<div dir="ltr">Hi Harald,<div><br></div><div>For the most part, you need to see the UNION definitions in src/mme/mme_context.h as below.</div><div><br></div><div>348 union {<br>349 struct {<br>350 ED3(uint8_t spare;,<br>351 uint16_t overflow;,<br>352 uint8_t sqn;)<br>353 } __attribute__ ((packed));<br>354 uint32_t i32;<br>355 } ul_count;<br></div><div><br></div><div>Therefore, increasing SQN will also increase ul_count.i32.</div><div><br></div><div>Let me add the comments in src/mme/nas_security.c<br></div><div><br></div><div>/* If SQN exeeds 1 bytes and turn in once again, </div><div> Overflow is increased */</div><div>197 if (mme_ue->ul_count.sqn > h->sequence_number)<br>198 mme_ue->ul_count.overflow++;</div><div><br></div><div>/* Always set SQN from UE's SQN as below */</div><div>199 mme_ue->ul_count.sqn = h->sequence_number;<br></div><div><br></div><div>Let me know if I have misunderstood anything.</div><div><br></div><div>Thanks a lot!</div><div><br></div><div>Best Regards,</div><div> Sukchan</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Jul 13, 2019 at 10:19 PM Harald Welte <<a href="mailto:laforge@gnumonks.org">laforge@gnumonks.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Sukchan and list,<br>
<br>
I'm currently reading the MME code and I'm having some trouble understanding<br>
the handling of the uplink counter for NAS security.<br>
<br>
I only see mme_ue->ul_count.i32 ever being set to '0' when a new security<br>
context is used. But I don't see it ever being incremented? I only see<br>
ul_count.sqn incremented, but then the nas_mac_calculate() always gets<br>
ul_count.i32 passed as input.<br>
<br>
So I'm somehow not understanding how the MAC can ever verify on any uplink<br>
message beyond/after the first one which establishes a new security context.<br>
<br>
What am I missing? Thanks for your insight!<br>
<br>
-- <br>
- Harald Welte <<a href="mailto:laforge@gnumonks.org" target="_blank">laforge@gnumonks.org</a>> <a href="http://laforge.gnumonks.org/" rel="noreferrer" target="_blank">http://laforge.gnumonks.org/</a><br>
============================================================================<br>
"Privacy in residential applications is a desirable marketing option."<br>
(ETSI EN 300 175-7 Ch. A6)<br>
</blockquote></div>