Skip to content

O
OpenXG-RAN
Commit d55b6d25 authored by Cedric Roux's avatar Cedric Roux
Browse files
Options

nrUE: check integrity of SecurityModeCommand 

We AssertFatal() if integrity fails. To be refined if needed.
parent 884127c3
Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 7 deletions
openair2/COMMON/pdcp_messages_types.h
View file @ d55b6d25
......@@ -96,6 +96,10 @@ typedef struct NRRrcDcchDataInd_s {
uint16_t rnti;
uint8_t module_id;
uint8_t gNB_index; // LG: needed in UE
/* these three variables are needed for RRC to check integrity of the PDCP SDU */
uint32_t mac;
uint32_t header;
uint32_t count;
} NRRrcDcchDataInd;
typedef struct RrcPcchDataReq_s {
......
openair2/LAYER2/nr_pdcp/nr_pdcp_oai_api.c
View file @ d55b6d25
......@@ -784,6 +784,9 @@ srb_found:
NR_RRC_DCCH_DATA_IND(message_p).dcch_index = srb_id;
NR_RRC_DCCH_DATA_IND(message_p).sdu_p = rrc_buffer_p;
NR_RRC_DCCH_DATA_IND(message_p).sdu_size = size;
NR_RRC_DCCH_DATA_IND(message_p).mac = mac;
NR_RRC_DCCH_DATA_IND(message_p).header = header;
NR_RRC_DCCH_DATA_IND(message_p).count = count;
ue_id_t ue_id = ue->ue_id;
itti_send_msg_to_task(TASK_RRC_NRUE, ue_id, message_p);
}
......
openair2/RRC/NR_UE/rrc_UE.c
View file @ d55b6d25
......@@ -926,7 +926,13 @@ static int8_t nr_rrc_ue_decode_ccch(NR_UE_RRC_INST_t *rrc,
static void nr_rrc_ue_process_securityModeCommand(NR_UE_RRC_INST_t *ue_rrc,
NR_SecurityModeCommand_t *const securityModeCommand,
const uint8_t gNB_index)
const uint8_t gNB_index,
int srb_id,
const uint8_t *msg,
int msg_size,
uint32_t mac,
uint32_t header,
uint32_t count)
{
uint8_t security_mode;
......@@ -1016,10 +1022,13 @@ static void nr_rrc_ue_process_securityModeCommand(NR_UE_RRC_INST_t *ue_rrc,
}
LOG_T(NR_RRC, "\n");
// TODO the SecurityModeCommand message needs to pass the integrity protection check
// for the UE to declare AS security to be activated
// the SecurityModeCommand message needs to pass the integrity protection check
// for the UE to declare AS security to be activated
bool integrity_pass = nr_pdcp_check_integrity_srb(ue_rrc->ue_id, srb_id, msg, msg_size, mac, header, count);
AssertFatal(integrity_pass, "SecurityModeCommand integrity failed\n");
ue_rrc->as_security_activated = true;
int srb_id = 1; // SecurityModeComplete in SRB1
srb_id = 1; // SecurityModeComplete in SRB1
nr_pdcp_data_req_srb(ue_rrc->ue_id, srb_id, 0, (enc_rval.encoded + 7) / 8, buffer, deliver_pdu_srb_rlc, NULL);
/* after encoding SecurityModeComplete we activate both ciphering and integrity */
......@@ -1257,7 +1266,10 @@ static int nr_rrc_ue_decode_dcch(NR_UE_RRC_INST_t *rrc,
const srb_id_t Srb_id,
const uint8_t *const Buffer,
size_t Buffer_size,
const uint8_t gNB_indexP)
const uint8_t gNB_indexP,
uint32_t mac,
uint32_t header,
uint32_t count)
{
NR_DL_DCCH_Message_t *dl_dcch_msg = NULL;
......@@ -1341,7 +1353,8 @@ static int nr_rrc_ue_decode_dcch(NR_UE_RRC_INST_t *rrc,
break;
case NR_DL_DCCH_MessageType__c1_PR_securityModeCommand:
LOG_I(NR_RRC, "Received securityModeCommand (gNB %d)\n", gNB_indexP);
nr_rrc_ue_process_securityModeCommand(rrc, c1->choice.securityModeCommand, gNB_indexP);
nr_rrc_ue_process_securityModeCommand(rrc, c1->choice.securityModeCommand, gNB_indexP,
Srb_id, Buffer, Buffer_size, mac, header, count);
break;
}
} break;
......@@ -1446,7 +1459,10 @@ void *rrc_nrue(void *notUsed)
NR_RRC_DCCH_DATA_IND(msg_p).dcch_index,
NR_RRC_DCCH_DATA_IND(msg_p).sdu_p,
NR_RRC_DCCH_DATA_IND(msg_p).sdu_size,
NR_RRC_DCCH_DATA_IND(msg_p).gNB_index);
NR_RRC_DCCH_DATA_IND(msg_p).gNB_index,
NR_RRC_DCCH_DATA_IND(msg_p).mac,
NR_RRC_DCCH_DATA_IND(msg_p).header,
NR_RRC_DCCH_DATA_IND(msg_p).count);
break;
case NAS_KENB_REFRESH_REQ:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment