Security Mode Command: Perform Algorithm Rejection in NAS Handler

This change performs the algorithm rejection in the corresponding NAS
handler for 5G, since the protocol definitions differ between LTE and
5G, regarding NIA0/EIA0 user plane traffic.

Therefore, for 5G NIA0 is rejected, since it is not allowed under normal
circumstances, while LTE user plane traffic can indeed have EIA0
selected.

Signed-off-by: Eduard Vlad <eduard.vlad@rwth-aachen.de>
This commit is contained in:
Eduard Vlad
2025-05-22 14:31:34 +02:00
committed by Guido Casati
parent a2a8e3ba6d
commit 5e45ecb123
2 changed files with 7 additions and 8 deletions

View File

@@ -1296,8 +1296,13 @@ static void handle_security_mode_command(nr_ue_nas_t *nas, as_nas_info_t *initia
}
printf("\n");
/* todo: stream_security_container_delete() is not called anywhere, deal with that */
nas->security_container = stream_security_container_init(ciphering_algorithm, integrity_algorithm, knas_enc, knas_int);
if (integrity_algorithm != EIA0_ALG_ID) {
nas->security_container = stream_security_container_init(ciphering_algorithm, integrity_algorithm, knas_enc, knas_int);
} else {
LOG_E(NAS, "Rejecting Invalid NULL integrity %d for 5G!\n",
integrity_algorithm);
nas->security_container = NULL;
}
/* Handle the invalid container with a reject message */
if(nas->security_container == NULL) {

View File

@@ -118,12 +118,6 @@ stream_security_container_t *stream_security_container_init(int ciphering_algori
container->integrity_context = stream_integrity_init(integrity_algorithm, integrity_key);
container->ciphering_context = stream_ciphering_init(ciphering_algorithm, ciphering_key);
/* Reject invalid configurations, i.e. ones that set NIA0 */
if (container->integrity_context == NULL) {
stream_security_container_delete(container);
return NULL;
}
return container;
}