SecurityModeControl.c 42.1 KB
Newer Older
Cedric Roux's avatar
 
Cedric Roux committed
1
/*****************************************************************************
Cedric Roux's avatar
Cedric Roux committed
2
3
            Eurecom OpenAirInterface 3
            Copyright(c) 2012 Eurecom
Cedric Roux's avatar
 
Cedric Roux committed
4

Cedric Roux's avatar
Cedric Roux committed
5
Source      SecurityModeControl.c
Cedric Roux's avatar
 
Cedric Roux committed
6

Cedric Roux's avatar
Cedric Roux committed
7
Version     0.1
Cedric Roux's avatar
 
Cedric Roux committed
8

Cedric Roux's avatar
Cedric Roux committed
9
Date        2013/04/22
Cedric Roux's avatar
 
Cedric Roux committed
10

Cedric Roux's avatar
Cedric Roux committed
11
Product     NAS stack
Cedric Roux's avatar
 
Cedric Roux committed
12

Cedric Roux's avatar
Cedric Roux committed
13
Subsystem   Template body file
Cedric Roux's avatar
 
Cedric Roux committed
14

Cedric Roux's avatar
Cedric Roux committed
15
Author      Frederic Maurel
Cedric Roux's avatar
 
Cedric Roux committed
16

Cedric Roux's avatar
Cedric Roux committed
17
18
Description Defines the security mode control EMM procedure executed by the
        Non-Access Stratum.
Cedric Roux's avatar
 
Cedric Roux committed
19

Cedric Roux's avatar
Cedric Roux committed
20
21
22
23
        The purpose of the NAS security mode control procedure is to
        take an EPS security context into use, and initialise and start
        NAS signalling security between the UE and the MME with the
        corresponding EPS NAS keys and EPS security algorithms.
Cedric Roux's avatar
 
Cedric Roux committed
24

Cedric Roux's avatar
Cedric Roux committed
25
26
27
        Furthermore, the network may also initiate a SECURITY MODE COM-
        MAND in order to change the NAS security algorithms for a cur-
        rent EPS security context already in use.
Cedric Roux's avatar
 
Cedric Roux committed
28
29
30

*****************************************************************************/

31
32
33
34
#include <stdlib.h> // malloc, free
#include <string.h> // memcpy
#include <inttypes.h>

Cedric Roux's avatar
 
Cedric Roux committed
35
36
37
38
39
40
41
42
43
#include "emm_proc.h"
#include "nas_log.h"
#include "nas_timer.h"

#include "emmData.h"

#include "emm_sap.h"
#include "emm_cause.h"

44
#include "UeSecurityCapability.h"
45
46
47
48

#if defined(ENABLE_ITTI)
# include "assertions.h"
#endif
Cedric Roux's avatar
 
Cedric Roux committed
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

/****************************************************************************/
/****************  E X T E R N A L    D E F I N I T I O N S  ****************/
/****************************************************************************/

/****************************************************************************/
/*******************  L O C A L    D E F I N I T I O N S  *******************/
/****************************************************************************/

/*
 * --------------------------------------------------------------------------
 *  Internal data handled by the security mode control procedure in the UE
 * --------------------------------------------------------------------------
 */
#ifdef NAS_UE
Cedric Roux's avatar
Cedric Roux committed
64
65
static int _security_kdf(const OctetString *kasme, OctetString *key,
                         UInt8_t algo_dist, UInt8_t algo_id);
Cedric Roux's avatar
 
Cedric Roux committed
66

Cedric Roux's avatar
Cedric Roux committed
67
68
69
70
71
72
static int _security_knas_enc(const OctetString *kasme, OctetString *knas_enc,
                              UInt8_t eia);
static int _security_knas_int(const OctetString *kasme, OctetString *knas_int,
                              UInt8_t eea);
static int _security_kenb(const OctetString *kasme, OctetString *kenb,
                          UInt32_t count);
Cedric Roux's avatar
 
Cedric Roux committed
73
74
75
76
77

/*
 * Internal data used for security mode control procedure
 */
static struct {
Cedric Roux's avatar
Cedric Roux committed
78
    OctetString kenb;           /* eNodeB security key      */
Cedric Roux's avatar
 
Cedric Roux committed
79
80
} _security_data;

Cedric Roux's avatar
Cedric Roux committed
81
82
static void _security_release(emm_security_context_t *ctx);
#endif  // NAS_UE
Cedric Roux's avatar
 
Cedric Roux committed
83
84
85
86
87
88
89
90
91
92

/*
 * --------------------------------------------------------------------------
 *  Internal data handled by the security mode control procedure in the MME
 * --------------------------------------------------------------------------
 */
#ifdef NAS_MME
/*
 * Timer handlers
 */
Cedric Roux's avatar
Cedric Roux committed
93
static void *_security_t3460_handler(void *);
Cedric Roux's avatar
 
Cedric Roux committed
94
95
96
97
98
99

/*
 * Function executed whenever the ongoing EMM procedure that initiated
 * the security mode control procedure is aborted or the maximum value of the
 * retransmission timer counter is exceed
 */
Cedric Roux's avatar
Cedric Roux committed
100
static int _security_abort(void *);
Cedric Roux's avatar
 
Cedric Roux committed
101
102
103
104
105

/*
 * Internal data used for security mode control procedure
 */
typedef struct {
Cedric Roux's avatar
Cedric Roux committed
106
107
108
109
110
111
112
113
114
    unsigned int ueid;          /* UE identifier        */
#define SECURITY_COUNTER_MAX    5
    unsigned int retransmission_count;  /* Retransmission counter   */
    int ksi;                /* NAS key set identifier   */
    int eea;            /* Replayed EPS encryption algorithms   */
    int eia;            /* Replayed EPS integrity algorithms    */
    int notify_failure;     /* Indicates whether the security mode control
                 * procedure failure shall be notified to the
                 * ongoing EMM procedure        */
Cedric Roux's avatar
 
