Skip to content

O
OpenXG-RAN
Commit 80831cd4 authored by Masayuki Harada's avatar Masayuki Harada
Browse files
Options

Fix nr_derive_key memory problem.

parent 2fb38167
Hide whitespace changes
Inline Side-by-side
Showing with 18 additions and 136 deletions
openair2/LAYER2/nr_pdcp/nr_pdcp_oai_api.c
View file @ 80831cd4
......@@ -903,9 +903,7 @@ boolean_t nr_rrc_pdcp_config_asn1_req(
uint8_t *const kRRCint,
uint8_t *const kUPenc,
uint8_t *const kUPint
#if (LTE_RRC_VERSION >= MAKE_VERSION(9, 0, 0))
,LTE_PMCH_InfoList_r9_t *pmch_InfoList_r9
#endif
,rb_id_t *const defaultDRB,
struct NR_CellGroupConfig__rlc_BearerToAddModList *rlc_bearer2add_list)
//struct NR_RLC_Config *rlc_Config)
......@@ -975,9 +973,7 @@ boolean_t rrc_pdcp_config_asn1_req(
uint8_t *const kRRCenc,
uint8_t *const kRRCint,
uint8_t *const kUPenc
#if (LTE_RRC_VERSION >= MAKE_VERSION(9, 0, 0))
,LTE_PMCH_InfoList_r9_t *pmch_InfoList_r9
#endif
,rb_id_t *const defaultDRB)
{
return 0;
......@@ -1240,10 +1236,8 @@ boolean_t pdcp_data_req(
const sdu_size_t sdu_buffer_size,
unsigned char *const sdu_buffer,
const pdcp_transmission_mode_t mode
#if (LTE_RRC_VERSION >= MAKE_VERSION(14, 0, 0))
,const uint32_t *const sourceL2Id
,const uint32_t *const destinationL2Id
#endif
)
{
if (srb_flagP) {
......
openair2/RRC/LTE/rrc_eNB.c
View file @ 80831cd4
......@@ -3618,9 +3618,7 @@ void rrc_eNB_generate_defaultRRCConnectionReconfiguration(const protocol_ctxt_t
NULL,
NULL,
NULL
#if (LTE_RRC_VERSION >= MAKE_VERSION(9, 0, 0))
, (LTE_PMCH_InfoList_r9_t *) NULL
#endif
, NULL);
/* Refresh SRBs/DRBs */
......@@ -3629,11 +3627,9 @@ void rrc_eNB_generate_defaultRRCConnectionReconfiguration(const protocol_ctxt_t
*SRB_configList2, // NULL,
*DRB_configList,
NULL
#if (LTE_RRC_VERSION >= MAKE_VERSION(9, 0, 0))
, (LTE_PMCH_InfoList_r9_t *) NULL,
0,
0
#endif
);
}
......@@ -6331,9 +6327,7 @@ rrc_eNB_generate_HO_RRCConnectionReconfiguration(const protocol_ctxt_t *const ct
NULL,
NULL,
NULL
#if (LTE_RRC_VERSION >= MAKE_VERSION(9, 0, 0))
, (LTE_PMCH_InfoList_r9_t *) NULL
#endif
, NULL);
/* Refresh SRBs/DRBs */
......@@ -6342,11 +6336,9 @@ rrc_eNB_generate_HO_RRCConnectionReconfiguration(const protocol_ctxt_t *const ct
*SRB_configList2, // NULL,
*DRB_configList,
NULL
#if (LTE_RRC_VERSION >= MAKE_VERSION(9, 0, 0))
, (LTE_PMCH_InfoList_r9_t *) NULL,
0,
0
#endif
);
}
......
