mirror of https://github.com/PentHertz/srsLTE.git
Fix issue recovering key state, when the first HO fails (specifically, is_first_ncc was not recovered). Minor improvements in key logging.
This commit is contained in:
parent
137e554eb3
commit
2f0125ef4e
|
@ -80,6 +80,7 @@ void pdcp_entity_base::integrity_generate(uint8_t* msg, uint32_t msg_len, uint32
|
||||||
count,
|
count,
|
||||||
cfg.bearer_id,
|
cfg.bearer_id,
|
||||||
(cfg.tx_direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink"));
|
(cfg.tx_direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink"));
|
||||||
|
log->debug_hex(k_int, 32, "Integrity gen key:");
|
||||||
log->debug_hex(msg, msg_len, "Integrity gen input msg:");
|
log->debug_hex(msg, msg_len, "Integrity gen input msg:");
|
||||||
log->debug_hex(mac, 4, "MAC (generated)");
|
log->debug_hex(mac, 4, "MAC (generated)");
|
||||||
}
|
}
|
||||||
|
@ -117,6 +118,7 @@ bool pdcp_entity_base::integrity_verify(uint8_t* msg, uint32_t msg_len, uint32_t
|
||||||
count,
|
count,
|
||||||
cfg.bearer_id,
|
cfg.bearer_id,
|
||||||
cfg.rx_direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink");
|
cfg.rx_direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink");
|
||||||
|
log->debug_hex(k_int, 32, "Integrity check key:");
|
||||||
log->debug_hex(msg, msg_len, "Integrity check input msg:");
|
log->debug_hex(msg, msg_len, "Integrity check input msg:");
|
||||||
|
|
||||||
if (sec_cfg.integ_algo != INTEGRITY_ALGORITHM_ID_EIA0) {
|
if (sec_cfg.integ_algo != INTEGRITY_ALGORITHM_ID_EIA0) {
|
||||||
|
@ -152,6 +154,7 @@ void pdcp_entity_base::cipher_encrypt(uint8_t* msg, uint32_t msg_len, uint32_t c
|
||||||
count,
|
count,
|
||||||
cfg.bearer_id,
|
cfg.bearer_id,
|
||||||
cfg.tx_direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink");
|
cfg.tx_direction == SECURITY_DIRECTION_DOWNLINK ? "Downlink" : "Uplink");
|
||||||
|
log->debug_hex(k_enc, 32, "Cipher encrypt key:");
|
||||||
log->debug_hex(msg, msg_len, "Cipher encrypt input msg");
|
log->debug_hex(msg, msg_len, "Cipher encrypt input msg");
|
||||||
|
|
||||||
switch (sec_cfg.cipher_algo) {
|
switch (sec_cfg.cipher_algo) {
|
||||||
|
@ -191,6 +194,7 @@ void pdcp_entity_base::cipher_decrypt(uint8_t* ct, uint32_t ct_len, uint32_t cou
|
||||||
count,
|
count,
|
||||||
cfg.bearer_id,
|
cfg.bearer_id,
|
||||||
(cfg.rx_direction == SECURITY_DIRECTION_DOWNLINK) ? "Downlink" : "Uplink");
|
(cfg.rx_direction == SECURITY_DIRECTION_DOWNLINK) ? "Downlink" : "Uplink");
|
||||||
|
log->debug_hex(k_enc, 32, "Cipher decrypt key:");
|
||||||
log->debug_hex(ct, ct_len, "Cipher decrypt input msg");
|
log->debug_hex(ct, ct_len, "Cipher decrypt input msg");
|
||||||
|
|
||||||
switch (sec_cfg.cipher_algo) {
|
switch (sec_cfg.cipher_algo) {
|
||||||
|
|
|
@ -185,6 +185,7 @@ void security_cfg_handler::generate_as_keys()
|
||||||
security_generate_k_up(
|
security_generate_k_up(
|
||||||
k_enb, sec_cfg.cipher_algo, sec_cfg.integ_algo, sec_cfg.k_up_enc.data(), sec_cfg.k_up_int.data());
|
k_enb, sec_cfg.cipher_algo, sec_cfg.integ_algo, sec_cfg.k_up_enc.data(), sec_cfg.k_up_int.data());
|
||||||
|
|
||||||
|
log_h->info_hex(k_enb, 32, "K_eNB (k_enb)");
|
||||||
log_h->info_hex(sec_cfg.k_rrc_enc.data(), 32, "RRC Encryption Key (k_rrc_enc)");
|
log_h->info_hex(sec_cfg.k_rrc_enc.data(), 32, "RRC Encryption Key (k_rrc_enc)");
|
||||||
log_h->info_hex(sec_cfg.k_rrc_int.data(), 32, "RRC Integrity Key (k_rrc_int)");
