Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-ttcn3-hacks / 5d8007424a6f26d8d37a1359467d268e69c0542c / . / asterisk / IMS_ConnectionHandler.ttcn
blob: 18404f14be6f7636222d9695a6971debdf9e6a1b [file] [log] [blame]
/* Component implementing a IMS server towards Asterisk's IMS UE
* (C) 2024 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
* Author: Pau Espin Pedrol <pespin@sysmocom.de>
* All rights reserved.
*
* Released under the terms of GNU General Public License, Version 2 or
* (at your option) any later version.
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
module IMS_ConnectionHandler {
import from TCCOpenSecurity_Functions all;
import from General_Types all;
import from Osmocom_Types all;
import from Native_Functions all;
import from Misc_Helpers all;
import from SDP_Types all;
import from SDP_Templates all;
import from SIP_Emulation all;
import from SIPmsg_Types all;
import from SIP_Templates all;
const char c_sip_server_name := "osmo-ttcn3-hacks/0.23";
type port IMSCoord_PT message
{
inout charstring;
} with { extension "internal" };
const charstring IMS_COORD_CMD_REGISTERED := "COORD_CMD_REGISTERED";
type component IMS_ConnHdlr extends SIP_ConnHdlr {
var charstring g_name;
var IMS_ConnHdlrPars g_pars;
timer g_Tguard;
var PDU_SIP_Request g_rx_sip_req;
var PDU_SIP_Response g_rx_sip_resp;
port IMSCoord_PT COORD;
}
type record of IMS_ConnHdlr IMS_ConnHdlrList;
type record IMS_ConnHdlrPars {
float t_guard,
charstring realm,
charstring local_sip_host,
uint16_t local_sip_port,
charstring remote_sip_host optional,
uint16_t remote_sip_port optional,
charstring user,
charstring display_name,
charstring password,
integer ipsec_local_spi_c,
integer ipsec_local_spi_s,
integer ipsec_remote_spi_c optional,
integer ipsec_remote_spi_s optional,
SipUrl registrar_sip_req_uri,
SipAddr registrar_sip_record,
CallidString registrar_sip_call_id,
integer registrar_sip_seq_nr,
Via local_via,
SipUrl local_sip_url_ext,
SipAddr local_sip_record,
Contact local_contact,
IMS_CallPars cp optional
}
type record of IMS_ConnHdlrPars IMS_ConnHdlrParsList;
type record IMS_CallParsMT {
/* Whether to wait for COORD.receive(COORD_CMD_PICKUP) before accepting the call. */
boolean wait_coord_cmd_pickup,
/* Whether to expect CANCEL instead of ACK as answer to our OK */
boolean exp_cancel
}
template (value) IMS_CallParsMT t_IMS_CallParsMT := {
wait_coord_cmd_pickup := false,
exp_cancel := false
}
type record IMS_CallPars {
SipAddr calling optional,
SipAddr called optional,
SipAddr from_addr optional,
SipAddr to_addr optional,
CallidString sip_call_id,
integer sip_seq_nr,
charstring sip_body optional,
charstring local_rtp_addr,
uint16_t local_rtp_port,
SDP_Message peer_sdp optional,
IMS_CallParsMT mt
}
template (value) IMS_CallPars t_IMS_CallPars(charstring local_rtp_addr,
uint16_t local_rtp_port := 0,
template (omit) SipAddr calling := omit,
template (omit) SipAddr called := omit) := {
calling := calling,
called := called,
from_addr := omit,
to_addr := omit,
sip_call_id := hex2str(f_rnd_hexstring(15)),
sip_seq_nr := f_sip_rand_seq_nr(),
sip_body := omit,
local_rtp_addr := local_rtp_addr,
local_rtp_port := local_rtp_port,
peer_sdp := omit,
mt := t_IMS_CallParsMT
}
template (value) IMS_ConnHdlrPars t_IMS_Pars(charstring local_sip_host,
uint16_t local_sip_port,
charstring user,
charstring display_name := "Anonymous",
charstring password := "secret",
template (omit) IMS_CallPars cp := omit) := {
t_guard := 30.0,
realm := local_sip_host,
local_sip_host := local_sip_host,
local_sip_port := local_sip_port,
remote_sip_host := omit,
remote_sip_port := omit,
user := user,
display_name := f_sip_str_quote(display_name),
password := password,
ipsec_local_spi_c := 4142,
ipsec_local_spi_s := 4143,
ipsec_remote_spi_c := omit,
ipsec_remote_spi_s := omit,
registrar_sip_req_uri := valueof(ts_SipUrlHost(local_sip_host)),
registrar_sip_record := ts_SipAddr(ts_HostPort(local_sip_host),
ts_UserInfo(user),
f_sip_str_quote(display_name)),
registrar_sip_call_id := hex2str(f_rnd_hexstring(15)) & "@" & local_sip_host,
registrar_sip_seq_nr := f_sip_rand_seq_nr(),
local_via := ts_Via_from(ts_HostPort(local_sip_host, local_sip_port)),
local_sip_url_ext := ts_SipUrl(ts_HostPort(local_sip_host, local_sip_port),
ts_UserInfo(user)),
local_sip_record := ts_SipAddr(ts_HostPort(local_sip_host),
ts_UserInfo(user)),
local_contact := valueof(ts_Contact({
ts_ContactAddress(
ts_Addr_Union_SipUrl(ts_SipUrl(ts_HostPort(
local_sip_host,
local_sip_port),
ts_UserInfo(user))),
omit)
})),
cp := cp
}
private altstep as_Tguard() runs on IMS_ConnHdlr {
[] g_Tguard.timeout {
setverdict(fail, "Tguard timeout");
mtc.stop;
}
}
type function ims_void_fn(charstring id) runs on IMS_ConnHdlr;
function f_ims_handler_init(ims_void_fn fn, charstring id, IMS_ConnHdlrPars pars)
runs on IMS_ConnHdlr {
g_name := id;
g_pars := pars;
g_Tguard.start(pars.t_guard);
activate(as_Tguard());
/* call the user-supied test case function */
fn.apply(id);
}
private altstep as_SIP_fail_req(charstring exp_msg_str := "") runs on IMS_ConnHdlr
{
var PDU_SIP_Request sip_req;
[] SIP.receive(PDU_SIP_Request:?) -> value sip_req {
Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
log2str(g_name & ": Received unexpected SIP Req message := ", sip_req, "\nvs exp := ", exp_msg_str));
}
}
private altstep as_SIP_fail_resp(charstring exp_msg_str := "") runs on IMS_ConnHdlr
{
var PDU_SIP_Response sip_resp;
[] SIP.receive(PDU_SIP_Response:?) -> value sip_resp {
Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
log2str(g_name & ": Received unexpected SIP Resp message := ", sip_resp, "\nvs exp := ", exp_msg_str));
}
}
private function f_ims_validate_register_contact(Contact rx_contact)
{
/* IMS contact shows up like this:
* Contact: <sip:8adf9f3d-9342-4060-aa4f-a909f37fd6f6@192.168.101.2:5060>;+g.3gpp.accesstype="cellular2";video;audio;+g.3gpp.smsip;+g.3gpp.nw-init-ussi;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel";+sip.instance="<urn:gsma:imei:35589811-338445-0>"
*/
/* TODO: "that the UE must include the IMS Communication Service Identifier (ICSI)
in the contact: header to indicate IMS Multimedia Telephony." */
/* TODO: "The UE must include an IMEI URN in the +sip.instance header field
parameter of the contact: header." */
/* TODO: "If the UE supports SMS over IP, it must include the feature tag
“+g.3gpp.smsip” in the contact: header." */
/* TODO: "If the UE supports conversational audio and video service, then this must
be indicated by adding a “video” media feature tag to the contact: header." */
}
private function f_ims_parse_security_client(Security_client security_client) runs on IMS_ConnHdlr
{
var boolean found := false;
for (var integer i := 0; i < lengthof(security_client.sec_mechanism_list); i := i + 1) {
var Security_mechanism sec_mec := security_client.sec_mechanism_list[i];
if (sec_mec.mechanism_name != "ipsec-3gpp") {
log("Skipping Security Mechansim: ", sec_mec.mechanism_name);
continue;
}
var SemicolonParam_List sec_pars := sec_mec.mechanism_params;
var charstring par_val;
par_val := f_sip_param_get_value_present_or_fail(sec_pars, "alg");
if (par_val != "hmac-sha-1-96") {
log("Skipping Security Mechansim Algo: ", par_val);
continue;
}
par_val := f_sip_param_get_value_present_or_fail(sec_pars, "spi-c");
g_pars.ipsec_remote_spi_c := str2int(par_val);
par_val := f_sip_param_get_value_present_or_fail(sec_pars, "spi-s");
g_pars.ipsec_remote_spi_s := str2int(par_val);
found := true;
break;
}
if (not found) {
Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
log2str(g_name & "alg=hmac-sha-1-96 not found: ", security_client));
}
log("ipsec: remote_spi_c=", g_pars.ipsec_remote_spi_c, " remote_spi_s=", g_pars.ipsec_remote_spi_s,
"local_spi_c=", g_pars.ipsec_local_spi_c, " local_spi_s=", g_pars.ipsec_local_spi_s);
}
private function f_ims_setup_ipsec(PDU_SIP_Request req_req) runs on IMS_ConnHdlr
{
var Security_client security_client := req_req.msgHeader.security_client;
f_ims_parse_security_client(security_client);
}
/* Peer is calling us, accept it: */
altstep as_IMS_register(boolean exp_update_to_direct_rtp := true,
boolean fail_others := true) runs on IMS_ConnHdlr
{
var template (present) PDU_SIP_Request exp_req :=
tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
?,
tr_SipAddr(),
tr_SipAddr(),
tr_Via_from(?),
require := tr_Require(superset("sec-agree")),
security_client := tr_Security_client(superset(tr_Security_mechanism("ipsec-3gpp",
superset(tr_Param("alg","hmac-sha-1-96"))))),
supported := tr_Supported(superset("path", "sec-agree")));
var charstring sip_expect_str := log2str(exp_req);
[] SIP.receive(exp_req) -> value g_rx_sip_req {
var template (value) PDU_SIP_Response tx_resp;
var Via via;
var CallidString sip_call_id;
var Contact contact;
var template (value) SipAddr from_addr;
var template (value) SipAddr to_addr;
var template (value) CommaParam_List digestCln ;
var template (value) WwwAuthenticate wwwAuthenticate;
var template (value) Security_server security_server;
var template (value) Server server_name := ts_Server({c_sip_server_name});
var template (value) Supported supported := ts_Supported({"sec-agree"});
var Authorization authorization;
var integer sip_seq_nr;
var charstring tx_sdp;
sip_call_id := g_rx_sip_req.msgHeader.callId.callid;
via := g_rx_sip_req.msgHeader.via;
via.viaBody[0].viaParams := f_sip_param_set(via.viaBody[0].viaParams, "rport", "1234"); /* TODO: set remote src port of the REGISTER */
from_addr := ts_SipAddr_from_Addr_Union(g_rx_sip_req.msgHeader.fromField.addressField,
g_rx_sip_req.msgHeader.fromField.fromParams);
to_addr := ts_SipAddr_from_Addr_Union(g_rx_sip_req.msgHeader.toField.addressField,
g_rx_sip_req.msgHeader.toField.toParams);
sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
contact := g_rx_sip_req.msgHeader.contact;
f_ims_validate_register_contact(contact);
/* TODO: Validate "Expires" is 600000 */
/* TODO: validate presence of:
* Security-Client: ipsec-3gpp; alg=hmac-md5-96; ealg=des-ede3-cbc; spi-c=431842084; spi-s=650017092; port-c=41271; port-s=41718,ipsec-3gpp; alg=hmac-md5-96; ealg=aes-cbc; spi-c=431842084; spi-s=650017092; port-c=41271; port-s=41718,ipsec-3gpp; alg=hmac-md5-96; ealg=null; spi-c=431842084; spi-s=650017092; port-c=41271; port-s=41718,ipsec-3gpp; alg=hmac-sha-1-96; ealg=des-ede3-cbc; spi-c=431842084; spi-s=650017092; port-c=41271; port-s=41718,ipsec-3gpp; alg=hmac-sha-1-96; ealg=aes-cbc; spi-c=431842084; spi-s=650017092; port-c=41271; port-s=41718,ipsec-3gpp; alg=hmac-sha-1-96; ealg=null; spi-c=431842084; spi-s=650017092; port-c=41271; port-s=41718
*/
/* Tx 100 Tyring */
tx_resp := ts_SIP_Response_Trying(sip_call_id,
from_addr,
to_addr,
via,
sip_seq_nr,
"REGISTER",
allow := omit,
server := server_name,
userAgent := omit);
SIP.send(tx_resp);
f_ims_setup_ipsec(g_rx_sip_req);
to_addr.params := f_sip_param_set(to_addr.params, "tag", f_sip_rand_tag());
digestCln := {
ts_Param("realm", f_sip_str_quote(g_pars.realm)),
ts_Param("qop", f_sip_str_quote("auth")),
ts_Param("algorithm", "AKAv1-MD5"),
ts_Param("nonce", f_sip_str_quote("FJh2MfZfjjeIoHmLbrzQjvbhmnzLAoAAoGsZyVRFFuU="))
/* "opaque not needed in IMS "*/
};
wwwAuthenticate := ts_WwwAuthenticate( { ts_Challenge_digestCln(digestCln) } )
/* Security-Server: ipsec-3gpp;q=0.1;prot=esp;mod=trans;spi-c=4096;spi-s=4097;port-c=5104;port-s=6104;alg=hmac-sha-1-96;ealg=null */
var template (value) SemicolonParam_List sec_params := {
ts_Param("q", "0.1"),
ts_Param("prot", "esp"),
ts_Param("mod", "trans"),
ts_Param("spi-c", int2str(g_pars.ipsec_local_spi_c)),
ts_Param("spi-s", int2str(g_pars.ipsec_local_spi_s)),
ts_Param("port-c", int2str(g_pars.local_sip_port)),
ts_Param("port-s", int2str(g_pars.local_sip_port)),
ts_Param("alg", "hmac-sha-1-96"),
ts_Param("ealg", "null")
};
security_server := ts_Security_server({
ts_Security_mechanism("ipsec-3gpp", sec_params)
});
/* Tx 401 Unauthorized
* TODO: with IMS params */
tx_resp := ts_SIP_Response_Unauthorized(sip_call_id,
from_addr,
to_addr,
via,
wwwAuthenticate,
sip_seq_nr,
"REGISTER",
security_server := security_server,
server := server_name,
supported := supported,
userAgent := omit);
SIP.send(tx_resp);
/* TODO: Generate expected Authoritzation based on AKAv1-MD5: */
/*authorization := f_sip_digest_gen_Authorization(valueof(wwwAuthenticate),
g_pars.user, g_pars.password,
"REGISTER",
f_sip_SipUrl_to_str(g_pars.registrar_sip_record.addr.nameAddr.addrSpec))
*/
/* TODO: match Authorization from above: */
exp_req :=
tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
?,
tr_SipAddr(),
tr_SipAddr(),
tr_Via_from(?));
SIP.receive(exp_req) -> value g_rx_sip_req;
sip_call_id := g_rx_sip_req.msgHeader.callId.callid;
via := g_rx_sip_req.msgHeader.via;
from_addr := ts_SipAddr_from_Addr_Union(g_rx_sip_req.msgHeader.fromField.addressField,
g_rx_sip_req.msgHeader.fromField.fromParams);
to_addr := ts_SipAddr_from_Addr_Union(g_rx_sip_req.msgHeader.toField.addressField,
g_rx_sip_req.msgHeader.toField.toParams);
to_addr.params := f_sip_param_set(to_addr.params, "tag", f_sip_rand_tag());
sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
/* TODO: Add following fields:
* Supported: sec-agree
* Security-Server: ipsec-3gpp;q=0.1;prot=esp;mod=trans;spi-c=4096;spi-s=4097;port-c=5104;port-s=6104;alg=hmac-sha-1-96;ealg=null
* */
tx_resp := ts_SIP_Response(sip_call_id,
from_addr,
to_addr,
"REGISTER", 200,
sip_seq_nr,
"OK",
via);
SIP.send(tx_resp);
}
[fail_others] as_SIP_fail_resp(sip_expect_str);
[fail_others] as_SIP_fail_req(sip_expect_str);
}
}