Cedric Roux committed
115
116
} security_data_t;

Cedric Roux's avatar
Cedric Roux committed
117
static int _security_request(security_data_t *data, int is_new);
Cedric Roux's avatar
 
Cedric Roux committed
118
119
120
121
122
123
124
125
#endif // NAS_MME

/****************************************************************************/
/******************  E X P O R T E D    F U N C T I O N S  ******************/
/****************************************************************************/

/*
 * --------------------------------------------------------------------------
Cedric Roux's avatar
Cedric Roux committed
126
 *      Security mode control procedure executed by the UE
Cedric Roux's avatar
 
Cedric Roux committed
127
128
129
130
131
 * --------------------------------------------------------------------------
 */
#ifdef NAS_UE
/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
132
 ** Name:    emm_proc_security_mode_command()                          **
Cedric Roux's avatar
 
Cedric Roux committed
133
134
 **                                                                        **
 ** Description: Performs the MME requested security mode control proce-   **
Cedric Roux's avatar
Cedric Roux committed
135
 **      dure.                                                     **
Cedric Roux's avatar
 
Cedric Roux committed
136
137
 **                                                                        **
 **              3GPP TS 24.301, section 5.4.3.3                           **
Cedric Roux's avatar
Cedric Roux committed
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
 **      Upon receiving the SECURITY MODE COMMAND message, the UE  **
 **      shall check whether the message can be accepted or not.   **
 **      If accepted the UE shall send a SECURITY MODE COMPLETE    **
 **      message integrity protected with the selected NAS inte-   **
 **      grity algorithm and ciphered with the selected NAS ciphe- **
 **      ring algorithm.                                           **
 **                                                                        **
 ** Inputs:  native_ksi:    TRUE if the security context is of type    **
 **             native (for KSIASME)                       **
 **      ksi:       The NAS ket sey identifier                 **
 **      seea:      Selected EPS cyphering algorithm           **
 **      seia:      Selected EPS integrity algorithm           **
 **      reea:      Replayed EPS cyphering algorithm           **
 **      reia:      Replayed EPS integrity algorithm           **
 **      Others:    None                                       **
 **                                                                        **
 ** Outputs:     None                                                      **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
157
158
159
 **                                                                        **
 ***************************************************************************/
int emm_proc_security_mode_command(int native_ksi, int ksi,
Cedric Roux's avatar
Cedric Roux committed
160
                                   int seea, int seia, int reea, int reia)
Cedric Roux's avatar
 
Cedric Roux committed
161
162
163
164
165
166
167
168
{
    LOG_FUNC_IN;

    int rc = RETURNerror;
    int emm_cause = EMM_CAUSE_SUCCESS;
    int security_context_is_new = FALSE;

    LOG_TRACE(INFO, "EMM-PROC  - Security mode control requested (ksi=%d)",
Cedric Roux's avatar
Cedric Roux committed
169
              ksi);
Cedric Roux's avatar
 
Cedric Roux committed
170
171
172
173
174
175
176
177
178
179

    /* Delete any previously stored RAND and RES and stop timer T3416 */
    (void) emm_proc_authentication_delete();

    /*
     * Check the replayed UE security capabilities
     */
    UInt8_t eea = (0x80 >> _emm_data.security->capability.encryption);
    UInt8_t eia = (0x80 >> _emm_data.security->capability.integrity);
    if ( (reea != eea) || (reia != eia) ) {
Cedric Roux's avatar
Cedric Roux committed
180
181
182
183
184
185
186
187
188
        LOG_TRACE(WARNING, "EMM-PROC  - Replayed UE security capabilities "
                  "rejected");
        emm_cause = EMM_CAUSE_UE_SECURITY_MISMATCH;

        /* XXX - For testing purpose UE always accepts EIA0
         * The UE shall accept "null integrity protection algorithm" EIA0 only
         * if a PDN connection for emergency bearer services is established or
         * the UE is establishing a PDN connection for emergency bearer services
         */
Cedric Roux's avatar
 
Cedric Roux committed
189
190
191
192
193
    }
    /*
     * Check the non-current EPS security context
     */
    else if (_emm_data.non_current == NULL) {
Cedric Roux's avatar
Cedric Roux committed
194
195
196
        LOG_TRACE(WARNING, "EMM-PROC  - Non-current EPS security context "
                  "is not valid");
        emm_cause = EMM_CAUSE_SECURITY_MODE_REJECTED;
Cedric Roux's avatar
 
Cedric Roux committed
197
198
199
200
201
    }
    /*
     * Update the non-current EPS security context
     */
    else {
Cedric Roux's avatar
Cedric Roux committed
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
        /* Update selected cyphering and integrity algorithms */
        _emm_data.non_current->capability.encryption = seea;
        _emm_data.non_current->capability.integrity = seia;

        /* Derive the NAS cyphering key */
        if (_emm_data.non_current->knas_enc.value == NULL) {
            _emm_data.non_current->knas_enc.value =
                (uint8_t *)malloc(AUTH_KNAS_ENC_SIZE);
            _emm_data.non_current->knas_enc.length = AUTH_KNAS_ENC_SIZE;
        }
        if (_emm_data.non_current->knas_enc.value != NULL) {
            rc = _security_knas_enc(&_emm_data.non_current->kasme,
                                    &_emm_data.non_current->knas_enc, seea);
        }
        /* Derive the NAS integrity key */
        if (_emm_data.non_current->knas_int.value == NULL) {
            _emm_data.non_current->knas_int.value =
                (uint8_t *)malloc(AUTH_KNAS_INT_SIZE);
            _emm_data.non_current->knas_int.length = AUTH_KNAS_INT_SIZE;
        }
        if (_emm_data.non_current->knas_int.value != NULL) {
            if (rc != RETURNerror) {
                rc = _security_knas_int(&_emm_data.non_current->kasme,
                                        &_emm_data.non_current->knas_int, seea);
            }
        }
        /* Derive the eNodeB key */
        if (_security_data.kenb.value == NULL) {
            _security_data.kenb.value = (uint8_t *)malloc(AUTH_KENB_SIZE);
            _security_data.kenb.length = AUTH_KENB_SIZE;
        }
        if (_security_data.kenb.value != NULL) {
            if (rc != RETURNerror) {
                rc = _security_kenb(&_security_data.kenb,
                                    &_emm_data.security->kasme,
                                    *(UInt32_t *)(&_emm_data.non_current->ul_count));
            }
        }

