Attach Reject if UE indicates only EIA0 (#222)

2019-07-13 23:47:24 +09:00 · 2019-07-13 23:47:24 +09:00 · 942b9466ef
parent f043ccd884
commit 942b9466ef
4 changed files with 47 additions and 15 deletions
--- a/src/mme/emm-build.c
+++ b/src/mme/emm-build.c
@ -241,7 +241,6 @@ int emm_build_security_mode_command(
        ogs_pkbuf_t **emmbuf, mme_ue_t *mme_ue)
 {
    int rv;
-    int i;

    nas_message_t message;
    nas_security_mode_command_t *security_mode_command = 
@ -266,20 +265,8 @@ int emm_build_security_mode_command(
    message.emm.h.protocol_discriminator = NAS_PROTOCOL_DISCRIMINATOR_EMM;
    message.emm.h.message_type = NAS_SECURITY_MODE_COMMAND;

-    for (i = 0; i < mme_self()->num_of_integrity_order; i++) {
-        if (mme_ue->ue_network_capability.eia & 
-                (0x80 >> mme_self()->integrity_order[i])) {
-            mme_ue->selected_int_algorithm = mme_self()->integrity_order[i];
-            break;
-        }
-    }
-    for (i = 0; i < mme_self()->num_of_ciphering_order; i++) {
-        if (mme_ue->ue_network_capability.eea & 
-                (0x80 >> mme_self()->ciphering_order[i])) {
-            mme_ue->selected_enc_algorithm = mme_self()->ciphering_order[i];
-            break;
-        }
-    }
+    mme_ue->selected_int_algorithm = mme_selected_int_algorithm(mme_ue);
+    mme_ue->selected_enc_algorithm = mme_selected_enc_algorithm(mme_ue);

    selected_nas_security_algorithms->type_of_integrity_protection_algorithm =
        mme_ue->selected_int_algorithm;
--- a/src/mme/emm-handler.c
+++ b/src/mme/emm-handler.c
@ -143,6 +143,17 @@ int emm_handle_attach_request(
                sizeof(attach_request->ms_network_capability));
    }

+    if (mme_selected_int_algorithm(mme_ue) == NAS_SECURITY_ALGORITHMS_EIA0) {
+        ogs_warn("Encrypt[0x%x] can be skipped with EEA0, "
+            "but Integrity[0x%x] cannot be bypassed with EIA0",
+            mme_selected_enc_algorithm(mme_ue), 
+            mme_selected_int_algorithm(mme_ue));
+        nas_send_attach_reject(mme_ue,
+            EMM_CAUSE_UE_SECURITY_CAPABILITIES_MISMATCH,
+            ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED);
+        return OGS_ERROR;
+    }
+
    switch (eps_mobile_identity->imsi.type) {
    case NAS_EPS_MOBILE_IDENTITY_IMSI:
        memcpy(&mme_ue->nas_mobile_identity_imsi, 
--- a/src/mme/mme-context.c
+++ b/src/mme/mme-context.c
@ -2815,3 +2815,34 @@ int mme_m_tmsi_free(mme_m_tmsi_t *m_tmsi)
    return OGS_OK;
 }

+uint8_t mme_selected_int_algorithm(mme_ue_t *mme_ue)
+{
+    int i;
+
+    ogs_assert(mme_ue);
+
+    for (i = 0; i < mme_self()->num_of_integrity_order; i++) {
+        if (mme_ue->ue_network_capability.eia & 
+                (0x80 >> mme_self()->integrity_order[i])) {
+            return mme_self()->integrity_order[i];
+        }
+    }
+
+    return 0;
+}
+
+uint8_t mme_selected_enc_algorithm(mme_ue_t *mme_ue)
+{
+    int i;
+
+    ogs_assert(mme_ue);
+
+    for (i = 0; i < mme_self()->num_of_ciphering_order; i++) {
+        if (mme_ue->ue_network_capability.eea & 
+                (0x80 >> mme_self()->ciphering_order[i])) {
+            return mme_self()->ciphering_order[i];
+        }
+    }
+
+    return 0;
+}
--- a/src/mme/mme-context.h
+++ b/src/mme/mme-context.h
@ -737,6 +737,9 @@ int mme_m_tmsi_pool_generate();
 mme_m_tmsi_t *mme_m_tmsi_alloc();
 int mme_m_tmsi_free(mme_m_tmsi_t *tmsi);

+uint8_t mme_selected_int_algorithm(mme_ue_t *mme_ue);
+uint8_t mme_selected_enc_algorithm(mme_ue_t *mme_ue);
+
 #ifdef __cplusplus
 }
 #endif