Commit 5345032a authored by gauthier's avatar gauthier
Browse files

Integrity seems to work (simple scenario with EURECOM UE), encryption should...

Integrity seems to work (simple scenario with EURECOM UE), encryption should be far more easier to set up since they use the same mechanisms.

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@5579 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 65c84039
......@@ -65,6 +65,21 @@ int mme_app_request_authentication_info(const mme_app_imsi_t imsi,
auth_info_req = &message_p->ittiMsg.s6a_auth_info_req;
MME_APP_IMSI_TO_STRING(imsi, auth_info_req->imsi);
memcpy(&auth_info_req->visited_plmn, plmn, sizeof(plmn_t));
MME_APP_DEBUG("%s visited_plmn MCC %X%X%X MNC %X%X%X\n",
__FUNCTION__,
auth_info_req->visited_plmn.MCCdigit1,
auth_info_req->visited_plmn.MCCdigit2,
auth_info_req->visited_plmn.MCCdigit3,
auth_info_req->visited_plmn.MNCdigit1,
auth_info_req->visited_plmn.MNCdigit2,
auth_info_req->visited_plmn.MNCdigit3);
uint8_t *ptr = (uint8_t *)&auth_info_req->visited_plmn;
MME_APP_DEBUG("%s visited_plmn %X%X%X%X%X%X\n",
__FUNCTION__,
ptr[0],
ptr[1],
ptr[2]);
auth_info_req->nb_of_vectors = nb_of_vectors;
if (auts != NULL) {
auth_info_req->re_synchronization = 1;
......
......@@ -287,13 +287,15 @@ mme_app_handle_conn_est_cnf(
mme_app_connection_establishment_cnf_t *establishment_cnf_p = NULL;
bearer_context_t *current_bearer_p = NULL;
ebi_t bearer_id = 0;
uint8_t *keNB = NULL;
uint8_t keNB[32];
MME_APP_DEBUG("Received NAS_CONNECTION_ESTABLISHMENT_CNF from NAS\n");
ue_context_p = mme_ue_context_exists_nas_ue_id(&mme_app_desc.mme_ue_contexts, nas_conn_est_cnf_pP->UEid);
if (ue_context_p == NULL) {
MME_APP_ERROR("UE context doesn't exist\n");
MME_APP_ERROR("UE context doesn't exist for UE ox%08X/dec%u\n",
nas_conn_est_cnf_pP->UEid,
nas_conn_est_cnf_pP->UEid);
return;
}
......@@ -332,9 +334,8 @@ mme_app_handle_conn_est_cnf(
establishment_cnf_p->ambr = ue_context_p->used_ambr;
MME_APP_DEBUG("Derive keNB with UL NAS COUNT %x\n", nas_conn_est_cnf_pP->ul_nas_count);
derive_keNB(ue_context_p->vector_in_use->kasme, nas_conn_est_cnf_pP->ul_nas_count, &keNB); //156
derive_keNB(ue_context_p->vector_in_use->kasme, nas_conn_est_cnf_pP->ul_nas_count, keNB); //156
memcpy(establishment_cnf_p->keNB, keNB, 32);
free(keNB);
itti_send_msg_to_task(TASK_S1AP, INSTANCE_DEFAULT, message_p);
}
......@@ -355,8 +356,9 @@ mme_app_handle_conn_est_ind(
&mme_app_desc.mme_ue_contexts,
conn_est_ind_pP->mme_ue_s1ap_id);
if (ue_context_p == NULL) {
MME_APP_DEBUG("We didn't find this mme_ue_s1ap_id in list of UE: %08x\n",
conn_est_ind_pP->mme_ue_s1ap_id);
MME_APP_DEBUG("We didn't find this mme_ue_s1ap_id in list of UE: 0x%08x/dec%u\n",
conn_est_ind_pP->mme_ue_s1ap_id,
conn_est_ind_pP->mme_ue_s1ap_id);
MME_APP_DEBUG("UE context doesn't exist -> create one\n");
if ((ue_context_p = mme_create_new_ue_context()) == NULL) {
/* Error during ue context malloc */
......@@ -369,11 +371,15 @@ mme_app_handle_conn_est_ind(
ue_context_p->ue_id = conn_est_ind_pP->mme_ue_s1ap_id;
DevAssert(mme_insert_ue_context(&mme_app_desc.mme_ue_contexts, ue_context_p) == 0);
// test
// tests
ue_context_p = mme_ue_context_exists_mme_ue_s1ap_id(
&mme_app_desc.mme_ue_contexts,
conn_est_ind_pP->mme_ue_s1ap_id);
AssertFatal(ue_context_p != NULL, "mme_ue_context_exists_mme_ue_s1ap_id Failed");
ue_context_p = mme_ue_context_exists_nas_ue_id(
&mme_app_desc.mme_ue_contexts,
conn_est_ind_pP->mme_ue_s1ap_id);
AssertFatal(ue_context_p != NULL, "mme_ue_context_exists_nas_ue_id Failed");
}
message_p = itti_alloc_new_message(TASK_MME_APP, NAS_CONNECTION_ESTABLISHMENT_IND);
......
......@@ -101,11 +101,11 @@ void *mme_app_thread(void *args)
mme_app_handle_nas_pdn_connectivity_req(&received_message_p->ittiMsg.nas_pdn_connectivity_req);
} break;
//case NAS_CONNECTION_ESTABLISHMENT_CNF: {
case NAS_CONNECTION_ESTABLISHMENT_CNF: {
mme_app_handle_conn_est_cnf(&NAS_CONNECTION_ESTABLISHMENT_CNF(received_message_p));
} break;
// From S1AP Initiating Message/EMM Attach Request
case MME_APP_CONNECTION_ESTABLISHMENT_IND: {
mme_app_handle_conn_est_ind(&MME_APP_CONNECTION_ESTABLISHMENT_IND(received_message_p));
} break;
......
......@@ -108,6 +108,7 @@ _nas_message_encrypt(
UInt8_t type,
UInt32_t code,
UInt8_t seq,
int const direction,
int length,
const emm_security_context_t * const emm_security_context);
......@@ -166,6 +167,11 @@ nas_message_encrypt(
header->security_header_type,
header->message_authentication_code,
header->sequence_number,
#ifdef NAS_MME
SECU_DIRECTION_DOWNLINK,
#else
SECU_DIRECTION_UPLINK,
#endif
length - size,
emm_security_context);
/* Integrity protected the NAS message */
......@@ -183,7 +189,7 @@ nas_message_encrypt(
#endif
emm_security_context);
/* Set the message authentication code of the NAS message */
*(UInt32_t*)(outbuf + sizeof(UInt8_t)) = mac;
*(UInt32_t*)(outbuf + sizeof(UInt8_t)) = htonl(mac);
}
}
else {
......@@ -265,9 +271,22 @@ int nas_message_decrypt(
int size = _nas_message_header_decode(inbuf, header, length);
if (size < 0) {
LOG_TRACE(DEBUG, "MESSAGE TOO SHORT");
LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT);
}
else if (size > 1) {
#if defined(NAS_MME)
if (emm_security_context->ul_count.seq_num > header->sequence_number) {
emm_security_context->ul_count.overflow += 1;
}
emm_security_context->ul_count.seq_num = header->sequence_number;
#else
if (emm_security_context->dl_count.seq_num > header->sequence_number) {
emm_security_context->dl_count.overflow += 1;
}
emm_security_context->dl_count.seq_num = header->sequence_number;
#endif
/* Compute offset of the sequence number field */
int offset = size - sizeof(UInt8_t);
/* Compute the NAS message authentication code */
......@@ -281,20 +300,29 @@ int nas_message_decrypt(
#endif
emm_security_context);
/* Check NAS message integrity */
if (mac != header->message_authentication_code) {
LOG_TRACE(DEBUG,
"MAC Failure MSG:%08X(%u) <> INT ALGO:%08X(%u)",
header->message_authentication_code,
header->message_authentication_code,
mac,
mac);
#if defined(NAS_MME)
LOG_FUNC_RETURN (TLV_DECODE_MAC_MISMATCH);
#else
#warning "added test on integrity algorithm because of SECURITY_MODE_COMMAND not correctly handled in UE (check integrity)"
if (emm_security_context->selected_algorithms.integrity !=
NAS_SECURITY_ALGORITHMS_EIA0) {
LOG_FUNC_RETURN (TLV_DECODE_MAC_MISMATCH);
LOG_FUNC_RETURN (TLV_DECODE_MAC_MISMATCH);
} else {
LOG_TRACE(WARNING,
"MAC failure but continue due to EIA0 selected");
}
#endif
} else {
LOG_TRACE(DEBUG, "Integrity: MAC Success");
}
/* Decrypt the security protected NAS message */
......@@ -307,6 +335,7 @@ int nas_message_decrypt(
bytes = length - size;
}
else {
LOG_TRACE(DEBUG, "Plain NAS message found");
/* The input buffer contains a plain NAS message */
memcpy(outbuf, inbuf, length);
}
......@@ -341,15 +370,6 @@ int nas_message_decode(
LOG_FUNC_IN;
emm_security_context_t *emm_security_context = (emm_security_context_t*)security;
int bytes;
