mirror of https://github.com/PentHertz/srsLTE.git
gNB NR security context:
- changed variables to use nia/nea instead of eia/eea. - make rrc_nr_cfg a ref - Changed NR ciphering/integrity algo enums to their own enum
This commit is contained in:
parent
e294311034
commit
c0d2e8c11d
|
@ -59,6 +59,28 @@ static const char integrity_algorithm_id_text[INTEGRITY_ALGORITHM_ID_N_ITEMS][20
|
|||
"128-EIA2",
|
||||
"128-EIA3"};
|
||||
|
||||
typedef enum {
|
||||
CIPHERING_ALGORITHM_ID_NR_NEA0 = 0,
|
||||
CIPHERING_ALGORITHM_ID_NR_128_NEA1,
|
||||
CIPHERING_ALGORITHM_ID_NR_128_NEA2,
|
||||
CIPHERING_ALGORITHM_ID_NR_128_NEA3,
|
||||
CIPHERING_ALGORITHM_ID_NR_N_ITEMS,
|
||||
} CIPHERING_ALGORITHM_ID_NR_ENUM;
|
||||
static const char ciphering_algorithm_id_nr_text[CIPHERING_ALGORITHM_ID_N_ITEMS][20] = {"NEA0",
|
||||
"128-NEA1",
|
||||
"128-NEA2",
|
||||
"128-NEA3"};
|
||||
typedef enum {
|
||||
INTEGRITY_ALGORITHM_ID_NR_NIA0 = 0,
|
||||
INTEGRITY_ALGORITHM_ID_NR_128_NIA1,
|
||||
INTEGRITY_ALGORITHM_ID_NR_128_NIA2,
|
||||
INTEGRITY_ALGORITHM_ID_NR_128_NIA3,
|
||||
INTEGRITY_ALGORITHM_ID_NR_N_ITEMS,
|
||||
} INTEGRITY_ALGORITHM_ID_NR_ENUM;
|
||||
static const char integrity_algorithm_id_nr_text[INTEGRITY_ALGORITHM_ID_N_ITEMS][20] = {"NIA0",
|
||||
"128-NIA1",
|
||||
"128-NIA2",
|
||||
"128-NIA3"};
|
||||
typedef enum {
|
||||
SECURITY_DIRECTION_UPLINK = 0,
|
||||
SECURITY_DIRECTION_DOWNLINK = 1,
|
||||
|
@ -87,6 +109,15 @@ struct as_security_config_t {
|
|||
CIPHERING_ALGORITHM_ID_ENUM cipher_algo;
|
||||
};
|
||||
|
||||
struct nr_as_security_config_t {
|
||||
as_key_t k_nr_rrc_int;
|
||||
as_key_t k_nr_rrc_enc;
|
||||
as_key_t k_nr_up_int;
|
||||
as_key_t k_nr_up_enc;
|
||||
INTEGRITY_ALGORITHM_ID_NR_ENUM integ_algo;
|
||||
CIPHERING_ALGORITHM_ID_NR_ENUM cipher_algo;
|
||||
};
|
||||
|
||||
template <typename... Args>
|
||||
void log_error(const char* format, Args&&... args)
|
||||
{
|
||||
|
|
|
@ -53,8 +53,8 @@ struct rrc_nr_cfg_t {
|
|||
rrc_cell_list_nr_t cell_list;
|
||||
bool is_standalone;
|
||||
|
||||
std::array<srsran::CIPHERING_ALGORITHM_ID_ENUM, srsran::CIPHERING_ALGORITHM_ID_N_ITEMS> eea_preference_list;
|
||||
std::array<srsran::INTEGRITY_ALGORITHM_ID_ENUM, srsran::INTEGRITY_ALGORITHM_ID_N_ITEMS> eia_preference_list;
|
||||
std::array<srsran::CIPHERING_ALGORITHM_ID_NR_ENUM, srsran::CIPHERING_ALGORITHM_ID_NR_N_ITEMS> nea_preference_list;
|
||||
std::array<srsran::INTEGRITY_ALGORITHM_ID_NR_ENUM, srsran::INTEGRITY_ALGORITHM_ID_NR_N_ITEMS> nia_preference_list;
|
||||
|
||||
std::string log_name = "RRC-NR";
|
||||
std::string log_level;
|
||||
|
|
|
@ -24,12 +24,11 @@ class nr_security_context
|
|||
{
|
||||
public:
|
||||
explicit nr_security_context(const srsenb::rrc_nr_cfg_t& cfg_) :
