Merge remote-tracking branch 'origin/fix-e1-security' into integration_2023_w24

cdb81622 · Robert Schmidt · feb866d1 · 46f0e348 · cdb81622 · cdb81622
Commit cdb81622 authored Jun 16, 2023 by Robert Schmidt
Showing with 9 additions and 17 deletions

CMakeLists.txt CMakeLists.txt +2 -2

openair2/E1AP/e1ap.c openair2/E1AP/e1ap.c +2 -2

openair2/E1AP/e1ap_api.c openair2/E1AP/e1ap_api.c +3 -11

openair2/RRC/NR/rrc_gNB_NGAP.c openair2/RRC/NR/rrc_gNB_NGAP.c +2 -2

No files found.
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1588,7 +1588,7 @@ add_library(e1_if
  ${NR_RRC_DIR}/cucp_cuup_e1ap.c
  )

-target_link_libraries(e1_if PRIVATE asn1_nr_rrc_hdrs asn1_lte_rrc_hdrs asn1_f1ap e1ap GTPV1U)
+target_link_libraries(e1_if PRIVATE asn1_nr_rrc_hdrs asn1_lte_rrc_hdrs asn1_f1ap SECURITY ${OPENSSL_LIBRARIES} crypt e1ap GTPV1U)

 add_library(e1_pdcp_if
  ${OPENAIR2_DIR}/LAYER2/nr_pdcp/nr_pdcp_e1_api.c
@@ -2301,7 +2301,7 @@ add_executable(nr-cuup
 target_link_libraries(nr-cuup PRIVATE
                      CONFIG_LIB ITTI SCTP_CLIENT
                      GTPV1U e1ap e1_pdcp_if f1ap SIMU_ETH
-                      SECURITY ${OPENSSL_LIBRARIES} crypt z sctp dl pthread)
+                      z sctp dl pthread)
 target_link_libraries(nr-cuup PRIVATE asn1_lte_rrc_hdrs asn1_nr_rrc_hdrs)
                     
 # nr-uesoftmodem is  UE implementation

--- a/openair2/E1AP/e1ap.c
+++ b/openair2/E1AP/e1ap.c
@@ -531,11 +531,11 @@ static int fill_BEARER_CONTEXT_SETUP_REQUEST(e1ap_setup_req_t *setup, e1ap_beare
  ieC2->value.present              = E1AP_BearerContextSetupRequestIEs__value_PR_SecurityInformation;
  ieC2->value.choice.SecurityInformation.securityAlgorithm.cipheringAlgorithm = bearerCxt->cipheringAlgorithm;
  OCTET_STRING_fromBuf(&ieC2->value.choice.SecurityInformation.uPSecuritykey.encryptionKey,
-                       bearerCxt->encryptionKey, strlen(bearerCxt->encryptionKey));
+                       bearerCxt->encryptionKey, 16);

  asn1cCallocOne(ieC2->value.choice.SecurityInformation.securityAlgorithm.integrityProtectionAlgorithm, bearerCxt->integrityProtectionAlgorithm);
  asn1cCalloc(ieC2->value.choice.SecurityInformation.uPSecuritykey.integrityProtectionKey, protKey);
-  OCTET_STRING_fromBuf(protKey, bearerCxt->integrityProtectionKey, strlen(bearerCxt->integrityProtectionKey));
+  OCTET_STRING_fromBuf(protKey, bearerCxt->integrityProtectionKey, 16);
  /* mandatory */
  /* c3. UE DL Aggregate Maximum Bit Rate */
  asn1cSequenceAdd(out->protocolIEs.list, E1AP_BearerContextSetupRequestIEs_t, ieC3);

--- a/openair2/E1AP/e1ap_api.c
+++ b/openair2/E1AP/e1ap_api.c
@@ -83,8 +83,7 @@ static void fill_DRB_configList_e1(NR_DRB_ToAddModList_t *DRB_configList, pdu_se
      asn1cCallocOne(drbCfg->integrityProtection, NR_PDCP_Config__drb__integrityProtection_enabled);
    }

-    if (pdu->confidentialityProtectionIndication == 0 || // Required
-        pdu->confidentialityProtectionIndication == 1) { // Preferred
+    if (pdu->confidentialityProtectionIndication == 2) { // Not Needed
      asn1cCalloc(pdcp_config->ext1, ext1);
      asn1cCallocOne(ext1->cipheringDisabled, NR_PDCP_Config__ext1__cipheringDisabled_true);
    }
@@ -121,19 +120,12 @@ static int drb_config_N3gtpu_create(e1ap_bearer_setup_req_t * const req,
  }

  // Configure DRBs
-  uint8_t kUPenc[16] = {0};
-  uint8_t kUPint[16] = {0};
-
-  nr_derive_key(UP_ENC_ALG, req->cipheringAlgorithm, (uint8_t *)req->encryptionKey, kUPenc);
-
-  nr_derive_key(UP_INT_ALG, req->integrityProtectionAlgorithm, (uint8_t *)req->integrityProtectionKey, kUPint);
-
  nr_pdcp_e1_add_drbs(true, // set this to notify PDCP that his not UE
                      create_tunnel_req.ue_id,
                      &DRB_configList,
                      (req->integrityProtectionAlgorithm << 4) | req->cipheringAlgorithm,
-                      kUPenc,
-                      kUPint);
+                      (uint8_t *)req->encryptionKey,
+                      (uint8_t *)req->integrityProtectionKey);
  return ret;
 }


--- a/openair2/RRC/NR/rrc_gNB_NGAP.c
+++ b/openair2/RRC/NR/rrc_gNB_NGAP.c
@@ -764,9 +764,9 @@ void rrc_gNB_process_NGAP_PDUSESSION_SETUP_REQ(MessageDef *msg_p, instance_t ins
    bearer_req.gNB_cu_cp_ue_id = msg->gNB_ue_ngap_id;
    bearer_req.rnti = UE->rnti;
    bearer_req.cipheringAlgorithm = UE->ciphering_algorithm;
-    memcpy(bearer_req.encryptionKey, UE->kgnb, sizeof(UE->kgnb));
    bearer_req.integrityProtectionAlgorithm = UE->integrity_algorithm;
-    memcpy(bearer_req.integrityProtectionKey, UE->kgnb, sizeof(UE->kgnb));
+    nr_derive_key(UP_ENC_ALG, UE->ciphering_algorithm, UE->kgnb, (uint8_t *)bearer_req.encryptionKey);
+    nr_derive_key(UP_INT_ALG, UE->integrity_algorithm, UE->kgnb, (uint8_t *)bearer_req.integrityProtectionKey);
    bearer_req.ueDlAggMaxBitRate = msg->ueAggMaxBitRateDownlink;
    pdu_session_to_setup_t *pdu = bearer_req.pduSession + bearer_req.numPDUSessions;
    bearer_req.numPDUSessions++;