<p>laforge <strong>submitted</strong> this change.</p><p><a href="https://gerrit.osmocom.org/c/osmo-iuh/+/22756">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Jenkins Builder: Verified
pespin: Looks good to me, but someone else must approve
laforge: Looks good to me, approved
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">ranap_msg_factory: Allow detailed control over UEA/UIA algorithm encoded<br><br>Change-Id: I6d2d033b0427bdc84fee61e0f3cb7b29935214bf<br>Closes: OS#4143<br>---<br>M include/osmocom/ranap/ranap_msg_factory.h<br>M src/ranap_msg_factory.c<br>2 files changed, 51 insertions(+), 16 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/include/osmocom/ranap/ranap_msg_factory.h b/include/osmocom/ranap/ranap_msg_factory.h</span><br><span>index f1f3fcc..d89a1ae 100644</span><br><span>--- a/include/osmocom/ranap/ranap_msg_factory.h</span><br><span>+++ b/include/osmocom/ranap/ranap_msg_factory.h</span><br><span>@@ -13,6 +13,9 @@</span><br><span> struct msgb *ranap_new_msg_dt(uint8_t sapi, const uint8_t *nas, unsigned int nas_len);</span><br><span> </span><br><span> /*! \brief generate RANAP SECURITY MODE COMMAND message */</span><br><span style="color: hsl(120, 100%, 40%);">+struct msgb *ranap_new_msg_sec_mod_cmd2(const uint8_t *ik, const uint8_t *ck, enum RANAP_KeyStatus status,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t uia_bitmask, uint8_t uea_bitmask);</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> struct msgb *ranap_new_msg_sec_mod_cmd(const uint8_t *ik, const uint8_t *ck, enum RANAP_KeyStatus status);</span><br><span> </span><br><span> /*! \brief generate RANAP SECURITY MODE COMPLETE message */</span><br><span>diff --git a/src/ranap_msg_factory.c b/src/ranap_msg_factory.c</span><br><span>index 2ae2dbf..121514c 100644</span><br><span>--- a/src/ranap_msg_factory.c</span><br><span>+++ b/src/ranap_msg_factory.c</span><br><span>@@ -202,18 +202,15 @@</span><br><span> return msg;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">-static const enum RANAP_IntegrityProtectionAlgorithm ip_alg[2] = {</span><br><span style="color: hsl(0, 100%, 40%);">- RANAP_IntegrityProtectionAlgorithm_standard_UMTS_integrity_algorithm_UIA1,</span><br><span style="color: hsl(0, 100%, 40%);">- RANAP_IntegrityProtectionAlgorithm_standard_UMTS_integrity_algorithm_UIA2,</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-static const RANAP_EncryptionAlgorithm_t enc_alg[2] = {</span><br><span style="color: hsl(0, 100%, 40%);">- RANAP_EncryptionAlgorithm_standard_UMTS_encryption_algorith_UEA1,</span><br><span style="color: hsl(0, 100%, 40%);">- RANAP_EncryptionAlgorithm_standard_UMTS_encryption_algorithm_UEA2,</span><br><span style="color: hsl(0, 100%, 40%);">-};</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">-/*! \brief generate RANAP SECURITY MODE COMMAND message */</span><br><span style="color: hsl(0, 100%, 40%);">-struct msgb *ranap_new_msg_sec_mod_cmd(const uint8_t *ik, const uint8_t *ck, enum RANAP_KeyStatus status)</span><br><span style="color: hsl(120, 100%, 40%);">+/*! \brief generate RANAP SECURITY MODE COMMAND message.</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param[in] ik 128bit integrity protection key (mandatory)</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param[in] ck 128bit ciphering key (optional)</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param[in] status key status</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param[in] uia_bitmask bit-mask of UIA algorithms; Bit0 = UIA0 .. Bit2 = UIA2</span><br><span style="color: hsl(120, 100%, 40%);">+ * \param[in] uea_bitmask bit-mask of UEA algorithms; Bit0 = UEA0 .. Bit2 = UEA2; ck required</span><br><span style="color: hsl(120, 100%, 40%);">+ * \returns message buffer with encoded command message */</span><br><span style="color: hsl(120, 100%, 40%);">+struct msgb *ranap_new_msg_sec_mod_cmd2(const uint8_t *ik, const uint8_t *ck, enum RANAP_KeyStatus status,</span><br><span style="color: hsl(120, 100%, 40%);">+ uint8_t uia_bitmask, uint8_t uea_bitmask)</span><br><span> {</span><br><span> RANAP_SecurityModeCommandIEs_t ies;</span><br><span> RANAP_SecurityModeCommand_t out;</span><br><span>@@ -223,11 +220,26 @@</span><br><span> memset(&ies, 0, sizeof(ies));</span><br><span> memset(&out, 0, sizeof(out));</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- for (i = 0; i < ARRAY_SIZE(ip_alg); i++) {</span><br><span style="color: hsl(120, 100%, 40%);">+ for (i = 0; i < 8; i++) {</span><br><span style="color: hsl(120, 100%, 40%);">+ RANAP_IntegrityProtectionAlgorithm_t ialg;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!(uia_bitmask & (1 << i)))</span><br><span style="color: hsl(120, 100%, 40%);">+ continue;</span><br><span style="color: hsl(120, 100%, 40%);">+ switch (i) {</span><br><span style="color: hsl(120, 100%, 40%);">+ case 1:</span><br><span style="color: hsl(120, 100%, 40%);">+ ialg = RANAP_IntegrityProtectionAlgorithm_standard_UMTS_integrity_algorithm_UIA1;</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ case 2:</span><br><span style="color: hsl(120, 100%, 40%);">+ ialg = RANAP_IntegrityProtectionAlgorithm_standard_UMTS_integrity_algorithm_UIA2;</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ default:</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DRANAP, "Unsupported UIA algorithm UIA%d specified\n", i);</span><br><span style="color: hsl(120, 100%, 40%);">+ return NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* needs to be dynamically allocated, as</span><br><span> * SET_OF_free() will call FREEMEM() on it */</span><br><span> RANAP_IntegrityProtectionAlgorithm_t *alg = CALLOC(1, sizeof(*alg));</span><br><span style="color: hsl(0, 100%, 40%);">- *alg = ip_alg[i];</span><br><span style="color: hsl(120, 100%, 40%);">+ *alg = ialg;</span><br><span> ASN_SEQUENCE_ADD(&ies.integrityProtectionInformation.permittedAlgorithms, alg);</span><br><span> }</span><br><span> </span><br><span>@@ -235,11 +247,27 @@</span><br><span> </span><br><span> if (ck) {</span><br><span> ies.presenceMask = SECURITYMODECOMMANDIES_RANAP_ENCRYPTIONINFORMATION_PRESENT;</span><br><span style="color: hsl(0, 100%, 40%);">- for (i = 0; i < ARRAY_SIZE(ip_alg); i++) {</span><br><span style="color: hsl(120, 100%, 40%);">+ for (i = 0; i < 8; i++) {</span><br><span style="color: hsl(120, 100%, 40%);">+ RANAP_EncryptionAlgorithm_t ealg;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (!(uea_bitmask & (1 << i)))</span><br><span style="color: hsl(120, 100%, 40%);">+ continue;</span><br><span style="color: hsl(120, 100%, 40%);">+ switch (i) {</span><br><span style="color: hsl(120, 100%, 40%);">+ case 1:</span><br><span style="color: hsl(120, 100%, 40%);">+ ealg = RANAP_EncryptionAlgorithm_standard_UMTS_encryption_algorith_UEA1;</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ case 2:</span><br><span style="color: hsl(120, 100%, 40%);">+ ealg = RANAP_EncryptionAlgorithm_standard_UMTS_encryption_algorithm_UEA2;</span><br><span style="color: hsl(120, 100%, 40%);">+ break;</span><br><span style="color: hsl(120, 100%, 40%);">+ default:</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DRANAP, "Unsupported UEA algorithm UEA%d specified\n", i);</span><br><span style="color: hsl(120, 100%, 40%);">+ asn_set_empty(&ies.integrityProtectionInformation.permittedAlgorithms);</span><br><span style="color: hsl(120, 100%, 40%);">+ return NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> /* needs to be dynamically allocated, as</span><br><span> * SET_OF_free() will call FREEMEM() on it */</span><br><span> RANAP_EncryptionAlgorithm_t *alg = CALLOC(1, sizeof(*alg));</span><br><span style="color: hsl(0, 100%, 40%);">- *alg = enc_alg[i];</span><br><span style="color: hsl(120, 100%, 40%);">+ *alg = ealg;</span><br><span> ASN_SEQUENCE_ADD(&ies.encryptionInformation.permittedAlgorithms, alg);</span><br><span> }</span><br><span> BIT_STRING_fromBuf(&ies.encryptionInformation.key, ck, 16*8);</span><br><span>@@ -271,6 +299,10 @@</span><br><span> </span><br><span> return msg;</span><br><span> }</span><br><span style="color: hsl(120, 100%, 40%);">+struct msgb *ranap_new_msg_sec_mod_cmd(const uint8_t *ik, const uint8_t *ck, enum RANAP_KeyStatus status)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ return ranap_new_msg_sec_mod_cmd2(ik, ck, status, 0x06, 0x06);</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span> </span><br><span> /*! \brief generate RANAP SECURITY MODE COMPLETE message */</span><br><span> struct msgb *ranap_new_msg_sec_mod_compl(</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/c/osmo-iuh/+/22756">change 22756</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/c/osmo-iuh/+/22756"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-iuh </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: I6d2d033b0427bdc84fee61e0f3cb7b29935214bf </div>
<div style="display:none"> Gerrit-Change-Number: 22756 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins Builder </div>
<div style="display:none"> Gerrit-Reviewer: laforge <laforge@osmocom.org> </div>
<div style="display:none"> Gerrit-Reviewer: neels <nhofmeyr@sysmocom.de> </div>
<div style="display:none"> Gerrit-Reviewer: pespin <pespin@sysmocom.de> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>