Commit 46f0e348 authored by Cedric Roux's avatar Cedric Roux

e1: fix security

parent f8f9f8ac
...@@ -1588,7 +1588,7 @@ add_library(e1_if ...@@ -1588,7 +1588,7 @@ add_library(e1_if
${NR_RRC_DIR}/cucp_cuup_e1ap.c ${NR_RRC_DIR}/cucp_cuup_e1ap.c
) )
target_link_libraries(e1_if PRIVATE asn1_nr_rrc_hdrs asn1_lte_rrc_hdrs asn1_f1ap e1ap GTPV1U) target_link_libraries(e1_if PRIVATE asn1_nr_rrc_hdrs asn1_lte_rrc_hdrs asn1_f1ap SECURITY ${OPENSSL_LIBRARIES} crypt e1ap GTPV1U)
add_library(e1_pdcp_if add_library(e1_pdcp_if
${OPENAIR2_DIR}/LAYER2/nr_pdcp/nr_pdcp_e1_api.c ${OPENAIR2_DIR}/LAYER2/nr_pdcp/nr_pdcp_e1_api.c
...@@ -2301,7 +2301,7 @@ add_executable(nr-cuup ...@@ -2301,7 +2301,7 @@ add_executable(nr-cuup
target_link_libraries(nr-cuup PRIVATE target_link_libraries(nr-cuup PRIVATE
CONFIG_LIB ITTI SCTP_CLIENT CONFIG_LIB ITTI SCTP_CLIENT
GTPV1U e1ap e1_pdcp_if f1ap SIMU_ETH GTPV1U e1ap e1_pdcp_if f1ap SIMU_ETH
SECURITY ${OPENSSL_LIBRARIES} crypt z sctp dl pthread) z sctp dl pthread)
target_link_libraries(nr-cuup PRIVATE asn1_lte_rrc_hdrs asn1_nr_rrc_hdrs) target_link_libraries(nr-cuup PRIVATE asn1_lte_rrc_hdrs asn1_nr_rrc_hdrs)
# nr-uesoftmodem is UE implementation # nr-uesoftmodem is UE implementation
......
...@@ -531,11 +531,11 @@ static int fill_BEARER_CONTEXT_SETUP_REQUEST(e1ap_setup_req_t *setup, e1ap_beare ...@@ -531,11 +531,11 @@ static int fill_BEARER_CONTEXT_SETUP_REQUEST(e1ap_setup_req_t *setup, e1ap_beare
ieC2->value.present = E1AP_BearerContextSetupRequestIEs__value_PR_SecurityInformation; ieC2->value.present = E1AP_BearerContextSetupRequestIEs__value_PR_SecurityInformation;
ieC2->value.choice.SecurityInformation.securityAlgorithm.cipheringAlgorithm = bearerCxt->cipheringAlgorithm; ieC2->value.choice.SecurityInformation.securityAlgorithm.cipheringAlgorithm = bearerCxt->cipheringAlgorithm;
OCTET_STRING_fromBuf(&ieC2->value.choice.SecurityInformation.uPSecuritykey.encryptionKey, OCTET_STRING_fromBuf(&ieC2->value.choice.SecurityInformation.uPSecuritykey.encryptionKey,
bearerCxt->encryptionKey, strlen(bearerCxt->encryptionKey)); bearerCxt->encryptionKey, 16);
asn1cCallocOne(ieC2->value.choice.SecurityInformation.securityAlgorithm.integrityProtectionAlgorithm, bearerCxt->integrityProtectionAlgorithm); asn1cCallocOne(ieC2->value.choice.SecurityInformation.securityAlgorithm.integrityProtectionAlgorithm, bearerCxt->integrityProtectionAlgorithm);
asn1cCalloc(ieC2->value.choice.SecurityInformation.uPSecuritykey.integrityProtectionKey, protKey); asn1cCalloc(ieC2->value.choice.SecurityInformation.uPSecuritykey.integrityProtectionKey, protKey);
OCTET_STRING_fromBuf(protKey, bearerCxt->integrityProtectionKey, strlen(bearerCxt->integrityProtectionKey)); OCTET_STRING_fromBuf(protKey, bearerCxt->integrityProtectionKey, 16);
/* mandatory */ /* mandatory */
/* c3. UE DL Aggregate Maximum Bit Rate */ /* c3. UE DL Aggregate Maximum Bit Rate */
asn1cSequenceAdd(out->protocolIEs.list, E1AP_BearerContextSetupRequestIEs_t, ieC3); asn1cSequenceAdd(out->protocolIEs.list, E1AP_BearerContextSetupRequestIEs_t, ieC3);
......
...@@ -83,8 +83,7 @@ static void fill_DRB_configList_e1(NR_DRB_ToAddModList_t *DRB_configList, pdu_se ...@@ -83,8 +83,7 @@ static void fill_DRB_configList_e1(NR_DRB_ToAddModList_t *DRB_configList, pdu_se
asn1cCallocOne(drbCfg->integrityProtection, NR_PDCP_Config__drb__integrityProtection_enabled); asn1cCallocOne(drbCfg->integrityProtection, NR_PDCP_Config__drb__integrityProtection_enabled);
} }
if (pdu->confidentialityProtectionIndication == 0 || // Required if (pdu->confidentialityProtectionIndication == 2) { // Not Needed
pdu->confidentialityProtectionIndication == 1) { // Preferred
asn1cCalloc(pdcp_config->ext1, ext1); asn1cCalloc(pdcp_config->ext1, ext1);
asn1cCallocOne(ext1->cipheringDisabled, NR_PDCP_Config__ext1__cipheringDisabled_true); asn1cCallocOne(ext1->cipheringDisabled, NR_PDCP_Config__ext1__cipheringDisabled_true);
} }
...@@ -121,19 +120,12 @@ static int drb_config_N3gtpu_create(e1ap_bearer_setup_req_t * const req, ...@@ -121,19 +120,12 @@ static int drb_config_N3gtpu_create(e1ap_bearer_setup_req_t * const req,
} }
// Configure DRBs // Configure DRBs
uint8_t kUPenc[16] = {0};
uint8_t kUPint[16] = {0};
nr_derive_key(UP_ENC_ALG, req->cipheringAlgorithm, (uint8_t *)req->encryptionKey, kUPenc);
nr_derive_key(UP_INT_ALG, req->integrityProtectionAlgorithm, (uint8_t *)req->integrityProtectionKey, kUPint);
nr_pdcp_e1_add_drbs(true, // set this to notify PDCP that his not UE nr_pdcp_e1_add_drbs(true, // set this to notify PDCP that his not UE
create_tunnel_req.ue_id, create_tunnel_req.ue_id,
&DRB_configList, &DRB_configList,
(req->integrityProtectionAlgorithm << 4) | req->cipheringAlgorithm, (req->integrityProtectionAlgorithm << 4) | req->cipheringAlgorithm,
kUPenc, (uint8_t *)req->encryptionKey,
kUPint); (uint8_t *)req->integrityProtectionKey);
return ret; return ret;
} }
......
...@@ -764,9 +764,9 @@ void rrc_gNB_process_NGAP_PDUSESSION_SETUP_REQ(MessageDef *msg_p, instance_t ins ...@@ -764,9 +764,9 @@ void rrc_gNB_process_NGAP_PDUSESSION_SETUP_REQ(MessageDef *msg_p, instance_t ins
bearer_req.gNB_cu_cp_ue_id = msg->gNB_ue_ngap_id; bearer_req.gNB_cu_cp_ue_id = msg->gNB_ue_ngap_id;
bearer_req.rnti = UE->rnti; bearer_req.rnti = UE->rnti;
bearer_req.cipheringAlgorithm = UE->ciphering_algorithm; bearer_req.cipheringAlgorithm = UE->ciphering_algorithm;
memcpy(bearer_req.encryptionKey, UE->kgnb, sizeof(UE->kgnb));
bearer_req.integrityProtectionAlgorithm = UE->integrity_algorithm; bearer_req.integrityProtectionAlgorithm = UE->integrity_algorithm;
memcpy(bearer_req.integrityProtectionKey, UE->kgnb, sizeof(UE->kgnb)); nr_derive_key(UP_ENC_ALG, UE->ciphering_algorithm, UE->kgnb, (uint8_t *)bearer_req.encryptionKey);
nr_derive_key(UP_INT_ALG, UE->integrity_algorithm, UE->kgnb, (uint8_t *)bearer_req.integrityProtectionKey);
bearer_req.ueDlAggMaxBitRate = msg->ueAggMaxBitRateDownlink; bearer_req.ueDlAggMaxBitRate = msg->ueAggMaxBitRateDownlink;
pdu_session_to_setup_t *pdu = bearer_req.pduSession + bearer_req.numPDUSessions; pdu_session_to_setup_t *pdu = bearer_req.pduSession + bearer_req.numPDUSessions;
bearer_req.numPDUSessions++; bearer_req.numPDUSessions++;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment