bugfix: fix PDCP sequence management (plus some cleanup)

With the introduction of X2AP into develop, the UEs now have to regularly
send measurement reports.

In the logs of the eNB, we see:

[OSA]   Mismatch found in integrity for algorithm 2,
        got e0.a0.c2.66, expecting a5.9c.cb.57
[PDCP]   [OSA][RB 1] eNB failed to validate MAC-I of incoming PDU

This is a bug in the PDCP layer that uses wrong parameters to compute the
integrity.

This commit fixes this bug.

The function pdcp_is_rx_seq_number_valid was removed. Its processing
has been directly integrated into the function pdcp_data_ind.

The function pdcp_mark_current_pdu_as_received is not called anymore.
Its processing was not used later on, so as of today, not calling it does
not introduce any functional change.

The function pdcp_validate_security takes now as parameters both
SN and HFN. Same for the function pdcp_get_next_count_rx.

Useless constants PDCP_SN_5BIT, PDCP_SN_7BIT and PDCP_SN_12BIT have been
removed.

The compilation option ENABLE_SECURITY has been removed. It's now always
on. (This may impact some use cases.)

The PDCP for DRB using RLC AM is not correct. It was not correct before
this commit (apart from the integrity bug). We should deal with a list
of PDUs and transmit packets to upper layers as detailed in the specs.
Today we transmit the PDU as soon as we get it. We don't care about
duplicates, in-order delivery, timeouts.

Also, we don't deal with "PDCP re-establishment". Not sure how that impacts
the software.

And, last but not least, there is still no ROHC.

cmake_targets/CMakeLists.txt

@@ -595,7 +595,6 @@ Message("CPU_Affinity flag is ${CPU_AFFINITY}")
 ##############################################################
 #    ???!!! TO BE DOCUMENTED OPTIONS !!!???
 ##############################################################
-add_boolean_option(ENABLE_SECURITY         True  "Enable LTE integrity and ciphering between RRC UE and eNB")
 add_boolean_option(ENABLE_USE_MME          True  "eNB connected to MME (INTERFACE S1-C), not standalone eNB")
 add_boolean_option(NO_RRM                  True  "DO WE HAVE A RADIO RESSOURCE MANAGER: NO")
 add_boolean_option(RRC_DEFAULT_RAB_IS_AM False "set the RLC mode to AM for the default bearer")

cmake_targets/epc_test/CMakeLists.template

@@ -9,7 +9,6 @@ set (  EMIT_ASN_DEBUG False )
 set (  ENABLE_ITTI True )
 set (  ENABLE_NAS_UE_LOGGING True )
 set (  ENABLE_NEW_MULTICAST True )
-set (  ENABLE_SECURITY True )
 set (  ENABLE_STANDALONE_EPC False)
 set (  ENABLE_USE_CPU_EXECUTION_TIME True )
 set (  ENABLE_USE_MME True )

cmake_targets/oaisim_build_oai/CMakeLists.template

@@ -8,7 +8,6 @@ set (  ENABLE_ITTI True )
 set (  ENABLE_NAS_UE_LOGGING True )
 set (  ENABLE_NEW_MULTICAST True )
 set (  ENABLE_RAL False )
-set (  ENABLE_SECURITY True )
 set (  ENABLE_STANDALONE_EPC False)
 set (  ENABLE_USE_CPU_EXECUTION_TIME True )
 set (  ENABLE_USE_MME True )

cmake_targets/oaisim_mme_build_oai/CMakeLists.template

@@ -8,7 +8,6 @@ set (  ENABLE_ITTI True )
 set (  ENABLE_NAS_UE_LOGGING False )
 set (  ENABLE_NEW_MULTICAST False )
 set (  ENABLE_RAL False )
-set (  ENABLE_SECURITY False )
 set (  ENABLE_STANDALONE_EPC False )
 set (  ENABLE_USE_CPU_EXECUTION_TIME False )
 set (  ENABLE_USE_MME False )

cmake_targets/oaisim_noS1_build_oai/CMakeLists.template

@@ -7,7 +7,6 @@ set (  ENABLE_ITTI True )
 set (  ENABLE_NAS_UE_LOGGING False )
 set (  ENABLE_NEW_MULTICAST True )
 set (  ENABLE_RAL False )
-set (  ENABLE_SECURITY False )
 set (  ENABLE_STANDALONE_EPC False)
 set (  ENABLE_USE_CPU_EXECUTION_TIME True )
 set (  ENABLE_USE_MME False )

cmake_targets/s1c_mme_test/CMakeLists.template

@@ -9,7 +9,6 @@ set (  ENABLE_NAS_UE_LOGGING True )
 set (  ENABLE_NEW_MULTICAST True )
 set (  ENABLE_PDCP_NETLINK_FIFO False )
 set (  ENABLE_RAL False )
-set (  ENABLE_SECURITY True )
 set (  ENABLE_STANDALONE_EPC False)
 set (  ENABLE_USE_CPU_EXECUTION_TIME True )
 set (  ENABLE_USE_MME True )

openair2/LAYER2/PDCP_v10.1.0/pdcp.h

@@ -164,13 +164,12 @@ typedef struct pdcp_s {
    */
   pdcp_sn_t next_pdcp_tx_sn;
   pdcp_sn_t next_pdcp_rx_sn;
-  pdcp_sn_t next_pdcp_rx_sn_before_integrity;
+  pdcp_sn_t maximum_pdcp_rx_sn;
   /*
    * TX and RX Hyper Frame Numbers
    */
   pdcp_hfn_t tx_hfn;
   pdcp_hfn_t rx_hfn;
-  pdcp_hfn_offset_t rx_hfn_offset; // related to sn mismatch
 
   /*
    * SN of the last PDCP SDU delivered to upper layers
@@ -479,14 +478,6 @@ typedef struct {
 #define REORDERING_WINDOW_SN_7BIT 64
 #define REORDERING_WINDOW_SN_12BIT 2048
 
-/*
- * SN size
- */
-#define PDCP_SN_5BIT  5
-#define PDCP_SN_7BIT  7
-#define PDCP_SN_12BIT 12
-
-
 signed int             pdcp_2_nas_irq;
 pdcp_stats_t              UE_pdcp_stats[MAX_MOBILES_PER_ENB];
 pdcp_stats_t              eNB_pdcp_stats[NUMBER_OF_eNB_MAX];

openair2/LAYER2/PDCP_v10.1.0/pdcp_primitives.h

@@ -173,7 +173,6 @@ int pdcp_netlink_dequeue_element(const protocol_ctxt_t* const  ctxt_pP,
 void pdcp_config_set_security(const protocol_ctxt_t* const  ctxt_pP, pdcp_t *pdcp_pP, rb_id_t rb_idP,
                               uint16_t lc_idP, uint8_t security_modeP, uint8_t *kRRCenc_pP, uint8_t *kRRCint_pP, uint8_t *kUPenc_pP);
 
-#if defined(ENABLE_SECURITY)
 int pdcp_apply_security(const protocol_ctxt_t* const  ctxt_pP,
                         pdcp_t     *pdcp_entity,
                         srb_flag_t  srb_flagP,
@@ -188,10 +187,10 @@ int pdcp_validate_security(const protocol_ctxt_t* const  ctxt_pP,
                            srb_flag_t srb_flagP,
                            rb_id_t rb_id,
                            uint8_t pdcp_header_len,
-                           uint16_t current_sn,
+                           uint32_t hfn,
+                           int sn,
                            uint8_t *pdcp_pdu_buffer,
                            uint16_t sdu_buffer_size);
-#endif /* defined(ENABLE_SECURITY) */
 
 #endif
 /** @}*/

openair2/LAYER2/PDCP_v10.1.0/pdcp_security.c

@@ -40,13 +40,6 @@
 #include "msc.h"
 #include "pdcp_primitives.h"
 