openair2/RRC/NR/rrc_gNB.c
View file @ 80831cd4
......@@ -106,9 +106,7 @@ extern boolean_t nr_rrc_pdcp_config_asn1_req(
uint8_t *const kRRCint,
uint8_t *const kUPenc,
uint8_t *const kUPint
#if (LTE_RRC_VERSION >= MAKE_VERSION(9, 0, 0))
,LTE_PMCH_InfoList_r9_t *pmch_InfoList_r9
#endif
,rb_id_t *const defaultDRB,
struct NR_CellGroupConfig__rlc_BearerToAddModList *rlc_bearer2add_list);
......@@ -1301,49 +1299,22 @@ rrc_gNB_process_RRCReconfigurationComplete(
ue_context_pP->ue_context.ue_reestablishment_timer = 0;
#ifndef PHYSIM
uint8_t *k_kdf = NULL;
/* Derive the keys from kgnb */
if (DRB_configList != NULL) {
k_kdf = NULL;
nr_derive_key_up_enc(ue_context_pP->ue_context.ciphering_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kUPenc: last 128 bits of key derivation function which returns 256 bits */
kUPenc = malloc(16);
if (kUPenc == NULL) exit(1);
memcpy(kUPenc, k_kdf+16, 16);
free(k_kdf);
k_kdf = NULL;
&kUPenc);
nr_derive_key_up_int(ue_context_pP->ue_context.integrity_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kUPint: last 128 bits of key derivation function which returns 256 bits */
kUPint = malloc(16);
if (kUPint == NULL) exit(1);
memcpy(kUPint, k_kdf+16, 16);
free(k_kdf);
&kUPint);
}
k_kdf = NULL;
nr_derive_key_rrc_enc(ue_context_pP->ue_context.ciphering_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kRRCenc: last 128 bits of key derivation function which returns 256 bits */
kRRCenc = malloc(16);
if (kRRCenc == NULL) exit(1);
memcpy(kRRCenc, k_kdf+16, 16);
free(k_kdf);
k_kdf = NULL;
&kRRCenc);
nr_derive_key_rrc_int(ue_context_pP->ue_context.integrity_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kRRCint: last 128 bits of key derivation function which returns 256 bits */
kRRCint = malloc(16);
if (kRRCint == NULL) exit(1);
memcpy(kRRCint, k_kdf+16, 16);
free(k_kdf);
&kRRCint);
#endif
/* Refresh SRBs/DRBs */
MSC_LOG_TX_MESSAGE(MSC_RRC_GNB, MSC_PDCP_ENB, NULL, 0, MSC_AS_TIME_FMT" CONFIG_REQ UE %x DRB (security unchanged)",
......
openair2/RRC/NR/rrc_gNB_NGAP.c
View file @ 80831cd4
......@@ -309,41 +309,19 @@ nr_rrc_pdcp_config_security(
static int print_keys= 1;
#ifndef PHYSIM
uint8_t *k_kdf = NULL;
/* Derive the keys from kgnb */
if (SRB_configList != NULL) {
k_kdf = NULL;
nr_derive_key_up_enc(ue_context_pP->ue_context.ciphering_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kUPenc: last 128 bits of key derivation function which returns 256 bits */
kUPenc = malloc(16);
if (kUPenc == NULL) exit(1);
memcpy(kUPenc, k_kdf+16, 16);
free(k_kdf);
&kUPenc);
}
k_kdf = NULL;
nr_derive_key_rrc_enc(ue_context_pP->ue_context.ciphering_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kRRCenc: last 128 bits of key derivation function which returns 256 bits */
kRRCenc = malloc(16);
if (kRRCenc == NULL) exit(1);
memcpy(kRRCenc, k_kdf+16, 16);
free(k_kdf);
k_kdf = NULL;
&kRRCenc);
nr_derive_key_rrc_int(ue_context_pP->ue_context.integrity_algorithm,
ue_context_pP->ue_context.kgnb,
&k_kdf);
/* kRRCint: last 128 bits of key derivation function which returns 256 bits */
kRRCint = malloc(16);
if (kRRCint == NULL) exit(1);
memcpy(kRRCint, k_kdf+16, 16);
free(k_kdf);
&kRRCint);
#endif
if (!IS_SOFTMODEM_IQPLAYER) {
SET_LOG_DUMP(DEBUG_SECURITY) ;
......
openair2/RRC/NR/rrc_gNB_nsa.c
View file @ 80831cd4
......@@ -52,9 +52,7 @@ extern boolean_t nr_rrc_pdcp_config_asn1_req(
uint8_t *const kRRCint,
uint8_t *const kUPenc,
uint8_t *const kUPint
#if (LTE_RRC_VERSION >= MAKE_VERSION(9, 0, 0))
,LTE_PMCH_InfoList_r9_t *pmch_InfoList_r9
#endif
,rb_id_t *const defaultDRB,
struct NR_CellGroupConfig__rlc_BearerToAddModList *rlc_bearer2add_list);
......@@ -215,25 +213,12 @@ void rrc_add_nsa_user(gNB_RRC_INST *rrc,struct rrc_gNB_ue_context_s *ue_context_
LOG_I(RRC, "selecting integrity algorithm %d\n", ue_context_p->ue_context.integrity_algorithm);
/* derive UP security key */
unsigned char *kUPenc_kdf;
nr_derive_key_up_enc(ue_context_p->ue_context.ciphering_algorithm,
ue_context_p->ue_context.kgnb,
&kUPenc_kdf);
/* kUPenc: last 128 bits of key derivation function which returns 256 bits */
kUPenc = malloc(16);
if (kUPenc == NULL) exit(1);
memcpy(kUPenc, kUPenc_kdf+16, 16);
free(kUPenc_kdf);
unsigned char *kUPint_kdf;
&kUPenc);
nr_derive_key_up_int(ue_context_p->ue_context.integrity_algorithm,
ue_context_p->ue_context.kgnb,
&kUPint_kdf);
/* kUPint: last 128 bits of key derivation function which returns 256 bits */
kUPint = malloc(16);
if (kUPint == NULL) exit(1);
memcpy(kUPint, kUPint_kdf+16, 16);
free(kUPint_kdf);
&kUPint);
e_NR_CipheringAlgorithm cipher_algo;
switch (ue_context_p->ue_context.ciphering_algorithm) {
......
openair2/RRC/NR_UE/rrc_UE.c
View file @ 80831cd4
......@@ -187,9 +187,7 @@ extern boolean_t nr_rrc_pdcp_config_asn1_req(
uint8_t *const kRRCint,
uint8_t *const kUPenc,
uint8_t *const kUPint
#if (LTE_RRC_VERSION >= MAKE_VERSION(9, 0, 0))
,LTE_PMCH_InfoList_r9_t *pmch_InfoList_r9
#endif
,rb_id_t *const defaultDRB,
struct NR_CellGroupConfig__rlc_BearerToAddModList *rlc_bearer2add_list);
......@@ -1655,37 +1653,16 @@ int8_t nr_rrc_ue_decode_ccch( const protocol_ctxt_t *const ctxt_pP, const NR_SRB
uint8_t *kRRCenc = NULL;
uint8_t *kUPenc = NULL;
uint8_t *kRRCint = NULL;
uint8_t *k_kdf = NULL;
#ifndef PHYSIM
k_kdf = NULL;
nr_derive_key_up_enc(NR_UE_rrc_inst[ctxt_pP->module_id].cipheringAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb,
&k_kdf);
/* kUPenc: last 128 bits of key derivation function which returns 256 bits */
kUPenc = malloc(16);
if (kUPenc == NULL) exit(1);
memcpy(kUPenc, k_kdf+16, 16);
free(k_kdf);
k_kdf = NULL;
&kUPenc);
nr_derive_key_rrc_enc(NR_UE_rrc_inst[ctxt_pP->module_id].cipheringAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb,
&k_kdf);
/* kRRCenc: last 128 bits of key derivation function which returns 256 bits */
kRRCenc = malloc(16);
if (kRRCenc == NULL) exit(1);
memcpy(kRRCenc, k_kdf+16, 16);
free(k_kdf);
k_kdf = NULL;
&kRRCenc);
nr_derive_key_rrc_int(NR_UE_rrc_inst[ctxt_pP->module_id].integrityProtAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb,
&k_kdf);
/* kRRCint: last 128 bits of key derivation function which returns 256 bits */
kRRCint = malloc(16);
if (kRRCint == NULL) exit(1);
memcpy(kRRCint, k_kdf+16, 16);
free(k_kdf);
&kRRCint);
#endif
LOG_I(NR_RRC, "driving kRRCenc, kRRCint and kUPenc from KgNB="
"%02x%02x%02x%02x"
......@@ -2060,17 +2037,9 @@ nr_rrc_ue_establish_srb2(
uint8_t *kRRCenc = NULL;
uint8_t *kRRCint = NULL;
nr_derive_key_rrc_enc(NR_UE_rrc_inst[ctxt_pP->module_id].cipheringAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &k_kdf);
kRRCenc = malloc(16);
if (kRRCenc == NULL) exit(1);
memcpy(kRRCenc, k_kdf + 16, 16);
free(k_kdf);
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &kRRCenc);
nr_derive_key_rrc_int(NR_UE_rrc_inst[ctxt_pP->module_id].integrityProtAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &k_kdf);
kRRCint = malloc(16);
if (kRRCint == NULL) exit(1);
memcpy(kRRCint, k_kdf + 16, 16);
free(k_kdf);
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &kRRCint);
// Refresh SRBs
nr_rrc_pdcp_config_asn1_req(ctxt_pP,
......@@ -2157,18 +2126,9 @@ nr_rrc_ue_establish_srb2(
uint8_t *kUPint = NULL;
nr_derive_key_up_enc(NR_UE_rrc_inst[ctxt_pP->module_id].cipheringAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &k_kdf);
kUPenc = malloc(16);
if (kUPenc == NULL) exit(1);
memcpy(kUPenc, k_kdf + 16, 16);
free(k_kdf);
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &kUPenc);
nr_derive_key_up_int(NR_UE_rrc_inst[ctxt_pP->module_id].integrityProtAlgorithm,
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &k_kdf);
kUPint = malloc(16);
if (kUPint == NULL) exit(1);
memcpy(kUPint, k_kdf + 16, 16);
free(k_kdf);
NR_UE_rrc_inst[ctxt_pP->module_id].kgnb, &kUPint);
MSC_LOG_TX_MESSAGE(
MSC_RRC_UE,
......
openair2/UTIL/OSA/osa_key_deriver.c
View file @ 80831cd4
......@@ -121,6 +121,8 @@ int nr_derive_key(algorithm_type_dist_t alg_type, uint8_t alg_id,
string[6] = 0x01;
kdf(string, 7, key, 32, out, 32);
// in NR, we use the last 16 bytes, ignoring the first 16 ones
memcpy(*out, *out+16, 16);
return 0;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment