdcp_netlink_dequeue_element(const protocol_ctxt_t* const  ctxt_pP,
 void pdcp_config_set_security(const protocol_ctxt_t* const  ctxt_pP, pdcp_t *pdcp_pP, rb_id_t rb_idP,
                              uint16_t lc_idP, uint8_t security_modeP, uint8_t *kRRCenc_pP, uint8_t *kRRCint_pP, uint8_t *kUPenc_pP);

-#if defined(ENABLE_SECURITY)
 int pdcp_apply_security(const protocol_ctxt_t* const  ctxt_pP,
                        pdcp_t     *pdcp_entity,
                        srb_flag_t  srb_flagP,
@@ -188,10 +187,10 @@ int pdcp_validate_security(const protocol_ctxt_t* const  ctxt_pP,
                           srb_flag_t srb_flagP,
                           rb_id_t rb_id,
                           uint8_t pdcp_header_len,
-                           uint16_t current_sn,
+                           uint32_t hfn,
+                           int sn,
                           uint8_t *pdcp_pdu_buffer,
                           uint16_t sdu_buffer_size);
-#endif /* defined(ENABLE_SECURITY) */

 #endif
 /** @}*/
--- a/openair2/LAYER2/PDCP_v10.1.0/pdcp_security.c
+++ b/openair2/LAYER2/PDCP_v10.1.0/pdcp_security.c
@@ -40,13 +40,6 @@
 #include "msc.h"
 #include "pdcp_primitives.h"

-#if defined(ENABLE_SECURITY)
-
-static
-uint32_t pdcp_get_next_count_tx(pdcp_t *const pdcp_pP, const srb_flag_t srb_flagP, const uint16_t pdcp_sn);
-static
-uint32_t pdcp_get_next_count_rx(pdcp_t *const pdcp_pP, const srb_flag_t srb_flagP, const uint16_t pdcp_sn);
-
 //-----------------------------------------------------------------------------
 static
 uint32_t pdcp_get_next_count_tx(
@@ -79,26 +72,25 @@ static
 uint32_t pdcp_get_next_count_rx(
  pdcp_t * const pdcp_pP,
  const srb_flag_t srb_flagP,
-  const uint16_t pdcp_sn)
+  const uint32_t hfn,
+  const int sn)
 {
  uint32_t count;

  /* For RX COUNT = RX_HFN << length of SN | pdcp SN of received PDU */
  if (srb_flagP) {
    /* 5 bits length SN */
-    count = (((pdcp_pP->rx_hfn + pdcp_pP->rx_hfn_offset) << 5)  | (pdcp_sn & 0x001F));
+    count = (hfn << 5)  | (sn & 0x001F);
  } else {
-    if (pdcp_pP->seq_num_size == LTE_PDCP_Config__rlc_UM__pdcp_SN_Size_len7bits) {
+    if (pdcp_pP->seq_num_size == 7) {
      /* 7 bits length SN */
-      count = (((pdcp_pP->rx_hfn + pdcp_pP->rx_hfn_offset) << 7) | (pdcp_sn & 0x007F));
+      count = (hfn << 7) | (sn & 0x007F);
    } else { // default
      /* 12 bits length SN */
-      count = (((pdcp_pP->rx_hfn + pdcp_pP->rx_hfn_offset) << 12) | (pdcp_sn & 0x0FFF));
+      count = (hfn << 12) | (sn & 0x0FFF);
    }
  }

-  // reset the hfn offset
-  pdcp_pP->rx_hfn_offset =0;
  LOG_D(PDCP, "[OSA] RX COUNT = 0x%08x\n", count);

  return count;
@@ -182,7 +174,8 @@ pdcp_validate_security(
  const srb_flag_t     srb_flagP,
  const rb_id_t        rb_id,
  const uint8_t        pdcp_header_len,
-  const uint16_t       current_sn,
+  const uint32_t       hfn,
+  const int            sn,
  uint8_t       *const pdcp_pdu_buffer,
  const uint16_t       sdu_buffer_size
 )
@@ -201,7 +194,7 @@ pdcp_validate_security(

  decrypt_params.direction  = (pdcp_pP->is_ue == 1) ? SECU_DIRECTION_DOWNLINK : SECU_DIRECTION_UPLINK ;
  decrypt_params.bearer     = rb_id - 1;
-  decrypt_params.count      = pdcp_get_next_count_rx(pdcp_pP, srb_flagP, current_sn);
+  decrypt_params.count      = pdcp_get_next_count_rx(pdcp_pP, srb_flagP, hfn, sn);
  decrypt_params.message    = &pdcp_pdu_buffer[pdcp_header_len];
  decrypt_params.blength    = (sdu_buffer_size - pdcp_header_len) << 3;
  decrypt_params.key_length = 16;
@@ -246,5 +239,3 @@ pdcp_validate_security(

  return 0;
 }
-
-#endif /* ENABLE_SECURITY */
--- a/openair2/LAYER2/PDCP_v10.1.0/pdcp_sequence_manager.c
+++ b/openair2/LAYER2/PDCP_v10.1.0/pdcp_sequence_manager.c
@@ -140,152 +140,6 @@ boolean_t pdcp_advance_rx_window(pdcp_t* pdcp_entity)
  return TRUE;
 }

-/**
- * Checks if incoming PDU has a sequence number in accordance with the RX window
- * @return 1 if SN is okay, 0 otherwise
- * XXX Reordering window should also be handled here
- */
-boolean_t pdcp_is_rx_seq_number_valid(uint16_t seq_num, pdcp_t* pdcp_entity,srb_flag_t srb_flagP)
-{
-
-  uint16_t  reordering_window = 0;
-
-  LOG_D(PDCP, "Incoming RX Sequence number is %04d\n", seq_num);
-
-  if (pdcp_is_seq_num_size_valid(pdcp_entity) == FALSE || pdcp_is_seq_num_valid(seq_num, pdcp_entity->seq_num_size) == FALSE) {
-    return FALSE;
-  }
-
-  /*
-   * Mark received sequence numbers to keep track of missing ones
-   * (and to build PDCP Control PDU for PDCP status report)
-   */
-  if (pdcp_mark_current_pdu_as_received(seq_num, pdcp_entity) == TRUE) {
-    LOG_D(PDCP, "Received sequence number successfuly marked\n");
-  } else {
-    LOG_W(PDCP, "Cannot mark received sequence number on the bitmap!\n");
-  }
-
-  /*
-   * RX Procedures for SRB and DRBs as described in sec 5.1.2 of 36.323
-   */
-
-  if (srb_flagP) { // SRB
-
-    if (seq_num < pdcp_entity->next_pdcp_rx_sn) {
-      // decipher and verify the integrity of the PDU (if applicable) using COUNT based on RX_HFN + 1 and the received PDCP SN
-      pdcp_entity->rx_hfn++;
-      pdcp_entity->rx_hfn_offset   = 0;
-    } else {
-      // decipher and verify the integrity of the PDU (if applicable) using COUNT based using COUNT based on RX_HFN and the received PDCP SN
-      pdcp_entity->rx_hfn_offset   = 0;
-    }
-
-    // Assume  that integrity verification is applicable and the integrity verification is passed successfully;
-    // or assume that  integrity verification is not applicable:
-
-    // same the old next_pdcp_rx_sn to revert otherwise
-    pdcp_entity->next_pdcp_rx_sn_before_integrity = pdcp_entity->next_pdcp_rx_sn;
-
-    if (seq_num != pdcp_entity->next_pdcp_rx_sn) {
-      LOG_D(PDCP,"Re-adjusting the sequence number to %d\n", seq_num);
-    }
-
-    //set Next_PDCP_RX_SN to the received PDCP SN +1 ;
-    pdcp_entity->next_pdcp_rx_sn = seq_num;
-    pdcp_advance_rx_window(pdcp_entity);  // + 1, and check if it is larger than Maximum_PDCP_SN:
-
-  } else { // DRB
-
-    if (pdcp_entity->seq_num_size == PDCP_SN_7BIT) {
-      reordering_window = REORDERING_WINDOW_SN_7BIT;
-    } else {
-      reordering_window = REORDERING_WINDOW_SN_12BIT;
-    }
-
-    switch (pdcp_entity->rlc_mode) {
-    case RLC_MODE_AM:
-      if ((seq_num - pdcp_entity->last_submitted_pdcp_rx_sn > reordering_window)  ||
-          ((0 <= pdcp_entity->last_submitted_pdcp_rx_sn - seq_num) &&