        /*
         * NAS security mode command accepted by the UE
         */
        if (rc != RETURNerror) {
            /* Update the current EPS security context */
            if ( native_ksi && (_emm_data.security->type != EMM_KSI_NATIVE) ) {
                /* The type of security context flag included in the SECURITY
                 * MODE COMMAND message is set to "native security context" and
                 * the UE has a mapped EPS security context as the current EPS
                 * security context */
                if ( (_emm_data.non_current->type == EMM_KSI_NATIVE) &&
                        (_emm_data.non_current->eksi == ksi) ) {
                    /* The KSI matches the non-current native EPS security
                     * context; the UE shall take the non-current native EPS
                     * security context into use which then becomes the
                     * current native EPS security context and delete the
                     * mapped EPS security context */
                    LOG_TRACE(INFO,
                              "EMM-PROC  - Update Current security context");
                    /* Release non-current security context */
                    _security_release(_emm_data.security);
                    _emm_data.security = _emm_data.non_current;
                    /* Reset the uplink NAS COUNT counter */
                    _emm_data.security->ul_count.overflow = 0;
                    _emm_data.security->ul_count.seq_num = 0;
                    /* Set new security context indicator */
                    security_context_is_new = TRUE;
                }
            }

            if ( !native_ksi && (_emm_data.security->type != EMM_KSI_NATIVE) ) {
                /* The type of security context flag included in the SECURITY
                 * MODE COMMAND message is set to "mapped security context" and
                 * the UE has a mapped EPS security context as the current EPS
                 * security context */
                if (ksi != _emm_data.security->eksi) {
                    /* The KSI does not match the current EPS security context;
                     * the UE shall reset the uplink NAS COUNT counter */
                    LOG_TRACE(INFO,
                              "EMM-PROC  - Reset uplink NAS COUNT counter");
                    _emm_data.security->ul_count.overflow = 0;
                    _emm_data.security->ul_count.seq_num = 0;
                }
            }
        }
        /*
         * NAS security mode command not accepted by the UE
         */
        else {
            /* Setup EMM cause code */
            emm_cause = EMM_CAUSE_SECURITY_MODE_REJECTED;
            /* Release security mode control internal data */
            if (_security_data.kenb.value) {
                free(_security_data.kenb.value);
                _security_data.kenb.value = NULL;
                _security_data.kenb.length = 0;
            }
        }
Cedric Roux's avatar
 
Cedric Roux committed
299
300
301
302
303
304
    }

    /* Setup EMM procedure handler to be executed upon receiving
     * lower layer notification */
    rc = emm_proc_lowerlayer_initialize(NULL, NULL, NULL, NULL);
    if (rc != RETURNok) {
Cedric Roux's avatar
Cedric Roux committed
305
306
307
        LOG_TRACE(WARNING,
                  "EMM-PROC  - Failed to initialize EMM procedure handler");
        LOG_FUNC_RETURN (RETURNerror);
Cedric Roux's avatar
 
Cedric Roux committed
308
309
310
311
312
313
314
315
316
317
318
319
320
321
    }

    /*
     * Notify EMM-AS SAP that Security Mode response message has to be sent
     * to the network
     */
    emm_sap_t emm_sap;
    emm_sap.primitive = EMMAS_SECURITY_RES;
    emm_sap.u.emm_as.u.security.guti = _emm_data.guti;
    emm_sap.u.emm_as.u.security.ueid = 0;
    emm_sap.u.emm_as.u.security.msgType = EMM_AS_MSG_TYPE_SMC;
    emm_sap.u.emm_as.u.security.emm_cause = emm_cause;
    /* Setup EPS NAS security data */
    emm_as_set_security_data(&emm_sap.u.emm_as.u.security.sctx,
Cedric Roux's avatar
Cedric Roux committed
322
                             _emm_data.security, security_context_is_new, TRUE);
Cedric Roux's avatar
 
Cedric Roux committed
323
324
325
326
327
328
329
330
    rc = emm_sap_send(&emm_sap);

    LOG_FUNC_RETURN (rc);
}
#endif // NAS_UE

/*
 * --------------------------------------------------------------------------
Cedric Roux's avatar
Cedric Roux committed
331
 *      Security mode control procedure executed by the MME
Cedric Roux's avatar
 
Cedric Roux committed
332
333
334
335
336
 * --------------------------------------------------------------------------
 */
#ifdef NAS_MME
/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
337
 ** Name:    emm_proc_security_mode_control()                          **
Cedric Roux's avatar
 