|
||||
cfg(&cfg_), logger(srslog::fetch_basic_logger("RRC_NR"))
|
||||
cfg(cfg_), logger(srslog::fetch_basic_logger("RRC_NR"))
|
||||
{}
|
||||
|
||||
explicit nr_security_context(const nr_security_context& other) : logger(srslog::fetch_basic_logger("RRC_NR"))
|
||||
nr_security_context(const nr_security_context& other) : cfg(other.cfg), logger(srslog::fetch_basic_logger("RRC_NR"))
|
||||
{
|
||||
cfg = other.cfg;
|
||||
k_gnb_present = other.k_gnb_present;
|
||||
security_capabilities = other.security_capabilities;
|
||||
std::copy(other.k_gnb, other.k_gnb + 32, k_gnb);
|
||||
|
@ -39,7 +38,6 @@ public:
|
|||
|
||||
nr_security_context& operator=(const nr_security_context& other)
|
||||
{
|
||||
cfg = other.cfg;
|
||||
k_gnb_present = other.k_gnb_present;
|
||||
security_capabilities = other.security_capabilities;
|
||||
std::copy(other.k_gnb, other.k_gnb + 32, k_gnb);
|
||||
|
@ -53,7 +51,7 @@ public:
|
|||
void set_ncc(uint8_t ncc_) { ncc = ncc_; }
|
||||
|
||||
asn1::rrc_nr::security_algorithm_cfg_s get_security_algorithm_cfg() const;
|
||||
const srsran::as_security_config_t& get_as_sec_cfg() const { return sec_cfg; }
|
||||
const srsran::nr_as_security_config_t& get_as_sec_cfg() const { return sec_cfg; }
|
||||
uint8_t get_ncc() const { return ncc; }
|
||||
bool is_as_sec_cfg_valid() const { return k_gnb_present; }
|
||||
|
||||
|
@ -63,11 +61,11 @@ private:
|
|||
void generate_as_keys();
|
||||
|
||||
srslog::basic_logger& logger;
|
||||
const srsenb::rrc_nr_cfg_t* cfg = nullptr;
|
||||
const srsenb::rrc_nr_cfg_t& cfg;
|
||||
bool k_gnb_present = false;
|
||||
asn1::ngap_nr::ue_security_cap_s security_capabilities = {};
|
||||
uint8_t k_gnb[32] = {}; // Provided by MME
|
||||
srsran::as_security_config_t sec_cfg = {};
|
||||
srsran::nr_as_security_config_t sec_cfg = {};
|
||||
uint8_t ncc = 0;
|
||||
};
|
||||
} // namespace srsgnb
|
||||
|
|
|
@ -31,10 +31,10 @@ bool nr_security_context::set_security_capabilities(const asn1::ngap_nr::ue_secu
|
|||
|
||||
// Selects security algorithms (cipher_algo and integ_algo) based on capabilities and config preferences
|
||||
// Each position in the bitmap represents an encryption algorithm:
|
||||
// “all bits equal to 0” – UE supports no other algorithm than EEA0,
|
||||
// “first bit” – 128-EEA1,
|
||||
// “second bit” – 128-EEA2,
|
||||
// “third bit” – 128-EEA3,
|
||||
// “all bits equal to 0” – UE supports no other algorithm than NEA0,
|
||||
// “first bit” – 128-NEA1,
|
||||
// “second bit” – 128-NEA2,
|
||||
// “third bit” – 128-NEA3,
|
||||
// other bits reserved for future use. Value ‘1’ indicates support and value
|
||||
// ‘0’ indicates no support of the algorithm.
|
||||
// Algorithms are defined in TS 33.401 [15].
|
||||
|
@ -43,48 +43,48 @@ bool nr_security_context::set_security_capabilities(const asn1::ngap_nr::ue_secu
|
|||
bool enc_algo_found = false;
|
||||
bool integ_algo_found = false;
|
||||
|
||||
for (auto& cipher_item : cfg->eea_preference_list) {
|
||||
for (const auto& cipher_item : cfg.nea_preference_list) {
|
||||
auto& v = security_capabilities.nrencryption_algorithms;
|
||||
switch (cipher_item) {
|
||||
case srsran::CIPHERING_ALGORITHM_ID_EEA0:
|
||||
case srsran::CIPHERING_ALGORITHM_ID_NR_NEA0:
|
||||
// “all bits equal to 0” – UE supports no other algorithm than EEA0,
|
||||
// specification does not cover the case in which EEA0 is supported with other algorithms
|
||||
// just assume that EEA0 is always supported even this can not be explicity signaled by S1AP
|
||||
sec_cfg.cipher_algo = srsran::CIPHERING_ALGORITHM_ID_EEA0;
|
||||
sec_cfg.cipher_algo = srsran::CIPHERING_ALGORITHM_ID_NR_NEA0;
|
||||
enc_algo_found = true;
|
||||
logger.info("Selected EEA0 as RRC encryption algorithm");
|
||||
logger.info("Selected NEA0 as RRC encryption algorithm");
|
||||
break;
|
||||
case srsran::CIPHERING_ALGORITHM_ID_128_EEA1:
|
||||
case srsran::CIPHERING_ALGORITHM_ID_NR_128_NEA1:
|
||||
// “first bit” – 128-EEA1,
|
||||
if (v.get(v.length() - srsran::CIPHERING_ALGORITHM_ID_128_EEA1)) {
|
||||
sec_cfg.cipher_algo = srsran::CIPHERING_ALGORITHM_ID_128_EEA1;
|
||||
if (v.get(v.length() - srsran::CIPHERING_ALGORITHM_ID_NR_128_NEA1)) {
|
||||
sec_cfg.cipher_algo = srsran::CIPHERING_ALGORITHM_ID_NR_128_NEA1;
|
||||
enc_algo_found = true;
|
||||
logger.info("Selected EEA1 as RRC encryption algorithm");
|
||||
logger.info("Selected NEA1 as RRC encryption algorithm");
|
||||
break;
|
||||
} else {
|
||||
logger.info("Failed to selected EEA1 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
logger.info("Failed to selected NEA1 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
}
|
||||
break;
|
||||
case srsran::CIPHERING_ALGORITHM_ID_128_EEA2:
|
||||
case srsran::CIPHERING_ALGORITHM_ID_NR_128_NEA2:
|
||||
// “second bit” – 128-EEA2,
|
||||
if (v.get(v.length() - srsran::CIPHERING_ALGORITHM_ID_128_EEA2)) {
|
||||
sec_cfg.cipher_algo = srsran::CIPHERING_ALGORITHM_ID_128_EEA2;
|
||||
if (v.get(v.length() - srsran::CIPHERING_ALGORITHM_ID_NR_128_NEA2)) {
|
||||
sec_cfg.cipher_algo = srsran::CIPHERING_ALGORITHM_ID_NR_128_NEA2;
|
||||
enc_algo_found = true;
|
||||
logger.info("Selected EEA2 as RRC encryption algorithm");
|
||||
logger.info("Selected NEA2 as RRC encryption algorithm");
|
||||
break;
|
||||
} else {
|
||||
logger.info("Failed to selected EEA2 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
logger.info("Failed to selected NEA2 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
}
|
||||
break;
|
||||
case srsran::CIPHERING_ALGORITHM_ID_128_EEA3:
|
||||
case srsran::CIPHERING_ALGORITHM_ID_NR_128_NEA3:
|
||||
// “third bit” – 128-EEA3,
|
||||
if (v.get(v.length() - srsran::CIPHERING_ALGORITHM_ID_128_EEA3)) {
|
||||
sec_cfg.cipher_algo = srsran::CIPHERING_ALGORITHM_ID_128_EEA3;
|
||||
if (v.get(v.length() - srsran::CIPHERING_ALGORITHM_ID_NR_128_NEA3)) {
|
||||
sec_cfg.cipher_algo = srsran::CIPHERING_ALGORITHM_ID_NR_128_NEA3;
|
||||
enc_algo_found = true;
|
||||
logger.info("Selected EEA3 as RRC encryption algorithm");
|
||||
logger.info("Selected NEA3 as RRC encryption algorithm");
|
||||
break;
|
||||
} else {
|
||||
logger.info("Failed to selected EEA2 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
logger.info("Failed to selected NEA2 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
}
|
||||
break;
|
||||
default:
|
||||
|
@ -96,43 +96,43 @@ bool nr_security_context::set_security_capabilities(const asn1::ngap_nr::ue_secu
|
|||
}
|
||||
}
|
||||
|
||||
for (auto& eia_enum : cfg->eia_preference_list) {
|
||||
for (const auto& eia_enum : cfg.nia_preference_list) {
|
||||
auto& v = security_capabilities.nrintegrity_protection_algorithms;
|
||||
switch (eia_enum) {
|
||||
case srsran::INTEGRITY_ALGORITHM_ID_EIA0:
|
||||
case srsran::INTEGRITY_ALGORITHM_ID_NR_NIA0:
|
||||
// Null integrity is not supported
|
||||
logger.info("Skipping EIA0 as RRC integrity algorithm. Null integrity is not supported.");
|
||||
sec_cfg.integ_algo = srsran::INTEGRITY_ALGORITHM_ID_EIA0;
|
||||
logger.info("Skipping NIA0 as RRC integrity algorithm. Null integrity is not supported.");
|
||||
sec_cfg.integ_algo = srsran::INTEGRITY_ALGORITHM_ID_NR_NIA0;
|
||||
integ_algo_found = true;
|
||||
break;
|
||||
case srsran::INTEGRITY_ALGORITHM_ID_128_EIA1:
|
||||
case srsran::INTEGRITY_ALGORITHM_ID_NR_128_NIA1:
|
||||
// “first bit” – 128-EIA1,
|
||||
if (v.get(v.length() - srsran::INTEGRITY_ALGORITHM_ID_128_EIA1)) {
|
||||
sec_cfg.integ_algo = srsran::INTEGRITY_ALGORITHM_ID_128_EIA1;
|
||||
if (v.get(v.length() - srsran::INTEGRITY_ALGORITHM_ID_NR_128_NIA1)) {
|
||||
sec_cfg.integ_algo = srsran::INTEGRITY_ALGORITHM_ID_NR_128_NIA1;
|
||||
integ_algo_found = true;
|
||||
logger.info("Selected EIA1 as RRC integrity algorithm.");
|
||||
logger.info("Selected NIA1 as RRC integrity algorithm.");
|
||||
} else {
|
||||
logger.info("Failed to selected EIA1 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
logger.info("Failed to selected NIA1 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
}
|
||||
break;
|
||||
case srsran::INTEGRITY_ALGORITHM_ID_128_EIA2:
|
||||
case srsran::INTEGRITY_ALGORITHM_ID_NR_128_NIA2:
|
||||
// “second bit” – 128-EIA2,
|
||||
if (v.get(v.length() - srsran::INTEGRITY_ALGORITHM_ID_128_EIA2)) {
|
||||
sec_cfg.integ_algo = srsran::INTEGRITY_ALGORITHM_ID_128_EIA2;
|
||||
if (v.get(v.length() - srsran::INTEGRITY_ALGORITHM_ID_NR_128_NIA2)) {
|
||||
sec_cfg.integ_algo = srsran::INTEGRITY_ALGORITHM_ID_NR_128_NIA2;
|
||||
integ_algo_found = true;
|
||||
logger.info("Selected EIA2 as RRC integrity algorithm.");
|
||||
logger.info("Selected NIA2 as RRC integrity algorithm.");
|
||||
} else {
|
||||
logger.info("Failed to selected EIA2 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
logger.info("Failed to selected NIA2 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
}
|
||||
break;
|
||||
case srsran::INTEGRITY_ALGORITHM_ID_128_EIA3:
|
||||
case srsran::INTEGRITY_ALGORITHM_ID_NR_128_NIA3:
|
||||
// “third bit” – 128-EIA3,
|
||||
if (v.get(v.length() - srsran::INTEGRITY_ALGORITHM_ID_128_EIA3)) {
|
||||
sec_cfg.integ_algo = srsran::INTEGRITY_ALGORITHM_ID_128_EIA3;
|
||||
if (v.get(v.length() - srsran::INTEGRITY_ALGORITHM_ID_NR_128_NIA3)) {
|
||||
sec_cfg.integ_algo = srsran::INTEGRITY_ALGORITHM_ID_NR_128_NIA3;
|
||||
integ_algo_found = true;
|
||||
logger.info("Selected EIA3 as RRC integrity algorithm.");
|
||||
logger.info("Selected NIA3 as RRC integrity algorithm.");
|
||||
} else {
|
||||
logger.info("Failed to selected EIA3 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
logger.info("Failed to selected NIA3 as RRC encryption algorithm, due to unsupported algorithm");
|
||||
}
|
||||
break;
|
||||
default:
|
||||
|
@ -166,24 +166,30 @@ void nr_security_context::set_security_key(const asn1::fixed_bitstring<256, fals
|
|||
void nr_security_context::generate_as_keys()
|
||||
{
|
||||
// Generate K_rrc_enc and K_rrc_int
|
||||
srsran::security_generate_k_nr_rrc(
|
||||
k_gnb, sec_cfg.cipher_algo, sec_cfg.integ_algo, sec_cfg.k_rrc_enc.data(), sec_cfg.k_rrc_int.data());
|
||||
srsran::security_generate_k_nr_rrc(k_gnb,
|
||||
(srsran::CIPHERING_ALGORITHM_ID_ENUM)sec_cfg.cipher_algo,
|
||||
(srsran::INTEGRITY_ALGORITHM_ID_ENUM)sec_cfg.integ_algo,
|
||||
sec_cfg.k_nr_rrc_enc.data(),
|
||||
sec_cfg.k_nr_rrc_int.data());
|
||||
|
||||
// Generate K_up_enc and K_up_int
|
||||
security_generate_k_nr_up(
|
||||
k_gnb, sec_cfg.cipher_algo, sec_cfg.integ_algo, sec_cfg.k_up_enc.data(), sec_cfg.k_up_int.data());
|
||||
security_generate_k_nr_up(k_gnb,
|
||||
(srsran::CIPHERING_ALGORITHM_ID_ENUM)sec_cfg.cipher_algo,
|
||||
(srsran::INTEGRITY_ALGORITHM_ID_ENUM)sec_cfg.integ_algo,
|
||||
sec_cfg.k_nr_up_enc.data(),
|
||||
sec_cfg.k_nr_up_int.data());
|
||||
|
||||
logger.info(k_gnb, 32, "K_gNB (k_gnb)");
|
||||
logger.info(sec_cfg.k_rrc_enc.data(), 32, "RRC Encryption Key (k_rrc_enc)");
|
||||
logger.info(sec_cfg.k_rrc_int.data(), 32, "RRC Integrity Key (k_rrc_int)");
|
||||
logger.info(sec_cfg.k_up_enc.data(), 32, "UP Encryption Key (k_up_enc)");
|
||||
logger.info(sec_cfg.k_up_int.data(), 32, "UP Encryption Key (k_up_enc)");
|
||||
logger.info(sec_cfg.k_nr_rrc_enc.data(), 32, "NR RRC Encryption Key (k_nr_rrc_enc)");
|
||||
logger.info(sec_cfg.k_nr_rrc_int.data(), 32, "NR RRC Integrity Key (k_nr_rrc_int)");
|
||||
logger.info(sec_cfg.k_nr_up_enc.data(), 32, "NR UP Encryption Key (k_nr_up_enc)");
|
||||
logger.info(sec_cfg.k_nr_up_int.data(), 32, "NR UP Encryption Key (k_nr_up_enc)");
|
||||
}
|
||||
|
||||
void nr_security_context::regenerate_keys_handover(uint32_t new_pci, uint32_t new_dl_earfcn)
|
||||
{
|
||||
logger.info("Regenerating KeNB with PCI=0x%02x, DL-EARFCN=%d", new_pci, new_dl_earfcn);
|
||||
logger.info(k_gnb, 32, "Old K_eNB (k_enb)");
|
||||
logger.info("Regenerating KgNB with PCI=0x%02x, DL-EARFCN=%d", new_pci, new_dl_earfcn);
|
||||
logger.info(k_gnb, 32, "Old K_gNB (k_enb)");
|
||||
// Generate K_enb*
|
||||
uint8_t k_gnb_star[32];
|
||||
srsran::security_generate_k_enb_star(k_gnb, new_pci, new_dl_earfcn, k_gnb_star);
|
||||
|
|
Loading…
Reference in New Issue