cu_cp: add additional checks before using the security context

srsran · Jun 21, 2024 · ce02893 · ce02893
1 parent 80d3e94
commit ce02893
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 0 deletions.
diff --git a/lib/cu_cp/routines/mobility/inter_cu_handover_target_routine.cpp b/lib/cu_cp/routines/mobility/inter_cu_handover_target_routine.cpp
@@ -76,6 +76,10 @@ void inter_cu_handover_target_routine::operator()(
   // Prepare E1AP Bearer Context Setup Request and call E1AP notifier
   {
     // Get security keys for Bearer Context Setup Request (RRC UE is not created yet)
+    if (!ue->get_security_manager().is_security_context_initialized()) {
+      logger.warning("ue={}: \"{}\" failed. Cause: Security context not initialized", request.ue_index, name());
+      CORO_EARLY_RETURN(generate_handover_resource_allocation_response(false));
+    }
     if (!fill_e1ap_bearer_context_setup_request(ue->get_security_manager().get_up_as_config())) {
       logger.warning("ue={}: \"{}\" failed to fill context at CU-UP", request.ue_index, name());
       CORO_EARLY_RETURN(generate_handover_resource_allocation_response(false));

diff --git a/lib/cu_cp/routines/mobility/inter_du_handover_routine.cpp b/lib/cu_cp/routines/mobility/inter_du_handover_routine.cpp
@@ -134,6 +134,12 @@ void inter_du_handover_routine::operator()(coro_context<async_task<cu_cp_inter_d
   // Inform CU-UP about new DL tunnels.
   {
     // get securtiy context of target UE
+    if (!target_ue->get_security_manager().is_security_context_initialized()) {
+      logger.warning(
+          "ue={}: \"{}\" failed. Cause: Security context not initialized", target_ue->get_ue_index(), name());
+      CORO_EARLY_RETURN(response_msg);
+    }
+
     if (!add_security_context_to_bearer_context_modification(target_ue->get_security_manager().get_up_as_config())) {
       logger.warning("ue={}: \"{}\" failed to create UE context at target DU", request.source_ue_index, name());
       CORO_AWAIT(ue_removal_handler.handle_ue_removal_request(target_ue_context_setup_request.ue_index));

diff --git a/lib/cu_cp/ue_security_manager/ue_security_manager_impl.cpp b/lib/cu_cp/ue_security_manager/ue_security_manager_impl.cpp
@@ -19,6 +19,11 @@ ue_security_manager::ue_security_manager(const security_manager_config& cfg_) :
 }
 
 // up_ue_security_manager
+bool ue_security_manager::is_security_context_initialized() const
+{
+  return sec_context.sel_algos.algos_selected;
+}
+
 security::sec_as_config ue_security_manager::get_up_as_config() const
 {
   return sec_context.get_as_config(security::sec_domain::up);

diff --git a/lib/cu_cp/ue_security_manager/ue_security_manager_impl.h b/lib/cu_cp/ue_security_manager/ue_security_manager_impl.h
@@ -23,6 +23,7 @@ class ue_security_manager
   ~ue_security_manager() = default;
 
   // up_ue_security_manager
+  [[nodiscard]] bool                        is_security_context_initialized() const;
   [[nodiscard]] security::sec_as_config     get_up_as_config() const;
   [[nodiscard]] security::sec_128_as_config get_up_128_as_config() const;