drop all integrity protected NAS messages whose check is failing

- also enables integrity check for messages that are only integrity
  protected but not ciphered

srsue/src/upper/nas.cc

@@ -287,30 +287,31 @@ void nas::write_pdu(uint32_t lcid, byte_buffer_t *pdu) {
   uint8 pd = 0;
   uint8 msg_type = 0;
   uint8 sec_hdr_type = 0;
-  bool  mac_valid = false;
 
   nas_log->info_hex(pdu->msg, pdu->N_bytes, "DL %s PDU", rrc->get_rb_name(lcid).c_str());
 
   // Parse the message security header
   liblte_mme_parse_msg_sec_header((LIBLTE_BYTE_MSG_STRUCT*)pdu, &pd, &sec_hdr_type);
-  switch(sec_hdr_type)
+  switch (sec_hdr_type)
   {
     case LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS:
     case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_WITH_NEW_EPS_SECURITY_CONTEXT:
     case LIBLTE_MME_SECURITY_HDR_TYPE_SERVICE_REQUEST:
+      break;
     case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY:
-        break;
     case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED:
-        if((mac_valid = integrity_check(pdu))) {
+      if((integrity_check(pdu))) {
+        if (sec_hdr_type == LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED) {
           cipher_decrypt(pdu);
-          break;
-        } else {
-          nas_log->error("Not handling NAS message with integrity check error\n");
-          pool->deallocate(pdu);
-          return;
         }
-    case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT:
         break;
+      } else {
+        nas_log->error("Not handling NAS message with integrity check error\n");
+        pool->deallocate(pdu);
+        return;
+      }
+    case LIBLTE_MME_SECURITY_HDR_TYPE_INTEGRITY_AND_CIPHERED_WITH_NEW_EPS_SECURITY_CONTEXT:
+      break;
     default:
       nas_log->error("Not handling NAS message with SEC_HDR_TYPE=%02X\n", sec_hdr_type);
       pool->deallocate(pdu);