cu_cp: add additional checks before using the security context

FabianEckermann · FabianEckermann · commit ce02893d10dd · 2024-06-21T21:14:25.000+02:00
diff --git a/lib/cu_cp/routines/mobility/inter_cu_handover_target_routine.cpp b/lib/cu_cp/routines/mobility/inter_cu_handover_target_routine.cpp
@@ -76,6 +76,10 @@ void inter_cu_handover_target_routine::operator()(
   // Prepare E1AP Bearer Context Setup Request and call E1AP notifier
   {
     // Get security keys for Bearer Context Setup Request (RRC UE is not created yet)
+    if (!ue->get_security_manager().is_security_context_initialized()) {
+      logger.warning("ue={}: \"{}\" failed. Cause: Security context not initialized", request.ue_index, name());
+      CORO_EARLY_RETURN(generate_handover_resource_allocation_response(false));
+    }
     if (!fill_e1ap_bearer_context_setup_request(ue->get_security_manager().get_up_as_config())) {
       logger.warning("ue={}: \"{}\" failed to fill context at CU-UP", request.ue_index, name());
       CORO_EARLY_RETURN(generate_handover_resource_allocation_response(false));
diff --git a/lib/cu_cp/routines/mobility/inter_du_handover_routine.cpp b/lib/cu_cp/routines/mobility/inter_du_handover_routine.cpp
@@ -134,6 +134,12 @@ void inter_du_handover_routine::operator()(coro_context<async_task<cu_cp_inter_d
   // Inform CU-UP about new DL tunnels.
   {
     // get securtiy context of target UE
+    if (!target_ue->get_security_manager().is_security_context_initialized()) {
+      logger.warning(
+          "ue={}: \"{}\" failed. Cause: Security context not initialized", target_ue->get_ue_index(), name());
+      CORO_EARLY_RETURN(response_msg);
+    }
+
     if (!add_security_context_to_bearer_context_modification(target_ue->get_security_manager().get_up_as_config())) {
       logger.warning("ue={}: \"{}\" failed to create UE context at target DU", request.source_ue_index, name());
       CORO_AWAIT(ue_removal_handler.handle_ue_removal_request(target_ue_context_setup_request.ue_index));
diff --git a/lib/cu_cp/ue_security_manager/ue_security_manager_impl.cpp b/lib/cu_cp/ue_security_manager/ue_security_manager_impl.cpp
@@ -19,6 +19,11 @@ ue_security_manager::ue_security_manager(const security_manager_config& cfg_) :
 }
 
 // up_ue_security_manager
+bool ue_security_manager::is_security_context_initialized() const
+{
+  return sec_context.sel_algos.algos_selected;
+}
+
 security::sec_as_config ue_security_manager::get_up_as_config() const
 {
   return sec_context.get_as_config(security::sec_domain::up);
diff --git a/lib/cu_cp/ue_security_manager/ue_security_manager_impl.h b/lib/cu_cp/ue_security_manager/ue_security_manager_impl.h
@@ -23,6 +23,7 @@ class ue_security_manager
   ~ue_security_manager() = default;
 
   // up_ue_security_manager
+  [[nodiscard]] bool                        is_security_context_initialized() const;
   [[nodiscard]] security::sec_as_config     get_up_as_config() const;
   [[nodiscard]] security::sec_128_as_config get_up_128_as_config() const;
 

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,11 @@ ue_security_manager::ue_security_manager(const security_manager_config& cfg_) :`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`// up_ue_security_manager`
	`22`	`+bool ue_security_manager::is_security_context_initialized() const`
	`23`	`+{`
	`24`	`+ return sec_context.sel_algos.algos_selected;`
	`25`	`+}`
	`26`	`+`
`22`	`27`	`security::sec_as_config ue_security_manager::get_up_as_config() const`
`23`	`28`	`{`
`24`	`29`	`return sec_context.get_as_config(security::sec_domain::up);`