sec: add NEA1 ciphering engine

Author: robertfalkenberg

lib/security/CMakeLists.txt

@@ -9,6 +9,7 @@
 
 set(SOURCES
   ciphering_engine_generic.cpp
+  ciphering_engine_nea1.cpp
   ciphering_engine_nea2.cpp
   integrity_engine_generic.cpp
   security.cpp

lib/security/ciphering_engine_nea1.cpp

@@ -0,0 +1,34 @@
+/**
+ *
+ * \section COPYRIGHT
+ *
+ * Copyright 2021-2024 Software Radio Systems Limited
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the distribution.
+ *
+ */
+
+#include "ciphering_engine_nea1.h"
+#include "srsran/security/ciphering.h"
+
+using namespace srsran;
+using namespace security;
+
+ciphering_engine_nea1::ciphering_engine_nea1(sec_128_key        k_128_enc_,
+                                             uint8_t            bearer_id_,
+                                             security_direction direction_) :
+  k_128_enc(k_128_enc_), bearer_id(bearer_id_), direction(direction_)
+{
+}
+
+security_result ciphering_engine_nea1::apply_ciphering(byte_buffer buf, size_t offset, uint32_t count)
+{
+  security_result  result{.buf = std::move(buf), .count = count};
+  byte_buffer_view msg{result.buf.value().begin() + offset, result.buf.value().end()};
+
+  security_nea1(k_128_enc, count, bearer_id, direction, msg);
+
+  return result;
+}

lib/security/ciphering_engine_nea1.h

@@ -0,0 +1,36 @@
+/**
+ *
+ * \section COPYRIGHT
+ *
+ * Copyright 2021-2024 Software Radio Systems Limited
+ *
+ * By using this file, you agree to the terms and conditions set
+ * forth in the LICENSE file which can be found at the top level of
+ * the distribution.
+ *
+ */
+
+#pragma once
+
+#include "srsran/security/ciphering_engine.h"
+#include "srsran/security/security.h"
+
+namespace srsran {
+namespace security {
+
+class ciphering_engine_nea1 final : public ciphering_engine
+{
+public:
+  ciphering_engine_nea1(sec_128_key k_128_enc_, uint8_t bearer_id_, security_direction direction_);
+  virtual ~ciphering_engine_nea1() = default;
+
+  security_result apply_ciphering(byte_buffer buf, size_t offset, uint32_t count) override;
+
+private:
+  sec_128_key        k_128_enc;
+  uint8_t            bearer_id;
+  security_direction direction;
+};
+
+} // namespace security
+} // namespace srsran

lib/security/security_engine_impl.cpp

@@ -12,6 +12,7 @@
 
 #include "security_engine_impl.h"
 #include "ciphering_engine_generic.h"
+#include "ciphering_engine_nea1.h"
 #include "ciphering_engine_nea2.h"
 #include "integrity_engine_generic.h"
 
@@ -34,11 +35,16 @@ security_engine_impl::security_engine_impl(security::sec_128_as_config sec_cfg,
     }
   }
   if (ciphering_enabled == security::ciphering_enabled::on) {
-    if (sec_cfg.cipher_algo == ciphering_algorithm::nea2) {
-      cipher_eng = std::make_unique<ciphering_engine_nea2>(sec_cfg.k_128_enc, bearer_id, direction);
-    } else {
-      cipher_eng =
-          std::make_unique<ciphering_engine_generic>(sec_cfg.k_128_enc, bearer_id, direction, sec_cfg.cipher_algo);
+    switch (sec_cfg.cipher_algo) {
+      case ciphering_algorithm::nea1:
+        cipher_eng = std::make_unique<ciphering_engine_nea1>(sec_cfg.k_128_enc, bearer_id, direction);
+        break;
+      case ciphering_algorithm::nea2:
+        cipher_eng = std::make_unique<ciphering_engine_nea2>(sec_cfg.k_128_enc, bearer_id, direction);
+        break;
+      default:
+        cipher_eng =
+            std::make_unique<ciphering_engine_generic>(sec_cfg.k_128_enc, bearer_id, direction, sec_cfg.cipher_algo);
     }
   }
 }

tests/unittests/security/ciphering_engine_test.cpp

@@ -9,6 +9,7 @@
  */
 
 #include "lib/security/ciphering_engine_generic.h"
+#include "lib/security/ciphering_engine_nea1.h"
 #include "lib/security/ciphering_engine_nea2.h"
 #include "nea1_test_set.h"
 #include "nea2_test_set.h"
@@ -103,6 +104,26 @@ bool trim_tail_to_bitlength(byte_buffer_view buf, uint32_t bitlength)
   return true;
 }
 
+TEST_P(fxt_nea1, ciphering_engine_nea1)
+{
+  nea_test_set param = GetParam();
+
+  // Pack hex strings into srsran types
+  sec_128_key key        = make_sec_128_key(param.key_cstr);
+  auto        dir        = static_cast<security_direction>(param.direction);
+  byte_buffer plaintext  = make_byte_buffer(param.plaintext_cstr).value();
+  byte_buffer ciphertext = make_byte_buffer(param.ciphertext_cstr).value();
+
+  // Create ciphering engine
+  std::unique_ptr<ciphering_engine> nea = std::make_unique<ciphering_engine_nea1>(key, param.bearer, dir);
+
+  // Apply ciphering and compare results
+  security_result result = nea->apply_ciphering(plaintext.deep_copy().value(), 0, param.count);
+  ASSERT_TRUE(result.buf.has_value());
+  ASSERT_TRUE(trim_tail_to_bitlength(result.buf.value(), param.length));
+  EXPECT_EQ(result.buf.value(), ciphertext);
+}
+
 TEST_P(fxt_nea2, ciphering_engine_nea2)
 {
   nea_test_set param = GetParam();