diff --git a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c
index 8b5a4c3abd49d69dbfc04cb35aa36dff7e45f92a..1f5e71981c6ab2a279e40523fa938acd6ba03159 100644
--- a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c
+++ b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.c
@@ -257,6 +257,9 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config,
int mme_api_get_emm_config(mme_api_emm_config_t *config)
#endif
{
+#if defined(EPC_BUILD)
+ int i;
+#endif
LOG_FUNC_IN;
config->gummei.plmn.MCCdigit1 = 2;
@@ -275,6 +278,10 @@ int mme_api_get_emm_config(mme_api_emm_config_t *config)
if (mme_config_p->unauthenticated_imsi_supported != 0) {
config->features |= MME_API_UNAUTHENTICATED_IMSI;
}
+ for (i = 0 ; i < 8; i++) {
+ config->prefered_integrity_algorithm[i] = mme_config_p->nas_config.prefered_integrity_algorithm[i];
+ config->prefered_ciphering_algorithm[i] = mme_config_p->nas_config.prefered_ciphering_algorithm[i];
+ }
#else
config->features = MME_API_EMERGENCY_ATTACH | MME_API_UNAUTHENTICATED_IMSI;
#endif
diff --git a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h
index d01c00f4f2770a717b549325915feb9626147441..353a1416e06ec7023f8f166ff5bd245b813640e6 100644
--- a/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h
+++ b/openair-cn/NAS/EURECOM-NAS/src/api/mme/mme_api.h
@@ -89,6 +89,8 @@ typedef enum mme_api_ip_version_e {
typedef struct mme_api_emm_config_s {
mme_api_feature_t features; /* Supported features */
gummei_t gummei; /* EPS Globally Unique MME Identity */
+ uint8_t prefered_integrity_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EIA0, etc
+ uint8_t prefered_ciphering_algorithm[8];// choice in NAS_SECURITY_ALGORITHMS_EEA0, etc
} mme_api_emm_config_t;
/*
diff --git a/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c b/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c
index b7c49b27efa6ab420cf553adb13955555e56c2e0..0961f33a9082475ee861c6e19cb6c7325459d1f1 100644
--- a/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c
+++ b/openair-cn/NAS/EURECOM-NAS/src/api/network/nas_message.c
@@ -382,18 +382,20 @@ int nas_message_decode(
LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT);
}
else if (size > 1) {
+ if (emm_security_context) {
#if defined(NAS_MME)
- if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) {
- emm_security_context->ul_count.overflow += 1;
- }
- emm_security_context->ul_count.seq_num = msg->header.sequence_number;
+ if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) {
+ emm_security_context->ul_count.overflow += 1;
+ }
+ emm_security_context->ul_count.seq_num = msg->header.sequence_number;
#else
- if (emm_security_context->dl_count.seq_num > msg->header.sequence_number) {
- emm_security_context->dl_count.overflow += 1;
- }
- emm_security_context->dl_count.seq_num = msg->header.sequence_number;
+ if (emm_security_context->dl_count.seq_num > msg->header.sequence_number) {
+ emm_security_context->dl_count.overflow += 1;
+ }
+ emm_security_context->dl_count.seq_num = msg->header.sequence_number;
#endif
+ }
/* Compute offset of the sequence number field */
int offset = size - sizeof(UInt8_t);
/* Compute the NAS message authentication code */
diff --git a/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c b/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c
index 2277bb9bd34074fbfd1e81bca85248186055c3f7..2246dc2d9859ecbbfe603fb998f8e731815d2635 100644
--- a/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c
+++ b/openair-cn/NAS/EURECOM-NAS/src/emm/SecurityModeControl.c
@@ -1127,36 +1127,33 @@ static int _security_select_algorithms(
{
LOG_FUNC_IN;
- int rc = RETURNerror;
-
- /* TODO work with loaded preferences from config file */
-
- if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA1)) {
- LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA1");
- *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA1;
- } else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA2)) {
- LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA2");
- *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA2;
- } else if (ue_eiaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EIA0)) {
- LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EIA0");
- *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0;
- } else {
- LOG_FUNC_RETURN (rc);
+ int rc = RETURNerror;
+ int preference_index;
+
+ *mme_eiaP = NAS_SECURITY_ALGORITHMS_EIA0;
+ *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0;
+
+ for (preference_index = 0; preference_index < 8; preference_index++) {
+ if (ue_eiaP & (0x80 >> _emm_data.conf.prefered_integrity_algorithm[preference_index])) {
+ LOG_TRACE(DEBUG,
+ "Selected NAS_SECURITY_ALGORITHMS_EIA%d (choice num %d)",
+ _emm_data.conf.prefered_integrity_algorithm[preference_index],
+ preference_index);
+ *mme_eiaP = _emm_data.conf.prefered_integrity_algorithm[preference_index];
+ break;
+ }
}
- if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA0)) {
- LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA0");
- *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA0;
- } else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA1)) {
- LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA1");
- *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA1;
