diff --git a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c index 8b5a4c3abd49d69dbfc04cb35aa36dff7e45f92a..1f5e71981c6ab2a279e40523fa938acd6ba03159 100644 --- a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c +++ b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c @@ -257,6 +257,9 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config, int mme_api_get_emm_config(mme_api_emm_config_t *config) #endif { +#if defined(EPC_BUILD) + int i; +#endif LOG_FUNC_IN; config->gummei.plmn.MCCdigit1 = 2; @@ -275,6 +278,10 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config) if (mme_config_p->unauthenticated_imsi_supported != 0) { config->features |= MME_API_UNAUTHENTICATED_IMSI; } + for (i = 0 ; i < 8; i++) { + config->prefered_integrity_algorithm[i] = mme_config_p->nas_config.prefered_integrity_algorithm[i]; + config->prefered_ciphering_algorithm[i] = mme_config_p->nas_config.prefered_ciphering_algorithm[i]; + } #else config->features = MME_API_EMERGENCY_ATTACH | MME_API_UNAUTHENTICATED_IMSI; #endif diff --git a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h index d01c00f4f2770a717b549325915feb9626147441..353a1416e06ec7023f8f166ff5bd245b813640e6 100644 --- a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h +++ b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h @@ -89,6 +89,8 @@ typedef enum mme_api_ip_version_e { typedef struct mme_api_emm_config_s { mme_api_feature_t features; /* Supported features */ gummei_t gummei; /* EPS Globally Unique MME Identity */ + uint8_t prefered_integrity_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EIA0, etc + uint8_t prefered_ciphering_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EEA0, etc } mme_api_emm_config_t; /* diff --git a/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c b/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c index b7c49b27efa6ab420cf553adb13955555e56c2e0..0961f33a9082475ee861c6e19cb6c7325459d1f1 100644 --- a/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c +++ b/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c @@ -382,18 +382,20 @@ int nas_message_decode( LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT); } else if (size > 1) { + if (emm_security_context) { #if defined(NAS_MME) - if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) { - emm_security_context->ul_count.overflow += 1; - } - emm_security_context->ul_count.seq_num = msg->header.sequence_number; + if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) { + emm_security_context->ul_count.overflow += 1; + } + emm_security_context->ul_count.seq_num = msg->header.sequence_number; #else - if (emm_security_context->dl_count.seq_num > msg->header.sequence_number) { - emm_security_context->dl_count.overflow += 1; - } - emm_security_context->dl_count.seq_num = msg->header.sequence_number; + if (emm_security_context->dl_count.seq_num > msg->header.sequence_number) { + emm_security_context->dl_count.overflow += 1; + } + emm_security_context->dl_count.seq_num = msg->header.sequence_number; #endif + } /* Compute offset of the sequence number field */ int offset = size - sizeof(UInt8_t); /* Compute the NAS message authentication code */ diff --git a/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c b/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c index 2277bb9bd34074fbfd1e81bca85248186055c3f7..2246dc2d9859ecbbfe603fb998f8e731815d2635 100644 --- a/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c +++ b/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c @@ -1127,36 +1127,33 @@ static int _security_select_algorithms( { LOG_FUNC_IN; - int rc = RETURNerror; - - /* TODO work with loaded preferences from config file */ - - if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA1)) { - LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA1"); - *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA1; - } else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA2)) { - LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA2"); - *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA2; - } else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA0)) { - LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA0"); - *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0; - } else { - LOG_FUNC_RETURN (rc); + int rc = RETURNerror; + int preference_index; + + *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0; + *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0; + + for (preference_index = 0; preference_index < 8; preference_index++) { + if (ue_eiaP & (0x80 >> _emm_data.conf.prefered_integrity_algorithm[preference_index])) { + LOG_TRACE(DEBUG, + "Selected NAS_SECURITY_ALGORITHMS_EIA%d (choice num %d)", + _emm_data.conf.prefered_integrity_algorithm[preference_index], + preference_index); + *mme_eiaP = _emm_data.conf.prefered_integrity_algorithm[preference_index]; + break; + } } - if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA0)) { - LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA0"); - *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0; - } else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA1)) { - LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA1"); - *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA1; - } else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA2)) { - LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA2"); - *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA2; - } else { - LOG_FUNC_RETURN (rc); + for (preference_index = 0; preference_index < 8; preference_index++) { + if (ue_eeaP & (0x80 >> _emm_data.conf.prefered_ciphering_algorithm[preference_index])) { + LOG_TRACE(DEBUG, + "Selected NAS_SECURITY_ALGORITHMS_EEA%d (choice num %d)", + _emm_data.conf.prefered_ciphering_algorithm[preference_index], + preference_index); + *mme_eeaP = _emm_data.conf.prefered_ciphering_algorithm[preference_index]; + break; + } } - LOG_FUNC_RETURN (RETURNok); } diff --git a/openair-cn/UTILS/mme_config.c b/openair-cn/UTILS/mme_config.c index 8cd1d3b48cd521b68d8494efcd01269cfd8fbab4..e955da5492bde1288683c337301c8292593d806b 100644 --- a/openair-cn/UTILS/mme_config.c +++ b/openair-cn/UTILS/mme_config.c @@ -331,6 +331,52 @@ static int config_parse_file(mme_config_t *mme_config_p) free(cidr); } } + + // NAS SETTING + setting = config_setting_get_member (setting_mme, MME_CONFIG_STRING_NAS_CONFIG); + if (setting != NULL) { + subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST); + if (subsetting != NULL) { + num = config_setting_length(subsetting); + if (num <= 8) { + for (i = 0; i < num; i++) { + astring = config_setting_get_string_elem(subsetting, i); + if (strcmp("EIA0", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0; + else if (strcmp("EIA1", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA1; + else if (strcmp("EIA2", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA2; + else if (strcmp("EIA3", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0; + else if (strcmp("EIA4", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0; + else if (strcmp("EIA5", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0; + else if (strcmp("EIA6", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0; + else if (strcmp("EIA7", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0; + } + for (i = num; i < 8; i++) { + mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0; + } + } + } + subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST); + if (subsetting != NULL) { + num = config_setting_length(subsetting); + if (num <= 8) { + for (i = 0; i < num; i++) { + astring = config_setting_get_string_elem(subsetting, i); + if (strcmp("EEA0", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0; + else if (strcmp("EEA1", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA1; + else if (strcmp("EEA2", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA2; + else if (strcmp("EEA3", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0; + else if (strcmp("EEA4", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0; + else if (strcmp("EEA5", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0; + else if (strcmp("EEA6", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0; + else if (strcmp("EEA7", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0; + } + for (i = num; i < 8; i++) { + mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0; + } + } + } + + } } setting = config_lookup(&cfg, SGW_CONFIG_STRING_SGW_CONFIG); diff --git a/openair-cn/UTILS/mme_config.h b/openair-cn/UTILS/mme_config.h index 400b85b3ef2422662dce6dfbf55a35c628b926a4..ad7fdbafaff96f70c86b8254059caf8cf4ebe495 100644 --- a/openair-cn/UTILS/mme_config.h +++ b/openair-cn/UTILS/mme_config.h @@ -76,6 +76,25 @@ #define MME_CONFIG_STRING_ASN1_VERBOSITY_ANNOYING "annoying" #define MME_CONFIG_STRING_ASN1_VERBOSITY_INFO "info" +#define MME_CONFIG_STRING_NAS_CONFIG "NAS" +#define MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST "ORDERED_SUPPORTED_INTEGRITY_ALGORITHM_LIST" +#define MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST "ORDERED_SUPPORTED_CIPHERING_ALGORITHM_LIST" +#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA0 0b000 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA1 0b001 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA2 0b010 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA3 0b011 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA4 0b100 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA5 0b101 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA6 0b110 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA7 0b111 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA0 0b000 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA1 0b001 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA2 0b010 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA3 0b011 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA4 0b100 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA5 0b101 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA6 0b110 +#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA7 0b111 typedef struct mme_config_s { /* Reader/writer lock for this configuration */ @@ -140,6 +159,12 @@ typedef struct mme_config_s { uint32_t queue_size; char *log_file; } itti_config; + + struct { + uint8_t prefered_integrity_algorithm[8]; + uint8_t prefered_ciphering_algorithm[8]; + } nas_config; + } mme_config_t; extern mme_config_t mme_config;