NAS 5G MM: Reject Identity Request without Authentication

Hello,

the NR-UE Implementation seems to miss the Header check for Identity Request messages sent from the core network (or an attacker). Although the handling only fills the SUCI in openair3/NAS/NR_UE/nr_nas_msg.c:808 and no other identifiers, the privacy leak is limited. However, the processing should ideally not even start if a non-SUCI Identity is picked. Instead, currently this check seems to be missing.

I am willing to fix this issue with prior discussions, on how this issue should be addressed 😄

I was thinking of introducing a separate handleIdentityRequest function, which checks the requested and and drops the message or sends a 5GMM Cause, if preconditions are not met. For the other identities, the generateIdentityResponse can be called. What do you think?