|
log_h->info_hex(sec_cfg.k_rrc_int.data(), 32, "RRC Integrity Key (k_rrc_int)");
|
||||||
log_h->info_hex(sec_cfg.k_up_enc.data(), 32, "UP Encryption Key (k_up_enc)");
|
log_h->info_hex(sec_cfg.k_up_enc.data(), 32, "UP Encryption Key (k_up_enc)");
|
||||||
|
@ -192,6 +193,8 @@ void security_cfg_handler::generate_as_keys()
|
||||||
|
|
||||||
void security_cfg_handler::regenerate_keys_handover(uint32_t new_pci, uint32_t new_dl_earfcn)
|
void security_cfg_handler::regenerate_keys_handover(uint32_t new_pci, uint32_t new_dl_earfcn)
|
||||||
{
|
{
|
||||||
|
log_h->info("Regenerating KeNB with PCI=0x%02x, DL-EARFCN=%d\n", new_pci, new_dl_earfcn);
|
||||||
|
log_h->info_hex(k_enb, 32, "Old K_eNB (k_enb)");
|
||||||
// Generate K_enb*
|
// Generate K_enb*
|
||||||
uint8_t k_enb_star[32];
|
uint8_t k_enb_star[32];
|
||||||
srslte::security_generate_k_enb_star(k_enb, new_pci, new_dl_earfcn, k_enb_star);
|
srslte::security_generate_k_enb_star(k_enb, new_pci, new_dl_earfcn, k_enb_star);
|
||||||
|
@ -200,11 +203,6 @@ void security_cfg_handler::regenerate_keys_handover(uint32_t new_pci, uint32_t n
|
||||||
memcpy(k_enb, k_enb_star, 32);
|
memcpy(k_enb, k_enb_star, 32);
|
||||||
|
|
||||||
generate_as_keys();
|
generate_as_keys();
|
||||||
|
|
||||||
log_h->info("Regenerating KeNB with PCI=0x%02x, DL-EARFCN=%d\n", new_pci, new_dl_earfcn);
|
|
||||||
log_h->info_hex(sec_cfg.k_rrc_enc.data(), 32, "RRC Encryption Key (k_rrc_enc)");
|
|
||||||
log_h->info_hex(sec_cfg.k_rrc_int.data(), 32, "RRC Integrity Key (k_rrc_int)");
|
|
||||||
log_h->info_hex(sec_cfg.k_up_enc.data(), 32, "UP Encryption Key (k_up_enc)");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*****************************
|
/*****************************
|
||||||
|
|
|
@ -110,9 +110,10 @@ private:
|
||||||
uint8_t k_enb_star[32] = {};
|
uint8_t k_enb_star[32] = {};
|
||||||
|
|
||||||
// Helpers to restore security context if HO fails
|
// Helpers to restore security context if HO fails
|
||||||
uint8_t old_k_enb[32] = {};
|
bool old_is_first_ncc = {};
|
||||||
uint8_t old_ncc = {};
|
uint8_t old_k_enb[32] = {};
|
||||||
srslte::as_security_config_t old_as_ctx = {};
|
uint8_t old_ncc = {};
|
||||||
|
srslte::as_security_config_t old_as_ctx = {};
|
||||||
|
|
||||||
uint32_t current_ncc = 0;
|
uint32_t current_ncc = 0;
|
||||||
bool is_first_ncc = false;
|
bool is_first_ncc = false;
|
||||||
|
|
|
@ -239,8 +239,8 @@ void usim::generate_as_keys(uint8_t* k_asme_, uint32_t count_ul, srslte::as_secu
|
||||||
void usim::generate_as_keys_ho(uint32_t pci, uint32_t earfcn, int ncc, srslte::as_security_config_t* sec_cfg)
|
void usim::generate_as_keys_ho(uint32_t pci, uint32_t earfcn, int ncc, srslte::as_security_config_t* sec_cfg)
|
||||||
{
|
{
|
||||||
usim_log->info("Generating AS Keys HO. PCI 0x%02x, DL-EARFCN %d, NCC %d\n", pci, earfcn, ncc);
|
usim_log->info("Generating AS Keys HO. PCI 0x%02x, DL-EARFCN %d, NCC %d\n", pci, earfcn, ncc);
|
||||||
usim_log->info_hex(sec_cfg->k_rrc_enc.data(), sec_cfg->k_rrc_enc.size(), "Original HO K_RRC_enc");
|
usim_log->info_hex(k_enb, 32, "Old K_eNB");
|
||||||
usim_log->info_hex(sec_cfg->k_rrc_int.data(), sec_cfg->k_rrc_int.size(), "Original HO K_RRC_int");
|
|
||||||
uint8_t* enb_star_key = k_enb;
|
uint8_t* enb_star_key = k_enb;
|
||||||
|
|
||||||
if (ncc < 0) {
|
if (ncc < 0) {
|
||||||
|
@ -251,9 +251,11 @@ void usim::generate_as_keys_ho(uint32_t pci, uint32_t earfcn, int ncc, srslte::a
|
||||||
while (current_ncc != (uint32_t)ncc) {
|
while (current_ncc != (uint32_t)ncc) {
|
||||||
uint8_t* sync = NULL;
|
uint8_t* sync = NULL;
|
||||||
if (is_first_ncc) {
|
if (is_first_ncc) {
|
||||||
|
usim_log->debug("Using K_enb_initial for sync. 0x%02x, DL-EARFCN %d, NCC %d\n", pci, earfcn, current_ncc);
|
||||||
sync = k_enb_initial;
|
sync = k_enb_initial;
|
||||||
is_first_ncc = false;
|
is_first_ncc = false;
|
||||||
} else {
|
} else {
|
||||||
|
usim_log->debug("Using NH for sync. 0x%02x, DL-EARFCN %d, NCC %d\n", pci, earfcn, current_ncc);
|
||||||
sync = nh;
|
sync = nh;
|
||||||
}
|
}
|
||||||
// Generate NH
|
// Generate NH
|
||||||
|
@ -280,6 +282,7 @@ void usim::generate_as_keys_ho(uint32_t pci, uint32_t earfcn, int ncc, srslte::a
|
||||||
security_generate_k_up(
|
security_generate_k_up(
|
||||||
k_enb, sec_cfg->cipher_algo, sec_cfg->integ_algo, sec_cfg->k_up_enc.data(), sec_cfg->k_up_int.data());
|
k_enb, sec_cfg->cipher_algo, sec_cfg->integ_algo, sec_cfg->k_up_enc.data(), sec_cfg->k_up_int.data());
|
||||||
|
|
||||||
|
usim_log->info_hex(k_enb, 32, "HO K_eNB");
|
||||||
usim_log->info_hex(sec_cfg->k_rrc_enc.data(), sec_cfg->k_rrc_enc.size(), "HO K_RRC_enc");
|
usim_log->info_hex(sec_cfg->k_rrc_enc.data(), sec_cfg->k_rrc_enc.size(), "HO K_RRC_enc");
|
||||||
usim_log->info_hex(sec_cfg->k_rrc_int.data(), sec_cfg->k_rrc_int.size(), "HO K_RRC_int");
|
usim_log->info_hex(sec_cfg->k_rrc_int.data(), sec_cfg->k_rrc_int.size(), "HO K_RRC_int");
|
||||||
}
|
}
|
||||||
|
@ -287,8 +290,14 @@ void usim::generate_as_keys_ho(uint32_t pci, uint32_t earfcn, int ncc, srslte::a
|
||||||
void usim::store_keys_before_ho(const srslte::as_security_config_t& as_ctx)
|
void usim::store_keys_before_ho(const srslte::as_security_config_t& as_ctx)
|
||||||
{
|
{
|
||||||
usim_log->info("Storing AS Keys pre-handover. NCC=%d\n", current_ncc);
|
usim_log->info("Storing AS Keys pre-handover. NCC=%d\n", current_ncc);
|
||||||
old_as_ctx = as_ctx;
|
usim_log->info_hex(k_enb, 32, "Old K_eNB");
|
||||||
old_ncc = current_ncc;
|
usim_log->info_hex(as_ctx.k_rrc_enc.data(), as_ctx.k_rrc_enc.size(), "Old K_RRC_enc");
|
||||||
|
usim_log->info_hex(as_ctx.k_rrc_enc.data(), as_ctx.k_rrc_enc.size(), "Old K_RRC_enc");
|
||||||
|
usim_log->info_hex(as_ctx.k_rrc_int.data(), as_ctx.k_rrc_int.size(), "Old K_RRC_int");
|
||||||
|
usim_log->info_hex(as_ctx.k_rrc_int.data(), as_ctx.k_rrc_int.size(), "Old K_RRC_int");
|
||||||
|
old_is_first_ncc = is_first_ncc;
|
||||||
|
old_as_ctx = as_ctx;
|
||||||
|
old_ncc = current_ncc;
|
||||||
memcpy(old_k_enb, k_enb, 32);
|
memcpy(old_k_enb, k_enb, 32);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -296,8 +305,9 @@ void usim::store_keys_before_ho(const srslte::as_security_config_t& as_ctx)
|
||||||
void usim::restore_keys_from_failed_ho(srslte::as_security_config_t* as_ctx)
|
void usim::restore_keys_from_failed_ho(srslte::as_security_config_t* as_ctx)
|
||||||
{
|
{
|
||||||
usim_log->info("Restoring Keys from failed handover. NCC=%d\n", old_ncc);
|
usim_log->info("Restoring Keys from failed handover. NCC=%d\n", old_ncc);
|
||||||
*as_ctx = old_as_ctx;
|
is_first_ncc = old_is_first_ncc;
|
||||||
current_ncc = old_ncc;
|
*as_ctx = old_as_ctx;
|
||||||
|
current_ncc = old_ncc;
|
||||||
memcpy(k_enb, old_k_enb, 32);
|
memcpy(k_enb, old_k_enb, 32);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue