Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 18e8b39fcde77832382372ecbd98de955a132f7d / . / src / libmsc / ran_msg_a.c
blob: 21be8960e237985e3038bff42742a582b6e773f9 [file] [log] [blame]
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1/* BSSAP/BSSMAP encoding and decoding for MSC */
2/*
3 * (C) 2019 by sysmocom - s.m.f.c. GmbH <info@sysmocom.de>
4 * All Rights Reserved
5 *
6 * Author: Neels Hofmeyr
7 *
8 * SPDX-License-Identifier: GPL-2.0+
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24
25#include <osmocom/core/byteswap.h>
26
27#include <osmocom/crypt/auth.h>
28
29#include <osmocom/gsm/tlv.h>
30#include <osmocom/gsm/gsm0808.h>
31#include <osmocom/gsm/mncc.h>
32#include <osmocom/gsm/gsm48.h>
33
34#include <osmocom/msc/debug.h>
35#include <osmocom/msc/ran_msg_a.h>
36#include <osmocom/msc/sccp_ran.h>
37
38#define LOG_RAN_A_DEC(RAN_DEC, level, fmt, args...) \
39 LOG_RAN_DEC(RAN_DEC, DBSSAP, level, "BSSMAP: " fmt, ## args)
40
41/* Assumes presence of struct ran_dec *ran_dec and ran_dec_msg.msg_name (set) in the local scope. */
42#define LOG_RAN_A_DEC_MSG(level, fmt, args...) \
43 LOG_RAN_DEC(ran_dec, DBSSAP, level, "%s: " fmt, ran_dec_msg.msg_name, ## args)
44
45#define LOG_RAN_A_ENC(FI, level, fmt, args...) \
46 LOG_RAN_ENC(FI, DBSSAP, level, "BSSMAP: " fmt, ## args)
47
48static int ran_a_decode_l3_compl(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
49{
50 struct gsm0808_cell_id_list2 cil;
51 struct gsm0808_cell_id cell_id;
52 struct tlv_p_entry *ie_cell_id = TLVP_GET(tp, GSM0808_IE_CELL_IDENTIFIER);
53 struct tlv_p_entry *ie_l3_info = TLVP_GET(tp, GSM0808_IE_LAYER_3_INFORMATION);
54 struct ran_msg ran_dec_msg = {
55 .msg_type = RAN_MSG_COMPL_L3,
56 .msg_name = "BSSMAP Complete Layer 3",
57 .compl_l3 = {
58 .cell_id = &cell_id,
59 .msg = msg,
60 },
61 };
62 int rc;
63
64 if (!ie_cell_id) {
65 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory CELL IDENTIFIER not present, discarding message\n");
66 return -EINVAL;
67 }
68 if (!ie_l3_info) {
69 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory LAYER 3 INFORMATION not present, discarding message\n");
70 return -EINVAL;
71 }
72
73 /* Parse Cell ID element -- this should yield a cell identifier "list" with 1 element. */
74
75 rc = gsm0808_dec_cell_id_list2(&cil, ie_cell_id->val, ie_cell_id->len);
76 if (rc < 0) {
77 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Decoding CELL IDENTIFIER gave rc=%d\n", rc);
78 return -EINVAL;
79 }
80 if (cil.id_list_len != 1) {
81 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unable to parse element CELL IDENTIFIER, discarding message\n");
82 return -EINVAL;
83 }
84
85 /* Sanity check the Cell Identity */
86 switch (cil.id_discr) {
87 case CELL_IDENT_WHOLE_GLOBAL:
88 case CELL_IDENT_LAI_AND_LAC:
89 case CELL_IDENT_LAC_AND_CI:
90 case CELL_IDENT_LAC:
91 break;
92
93 case CELL_IDENT_CI:
94 case CELL_IDENT_NO_CELL:
95 case CELL_IDENT_BSS:
96 default:
97 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "CELL IDENTIFIER does not specify a LAC, discarding message: %s\n",
98 gsm0808_cell_id_list_name(&cil));
99 return -EINVAL;
100 }
101
102 cell_id = (struct gsm0808_cell_id){
103 .id_discr = cil.id_discr,
104 .id = cil.id_list[0],
105 };
106
107 /* Parse Layer 3 Information element */
108 msg->l3h = (uint8_t*)ie_l3_info->val;
109 msgb_l3trim(msg, ie_l3_info->len);
110
111 if (msgb_l3len(msg) < sizeof(struct gsm48_hdr)) {
112 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "too short L3 info (%d), discarding message\n", msgb_l3len(msg));
113 return -ENODATA;
114 }
115
116 return ran_decoded(ran_dec, &ran_dec_msg);
117}
118
119static int ran_a_decode_clear_request(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
120{
121 struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
122 struct ran_msg ran_dec_msg = {
123 .msg_type = RAN_MSG_CLEAR_REQUEST,
124 .msg_name = "BSSMAP Clear Request",
125 };
126
127 if (!ie_cause) {
128 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Cause code is missing, using GSM0808_CAUSE_EQUIPMENT_FAILURE\n");
129 ran_dec_msg.clear_request.bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE;
130 } else {
131 ran_dec_msg.clear_request.bssap_cause = ie_cause->val[0];
132 }
133
134 return ran_decoded(ran_dec, &ran_dec_msg);
135}
136
137static int ran_a_decode_clear_complete(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
138{
139 struct ran_msg ran_dec_msg = {
140 .msg_type = RAN_MSG_CLEAR_COMPLETE,
141 .msg_name = "BSSMAP Clear Complete",
142 };
143 return ran_decoded(ran_dec, &ran_dec_msg);
144}
145
146static int ran_a_decode_classmark_update(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
147{
148 struct tlv_p_entry *ie_cm2 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T2);
149 struct tlv_p_entry *ie_cm3 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T3);
150 struct osmo_gsm48_classmark cm = {};
151 struct ran_msg ran_dec_msg = {
152 .msg_type = RAN_MSG_CLASSMARK_UPDATE,
153 .msg_name = "BSSMAP Classmark Update",
154 .classmark_update = {
155 .classmark = &cm,
156 },
157 };
158
159 if (!ie_cm2) {
160 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "mandatory Classmark Information Type 2 not present, discarding message\n");
161 return -EINVAL;
162 }
163
164 cm.classmark2_len = OSMO_MIN(sizeof(cm.classmark2), ie_cm2->len);
165 memcpy(&cm.classmark2, ie_cm2->val, cm.classmark2_len);
166
167 if (ie_cm3) {
168 cm.classmark3_len = OSMO_MIN(sizeof(cm.classmark3), ie_cm3->len);
169 memcpy(&cm.classmark3, ie_cm3->val, cm.classmark3_len);
170 }
171
172 return ran_decoded(ran_dec, &ran_dec_msg);
173}
174
175static int ran_a_decode_cipher_mode_complete(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
176{
177 struct tlv_p_entry *ie_chosen_encr_alg = TLVP_GET(tp, GSM0808_IE_CHOSEN_ENCR_ALG);
178 struct tlv_p_entry *ie_l3_msg = TLVP_GET(tp, GSM0808_IE_LAYER_3_MESSAGE_CONTENTS);
179 int rc;
180 struct ran_msg ran_dec_msg = {
181 .msg_type = RAN_MSG_CIPHER_MODE_COMPLETE,
182 .msg_name = "BSSMAP Ciphering Mode Complete",
183 };
184
185 if (ie_chosen_encr_alg) {
186 uint8_t ie_val = ie_chosen_encr_alg->val[0];
187 /* 3GPP TS 48.008 3.2.2.44 Chosen Encryption Algorithm encodes as 1 = no encryption, 2 = A5/1, 4 = A5/3.
188 * Internally we handle without this weird off-by-one. */
189 if (ie_val < 1 || ie_val > 8)
190 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unsupported value for 3.2.2.44 Chosen Encryption Algorithm: %u\n",
191 ie_val);
192 else
193 ran_dec_msg.cipher_mode_complete.alg_id = ie_chosen_encr_alg->val[0];
194 }
195
196 rc = ran_decoded(ran_dec, &ran_dec_msg);
197
198 if (ie_l3_msg) {
199 msg->l3h = (uint8_t*)ie_l3_msg->val;
200 msgb_l3trim(msg, ie_l3_msg->len);
201 ran_dec_msg = (struct ran_msg){
202 .msg_type = RAN_MSG_DTAP,
203 .msg_name = "BSSMAP Ciphering Mode Complete (L3 Message Contents)",
204 .dtap = msg,
205 };
206 ran_decoded(ran_dec, &ran_dec_msg);
207 }
208
209 return rc;
210}
211
212static int ran_a_decode_cipher_mode_reject(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
213{
214 int rc;
215 struct ran_msg ran_dec_msg = {
216 .msg_type = RAN_MSG_CIPHER_MODE_REJECT,
217 .msg_name = "BSSMAP Ciphering Mode Reject",
218 };
219
220 rc = gsm0808_get_cipher_reject_cause(tp);
221 if (rc < 0) {
222 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "failed to extract Cause\n");
223 ran_dec_msg.cipher_mode_reject.bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE;
224 } else {
225 ran_dec_msg.cipher_mode_reject.bssap_cause = (enum gsm0808_cause)rc;
226 }
227
228 return ran_decoded(ran_dec, &ran_dec_msg);
229}
230
231enum mgcp_codecs ran_a_mgcp_codec_from_sc(const struct gsm0808_speech_codec *sc)
232{
233 switch (sc->type) {
234 case GSM0808_SCT_FR1:
235 return CODEC_GSM_8000_1;
236 break;
237 case GSM0808_SCT_FR2:
238 return CODEC_GSMEFR_8000_1;
239 break;
240 case GSM0808_SCT_FR3:
241 return CODEC_AMR_8000_1;
242 break;
243 case GSM0808_SCT_FR4:
244 return CODEC_AMRWB_16000_1;
245 break;
246 case GSM0808_SCT_FR5:
247 return CODEC_AMRWB_16000_1;
248 break;
249 case GSM0808_SCT_HR1:
250 return CODEC_GSMHR_8000_1;
251 break;
252 case GSM0808_SCT_HR3:
253 return CODEC_AMR_8000_1;
254 break;
255 case GSM0808_SCT_HR4:
256 return CODEC_AMRWB_16000_1;
257 break;
258 case GSM0808_SCT_HR6:
259 return CODEC_AMRWB_16000_1;
260 break;
261 default:
262 return CODEC_PCMU_8000_1;
263 break;
264 }
265}
266
267static int ran_a_decode_assignment_complete(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
268{
269 struct tlv_p_entry *ie_aoip_transp_addr = TLVP_GET(tp, GSM0808_IE_AOIP_TRASP_ADDR);
270 struct tlv_p_entry *ie_speech_codec = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC);
271 struct sockaddr_storage rtp_addr;
272 struct sockaddr_in *rtp_addr_in;
273 struct gsm0808_speech_codec sc;
274 int rc;
275 struct ran_msg ran_dec_msg = {
276 .msg_type = RAN_MSG_ASSIGNMENT_COMPLETE,
277 .msg_name = "BSSMAP Assignment Complete",
278 };
279
280 if (ie_aoip_transp_addr) {
281 /* Decode AoIP transport address element */
282 rc = gsm0808_dec_aoip_trasp_addr(&rtp_addr, ie_aoip_transp_addr->val, ie_aoip_transp_addr->len);
283 if (rc < 0) {
284 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unable to decode AoIP Transport Layer Address\n");
285 return -EINVAL;
286 }
287
288 rtp_addr_in = (struct sockaddr_in*)&rtp_addr;
289
290 if (rtp_addr.ss_family != AF_INET) {
291 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Assignment Complete: IE AoIP Transport Address:"
292 " unsupported addressing scheme (only IPV4 supported)\n");
293 return -EINVAL;
294 }
295
296 if (osmo_sockaddr_str_from_sockaddr_in(&ran_dec_msg.assignment_complete.remote_rtp, rtp_addr_in)) {
297 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Assignment Complete: unable to decode remote RTP IP address\n");
298 return -EINVAL;
299 }
300 }
301
302 if (ie_speech_codec) {
303 /* Decode Speech Codec (Chosen) element */
304 rc = gsm0808_dec_speech_codec(&sc, ie_speech_codec->val, ie_speech_codec->len);
305 if (rc < 0) {
306 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Assignment Complete: unable to decode IE Speech Codec (Chosen)"
307 " (rc=%d).\n", rc);
308 return -EINVAL;
309 }
310 ran_dec_msg.assignment_complete.codec_present = true;
311 ran_dec_msg.assignment_complete.codec = ran_a_mgcp_codec_from_sc(&sc);
312 }
313
314 return ran_decoded(ran_dec, &ran_dec_msg);
315}
316
317static int ran_a_decode_assignment_failure(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
318{
319 struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
320 struct tlv_p_entry *ie_rr_cause = TLVP_GET(tp, GSM0808_IE_RR_CAUSE);
321 struct tlv_p_entry *ie_speech_codec_list = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC_LIST);
322 struct gsm0808_speech_codec_list scl;
323 struct ran_msg ran_dec_msg = {
324 .msg_type = RAN_MSG_ASSIGNMENT_FAILURE,
325 .msg_name = "BSSMAP Assignment Failure",
326 .assignment_failure = {
327 .bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE,
328 .rr_cause = GSM48_RR_CAUSE_ABNORMAL_UNSPEC,
329 },
330 };
331
332 if (ie_cause)
333 ran_dec_msg.assignment_failure.bssap_cause = ie_cause->val[0];
334 if (ie_rr_cause)
335 ran_dec_msg.assignment_failure.rr_cause = ie_rr_cause->val[0];
336
337 if (ie_speech_codec_list
338 && gsm0808_dec_speech_codec_list(&scl, ie_speech_codec_list->val, ie_speech_codec_list->len) == 0)
339 ran_dec_msg.assignment_failure.scl_bss_supported = &scl;
340
341 return ran_decoded(ran_dec, &ran_dec_msg);
342}
343
344static int ran_a_decode_sapi_n_reject(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
345{
346 struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
347 struct tlv_p_entry *ie_dlci = TLVP_GET(tp, GSM0808_IE_DLCI);
348 struct ran_msg ran_dec_msg = {
349 .msg_type = RAN_MSG_SAPI_N_REJECT,
350 .msg_name = "BSSMAP SAPI-N Reject",
351 };
352
353 /* Note: The MSC code seems not to care about the cause code, but by
354 * the specification it is mandatory, so we check its presence. See
355 * also 3GPP TS 48.008 3.2.1.34 SAPI "n" REJECT */
356 if (!ie_cause) {
357 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "SAPI-N Reject: cause code IE is missing, discarding message\n");
358 return -EINVAL;
359 }
360 ran_dec_msg.sapi_n_reject.bssap_cause = ie_cause->val[0];
361
362 if (!ie_dlci) {
363 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "SAPI-N Reject: DLCI IE is missing, discarding message\n");
364 return -EINVAL;
365 }
366 ran_dec_msg.sapi_n_reject.dlci = ie_dlci->val[0];
367
368 return ran_decoded(ran_dec, &ran_dec_msg);
369}
370
371static int ran_a_decode_lcls_notification(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
372{
373 const struct tlv_p_entry *ie_lcls_bss_status = TLVP_GET(tp, GSM0808_IE_LCLS_BSS_STATUS);
374 const struct tlv_p_entry *ie_lcls_break_req = TLVP_GET(tp, GSM0808_IE_LCLS_BREAK_REQ);
375 struct ran_msg ran_dec_msg;
376
377 /* Either §3.2.2.119 LCLS-BSS-Status or §3.2.2.120 LCLS-Break-Request shall be present */
Vadim Yanitskiy18e8b392019-05-11 04:22:55 +0700[diff] [blame^]378 if (ie_lcls_bss_status && !ie_lcls_break_req) {
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]379 ran_dec_msg = (struct ran_msg){
380 .msg_type = RAN_MSG_LCLS_STATUS,
381 .msg_name = "BSSMAP LCLS Notification (LCLS Status)",
382 .lcls_status = {
383 .status = ie_lcls_bss_status->len ?
