Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-ttcn3-hacks / 8e1bdd41b598639ed732694f7fbe11232a75cc7d / . / asterisk / IMS_ConnectionHandler.ttcn
blob: 7b26980d337af60e9591933b965111233c3dd491 [file] [log] [blame]
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]1/* Component implementing a IMS server towards Asterisk's IMS UE
2 * (C) 2024 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
3 * Author: Pau Espin Pedrol <pespin@sysmocom.de>
4 * All rights reserved.
5 *
6 * Released under the terms of GNU General Public License, Version 2 or
7 * (at your option) any later version.
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11module IMS_ConnectionHandler {
12
Pau Espin Pedrol717379f2024-05-17 18:36:51 +0200[diff] [blame]13import from TCCEncoding_Functions all;
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]14import from TCCOpenSecurity_Functions all;
15import from General_Types all;
16import from Osmocom_Types all;
17import from Native_Functions all;
18import from Misc_Helpers all;
19
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]20/* the PIPE asp port allows us to interact with ip xfrm via stdin/stdout */
21import from PIPEasp_PortType all;
22import from PIPEasp_Types all;
23import from PIPEasp_Templates all;
24
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]25import from SDP_Types all;
26import from SDP_Templates all;
27
28import from SIP_Emulation all;
29import from SIPmsg_Types all;
30import from SIP_Templates all;
31
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]32
33modulepar {
34 charstring mp_ipsec_setup_script_path := "./IMS_ipsec_setup.sh";
35}
36
Pau Espin Pedrolcb0dbf92024-06-06 20:40:30 +0200[diff] [blame]37const integer c_def_expires := 600000; /* 3GPP TS 24.229 5.1.1.2.1 e) */
Pau Espin Pedrola2424b22024-06-10 20:23:13 +0200[diff] [blame]38const charstring c_sip_server_name := "osmo-ttcn3-hacks/0.23";
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]39
40
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]41type port IMSCoord_PT message
42{
43 inout charstring;
44} with { extension "internal" };
45
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]46const charstring IMS_COORD_CMD_REGISTERED := "IMS_COORD_CMD_REGISTERED";
47const charstring IMS_COORD_CMD_START := "IMS_COORD_CMD_START";
48const charstring IMS_COORD_CMD_CALL_ESTABLISHED := "IMS_COORD_CMD_CALL_ESTABLISHED";
49const charstring IMS_COORD_CMD_HANGUP := "IMS_COORD_CMD_HANGUP";
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]50
51type component IMS_ConnHdlr extends SIP_ConnHdlr {
52 var charstring g_name;
53 var IMS_ConnHdlrPars g_pars;
54 timer g_Tguard;
55 var PDU_SIP_Request g_rx_sip_req;
56 var PDU_SIP_Response g_rx_sip_resp;
57
58 port IMSCoord_PT COORD;
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]59 port PIPEasp_PT PIPE;
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]60}
61type record of IMS_ConnHdlr IMS_ConnHdlrList;
62
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]63type record IMS_AuthVector {
64 OCT16 rand,
65 OCT16 autn,
66 OCT8 res,
67 OCT16 ck,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]68 OCT16 ik,
69 OCT14 auts
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]70}
71
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]72type record IMS_ConnHdlrSubscrPars {
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]73 charstring remote_sip_host optional,
74 uint16_t remote_sip_port optional,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]75 charstring imsi,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]76 charstring display_name,
77 charstring password,
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]78 charstring msisdn,
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]79 /* Expected User-Location-Info in P-Access-Network-Info */
80 charstring uli_str,
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]81 IMS_AuthVector auth,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]82 charstring ipsec_auth_key,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]83 integer ipsec_local_spi_c,
84 integer ipsec_local_spi_s,
85 integer ipsec_remote_spi_c optional,
86 integer ipsec_remote_spi_s optional,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]87 uint16_t ipsec_remote_port_c optional,
88 uint16_t ipsec_remote_port_s optional,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]89 SipAddr registrar_sip_record,
90 CallidString registrar_sip_call_id,
91 integer registrar_sip_seq_nr,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]92 SipUrl local_sip_url_ext,
93 SipAddr local_sip_record,
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]94 Contact registered_contact optional,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]95 P_Associated_Uri p_associated_uri,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]96 IMS_CallPars cp optional
97}
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]98type record of IMS_ConnHdlrSubscrPars IMS_ConnHdlrSubscrParsList;
99
100
101type record IMS_ConnHdlrPars {
102 float t_guard,
103 charstring realm,
104 charstring local_sip_host,
105 uint16_t local_sip_port,
106 SipUrl registrar_sip_req_uri,
107 Via local_via,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]108 Server server_name,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]109 IMS_ConnHdlrSubscrPars subscr optional
110}
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]111type record of IMS_ConnHdlrPars IMS_ConnHdlrParsList;
112
113type record IMS_CallParsMT {
114 /* Whether to wait for COORD.receive(COORD_CMD_PICKUP) before accepting the call. */
115 boolean wait_coord_cmd_pickup,
116 /* Whether to expect CANCEL instead of ACK as answer to our OK */
117 boolean exp_cancel
118}
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]119template (value) IMS_CallParsMT t_IMS_CallParsMT := {
120 wait_coord_cmd_pickup := false,
121 exp_cancel := false
122}
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]123
124type record IMS_CallPars {
125 SipAddr calling optional,
126 SipAddr called optional,
127
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]128 From from_addr optional,
129 To to_addr optional,
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]130
131 CallidString sip_call_id,
132 integer sip_seq_nr,
133 charstring sip_body optional,
134
135 charstring local_rtp_addr,
136 uint16_t local_rtp_port,
137
138 SDP_Message peer_sdp optional,
139 IMS_CallParsMT mt
140}
141
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]142template (value) IMS_CallPars t_IMS_CallPars(charstring local_rtp_addr,
143 uint16_t local_rtp_port := 0,
144 template (omit) SipAddr calling := omit,
145 template (omit) SipAddr called := omit) := {
146 calling := calling,
147 called := called,
148 from_addr := omit,
149 to_addr := omit,
150 sip_call_id := hex2str(f_rnd_hexstring(15)),
151 sip_seq_nr := f_sip_rand_seq_nr(),
152 sip_body := omit,
153 local_rtp_addr := local_rtp_addr,
154 local_rtp_port := local_rtp_port,
155 peer_sdp := omit,
156 mt := t_IMS_CallParsMT
157}
158
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]159template (value) IMS_ConnHdlrSubscrPars t_IMS_SubscrPars(charstring local_sip_host,
160 uint16_t local_sip_port,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]161 charstring domain,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]162 charstring imsi,
163 charstring msisdn := "90828",
164 charstring display_name := "Anonymous",
165 charstring password := "secret",
166 template (omit) IMS_CallPars cp := omit) := {
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]167 remote_sip_host := omit,
168 remote_sip_port := omit,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]169 imsi := imsi,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]170 display_name := f_sip_str_quote(display_name),
171 password := password,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]172 msisdn := msisdn,
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]173 uli_str := "2380100010000101",
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]174 auth := {
175 /* The Nonce field is the Base64 encoded version of the RAND value and concatenated with the AUTN: */
176 rand := 'd5d5de2bce418d7865ed7fa6956618a2'O,
177 autn := 'd42e61db5f15800067393a5b7691a227'O,
178 res := '6f2556bbe4366ab1'O,
179 ck := '0b389d08c833991734936bec55cac800'O,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]180 ik := '17141862125bd30c81c4224391a0909a'O,
181 /* NOTE: AUTS value randomly crafted. It's fine since it's just forwarded
182 * AMI -> asterisk -> IMS and we blindly match and accept it. */
183 auts := 'd42e61db5f15800067393a5b7691'O
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]184 },
185 ipsec_auth_key := "0x17141862125bd30c81c4224391a0909a00000000",
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]186 ipsec_local_spi_c := 4142,
187 ipsec_local_spi_s := 4143,
188 ipsec_remote_spi_c := omit,
189 ipsec_remote_spi_s := omit,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]190 ipsec_remote_port_c := omit,
191 ipsec_remote_port_s := omit,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]192 registrar_sip_record := ts_SipAddr(ts_HostPort(domain),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]193 ts_UserInfo(imsi),
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]194 f_sip_str_quote(display_name)),
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]195 registrar_sip_call_id := hex2str(f_rnd_hexstring(15)) & "@" & domain,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]196 registrar_sip_seq_nr := f_sip_rand_seq_nr(),
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]197 local_sip_url_ext := ts_SipUrl(ts_HostPort(domain, local_sip_port),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]198 ts_UserInfo(imsi)),
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]199 local_sip_record := ts_SipAddr(ts_HostPort(domain),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]200 ts_UserInfo(imsi)),
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]201 registered_contact := omit,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]202 p_associated_uri := ts_P_Associated_Uri({}),
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]203 cp := cp
204}
205
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]206template (value) IMS_ConnHdlrPars t_IMS_Pars(charstring local_sip_host,
207 uint16_t local_sip_port,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]208 charstring domain,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]209 charstring imsi,
210 template (omit) IMS_CallPars cp := omit) := {
211 t_guard := 30.0,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]212 realm := domain,
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]213 local_sip_host := local_sip_host,
214 local_sip_port := local_sip_port,
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]215 registrar_sip_req_uri := valueof(ts_SipUrlHost(domain)),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]216 local_via := ts_Via_from(ts_HostPort(local_sip_host, local_sip_port)),
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]217 server_name := valueof(ts_Server({c_sip_server_name})),
Pau Espin Pedrolf46132e2024-06-04 17:11:59 +0200[diff] [blame]218 subscr := t_IMS_SubscrPars(local_sip_host, local_sip_port, domain := domain, imsi := imsi, cp := cp)
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]219}
220
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]221private altstep as_Tguard() runs on IMS_ConnHdlr {
222 [] g_Tguard.timeout {
223 setverdict(fail, "Tguard timeout");
224 mtc.stop;
225 }
226}
227
228type function ims_void_fn(charstring id) runs on IMS_ConnHdlr;
229function f_ims_handler_init(ims_void_fn fn, charstring id, IMS_ConnHdlrPars pars)
230runs on IMS_ConnHdlr {
231 g_name := id;
232 g_pars := pars;
233 g_Tguard.start(pars.t_guard);
234 activate(as_Tguard());
235
236 /* call the user-supied test case function */
237 fn.apply(id);
238}
239
240private altstep as_SIP_fail_req(charstring exp_msg_str := "") runs on IMS_ConnHdlr
241{
242 var PDU_SIP_Request sip_req;
243 [] SIP.receive(PDU_SIP_Request:?) -> value sip_req {
244 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
245 log2str(g_name & ": Received unexpected SIP Req message := ", sip_req, "\nvs exp := ", exp_msg_str));
246 }
247}
248
249private altstep as_SIP_fail_resp(charstring exp_msg_str := "") runs on IMS_ConnHdlr
250{
251 var PDU_SIP_Response sip_resp;
252 [] SIP.receive(PDU_SIP_Response:?) -> value sip_resp {
253 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
254 log2str(g_name & ": Received unexpected SIP Resp message := ", sip_resp, "\nvs exp := ", exp_msg_str));
255 }
256}
257
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]258altstep as_SIP_expect_resp(template (present) PDU_SIP_Response sip_expect, boolean fail_others := true) runs on IMS_ConnHdlr
259{
260 var charstring sip_expect_str := log2str(sip_expect);
261 [] SIP.receive(sip_expect) -> value g_rx_sip_resp;
262 [fail_others] as_SIP_fail_resp(sip_expect_str);
263 [fail_others] as_SIP_fail_req(sip_expect_str);
264}
265
266altstep as_SIP_ignore_resp(template PDU_SIP_Response sip_expect := ?) runs on IMS_ConnHdlr
267{
268 [] SIP.receive(sip_expect) -> value g_rx_sip_resp {
269 log("Ignoring ", g_rx_sip_resp);
270 repeat;
271 }
272}
273
Pau Espin Pedrol717379f2024-05-17 18:36:51 +0200[diff] [blame]274private function f_nonce_from_rand_autn(octetstring rand, octetstring autn) return charstring {
275 var octetstring concat := rand & autn;
276 var charstring nonce := enc_MIME_Base64(concat);
277 log("rand=", rand, " & autn=",autn, " => nonce=", nonce);
278 return nonce;
279}
280
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]281/* HTTP Digest Authentication Using AKA (AKAv1-MD5): RFC 3310 */
282function f_tr_Authorization_AKAv1MD5(WwwAuthenticate www_authenticate,
283 charstring username,
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]284 charstring uri)
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]285return template (present) Authorization {
286 var CommaParam_List digestCln;
287 var template (present) Authorization authorization;
288 var template (present) Credentials cred;
289 var template (omit) GenericParam rx_param;
290
291 digestCln := www_authenticate.challenge[0].digestCln;
292
293 var charstring algorithm := f_sip_param_get_value_present_or_fail(digestCln, "algorithm");
294 var charstring realm := f_sip_param_get_value_present_or_fail(digestCln, "realm");
295 var charstring nonce := f_sip_param_get_value_present_or_fail(digestCln, "nonce");
296
297 var template (present) CommaParam_List digestResponse := superset(
298 tr_Param("username", f_sip_str_quote(username)),
299 tr_Param("realm", f_sip_str_quote(realm)),
300 tr_Param("nonce", f_sip_str_quote(nonce)),
301 tr_Param("uri", f_sip_str_quote(uri)),
302 tr_Param("response", ?),
303 tr_Param("algorithm", algorithm),
304 tr_Param("qop", "auth"),
305 tr_Param("cnonce", ?),
306 tr_Param("nc", ?)
