Attach Reject if UE indicates only EIA0 (#222)
This commit is contained in:
parent
f043ccd884
commit
942b9466ef
|
@ -241,7 +241,6 @@ int emm_build_security_mode_command(
|
|||
ogs_pkbuf_t **emmbuf, mme_ue_t *mme_ue)
|
||||
{
|
||||
int rv;
|
||||
int i;
|
||||
|
||||
nas_message_t message;
|
||||
nas_security_mode_command_t *security_mode_command =
|
||||
|
@ -266,20 +265,8 @@ int emm_build_security_mode_command(
|
|||
message.emm.h.protocol_discriminator = NAS_PROTOCOL_DISCRIMINATOR_EMM;
|
||||
message.emm.h.message_type = NAS_SECURITY_MODE_COMMAND;
|
||||
|
||||
for (i = 0; i < mme_self()->num_of_integrity_order; i++) {
|
||||
if (mme_ue->ue_network_capability.eia &
|
||||
(0x80 >> mme_self()->integrity_order[i])) {
|
||||
mme_ue->selected_int_algorithm = mme_self()->integrity_order[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
for (i = 0; i < mme_self()->num_of_ciphering_order; i++) {
|
||||
if (mme_ue->ue_network_capability.eea &
|
||||
(0x80 >> mme_self()->ciphering_order[i])) {
|
||||
mme_ue->selected_enc_algorithm = mme_self()->ciphering_order[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
mme_ue->selected_int_algorithm = mme_selected_int_algorithm(mme_ue);
|
||||
mme_ue->selected_enc_algorithm = mme_selected_enc_algorithm(mme_ue);
|
||||
|
||||
selected_nas_security_algorithms->type_of_integrity_protection_algorithm =
|
||||
mme_ue->selected_int_algorithm;
|
||||
|
|
|
@ -143,6 +143,17 @@ int emm_handle_attach_request(
|
|||
sizeof(attach_request->ms_network_capability));
|
||||
}
|
||||
|
||||
if (mme_selected_int_algorithm(mme_ue) == NAS_SECURITY_ALGORITHMS_EIA0) {
|
||||
ogs_warn("Encrypt[0x%x] can be skipped with EEA0, "
|
||||
"but Integrity[0x%x] cannot be bypassed with EIA0",
|
||||
mme_selected_enc_algorithm(mme_ue),
|
||||
mme_selected_int_algorithm(mme_ue));
|
||||
nas_send_attach_reject(mme_ue,
|
||||
EMM_CAUSE_UE_SECURITY_CAPABILITIES_MISMATCH,
|
||||
ESM_CAUSE_PROTOCOL_ERROR_UNSPECIFIED);
|
||||
return OGS_ERROR;
|
||||
}
|
||||
|
||||
switch (eps_mobile_identity->imsi.type) {
|
||||
case NAS_EPS_MOBILE_IDENTITY_IMSI:
|
||||
memcpy(&mme_ue->nas_mobile_identity_imsi,
|
||||
|
|
|
@ -2815,3 +2815,34 @@ int mme_m_tmsi_free(mme_m_tmsi_t *m_tmsi)
|
|||
return OGS_OK;
|
||||
}
|
||||
|
||||
uint8_t mme_selected_int_algorithm(mme_ue_t *mme_ue)
|
||||
{
|
||||
int i;
|
||||
|
||||
ogs_assert(mme_ue);
|
||||
|
||||
for (i = 0; i < mme_self()->num_of_integrity_order; i++) {
|
||||
if (mme_ue->ue_network_capability.eia &
|
||||
(0x80 >> mme_self()->integrity_order[i])) {
|
||||
return mme_self()->integrity_order[i];
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
uint8_t mme_selected_enc_algorithm(mme_ue_t *mme_ue)
|
||||
{
|
||||
int i;
|
||||
|
||||
ogs_assert(mme_ue);
|
||||
|
||||
for (i = 0; i < mme_self()->num_of_ciphering_order; i++) {
|
||||
if (mme_ue->ue_network_capability.eea &
|
||||
(0x80 >> mme_self()->ciphering_order[i])) {
|
||||
return mme_self()->ciphering_order[i];
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -737,6 +737,9 @@ int mme_m_tmsi_pool_generate();
|
|||
mme_m_tmsi_t *mme_m_tmsi_alloc();
|
||||
int mme_m_tmsi_free(mme_m_tmsi_t *tmsi);
|
||||
|
||||
uint8_t mme_selected_int_algorithm(mme_ue_t *mme_ue);
|
||||
uint8_t mme_selected_enc_algorithm(mme_ue_t *mme_ue);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue