Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-ttcn3-hacks / 50db4c99eccdb6e329df01e8c37c7fb689789e26 / . / asterisk / IMS_ConnectionHandler.ttcn
blob: d39626877d9720a3fd4e6a7d3e776420bafc9573 [file] [log] [blame]
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]1/* Component implementing a IMS server towards Asterisk's IMS UE
2 * (C) 2024 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
3 * Author: Pau Espin Pedrol <pespin@sysmocom.de>
4 * All rights reserved.
5 *
6 * Released under the terms of GNU General Public License, Version 2 or
7 * (at your option) any later version.
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11module IMS_ConnectionHandler {
12
Pau Espin Pedrol717379f2024-05-17 18:36:51 +0200[diff] [blame]13import from TCCEncoding_Functions all;
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]14import from TCCOpenSecurity_Functions all;
15import from General_Types all;
16import from Osmocom_Types all;
17import from Native_Functions all;
18import from Misc_Helpers all;
19
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]20/* the PIPE asp port allows us to interact with ip xfrm via stdin/stdout */
21import from PIPEasp_PortType all;
22import from PIPEasp_Types all;
23import from PIPEasp_Templates all;
24
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]25import from SDP_Types all;
26import from SDP_Templates all;
27
28import from SIP_Emulation all;
29import from SIPmsg_Types all;
30import from SIP_Templates all;
31
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]32
33modulepar {
34 charstring mp_ipsec_setup_script_path := "./IMS_ipsec_setup.sh";
35}
36
Pau Espin Pedrolcb0dbf92024-06-06 20:40:30 +0200[diff] [blame]37const integer c_def_expires := 600000; /* 3GPP TS 24.229 5.1.1.2.1 e) */
Pau Espin Pedrola2424b22024-06-10 20:23:13 +0200[diff] [blame]38const charstring c_sip_server_name := "osmo-ttcn3-hacks/0.23";
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]39
40
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]41type port IMSCoord_PT message
42{
43 inout charstring;
44} with { extension "internal" };
45
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]46const charstring IMS_COORD_CMD_REGISTERED := "IMS_COORD_CMD_REGISTERED";
47const charstring IMS_COORD_CMD_START := "IMS_COORD_CMD_START";
48const charstring IMS_COORD_CMD_CALL_ESTABLISHED := "IMS_COORD_CMD_CALL_ESTABLISHED";
49const charstring IMS_COORD_CMD_HANGUP := "IMS_COORD_CMD_HANGUP";
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]50
51type component IMS_ConnHdlr extends SIP_ConnHdlr {
52 var charstring g_name;
53 var IMS_ConnHdlrPars g_pars;
54 timer g_Tguard;
55 var PDU_SIP_Request g_rx_sip_req;
56 var PDU_SIP_Response g_rx_sip_resp;
57
58 port IMSCoord_PT COORD;
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]59 port PIPEasp_PT PIPE;
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]60}
61type record of IMS_ConnHdlr IMS_ConnHdlrList;
62
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]63type record IMS_AuthVector {
64 OCT16 rand,
65 OCT16 autn,
66 OCT8 res,
67 OCT16 ck,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]68 OCT16 ik,
69 OCT14 auts
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]70}
71
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]72type record IMS_ConnHdlrSubscrPars {
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]73 charstring remote_sip_host optional,
74 uint16_t remote_sip_port optional,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]75 charstring imsi,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]76 charstring display_name,
77 charstring password,
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]78 charstring msisdn,
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]79 /* Expected User-Location-Info in P-Access-Network-Info */
80 charstring uli_str,
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]81 IMS_AuthVector auth,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]82 charstring ipsec_auth_key,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]83 integer ipsec_local_spi_c,
84 integer ipsec_local_spi_s,
85 integer ipsec_remote_spi_c optional,
86 integer ipsec_remote_spi_s optional,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]87 uint16_t ipsec_remote_port_c optional,
88 uint16_t ipsec_remote_port_s optional,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]89 SipAddr registrar_sip_record,
90 CallidString registrar_sip_call_id,
91 integer registrar_sip_seq_nr,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]92 SipUrl local_sip_url_ext,
93 SipAddr local_sip_record,
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]94 Contact registered_contact optional,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]95 P_Associated_Uri p_associated_uri,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]96 IMS_CallPars cp optional
97}
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]98type record of IMS_ConnHdlrSubscrPars IMS_ConnHdlrSubscrParsList;
99
100
101type record IMS_ConnHdlrPars {
102 float t_guard,
103 charstring realm,
104 charstring local_sip_host,
105 uint16_t local_sip_port,
106 SipUrl registrar_sip_req_uri,
107 Via local_via,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]108 Server server_name,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]109 IMS_ConnHdlrSubscrPars subscr optional
110}
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]111type record of IMS_ConnHdlrPars IMS_ConnHdlrParsList;
112
113type record IMS_CallParsMT {
114 /* Whether to wait for COORD.receive(COORD_CMD_PICKUP) before accepting the call. */
115 boolean wait_coord_cmd_pickup,
116 /* Whether to expect CANCEL instead of ACK as answer to our OK */
117 boolean exp_cancel
118}
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]119template (value) IMS_CallParsMT t_IMS_CallParsMT := {
120 wait_coord_cmd_pickup := false,
121 exp_cancel := false
122}
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]123
124type record IMS_CallPars {
125 SipAddr calling optional,
126 SipAddr called optional,
127
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]128 From from_addr optional,
129 To to_addr optional,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]130
131 CallidString sip_call_id,
132 integer sip_seq_nr,
133 charstring sip_body optional,
134
135 charstring local_rtp_addr,
136 uint16_t local_rtp_port,
137
138 SDP_Message peer_sdp optional,
139 IMS_CallParsMT mt
140}
141
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]142template (value) IMS_CallPars t_IMS_CallPars(charstring local_rtp_addr,
143 uint16_t local_rtp_port := 0,
144 template (omit) SipAddr calling := omit,
145 template (omit) SipAddr called := omit) := {
146 calling := calling,
147 called := called,
148 from_addr := omit,
149 to_addr := omit,
150 sip_call_id := hex2str(f_rnd_hexstring(15)),
151 sip_seq_nr := f_sip_rand_seq_nr(),
152 sip_body := omit,
153 local_rtp_addr := local_rtp_addr,
154 local_rtp_port := local_rtp_port,
155 peer_sdp := omit,
156 mt := t_IMS_CallParsMT
157}
158
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]159template (value) IMS_ConnHdlrSubscrPars t_IMS_SubscrPars(charstring local_sip_host,
160 uint16_t local_sip_port,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]161 charstring domain,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]162 charstring imsi,
163 charstring msisdn := "90828",
164 charstring display_name := "Anonymous",
165 charstring password := "secret",
166 template (omit) IMS_CallPars cp := omit) := {
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]167 remote_sip_host := omit,
168 remote_sip_port := omit,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]169 imsi := imsi,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]170 display_name := f_sip_str_quote(display_name),
171 password := password,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]172 msisdn := msisdn,
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]173 uli_str := "2380100010000101",
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]174 auth := {
175 /* The Nonce field is the Base64 encoded version of the RAND value and concatenated with the AUTN: */
176 rand := 'd5d5de2bce418d7865ed7fa6956618a2'O,
177 autn := 'd42e61db5f15800067393a5b7691a227'O,
178 res := '6f2556bbe4366ab1'O,
179 ck := '0b389d08c833991734936bec55cac800'O,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]180 ik := '17141862125bd30c81c4224391a0909a'O,
181 /* NOTE: AUTS value randomly crafted. It's fine since it's just forwarded
182 * AMI -> asterisk -> IMS and we blindly match and accept it. */
183 auts := 'd42e61db5f15800067393a5b7691'O
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]184 },
185 ipsec_auth_key := "0x17141862125bd30c81c4224391a0909a00000000",
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]186 ipsec_local_spi_c := 4142,
187 ipsec_local_spi_s := 4143,
188 ipsec_remote_spi_c := omit,
189 ipsec_remote_spi_s := omit,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]190 ipsec_remote_port_c := omit,
191 ipsec_remote_port_s := omit,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]192 registrar_sip_record := ts_SipAddr(ts_HostPort(domain),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]193 ts_UserInfo(imsi),
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]194 f_sip_str_quote(display_name)),
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]195 registrar_sip_call_id := hex2str(f_rnd_hexstring(15)) & "@" & domain,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]196 registrar_sip_seq_nr := f_sip_rand_seq_nr(),
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]197 local_sip_url_ext := ts_SipUrl(ts_HostPort(domain, local_sip_port),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]198 ts_UserInfo(imsi)),
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]199 local_sip_record := ts_SipAddr(ts_HostPort(domain),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]200 ts_UserInfo(imsi)),
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]201 registered_contact := omit,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]202 p_associated_uri := ts_P_Associated_Uri({}),
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]203 cp := cp
204}
205
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]206template (value) IMS_ConnHdlrPars t_IMS_Pars(charstring local_sip_host,
207 uint16_t local_sip_port,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]208 charstring domain,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]209 charstring imsi,
210 template (omit) IMS_CallPars cp := omit) := {
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]211 t_guard := 60.0,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]212 realm := domain,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]213 local_sip_host := local_sip_host,
214 local_sip_port := local_sip_port,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]215 registrar_sip_req_uri := valueof(ts_SipUrlHost(domain)),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]216 local_via := ts_Via_from(ts_HostPort(local_sip_host, local_sip_port)),
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]217 server_name := valueof(ts_Server({c_sip_server_name})),
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]218 subscr := t_IMS_SubscrPars(local_sip_host, local_sip_port, domain := domain, imsi := imsi, cp := cp)
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]219}
220
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]221private altstep as_Tguard() runs on IMS_ConnHdlr {
222 [] g_Tguard.timeout {
223 setverdict(fail, "Tguard timeout");
224 mtc.stop;
225 }
226}
227
228type function ims_void_fn(charstring id) runs on IMS_ConnHdlr;
229function f_ims_handler_init(ims_void_fn fn, charstring id, IMS_ConnHdlrPars pars)
230runs on IMS_ConnHdlr {
231 g_name := id;
232 g_pars := pars;
233 g_Tguard.start(pars.t_guard);
234 activate(as_Tguard());
235
236 /* call the user-supied test case function */
237 fn.apply(id);
238}
239
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]240altstep as_SIP_fail_req(charstring exp_msg_str := "") runs on IMS_ConnHdlr
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]241{
242 var PDU_SIP_Request sip_req;
243 [] SIP.receive(PDU_SIP_Request:?) -> value sip_req {
244 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
245 log2str(g_name & ": Received unexpected SIP Req message := ", sip_req, "\nvs exp := ", exp_msg_str));
246 }
247}
248
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]249altstep as_SIP_fail_resp(charstring exp_msg_str := "") runs on IMS_ConnHdlr
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]250{
251 var PDU_SIP_Response sip_resp;
252 [] SIP.receive(PDU_SIP_Response:?) -> value sip_resp {
253 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
254 log2str(g_name & ": Received unexpected SIP Resp message := ", sip_resp, "\nvs exp := ", exp_msg_str));
255 }
256}
257
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]258altstep as_SIP_expect_resp(template (present) PDU_SIP_Response sip_expect, boolean fail_others := true) runs on IMS_ConnHdlr
259{
260 var charstring sip_expect_str := log2str(sip_expect);
261 [] SIP.receive(sip_expect) -> value g_rx_sip_resp;
262 [fail_others] as_SIP_fail_resp(sip_expect_str);
263 [fail_others] as_SIP_fail_req(sip_expect_str);
264}
265
266altstep as_SIP_ignore_resp(template PDU_SIP_Response sip_expect := ?) runs on IMS_ConnHdlr
267{
268 [] SIP.receive(sip_expect) -> value g_rx_sip_resp {
269 log("Ignoring ", g_rx_sip_resp);
270 repeat;
271 }
272}
273
Pau Espin Pedrol717379f2024-05-17 18:36:51 +0200[diff] [blame]274private function f_nonce_from_rand_autn(octetstring rand, octetstring autn) return charstring {
275 var octetstring concat := rand & autn;
276 var charstring nonce := enc_MIME_Base64(concat);
277 log("rand=", rand, " & autn=",autn, " => nonce=", nonce);
278 return nonce;
279}
280
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]281/* HTTP Digest Authentication Using AKA (AKAv1-MD5): RFC 3310 */
282function f_tr_Authorization_AKAv1MD5(WwwAuthenticate www_authenticate,
283 charstring username,
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]284 charstring uri)
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]285return template (present) Authorization {
286 var CommaParam_List digestCln;
287 var template (present) Authorization authorization;
288 var template (present) Credentials cred;
289 var template (omit) GenericParam rx_param;
290
291 digestCln := www_authenticate.challenge[0].digestCln;
292
293 var charstring algorithm := f_sip_param_get_value_present_or_fail(digestCln, "algorithm");
294 var charstring realm := f_sip_param_get_value_present_or_fail(digestCln, "realm");
295 var charstring nonce := f_sip_param_get_value_present_or_fail(digestCln, "nonce");
296
297 var template (present) CommaParam_List digestResponse := superset(
298 tr_Param("username", f_sip_str_quote(username)),
299 tr_Param("realm", f_sip_str_quote(realm)),
300 tr_Param("nonce", f_sip_str_quote(nonce)),
301 tr_Param("uri", f_sip_str_quote(uri)),
302 tr_Param("response", ?),
303 tr_Param("algorithm", algorithm),
304 tr_Param("qop", "auth"),
305 tr_Param("cnonce", ?),
306 tr_Param("nc", ?)
307 );
308 cred := tr_Credentials_DigestResponse(digestResponse);
309 authorization := tr_Authorization(cred);
310 return authorization;
311}
312
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]313private function f_ims_validate_Authorization_AKAv1MD5_Response(Authorization authorization, charstring method)
314runs on IMS_ConnHdlr {
315 f_sip_digest_validate_Authorization_AKAv1MD5(authorization, method, g_pars.subscr.auth.res);
316}
317
318
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]319private function f_ims_validate_register_contact(Contact rx_contact)
320{
321/* IMS contact shows up like this:
322 * Contact: <sip:8adf9f3d-9342-4060-aa4f-a909f37fd6f6@192.168.101.2:5060>;+g.3gpp.accesstype="cellular2";video;audio;+g.3gpp.smsip;+g.3gpp.nw-init-ussi;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel";+sip.instance="<urn:gsma:imei:35589811-338445-0>"
323 */
324 /* TODO: "that the UE must include the IMS Communication Service Identifier (ICSI)
325in the contact: header to indicate IMS Multimedia Telephony." */
326 /* TODO: "The UE must include an IMEI URN in the +sip.instance header field
327parameter of the contact: header." */
328 /* TODO: "If the UE supports SMS over IP, it must include the feature tag
329“+g.3gpp.smsip” in the contact: header." */
330 /* TODO: "If the UE supports conversational audio and video service, then this must
331be indicated by adding a “video” media feature tag to the contact: header." */
332}
333
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]334/* Validate P-Access-Network-Info: RFC7315 6.4 */
335private function f_ims_validate_register_P_Access_Network_info(PDU_SIP_Request req,
336 boolean exp_present := true) runs on IMS_ConnHdlr
337
338{
339 if (not exp_present) {
340 if (ispresent(g_rx_sip_req.msgHeader.p_access_network_info)) {
341 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
342 log2str(g_name & ": Received unexpected [rfc7315 6.4] P-Access-Info := ",
343 g_rx_sip_req.msgHeader.p_access_network_info));
344 }
345 return;
346 }
347
348 /* exp_present: */
349 var template (present) P_Access_Network_Info expl_tmpl :=
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]350 tr_P_Access_Network_Info({ tr_Access_net_spec_EUTRAN(g_pars.subscr.uli_str) });
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]351
352 if (not ispresent(g_rx_sip_req.msgHeader.p_access_network_info)) {
353 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
354 log2str(g_name & ": Received no P-Access-Info vs exp := ",
355 expl_tmpl));
356 }
357 if (not match(g_rx_sip_req.msgHeader.p_access_network_info, expl_tmpl)) {
358 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
359 log2str(g_name & ": Received unexpected P-Access-Info := ",
360 g_rx_sip_req.msgHeader.p_access_network_info,
361 "\nvs exp := ", expl_tmpl));
362 }
363}
364
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]365private function f_ims_parse_security_client(Security_client security_client) runs on IMS_ConnHdlr
366{
367 var boolean found := false;
368 for (var integer i := 0; i < lengthof(security_client.sec_mechanism_list); i := i + 1) {
369 var Security_mechanism sec_mec := security_client.sec_mechanism_list[i];
370 if (sec_mec.mechanism_name != "ipsec-3gpp") {
371 log("Skipping Security Mechansim: ", sec_mec.mechanism_name);
372 continue;
373 }
374 var SemicolonParam_List sec_pars := sec_mec.mechanism_params;
375 var charstring par_val;
376 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "alg");
377 if (par_val != "hmac-sha-1-96") {
378 log("Skipping Security Mechansim Algo: ", par_val);
379 continue;
380 }
381 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "spi-c");
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]382 g_pars.subscr.ipsec_remote_spi_c := str2int(par_val);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]383 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "spi-s");
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]384 g_pars.subscr.ipsec_remote_spi_s := str2int(par_val);
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]385 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "port-c");
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]386 g_pars.subscr.ipsec_remote_port_c := str2int(par_val);
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]387 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "port-s");
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]388 g_pars.subscr.ipsec_remote_port_s := str2int(par_val);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]389 found := true;
390 break;
391 }
392
393 if (not found) {
394 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
395 log2str(g_name & "alg=hmac-sha-1-96 not found: ", security_client));
396 }
397
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]398 log("ipsec: remote_spi_c=", g_pars.subscr.ipsec_remote_spi_c, " remote_spi_s=", g_pars.subscr.ipsec_remote_spi_s,
399 "local_spi_c=", g_pars.subscr.ipsec_local_spi_c, " local_spi_s=", g_pars.subscr.ipsec_local_spi_s);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]400}
401
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]402private function f_ims_parse_register_contact(Contact contact) runs on IMS_ConnHdlr
403{
404 var HostPort hp := valueof(contact.contactBody.contactAddresses[0].addressField.nameAddr.addrSpec.hostPort);
405
406 g_pars.subscr.remote_sip_host := hp.host;
407 if (ispresent(hp.portField)) {
408 g_pars.subscr.remote_sip_port := hp.portField;
409 } else {
410 g_pars.subscr.remote_sip_port := 5060;
411 }
412}
413
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]414private function f_IMS_exec_sync(charstring cmdline, template (present) integer rc := 0)
415 runs on IMS_ConnHdlr return ASP_PResult {
416 var ASP_PResult res;
417
418 map(self:PIPE, system:PIPE);
419 res := f_PIPEasp_exec_sync_PResult(PIPE, cmdline, tr_PResult(?, ?, rc));
420 unmap(self:PIPE, system:PIPE);
421
422 return res;
423}
424
425private function f_ims_setup_ipsec() runs on IMS_ConnHdlr
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]426{
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]427 var ASP_PResult res;
428
429 var charstring cmd := mp_ipsec_setup_script_path & " " &
430 g_pars.local_sip_host & " " &
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]431 int2str(g_pars.local_sip_port) & " " & int2str(g_pars.subscr.ipsec_local_spi_c) & " " &
432 int2str(g_pars.local_sip_port) & " " & int2str(g_pars.subscr.ipsec_local_spi_s) & " " &
433 g_pars.subscr.remote_sip_host & " " &
434 int2str(g_pars.subscr.ipsec_remote_port_c) & " " & int2str(g_pars.subscr.ipsec_remote_spi_c) & " " &
435 int2str(g_pars.subscr.ipsec_remote_port_s) & " " & int2str(g_pars.subscr.ipsec_remote_spi_s) & " " &
436 g_pars.subscr.ipsec_auth_key;
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]437
438 res := f_IMS_exec_sync(cmd);
439
440 /* Debug applied rules: */
441 /*
442 res := f_IMS_exec_sync("ip xfrm state");
443 log("ip-xfrm-state Result-Stdout: " & res.stdout);
444
445 res := f_IMS_exec_sync("ip xfrm policy");
446 log("ip-xfrm-policy Result-Stdout: " & res.stdout);
447 */
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]448}
449
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]450private function f_tr_Via_response(Via via_req) return template (present) Via {
451 template (present) SemicolonParam_List via_resp_params := ?;
452
453 /*via_resp_params := {
454 { id := "rport", paramValue := int2str(g_pars.subscr.remote_sip_port.subscr.remote_sip_port) },
455 { id := "received", paramValue := g_pars.subscr.remote_sip_host }
456 }; */
457 return tr_Via_from(via_req.viaBody[0].sentBy,
458 via_req.viaBody[0].sentProtocol.transport,
459 via_resp_params);
460}
461
462private function f_tr_From(template (value) SipAddr from_req) return template (present) SipAddr {
463 return tr_SipAddr_from_val(from_req);
464}
465
466private altstep as_SIP_expect_req(template (present) PDU_SIP_Request sip_expect, boolean fail_others := true) runs on IMS_ConnHdlr
467{
468 var charstring sip_expect_str := log2str(sip_expect);
469 [] SIP.receive(sip_expect) -> value g_rx_sip_req;
470 [fail_others] as_SIP_fail_req(sip_expect_str);
471 [fail_others] as_SIP_fail_resp(sip_expect_str);
472}
473
474private function f_gen_sdp() runs on IMS_ConnHdlr return charstring {
475 var charstring sdp :=
476 "v=0\r\n" &
477 "o=0502 2390 1824 IN IP4 " & g_pars.subscr.cp.local_rtp_addr & "\r\n" &
478 "s=Talk\r\n" &
479 "c=IN IP4 " & g_pars.subscr.cp.local_rtp_addr & "\r\n" &
480 "t=0 0\r\n" &
481 "a=rtcp-xr:rcvr-rtt=all:10000 stat-summary=loss,dup,jitt,TTL voip-metrics\r\n" &
482 "a=record:off\r\n" &
483 "m=audio " & int2str(g_pars.subscr.cp.local_rtp_port) & " RTP/AVP 8 96 97 98 0 18 99 100 101\r\n" &
484 "a=rtpmap:8 PCMA/8000\r\n" &
485 "a=rtpmap:96 opus/48000/2\r\n" &
486 "a=fmtp:96 useinbandfec=1\r\n" &
487 "a=rtpmap:97 speex/16000\r\n" &
488 "a=fmtp:97 vbr=on\r\n" &
489 "a=rtpmap:98 speex/8000\r\n" &
490 "a=fmtp:98 vbr=on\r\n" &
491 "a=fmtp:18 annexb=yes\r\n" &
492 "a=rtpmap:99 telephone-event/48000\r\n" &
493 "a=rtpmap:100 telephone-event/16000\r\n" &
494 "a=rtpmap:101 telephone-event/8000\r\n" &
495 "a=rtcp:" & int2str(g_pars.subscr.cp.local_rtp_port + 1) & "\r\n" &
496 "a=rtcp-fb:* trr-int 1000\r\n" &
497 "a=rtcp-fb:* ccm tmmbr\r\n";
498 return sdp;
499}
500
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]501private function f_gen_Security_server() runs on IMS_ConnHdlr return Security_server {
502 var template (value) Security_server security_server;
503 /* Security-Server: ipsec-3gpp;q=0.1;prot=esp;mod=trans;spi-c=4096;spi-s=4097;port-c=5104;port-s=6104;alg=hmac-sha-1-96;ealg=null */
504 var template (value) SemicolonParam_List sec_params := {
505 ts_Param("q", "0.1"),
506 ts_Param("prot", "esp"),
507 ts_Param("mod", "trans"),
508 ts_Param("spi-c", int2str(g_pars.subscr.ipsec_local_spi_c)),
509 ts_Param("spi-s", int2str(g_pars.subscr.ipsec_local_spi_s)),
510 ts_Param("port-c", int2str(g_pars.local_sip_port)),
511 ts_Param("port-s", int2str(g_pars.local_sip_port)),
512 ts_Param("alg", "hmac-sha-1-96"),
513 ts_Param("ealg", "null")
514 };
515 security_server := ts_Security_server({
516 ts_Security_mechanism("ipsec-3gpp", sec_params)
517 });
518 return valueof(security_server);
519}
520
521private function f_gen_WwwAuthenticate() runs on IMS_ConnHdlr return WwwAuthenticate {
522 var template (value) WwwAuthenticate wwwAuthenticate;
523 var template (value) CommaParam_List digestCln;
524 digestCln := {
525 ts_Param("realm", f_sip_str_quote(g_pars.realm)),
526 ts_Param("qop", f_sip_str_quote("auth")),
527 ts_Param("algorithm", "AKAv1-MD5"),
528 ts_Param("nonce", f_sip_str_quote(f_nonce_from_rand_autn(g_pars.subscr.auth.rand,
529 g_pars.subscr.auth.autn)))
530 /* "opaque not needed in IMS "*/
531 };
532 wwwAuthenticate := ts_WwwAuthenticate( { ts_Challenge_digestCln(digestCln) } );
533 return valueof(wwwAuthenticate);
534}
535
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]536type enumerated IMS_register_early_return {
537 IMS_REG_EARLY_RET_BEFORE_None,
538 IMS_REG_EARLY_RET_BEFORE_Initial_100Trying,
539 IMS_REG_EARLY_RET_BEFORE_Initial_401Unauthorized,
540 IMS_REG_EARLY_RET_BEFORE_Resync_401Unauthorized,
541 IMS_REG_EARLY_RET_BEFORE_Protected_100Trying,
542 IMS_REG_EARLY_RET_BEFORE_Protected_200OK
543}
544
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]545/* Peer is issuing 1st register, accept it: */
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]546altstep as_IMS_register(boolean exp_auth_resync := false,
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]547 IMS_register_early_return early_ret := IMS_REG_EARLY_RET_BEFORE_None,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]548 boolean fail_others := true) runs on IMS_ConnHdlr
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]549{
550 var template (present) PDU_SIP_Request exp_req :=
551 tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
552 ?,
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]553 tr_From(),
554 tr_To(),
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]555 tr_Via_from(?),
Pau Espin Pedrolcb0dbf92024-06-06 20:40:30 +0200[diff] [blame]556 expires := tr_Expires(int2str(c_def_expires)),
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]557 require := tr_Require(superset("sec-agree")),
558 security_client := tr_Security_client(superset(tr_Security_mechanism("ipsec-3gpp",
559 superset(tr_Param("alg","hmac-sha-1-96"))))),
560 supported := tr_Supported(superset("path", "sec-agree")));
561 var charstring sip_expect_str := log2str(exp_req);
562
563 [] SIP.receive(exp_req) -> value g_rx_sip_req {
564 var template (value) PDU_SIP_Response tx_resp;
565 var Via via;
566 var CallidString sip_call_id;
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]567 var template (value) From from_addr;
568 var template (value) To to_addr;
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]569 var WwwAuthenticate wwwAuthenticate;
570 var Security_server security_server;
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]571 var template (value) Require require := ts_Require({"sec-agree"});
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]572 var template (value) Supported supported := ts_Supported({"sec-agree"});
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]573 var integer sip_seq_nr;
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]574
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]575 if (early_ret == IMS_REG_EARLY_RET_BEFORE_Initial_100Trying) {
576 return; /* Done */
577 }
578
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]579 sip_call_id := g_rx_sip_req.msgHeader.callId.callid;
580 via := g_rx_sip_req.msgHeader.via;
581 via.viaBody[0].viaParams := f_sip_param_set(via.viaBody[0].viaParams, "rport", "1234"); /* TODO: set remote src port of the REGISTER */
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]582 from_addr := g_rx_sip_req.msgHeader.fromField;
583 to_addr := g_rx_sip_req.msgHeader.toField;
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]584 sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
585
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]586 /* Tx 100 Tyring */
587 tx_resp := ts_SIP_Response_Trying(sip_call_id,
588 from_addr,
589 to_addr,
590 via,
591 sip_seq_nr,
592 "REGISTER",
593 allow := omit,
594 server := g_pars.server_name,
595 userAgent := omit);
596 SIP.send(tx_resp);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]597
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]598 /* Validate P-Access-Network-Info: rfc7315 6.4:
599 * "3GPP will use the P-Access-Network-Info header field to
600 * carry relatively sensitive information like the cell ID. Therefore,
601 * the information MUST NOT be sent outside of the 3GPP domain.""