-#if defined(ENABLE_SECURITY)
-
-static
-uint32_t pdcp_get_next_count_tx(pdcp_t *const pdcp_pP, const srb_flag_t srb_flagP, const uint16_t pdcp_sn);
-static
-uint32_t pdcp_get_next_count_rx(pdcp_t *const pdcp_pP, const srb_flag_t srb_flagP, const uint16_t pdcp_sn);
-
 //-----------------------------------------------------------------------------
 static
 uint32_t pdcp_get_next_count_tx(
@@ -79,26 +72,25 @@ static
 uint32_t pdcp_get_next_count_rx(
   pdcp_t * const pdcp_pP,
   const srb_flag_t srb_flagP,
-  const uint16_t pdcp_sn)
+  const uint32_t hfn,
+  const int sn)
 {
   uint32_t count;
 
   /* For RX COUNT = RX_HFN << length of SN | pdcp SN of received PDU */
   if (srb_flagP) {
     /* 5 bits length SN */
-    count = (((pdcp_pP->rx_hfn + pdcp_pP->rx_hfn_offset) << 5)  | (pdcp_sn & 0x001F));
+    count = (hfn << 5)  | (sn & 0x001F);
   } else {
-    if (pdcp_pP->seq_num_size == LTE_PDCP_Config__rlc_UM__pdcp_SN_Size_len7bits) {
+    if (pdcp_pP->seq_num_size == 7) {
       /* 7 bits length SN */
-      count = (((pdcp_pP->rx_hfn + pdcp_pP->rx_hfn_offset) << 7) | (pdcp_sn & 0x007F));
+      count = (hfn << 7) | (sn & 0x007F);
     } else { // default
       /* 12 bits length SN */
-      count = (((pdcp_pP->rx_hfn + pdcp_pP->rx_hfn_offset) << 12) | (pdcp_sn & 0x0FFF));
+      count = (hfn << 12) | (sn & 0x0FFF);
     }
   }
 
-  // reset the hfn offset
-  pdcp_pP->rx_hfn_offset =0;
   LOG_D(PDCP, "[OSA] RX COUNT = 0x%08x\n", count);
 
   return count;
@@ -182,7 +174,8 @@ pdcp_validate_security(
   const srb_flag_t     srb_flagP,
   const rb_id_t        rb_id,
   const uint8_t        pdcp_header_len,
-  const uint16_t       current_sn,
+  const uint32_t       hfn,
+  const int            sn,
   uint8_t       *const pdcp_pdu_buffer,
   const uint16_t       sdu_buffer_size
 )
@@ -201,7 +194,7 @@ pdcp_validate_security(
 
   decrypt_params.direction  = (pdcp_pP->is_ue == 1) ? SECU_DIRECTION_DOWNLINK : SECU_DIRECTION_UPLINK ;
   decrypt_params.bearer     = rb_id - 1;
-  decrypt_params.count      = pdcp_get_next_count_rx(pdcp_pP, srb_flagP, current_sn);
+  decrypt_params.count      = pdcp_get_next_count_rx(pdcp_pP, srb_flagP, hfn, sn);
   decrypt_params.message    = &pdcp_pdu_buffer[pdcp_header_len];
   decrypt_params.blength    = (sdu_buffer_size - pdcp_header_len) << 3;
   decrypt_params.key_length = 16;
@@ -246,5 +239,3 @@ pdcp_validate_security(
 
   return 0;
 }
-
-#endif /* ENABLE_SECURITY */

openair2/LAYER2/PDCP_v10.1.0/pdcp_sequence_manager.c

@@ -140,152 +140,6 @@ boolean_t pdcp_advance_rx_window(pdcp_t* pdcp_entity)
   return TRUE;
 }
 