#if ((defined(EPC_BUILD) && defined(NAS_MME)) || (defined(ENABLE_NAS_UE_LOGGING) && defined(UE_BUILD) && defined(NAS_UE)))
int down_link;
# if ((defined(EPC_BUILD) && defined(NAS_MME)))
down_link = 0;
# else
down_link = 1;
# endif
#endif
/* Decode the header */
int size = _nas_message_header_decode(buffer, &msg->header, length);
......@@ -358,6 +378,18 @@ int nas_message_decode(
LOG_FUNC_RETURN (TLV_DECODE_BUFFER_TOO_SHORT);
}
else if (size > 1) {
#if defined(NAS_MME)
if (emm_security_context->ul_count.seq_num > msg->header.sequence_number) {
emm_security_context->ul_count.overflow += 1;
}
emm_security_context->ul_count.seq_num = msg->header.sequence_number;
#else
if (emm_security_context->dl_count.seq_num > msg->header.sequence_number) {
emm_security_context->dl_count.overflow += 1;
}
emm_security_context->dl_count.seq_num = msg->header.sequence_number;
#endif
/* Compute offset of the sequence number field */
int offset = size - sizeof(UInt8_t);
/* Compute the NAS message authentication code */
......@@ -431,15 +463,7 @@ int nas_message_encode(
emm_security_context_t *emm_security_context = (emm_security_context_t*)security;
int bytes;
#if ((defined(EPC_BUILD) && defined(NAS_MME)) || (defined(ENABLE_NAS_UE_LOGGING) && defined(UE_BUILD) && defined(NAS_UE)))
int down_link;
# if ((defined(EPC_BUILD) && defined(NAS_MME)))
down_link = 1;
# else
down_link = 0;
# endif
#endif
/* Encode the header */
int size = _nas_message_header_encode(buffer, &msg->header, length);
......@@ -459,9 +483,13 @@ int nas_message_encode(
/* Compute offset of the sequence number field */
int offset = size - sizeof(UInt8_t);
/* Compute the NAS message authentication code */
LOG_TRACE(DEBUG,
"offset %d = %d - %d, hdr encode = %d, length = %d bytes = %d",
offset, size, sizeof(UInt8_t),
size, length, bytes);
UInt32_t mac = _nas_message_get_mac(
buffer + offset,
length - offset,
bytes + size - offset,
#ifdef NAS_MME
SECU_DIRECTION_DOWNLINK,
#else
......@@ -469,7 +497,7 @@ int nas_message_encode(
#endif
emm_security_context);
/* Set the message authentication code of the NAS message */
*(UInt32_t*)(buffer + sizeof(UInt8_t)) = mac;
*(UInt32_t*)(buffer + sizeof(UInt8_t)) = htonl(mac);
if (emm_security_context) {
#ifdef NAS_MME
......@@ -832,6 +860,11 @@ static int _nas_message_protected_encode(
msg->header.security_header_type,
msg->header.message_authentication_code,
msg->header.sequence_number,
#ifdef NAS_MME
SECU_DIRECTION_DOWNLINK,
#else
SECU_DIRECTION_UPLINK,
#endif
size,
emm_security_context);
//seq, size);
......@@ -901,6 +934,7 @@ static int _nas_message_decrypt(
** type: The security header type **
** code: The message authentication code **
** seq: The sequence number **
** direction: The sequence number **
** length: Maximal capacity of the output buffer **
** Others: None **
** **
......@@ -917,17 +951,60 @@ static int _nas_message_encrypt(
UInt8_t type,
UInt32_t code,
UInt8_t seq,
int const direction,
int length,
const emm_security_context_t * const emm_security_context)
{
LOG_FUNC_IN;
int size = length;
if (!emm_security_context) {
LOG_TRACE(ERROR,
"No security context set for encryption protection algorithm");
LOG_FUNC_RETURN (0);
}
switch (emm_security_context->selected_algorithms.encryption) {
/* TODO: run the cyphering algorithm */
memcpy(dest, src, length);