384 ie_lcls_bss_status->val[0] : GSM0808_LCLS_STS_NA,
385 },
386 };
387 return ran_decoded(ran_dec, &ran_dec_msg);
Vadim Yanitskiy18e8b392019-05-11 04:22:55 +0700[diff] [blame^]388 } else if (ie_lcls_break_req && !ie_lcls_bss_status) {
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]389 ran_dec_msg = (struct ran_msg){
390 .msg_type = RAN_MSG_LCLS_BREAK_REQ,
391 .msg_name = "BSSMAP LCLS Notification (LCLS Break Req)",
392 .lcls_break_req = {
393 .todo = 23,
394 },
395 };
396 return ran_decoded(ran_dec, &ran_dec_msg);
397 }
398
Vadim Yanitskiy18e8b392019-05-11 04:22:55 +0700[diff] [blame^]399 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Ignoring broken LCLS Notification message\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]400 return -EINVAL;
401}
402
403static int ran_a_decode_handover_required(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
404{
405 const struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
406 const struct tlv_p_entry *ie_cil = TLVP_GET(tp, GSM0808_IE_CELL_IDENTIFIER_LIST);
407 struct ran_msg ran_dec_msg = {
408 .msg_type = RAN_MSG_HANDOVER_REQUIRED,
409 .msg_name = "BSSMAP Handover Required",
410 };
411 /* On decoding failures, dispatch an invalid RAN_MSG_HANDOVER_REQUIRED so msc_a can pass down a
412 * BSS_MAP_MSG_HANDOVER_REQUIRED_REJECT message. */
413
414 if (ie_cause)
415 ran_dec_msg.handover_required.cause = ie_cause->val[0];
416 else
417 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Cause IE missing\n");
418
419 if (!ie_cil
420 || gsm0808_dec_cell_id_list2(&ran_dec_msg.handover_required.cil, ie_cil->val, ie_cil->len) <= 0) {
421 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "No or invalid Cell Identifier List IE\n");
422 ran_dec_msg.handover_required.cil = (struct gsm0808_cell_id_list2){};
423 }
424
425 return ran_decoded(ran_dec, &ran_dec_msg);
426}
427
428static uint8_t a5_encryption_mask_from_gsm0808_chosen_enc_alg(enum gsm0808_chosen_enc_alg val)
429{
430 return 1 << val;
431}
432
433static int ran_a_decode_handover_request(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
434{
435 struct osmo_gsm48_classmark classmark = {};
436 struct ran_msg ran_dec_msg = {
437 .msg_type = RAN_MSG_HANDOVER_REQUEST,
438 .msg_name = "BSSMAP Handover Request",
439 .handover_request = {
440 .classmark = &classmark,
441 },
442 };
443 struct ran_handover_request *r = &ran_dec_msg.handover_request;
444
445 const struct tlv_p_entry *ie_channel_type = TLVP_GET(tp, GSM0808_IE_CHANNEL_TYPE);
446 const struct tlv_p_entry *ie_encryption_information = TLVP_GET(tp, GSM0808_IE_ENCRYPTION_INFORMATION);
447 const struct tlv_p_entry *ie_classmark1 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_TYPE_1);
448 const struct tlv_p_entry *ie_classmark2 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T2);
449 const struct tlv_p_entry *ie_cell_id_serving = TLVP_GET(&tp[0], GSM0808_IE_CELL_IDENTIFIER);
450 const struct tlv_p_entry *ie_cell_id_target = TLVP_GET(&tp[1], GSM0808_IE_CELL_IDENTIFIER);
451 const struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
452 const struct tlv_p_entry *ie_classmark3 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T3);
453 const struct tlv_p_entry *ie_current_channel_type_1 = TLVP_GET(tp, GSM0808_IE_CURRENT_CHANNEL_TYPE_1);
454 const struct tlv_p_entry *ie_speech_version_used = TLVP_GET(tp, GSM0808_IE_SPEECH_VERSION);
455 const struct tlv_p_entry *ie_chosen_encr_alg_serving = TLVP_GET(tp, GSM0808_IE_CHOSEN_ENCR_ALG);
456 const struct tlv_p_entry *ie_old_bss_to_new_bss_info = TLVP_GET(tp, GSM0808_IE_OLD_BSS_TO_NEW_BSS_INFORMATION);
457 const struct tlv_p_entry *ie_imsi = TLVP_GET(tp, GSM0808_IE_IMSI);
458 const struct tlv_p_entry *ie_aoip_transp_addr = TLVP_GET(tp, GSM0808_IE_AOIP_TRASP_ADDR);
459 const struct tlv_p_entry *ie_codec_list_msc_preferred = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC_LIST);
460 const struct tlv_p_entry *ie_call_id = TLVP_GET(tp, GSM0808_IE_CALL_ID);
461 const struct tlv_p_entry *ie_global_call_ref = TLVP_GET(tp, GSM0808_IE_GLOBAL_CALL_REF);
462
463 struct gsm0808_channel_type channel_type;
464 struct gsm0808_encrypt_info encr_info;
465 struct gsm0808_speech_codec_list scl;
466 struct geran_encr geran_encr = {};
467 char imsi[OSMO_IMSI_BUF_SIZE];
468 struct osmo_sockaddr_str rtp_ran_local;
469
470 if (!ie_channel_type) {
471 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: Channel Type\n");
472 return -EINVAL;
473 }
474 if (gsm0808_dec_channel_type(&channel_type, ie_channel_type->val, ie_channel_type->len) <= 0) {
475 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Channel Type IE\n");
476 return -EINVAL;
477 }
478 r->geran.channel_type = &channel_type;
479
480 if (ie_encryption_information) {
481 int i;
482 if (gsm0808_dec_encrypt_info(&encr_info, ie_encryption_information->val, ie_encryption_information->len)
483 <= 0) {
484 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Encryption Informaiton IE\n");
485 return -EINVAL;
486 }
487
488 for (i = 0; i < encr_info.perm_algo_len; i++) {
489 r->geran.a5_encryption_mask |=
490 a5_encryption_mask_from_gsm0808_chosen_enc_alg(encr_info.perm_algo[i]);
491 }
492
493 if (encr_info.key_len > sizeof(geran_encr.key)) {
494 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Encryption Informaiton IE:"
495 " encryption key is too long: %u\n", geran_encr.key_len);
496 return -EINVAL;
497 }
498
499 if (encr_info.key_len) {
500 memcpy(geran_encr.key, encr_info.key, encr_info.key_len);
501 geran_encr.key_len = encr_info.key_len;
502 }
503
504 r->geran.chosen_encryption = &geran_encr;