Cedric Roux committed
338
339
340
341
 **                                                                        **
 ** Description: Initiates the security mode control procedure.            **
 **                                                                        **
 **              3GPP TS 24.301, section 5.4.3.2                           **
Cedric Roux's avatar
Cedric Roux committed
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
 **      The MME initiates the NAS security mode control procedure **
 **      by sending a SECURITY MODE COMMAND message to the UE and  **
 **      starting timer T3460. The message shall be sent unciphe-  **
 **      red but shall be integrity protected using the NAS inte-  **
 **      grity key based on KASME.                                 **
 **                                                                        **
 ** Inputs:  ueid:      UE lower layer identifier                  **
 **      ksi:       NAS key set identifier                     **
 **      eea:       Replayed EPS encryption algorithms         **
 **      eia:       Replayed EPS integrity algorithms          **
 **      success:   Callback function executed when the secu-  **
 **             rity mode control procedure successfully   **
 **             completes                                  **
 **      reject:    Callback function executed when the secu-  **
 **             rity mode control procedure fails or is    **
 **             rejected                                   **
 **      failure:   Callback function executed whener a lower  **
 **             layer failure occured before the security  **
 **             mode control procedure comnpletes          **
 **      Others:    None                                       **
 **                                                                        **
 ** Outputs:     None                                                      **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
366
367
368
 **                                                                        **
 ***************************************************************************/
int emm_proc_security_mode_control(unsigned int ueid, int ksi, int eea, int eia,
Cedric Roux's avatar
Cedric Roux committed
369
370
371
                                   emm_common_success_callback_t success,
                                   emm_common_reject_callback_t reject,
                                   emm_common_failure_callback_t failure)
Cedric Roux's avatar
 
Cedric Roux committed
372
373
374
375
376
{
    int rc = RETURNerror;
    int security_context_is_new = FALSE;

    /* Get the UE context */
Cedric Roux's avatar
Cedric Roux committed
377
    emm_data_context_t *emm_ctx = NULL;
Cedric Roux's avatar
 
Cedric Roux committed
378

379
380
381
382
383
    LOG_FUNC_IN;

    LOG_TRACE(INFO, "EMM-PROC  - Initiate security mode control procedure "
              "KSI = %d", ksi);

Cedric Roux's avatar
 
Cedric Roux committed
384
385
386
387
388
389
390
391
392
393
394
#if defined(EPC_BUILD)
    if (ueid > 0) {
        emm_ctx = emm_data_context_get(&_emm_data, ueid);
    }
#else
    if (ueid < EMM_DATA_NB_UE_MAX) {
        emm_ctx = _emm_data.ctx[ueid];
    }
#endif

    if (emm_ctx && emm_ctx->security) {
Cedric Roux's avatar
Cedric Roux committed
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
        if (emm_ctx->security->type == EMM_KSI_NOT_AVAILABLE) {
            /* The security mode control procedure is initiated to take into use
             * the EPS security context created after a successful execution of
             * the EPS authentication procedure */
            emm_ctx->security->type = EMM_KSI_NATIVE;
            emm_ctx->security->eksi = ksi;
            emm_ctx->security->dl_count.overflow = 0;
            emm_ctx->security->dl_count.seq_num = 0;

            /* TODO !!! Compute Kasme, and NAS cyphering and integrity keys */

            /* Set new security context indicator */
            security_context_is_new = TRUE;
        }
    } else {
        LOG_TRACE(WARNING, "EMM-PROC  - No EPS security context exists");
        LOG_FUNC_RETURN (RETURNerror);
Cedric Roux's avatar
 
Cedric Roux committed
412
413
414
    }

    /* Allocate parameters of the retransmission timer callback */
Cedric Roux's avatar
Cedric Roux committed
415
416
    security_data_t *data =
        (security_data_t *)malloc(sizeof(security_data_t));
Cedric Roux's avatar
 
Cedric Roux committed
417
418

    if (data != NULL) {
Cedric Roux's avatar
Cedric Roux committed
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
        /* Setup ongoing EMM procedure callback functions */
        rc = emm_proc_common_initialize(ueid, success, reject, failure,
                                        _security_abort, data);
        if (rc != RETURNok) {
            LOG_TRACE(WARNING, "Failed to initialize EMM callback functions");
            free(data);
            LOG_FUNC_RETURN (RETURNerror);
        }
        /* Set the UE identifier */
        data->ueid = ueid;
        /* Reset the retransmission counter */
        data->retransmission_count = 0;
        /* Set the key set identifier */
        data->ksi = ksi;
        /* Set the EPS encryption algorithms to be replayed to the UE */
        data->eea = eea;
        /* Set the EPS integrity algorithms to be replayed to the UE */
        data->eia = eia;
        /* Set the failure notification indicator */
        data->notify_failure = FALSE;
        /* Send security mode command message to the UE */
        rc = _security_request(data, security_context_is_new);
        if (rc != RETURNerror) {
            /*
             * Notify EMM that common procedure has been initiated
             */
            emm_sap_t emm_sap;
            emm_sap.primitive = EMMREG_COMMON_PROC_REQ;
            emm_sap.u.emm_reg.ueid = ueid;
448
            emm_sap.u.emm_reg.ctx  = emm_ctx;
Cedric Roux's avatar
Cedric Roux committed
449
450
            rc = emm_sap_send(&emm_sap);
        }
Cedric Roux's avatar
 
Cedric Roux committed
451
452
453
454
455
456
457
    }

    LOG_FUNC_RETURN (rc);
}

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
458
 ** Name:    emm_proc_security_mode_complete()                         **
Cedric Roux's avatar
 
Cedric Roux committed
459
460
 **                                                                        **
 ** Description: Performs the security mode control completion procedure   **
Cedric Roux's avatar
Cedric Roux committed
461
 **      executed by the network.                                  **
Cedric Roux's avatar
 
Cedric Roux committed
462
463
 **                                                                        **
 **              3GPP TS 24.301, section 5.4.3.4                           **
Cedric Roux's avatar
Cedric Roux committed
464
465
466
467
468
 **      Upon receiving the SECURITY MODE COMPLETE message, the    **
 **      MME shall stop timer T3460.                               **
 **      From this time onward the MME shall integrity protect and **
 **      encipher all signalling messages with the selected NAS    **
 **      integrity and ciphering algorithms.                       **
Cedric Roux's avatar
 
