B.3 Input Message Containing Multipart Binary Part

29.5733GPP5G SystemPublic Land Mobile Network (PLMN) InterconnectionRelease 18Stage 3TS

Consider the following example:

– Some headers of the input HTTP/2 message need to be integrity protected and ciphered.

– Some payload part of the input HTTP/2 message need to be integrity protected and ciphered.

– The input HTTP/2 message has two multipart/related binary content out of which one binary content needs to be integrity protected and ciphered while the other is only required to be integrity protected.

– The headers and payload that are not required to be integrity protected and ciphered in the input HTTP/2 message need to be only integrity protected.

The N32fReformattedReqMessage for this example looks like

"reformattedData": {

"protected": BASE64URL(UTF8(JWE Protected Header),

"unprotected": <non integrity protected shared JOSE headers>,

"header": <non integrity protected recipient specific JOSE headers>,

"encrypted_key": BASE64URL(JWE Encrypted Key),

"aad": BASE64URL(DataToIntegrityProtectBlock),

"iv": BASE64URL(JWE Initialization Vector),

"ciphertext": BASE64URL(JWE CipherText(DataToIntegrityProtectAndCipherBlock),

"tag": BASE64URL(JWE Authentication Tag)

}

The DataToIntegrityProtectBlock for this example looks like

{

"metaData":

{

"n32fContextId": <the n32fcontext Id of receiving SEPP>,

"messageId": <Id of the message>,

"authorizedIpxId": <FQDN of the IPX>

},

"requestLine":

{

"method": <http method of the NF service API>,

"scheme": <http scheme of the NF service API>,

"authority": <authority part of the NF service API URI>,

"path": <path part of the NF service API URI>,

"protocolVersion": <HTTP protocol version>,

"queryFragment": <query fragment of the NF service API, if available>

},

"headers":

[

{

"header": <name of HTTP header 1>,

"value": {"headerval": <string carrying value of the header>}

},

{

"header": <name of HTTP header 2>,

"value": {"encBlockIndex": 1}

}

],

"payload":

[

{

"iePath": <JSON Pointer of IE 1>,

"ieValueLocation": "BODY",

"value": <value of IE>

},

{

"iePath": <JSON Pointer of IE 2 – which is an attribute defined with the RefToBinaryData type>/contentId,

"ieValueLocation": "BODY",

"value": <value of the Content ID>

},

{

"iePath": <JSON Pointer of IE 2 – which is an attribute defined with the RefToBinaryData type>/contenttype,

"ieValueLocation": "MULTIPART_BINARY",

"value": <value of the Content Type>

},

{

"iePath": <JSON Pointer of IE 2 – which is an attribute defined with the RefToBinaryData type>/data,

"ieValueLocation": "MULTIPART_BINARY",

"value": <BASE 64 encoded byte array of the binary part>

}

{

"iePath": <JSON Pointer of IE 3 – which is an attribute defined with the RefToBinaryData type>/contentId,

"ieValueLocation": "BODY",

"value": <value of the Content ID>

},

{

"iePath": <JSON Pointer of IE 3 – which is an attribute defined with the RefToBinaryData type>/contenttype,

"ieValueLocation": "MULTIPART_BINARY",

"value": <value of the Content Type>

},

{

"iePath": <JSON Pointer of IE 3 – which is an attribute defined with the RefToBinaryData type>/data,

"ieValueLocation": "MULTIPART_BINARY",

"value": {"encBlockIndex": 2}

}

]

}

NOTE: The "iePath" for Content Type or data is a virtual path, which actually refers to the "Content-Type" and "data" in multipart body.

EXAMPLE: If the input HTTP message contains multipart binary part, as:

POST /example.com/namf-comm/v1/ue-contexts/{ueContextId}/n1-n2-messages HTTP/2
Content-Type: multipart/related; boundary=—-Boundary
Content-Length: xyz

——Boundary
Content-Type: application/json

{
"n2InfoContainer": {
"n2InformationClass": "SM",
"smInfo": {
"pduSessionId": 5,
"n2InfoContent": {
"ngapIeType": "PDU_RES_SETUP_REQ",
"ngapData": {
"contentId": "n2msg"
}
}
}
},
"pduSessionId": 5
}
——Boundary
Content-Type: application/vnd.3gpp.ngap
Content-Id: n2msg

{ … N2 Information binary data …}
——Boundary

the binary content needs to be integrity protected will be formatted, as:

"payload":
[
{
"iePath": "/n2InfoContainer/smInfo/n2InfoContent/ngapData/contentId",
"ieValueLocation": "BODY",
"value": "n2msg"
},
{
"iePath": "/n2InfoContainer/smInfo/n2InfoContent/ngapData/contenttype",
"ieValueLocation": "MULTIPART_BINARY",
"value": "application/vnd.3gpp.ngap"
},
{
"iePath": "/n2InfoContainer/smInfo/n2InfoContent/ngapData/data",
"ieValueLocation": "MULTIPART_BINARY",
"value": <BASE 64 encoded byte array of N2 Information binary data >
}
]

The DataToIntegrityProtectAndCipherBlock for this example looks like

{

"dataToEncrypt":

[

<value of HTTP header 2>,

<byte array containing BASE 64 encoding of the binary part>

]

}

Annex C (informative):
End to end call flows when SEPP is on path