505 }
506
507 if (!ie_classmark1 && !ie_classmark2) {
508 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: either Classmark Information 1"
509 " or Classmark Information 2 must be included\n");
510 return -EINVAL;
511 }
512
513 if (ie_classmark1) {
514 if (ie_classmark1->len != sizeof(classmark.classmark1)) {
515 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Invalid size for Classmark 1: %u, expected %zu\n",
516 ie_classmark1->len, sizeof(classmark.classmark1));
517 return -EINVAL;
518 }
519 memcpy((uint8_t*)&classmark.classmark1, ie_classmark1->val, ie_classmark1->len);
520 classmark.classmark1_set = true;
521 }
522
523 if (ie_classmark2) {
524 uint8_t len = OSMO_MIN(ie_classmark2->len, sizeof(classmark.classmark2));
525 memcpy((uint8_t*)&classmark.classmark2, ie_classmark2->val, len);
526 classmark.classmark2_len = len;
527 }
528
529 if (!ie_cell_id_serving) {
530 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: Cell Identifier (Serving)\n");
531 return -EINVAL;
532 }
533 if (gsm0808_dec_cell_id(&r->cell_id_serving, ie_cell_id_serving->val,
534 ie_cell_id_serving->len) <= 0) {
535 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Cell Identifier (Serving) IE\n");
536 return -EINVAL;
537 }
538
539 if (!ie_cell_id_target) {
540 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: Cell Identifier (Target)\n");
541 return -EINVAL;
542 }
543 if (gsm0808_dec_cell_id(&r->cell_id_target, ie_cell_id_target->val,
544 ie_cell_id_target->len) <= 0) {
545 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Cell Identifier (Target) IE\n");
546 return -EINVAL;
547 }
548
549 if (ie_cause)
550 r->bssap_cause = ie_cause->val[0];
551
552 if (ie_classmark3) {
553 uint8_t len = OSMO_MIN(ie_classmark3->len, sizeof(classmark.classmark3));
554 memcpy(classmark.classmark3, ie_classmark3->val, len);
555 classmark.classmark3_len = len;
556 }
557
558 if (ie_current_channel_type_1) {
559 r->current_channel_type_1 = ie_current_channel_type_1->val[0];
560 r->current_channel_type_1_present = true;
561 }
562
563 if (ie_speech_version_used) {
564 r->speech_version_used = ie_speech_version_used->val[0];
565 }
566
567 if (ie_chosen_encr_alg_serving && ie_chosen_encr_alg_serving->len) {
568 geran_encr.alg_id = ie_chosen_encr_alg_serving->val[0];
569 r->geran.chosen_encryption = &geran_encr;
570 }
571
572 if (ie_old_bss_to_new_bss_info) {
573 r->old_bss_to_new_bss_info_raw = ie_old_bss_to_new_bss_info->val;
574 r->old_bss_to_new_bss_info_raw_len = ie_old_bss_to_new_bss_info->len;
575 }
576
577 if (ie_imsi) {
578 gsm48_mi_to_string(imsi, sizeof(imsi), ie_imsi->val, ie_imsi->len);
579 r->imsi = imsi;
580 }
581
582 if (ie_aoip_transp_addr) {
583 do {
584 struct sockaddr_storage rtp_addr;
585 if (gsm0808_dec_aoip_trasp_addr(&rtp_addr, ie_aoip_transp_addr->val, ie_aoip_transp_addr->len) < 0) {
586 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode AoIP transport address\n");
587 break;
588 }
589 if (rtp_addr.ss_family != AF_INET) {
590 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "IE AoIP Transport Address:"
591 " unsupported addressing scheme (only IPV4 supported)\n");
592 break;
593 }
594 if (osmo_sockaddr_str_from_sockaddr_in(&rtp_ran_local, (struct sockaddr_in*)&rtp_addr)) {
595 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode remote RTP IP address\n");
596 break;
597 }
598 r->rtp_ran_local = &rtp_ran_local;
599 } while(0);
600 }
601
602 if (ie_codec_list_msc_preferred
603 && gsm0808_dec_speech_codec_list(&scl, ie_codec_list_msc_preferred->val,
604 ie_codec_list_msc_preferred->len) == 0)
605 r->codec_list_msc_preferred = &scl;
606
607 if (ie_call_id && ie_call_id->len == 4) {
608 r->call_id = osmo_load32le(ie_call_id->val);
609 r->call_id_present = true;
610 }
611
612 if (ie_global_call_ref) {
613 r->global_call_reference = ie_global_call_ref->val;
614 r->global_call_reference_len = ie_global_call_ref->len;
615 }
616
617 return ran_decoded(ran_dec, &ran_dec_msg);
618}
619
620static int ran_a_decode_handover_request_ack(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
621{
622 struct ran_msg ran_dec_msg = {
623 .msg_type = RAN_MSG_HANDOVER_REQUEST_ACK,
624 .msg_name = "BSSMAP Handover Request Acknowledge",
625 };
626 const struct tlv_p_entry *ie_l3_info = TLVP_GET(tp, GSM0808_IE_LAYER_3_INFORMATION);
627 const struct tlv_p_entry *ie_aoip_transp_addr = TLVP_GET(tp, GSM0808_IE_AOIP_TRASP_ADDR);
628 const struct tlv_p_entry *ie_speech_codec = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC);
629 const struct tlv_p_entry *ie_chosen_channel = TLVP_GET(tp, GSM0808_IE_CHOSEN_CHANNEL);
630 const struct tlv_p_entry *ie_chosen_encr_alg = TLVP_GET(tp, GSM0808_IE_CHOSEN_ENCR_ALG);
631 const struct tlv_p_entry *ie_chosen_speech_version = TLVP_GET(tp, GSM0808_IE_SPEECH_VERSION);
632
633 /* On missing mandatory IEs, dispatch an invalid RAN_MSG_HANDOVER_REQUEST_ACK so msc_a can act on the failure. */
634
635 if (ie_l3_info) {
636 ran_dec_msg.handover_request_ack.rr_ho_command = ie_l3_info->val;
637 ran_dec_msg.handover_request_ack.rr_ho_command_len = ie_l3_info->len;
638 }
639
640 if (ie_chosen_channel) {
641 ran_dec_msg.handover_request_ack.chosen_channel_present = true;
642 ran_dec_msg.handover_request_ack.chosen_channel = *ie_chosen_channel->val;
643 }
644
645 if (ie_chosen_encr_alg) {
646 ran_dec_msg.handover_request_ack.chosen_encr_alg = *ie_chosen_encr_alg->val;
647 if (ran_dec_msg.handover_request_ack.chosen_encr_alg < 1
648 || ran_dec_msg.handover_request_ack.chosen_encr_alg > 8) {
649 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "invalid Chosen Encryption Algorithm: %u\n",
650 ran_dec_msg.handover_request_ack.chosen_encr_alg);
651 }
652 }
653
654 if (ie_chosen_speech_version) {
655 struct gsm0808_speech_codec sc;
656 ran_dec_msg.handover_request_ack.chosen_speech_version = ie_chosen_speech_version->val[0];
657
658 /* the codec may be extrapolated from this Speech Version or below from Speech Codec */
659 gsm0808_speech_codec_from_chan_type(&sc, ran_dec_msg.handover_request_ack.chosen_speech_version);
660 ran_dec_msg.handover_request_ack.codec_present = true;
661 ran_dec_msg.handover_request_ack.codec = ran_a_mgcp_codec_from_sc(&sc);
662 }
663
664 if (ie_aoip_transp_addr) {
665 do {
666 struct sockaddr_storage rtp_addr;
667 if (gsm0808_dec_aoip_trasp_addr(&rtp_addr, ie_aoip_transp_addr->val, ie_aoip_transp_addr->len) < 0) {
668 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode AoIP transport address\n");
669 break;
670 }
671 if (rtp_addr.ss_family != AF_INET) {
672 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "IE AoIP Transport Address:"
673 " unsupported addressing scheme (only IPV4 supported)\n");
674 break;
675 }
676 if (osmo_sockaddr_str_from_sockaddr_in(&ran_dec_msg.handover_request_ack.remote_rtp,
677 (struct sockaddr_in*)&rtp_addr)) {
678 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode remote RTP IP address\n");
679 ran_dec_msg.handover_request_ack.remote_rtp = (struct osmo_sockaddr_str){};
680 break;
681 }
682 } while(0);
683 }
684
685 if (ie_speech_codec) {
686 struct gsm0808_speech_codec sc;
687 if (gsm0808_dec_speech_codec(&sc, ie_speech_codec->val, ie_speech_codec->len) < 0)
688 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode IE Speech Codec (Chosen)\n");
689 else {
690 /* the codec may be extrapolated from above Speech Version or from this Speech Codec */
691 ran_dec_msg.handover_request_ack.codec_present = true;
692 ran_dec_msg.handover_request_ack.codec = ran_a_mgcp_codec_from_sc(&sc);
693 }
694 }
695
696 return ran_decoded(ran_dec, &ran_dec_msg);
697}
698
699static int ran_a_decode_handover_detect(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
700{
701 struct ran_msg ran_dec_msg = {
702 .msg_type = RAN_MSG_HANDOVER_DETECT,
703 .msg_name = "BSSMAP Handover Detect",
704 };
705
706 return ran_decoded(ran_dec, &ran_dec_msg);
707}
708
709static int ran_a_decode_handover_succeeded(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
710{
711 struct ran_msg ran_dec_msg = {
712 .msg_type = RAN_MSG_HANDOVER_SUCCEEDED,
713 .msg_name = "BSSMAP Handover Succeeded",
714 };
715
716 return ran_decoded(ran_dec, &ran_dec_msg);
717}
718
719static int ran_a_decode_handover_complete(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
720{
721 struct ran_msg ran_dec_msg = {
722 .msg_type = RAN_MSG_HANDOVER_COMPLETE,
723 .msg_name = "BSSMAP Handover Complete",
724 };
725
726 return ran_decoded(ran_dec, &ran_dec_msg);
727}
728
729static int ran_a_decode_handover_failure(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
730{
731 struct ran_msg ran_dec_msg = {
732 .msg_type = RAN_MSG_HANDOVER_FAILURE,
733 .msg_name = "BSSMAP Handover Failure",
734 };
735
736 return ran_decoded(ran_dec, &ran_dec_msg);
737}
738
739static int ran_a_decode_bssmap(struct ran_dec *ran_dec, struct msgb *bssmap)
740{
741 struct tlv_parsed tp[2];
742 int rc;
743 struct bssmap_header *h = msgb_l2(bssmap);
744 uint8_t msg_type;
745 bssmap->l3h = bssmap->l2h + sizeof(*h);
746
747 if (msgb_l3len(bssmap) < 1) {
748 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "No data received, discarding message\n");
749 return -1;
750 }
751
752 if (msgb_l3len(bssmap) < h->length) {
753 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "BSSMAP data truncated, discarding message\n");
754 return -1;
755 }
756
757 if (msgb_l3len(bssmap) > h->length) {
758 LOG_RAN_A_DEC(ran_dec, LOGL_NOTICE, "There are %u extra bytes after the BSSMAP data, truncating\n",
759 msgb_l3len(bssmap) - h->length);
760 msgb_l3trim(bssmap, h->length);
761 }
762
763 /* h->type == BSSAP_MSG_BSS_MANAGEMENT; h->length is the data length,
764 * which starts with the MAP msg_type, followed by IEs. */
765 msg_type = bssmap->l3h[0];
766 rc = osmo_bssap_tlv_parse2(tp, ARRAY_SIZE(tp), bssmap->l3h + 1, h->length - 1);
767 if (rc < 0) {
768 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Failed parsing TLV, discarding message\n");
769 return -EINVAL;
770 }
771
772 LOG_RAN_A_DEC(ran_dec, LOGL_DEBUG, "Rx BSSMAP DT1 %s\n", gsm0808_bssmap_name(msg_type));
773
774 switch (msg_type) {
775 case BSS_MAP_MSG_COMPLETE_LAYER_3:
776 return ran_a_decode_l3_compl(ran_dec, bssmap, tp);
777 case BSS_MAP_MSG_CLEAR_RQST:
778 return ran_a_decode_clear_request(ran_dec, bssmap, tp);
779 case BSS_MAP_MSG_CLEAR_COMPLETE:
780 return ran_a_decode_clear_complete(ran_dec, bssmap, tp);
781 case BSS_MAP_MSG_CLASSMARK_UPDATE:
782 return ran_a_decode_classmark_update(ran_dec, bssmap, tp);
783 case BSS_MAP_MSG_CIPHER_MODE_COMPLETE:
784 return ran_a_decode_cipher_mode_complete(ran_dec, bssmap, tp);
785 case BSS_MAP_MSG_CIPHER_MODE_REJECT:
786 return ran_a_decode_cipher_mode_reject(ran_dec, bssmap, tp);
787 case BSS_MAP_MSG_ASSIGMENT_COMPLETE:
788 rc = ran_a_decode_assignment_complete(ran_dec, bssmap, tp);
789 if (rc < 0) {
790 struct ran_msg ran_dec_msg = {
791 .msg_type = RAN_MSG_ASSIGNMENT_FAILURE,
792 .msg_name = "BSSMAP Assignment Complete but failed to decode",
793 .clear_request = {
794 .bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE,
795 },
796 };
797 ran_decoded(ran_dec, &ran_dec_msg);
798 }
799 return rc;
