sec: add NEA3 ciphering engine

robertfalkenberg · robertfalkenberg · commit a48023af6442 · 2024-07-15T14:48:48.000Z
diff --git a/lib/security/CMakeLists.txt b/lib/security/CMakeLists.txt
@@ -11,6 +11,7 @@ set(SOURCES
   ciphering_engine_generic.cpp
   ciphering_engine_nea1.cpp
   ciphering_engine_nea2.cpp
+  ciphering_engine_nea3.cpp
   integrity_engine_generic.cpp
   security.cpp
   security_engine_impl.cpp
diff --git a/lib/security/ciphering_engine_nea3.cpp b/lib/security/ciphering_engine_nea3.cpp
@@ -0,0 +1,34 @@
+/**
+ *
+ * \section COPYRIGHT
+ *
+ * Copyright 2021-2024 Software Radio Systems Limited
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the distribution.
+ *
+ */
+
+#include "ciphering_engine_nea3.h"
+#include "srsran/security/ciphering.h"
+
+using namespace srsran;
+using namespace security;
+
+ciphering_engine_nea3::ciphering_engine_nea3(sec_128_key        k_128_enc_,
+                                             uint8_t            bearer_id_,
+                                             security_direction direction_) :
+  k_128_enc(k_128_enc_), bearer_id(bearer_id_), direction(direction_)
+{
+}
+
+security_result ciphering_engine_nea3::apply_ciphering(byte_buffer buf, size_t offset, uint32_t count)
+{
+  security_result  result{.buf = std::move(buf), .count = count};
+  byte_buffer_view msg{result.buf.value().begin() + offset, result.buf.value().end()};
+
+  security_nea3(k_128_enc, count, bearer_id, direction, msg);
+
+  return result;
+}
diff --git a/lib/security/ciphering_engine_nea3.h b/lib/security/ciphering_engine_nea3.h
@@ -0,0 +1,36 @@
+/**
+ *
+ * \section COPYRIGHT
+ *
+ * Copyright 2021-2024 Software Radio Systems Limited
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the distribution.
+ *
+ */
+
+#pragma once
+
+#include "srsran/security/ciphering_engine.h"
+#include "srsran/security/security.h"
+
+namespace srsran {
+namespace security {
+
+class ciphering_engine_nea3 final : public ciphering_engine
+{
+public:
+  ciphering_engine_nea3(sec_128_key k_128_enc_, uint8_t bearer_id_, security_direction direction_);
+  virtual ~ciphering_engine_nea3() = default;
+
+  security_result apply_ciphering(byte_buffer buf, size_t offset, uint32_t count) override;
+
+private:
+  sec_128_key        k_128_enc;
+  uint8_t            bearer_id;
+  security_direction direction;
+};
+
+} // namespace security
+} // namespace srsran
diff --git a/lib/security/security_engine_impl.cpp b/lib/security/security_engine_impl.cpp
@@ -14,6 +14,7 @@
 #include "ciphering_engine_generic.h"
 #include "ciphering_engine_nea1.h"
 #include "ciphering_engine_nea2.h"
+#include "ciphering_engine_nea3.h"
 #include "integrity_engine_generic.h"
 
 using namespace srsran;
@@ -42,9 +43,12 @@ security_engine_impl::security_engine_impl(security::sec_128_as_config sec_cfg,
       case ciphering_algorithm::nea2:
         cipher_eng = std::make_unique<ciphering_engine_nea2>(sec_cfg.k_128_enc, bearer_id, direction);
         break;
+      case ciphering_algorithm::nea3:
+        cipher_eng = std::make_unique<ciphering_engine_nea3>(sec_cfg.k_128_enc, bearer_id, direction);
+        break;
       default:
-        cipher_eng =
-            std::make_unique<ciphering_engine_generic>(sec_cfg.k_128_enc, bearer_id, direction, sec_cfg.cipher_algo);
+        // no cipher_eng for NEA0
+        break;
     }
   }
 }
diff --git a/tests/unittests/security/ciphering_engine_test.cpp b/tests/unittests/security/ciphering_engine_test.cpp
@@ -11,6 +11,7 @@
 #include "lib/security/ciphering_engine_generic.h"
 #include "lib/security/ciphering_engine_nea1.h"
 #include "lib/security/ciphering_engine_nea2.h"
+#include "lib/security/ciphering_engine_nea3.h"
 #include "nea1_test_set.h"
 #include "nea2_test_set.h"
 #include "nea3_test_set.h"
@@ -144,6 +145,26 @@ TEST_P(fxt_nea2, ciphering_engine_nea2)
   EXPECT_EQ(result.buf.value(), ciphertext);
 }
 
+TEST_P(fxt_nea3, ciphering_engine_nea3)
+{
+  nea_test_set param = GetParam();
+
+  // Pack hex strings into srsran types
+  sec_128_key key        = make_sec_128_key(param.key_cstr);
+  auto        dir        = static_cast<security_direction>(param.direction);
+  byte_buffer plaintext  = make_byte_buffer(param.plaintext_cstr).value();
+  byte_buffer ciphertext = make_byte_buffer(param.ciphertext_cstr).value();
+
+  // Create ciphering engine
+  std::unique_ptr<ciphering_engine> nea = std::make_unique<ciphering_engine_nea3>(key, param.bearer, dir);
+
+  // Apply ciphering and compare results
+  security_result result = nea->apply_ciphering(plaintext.deep_copy().value(), 0, param.count);
+  ASSERT_TRUE(result.buf.has_value());
+  ASSERT_TRUE(trim_tail_to_bitlength(result.buf.value(), param.length));
+  EXPECT_EQ(result.buf.value(), ciphertext);
+}
+
 TEST_P(fxt_nea1, ciphering_engine_generic_nea1)
 {
   nea_test_set param = GetParam();