Cedric Roux committed
469
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
470
471
 ** Inputs:  ueid:      UE lower layer identifier                  **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
472
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
473
474
475
 ** Outputs:     None                                                      **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
476
477
478
479
 **                                                                        **
 ***************************************************************************/
int emm_proc_security_mode_complete(unsigned int ueid)
{
Cedric Roux's avatar
Cedric Roux committed
480
    emm_data_context_t *emm_ctx = NULL;
Cedric Roux's avatar
 
Cedric Roux committed
481
482
483
484
485
486
487
488
489
490
491
492
493

    int rc = RETURNerror;
    emm_sap_t emm_sap;

    LOG_FUNC_IN;

    LOG_TRACE(INFO, "EMM-PROC  - Security mode complete (ueid=%u)", ueid);

    /* Stop timer T3460 */
    LOG_TRACE(INFO, "EMM-PROC  - Stop timer T3460 (%d)", T3460.id);
    T3460.id = nas_timer_stop(T3460.id);

    /* Release retransmission timer paramaters */
Cedric Roux's avatar
Cedric Roux committed
494
495
496
497
    security_data_t *data = (security_data_t *)(emm_proc_common_get_args(ueid));
    if (data) {
        free(data);
    }
Cedric Roux's avatar
 
Cedric Roux committed
498
499
500
501
502
503
504
505
506
507
508
509
510

    /* Get the UE context */
#if defined(EPC_BUILD)
    if (ueid > 0) {
        emm_ctx = emm_data_context_get(&_emm_data, ueid);
    }
#else
    if (ueid < EMM_DATA_NB_UE_MAX) {
        emm_ctx = _emm_data.ctx[ueid];
    }
#endif

    if (emm_ctx && emm_ctx->security) {
Cedric Roux's avatar
Cedric Roux committed
511
512
513
514
515
        /*
         * Notify EMM that the authentication procedure successfully completed
         */
        emm_sap.primitive = EMMREG_COMMON_PROC_CNF;
        emm_sap.u.emm_reg.ueid = ueid;
516
        emm_sap.u.emm_reg.ctx  = emm_ctx;
Cedric Roux's avatar
Cedric Roux committed
517
518
519
520
521
522
523
524
        emm_sap.u.emm_reg.u.common.is_attached = emm_ctx->is_attached;
    } else {
        LOG_TRACE(ERROR, "EMM-PROC  - No EPS security context exists");
        /*
         * Notify EMM that the authentication procedure failed
         */
        emm_sap.primitive = EMMREG_COMMON_PROC_REJ;
        emm_sap.u.emm_reg.ueid = ueid;
525
        emm_sap.u.emm_reg.ctx  = emm_ctx;
Cedric Roux's avatar
 
Cedric Roux committed
526
527
528
529
530
531
532
533
534
    }

    rc = emm_sap_send(&emm_sap);

    LOG_FUNC_RETURN (rc);
}

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
535
 ** Name:    emm_proc_security_mode_reject()                           **
Cedric Roux's avatar
 
Cedric Roux committed
536
537
538
539
 **                                                                        **
 ** Description: Performs the security mode control not accepted by the UE **
 **                                                                        **
 **              3GPP TS 24.301, section 5.4.3.5                           **
Cedric Roux's avatar
Cedric Roux committed
540
541
542
543
544
545
546
 **      Upon receiving the SECURITY MODE REJECT message, the MME  **
 **      shall stop timer T3460 and abort the ongoing procedure    **
 **      that triggered the initiation of the NAS security mode    **
 **      control procedure.                                        **
 **      The MME shall apply the EPS security context in use befo- **
 **      re the initiation of the security mode control procedure, **
 **      if any, to protect any subsequent messages.               **
Cedric Roux's avatar
 
Cedric Roux committed
547
548
 **                                                                        **
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
549
550
 ** Inputs:  ueid:      UE lower layer identifier                  **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
551
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
552
553
554
 ** Outputs:     None                                                      **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
555
556
557
558
 **                                                                        **
 ***************************************************************************/
int emm_proc_security_mode_reject(unsigned int ueid)
{
Cedric Roux's avatar
Cedric Roux committed
559
    emm_data_context_t *emm_ctx = NULL;
Cedric Roux's avatar
 
Cedric Roux committed
560
561
562
563
564
565
566
567
568
569
570
571
    int rc = RETURNerror;

    LOG_FUNC_IN;

    LOG_TRACE(WARNING, "EMM-PROC  - Security mode command not accepted by the UE"
              "(ueid=0x%08x)", ueid);

    /* Stop timer T3460 */
    LOG_TRACE(INFO, "EMM-PROC  - Stop timer T3460 (%d)", T3460.id);
    T3460.id = nas_timer_stop(T3460.id);

    /* Release retransmission timer paramaters */
Cedric Roux's avatar
Cedric Roux committed
572
573
574
575
    security_data_t *data = (security_data_t *)(emm_proc_common_get_args(ueid));
    if (data) {
        free(data);
    }
Cedric Roux's avatar
 
Cedric Roux committed
576
577
578
579
580

    /* Get the UE context */
#if defined(EPC_BUILD)
    if (ueid > 0) {
        emm_ctx = emm_data_context_get(&_emm_data, ueid);
581
        DevAssert(emm_ctx != NULL);
Cedric Roux's avatar
 
Cedric Roux committed
582
583
584
585
586
587
588
589
    }
#else
    if (ueid < EMM_DATA_NB_UE_MAX) {
        emm_ctx = _emm_data.ctx[ueid];
    }
#endif
    /* Set the key set identifier to its previous value */
    if (emm_ctx && emm_ctx->security) {
Cedric Roux's avatar
Cedric Roux committed
590
591
592
593
594
595
596
        /* XXX - Usually, the MME should be able to maintain a current and
         * a non-current EPS security context simultaneously as the UE do.
         * This implementation choose to have only one security context by UE
         * in the MME, thus security mode control procedure is only performed
         * to take into use the first EPS security context created after a
         * successful execution of the EPS authentication procedure */
        emm_ctx->security->type = EMM_KSI_NOT_AVAILABLE;
Cedric Roux's avatar
 
