pespin submitted this change.

View Change

S1AP_Emulation: Fix new_ctx never set when building security header

The flag was never set to true. It needs to be set to true when building
the security head of Security Mode Complete after receiving Security
Mode Command with a new EPS security context.
TS 24.301 5.4.3.3

Change-Id: I76ad46f7ee5f49698e41da729cb6422866202951
---
M library/S1AP_Emulation.ttcn
M mme/LTE_CryptoFunctions.ttcn
2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/library/S1AP_Emulation.ttcn b/library/S1AP_Emulation.ttcn
index 3cce091..bc117ac 100644
--- a/library/S1AP_Emulation.ttcn
+++ b/library/S1AP_Emulation.ttcn
@@ -458,7 +458,7 @@
 		[] S1AP_CLIENT.receive(PDU_NAS_EPS:?) -> value nas sender vc_conn {
 			var integer assoc_id := f_assoc_id_by_comp(vc_conn);
 			var AssociationData ad := S1apAssociationTable[assoc_id];
-			nas := f_nas_encaps(S1apAssociationTable[assoc_id].nus, nas, new_ctx := false);
+			nas := f_nas_encaps(S1apAssociationTable[assoc_id].nus, nas);
 			var octetstring nas_enc := enc_PDU_NAS_EPS(nas);
 			S1AP.send(t_S1AP_Send(g_s1ap_conn_id,
 					      ts_S1AP_UlNasTransport(ad.mme_ue_s1ap_id,
diff --git a/mme/LTE_CryptoFunctions.ttcn b/mme/LTE_CryptoFunctions.ttcn
index f0ea990..c223409 100644
--- a/mme/LTE_CryptoFunctions.ttcn
+++ b/mme/LTE_CryptoFunctions.ttcn
@@ -88,7 +88,8 @@
 	NAS_ALG_ENC alg_enc,	/* NAS Encryption Algorithm */
 	octetstring k_nas_enc,	/* NAS Encryption Key */
 	integer rx_count,	/* frame counter (ATS rx side) */
-	integer tx_count	/* frame counter (ATS tx side) */
+	integer tx_count,	/* frame counter (ATS tx side) */
+	boolean new_ctx		/* Use "New EPS Security Context" when building next sec_hdr_t */
 };
 
 template (value) NAS_UE_State t_NAS_UE_State(NAS_Role role) := {
@@ -98,7 +99,8 @@
 	alg_enc := NAS_ALG_ENC_EEA0,
 	k_nas_enc := ''O,
 	rx_count := 0,
-	tx_count := 0
+	tx_count := 0,
+	new_ctx := false
 };
 
 type enumerated NAS_Role {
@@ -173,6 +175,7 @@
 	secp_nas := nas.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_SecurityProtectedNASMessage;
 	select (secp_nas.securityHeaderType) {
 	case ('0011'B) { /* IP with new EPS security context */
+		nus.new_ctx := true;
 		nus.rx_count := 0;
 		nus.alg_int := NAS_ALG_IP_EIA1; /* FIXME: from decoded inner message! */
 		if (not f_nas_check_ip(nus, secp_nas)) {
@@ -182,6 +185,7 @@
 		return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
 		}
 	case ('0001'B) { /* IP only */
+		nus.new_ctx := false;
 		if (not f_nas_check_ip(nus, secp_nas)) {
 			Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed");
 		}
@@ -189,6 +193,7 @@
 		return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
 		}
 	case ('0010'B) { /* IP + ciphered */
+		nus.new_ctx := false;
 		if (not f_nas_check_ip(nus, secp_nas)) {
 			Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed");
 		}
@@ -198,6 +203,7 @@
 		return dec_PDU_NAS_EPS(secp_nas.nAS_Message);
 		}
 	case ('0100'B) { /* IP + ciphered; new EPS security context */
+		nus.new_ctx := true;
 		nus.rx_count := 0;
 		if (not f_nas_check_ip(nus, secp_nas)) {
 			Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, "f_nas_check_ip() failed");
@@ -236,7 +242,7 @@
 }
 
 /* encapsulate a NAS message (encrypt, MAC) */
-function f_nas_encaps(inout NAS_UE_State nus, PDU_NAS_EPS nas_in, boolean new_ctx := false)
+function f_nas_encaps(inout NAS_UE_State nus, PDU_NAS_EPS nas_in)
 return PDU_NAS_EPS
 {
 	var boolean encrypt := false;
@@ -252,11 +258,11 @@
 		return nas_in;
 	}
 
-	if (new_ctx) {
+	if (nus.new_ctx) {
 		nus.tx_count := 0;
 	}
 
-	var BIT4 sec_hdr_t := f_nas_determine_sec_hdr_t(encrypt, authenticate, new_ctx);
+	var BIT4 sec_hdr_t := f_nas_determine_sec_hdr_t(encrypt, authenticate, nus.new_ctx);
 	var octetstring nas_enc := enc_PDU_NAS_EPS(nas_in);
 	if (encrypt) {
 		f_nas_encrypt(nus.alg_enc, nus.k_nas_enc, nus.tx_count, 0,

To view, visit change 37890. To unsubscribe, or for help writing mail filters, visit settings.