The procedure for decoding TS24301Msg_PDU is basically the same as given above. When the encoded message is security protected, however, there are a few additional requirements. These steps are not necessary when decoding a message without security protection (but, unless you are certain the message is not security protected, you will need to follow these requirements).
For security protected messages, including SERVICE REQUEST messages (which always have integrity protection):
Initialize the NAS security context
Specify the algorithm and keys to use
Set NAS security parameters
Free the NAS security context when finished.
Each of these steps is illustrated in the encoding example above. The NASDec_TS24301Msg_PDU function will:
verify the message authentication code of an integrity protected message. The MAC (or short MAC) will be decoded into either TS24301Msg_PDU.secHdr.msgAuthCode or TS24301Msg_ServiceRequest.shortMAC. If MAC verification fails, RTERR_INVMAC is returned.
decrypt and further decode a confidentiality protected message