800 case BSS_MAP_MSG_ASSIGMENT_FAILURE:
801 return ran_a_decode_assignment_failure(ran_dec, bssmap, tp);
802 case BSS_MAP_MSG_SAPI_N_REJECT:
803 return ran_a_decode_sapi_n_reject(ran_dec, bssmap, tp);
804 case BSS_MAP_MSG_LCLS_NOTIFICATION:
805 return ran_a_decode_lcls_notification(ran_dec, bssmap, tp);
806
807 /* From current RAN peer, the Handover origin: */
808 case BSS_MAP_MSG_HANDOVER_REQUIRED:
809 return ran_a_decode_handover_required(ran_dec, bssmap, tp);
810
811 /* From current MSC to remote handover target MSC */
812 case BSS_MAP_MSG_HANDOVER_RQST:
813 return ran_a_decode_handover_request(ran_dec, bssmap, tp);
814
815 /* From potential new RAN peer, the Handover target: */
816 case BSS_MAP_MSG_HANDOVER_RQST_ACKNOWLEDGE:
817 return ran_a_decode_handover_request_ack(ran_dec, bssmap, tp);
818 case BSS_MAP_MSG_HANDOVER_DETECT:
819 return ran_a_decode_handover_detect(ran_dec, bssmap, tp);
820 case BSS_MAP_MSG_HANDOVER_SUCCEEDED:
821 return ran_a_decode_handover_succeeded(ran_dec, bssmap, tp);
822 case BSS_MAP_MSG_HANDOVER_COMPLETE:
823 return ran_a_decode_handover_complete(ran_dec, bssmap, tp);
824
825 /* From any Handover peer: */
826 case BSS_MAP_MSG_HANDOVER_FAILURE:
827 return ran_a_decode_handover_failure(ran_dec, bssmap, tp);
828
829 default:
830 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Unimplemented msg type: %s\n", gsm0808_bssmap_name(msg_type));
831 return -EINVAL;
832 }
833
834 return -EINVAL;
835}
836
837static int ran_a_decode_l3(struct ran_dec *ran_dec, struct msgb *l3)
838{
839 struct dtap_header *dtap = msgb_l2(l3);
840 struct ran_msg ran_dec_msg = {
841 .msg_type = RAN_MSG_DTAP,
842 .msg_name = "BSSAP DTAP",
843 .dtap = l3,
844 };
845 l3->l3h = l3->l2h + sizeof(struct dtap_header);
846 OMSC_LINKID_CB(l3) = dtap->link_id;
847 return ran_decoded(ran_dec, &ran_dec_msg);
848}
849
850int ran_a_decode_l2(struct ran_dec *ran_dec, struct msgb *bssap)
851{
852 uint8_t bssap_type;
853 OSMO_ASSERT(bssap);
854
855 if (!msgb_l2(bssap) || !msgb_l2len(bssap)) {
856 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Cannot decode L2, msg->l2h is unset / empty: %s\n",
857 msgb_hexdump(bssap));
858 return -EINVAL;
859 }
860
861 if (msgb_l2len(bssap) < sizeof(struct bssmap_header)) {
862 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "The header is too short -- discarding message\n");
863 return -EINVAL;
864 }
865
866 bssap_type = bssap->l2h[0];
867 switch (bssap_type) {
868 case BSSAP_MSG_BSS_MANAGEMENT:
869 return ran_a_decode_bssmap(ran_dec, bssap);
870 case BSSAP_MSG_DTAP:
871 return ran_a_decode_l3(ran_dec, bssap);
872 default:
873 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Unimplemented BSSAP msg type: %s\n", gsm0808_bssap_name(bssap_type));
874 return -EINVAL;
875 }
876}
877
878static struct msgb *ran_a_wrap_dtap(struct msgb *dtap)
879{
880 struct msgb *an_apdu;
881 dtap->l3h = dtap->data;
882 an_apdu = gsm0808_create_dtap(dtap, OMSC_LINKID_CB(dtap));
883 an_apdu->l2h = an_apdu->data;
884 msgb_free(dtap);
885 return an_apdu;
886}
887
888static int ran_a_channel_type_to_speech_codec_list(struct gsm0808_speech_codec_list *scl, const struct gsm0808_channel_type *ct)
889{
890 unsigned int i;
891 int rc;
892
893 memset(scl, 0, sizeof(*scl));
894 for (i = 0; i < ct->perm_spch_len; i++) {
895 rc = gsm0808_speech_codec_from_chan_type(&scl->codec[i], ct->perm_spch[i]);
896 if (rc != 0)
897 return -EINVAL;
898 }
899 scl->len = i;
900
901 return 0;
902}
903
904/* Compose a BSSAP Assignment Command.
905 * Passing an RTP address is optional.
906 * The msub is passed merely for error logging. */
907static struct msgb *ran_a_make_assignment_command(struct osmo_fsm_inst *log_fi,
908 const struct ran_assignment_command *ac)
909{
910 struct gsm0808_speech_codec_list scl;
911 struct gsm0808_speech_codec_list *use_scl = NULL;
912 struct sockaddr_storage rtp_addr;
913 struct sockaddr_storage *use_rtp_addr = NULL;
914 int rc;
915
916 if (!ac->channel_type) {
917 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: missing Channel Type\n");
918 return NULL;
919 }
920
921 if (ac->channel_type->ch_indctr == GSM0808_CHAN_SPEECH) {
922 rc = ran_a_channel_type_to_speech_codec_list(&scl, ac->channel_type);
923 if (rc < 0) {
924 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: Cannot translate Channel Type to Speech Codec List\n");
925 return NULL;
926 }
927 use_scl = &scl;
928
929 /* Package RTP-Address data */
930 if (osmo_sockaddr_str_is_set(ac->cn_rtp)) {
931 struct sockaddr_in rtp_addr_in;
932
933 memset(&rtp_addr_in, 0, sizeof(rtp_addr_in));
934 rtp_addr_in.sin_family = AF_INET;
935 rtp_addr_in.sin_port = osmo_htons(ac->cn_rtp->port),
936 rtp_addr_in.sin_addr.s_addr = inet_addr(ac->cn_rtp->ip);
937
938 if (rtp_addr_in.sin_addr.s_addr == INADDR_NONE) {
939 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: Invalid RTP-Address\n");
940 return NULL;
941 }
942 if (rtp_addr_in.sin_port == 0) {
943 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: Invalid RTP-Port\n");
944 return NULL;
945 }
946
947 memset(&rtp_addr, 0, sizeof(rtp_addr));
948 memcpy(&rtp_addr, &rtp_addr_in, sizeof(rtp_addr_in));
949
950 use_rtp_addr = &rtp_addr;
951 }
952 }
953
954 return gsm0808_create_ass(ac->channel_type, NULL, use_rtp_addr, use_scl, NULL);
955}
956
957/* For an A5/N number a5_n set dst to the matching GSM0808_ALG_ID_A5_<n>. */
958static int a5_n_to_gsm0808_chosen_enc_alg(uint8_t *dst, int a5_n)
959{
960 switch (a5_n) {
961 case 0:
962 *dst = GSM0808_ALG_ID_A5_0;
963 return 0;
964 case 1:
965 *dst = GSM0808_ALG_ID_A5_1;
966 return 0;
967 case 2:
968 *dst = GSM0808_ALG_ID_A5_2;
969 return 0;
970 case 3:
971 *dst = GSM0808_ALG_ID_A5_3;
972 return 0;
973 default:
974 return -ENOTSUP;
975 }
976}
977
978static int make_encrypt_info_perm_algo(struct osmo_fsm_inst *fi, struct gsm0808_encrypt_info *ei,
979 uint8_t a5_encryption_mask, const struct osmo_gsm48_classmark *cm)
980{
981 int i;
982 int j = 0;
983 for (i = 0; i < 8; i++) {
984 int supported;
985
986 /* A5/n permitted by osmo-msc.cfg? */
987 if (!(a5_encryption_mask & (1 << i)))
988 continue;
989
990 /* A5/n supported by MS? */
991 supported = osmo_gsm48_classmark_supports_a5(cm, i);
992 if (supported != 1)
993 continue;
994
995 if (a5_n_to_gsm0808_chosen_enc_alg(&ei->perm_algo[j], i)) {
996 LOG_RAN_A_ENC(fi, LOGL_ERROR, "Not supported: A5/%d algorithm\n", i);
997 return -1;
998 }
999 j++;
1000 ei->perm_algo_len = j;
1001 }
1002 return 0;
1003}
1004
1005/* For ran_a_make_cipher_mode_command(), for
1006 * memcpy(ei.key, cm->vec->kc, sizeof(cm->vec->kc));
1007 */
1008osmo_static_assert(sizeof(((struct gsm0808_encrypt_info*)0)->key) >= sizeof(((struct osmo_auth_vector*)0)->kc),
1009 gsm0808_encrypt_info_key_fits_osmo_auth_vec_kc);
1010static struct msgb *ran_a_make_cipher_mode_command(struct osmo_fsm_inst *fi, const struct ran_cipher_mode_command *cm)
1011{
1012 struct gsm0808_encrypt_info ei = {};
1013 char buf[16 * 2 + 1];
1014 const uint8_t cipher_response_mode = 1;
1015
1016 if (make_encrypt_info_perm_algo(fi, &ei, cm->geran.a5_encryption_mask, cm->classmark))
1017 return NULL;
1018
1019 if (ei.perm_algo_len == 0) {
1020 LOG_RAN_A_ENC(fi, LOGL_ERROR, "cannot start ciphering, no intersection between MSC-configured"
1021 " and MS-supported A5 algorithms. MSC: 0x%02x MS: %s\n",
1022 cm->geran.a5_encryption_mask, osmo_gsm48_classmark_a5_name(cm->classmark));
1023 return NULL;
1024 }
1025
1026 /* In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
1027 * tokens. vec->kc was calculated from the GSM algorithm and is not
1028 * necessarily a match for the UMTS AKA tokens. */
1029 if (cm->geran.umts_aka)
1030 osmo_auth_c3(ei.key, cm->vec->ck, cm->vec->ik);
1031 else
1032 memcpy(ei.key, cm->vec->kc, sizeof(cm->vec->kc));
1033 ei.key_len = sizeof(cm->vec->kc);
1034
1035 /* Store chosen GERAN key where the caller asked it to be stored.
1036 * alg_id remains unknown until we receive a Cipher Mode Complete from the BSC */
1037 if (cm->geran.chosen_key) {
1038 if (ei.key_len > sizeof(cm->geran.chosen_key->key)) {
1039 LOG_RAN_A_ENC(fi, LOGL_ERROR, "Chosen key is larger than I can store\n");
1040 return NULL;
1041 }
1042 memcpy(cm->geran.chosen_key->key, ei.key, ei.key_len);
1043 cm->geran.chosen_key->key_len = ei.key_len;
1044 }
1045
1046 LOG_RAN_A_ENC(fi, LOGL_DEBUG, "Tx BSSMAP CIPHER MODE COMMAND to BSC, %u ciphers (%s) key %s\n",
1047 ei.perm_algo_len, osmo_hexdump_nospc(ei.perm_algo, ei.perm_algo_len),
1048 osmo_hexdump_buf(buf, sizeof(buf), ei.key, ei.key_len, NULL, false));
1049 return gsm0808_create_cipher(&ei, cm->geran.retrieve_imeisv ? &cipher_response_mode : NULL);
1050}
1051
1052struct msgb *ran_a_make_handover_request(struct osmo_fsm_inst *log_fi, const struct ran_handover_request *n)
1053{
1054 struct sockaddr_storage ss;
1055 struct gsm0808_handover_request r = {
1056 .cell_identifier_serving = n->cell_id_serving,
1057 .cell_identifier_target = n->cell_id_target,
1058 .cause = n->bssap_cause,
1059 .current_channel_type_1_present = n->current_channel_type_1_present,
1060 .current_channel_type_1 = n->current_channel_type_1,
1061
1062 .speech_version_used = n->speech_version_used,
1063
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1064 .old_bss_to_new_bss_info_raw = n->old_bss_to_new_bss_info_raw,
1065 .old_bss_to_new_bss_info_raw_len = n->old_bss_to_new_bss_info_raw_len,
1066
1067 .imsi = n->imsi,
1068 .codec_list_msc_preferred = n->codec_list_msc_preferred,
1069 .call_id = n->call_id,
1070 .global_call_reference = n->global_call_reference,
1071 .global_call_reference_len = n->global_call_reference_len,
1072 };
1073
1074 if (!n->geran.channel_type) {
1075 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Channel Type required for encoding Handover Request in BSSAP\n");
1076 return NULL;
1077 }
1078 r.channel_type = *n->geran.channel_type;
1079
1080 /* Encryption Information */
1081 make_encrypt_info_perm_algo(log_fi, &r.encryption_information, n->geran.a5_encryption_mask, n->classmark);
1082 if (n->geran.chosen_encryption && n->geran.chosen_encryption->key_len) {
1083 if (n->geran.chosen_encryption->key_len > sizeof(r.encryption_information.key)) {
1084 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Handover Request: invalid chosen encryption key size %u\n",
1085 n->geran.chosen_encryption->key_len);
1086 return NULL;
1087 }
1088 memcpy(r.encryption_information.key,
1089 n->geran.chosen_encryption->key, n->geran.chosen_encryption->key_len);
1090 r.encryption_information.key_len = n->geran.chosen_encryption->key_len;
Vadim Yanitskiybfe8eb72019-05-11 03:52:28 +0700[diff] [blame]1091 r.chosen_encryption_algorithm_serving = n->geran.chosen_encryption->alg_id;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1092 }
1093
1094 if (n->classmark)
1095 r.classmark_information = *n->classmark;
1096
1097 if (osmo_sockaddr_str_is_set(n->rtp_ran_local)) {
1098 if (osmo_sockaddr_str_to_sockaddr(n->rtp_ran_local, &ss)) {
1099 LOG_RAN_A_ENC(log_fi, LOGL_ERROR,
1100 "Handover Request: invalid AoIP Transport Layer address/port: "
1101 OSMO_SOCKADDR_STR_FMT "\n", OSMO_SOCKADDR_STR_FMT_ARGS(n->rtp_ran_local));
1102 return NULL;
1103 }