602 * [...] "the sensitive information carried in the
603 * P-Access-Network-Info header field MUST NOT be sent in any initial
604 * unauthenticated and unprotected requests (e.g., REGISTER)."
605 */
606 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := false);
607
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]608 f_ims_validate_register_contact(g_rx_sip_req.msgHeader.contact);
609 f_ims_parse_register_contact(g_rx_sip_req.msgHeader.contact);
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]610 f_ims_parse_security_client(g_rx_sip_req.msgHeader.security_client);
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]611
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]612 if (early_ret == IMS_REG_EARLY_RET_BEFORE_Initial_401Unauthorized) {
613 return; /* Done */
614 }
615
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]616 if (not exp_auth_resync) {
617 /* Delay ipsec setup in ip xfrm, since there will be another
618 * 1st REGISTER with potentially new ports coming in later. */
619 f_ims_setup_ipsec();
620 }
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]621
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]622 to_addr.toParams := f_sip_param_set(to_addr.toParams, "tag", f_sip_rand_tag());
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]623 wwwAuthenticate := f_gen_WwwAuthenticate();
624 security_server := f_gen_Security_server();
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]625
626 /* Tx 401 Unauthorized */
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]627 tx_resp := ts_SIP_Response_Unauthorized(sip_call_id,
628 from_addr,
629 to_addr,
630 via,
631 wwwAuthenticate,
632 sip_seq_nr,
633 "REGISTER",
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]634 p_associated_uri := g_pars.subscr.p_associated_uri,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]635 security_server := security_server,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]636 server := g_pars.server_name,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]637 supported := supported,
638 userAgent := omit);
639 SIP.send(tx_resp);
640
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]641 if (exp_auth_resync) {
642 /* Now we should receive a new non-protected REGISTER
643 * with Authoritzation containing auts in base64: */
644 var template (present) Authorization authorization :=
645 f_tr_Authorization_AKAv1MD5(wwwAuthenticate,
646 g_pars.subscr.imsi & "@" & g_pars.realm,
647 f_sip_SipUrl_to_str(g_pars.registrar_sip_req_uri));
648 exp_req :=
649 tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
650 ?,
651 tr_From(),
652 tr_To(),
653 tr_Via_from(f_tr_HostPort(via.viaBody[0].sentBy.host, via.viaBody[0].sentBy.portField)),
654 authorization := authorization);
655 SIP.receive(exp_req) -> value g_rx_sip_req;
656
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]657 if (early_ret == IMS_REG_EARLY_RET_BEFORE_Resync_401Unauthorized) {
658 return; /* Done */
659 }
660
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]661 via := g_rx_sip_req.msgHeader.via;
662 from_addr := g_rx_sip_req.msgHeader.fromField;
663 to_addr := g_rx_sip_req.msgHeader.toField;
664 sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
665
666 /* Tx 100 Tyring */
667 tx_resp := ts_SIP_Response_Trying(sip_call_id,
668 from_addr,
669 to_addr,
670 via,
671 sip_seq_nr,
672 "REGISTER",
673 allow := omit,
674 server := g_pars.server_name,
675 userAgent := omit);
676 SIP.send(tx_resp);
677
678 f_sip_param_match_value_or_fail(g_rx_sip_req.msgHeader.authorization.body.digestResponse,
679 "auts", f_sip_str_quote(enc_MIME_Base64(g_pars.subscr.auth.auts)));
680 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := false);
681 f_ims_validate_register_contact(g_rx_sip_req.msgHeader.contact);
682 f_ims_parse_register_contact(g_rx_sip_req.msgHeader.contact);
683 f_ims_parse_security_client(g_rx_sip_req.msgHeader.security_client);
684 f_ims_setup_ipsec();
685
686 security_server := f_gen_Security_server();
687
688 /* Tx again 401 Unauthorized, this time our AMI interface will accept it: */
689 tx_resp := ts_SIP_Response_Unauthorized(sip_call_id,
690 from_addr,
691 to_addr,
692 via,
693 wwwAuthenticate,
694 sip_seq_nr,
695 "REGISTER",
696 p_associated_uri := g_pars.subscr.p_associated_uri,
697 security_server := security_server,
698 server := g_pars.server_name,
699 supported := supported,
700 userAgent := omit);
701 SIP.send(tx_resp);
702 }
703
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]704 /* Now we should receive a new REGISTER over ipsec: */
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]705 as_IMS_2nd_register(wwwAuthenticate, early_ret := early_ret);
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]706 }
707 [fail_others] as_SIP_fail_resp(sip_expect_str);
708 [fail_others] as_SIP_fail_req(sip_expect_str);
709
710}
711
712/* Peer is issuing 2nd register, accept it: */
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]713altstep as_IMS_2nd_register(WwwAuthenticate wwwAuthenticate,
714 IMS_register_early_return early_ret := IMS_REG_EARLY_RET_BEFORE_None,
715 boolean fail_others := true) runs on IMS_ConnHdlr
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]716{
717 var template (present) Authorization authorization :=
718 f_tr_Authorization_AKAv1MD5(wwwAuthenticate,
719 g_pars.subscr.imsi & "@" & g_pars.realm,
720 f_sip_SipUrl_to_str(g_pars.registrar_sip_req_uri));
721 var template (present) PDU_SIP_Request exp_req :=
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]722 tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
723 ?,
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]724 tr_From(),
725 tr_To(),
Pau Espin Pedrol480b53c2024-06-07 19:49:02 +0200[diff] [blame]726 tr_Via_from(f_tr_HostPort(g_pars.subscr.remote_sip_host, g_pars.subscr.ipsec_remote_port_s)),
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]727 authorization := authorization);
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]728 var charstring sip_expect_str := log2str(exp_req);
729
730 [] SIP.receive(exp_req) -> value g_rx_sip_req {
731 var template (value) PDU_SIP_Response tx_resp;
732 var Via via;
733 var CallidString sip_call_id;
734 var template (value) From from_addr;
735 var template (value) To to_addr;
736 var template (value) Require require := ts_Require({"sec-agree"});
737 var template (value) Supported supported := ts_Supported({"sec-agree"});
738 var integer sip_seq_nr;
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]739