307 );
308 cred := tr_Credentials_DigestResponse(digestResponse);
309 authorization := tr_Authorization(cred);
310 return authorization;
311}
312
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]313private function f_ims_validate_Authorization_AKAv1MD5_Response(Authorization authorization, charstring method)
314runs on IMS_ConnHdlr {
315 f_sip_digest_validate_Authorization_AKAv1MD5(authorization, method, g_pars.subscr.auth.res);
316}
317
318
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]319private function f_ims_validate_register_contact(Contact rx_contact)
320{
321/* IMS contact shows up like this:
322 * Contact: <sip:8adf9f3d-9342-4060-aa4f-a909f37fd6f6@192.168.101.2:5060>;+g.3gpp.accesstype="cellular2";video;audio;+g.3gpp.smsip;+g.3gpp.nw-init-ussi;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel";+sip.instance="<urn:gsma:imei:35589811-338445-0>"
323 */
324 /* TODO: "that the UE must include the IMS Communication Service Identifier (ICSI)
325in the contact: header to indicate IMS Multimedia Telephony." */
326 /* TODO: "The UE must include an IMEI URN in the +sip.instance header field
327parameter of the contact: header." */
328 /* TODO: "If the UE supports SMS over IP, it must include the feature tag
329“+g.3gpp.smsip” in the contact: header." */
330 /* TODO: "If the UE supports conversational audio and video service, then this must
331be indicated by adding a “video” media feature tag to the contact: header." */
332}
333
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]334/* Validate P-Access-Network-Info: RFC7315 6.4 */
335private function f_ims_validate_register_P_Access_Network_info(PDU_SIP_Request req,
336 boolean exp_present := true) runs on IMS_ConnHdlr
337
338{
339 if (not exp_present) {
340 if (ispresent(g_rx_sip_req.msgHeader.p_access_network_info)) {
341 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
342 log2str(g_name & ": Received unexpected [rfc7315 6.4] P-Access-Info := ",
343 g_rx_sip_req.msgHeader.p_access_network_info));
344 }
345 return;
346 }
347
348 /* exp_present: */
349 var template (present) P_Access_Network_Info expl_tmpl :=
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]350 tr_P_Access_Network_Info({ tr_Access_net_spec_EUTRAN(g_pars.subscr.uli_str) });
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]351
352 if (not ispresent(g_rx_sip_req.msgHeader.p_access_network_info)) {
353 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
354 log2str(g_name & ": Received no P-Access-Info vs exp := ",
355 expl_tmpl));
356 }
357 if (not match(g_rx_sip_req.msgHeader.p_access_network_info, expl_tmpl)) {
358 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
359 log2str(g_name & ": Received unexpected P-Access-Info := ",
360 g_rx_sip_req.msgHeader.p_access_network_info,
361 "\nvs exp := ", expl_tmpl));
362 }
363}
364
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]365private function f_ims_parse_security_client(Security_client security_client) runs on IMS_ConnHdlr
366{
367 var boolean found := false;
368 for (var integer i := 0; i < lengthof(security_client.sec_mechanism_list); i := i + 1) {
369 var Security_mechanism sec_mec := security_client.sec_mechanism_list[i];
370 if (sec_mec.mechanism_name != "ipsec-3gpp") {
371 log("Skipping Security Mechansim: ", sec_mec.mechanism_name);
372 continue;
373 }
374 var SemicolonParam_List sec_pars := sec_mec.mechanism_params;
375 var charstring par_val;
376 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "alg");
377 if (par_val != "hmac-sha-1-96") {
378 log("Skipping Security Mechansim Algo: ", par_val);
379 continue;
380 }
381 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "spi-c");
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]382 g_pars.subscr.ipsec_remote_spi_c := str2int(par_val);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]383 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "spi-s");
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]384 g_pars.subscr.ipsec_remote_spi_s := str2int(par_val);
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]385 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "port-c");
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]386 g_pars.subscr.ipsec_remote_port_c := str2int(par_val);
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]387 par_val := f_sip_param_get_value_present_or_fail(sec_pars, "port-s");
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]388 g_pars.subscr.ipsec_remote_port_s := str2int(par_val);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]389 found := true;
390 break;
391 }
392
393 if (not found) {
394 Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
395 log2str(g_name & "alg=hmac-sha-1-96 not found: ", security_client));
