diff --git a/openair2/LAYER2/PDCP_v10.1.0/pdcp_security.c b/openair2/LAYER2/PDCP_v10.1.0/pdcp_security.c index 286fa131ab39e94c728f25440cd592f9ae4878e0..131f56b968bb7fc009898e1aee0d3105d59de1eb 100644 --- a/openair2/LAYER2/PDCP_v10.1.0/pdcp_security.c +++ b/openair2/LAYER2/PDCP_v10.1.0/pdcp_security.c @@ -44,19 +44,20 @@ #include "LAYER2/MAC/extern.h" #include "pdcp.h" +#include "msc.h" #include "pdcp_primitives.h" #if defined(ENABLE_SECURITY) static -uint32_t pdcp_get_next_count_tx(pdcp_t *const pdcp_entity, const srb_flag_t srb_flagP, const uint16_t pdcp_sn); +uint32_t pdcp_get_next_count_tx(pdcp_t *const pdcp_pP, const srb_flag_t srb_flagP, const uint16_t pdcp_sn); static -uint32_t pdcp_get_next_count_rx(pdcp_t *const pdcp_entity, const srb_flag_t srb_flagP, const uint16_t pdcp_sn); +uint32_t pdcp_get_next_count_rx(pdcp_t *const pdcp_pP, const srb_flag_t srb_flagP, const uint16_t pdcp_sn); //----------------------------------------------------------------------------- static uint32_t pdcp_get_next_count_tx( - pdcp_t * const pdcp_entity, + pdcp_t * const pdcp_pP, const srb_flag_t srb_flagP, const uint16_t pdcp_sn ) @@ -66,12 +67,12 @@ uint32_t pdcp_get_next_count_tx( /* For TX COUNT = TX_HFN << length of SN | pdcp SN */ if (srb_flagP) { /* 5 bits length SN */ - count = ((pdcp_entity->tx_hfn << 5) | (pdcp_sn & 0x001F)); + count = ((pdcp_pP->tx_hfn << 5) | (pdcp_sn & 0x001F)); } else { - if (pdcp_entity->seq_num_size == PDCP_Config__rlc_UM__pdcp_SN_Size_len7bits) { - count = ((pdcp_entity->tx_hfn << 7) | (pdcp_sn & 0x07F)); + if (pdcp_pP->seq_num_size == PDCP_Config__rlc_UM__pdcp_SN_Size_len7bits) { + count = ((pdcp_pP->tx_hfn << 7) | (pdcp_sn & 0x07F)); } else { /*Default is the 12 bits length SN */ - count = ((pdcp_entity->tx_hfn << 12) | (pdcp_sn & 0x0FFF)); + count = ((pdcp_pP->tx_hfn << 12) | (pdcp_sn & 0x0FFF)); } } @@ -83,7 +84,7 @@ uint32_t pdcp_get_next_count_tx( //----------------------------------------------------------------------------- static uint32_t pdcp_get_next_count_rx( - pdcp_t * const pdcp_entity, + pdcp_t * const pdcp_pP, const srb_flag_t srb_flagP, const uint16_t pdcp_sn) { @@ -92,19 +93,19 @@ uint32_t pdcp_get_next_count_rx( /* For RX COUNT = RX_HFN << length of SN | pdcp SN of received PDU */ if (srb_flagP) { /* 5 bits length SN */ - count = (((pdcp_entity->rx_hfn + pdcp_entity->rx_hfn_offset) << 5) | (pdcp_sn & 0x001F)); + count = (((pdcp_pP->rx_hfn + pdcp_pP->rx_hfn_offset) << 5) | (pdcp_sn & 0x001F)); } else { - if (pdcp_entity->seq_num_size == PDCP_Config__rlc_UM__pdcp_SN_Size_len7bits) { + if (pdcp_pP->seq_num_size == PDCP_Config__rlc_UM__pdcp_SN_Size_len7bits) { /* 7 bits length SN */ - count = (((pdcp_entity->rx_hfn + pdcp_entity->rx_hfn_offset) << 7) | (pdcp_sn & 0x007F)); + count = (((pdcp_pP->rx_hfn + pdcp_pP->rx_hfn_offset) << 7) | (pdcp_sn & 0x007F)); } else { // default /* 12 bits length SN */ - count = (((pdcp_entity->rx_hfn + pdcp_entity->rx_hfn_offset) << 12) | (pdcp_sn & 0x0FFF)); + count = (((pdcp_pP->rx_hfn + pdcp_pP->rx_hfn_offset) << 