- } else if (ue_eeaP & (0x80 >> NAS_SECURITY_ALGORITHMS_EEA2)) {
- LOG_TRACE(DEBUG,"Selected NAS_SECURITY_ALGORITHMS_EEA2");
- *mme_eeaP = NAS_SECURITY_ALGORITHMS_EEA2;
- } else {
- LOG_FUNC_RETURN (rc);
+ for (preference_index = 0; preference_index < 8; preference_index++) {
+ if (ue_eeaP & (0x80 >> _emm_data.conf.prefered_ciphering_algorithm[preference_index])) {
+ LOG_TRACE(DEBUG,
+ "Selected NAS_SECURITY_ALGORITHMS_EEA%d (choice num %d)",
+ _emm_data.conf.prefered_ciphering_algorithm[preference_index],
+ preference_index);
+ *mme_eeaP = _emm_data.conf.prefered_ciphering_algorithm[preference_index];
+ break;
+ }
}
-
LOG_FUNC_RETURN (RETURNok);
}
diff --git a/openair-cn/UTILS/mme_config.c b/openair-cn/UTILS/mme_config.c
index 8cd1d3b48cd521b68d8494efcd01269cfd8fbab4..e955da5492bde1288683c337301c8292593d806b 100644
--- a/openair-cn/UTILS/mme_config.c
+++ b/openair-cn/UTILS/mme_config.c
@@ -331,6 +331,52 @@ static int config_parse_file(mme_config_t *mme_config_p)
free(cidr);
}
}
+
+ // NAS SETTING
+ setting = config_setting_get_member (setting_mme, MME_CONFIG_STRING_NAS_CONFIG);
+ if (setting != NULL) {
+ subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST);
+ if (subsetting != NULL) {
+ num = config_setting_length(subsetting);
+ if (num <= 8) {
+ for (i = 0; i < num; i++) {
+ astring = config_setting_get_string_elem(subsetting, i);
+ if (strcmp("EIA0", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+ else if (strcmp("EIA1", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA1;
+ else if (strcmp("EIA2", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA2;
+ else if (strcmp("EIA3", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+ else if (strcmp("EIA4", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+ else if (strcmp("EIA5", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+ else if (strcmp("EIA6", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+ else if (strcmp("EIA7", astring) == 0) mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+ }
+ for (i = num; i < 8; i++) {
+ mme_config_p->nas_config.prefered_integrity_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EIA0;
+ }
+ }
+ }
+ subsetting = config_setting_get_member (setting, MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST);
+ if (subsetting != NULL) {
+ num = config_setting_length(subsetting);
+ if (num <= 8) {
+ for (i = 0; i < num; i++) {
+ astring = config_setting_get_string_elem(subsetting, i);
+ if (strcmp("EEA0", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+ else if (strcmp("EEA1", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA1;
+ else if (strcmp("EEA2", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA2;
+ else if (strcmp("EEA3", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+ else if (strcmp("EEA4", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+ else if (strcmp("EEA5", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+ else if (strcmp("EEA6", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+ else if (strcmp("EEA7", astring) == 0) mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+ }
+ for (i = num; i < 8; i++) {
+ mme_config_p->nas_config.prefered_ciphering_algorithm[i] = NAS_CONFIG_SECURITY_ALGORITHMS_EEA0;
+ }
+ }
+ }
+
+ }
}
setting = config_lookup(&cfg, SGW_CONFIG_STRING_SGW_CONFIG);
diff --git a/openair-cn/UTILS/mme_config.h b/openair-cn/UTILS/mme_config.h
index 400b85b3ef2422662dce6dfbf55a35c628b926a4..ad7fdbafaff96f70c86b8254059caf8cf4ebe495 100644
--- a/openair-cn/UTILS/mme_config.h
+++ b/openair-cn/UTILS/mme_config.h
@@ -76,6 +76,25 @@
#define MME_CONFIG_STRING_ASN1_VERBOSITY_ANNOYING "annoying"
#define MME_CONFIG_STRING_ASN1_VERBOSITY_INFO "info"
+#define MME_CONFIG_STRING_NAS_CONFIG "NAS"
+#define MME_CONFIG_STRING_NAS_SUPPORTED_INTEGRITY_ALGORITHM_LIST "ORDERED_SUPPORTED_INTEGRITY_ALGORITHM_LIST"
+#define MME_CONFIG_STRING_NAS_SUPPORTED_CIPHERING_ALGORITHM_LIST "ORDERED_SUPPORTED_CIPHERING_ALGORITHM_LIST"
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA0 0b000
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA1 0b001
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA2 0b010
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA3 0b011
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA4 0b100
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA5 0b101
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA6 0b110
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EEA7 0b111
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA0 0b000
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA1 0b001
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA2 0b010
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA3 0b011
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA4 0b100
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA5 0b101
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA6 0b110
+#define NAS_CONFIG_SECURITY_ALGORITHMS_EIA7 0b111
typedef struct mme_config_s {
/* Reader/writer lock for this configuration */
@@ -140,6 +159,12 @@ typedef struct mme_config_s {
uint32_t queue_size;
char *log_file;
} itti_config;
+
+ struct {
+ uint8_t prefered_integrity_algorithm[8];
+ uint8_t prefered_ciphering_algorithm[8];
+ } nas_config;
+
} mme_config_t;
extern mme_config_t mme_config;