Cedric Roux committed
597
598
599
600
601
602
603
604
    }

    /*
     * Notify EMM that the authentication procedure failed
     */
    emm_sap_t emm_sap;
    emm_sap.primitive = EMMREG_COMMON_PROC_REJ;
    emm_sap.u.emm_reg.ueid = ueid;
605
    emm_sap.u.emm_reg.ctx  = emm_ctx;
Cedric Roux's avatar
 
Cedric Roux committed
606
607
608
609
610
611
612
613
614
615
616
617
618
    rc = emm_sap_send(&emm_sap);

    LOG_FUNC_RETURN (rc);
}
#endif // NAS_MME

/****************************************************************************/
/*********************  L O C A L    F U N C T I O N S  *********************/
/****************************************************************************/

#ifdef NAS_UE
/*
 * --------------------------------------------------------------------------
Cedric Roux's avatar
Cedric Roux committed
619
 *              UE specific local functions
Cedric Roux's avatar
 
Cedric Roux committed
620
621
622
623
624
 * --------------------------------------------------------------------------
 */

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
625
 ** Name:    _security_release()                                       **
Cedric Roux's avatar
 
Cedric Roux committed
626
627
628
 **                                                                        **
 ** Description: Releases the given EPS NAS security context               **
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
629
630
 ** Inputs:  ctx:       The EPS NAS security context to release    **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
631
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
632
633
634
 ** Outputs:     None                                                      **
 **      Return:    None                                       **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
635
636
 **                                                                        **
 ***************************************************************************/
Cedric Roux's avatar
Cedric Roux committed
637
static void _security_release(emm_security_context_t *ctx)
Cedric Roux's avatar
 
Cedric Roux committed
638
639
640
641
{
    LOG_FUNC_IN;

    if (ctx) {
Cedric Roux's avatar
Cedric Roux committed
642
643
644
645
646
647
648
649
650
651
652
653
654
655
        /* Release Kasme security key */
        if (ctx->kasme.value) {
            free(ctx->kasme.value);
        }
        /* Release NAS cyphering key */
        if (ctx->knas_enc.value) {
            free(ctx->knas_enc.value);
        }
        /* Release NAS integrity key */
        if (ctx->knas_int.value) {
            free(ctx->knas_int.value);
        }
        /* Release the NAS security context */
        free(ctx);
Cedric Roux's avatar
 
Cedric Roux committed
656
657
658
659
660
661
662
    }

    LOG_FUNC_OUT;
}

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
663
 ** Name:    _security_knas_enc()                                      **
Cedric Roux's avatar
 
Cedric Roux committed
664
665
 **                                                                        **
 ** Description: Algorithm Key generation function used for the derivation **
Cedric Roux's avatar
Cedric Roux committed
666
 **      of NAS encryption key Knas-enc from the Kasme.            **
Cedric Roux's avatar
 
Cedric Roux committed
667
668
669
 **                                                                        **
 **              3GPP TS 33.401, Annex A.7                                 **
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
670
671
672
 ** Inputs:  kasme:     Key Access Security Management Entity      **
 **      eea:       Cyphering algorithm identity               **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
673
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
674
675
676
 ** Outputs:     knas_enc:  Derived key for NAS cyphering algorithm    **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
677
678
 **                                                                        **
 ***************************************************************************/
Cedric Roux's avatar
Cedric Roux committed
679
680
static int _security_knas_enc(const OctetString *kasme, OctetString *knas_enc,
                              UInt8_t eea)
Cedric Roux's avatar
 
Cedric Roux committed
681
682
683
684
685
686
687
{
    LOG_FUNC_IN;
    LOG_FUNC_RETURN (_security_kdf(kasme, knas_enc, 0x01, eea));
}

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
688
 ** Name:    _security_knas_int()                                      **
Cedric Roux's avatar
 
Cedric Roux committed
689
690
 **                                                                        **
 ** Description: Algorithm Key generation function used for the derivation **
Cedric Roux's avatar
Cedric Roux committed
691
 **      of NAS integrity key Knas-int from the Kasme.             **
Cedric Roux's avatar
 
Cedric Roux committed
692
693
694
 **                                                                        **
 **              3GPP TS 33.401, Annex A.7                                 **
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
695
696
697
 ** Inputs:  kasme:     Key Access Security Management Entity      **
 **      eia:       Integrity algorithm identity               **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
698
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
699
700
701
 ** Outputs:     knas_int:  Derived key for NAS integrity algorithm    **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
702
703
 **                                                                        **
 ***************************************************************************/
Cedric Roux's avatar
Cedric Roux committed
704
705
static int _security_knas_int(const OctetString *kasme, OctetString *knas_int,
                              UInt8_t eia)
Cedric Roux's avatar
 
Cedric Roux committed
706
707
708
709
710
711
712
{
    LOG_FUNC_IN;
    LOG_FUNC_RETURN (_security_kdf(kasme, knas_int, 0x02, eia));
}

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
713
 ** Name:    _security_kenb()                                          **
Cedric Roux's avatar
 
Cedric Roux committed
714
715
 **                                                                        **
 ** Description: Computes the eNodeB key from Kasme and the given value of **
Cedric Roux's avatar
Cedric Roux committed
716
 **      uplink NAS counter.                                       **
Cedric Roux's avatar
 
Cedric Roux committed
717
718
719
 **                                                                        **
 **              3GPP TS 33.401, Annex A.3                                 **
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
720
721
722
 ** Inputs:  kasme:     Key Access Security Management Entity      **
 **      count:     Uplink NAS counter value                   **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
723
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
724
725
726
 ** Outputs:     kenb:      eNodeB security key                        **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
727
728
 **                                                                        **
 ***************************************************************************/
Cedric Roux's avatar
Cedric Roux committed
729
730
static int _security_kenb(const OctetString *kasme, OctetString *kenb,
                          UInt32_t count)
Cedric Roux's avatar
 
Cedric Roux committed
731
732
733
734
735
736
737
738
{
    /* Compute the KDF input parameter
     * S = FC(0x11) || UL NAS Count || 0x00 0x04
     */
    UInt8_t input[kasme->length];
    UInt16_t length = 4;
    int offset = 0;

Cedric Roux's avatar
Cedric Roux committed
739
740
741
742
    input[offset] = 0x11;
    offset += 1;
    input[offset] = count;
    offset += length;
Cedric Roux's avatar
 
Cedric Roux committed
743
744
745
746
747
748
749
750
751
    input[offset] = length;

    /* TODO !!! Compute the derived key */
    // todo_hmac_256(key, input, kasme->value);
    return (RETURNok);
}

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
752
 ** Name:    _security_kdf()                                           **
Cedric Roux's avatar
 
Cedric Roux committed
753
754
 **                                                                        **
 ** Description: Algorithm Key generation function used for the derivation **
Cedric Roux's avatar
Cedric Roux committed
755
756
 **      of keys for NAS integrity and NAS encryption algorithms   **
 **      from Kasme, algorithm types and algorithm identities.     **
Cedric Roux's avatar
 
Cedric Roux committed
757
758
759
 **                                                                        **
 **              3GPP TS 33.401, Annex A.7                                 **
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
760
761
762
763
 ** Inputs:  kasme:     Key Access Security Management Entity      **
 **      algo_dist: Algorithm type distinguisher               **
 **      algo_id:   Algorithm identity                         **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
764
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
765
766
767
 ** Outputs:     key:       Derived key for NAS security protection    **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
768
769
 **                                                                        **
 ***************************************************************************/
Cedric Roux's avatar
Cedric Roux committed
770
771
static int _security_kdf(const OctetString *kasme, OctetString *key,
                         UInt8_t algo_dist, UInt8_t algo_id)
Cedric Roux's avatar
 
Cedric Roux committed
772
773
774
{
    /* Compute the KDF input parameter
     * S = FC(0x15) || Algorithm distinguisher || 0x00 0x01
Cedric Roux's avatar
Cedric Roux committed
775
            || Algorithm identity || 0x00 0x01
Cedric Roux's avatar
 
Cedric Roux committed
776
777
778
779
780
781
    */
    UInt8_t input[kasme->length];
    UInt16_t length = 1;
    int offset = 0;
    int size_of_length = sizeof(length);

Cedric Roux's avatar
Cedric Roux committed
782
783
784
785
786
787
788
789
    input[offset] = 0x15;
    offset += 1;
    input[offset] = algo_dist;
    offset += length;
    input[offset] = length;
    offset += size_of_length;
    input[offset] = algo_id;
    offset += length;
Cedric Roux's avatar
 
Cedric Roux committed
790
791
792
793
794
795
796
797
798
799
800
    input[offset] = length;

    /* TODO !!! Compute the derived key */
    // todo_hmac_256(key, input, kasme->value);
    return (RETURNok);
}
#endif // NAS_UE

#ifdef NAS_MME
/*
 * --------------------------------------------------------------------------
Cedric Roux's avatar
Cedric Roux committed
801
 *              Timer handlers
Cedric Roux's avatar
 
Cedric Roux committed
802
803
804
805
806
 * --------------------------------------------------------------------------
 */

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
807
 ** Name:    _security_t3460_handler()                                 **
Cedric Roux's avatar
 
Cedric Roux committed
808
809
 **                                                                        **
 ** Description: T3460 timeout handler                                     **
Cedric Roux's avatar
Cedric Roux committed
810
811
812
813
 **      Upon T3460 timer expiration, the security mode command    **
 **      message is retransmitted and the timer restarted. When    **
 **      retransmission counter is exceed, the MME shall abort the **
 **      security mode control procedure.                          **
Cedric Roux's avatar
 
Cedric Roux committed
814
815
816
 **                                                                        **
 **              3GPP TS 24.301, section 5.4.3.7, case b                   **
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
817
818
 ** Inputs:  args:      handler parameters                         **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
819
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
820
821
822
 ** Outputs:     None                                                      **
 **      Return:    None                                       **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
823
824
 **                                                                        **
 ***************************************************************************/
Cedric Roux's avatar
Cedric Roux committed
825
static void *_security_t3460_handler(void *args)
Cedric Roux's avatar
 
Cedric Roux committed
826
827
828
829
830
{
    LOG_FUNC_IN;

    int rc;

Cedric Roux's avatar
Cedric Roux committed
831
    security_data_t *data = (security_data_t *)(args);
Cedric Roux's avatar
 
Cedric Roux committed
832
833
834
835
836

    /* Increment the retransmission counter */
    data->retransmission_count += 1;

    LOG_TRACE(WARNING, "EMM-PROC  - T3460 timer expired, retransmission "
Cedric Roux's avatar
Cedric Roux committed
837
              "counter = %d", data->retransmission_count);
Cedric Roux's avatar
 
Cedric Roux committed
838
839

    if (data->retransmission_count < SECURITY_COUNTER_MAX) {
Cedric Roux's avatar
Cedric Roux committed
840
841
842
843
844
845
846
        /* Send security mode command message to the UE */
        rc = _security_request(data, FALSE);
    } else {
        /* Set the failure notification indicator */
        data->notify_failure = TRUE;
        /* Abort the security mode control procedure */
        rc = _security_abort(data);
Cedric Roux's avatar
 