12) | (pdcp_sn & 0x0FFF)); } } // reset the hfn offset - pdcp_entity->rx_hfn_offset =0; + pdcp_pP->rx_hfn_offset =0; LOG_D(PDCP, "[OSA] RX COUNT = 0x%08x\n", count); return count; @@ -114,8 +115,8 @@ uint32_t pdcp_get_next_count_rx( //----------------------------------------------------------------------------- int pdcp_apply_security( - const protocol_ctxt_t* const ctxtP, - pdcp_t *const pdcp_entity, + const protocol_ctxt_t* const ctxt_pP, + pdcp_t *const pdcp_pP, const srb_flag_t srb_flagP, const rb_id_t rb_id, const uint8_t pdcp_header_len, @@ -127,15 +128,15 @@ pdcp_apply_security( uint8_t *buffer_encrypted = NULL; stream_cipher_t encrypt_params; - DevAssert(pdcp_entity != NULL); + DevAssert(pdcp_pP != NULL); DevAssert(pdcp_pdu_buffer != NULL); DevCheck(rb_id < NB_RB_MAX && rb_id >= 0, rb_id, NB_RB_MAX, 0); VCD_SIGNAL_DUMPER_DUMP_FUNCTION_BY_NAME(VCD_SIGNAL_DUMPER_FUNCTIONS_PDCP_APPLY_SECURITY, VCD_FUNCTION_IN); - encrypt_params.direction = (pdcp_entity->is_ue == 1) ? SECU_DIRECTION_UPLINK : SECU_DIRECTION_DOWNLINK; + encrypt_params.direction = (pdcp_pP->is_ue == 1) ? SECU_DIRECTION_UPLINK : SECU_DIRECTION_DOWNLINK; encrypt_params.bearer = rb_id - 1; - encrypt_params.count = pdcp_get_next_count_tx(pdcp_entity, srb_flagP, current_sn); + encrypt_params.count = pdcp_get_next_count_tx(pdcp_pP, srb_flagP, current_sn); encrypt_params.key_length = 16; if (srb_flagP) { @@ -143,26 +144,26 @@ pdcp_apply_security( uint8_t *mac_i; LOG_D(PDCP, "[OSA][RB %d] %s Applying control-plane security %d \n", - rb_id, (pdcp_entity->is_ue != 0) ? "UE -> eNB" : "eNB -> UE", pdcp_entity->integrityProtAlgorithm); + rb_id, (pdcp_pP->is_ue != 0) ? "UE -> eNB" : "eNB -> UE", pdcp_pP->integrityProtAlgorithm); encrypt_params.message = pdcp_pdu_buffer; encrypt_params.blength = (pdcp_header_len + sdu_buffer_size) << 3; - encrypt_params.key = pdcp_entity->kRRCint + 16; // + 128; + encrypt_params.key = pdcp_pP->kRRCint + 16; // + 128; mac_i = &pdcp_pdu_buffer[pdcp_header_len + sdu_buffer_size]; /* Both header and data parts are integrity protected for * control-plane PDUs */ - stream_compute_integrity(pdcp_entity->integrityProtAlgorithm, + stream_compute_integrity(pdcp_pP->integrityProtAlgorithm, &encrypt_params, mac_i); - encrypt_params.key = pdcp_entity->kRRCenc; // + 128 // bit key + encrypt_params.key = pdcp_pP->kRRCenc; // + 128 // bit key } else { LOG_D(PDCP, "[OSA][RB %d] %s Applying user-plane security\n", - rb_id, (pdcp_entity->is_ue != 0) ? "UE -> eNB" : "eNB -> UE"); + rb_id, (pdcp_pP->is_ue != 0) ? "UE -> eNB" : "eNB -> UE"); - encrypt_params.key = pdcp_entity->kUPenc;// + 128; + encrypt_params.key = pdcp_pP->kUPenc;// + 128; } encrypt_params.message = &pdcp_pdu_buffer[pdcp_header_len]; @@ -171,7 +172,7 @@ pdcp_apply_security( buffer_encrypted = &pdcp_pdu_buffer[pdcp_header_len]; /* Apply ciphering if any requested */ - stream_encrypt(pdcp_entity->cipheringAlgorithm, + stream_encrypt(pdcp_pP->cipheringAlgorithm, &encrypt_params, &buffer_encrypted); @@ -183,8 +184,8 @@ pdcp_apply_security( //----------------------------------------------------------------------------- int pdcp_validate_security( - const protocol_ctxt_t* const ctxtP, - pdcp_t * const pdcp_entity, + const protocol_ctxt_t* const ctxt_pP, + pdcp_t * const pdcp_pP, const srb_flag_t srb_flagP, const rb_id_t rb_id, const uint8_t pdcp_header_len, @@ -196,7 +197,7 @@ pdcp_validate_security( uint8_t *buffer_decrypted = NULL; stream_cipher_t decrypt_params; - DevAssert(pdcp_entity != NULL); + DevAssert(pdcp_pP != NULL); DevAssert(pdcp_pdu_buffer != NULL); DevCheck(rb_id < NB_RB_MAX && rb_id >= 0, rb_id, NB_RB_MAX, 0); @@ -205,25 +206,25 @@ pdcp_validate_security( buffer_decrypted = (uint8_t*)&pdcp_pdu_buffer[pdcp_header_len]; - decrypt_params.direction = (pdcp_entity->is_ue == 1) ? SECU_DIRECTION_DOWNLINK : SECU_DIRECTION_UPLINK ; + decrypt_params.direction = (pdcp_pP->is_ue == 1) ? SECU_DIRECTION_DOWNLINK : SECU_DIRECTION_UPLINK ; decrypt_params.bearer = rb_id - 1; - decrypt_params.count = pdcp_get_next_count_rx(pdcp_entity, srb_flagP, current_sn); + decrypt_params.count = pdcp_get_next_count_rx(pdcp_pP, srb_flagP, current_sn); decrypt_params.message = &pdcp_pdu_buffer[pdcp_header_len]; decrypt_params.blength = (sdu_buffer_size - pdcp_header_len) << 3; decrypt_params.key_length = 16; if (srb_flagP) { LOG_D(PDCP, "[OSA][RB %d] %s Validating control-plane security\n", - rb_id, (pdcp_entity->is_ue != 0) ? "eNB -> UE" : "UE -> eNB"); - decrypt_params.key = pdcp_entity->kRRCenc;// + 128; + rb_id, (pdcp_pP->is_ue != 0) ? "eNB -> UE" : "UE -> eNB"); + decrypt_params.key = pdcp_pP->kRRCenc;// + 128; } else { LOG_D(PDCP, "[OSA][RB %d] %s Validating user-plane security\n", - rb_id, (pdcp_entity->is_ue != 0) ? "eNB -> UE" : "UE -> eNB"); - decrypt_params.key = pdcp_entity->kUPenc;// + 128; + rb_id, (pdcp_pP->is_ue != 0) ? "eNB -> UE" : "UE -> eNB"); + decrypt_params.key = pdcp_pP->kUPenc;// + 128; } /* Uncipher the block */ - stream_decrypt(pdcp_entity->cipheringAlgorithm, + stream_decrypt(pdcp_pP->cipheringAlgorithm, &decrypt_params, &buffer_decrypted); @@ -231,13 +232,18 @@ pdcp_validate_security( /* Now check the integrity of the complete PDU */ decrypt_params.message = pdcp_pdu_buffer; decrypt_params.blength = sdu_buffer_size << 3; - decrypt_params.key = pdcp_entity->kRRCint + 16;// 128; + decrypt_params.key = pdcp_pP->kRRCint + 16;// 128; - if (stream_check_integrity(pdcp_entity->integrityProtAlgorithm, + if (stream_check_integrity(pdcp_pP->integrityProtAlgorithm, &decrypt_params, &pdcp_pdu_buffer[sdu_buffer_size]) != 0) { + MSC_LOG_EVENT( + (ctxt_pP->enb_flag == ENB_FLAG_YES) ? MSC_PDCP_ENB:MSC_PDCP_UE, + " Security: failed MAC-I Algo %X UE %"PRIx16" ", + pdcp_pP->integrityProtAlgorithm, + ctxt_pP->rnti); LOG_E(PDCP, "[OSA][RB %d] %s failed to validate MAC-I of incoming PDU\n", - rb_id, (pdcp_entity->is_ue != 0) ? "UE" : "eNB"); + rb_id, (pdcp_pP->is_ue != 0) ? "UE" : "eNB"); VCD_SIGNAL_DUMPER_DUMP_FUNCTION_BY_NAME(VCD_SIGNAL_DUMPER_FUNCTIONS_PDCP_VALIDATE_SECURITY, VCD_FUNCTION_OUT); return -1; }