case NAS_SECURITY_ALGORITHMS_EEA1: {
LOG_TRACE(WARNING,
"TODO NAS_SECURITY_ALGORITHMS_EEA1 dir %d ul_count.seq_num %d dl_count.seq_num %d",
direction,
emm_security_context->ul_count.seq_num,
emm_security_context->dl_count.seq_num);
memcpy(dest, src, length);
LOG_FUNC_RETURN (length);
LOG_FUNC_RETURN (size);
}break;
case NAS_SECURITY_ALGORITHMS_EEA2: {
LOG_TRACE(WARNING,
"TODO NAS_SECURITY_ALGORITHMS_EEA2 dir %d ul_count.seq_num %d dl_count.seq_num %d",
direction,
emm_security_context->ul_count.seq_num,
emm_security_context->dl_count.seq_num);
memcpy(dest, src, length);
LOG_FUNC_RETURN (length);
}break;
case NAS_SECURITY_ALGORITHMS_EEA0:
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EEA0 dir %d ul_count.seq_num %d dl_count.seq_num %d",
direction,
emm_security_context->ul_count.seq_num,
emm_security_context->dl_count.seq_num);
memcpy(dest, src, length);
LOG_FUNC_RETURN (length);
break;
default:
LOG_TRACE(ERROR,
"Unknown Cyphering protection algorithm %d",
emm_security_context->selected_algorithms.encryption);
break;
}
LOG_FUNC_RETURN (length);
}
/*
......@@ -938,21 +1015,22 @@ static int _nas_message_encrypt(
/****************************************************************************
** **
** Name: _nas_message_get_mac() **
** Name: _nas_message_get_mac() **
** **
** Description: Run integrity algorithm onto cyphered or uncyphered NAS **
** message encoded in the input buffer and return the compu- **
** ted message authentication code **
** message encoded in the input buffer and return the compu- **
** ted message authentication code **
** **
** Inputs buffer: Pointer to the integrity protected data **
** buffer **
** count: Value of the uplink NAS counter **
** length: Length of the input buffer **
** Others: None **
** Inputs buffer: Pointer to the integrity protected data **
** buffer **
** count: Value of the uplink NAS counter **
** length: Length of the input buffer **
** direction **
** Others: None **
** **
** Outputs: None **
** Return: The message authentication code **
** Others: None **
** Return: The message authentication code **
** Others: None **
** **
***************************************************************************/
static UInt32_t _nas_message_get_mac(
......@@ -982,11 +1060,8 @@ static UInt32_t _nas_message_get_mac(
UInt32_t count;
UInt32_t *mac32;
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA1 dir %d ul_count.seq_num %d dl_count.seq_num %d",
direction,
emm_security_context->ul_count.seq_num,
emm_security_context->dl_count.seq_num);
int i,bytes = 0;
if (direction == SECU_DIRECTION_UPLINK) {
count = 0x00000000 ||
((emm_security_context->ul_count.overflow && 0x0000FFFF) << 8) ||
......@@ -996,7 +1071,31 @@ static UInt32_t _nas_message_get_mac(
((emm_security_context->dl_count.overflow && 0x0000FFFF) << 8) ||
(emm_security_context->dl_count.seq_num & 0x000000FF);
}
stream_cipher.key = emm_security_context->knas_int.value;
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA1 dir %s count.seq_num %u count %u",
(direction == SECU_DIRECTION_UPLINK) ? "UPLINK":"DOWNLINK",
(direction == SECU_DIRECTION_UPLINK) ? emm_security_context->ul_count.seq_num:emm_security_context->dl_count.seq_num,
count);
fprintf(stderr, "\n[NAS]\t");
for (i=0; i < length; i++)
{
fprintf(stderr, "%.2hx ", (const unsigned char) buffer[i]);