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]740 if (early_ret == IMS_REG_EARLY_RET_BEFORE_Protected_100Trying) {
741 return; /* Done */
742 }
743
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]744 sip_call_id := g_rx_sip_req.msgHeader.callId.callid;
745 via := g_rx_sip_req.msgHeader.via;
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]746 from_addr := g_rx_sip_req.msgHeader.fromField;
747 to_addr := g_rx_sip_req.msgHeader.toField;
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]748 sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
749
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]750 /* Tx 100 Trying */
751 tx_resp := ts_SIP_Response_Trying(sip_call_id,
752 from_addr,
753 to_addr,
754 via,
755 sip_seq_nr,
756 "REGISTER",
757 allow := omit,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]758 server := g_pars.server_name,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]759 userAgent := omit);
760 SIP.send(tx_resp);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]761
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]762 /* Validate Digest Response: */
763 f_ims_validate_Authorization_AKAv1MD5_Response(g_rx_sip_req.msgHeader.authorization, "REGISTER");
764
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]765 /* Validate P-Access-Network-Info: */
766 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := true);
767
Pau Espin Pedrol50db4c92024-06-11 18:02:52 +0200[diff] [blame^]768 if (early_ret == IMS_REG_EARLY_RET_BEFORE_Protected_200OK) {
769 return; /* Done */
770 }
771
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]772 g_pars.subscr.p_associated_uri := valueof(ts_P_Associated_Uri({
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]773 ts_P_Assoc_uri_spec(ts_NameAddr(ts_SipUrl(ts_HostPort(g_pars.realm),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]774 ts_UserInfo(g_pars.subscr.msisdn),
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]775 scheme := "sip"))),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]776 ts_P_Assoc_uri_spec(ts_NameAddr(ts_SipUrl(ts_HostPort(g_pars.subscr.msisdn),
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]777 omit,
778 scheme := "tel"))),
779 ts_P_Assoc_uri_spec(g_rx_sip_req.msgHeader.toField.addressField.nameAddr)
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]780 }));
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]781 f_ims_validate_register_contact(g_rx_sip_req.msgHeader.contact);
782 f_ims_parse_register_contact(g_rx_sip_req.msgHeader.contact);
783 g_pars.subscr.registered_contact := g_rx_sip_req.msgHeader.contact;
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]784
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]785 /* Tx 200 OK */
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]786 to_addr.toParams := f_sip_param_set(to_addr.toParams, "tag", f_sip_rand_tag());
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]787 tx_resp := ts_SIP_Response(sip_call_id,
788 from_addr,
789 to_addr,
790 "REGISTER", 200,
791 sip_seq_nr,
792 "OK",
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]793 via,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]794 p_associated_uri := g_pars.subscr.p_associated_uri,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]795 require := require,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]796 server := g_pars.server_name,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]797 supported := supported,
798 userAgent := omit);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]799 SIP.send(tx_resp);
800 }
801 [fail_others] as_SIP_fail_resp(sip_expect_str);
802 [fail_others] as_SIP_fail_req(sip_expect_str);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]803}
804
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]805/* Peer wants to unregister, accept it: */
806altstep as_IMS_unregister(boolean fail_others := true) runs on IMS_ConnHdlr
807{
808 var template (present) PDU_SIP_Request exp_req :=
809 tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
810 ?,
811 tr_From(),
812 tr_To(),
Pau Espin Pedrol480b53c2024-06-07 19:49:02 +0200[diff] [blame]813 tr_Via_from(f_tr_HostPort(g_pars.subscr.remote_sip_host, g_pars.subscr.ipsec_remote_port_s)),
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]814 expires := tr_Expires(int2str(0)),
815 require := tr_Require(superset("sec-agree")),
816 security_client := tr_Security_client(superset(tr_Security_mechanism("ipsec-3gpp",
817 superset(tr_Param("alg","hmac-sha-1-96"))))),
818 supported := tr_Supported(superset("path", "sec-agree")));
819 var charstring sip_expect_str := log2str(exp_req);
820
821 [] SIP.receive(exp_req) -> value g_rx_sip_req {
822 var template (value) PDU_SIP_Response tx_resp;
823 var Via via;
824 var CallidString sip_call_id;
825 var Contact contact;
826 var template (value) From from_addr;
827 var template (value) To to_addr;
828 var template (value) CommaParam_List digestCln ;
829 var template (value) WwwAuthenticate wwwAuthenticate;
830 var template (value) Security_server security_server;
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]831 var template (value) Require require := ts_Require({"sec-agree"});
832 var template (value) Supported supported := ts_Supported({"sec-agree"});
833 var template (present) Authorization authorization;
834 var integer sip_seq_nr;
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]835
836 sip_call_id := g_rx_sip_req.msgHeader.callId.callid;
837 via := g_rx_sip_req.msgHeader.via;
838 via.viaBody[0].viaParams := f_sip_param_set(via.viaBody[0].viaParams, "rport", "1234"); /* TODO: set remote src port of the REGISTER */
839 from_addr := g_rx_sip_req.msgHeader.fromField;
840 to_addr := g_rx_sip_req.msgHeader.toField;
841 sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
842
843 contact := g_rx_sip_req.msgHeader.contact;
844 f_ims_validate_register_contact(contact);
845
Pau Espin Pedrolf1963b32024-06-07 17:07:16 +0200[diff] [blame]846 /* Validate P-Access-Network-Info: 3GPP TS 24.229 5.1.2A.1.1
847 * "If available to the UE (as defined in the access technology specific annexes for each access technology), the UE shall
848 * insert a P-Access-Network-Info header field into any request for a dialog, any subsequent request (except CANCEL
849 * requests) or response (except CANCEL responses) within a dialog or any request for a standalone method (see
850 * subclause 7.2A.4). Insertion of the P-Access-Network-Info header field into the ACK request is optional."