1104 r.aoip_transport_layer = &ss;
1105 }
1106
1107 return gsm0808_create_handover_request(&r);
1108}
1109
1110static struct msgb *ran_a_make_handover_request_ack(struct osmo_fsm_inst *caller_fi, const struct ran_handover_request_ack *r)
1111{
1112 struct sockaddr_storage ss;
1113 struct gsm0808_handover_request_ack params = {
1114 .l3_info = r->rr_ho_command,
1115 .l3_info_len = r->rr_ho_command_len,
1116 .chosen_channel_present = r->chosen_channel_present,
1117 .chosen_channel = r->chosen_channel,
1118 .chosen_encr_alg = r->chosen_encr_alg,
1119 .chosen_speech_version = r->chosen_speech_version,
1120 };
1121
1122 if (osmo_sockaddr_str_is_set(&r->remote_rtp)) {
1123 osmo_sockaddr_str_to_sockaddr(&r->remote_rtp, &ss);
1124 params.aoip_transport_layer = &ss;
1125 }
1126
1127 return gsm0808_create_handover_request_ack2(&params);
1128}
1129
1130struct msgb *ran_a_make_handover_command(struct osmo_fsm_inst *log_fi, const struct ran_handover_command *n)
1131{
1132 struct gsm0808_handover_command c = {
1133 .l3_info = n->rr_ho_command,
1134 .l3_info_len = n->rr_ho_command_len,
1135 };
1136
1137 return gsm0808_create_handover_command(&c);
1138}
1139
1140struct msgb *ran_a_make_handover_failure(struct osmo_fsm_inst *log_fi, const struct ran_msg *msg)
1141{
1142 struct gsm0808_handover_failure params = {
1143 .cause = msg->handover_failure.cause,
1144 };
1145 return gsm0808_create_handover_failure(&params);
1146}
1147
1148static struct msgb *_ran_a_encode(struct osmo_fsm_inst *caller_fi, const struct ran_msg *ran_enc_msg)
1149{
1150
1151 LOG_RAN_A_ENC(caller_fi, LOGL_DEBUG, "%s\n", ran_msg_type_name(ran_enc_msg->msg_type));
1152
1153 switch (ran_enc_msg->msg_type) {
1154
1155 case RAN_MSG_DTAP:
1156 return ran_a_wrap_dtap(ran_enc_msg->dtap);
1157
1158 case RAN_MSG_CLASSMARK_REQUEST:
1159 return gsm0808_create_classmark_request();
1160
1161 case RAN_MSG_CLEAR_COMMAND:
1162 return gsm0808_create_clear_command2(ran_enc_msg->clear_command.gsm0808_cause,
1163 ran_enc_msg->clear_command.csfb_ind);
1164
1165 case RAN_MSG_ASSIGNMENT_COMMAND:
1166 return ran_a_make_assignment_command(caller_fi, &ran_enc_msg->assignment_command);
1167
1168 case RAN_MSG_CIPHER_MODE_COMMAND:
1169 return ran_a_make_cipher_mode_command(caller_fi, &ran_enc_msg->cipher_mode_command);
1170
1171 case RAN_MSG_HANDOVER_REQUIRED_REJECT:
1172 return gsm0808_create_handover_required_reject(&ran_enc_msg->handover_required_reject);
1173
1174 case RAN_MSG_HANDOVER_REQUEST:
1175 return ran_a_make_handover_request(caller_fi, &ran_enc_msg->handover_request);
1176
1177 case RAN_MSG_HANDOVER_REQUEST_ACK:
1178 return ran_a_make_handover_request_ack(caller_fi, &ran_enc_msg->handover_request_ack);
1179
1180 case RAN_MSG_HANDOVER_COMMAND:
1181 return ran_a_make_handover_command(caller_fi, &ran_enc_msg->handover_command);
1182
1183 case RAN_MSG_HANDOVER_SUCCEEDED:
1184 return gsm0808_create_handover_succeeded();
1185
1186 case RAN_MSG_HANDOVER_FAILURE:
1187 return ran_a_make_handover_failure(caller_fi, ran_enc_msg);
1188
1189 default:
1190 LOG_RAN_A_ENC(caller_fi, LOGL_ERROR, "Unimplemented RAN-encode message type: %s\n",
1191 ran_msg_type_name(ran_enc_msg->msg_type));
1192 return NULL;
1193 }
1194}
1195
1196struct msgb *ran_a_encode(struct osmo_fsm_inst *caller_fi, const struct ran_msg *ran_enc_msg)
1197{
1198 struct msgb *msg = _ran_a_encode(caller_fi, ran_enc_msg);
1199
1200 if (!msg)
1201 return NULL;
1202
1203 msg->l2h = msg->data;
1204
1205 /* some consistency checks to ensure we don't send invalid length */
1206 switch (msg->l2h[0]) {
1207 case BSSAP_MSG_DTAP:
1208 OSMO_ASSERT(msgb_l2len(msg) == msg->l2h[2] + 3);
1209 break;
1210 case BSSAP_MSG_BSS_MANAGEMENT:
1211 OSMO_ASSERT(msgb_l2len(msg) == msg->l2h[1] + 2);
1212 break;
1213 default:
1214 break;
1215 }
1216
1217 return msg;
1218}
1219
1220/* Return 1 for a RESET, 2 for a RESET ACK message, 0 otherwise */
1221enum reset_msg_type bssmap_is_reset_msg(const struct sccp_ran_inst *sri, const struct msgb *l2)
1222{
1223 struct bssmap_header *bs = (struct bssmap_header *)msgb_l2(l2);
1224
1225 if (!bs
1226 || msgb_l2len(l2) < (sizeof(*bs) + 1)
1227 || bs->type != BSSAP_MSG_BSS_MANAGEMENT)
1228 return SCCP_RAN_MSG_NON_RESET;
1229
1230 switch (l2->l2h[sizeof(*bs)]) {
1231 case BSS_MAP_MSG_RESET:
1232 return SCCP_RAN_MSG_RESET;
1233 case BSS_MAP_MSG_RESET_ACKNOWLEDGE:
1234 return SCCP_RAN_MSG_RESET_ACK;
1235 default:
1236 return SCCP_RAN_MSG_NON_RESET;
1237 }
1238}
1239
1240struct msgb *bssmap_make_reset_msg(const struct sccp_ran_inst *sri, enum reset_msg_type type)
1241{
1242 switch (type) {
1243 case SCCP_RAN_MSG_RESET:
1244 return gsm0808_create_reset();
1245 case SCCP_RAN_MSG_RESET_ACK:
1246 return gsm0808_create_reset_ack();
1247 default:
1248 return NULL;
1249 }
1250}
1251
1252struct msgb *bssmap_make_paging_msg(const struct sccp_ran_inst *sri, const struct gsm0808_cell_id *page_cell_id,
1253 const char *imsi, uint32_t tmsi, enum paging_cause cause)
1254{
1255 struct gsm0808_cell_id_list2 cil;
1256 gsm0808_cell_id_to_list(&cil, page_cell_id);
1257 return gsm0808_create_paging2(imsi, tmsi == GSM_RESERVED_TMSI ? NULL : &tmsi, &cil, NULL);
1258}
1259
1260const char *bssmap_msg_name(const struct sccp_ran_inst *sri, const struct msgb *l2)
1261{
1262 struct bssmap_header *bs;
1263
1264 if (!l2->l2h)
1265 return "?";
1266
1267 bs = (struct bssmap_header *)msgb_l2(l2);
1268 switch (bs->type) {
1269 case BSSAP_MSG_BSS_MANAGEMENT:
1270 return gsm0808_bssmap_name(l2->l2h[0]);
1271 case BSSAP_MSG_DTAP:
1272 return "DTAP";
1273 default:
1274 return "?";
1275 }
1276}