Cedric Roux committed
847
848
849
850
851
852
853
    }

    LOG_FUNC_RETURN (NULL);
}

/*
 * --------------------------------------------------------------------------
Cedric Roux's avatar
Cedric Roux committed
854
 *              MME specific local functions
Cedric Roux's avatar
 
Cedric Roux committed
855
856
857
858
859
 * --------------------------------------------------------------------------
 */

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
860
 ** Name:    _security_request()                                       **
Cedric Roux's avatar
 
Cedric Roux committed
861
862
863
 **                                                                        **
 ** Description: Sends SECURITY MODE COMMAND message and start timer T3460 **
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
864
865
866
867
 ** Inputs:  data:      Security mode control internal data        **
 **      is_new:    Indicates whether a new security context   **
 **             has just been taken into use               **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
868
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
869
870
871
 ** Outputs:     None                                                      **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    T3460                                      **
Cedric Roux's avatar
 
Cedric Roux committed
872
873
 **                                                                        **
 ***************************************************************************/
Cedric Roux's avatar
Cedric Roux committed
874
int _security_request(security_data_t *data, int is_new)
Cedric Roux's avatar
 
Cedric Roux committed
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
{
    struct emm_data_context_s *emm_ctx = NULL;

    emm_sap_t emm_sap;
    int rc;

    LOG_FUNC_IN;

    /*
     * Notify EMM-AS SAP that Security Mode Command message has to be sent
     * to the UE
     */
    emm_sap.primitive = EMMAS_SECURITY_REQ;
    emm_sap.u.emm_as.u.security.guti = NULL;
    emm_sap.u.emm_as.u.security.ueid = data->ueid;
    emm_sap.u.emm_as.u.security.msgType = EMM_AS_MSG_TYPE_SMC;
    emm_sap.u.emm_as.u.security.ksi = data->ksi;
    emm_sap.u.emm_as.u.security.eea = data->eea;
    emm_sap.u.emm_as.u.security.eia = data->eia;

#if defined(EPC_BUILD)
    if (data->ueid > 0) {
        emm_ctx = emm_data_context_get(&_emm_data, data->ueid);
    }
#else
    if (data->ueid < EMM_DATA_NB_UE_MAX) {
        emm_ctx = _emm_data.ctx[data->ueid];
    }
#endif

    /* Setup EPS NAS security data */
    emm_as_set_security_data(&emm_sap.u.emm_as.u.security.sctx,
                             emm_ctx->security, is_new, FALSE);
    rc = emm_sap_send(&emm_sap);

    if (rc != RETURNerror) {
Cedric Roux's avatar
Cedric Roux committed
911
912
913
914
915
916
917
918
919
        if (T3460.id != NAS_TIMER_INACTIVE_ID) {
            /* Re-start T3460 timer */
            T3460.id = nas_timer_restart(T3460.id);
        } else {
            /* Start T3460 timer */
            T3460.id = nas_timer_start(T3460.sec, _security_t3460_handler, data);
        }
        LOG_TRACE(INFO,"EMM-PROC  - Timer T3460 (%d) expires in %ld seconds",
                  T3460.id, T3460.sec);
Cedric Roux's avatar
 
Cedric Roux committed
920
921
922
923
924
925
926
    }

    LOG_FUNC_RETURN (rc);
}

/****************************************************************************
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
927
 ** Name:    _security_abort()                                         **
Cedric Roux's avatar
 
Cedric Roux committed
928
929
 **                                                                        **
 ** Description: Aborts the security mode control procedure currently in   **
Cedric Roux's avatar
Cedric Roux committed
930
 **      progress                                                  **
Cedric Roux's avatar
 
Cedric Roux committed
931
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
932
933
 ** Inputs:  args:      Security mode control data to be released  **
 **      Others:    None                                       **
Cedric Roux's avatar
 
Cedric Roux committed
934
 **                                                                        **
Cedric Roux's avatar
Cedric Roux committed
935
936
937
 ** Outputs:     None                                                      **
 **      Return:    RETURNok, RETURNerror                      **
 **      Others:    T3460                                      **
Cedric Roux's avatar
 
Cedric Roux committed
938
939
 **                                                                        **
 ***************************************************************************/
Cedric Roux's avatar
Cedric Roux committed
940
static int _security_abort(void *args)
Cedric Roux's avatar
 
Cedric Roux committed
941
942
943
944
945
{
    LOG_FUNC_IN;

    int rc = RETURNerror;

Cedric Roux's avatar
Cedric Roux committed
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
    security_data_t *data = (security_data_t *)(args);

    if (data) {
        unsigned int ueid = data->ueid;
        int notify_failure = data->notify_failure;

        LOG_TRACE(WARNING, "EMM-PROC  - Abort security mode control procedure "
                  "(ueid=%u)", ueid);

        /* Stop timer T3460 */
        if (T3460.id != NAS_TIMER_INACTIVE_ID) {
            LOG_TRACE(INFO, "EMM-PROC  - Stop timer T3460 (%d)", T3460.id);
            T3460.id = nas_timer_stop(T3460.id);
        }
        /* Release retransmission timer paramaters */
        free(data);

        /*
         * Notify EMM that the security mode control procedure failed
         */
        if (notify_failure) {
            emm_sap_t emm_sap;
            emm_sap.primitive = EMMREG_COMMON_PROC_REJ;
            emm_sap.u.emm_reg.ueid = ueid;
            rc = emm_sap_send(&emm_sap);
        } else {
            rc = RETURNok;
        }
Cedric Roux's avatar
 
Cedric Roux committed
974
975
976
977
978
979
980
    }

    LOG_FUNC_RETURN (rc);
}

#endif // NAS_MME