/* Add new line when the number of displayed bytes exceeds
* the line's size */
if ( ++bytes > (16 - 1) ) {
bytes = 0;
fprintf(stderr, "\n[NAS]\t");
}
}
if (bytes % 16) {
fprintf(stderr, "\n");
}
fprintf(stderr, "\n");
fflush(stderr);
stream_cipher.key = emm_security_context->knas_int.value;
stream_cipher.key_length = AUTH_KNAS_INT_SIZE;
stream_cipher.count = count;
stream_cipher.bearer = 0x00; //33.401 section 8.1.1
......@@ -1009,10 +1108,14 @@ static UInt32_t _nas_message_get_mac(
&stream_cipher,
mac);
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA1 returned MAC %x.%x.%x.%x for length %d direction %d, count %d",
mac[0], mac[1], mac[2],mac[3], length, direction, count);
"NAS_SECURITY_ALGORITHMS_EIA1 returned MAC %x.%x.%x.%x(%u) for length %d direction %d, count %d",
mac[0], mac[1], mac[2],mac[3],
*((UInt32_t*)&mac),
length,
direction,
count);
mac32 = (UInt32_t*)&mac;
LOG_FUNC_RETURN (*mac32);
LOG_FUNC_RETURN (ntohl(*mac32));
}break;
case NAS_SECURITY_ALGORITHMS_EIA2: {
......@@ -1021,11 +1124,6 @@ static UInt32_t _nas_message_get_mac(
UInt32_t count;
UInt32_t *mac32;
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA2 dir %d ul_count.seq_num %d dl_count.seq_num %d",
direction,
emm_security_context->ul_count.seq_num,
emm_security_context->dl_count.seq_num);
if (direction == SECU_DIRECTION_UPLINK) {
count = 0x00000000 ||
((emm_security_context->ul_count.overflow && 0x0000FFFF) << 8) ||
......@@ -1035,6 +1133,12 @@ static UInt32_t _nas_message_get_mac(
((emm_security_context->dl_count.overflow && 0x0000FFFF) << 8) ||
(emm_security_context->dl_count.seq_num & 0x000000FF);
}
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA2 dir %s count.seq_num %u count %u",
(direction == SECU_DIRECTION_UPLINK) ? "UPLINK":"DOWNLINK",
(direction == SECU_DIRECTION_UPLINK) ? emm_security_context->ul_count.seq_num:emm_security_context->dl_count.seq_num,
count);
stream_cipher.key = emm_security_context->knas_int.value;
stream_cipher.key_length = AUTH_KNAS_INT_SIZE;
stream_cipher.count = count;
......@@ -1048,18 +1152,23 @@ static UInt32_t _nas_message_get_mac(
&stream_cipher,
mac);
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA2 returned MAC %x.%x.%x.%x for length %d direction %d, count %d",
mac[0], mac[1], mac[2],mac[3], length, direction, count);
"NAS_SECURITY_ALGORITHMS_EIA2 returned MAC %x.%x.%x.%x(%u) for length %d direction %d, count %d",
mac[0], mac[1], mac[2],mac[3],
*((UInt32_t*)&mac),
length,
direction,
count);
mac32 = (UInt32_t*)&mac;
LOG_FUNC_RETURN (*mac32);
LOG_FUNC_RETURN (ntohl(*mac32));
}break;
case NAS_SECURITY_ALGORITHMS_EIA0:
LOG_TRACE(DEBUG,
"NAS_SECURITY_ALGORITHMS_EIA0 dir %d ul_count.seq_num %d dl_count.seq_num %d",
direction,
emm_security_context->ul_count.seq_num,
emm_security_context->dl_count.seq_num);
"NAS_SECURITY_ALGORITHMS_EIA0 dir %s count.seq_num %u",
(direction == SECU_DIRECTION_UPLINK) ? "UPLINK":"DOWNLINK",
(direction == SECU_DIRECTION_UPLINK) ? emm_security_context->ul_count.seq_num:emm_security_context->dl_count.seq_num
);
#if defined(EPC_BUILD) || defined(UE_BUILD)
LOG_FUNC_RETURN (0);
#else
......@@ -1071,6 +1180,7 @@ static UInt32_t _nas_message_get_mac(
LOG_TRACE(ERROR,
"Unknown integrity protection algorithm %d",
emm_security_context->selected_algorithms.integrity);
break;
}
LOG_FUNC_RETURN (0);
}
......