-/**
- * Checks if incoming PDU has a sequence number in accordance with the RX window
- * @return 1 if SN is okay, 0 otherwise
- * XXX Reordering window should also be handled here
- */
-boolean_t pdcp_is_rx_seq_number_valid(uint16_t seq_num, pdcp_t* pdcp_entity,srb_flag_t srb_flagP)
-{
-
-  uint16_t  reordering_window = 0;
-
-  LOG_D(PDCP, "Incoming RX Sequence number is %04d\n", seq_num);
-
-  if (pdcp_is_seq_num_size_valid(pdcp_entity) == FALSE || pdcp_is_seq_num_valid(seq_num, pdcp_entity->seq_num_size) == FALSE) {
-    return FALSE;
-  }
-
-  /*
-   * Mark received sequence numbers to keep track of missing ones
-   * (and to build PDCP Control PDU for PDCP status report)
-   */
-  if (pdcp_mark_current_pdu_as_received(seq_num, pdcp_entity) == TRUE) {
-    LOG_D(PDCP, "Received sequence number successfuly marked\n");
-  } else {
-    LOG_W(PDCP, "Cannot mark received sequence number on the bitmap!\n");
-  }
-
-  /*
-   * RX Procedures for SRB and DRBs as described in sec 5.1.2 of 36.323
-   */
-
-  if (srb_flagP) { // SRB
-
-    if (seq_num < pdcp_entity->next_pdcp_rx_sn) {
-      // decipher and verify the integrity of the PDU (if applicable) using COUNT based on RX_HFN + 1 and the received PDCP SN
-      pdcp_entity->rx_hfn++;
-      pdcp_entity->rx_hfn_offset   = 0;
-    } else {
-      // decipher and verify the integrity of the PDU (if applicable) using COUNT based using COUNT based on RX_HFN and the received PDCP SN
-      pdcp_entity->rx_hfn_offset   = 0;
-    }
-
-    // Assume  that integrity verification is applicable and the integrity verification is passed successfully;
-    // or assume that  integrity verification is not applicable:
-
-    // same the old next_pdcp_rx_sn to revert otherwise
-    pdcp_entity->next_pdcp_rx_sn_before_integrity = pdcp_entity->next_pdcp_rx_sn;
-
-    if (seq_num != pdcp_entity->next_pdcp_rx_sn) {
-      LOG_D(PDCP,"Re-adjusting the sequence number to %d\n", seq_num);
-    }
-
-    //set Next_PDCP_RX_SN to the received PDCP SN +1 ;
-    pdcp_entity->next_pdcp_rx_sn = seq_num;
-    pdcp_advance_rx_window(pdcp_entity);  // + 1, and check if it is larger than Maximum_PDCP_SN:
-
-  } else { // DRB
-
-    if (pdcp_entity->seq_num_size == PDCP_SN_7BIT) {
-      reordering_window = REORDERING_WINDOW_SN_7BIT;
-    } else {
-      reordering_window = REORDERING_WINDOW_SN_12BIT;
-    }
-
-    switch (pdcp_entity->rlc_mode) {
-    case RLC_MODE_AM:
-      if ((seq_num - pdcp_entity->last_submitted_pdcp_rx_sn > reordering_window)  ||
-          ((0 <= pdcp_entity->last_submitted_pdcp_rx_sn - seq_num) &&
-           (pdcp_entity->last_submitted_pdcp_rx_sn - seq_num < reordering_window)  )) {
-
-        if (seq_num  > pdcp_entity->next_pdcp_rx_sn) {
-          /*
-           * decipher the PDCP PDU as specified in the subclause 5.6, using COUNT based on RX_HFN - 1 and the received PDCP SN;
-           */
-          pdcp_entity->rx_hfn_offset   =  -1;
-        } else  {
-          /*
-           *  decipher the PDCP PDU as specified in the subclause 5.6, using COUNT based on RX_HFN and the received PDCP SN;
-           */
-          pdcp_entity->rx_hfn_offset   = 0;
-        }
-
-        // discard this PDCP SDU;
-        LOG_W(PDCP, "Out of the reordering window (Incoming SN:%d, Expected SN:%d): discard this PDCP SDU\n",
-              seq_num, pdcp_entity->next_pdcp_rx_sn);
-        return FALSE;
-      } else if (pdcp_entity->next_pdcp_rx_sn - seq_num > reordering_window) {
-        pdcp_entity->rx_hfn++;
-        // use COUNT based on RX_HFN and the received PDCP SN for deciphering the PDCP PDU;
-        pdcp_entity->rx_hfn_offset   = 0;
-        pdcp_entity->next_pdcp_rx_sn++;
-      } else if (seq_num - pdcp_entity->next_pdcp_rx_sn  >= reordering_window ) {
-        //  use COUNT based on RX_HFN – 1 and the received PDCP SN for deciphering the PDCP PDU;
-        pdcp_entity->rx_hfn_offset   = -1;
-      } else if (seq_num  >= pdcp_entity->next_pdcp_rx_sn ) {
-        // use COUNT based on RX_HFN and the received PDCP SN for deciphering the PDCP PDU;
-        pdcp_entity->rx_hfn_offset = 0;
-        //set Next_PDCP_RX_SN to the received PDCP SN +1 ;
-        pdcp_entity->next_pdcp_rx_sn = seq_num;
-        pdcp_advance_rx_window(pdcp_entity);  // + 1, anc check if it is larger than Maximum_PDCP_SN:
-        LOG_D(PDCP,"Re-adjusting the sequence number to %d\n", seq_num);
-      } else if (seq_num < pdcp_entity->next_pdcp_rx_sn) {
-        // use COUNT based on RX_HFN and the received PDCP SN for deciphering the PDCP PDU;
-        pdcp_entity->rx_hfn_offset = 0;
-      }
-
-      break;
-
-    case RLC_MODE_UM :
-      if (seq_num <  pdcp_entity->next_pdcp_rx_sn) {
-        pdcp_entity->rx_hfn++;
-      }
-
-      // decipher the PDCP Data PDU using COUNT based on RX_HFN and the received PDCP SN as specified in the subclause 5.6;
-      //set Next_PDCP_RX_SN to the received PDCP SN +1 ;
-      pdcp_entity->next_pdcp_rx_sn = seq_num;
-      pdcp_advance_rx_window(pdcp_entity);  // + 1, and check if it is larger than Maximum_PDCP_SN:
-
-      break;
-
-    case RLC_MODE_TM :
-    default:
-      LOG_W(PDCP,"RLC mode %d not supported\n",pdcp_entity->rlc_mode);
-      return FALSE;
-    }
-  }
-
-  /*
-  if (seq_num == pdcp_entity->next_pdcp_rx_sn) {
-    LOG_I(PDCP, "Next expected SN (%d) arrived, advancing RX window\n", seq_num);
-
-    return pdcp_advance_rx_window(pdcp_entity);
-  } else {
-    LOG_E(PDCP, "Incoming SN is not the one we expected to receive! (Incoming:%d, Expected:%d)\n", \
-        seq_num, pdcp_entity->next_pdcp_rx_sn);
-
-
-    // Update first missing PDU (used in PDCP Control PDU for PDCP status report, see 6.2.6)
-    if (pdcp_entity->first_missing_pdu != -1)
-      pdcp_entity->first_missing_pdu = pdcp_entity->next_pdcp_rx_sn;
-
-    return FALSE;
-  }
-  */
-  return TRUE;
-}
-
 boolean_t pdcp_mark_current_pdu_as_received(uint16_t seq_num, pdcp_t* pdcp_entity)
 {
   /*

openair2/LAYER2/PDCP_v10.1.0/pdcp_sequence_manager.h

@@ -59,11 +59,6 @@ uint16_t pdcp_get_next_tx_seq_number(pdcp_t* pdcp_entity);
  * Advances the RX window state of given PDCP entity upon successfull receipt of a SDU
  */
 boolean_t pdcp_advance_rx_window(pdcp_t* pdcp_entity);
-/**
- * Checks if incoming PDU has a sequence number in accordance with the RX window
- * @return TRUE if it is valid, FALSE otherwise
- */
-boolean_t pdcp_is_rx_seq_number_valid(uint16_t seq_num, pdcp_t* pdcp_entity,srb_flag_t srb_flagP);
 /**
 * Updates missing PDU bitmap with incoming sequence number
 * @return TRUE if successful, FALSE otherwise

openair2/RRC/LTE/MESSAGES/asn1_msg.c

@@ -3724,7 +3724,6 @@ do_RRCConnectionReestablishment(
         rrc->carrier[CC_id].dl_CarrierFreq,
         earfcn_dl,
         is_rel8_only == true ? "true": "false");
-#if defined(ENABLE_SECURITY)
 
   if (ue_context_pP->ue_context.nh_ncc >= 0) {
     derive_keNB_star(ue_context_pP->ue_context.nh, pci, earfcn_dl, is_rel8_only, KeNB_star);
@@ -3738,9 +3737,6 @@ do_RRCConnectionReestablishment(
   // copy KeNB_star to ue_context_pP->ue_context.kenb
   memcpy (ue_context_pP->ue_context.kenb, KeNB_star, 32);
   ue_context_pP->ue_context.kenb_ncc = 0;
-#else
-  rrcConnectionReestablishment->criticalExtensions.choice.c1.choice.rrcConnectionReestablishment_r8.nextHopChainingCount = 0;
-#endif
   rrcConnectionReestablishment->criticalExtensions.choice.c1.choice.rrcConnectionReestablishment_r8.nonCriticalExtension = NULL;
 
   if ( LOG_DEBUGFLAG(DEBUG_ASN1) ) {

openair2/RRC/LTE/defs_NB_IoT.h

@@ -273,10 +273,8 @@ typedef struct eNB_RRC_UE_NB_IoT_s {
   SRB_INFO_TABLE_ENTRY_NB_IoT               Srb1;
   SRB_INFO_TABLE_ENTRY_NB_IoT               Srb1bis;
 
-#if defined(ENABLE_SECURITY)
   /* KeNB as derived from KASME received from EPC */
   uint8_t kenb[32];
-#endif
 
   /* Used integrity/ciphering algorithms--> maintained the same for NB-IoT */
   e_LTE_CipheringAlgorithm_r12     ciphering_algorithm; //Specs. TS 36.331 V14.1.0 pag 432 Change position of chipering enumerative w.r.t previous version
@@ -555,10 +553,8 @@ typedef struct UE_RRC_INST_NB_IoT_s {
   obj_hash_table_t               *ral_meas_thresholds;
   ral_transaction_id_t            scan_transaction_id;
 #endif
-#if defined(ENABLE_SECURITY)
   // KeNB as computed from parameters within USIM card //
   uint8_t kenb[32];
-#endif
 
   // Used integrity/ciphering algorithms //
   CipheringAlgorithm_r12_t                          ciphering_algorithm;

openair2/RRC/LTE/rrc_UE.c

@@ -69,9 +69,7 @@
   #include "rrc_UE_ral.h"
 #endif
 
-#if defined(ENABLE_SECURITY)
-  #include "UTIL/OSA/osa_defs.h"
-#endif
+#include "UTIL/OSA/osa_defs.h"
 
 #include "pdcp.h"
 #include "plmn_data.h"
@@ -428,7 +426,6 @@ void init_SL_preconfig(UE_RRC_INST *UE, const uint8_t eNB_index ) {
 
 //-----------------------------------------------------------------------------
 void openair_rrc_ue_init_security( const protocol_ctxt_t *const ctxt_pP ) {
-#if defined(ENABLE_SECURITY)
   //    uint8_t *kRRCenc;
   //    uint8_t *kRRCint;
   char ascii_buffer[65];
@@ -442,7 +439,6 @@ void openair_rrc_ue_init_security( const protocol_ctxt_t *const ctxt_pP ) {
   LOG_T(RRC, PROTOCOL_RRC_CTXT_FMT"[OSA] kenb    = %s\n",
         PROTOCOL_RRC_CTXT_ARGS(ctxt_pP),
         ascii_buffer);
-#endif
 }
 
 //-----------------------------------------------------------------------------
@@ -1309,12 +1305,10 @@ rrc_ue_process_radioResourceConfigDedicated(
   if (radioResourceConfigDedicated->srb_ToAddModList) {
     uint8_t *kRRCenc = NULL;
     uint8_t *kRRCint = NULL;
-#if defined(ENABLE_SECURITY)
     derive_key_rrc_enc(UE_rrc_inst[ctxt_pP->module_id].ciphering_algorithm,
                        UE_rrc_inst[ctxt_pP->module_id].kenb, &kRRCenc);
     derive_key_rrc_int(UE_rrc_inst[ctxt_pP->module_id].integrity_algorithm,
                        UE_rrc_inst[ctxt_pP->module_id].kenb, &kRRCint);
-#endif
     // Refresh SRBs
     rrc_pdcp_config_asn1_req(ctxt_pP,
                              radioResourceConfigDedicated->srb_ToAddModList,
@@ -1487,10 +1481,8 @@ rrc_ue_process_radioResourceConfigDedicated(
     }
 
     uint8_t *kUPenc = NULL;
-#if defined(ENABLE_SECURITY)
     derive_key_up_enc(UE_rrc_inst[ctxt_pP->module_id].integrity_algorithm,
                       UE_rrc_inst[ctxt_pP->module_id].kenb, &kUPenc);
-#endif
     MSC_LOG_TX_MESSAGE(
       MSC_RRC_UE,
       MSC_PDCP_UE,
@@ -1665,7 +1657,6 @@ rrc_ue_process_securityModeCommand(
     ul_dcch_msg.message.choice.c1.present = LTE_UL_DCCH_MessageType__c1_PR_securityModeFailure;
   }
 
-#if defined(ENABLE_SECURITY)
   uint8_t *kRRCenc = NULL;
   uint8_t *kUPenc = NULL;
   uint8_t *kRRCint = NULL;
@@ -1715,8 +1706,6 @@ rrc_ue_process_securityModeCommand(
     LOG_I(RRC, "Could not get PDCP instance where key=0x%ld\n", key);
   }
 
-#endif //#if defined(ENABLE_SECURITY)
-
   if (securityModeCommand->criticalExtensions.present == LTE_SecurityModeCommand__criticalExtensions_PR_c1) {
     if (securityModeCommand->criticalExtensions.choice.c1.present != LTE_SecurityModeCommand__criticalExtensions__c1_PR_securityModeCommand_r8)
       LOG_W(RRC,"securityModeCommand->criticalExtensions.choice.c1.present (%d) != SecurityModeCommand__criticalExtensions__c1_PR_securityModeCommand_r8\n",

openair2/RRC/LTE/rrc_defs.h

@@ -554,13 +554,11 @@ typedef struct eNB_RRC_UE_s {
   int                                UE_Capability_size;
   ImsiMobileIdentity_t               imsi;
 
-#if defined(ENABLE_SECURITY)
   /* KeNB as derived from KASME received from EPC */
   uint8_t kenb[32];
   int8_t  kenb_ncc;
   uint8_t nh[32];
   int8_t  nh_ncc;
-#endif
   /* Used integrity/ciphering algorithms */
   LTE_CipheringAlgorithm_r12_t                          ciphering_algorithm;
   e_LTE_SecurityAlgorithmConfig__integrityProtAlgorithm integrity_algorithm;
@@ -838,12 +836,10 @@ typedef struct UE_RRC_INST_s {
   float                           rsrq_db[7];
   float                           rsrp_db_filtered[7];
   float                           rsrq_db_filtered[7];
-#if defined(ENABLE_SECURITY)
   /* KeNB as computed from parameters within USIM card */
   uint8_t kenb[32];
   uint8_t nh[32];
   int8_t  nh_ncc;
-#endif
 
   /* Used integrity/ciphering algorithms */
   LTE_CipheringAlgorithm_r12_t                          ciphering_algorithm;

openair2/RRC/LTE/rrc_eNB.c

@@ -75,9 +75,7 @@
 #include "OCG.h"
 #include "OCG_extern.h"
 