851 */
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]852 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := true);
853
Pau Espin Pedrolf1963b32024-06-07 17:07:16 +0200[diff] [blame]854
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]855 /* Tx 100 Tyring */
856 tx_resp := ts_SIP_Response_Trying(sip_call_id,
857 from_addr,
858 to_addr,
859 via,
860 sip_seq_nr,
861 "REGISTER",
862 allow := omit,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]863 server := g_pars.server_name,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]864 userAgent := omit);
865 SIP.send(tx_resp);
866
867 /* Change all Contact parameters to expires=0: */
868 for (var integer i := 0; i < lengthof(contact.contactBody.contactAddresses); i := i + 1) {
869 contact.contactBody.contactAddresses[i].contactParams := valueof({ ts_Param("expires", "0") });
870 }
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]871 g_pars.subscr.registered_contact := omit;
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]872 /* Tx 200 OK */
873 to_addr.toParams := f_sip_param_set(to_addr.toParams, "tag", f_sip_rand_tag());
874 tx_resp := ts_SIP_Response(sip_call_id,
875 from_addr,
876 to_addr,
877 "REGISTER", 200,
878 sip_seq_nr,
879 "OK",
880 via,
881 contact := contact,
882 p_associated_uri := g_pars.subscr.p_associated_uri,
883 require := require,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame]884 server := g_pars.server_name,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]885 supported := supported,
886 userAgent := omit);
887 SIP.send(tx_resp);
888 }
889 [fail_others] as_SIP_fail_resp(sip_expect_str);
890 [fail_others] as_SIP_fail_req(sip_expect_str);
891}
892
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]893function f_IMS_mt_call_setup() runs on IMS_ConnHdlr
894{
895 var template (value) PDU_SIP_Request req;
896 var template (present) PDU_SIP_Response exp;
897 var template (present) From from_addr_exp;
898 var template (present) To to_addr_exp;
899 var Via via;
900 var charstring tx_sdp := f_gen_sdp();
901 var default d_trying, d_ringing;
902 var charstring branch_value;
903 var Contact calling_contact;
904
905 /* RFC 3261 8.1.1.3 From */
906 g_pars.subscr.cp.from_addr := valueof(ts_From(g_pars.subscr.cp.calling.addr, g_pars.subscr.cp.calling.params));
907 g_pars.subscr.cp.from_addr.fromParams := f_sip_param_set(g_pars.subscr.cp.from_addr.fromParams, "tag", f_sip_rand_tag());
908 g_pars.subscr.cp.to_addr := valueof(ts_To(g_pars.subscr.cp.called.addr, g_pars.subscr.cp.called.params));
909 from_addr_exp := tr_From(tr_Addr_Union_from_val(g_pars.subscr.cp.from_addr.addressField), *);
910 to_addr_exp := tr_To(tr_Addr_Union_from_val(g_pars.subscr.cp.to_addr.addressField), *);
911 branch_value := f_sip_gen_branch(f_sip_Addr_Union_to_str(g_pars.subscr.cp.from_addr.addressField),
912 f_sip_Addr_Union_to_str(valueof(g_pars.subscr.cp.to_addr.addressField)),
913 g_pars.subscr.cp.sip_call_id,
914 g_pars.subscr.cp.sip_seq_nr);
915 via := g_pars.local_via;
916 via.viaBody[0].viaParams := f_sip_param_set(via.viaBody[0].viaParams, "branch", branch_value);
917
918 calling_contact := valueof(ts_Contact({
919 ts_ContactAddress(g_pars.subscr.cp.calling.addr, omit)
920 }));
921
922 req := ts_SIP_INVITE(g_pars.subscr.cp.sip_call_id,
923 g_pars.subscr.cp.from_addr,
924 g_pars.subscr.cp.to_addr,
925 via,
926 calling_contact,
927 g_pars.subscr.cp.sip_seq_nr,
928 body := tx_sdp);
929
930 SIP.send(req);
931
932 /* Conditionally match and accept 100 Trying. */
933 exp := tr_SIP_Response_Trying(g_pars.subscr.cp.sip_call_id,
934 from_addr_exp,
935 to_addr_exp,
936 f_tr_Via_response(via),
937 g_pars.subscr.cp.sip_seq_nr, "INVITE");
938 d_trying := activate(as_SIP_ignore_resp(exp));
939
940 /* Conditionally match and accept 180 Ringing */
941 exp := tr_SIP_Response_Ringing(g_pars.subscr.cp.sip_call_id,
942 from_addr_exp,
943 to_addr_exp,
944 f_tr_Via_response(via),
945 g_pars.subscr.cp.sip_seq_nr, "INVITE");
946 d_ringing := activate(as_SIP_ignore_resp(exp));
947
948 /* Wait for OK answer */
949 exp := tr_SIP_Response(
950 g_pars.subscr.cp.sip_call_id,
951 from_addr_exp,
952 to_addr_exp,
953 f_tr_Via_response(via),
954 *,
955 "INVITE", 200,
956 g_pars.subscr.cp.sip_seq_nr, "OK",
957 body := ?);
958 as_SIP_expect_resp(exp, fail_others := false);
959
960 deactivate(d_trying);
961 deactivate(d_ringing);
962
963 /* Update To with the tags received from peer: */
964 g_pars.subscr.cp.to_addr := g_rx_sip_resp.msgHeader.toField;
965
966 /* Transmit ACK */
967 g_pars.subscr.cp.sip_seq_nr := g_pars.subscr.cp.sip_seq_nr + 1;
968 req := ts_SIP_ACK(g_pars.subscr.cp.sip_call_id,
969 g_pars.subscr.cp.from_addr,
970 g_pars.subscr.cp.to_addr,
971 via,
972 g_pars.subscr.cp.sip_seq_nr,
973 omit);
974 SIP.send(req);
975 g_pars.subscr.cp.sip_seq_nr := g_pars.subscr.cp.sip_seq_nr + 1;
976}
977
978/* Tx BYE: */
979function f_IMS_do_call_hangup() runs on IMS_ConnHdlr
980{
981 var template (value) PDU_SIP_Request req;
982 var template (present) PDU_SIP_Response exp_resp;
983 var Via via;
984 var charstring branch_value;
985
986 branch_value := f_sip_gen_branch(f_sip_Addr_Union_to_str(g_pars.subscr.cp.from_addr.addressField),
987 f_sip_Addr_Union_to_str(valueof(g_pars.subscr.cp.to_addr.addressField)),
988 g_pars.subscr.cp.sip_call_id,
989 g_pars.subscr.cp.sip_seq_nr);
990
991 via := g_pars.local_via;
992 via.viaBody[0].viaParams := f_sip_param_set(via.viaBody[0].viaParams, "branch", branch_value);
993
994 /* Transmit ACK */
995 req := ts_SIP_BYE(g_pars.subscr.cp.sip_call_id,
996 g_pars.subscr.cp.from_addr,
997 g_pars.subscr.cp.to_addr,
998 via,
999 g_pars.subscr.cp.sip_seq_nr,
1000 omit);
1001 SIP.send(req);
1002
1003 /* Wait for OK answer */
1004 exp_resp := tr_SIP_Response(
1005 g_pars.subscr.cp.sip_call_id,
1006 g_pars.subscr.cp.from_addr,
1007 tr_To(tr_Addr_Union_from_val(g_pars.subscr.cp.to_addr.addressField), *),
1008 f_tr_Via_response(via),
1009 *,
1010 "BYE", 200,
1011 g_pars.subscr.cp.sip_seq_nr, "OK");
1012 as_SIP_expect_resp(exp_resp);
1013
1014 g_pars.subscr.cp.sip_seq_nr := g_pars.subscr.cp.sip_seq_nr + 1;
1015}
1016
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]1017private function f_ConnHdlr_parse_initial_SIP_INVITE(PDU_SIP_Request rx_sip_req) runs on IMS_ConnHdlr
1018{
1019 f_SDP_decodeMessage(rx_sip_req.messageBody, g_pars.subscr.cp.peer_sdp);
1020 log("Rx Initial MO INVITE decoded SDP: ", g_pars.subscr.cp.peer_sdp);
1021
1022 /* Obtain params: */
1023 g_pars.subscr.cp.sip_call_id := rx_sip_req.msgHeader.callId.callid;
1024 g_pars.subscr.cp.from_addr := rx_sip_req.msgHeader.fromField;
1025 g_pars.subscr.cp.to_addr := rx_sip_req.msgHeader.toField;
1026 g_pars.subscr.cp.to_addr.toParams := f_sip_param_set(g_pars.subscr.cp.to_addr.toParams, "tag", f_sip_rand_tag());
1027 g_pars.subscr.cp.sip_seq_nr := rx_sip_req.msgHeader.cSeq.seqNumber;
1028}
1029
1030/* Peer is calling us, accept it: */
1031altstep as_IMS_mo_call_accept(boolean exp_update_to_direct_rtp := false,
1032 boolean fail_others := true) runs on IMS_ConnHdlr
1033{
1034 var template (present) PDU_SIP_Request exp_req :=
1035 tr_SIP_INVITE(f_tr_SipUrl_opt_defport(ts_SipUrl_from_Addr_Union(g_pars.subscr.cp.called.addr)),
1036 ?,
Pau Espin Pedrol09087012024-06-04 18:07:48 +0200[diff] [blame]1037 tr_From(tr_Addr_Union_from_val(g_pars.subscr.cp.calling.addr), *),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]1038 tr_To(tr_Addr_Union_from_val(g_pars.subscr.cp.called.addr), *),
Pau Espin Pedrol480b53c2024-06-07 19:49:02 +0200[diff] [blame]1039 tr_Via_from(f_tr_HostPort(g_pars.subscr.remote_sip_host, g_pars.subscr.ipsec_remote_port_s)),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]1040 ?, ?);
1041 var charstring sip_expect_str := log2str(exp_req);
1042
1043 [] SIP.receive(exp_req) -> value g_rx_sip_req {
1044 var template (value) PDU_SIP_Response tx_resp;
1045 var Via via;
1046 var charstring tx_sdp;
1047
1048 /* Obtain params: */
1049 f_ConnHdlr_parse_initial_SIP_INVITE(g_rx_sip_req);
1050 via := g_rx_sip_req.msgHeader.via;
1051
Pau Espin Pedrolf1963b32024-06-07 17:07:16 +0200[diff] [blame]1052 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := true);
1053
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]1054
1055 /* Tx 180 Ringing */
1056 tx_resp := ts_SIP_Response_Ringing(g_pars.subscr.cp.sip_call_id,
1057 g_pars.subscr.cp.from_addr,
1058 g_pars.subscr.cp.to_addr,
1059 via,
1060 g_pars.subscr.cp.sip_seq_nr);
1061 SIP.send(tx_resp);
1062
1063 /* Tx 200 OK */
1064 tx_sdp := f_gen_sdp();
1065 tx_resp := ts_SIP_Response(g_pars.subscr.cp.sip_call_id,
1066 g_pars.subscr.cp.from_addr,
1067 g_pars.subscr.cp.to_addr,
1068 "INVITE", 200,
1069 g_pars.subscr.cp.sip_seq_nr,
1070 "OK",
1071 via,
1072 body := tx_sdp);
1073 SIP.send(tx_resp);
1074
1075 /* Wait for ACK */
1076 exp_req := tr_SIP_ACK(f_tr_SipUrl_opt_defport(ts_SipUrl_from_Addr_Union(g_pars.subscr.cp.called.addr)),
1077 g_pars.subscr.cp.sip_call_id,
1078 g_pars.subscr.cp.from_addr,
1079 g_pars.subscr.cp.to_addr,
1080 f_tr_Via_response(via),
1081 g_pars.subscr.cp.sip_seq_nr, *);
1082 as_SIP_expect_req(exp_req);
1083 }
1084 [fail_others] as_SIP_fail_resp(sip_expect_str);
1085 [fail_others] as_SIP_fail_req(sip_expect_str);
1086
1087}
1088
1089/* Call is terminated by peer: */
1090altstep as_IMS_exp_call_hangup(template (present) integer exp_seq_nr := ?, boolean fail_others := true) runs on IMS_ConnHdlr
1091{
1092 var template (present) PDU_SIP_Request exp_req :=
1093 tr_SIP_BYE(f_tr_SipUrl_opt_defport(ts_SipUrl_from_Addr_Union(g_pars.subscr.cp.called.addr)),
1094 g_pars.subscr.cp.sip_call_id,
1095 g_pars.subscr.cp.from_addr,
1096 g_pars.subscr.cp.to_addr,
Pau Espin Pedrol480b53c2024-06-07 19:49:02 +0200[diff] [blame]1097 tr_Via_from(f_tr_HostPort(g_pars.subscr.remote_sip_host, g_pars.subscr.ipsec_remote_port_s)),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]1098 exp_seq_nr);
1099 var charstring sip_expect_str := log2str(exp_req);
1100
1101 [] SIP.receive(exp_req) -> value g_rx_sip_req {
1102 var template (value) PDU_SIP_Response tx_resp;
1103 var charstring tx_sdp;
1104 var Via via;
1105
1106 /* Update parameters: */
1107 g_pars.subscr.cp.sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
1108 /* "branch" has changed: */
1109 via := g_rx_sip_req.msgHeader.via;
1110
1111 /* Tx 200 OK */
1112 tx_sdp := f_gen_sdp();
1113 tx_resp := ts_SIP_Response(g_pars.subscr.cp.sip_call_id,
1114 g_pars.subscr.cp.from_addr,
1115 g_pars.subscr.cp.to_addr,
1116 "BYE", 200,
1117 g_pars.subscr.cp.sip_seq_nr,
1118 "OK",
1119 via,
1120 body := tx_sdp);
1121 SIP.send(tx_resp);
1122 }
1123 [fail_others] as_SIP_fail_resp(sip_expect_str);
1124 [fail_others] as_SIP_fail_req(sip_expect_str);
1125}
1126
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]1127}