......@@ -222,8 +222,8 @@ int usim_api_authenticate(const OctetString* rand_pP, const OctetString* autn_pP
int rc;
int i;
LOG_TRACE(DEBUG, "USIM-API - rand :");dump_octet_string(rand_pP);
LOG_TRACE(DEBUG, "USIM-API - autn :");dump_octet_string(autn_pP);
LOG_TRACE(DEBUG, "USIM-API - rand :%s",dump_octet_string(rand_pP));
LOG_TRACE(DEBUG, "USIM-API - autn :%s",dump_octet_string(autn_pP));
/* Compute the authentication response RES = f2K (RAND) */
/* Compute the cipher key CK = f3K (RAND) */
......@@ -233,9 +233,9 @@ int usim_api_authenticate(const OctetString* rand_pP, const OctetString* autn_pP
u8 ak[USIM_API_AK_SIZE];
f2345(_usim_api_k, rand_pP->value,
res_pP->value, ck_pP->value, ik_pP->value, ak);
LOG_TRACE(DEBUG, "USIM-API - res(f2) :");dump_octet_string(res_pP);
LOG_TRACE(DEBUG, "USIM-API - ck(f3) :");dump_octet_string(ck_pP);
LOG_TRACE(DEBUG, "USIM-API - ik(f4) :");dump_octet_string(ik_pP);
LOG_TRACE(DEBUG, "USIM-API - res(f2) :%s",dump_octet_string(res_pP));
LOG_TRACE(DEBUG, "USIM-API - ck(f3) :%s",dump_octet_string(ck_pP));
LOG_TRACE(DEBUG, "USIM-API - ik(f4) :%s",dump_octet_string(ik_pP));
LOG_TRACE(DEBUG, "USIM-API - ak(f5) : %02X%02X%02X%02X%02X%02X",
ak[0],ak[1],ak[2],ak[3],ak[4],ak[5]);
......
......@@ -1672,29 +1672,40 @@ static int _emm_attach_release(void *args)
if (emm_ctx->guti) {
free(emm_ctx->guti);
emm_ctx->guti = NULL;
}
if (emm_ctx->imsi) {
free(emm_ctx->imsi);
emm_ctx->imsi = NULL;
}
if (emm_ctx->imei) {
free(emm_ctx->imei);
emm_ctx->imei = NULL;
}
if (emm_ctx->esm_msg.length > 0) {
free(emm_ctx->esm_msg.value);
emm_ctx->esm_msg.value = NULL;
}
/* Release NAS security context */
if (emm_ctx->security) {
emm_security_context_t *security = emm_ctx->security;
if (security->kasme.value) {
free(security->kasme.value);
security->kasme.value = NULL;
security->kasme.length = 0;
}
if (security->knas_enc.value) {
free(security->knas_enc.value);
security->knas_enc.value = NULL;
security->knas_enc.length = 0;
}
if (security->knas_int.value) {
free(security->knas_int.value);
security->knas_int.value = NULL;
security->knas_int.length = 0;
}
free(emm_ctx->security);
emm_ctx->security = NULL;
}
/* Release the EMM context */
#if defined(EPC_BUILD)
......
......@@ -59,6 +59,7 @@ Description Defines the authentication EMM procedure executed by the
#include <stdlib.h> // malloc, free
#include <string.h> // memcpy, memcmp, memset
#include <arpa/inet.h> // htons
#include "emm_proc.h"
#include "nas_log.h"
......@@ -389,8 +390,7 @@ int emm_proc_authentication_request(int native_ksi, int ksi,
/* Derive the Kasme from the authentication challenge using
* the PLMN identity of the selected PLMN */
_emm_data.non_current->kasme.length = AUTH_KASME_SIZE;
_emm_data.non_current->kasme.value =
(uint8_t *)malloc(sizeof(AUTH_KASME_SIZE));
_emm_data.non_current->kasme.value = malloc(32);
_authentication_kasme(autn, &ck, &ik, &_emm_data.splmn,
&_emm_data.non_current->kasme);
/* NAS integrity and cyphering keys are not yet available */
......@@ -1171,68 +1171,78 @@ static int _authentication_kasme(const OctetString *autn,
{
LOG_FUNC_IN;
LOG_TRACE(INFO,"EMM-PROC _authentication_kasme INPUT CK %s",
dump_octet_string(ck));
LOG_TRACE(INFO,"EMM-PROC _authentication_kasme INPUT IK %s",
dump_octet_string(ik));
LOG_TRACE(INFO,"EMM-PROC _authentication_kasme INPUT AUTN %s",
dump_octet_string(autn));
LOG_TRACE(INFO,"EMM-PROC _authentication_kasme INPUT KASME LENGTH %u",
kasme->length);
/* Compute the derivation key KEY = CK || IK */
UInt8_t key[ck->length + ik->length];
memcpy(key, ck->value, ck->length);
memcpy(key + ck->length, ik->value, ik->length);
/* Compute the KDF input parameter