-#if defined(ENABLE_SECURITY)
-  #include "UTIL/OSA/osa_defs.h"
-#endif
+#include "UTIL/OSA/osa_defs.h"
 
 #if defined(ENABLE_USE_MME)
   #include "rrc_eNB_S1AP.h"
@@ -844,9 +842,7 @@ rrc_eNB_free_mem_UE_context(
   }
 
   //HANDOVER_INFO                     *handover_info;
-#if defined(ENABLE_SECURITY)
   //uint8_t kenb[32];
-#endif
   //e_SecurityAlgorithmConfig__cipheringAlgorithm     ciphering_algorithm;
   //e_SecurityAlgorithmConfig__integrityProtAlgorithm integrity_algorithm;
   //uint8_t                            Status;
@@ -6312,7 +6308,6 @@ rrc_eNB_process_RRCConnectionReconfigurationComplete(
   LTE_DRB_Identity_t                     *drb_id_p      = NULL;
   T(T_ENB_RRC_CONNECTION_RECONFIGURATION_COMPLETE, T_INT(ctxt_pP->module_id), T_INT(ctxt_pP->frame),
     T_INT(ctxt_pP->subframe), T_INT(ctxt_pP->rnti));
-#if defined(ENABLE_SECURITY)
 
   /* Derive the keys from kenb */
   if (DRB_configList != NULL) {
@@ -6324,7 +6319,6 @@ rrc_eNB_process_RRCConnectionReconfigurationComplete(
                      ue_context_pP->ue_context.kenb, &kRRCenc);
   derive_key_rrc_int(ue_context_pP->ue_context.integrity_algorithm,
                      ue_context_pP->ue_context.kenb, &kRRCint);
-#endif
   // Refresh SRBs/DRBs
   MSC_LOG_TX_MESSAGE(
     MSC_RRC_ENB,

openair2/RRC/LTE/rrc_eNB_S1AP.c

@@ -52,9 +52,7 @@
   #include "../../S1AP/s1ap_eNB.h"
 #endif
 
-#if defined(ENABLE_SECURITY)
-  #include "UTIL/OSA/osa_defs.h"
-#endif
+#include "UTIL/OSA/osa_defs.h"
 #include "msc.h"
 
 #include "LTE_UERadioAccessCapabilityInformation.h"
@@ -493,7 +491,6 @@ static void process_eNB_security_key (
 )
 //------------------------------------------------------------------------------
 {
-#if defined(ENABLE_SECURITY)
   char ascii_buffer[65];
   uint8_t i;
   /* Saves the security key */
@@ -507,7 +504,6 @@ static void process_eNB_security_key (
 
   ascii_buffer[2 * i] = '\0';
   LOG_I (RRC, "[eNB %d][UE %x] Saved security key %s\n", ctxt_pP->module_id, ue_context_pP->ue_context.rnti, ascii_buffer);
-#endif
 }
 
 
@@ -520,7 +516,6 @@ rrc_pdcp_config_security(
 )
 //------------------------------------------------------------------------------
 {
-#if defined(ENABLE_SECURITY)
   LTE_SRB_ToAddModList_t             *SRB_configList = ue_context_pP->ue_context.SRB_configList;
   uint8_t                            *kRRCenc = NULL;
   uint8_t                            *kRRCint = NULL;
@@ -578,8 +573,6 @@ rrc_pdcp_config_security(
           PROTOCOL_RRC_CTXT_UE_ARGS(ctxt_pP),
           DCCH);
   }
-
-#endif
 }
 
 //------------------------------------------------------------------------------

targets/Makefile.common

@@ -45,7 +45,6 @@ ifeq ($(OPENSSL_FOUND), 0)
 @(warning "openssl library is not installed on your system, openssl lib needed, continuing with security disabled")
 SECU=0
 else
-CFLAGS += -DENABLE_SECURITY
 LIBS += $(OPENSSL_LIBS) $(NETTLE_LIBS)
 endif
 endif