add nas null cipher analyzer

2026-04-27 07:59:59 -07:00 · 2025-06-24 17:19:23 -07:00
parent 32106ac0f4
commit 790c0963cd
3 changed files with 68 additions and 0 deletions
--- a/lib/src/analysis/analyzer.rs
+++ b/lib/src/analysis/analyzer.rs
@@ -11,6 +11,7 @@ use super::{
    connection_redirect_downgrade::ConnectionRedirect2GDowngradeAnalyzer,
    imsi_requested::ImsiRequestedAnalyzer, information_element::InformationElement,
    null_cipher::NullCipherAnalyzer, priority_2g_downgrade::LteSib6And7DowngradeAnalyzer,
+    nas_null_cipher::NasNullCipherAnalyzer,
 };

 #[derive(Debug, Clone, Deserialize, Serialize)]
@@ -20,6 +21,7 @@ pub struct AnalyzerConfig {
    pub connection_redirect_2g_downgrade: bool,
    pub lte_sib6_and_7_downgrade: bool,
    pub null_cipher: bool,
+    pub nas_null_cipher: bool,
 }

 impl Default for AnalyzerConfig {
@@ -29,6 +31,7 @@ impl Default for AnalyzerConfig {
            connection_redirect_2g_downgrade: true,
            lte_sib6_and_7_downgrade: true,
            null_cipher: true,
+            nas_null_cipher: true
        }
    }
 }
@@ -162,6 +165,10 @@ impl Harness {
            harness.add_analyzer(Box::new(NullCipherAnalyzer {}));
        }

+        if analyzer_config.nas_null_cipher {
+            harness.add_analyzer(Box::new(NasNullCipherAnalyzer::new()))
+        }
+
        harness
    }

--- a/lib/src/analysis/mod.rs
+++ b/lib/src/analysis/mod.rs
@@ -4,5 +4,6 @@ pub mod imsi_provided;
 pub mod imsi_requested;
 pub mod information_element;
 pub mod null_cipher;
+pub mod nas_null_cipher;
 pub mod priority_2g_downgrade;
 pub mod util;
--- a/lib/src/analysis/nas_null_cipher.rs
+++ b/lib/src/analysis/nas_null_cipher.rs
@@ -0,0 +1,60 @@
+use std::borrow::Cow;
+
+use pycrate_rs::nas::emm::EMMMessage;
+use pycrate_rs::nas::generated::emm::emm_security_mode_command::NASSecAlgoCiphAlgo::EPSEncryptionAlgorithmEEA0Null;
+use pycrate_rs::nas::NASMessage;
+
+use super::analyzer::{Analyzer, Event, EventType, Severity};
+use super::information_element::{InformationElement, LteInformationElement};
+
+pub struct NasNullCipherAnalyzer {
+    packet_num: usize,
+}
+
+impl Default for NasNullCipherAnalyzer {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl NasNullCipherAnalyzer {
+    pub fn new() -> Self {
+        Self { packet_num: 0 }
+    }
+}
+
+impl Analyzer for NasNullCipherAnalyzer {
+    fn get_name(&self) -> Cow<str> {
+        Cow::from("NAS Null Cipher Requested")
+    }
+
+    fn get_description(&self) -> Cow<str> {
+        Cow::from("Tests whether the MME requests to use a null cipher in the security mode command")
+    }
+
+    fn analyze_information_element(&mut self, ie: &InformationElement) -> Option<Event> {
+        self.packet_num += 1;
+        let payload = match ie {
+            InformationElement::LTE(inner) => match &**inner {
+                LteInformationElement::NAS(payload) => payload,
+                _ => return None,
+            },
+            _ => return None,
+        };
+
+        if let NASMessage::EMMMessage(EMMMessage::EMMSecurityModeCommand(req)) = payload {
+            if req.nas_sec_algo.inner.ciph_algo == EPSEncryptionAlgorithmEEA0Null {
+                    return Some(Event {
+                        event_type: EventType::QualitativeWarning {
+                            severity: Severity::High,
+                        },
+                        message: format!(
+                            "NAS Security mode command requested null cipher(packet {})",
+                            self.packet_num
+                        ),
+                    });
+            }
+        }
+        None
+    }
+}