-           (pdcp_entity->last_submitted_pdcp_rx_sn - seq_num < reordering_window)  )) {
-
-        if (seq_num  > pdcp_entity->next_pdcp_rx_sn) {
-          /*
-           * decipher the PDCP PDU as specified in the subclause 5.6, using COUNT based on RX_HFN - 1 and the received PDCP SN;
-           */
-          pdcp_entity->rx_hfn_offset   =  -1;
-        } else  {
-          /*
-           *  decipher the PDCP PDU as specified in the subclause 5.6, using COUNT based on RX_HFN and the received PDCP SN;
-           */
-          pdcp_entity->rx_hfn_offset   = 0;
-        }
-
-        // discard this PDCP SDU;
-        LOG_W(PDCP, "Out of the reordering window (Incoming SN:%d, Expected SN:%d): discard this PDCP SDU\n",
-              seq_num, pdcp_entity->next_pdcp_rx_sn);
-        return FALSE;
-      } else if (pdcp_entity->next_pdcp_rx_sn - seq_num > reordering_window) {
-        pdcp_entity->rx_hfn++;
-        // use COUNT based on RX_HFN and the received PDCP SN for deciphering the PDCP PDU;
-        pdcp_entity->rx_hfn_offset   = 0;
-        pdcp_entity->next_pdcp_rx_sn++;
-      } else if (seq_num - pdcp_entity->next_pdcp_rx_sn  >= reordering_window ) {
-        //  use COUNT based on RX_HFN – 1 and the received PDCP SN for deciphering the PDCP PDU;
-        pdcp_entity->rx_hfn_offset   = -1;
-      } else if (seq_num  >= pdcp_entity->next_pdcp_rx_sn ) {
-        // use COUNT based on RX_HFN and the received PDCP SN for deciphering the PDCP PDU;
-        pdcp_entity->rx_hfn_offset = 0;
-        //set Next_PDCP_RX_SN to the received PDCP SN +1 ;
-        pdcp_entity->next_pdcp_rx_sn = seq_num;
-        pdcp_advance_rx_window(pdcp_entity);  // + 1, anc check if it is larger than Maximum_PDCP_SN:
-        LOG_D(PDCP,"Re-adjusting the sequence number to %d\n", seq_num);
-      } else if (seq_num < pdcp_entity->next_pdcp_rx_sn) {
-        // use COUNT based on RX_HFN and the received PDCP SN for deciphering the PDCP PDU;
-        pdcp_entity->rx_hfn_offset = 0;
-      }
-
-      break;
-
-    case RLC_MODE_UM :
-      if (seq_num <  pdcp_entity->next_pdcp_rx_sn) {
-        pdcp_entity->rx_hfn++;
-      }
-
-      // decipher the PDCP Data PDU using COUNT based on RX_HFN and the received PDCP SN as specified in the subclause 5.6;
-      //set Next_PDCP_RX_SN to the received PDCP SN +1 ;
-      pdcp_entity->next_pdcp_rx_sn = seq_num;
-      pdcp_advance_rx_window(pdcp_entity);  // + 1, and check if it is larger than Maximum_PDCP_SN:
-
-      break;
-
-    case RLC_MODE_TM :
-    default:
-      LOG_W(PDCP,"RLC mode %d not supported\n",pdcp_entity->rlc_mode);
-      return FALSE;
-    }
-  }
-
-  /*
-  if (seq_num == pdcp_entity->next_pdcp_rx_sn) {
-    LOG_I(PDCP, "Next expected SN (%d) arrived, advancing RX window\n", seq_num);
-
-    return pdcp_advance_rx_window(pdcp_entity);
-  } else {
-    LOG_E(PDCP, "Incoming SN is not the one we expected to receive! (Incoming:%d, Expected:%d)\n", \
-        seq_num, pdcp_entity->next_pdcp_rx_sn);
-
-
-    // Update first missing PDU (used in PDCP Control PDU for PDCP status report, see 6.2.6)
-    if (pdcp_entity->first_missing_pdu != -1)
-      pdcp_entity->first_missing_pdu = pdcp_entity->next_pdcp_rx_sn;
-
-    return FALSE;
-  }
-  */
-  return TRUE;
-}
-
 boolean_t pdcp_mark_current_pdu_as_received(uint16_t seq_num, pdcp_t* pdcp_entity)
 {
  /*

--- a/openair2/LAYER2/PDCP_v10.1.0/pdcp_sequence_manager.h
+++ b/openair2/LAYER2/PDCP_v10.1.0/pdcp_sequence_manager.h
@@ -59,11 +59,6 @@ uint16_t pdcp_get_next_tx_seq_number(pdcp_t* pdcp_entity);
 * Advances the RX window state of given PDCP entity upon successfull receipt of a SDU
 */
 boolean_t pdcp_advance_rx_window(pdcp_t* pdcp_entity);
-/**
- * Checks if incoming PDU has a sequence number in accordance with the RX window
- * @return TRUE if it is valid, FALSE otherwise
- */
-boolean_t pdcp_is_rx_seq_number_valid(uint16_t seq_num, pdcp_t* pdcp_entity,srb_flag_t srb_flagP);
 /**
 * Updates missing PDU bitmap with incoming sequence number
 * @return TRUE if successful, FALSE otherwise

--- a/openair2/RRC/LTE/MESSAGES/asn1_msg.c
+++ b/openair2/RRC/LTE/MESSAGES/asn1_msg.c
@@ -3724,7 +3724,6 @@ do_RRCConnectionReestablishment(
        rrc->carrier[CC_id].dl_CarrierFreq,
        earfcn_dl,
        is_rel8_only == true ? "true": "false");
-#if defined(ENABLE_SECURITY)

  if (ue_context_pP->ue_context.nh_ncc >= 0) {
    derive_keNB_star(ue_context_pP->ue_context.nh, pci, earfcn_dl, is_rel8_only, KeNB_star);
@@ -3738,9 +3737,6 @@ do_RRCConnectionReestablishment(
  // copy KeNB_star to ue_context_pP->ue_context.kenb
  memcpy (ue_context_pP->ue_context.kenb, KeNB_star, 32);
  ue_context_pP->ue_context.kenb_ncc = 0;
-#else
-  rrcConnectionReestablishment->criticalExtensions.choice.c1.choice.rrcConnectionReestablishment_r8.nextHopChainingCount = 0;
-#endif
  rrcConnectionReestablishment->criticalExtensions.choice.c1.choice.rrcConnectionReestablishment_r8.nonCriticalExtension = NULL;

  if ( LOG_DEBUGFLAG(DEBUG_ASN1) ) {

--- a/openair2/RRC/LTE/defs_NB_IoT.h
+++ b/openair2/RRC/LTE/defs_NB_IoT.h
@@ -261,10 +261,8 @@ typedef struct eNB_RRC_UE_NB_IoT_s {
  SRB_INFO_TABLE_ENTRY_NB_IoT               Srb1;
  SRB_INFO_TABLE_ENTRY_NB_IoT               Srb1bis;

-#if defined(ENABLE_SECURITY)
  /* KeNB as derived from KASME received from EPC */
  uint8_t kenb[32];
-#endif

  /* Used integrity/ciphering algorithms--> maintained the same for NB-IoT */
  e_LTE_CipheringAlgorithm_r12     ciphering_algorithm; //Specs. TS 36.331 V14.1.0 pag 432 Change position of chipering enumerative w.r.t previous version

--- a/openair2/RRC/LTE/rrc_UE.c
+++ b/openair2/RRC/LTE/rrc_UE.c
@@ -69,9 +69,7 @@
  #include "rrc_UE_ral.h"
 #endif

-#if defined(ENABLE_SECURITY)
-  #include "UTIL/OSA/osa_defs.h"
-#endif
+#include "UTIL/OSA/osa_defs.h"

 #include "pdcp.h"
 #include "plmn_data.h"
@@ -424,7 +422,6 @@ void init_SL_preconfig(UE_RRC_INST *UE, const uint8_t eNB_index ) {

 //-----------------------------------------------------------------------------
 void openair_rrc_ue_init_security( const protocol_ctxt_t *const ctxt_pP ) {
-#if defined(ENABLE_SECURITY)
  //    uint8_t *kRRCenc;
  //    uint8_t *kRRCint;
  char ascii_buffer[65];
@@ -438,7 +435,6 @@ void openair_rrc_ue_init_security( const protocol_ctxt_t *const ctxt_pP ) {
  LOG_T(RRC, PROTOCOL_RRC_CTXT_FMT"[OSA] kenb    = %s\n",
        PROTOCOL_RRC_CTXT_ARGS(ctxt_pP),
        ascii_buffer);
-#endif
 }

 //-----------------------------------------------------------------------------
@@ -1307,12 +1303,10 @@ rrc_ue_process_radioResourceConfigDedicated(
  if (radioResourceConfigDedicated->srb_ToAddModList) {
    uint8_t *kRRCenc = NULL;
    uint8_t *kRRCint = NULL;
-#if defined(ENABLE_SECURITY)
    derive_key_rrc_enc(UE_rrc_inst[ctxt_pP->module_id].ciphering_algorithm,
                       UE_rrc_inst[ctxt_pP->module_id].kenb, &kRRCenc);
    derive_key_rrc_int(UE_rrc_inst[ctxt_pP->module_id].integrity_algorithm,
                       UE_rrc_inst[ctxt_pP->module_id].kenb, &kRRCint);
-#endif
    // Refresh SRBs
    rrc_pdcp_config_asn1_req(ctxt_pP,
                             radioResourceConfigDedicated->srb_ToAddModList,
@@ -1485,10 +1479,8 @@ rrc_ue_process_radioResourceConfigDedicated(
    }

    uint8_t *kUPenc = NULL;
-#if defined(ENABLE_SECURITY)
    derive_key_up_enc(UE_rrc_inst[ctxt_pP->module_id].integrity_algorithm,
                      UE_rrc_inst[ctxt_pP->module_id].kenb, &kUPenc);
-#endif
    MSC_LOG_TX_MESSAGE(
      MSC_RRC_UE,
      MSC_PDCP_UE,
@@ -1663,7 +1655,6 @@ rrc_ue_process_securityModeCommand(
    ul_dcch_msg.message.choice.c1.present = LTE_UL_DCCH_MessageType__c1_PR_securityModeFailure;
  }

-#if defined(ENABLE_SECURITY)
  uint8_t *kRRCenc = NULL;
  uint8_t *kUPenc = NULL;
  uint8_t *kRRCint = NULL;
@@ -1713,8 +1704,6 @@ rrc_ue_process_securityModeCommand(
    LOG_I(RRC, "Could not get PDCP instance where key=0x%ld\n", key);
  }

-#endif //#if defined(ENABLE_SECURITY)
-
  if (securityModeCommand->criticalExtensions.present == LTE_SecurityModeCommand__criticalExtensions_PR_c1) {
    if (securityModeCommand->criticalExtensions.choice.c1.present != LTE_SecurityModeCommand__criticalExtensions__c1_PR_securityModeCommand_r8)
      LOG_W(RRC,"securityModeCommand->criticalExtensions.choice.c1.present (%d) != SecurityModeCommand__criticalExtensions__c1_PR_securityModeCommand_r8\n",

--- a/openair2/RRC/LTE/rrc_defs.h
+++ b/openair2/RRC/LTE/rrc_defs.h
@@ -547,13 +547,11 @@ typedef struct eNB_RRC_UE_s {
  int                                UE_Capability_size;
  ImsiMobileIdentity_t               imsi;

-#if defined(ENABLE_SECURITY)
  /* KeNB as derived from KASME received from EPC */
  uint8_t kenb[32];
  int8_t  kenb_ncc;
  uint8_t nh[32];
  int8_t  nh_ncc;
-#endif
  /* Used integrity/ciphering algorithms */
  LTE_CipheringAlgorithm_r12_t                          ciphering_algorithm;
  e_LTE_SecurityAlgorithmConfig__integrityProtAlgorithm integrity_algorithm;
@@ -825,12 +823,10 @@ typedef struct UE_RRC_INST_s {
  float                           rsrq_db[7];
  float                           rsrp_db_filtered[7];
  float                           rsrq_db_filtered[7];
-#if defined(ENABLE_SECURITY)
  /* KeNB as computed from parameters within USIM card */
  uint8_t kenb[32];
  uint8_t nh[32];
  int8_t  nh_ncc;
-#endif

  /* Used integrity/ciphering algorithms */
  LTE_CipheringAlgorithm_r12_t                          ciphering_algorithm;

--- a/openair2/RRC/LTE/rrc_eNB.c
+++ b/openair2/RRC/LTE/rrc_eNB.c
@@ -75,9 +75,7 @@
 #include "OCG.h"
 #include "OCG_extern.h"

-#if defined(ENABLE_SECURITY)
-  #include "UTIL/OSA/osa_defs.h"
-#endif
+#include "UTIL/OSA/osa_defs.h"

 #include "rrc_eNB_S1AP.h"
 #include "rrc_eNB_GTPV1U.h"
@@ -797,6 +795,29 @@ rrc_eNB_free_mem_UE_context(
    ASN_STRUCT_FREE(asn_DEF_LTE_MeasConfig, ue_context_pP->ue_context.measConfig);
    ue_context_pP->ue_context.measConfig = NULL;
  }
+
+#if 0
+  //HANDOVER_INFO                     *handover_info;
+  //uint8_t kenb[32];
+  //e_SecurityAlgorithmConfig__cipheringAlgorithm     ciphering_algorithm;
+  //e_SecurityAlgorithmConfig__integrityProtAlgorithm integrity_algorithm;
+  //uint8_t                            Status;
+  //rnti_t                             rnti;
+  //uint64_t                           random_ue_identity;
+#if defined(ENABLE_ITTI)
+  //UE_S_TMSI                          Initialue_identity_s_TMSI;
+  //EstablishmentCause_t               establishment_cause;
+  //ReestablishmentCause_t             reestablishment_cause;
+  //uint16_t                           ue_initial_id;
+  //uint32_t                           eNB_ue_s1ap_id :24;
+  //security_capabilities_t            security_capabilities;
+  //uint8_t                            nb_of_e_rabs;
+  //e_rab_param_t                      e_rab[S1AP_MAX_E_RAB];
+  //uint32_t                           enb_gtp_teid[S1AP_MAX_E_RAB];
+  //transport_layer_addr_t             enb_gtp_addrs[S1AP_MAX_E_RAB];
+  //rb_id_t                            enb_gtp_ebi[S1AP_MAX_E_RAB];
+#endif
+#endif
 }

 //-----------------------------------------------------------------------------
@@ -6142,7 +6163,6 @@ rrc_eNB_process_RRCConnectionReconfigurationComplete(
  LTE_DRB_Identity_t                     *drb_id_p      = NULL;
  T(T_ENB_RRC_CONNECTION_RECONFIGURATION_COMPLETE, T_INT(ctxt_pP->module_id), T_INT(ctxt_pP->frame),
    T_INT(ctxt_pP->subframe), T_INT(ctxt_pP->rnti));
-#if defined(ENABLE_SECURITY)

  /* Derive the keys from kenb */
  if (DRB_configList != NULL) {
@@ -6154,7 +6174,6 @@ rrc_eNB_process_RRCConnectionReconfigurationComplete(
                     ue_context_pP->ue_context.kenb, &kRRCenc);
  derive_key_rrc_int(ue_context_pP->ue_context.integrity_algorithm,
                     ue_context_pP->ue_context.kenb, &kRRCint);
-#endif
  // Refresh SRBs/DRBs
  MSC_LOG_TX_MESSAGE(
    MSC_RRC_ENB,

--- a/openair2/RRC/LTE/rrc_eNB_S1AP.c
+++ b/openair2/RRC/LTE/rrc_eNB_S1AP.c
@@ -48,9 +48,7 @@
 #include "s1ap_eNB.h"


-#if defined(ENABLE_SECURITY)
-  #include "UTIL/OSA/osa_defs.h"
-#endif
+#include "UTIL/OSA/osa_defs.h"
 #include "msc.h"

 #include "LTE_UERadioAccessCapabilityInformation.h"
@@ -486,7 +484,6 @@ static void process_eNB_security_key (
 )
 //------------------------------------------------------------------------------
 {
-#if defined(ENABLE_SECURITY)
  char ascii_buffer[65];
  uint8_t i;
  /* Saves the security key */
@@ -500,7 +497,6 @@ static void process_eNB_security_key (

  ascii_buffer[2 * i] = '\0';
  LOG_I (RRC, "[eNB %d][UE %x] Saved security key %s\n", ctxt_pP->module_id, ue_context_pP->ue_context.rnti, ascii_buffer);
-#endif
 }


@@ -513,7 +509,6 @@ rrc_pdcp_config_security(
 )
 //------------------------------------------------------------------------------
 {
-#if defined(ENABLE_SECURITY)
  LTE_SRB_ToAddModList_t             *SRB_configList = ue_context_pP->ue_context.SRB_configList;
  uint8_t                            *kRRCenc = NULL;
  uint8_t                            *kRRCint = NULL;
@@ -571,8 +566,6 @@ rrc_pdcp_config_security(
          PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP),
          DCCH);
  }
-
-#endif
 }

 //------------------------------------------------------------------------------

--- a/targets/Makefile.common
+++ b/targets/Makefile.common
@@ -45,7 +45,6 @@ ifeq ($(OPENSSL_FOUND), 0)
 @(warning "openssl library is not installed on your system, openssl lib needed, continuing with security disabled")
 SECU=0
 else
-CFLAGS += -DENABLE_SECURITY
 LIBS += $(OPENSSL_LIBS) $(NETTLE_LIBS)
 endif
 endif