396 }
397
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]398 log("ipsec: remote_spi_c=", g_pars.subscr.ipsec_remote_spi_c, " remote_spi_s=", g_pars.subscr.ipsec_remote_spi_s,
399 "local_spi_c=", g_pars.subscr.ipsec_local_spi_c, " local_spi_s=", g_pars.subscr.ipsec_local_spi_s);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]400}
401
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]402private function f_ims_parse_register_contact(Contact contact) runs on IMS_ConnHdlr
403{
404 var HostPort hp := valueof(contact.contactBody.contactAddresses[0].addressField.nameAddr.addrSpec.hostPort);
405
406 g_pars.subscr.remote_sip_host := hp.host;
407 if (ispresent(hp.portField)) {
408 g_pars.subscr.remote_sip_port := hp.portField;
409 } else {
410 g_pars.subscr.remote_sip_port := 5060;
411 }
412}
413
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]414private function f_IMS_exec_sync(charstring cmdline, template (present) integer rc := 0)
415 runs on IMS_ConnHdlr return ASP_PResult {
416 var ASP_PResult res;
417
418 map(self:PIPE, system:PIPE);
419 res := f_PIPEasp_exec_sync_PResult(PIPE, cmdline, tr_PResult(?, ?, rc));
420 unmap(self:PIPE, system:PIPE);
421
422 return res;
423}
424
425private function f_ims_setup_ipsec() runs on IMS_ConnHdlr
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]426{
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]427 var ASP_PResult res;
428
429 var charstring cmd := mp_ipsec_setup_script_path & " " &
430 g_pars.local_sip_host & " " &
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]431 int2str(g_pars.local_sip_port) & " " & int2str(g_pars.subscr.ipsec_local_spi_c) & " " &
432 int2str(g_pars.local_sip_port) & " " & int2str(g_pars.subscr.ipsec_local_spi_s) & " " &
433 g_pars.subscr.remote_sip_host & " " &
434 int2str(g_pars.subscr.ipsec_remote_port_c) & " " & int2str(g_pars.subscr.ipsec_remote_spi_c) & " " &
435 int2str(g_pars.subscr.ipsec_remote_port_s) & " " & int2str(g_pars.subscr.ipsec_remote_spi_s) & " " &
436 g_pars.subscr.ipsec_auth_key;
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]437
438 res := f_IMS_exec_sync(cmd);
439
440 /* Debug applied rules: */
441 /*
442 res := f_IMS_exec_sync("ip xfrm state");
443 log("ip-xfrm-state Result-Stdout: " & res.stdout);
444
445 res := f_IMS_exec_sync("ip xfrm policy");
446 log("ip-xfrm-policy Result-Stdout: " & res.stdout);
447 */
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]448}
449
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]450private function f_tr_Via_response(Via via_req) return template (present) Via {
451 template (present) SemicolonParam_List via_resp_params := ?;
452
453 /*via_resp_params := {
454 { id := "rport", paramValue := int2str(g_pars.subscr.remote_sip_port.subscr.remote_sip_port) },
455 { id := "received", paramValue := g_pars.subscr.remote_sip_host }
456 }; */
457 return tr_Via_from(via_req.viaBody[0].sentBy,
458 via_req.viaBody[0].sentProtocol.transport,
459 via_resp_params);
460}
461
462private function f_tr_From(template (value) SipAddr from_req) return template (present) SipAddr {
463 return tr_SipAddr_from_val(from_req);
464}
465
466private altstep as_SIP_expect_req(template (present) PDU_SIP_Request sip_expect, boolean fail_others := true) runs on IMS_ConnHdlr
467{
468 var charstring sip_expect_str := log2str(sip_expect);
469 [] SIP.receive(sip_expect) -> value g_rx_sip_req;
470 [fail_others] as_SIP_fail_req(sip_expect_str);
471 [fail_others] as_SIP_fail_resp(sip_expect_str);
472}
473
474private function f_gen_sdp() runs on IMS_ConnHdlr return charstring {
475 var charstring sdp :=
476 "v=0\r\n" &
477 "o=0502 2390 1824 IN IP4 " & g_pars.subscr.cp.local_rtp_addr & "\r\n" &
478 "s=Talk\r\n" &
479 "c=IN IP4 " & g_pars.subscr.cp.local_rtp_addr & "\r\n" &
480 "t=0 0\r\n" &
481 "a=rtcp-xr:rcvr-rtt=all:10000 stat-summary=loss,dup,jitt,TTL voip-metrics\r\n" &
482 "a=record:off\r\n" &
483 "m=audio " & int2str(g_pars.subscr.cp.local_rtp_port) & " RTP/AVP 8 96 97 98 0 18 99 100 101\r\n" &
484 "a=rtpmap:8 PCMA/8000\r\n" &
485 "a=rtpmap:96 opus/48000/2\r\n" &
486 "a=fmtp:96 useinbandfec=1\r\n" &
487 "a=rtpmap:97 speex/16000\r\n" &
488 "a=fmtp:97 vbr=on\r\n" &
489 "a=rtpmap:98 speex/8000\r\n" &
490 "a=fmtp:98 vbr=on\r\n" &
491 "a=fmtp:18 annexb=yes\r\n" &
492 "a=rtpmap:99 telephone-event/48000\r\n" &
493 "a=rtpmap:100 telephone-event/16000\r\n" &
494 "a=rtpmap:101 telephone-event/8000\r\n" &
495 "a=rtcp:" & int2str(g_pars.subscr.cp.local_rtp_port + 1) & "\r\n" &
496 "a=rtcp-fb:* trr-int 1000\r\n" &
497 "a=rtcp-fb:* ccm tmmbr\r\n";
498 return sdp;
499}
500
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]501private function f_gen_Security_server() runs on IMS_ConnHdlr return Security_server {
502 var template (value) Security_server security_server;
503 /* Security-Server: ipsec-3gpp;q=0.1;prot=esp;mod=trans;spi-c=4096;spi-s=4097;port-c=5104;port-s=6104;alg=hmac-sha-1-96;ealg=null */
504 var template (value) SemicolonParam_List sec_params := {
505 ts_Param("q", "0.1"),
506 ts_Param("prot", "esp"),
507 ts_Param("mod", "trans"),
508 ts_Param("spi-c", int2str(g_pars.subscr.ipsec_local_spi_c)),
509 ts_Param("spi-s", int2str(g_pars.subscr.ipsec_local_spi_s)),
510 ts_Param("port-c", int2str(g_pars.local_sip_port)),
511 ts_Param("port-s", int2str(g_pars.local_sip_port)),
512 ts_Param("alg", "hmac-sha-1-96"),
513 ts_Param("ealg", "null")
514 };
515 security_server := ts_Security_server({
516 ts_Security_mechanism("ipsec-3gpp", sec_params)
517 });
518 return valueof(security_server);
519}
520
521private function f_gen_WwwAuthenticate() runs on IMS_ConnHdlr return WwwAuthenticate {
522 var template (value) WwwAuthenticate wwwAuthenticate;
523 var template (value) CommaParam_List digestCln;
524 digestCln := {
525 ts_Param("realm", f_sip_str_quote(g_pars.realm)),
526 ts_Param("qop", f_sip_str_quote("auth")),
527 ts_Param("algorithm", "AKAv1-MD5"),
528 ts_Param("nonce", f_sip_str_quote(f_nonce_from_rand_autn(g_pars.subscr.auth.rand,
529 g_pars.subscr.auth.autn)))
530 /* "opaque not needed in IMS "*/
531 };
532 wwwAuthenticate := ts_WwwAuthenticate( { ts_Challenge_digestCln(digestCln) } );
533 return valueof(wwwAuthenticate);
534}
535
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]536/* Peer is issuing 1st register, accept it: */
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]537altstep as_IMS_register(boolean exp_auth_resync := false,
538 boolean fail_others := true) runs on IMS_ConnHdlr
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]539{
540 var template (present) PDU_SIP_Request exp_req :=
541 tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
542 ?,
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]543 tr_From(),
544 tr_To(),
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]545 tr_Via_from(?),
Pau Espin Pedrolcb0dbf92024-06-06 20:40:30 +0200[diff] [blame]546 expires := tr_Expires(int2str(c_def_expires)),
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]547 require := tr_Require(superset("sec-agree")),
548 security_client := tr_Security_client(superset(tr_Security_mechanism("ipsec-3gpp",
549 superset(tr_Param("alg","hmac-sha-1-96"))))),
550 supported := tr_Supported(superset("path", "sec-agree")));
551 var charstring sip_expect_str := log2str(exp_req);
552
553 [] SIP.receive(exp_req) -> value g_rx_sip_req {
554 var template (value) PDU_SIP_Response tx_resp;
555 var Via via;
556 var CallidString sip_call_id;
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]557 var template (value) From from_addr;
558 var template (value) To to_addr;
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]559 var WwwAuthenticate wwwAuthenticate;
560 var Security_server security_server;
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]561 var template (value) Require require := ts_Require({"sec-agree"});
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]562 var template (value) Supported supported := ts_Supported({"sec-agree"});
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]563 var integer sip_seq_nr;
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]564
565 sip_call_id := g_rx_sip_req.msgHeader.callId.callid;
566 via := g_rx_sip_req.msgHeader.via;
567 via.viaBody[0].viaParams := f_sip_param_set(via.viaBody[0].viaParams, "rport", "1234"); /* TODO: set remote src port of the REGISTER */
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]568 from_addr := g_rx_sip_req.msgHeader.fromField;
569 to_addr := g_rx_sip_req.msgHeader.toField;
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]570 sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
571
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]572 /* Tx 100 Tyring */
573 tx_resp := ts_SIP_Response_Trying(sip_call_id,
574 from_addr,
575 to_addr,
576 via,
577 sip_seq_nr,
578 "REGISTER",
579 allow := omit,
580 server := g_pars.server_name,
581 userAgent := omit);
582 SIP.send(tx_resp);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]583
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]584 /* Validate P-Access-Network-Info: rfc7315 6.4:
585 * "3GPP will use the P-Access-Network-Info header field to
586 * carry relatively sensitive information like the cell ID. Therefore,
587 * the information MUST NOT be sent outside of the 3GPP domain.""
588 * [...] "the sensitive information carried in the
589 * P-Access-Network-Info header field MUST NOT be sent in any initial
590 * unauthenticated and unprotected requests (e.g., REGISTER)."
591 */
592 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := false);
593
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]594 f_ims_validate_register_contact(g_rx_sip_req.msgHeader.contact);
595 f_ims_parse_register_contact(g_rx_sip_req.msgHeader.contact);
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]596 f_ims_parse_security_client(g_rx_sip_req.msgHeader.security_client);
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]597
598 if (not exp_auth_resync) {
599 /* Delay ipsec setup in ip xfrm, since there will be another
600 * 1st REGISTER with potentially new ports coming in later. */
601 f_ims_setup_ipsec();
602 }
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]603
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]604 to_addr.toParams := f_sip_param_set(to_addr.toParams, "tag", f_sip_rand_tag());
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]605 wwwAuthenticate := f_gen_WwwAuthenticate();
606 security_server := f_gen_Security_server();
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]607
608 /* Tx 401 Unauthorized */
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]609 tx_resp := ts_SIP_Response_Unauthorized(sip_call_id,
610 from_addr,
611 to_addr,
612 via,
613 wwwAuthenticate,
614 sip_seq_nr,
615 "REGISTER",
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]616 p_associated_uri := g_pars.subscr.p_associated_uri,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]617 security_server := security_server,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]618 server := g_pars.server_name,
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]619 supported := supported,
620 userAgent := omit);
621 SIP.send(tx_resp);
622
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]623 if (exp_auth_resync) {
624 /* Now we should receive a new non-protected REGISTER
625 * with Authoritzation containing auts in base64: */
626 var template (present) Authorization authorization :=
627 f_tr_Authorization_AKAv1MD5(wwwAuthenticate,
628 g_pars.subscr.imsi & "@" & g_pars.realm,
629 f_sip_SipUrl_to_str(g_pars.registrar_sip_req_uri));
630 exp_req :=
631 tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
632 ?,
633 tr_From(),
634 tr_To(),
635 tr_Via_from(f_tr_HostPort(via.viaBody[0].sentBy.host, via.viaBody[0].sentBy.portField)),
636 authorization := authorization);
637 SIP.receive(exp_req) -> value g_rx_sip_req;
638
639 via := g_rx_sip_req.msgHeader.via;
640 from_addr := g_rx_sip_req.msgHeader.fromField;
641 to_addr := g_rx_sip_req.msgHeader.toField;
642 sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
643
644 /* Tx 100 Tyring */
645 tx_resp := ts_SIP_Response_Trying(sip_call_id,
646 from_addr,
647 to_addr,
648 via,
649 sip_seq_nr,
650 "REGISTER",
651 allow := omit,
652 server := g_pars.server_name,
653 userAgent := omit);
654 SIP.send(tx_resp);
655
656 f_sip_param_match_value_or_fail(g_rx_sip_req.msgHeader.authorization.body.digestResponse,
657 "auts", f_sip_str_quote(enc_MIME_Base64(g_pars.subscr.auth.auts)));
658 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := false);
659 f_ims_validate_register_contact(g_rx_sip_req.msgHeader.contact);
660 f_ims_parse_register_contact(g_rx_sip_req.msgHeader.contact);
661 f_ims_parse_security_client(g_rx_sip_req.msgHeader.security_client);
662 f_ims_setup_ipsec();
663
664 security_server := f_gen_Security_server();
665
666 /* Tx again 401 Unauthorized, this time our AMI interface will accept it: */
667 tx_resp := ts_SIP_Response_Unauthorized(sip_call_id,
668 from_addr,
669 to_addr,
670 via,
671 wwwAuthenticate,
672 sip_seq_nr,
673 "REGISTER",
674 p_associated_uri := g_pars.subscr.p_associated_uri,
675 security_server := security_server,
676 server := g_pars.server_name,
677 supported := supported,
678 userAgent := omit);
679 SIP.send(tx_resp);
680 }
681
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]682 /* Now we should receive a new REGISTER over ipsec: */
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]683 as_IMS_2nd_register(wwwAuthenticate);
684 }
685 [fail_others] as_SIP_fail_resp(sip_expect_str);
686 [fail_others] as_SIP_fail_req(sip_expect_str);
687
688}
689
690/* Peer is issuing 2nd register, accept it: */
691altstep as_IMS_2nd_register(WwwAuthenticate wwwAuthenticate, boolean fail_others := true) runs on IMS_ConnHdlr
692{
693 var template (present) Authorization authorization :=
694 f_tr_Authorization_AKAv1MD5(wwwAuthenticate,
695 g_pars.subscr.imsi & "@" & g_pars.realm,
696 f_sip_SipUrl_to_str(g_pars.registrar_sip_req_uri));
697 var template (present) PDU_SIP_Request exp_req :=
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]698 tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
699 ?,
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]700 tr_From(),
701 tr_To(),
Pau Espin Pedrol480b53c2024-06-07 19:49:02 +0200[diff] [blame]702 tr_Via_from(f_tr_HostPort(g_pars.subscr.remote_sip_host, g_pars.subscr.ipsec_remote_port_s)),
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]703 authorization := authorization);
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]704 var charstring sip_expect_str := log2str(exp_req);
705
706 [] SIP.receive(exp_req) -> value g_rx_sip_req {
707 var template (value) PDU_SIP_Response tx_resp;
708 var Via via;
709 var CallidString sip_call_id;
710 var template (value) From from_addr;
711 var template (value) To to_addr;
712 var template (value) Require require := ts_Require({"sec-agree"});
713 var template (value) Supported supported := ts_Supported({"sec-agree"});
714 var integer sip_seq_nr;
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]715
716 sip_call_id := g_rx_sip_req.msgHeader.callId.callid;
717 via := g_rx_sip_req.msgHeader.via;
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]718 from_addr := g_rx_sip_req.msgHeader.fromField;
719 to_addr := g_rx_sip_req.msgHeader.toField;
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]720 sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
721
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]722 /* Tx 100 Trying */
723 tx_resp := ts_SIP_Response_Trying(sip_call_id,
724 from_addr,
725 to_addr,
726 via,
727 sip_seq_nr,
728 "REGISTER",
729 allow := omit,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]730 server := g_pars.server_name,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]731 userAgent := omit);
732 SIP.send(tx_resp);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]733
Pau Espin Pedrol80b981a2024-06-04 18:37:22 +0200[diff] [blame]734 /* Validate Digest Response: */
735 f_ims_validate_Authorization_AKAv1MD5_Response(g_rx_sip_req.msgHeader.authorization, "REGISTER");
736
Pau Espin Pedrol0c5c6472024-05-21 13:13:49 +0200[diff] [blame]737 /* Validate P-Access-Network-Info: */
738 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := true);
739
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]740 g_pars.subscr.p_associated_uri := valueof(ts_P_Associated_Uri({
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]741 ts_P_Assoc_uri_spec(ts_NameAddr(ts_SipUrl(ts_HostPort(g_pars.realm),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]742 ts_UserInfo(g_pars.subscr.msisdn),
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]743 scheme := "sip"))),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]744 ts_P_Assoc_uri_spec(ts_NameAddr(ts_SipUrl(ts_HostPort(g_pars.subscr.msisdn),
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]745 omit,
746 scheme := "tel"))),
747 ts_P_Assoc_uri_spec(g_rx_sip_req.msgHeader.toField.addressField.nameAddr)
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]748 }));
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]749 f_ims_validate_register_contact(g_rx_sip_req.msgHeader.contact);
750 f_ims_parse_register_contact(g_rx_sip_req.msgHeader.contact);
751 g_pars.subscr.registered_contact := g_rx_sip_req.msgHeader.contact;
Pau Espin Pedrol4e6672c2024-05-22 17:03:53 +0200[diff] [blame]752
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]753 /* Tx 200 OK */
Pau Espin Pedrol41b0e072024-05-29 18:25:51 +0200[diff] [blame]754 to_addr.toParams := f_sip_param_set(to_addr.toParams, "tag", f_sip_rand_tag());
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]755 tx_resp := ts_SIP_Response(sip_call_id,
756 from_addr,
757 to_addr,
758 "REGISTER", 200,
759 sip_seq_nr,
760 "OK",
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]761 via,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]762 p_associated_uri := g_pars.subscr.p_associated_uri,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]763 require := require,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]764 server := g_pars.server_name,
Pau Espin Pedrola674d612024-05-14 19:56:33 +0200[diff] [blame]765 supported := supported,
766 userAgent := omit);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]767 SIP.send(tx_resp);
768 }
769 [fail_others] as_SIP_fail_resp(sip_expect_str);
770 [fail_others] as_SIP_fail_req(sip_expect_str);
Pau Espin Pedrola2812ec2024-05-10 20:30:44 +0200[diff] [blame]771}
772
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]773/* Peer wants to unregister, accept it: */
774altstep as_IMS_unregister(boolean fail_others := true) runs on IMS_ConnHdlr
775{
776 var template (present) PDU_SIP_Request exp_req :=
777 tr_SIP_REGISTER(g_pars.registrar_sip_req_uri,
778 ?,
779 tr_From(),
780 tr_To(),
Pau Espin Pedrol480b53c2024-06-07 19:49:02 +0200[diff] [blame]781 tr_Via_from(f_tr_HostPort(g_pars.subscr.remote_sip_host, g_pars.subscr.ipsec_remote_port_s)),
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]782 expires := tr_Expires(int2str(0)),
783 require := tr_Require(superset("sec-agree")),
784 security_client := tr_Security_client(superset(tr_Security_mechanism("ipsec-3gpp",
785 superset(tr_Param("alg","hmac-sha-1-96"))))),
786 supported := tr_Supported(superset("path", "sec-agree")));
787 var charstring sip_expect_str := log2str(exp_req);
788
789 [] SIP.receive(exp_req) -> value g_rx_sip_req {
790 var template (value) PDU_SIP_Response tx_resp;
791 var Via via;
792 var CallidString sip_call_id;
793 var Contact contact;
794 var template (value) From from_addr;
795 var template (value) To to_addr;
796 var template (value) CommaParam_List digestCln ;
797 var template (value) WwwAuthenticate wwwAuthenticate;
798 var template (value) Security_server security_server;
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]799 var template (value) Require require := ts_Require({"sec-agree"});
800 var template (value) Supported supported := ts_Supported({"sec-agree"});
801 var template (present) Authorization authorization;
802 var integer sip_seq_nr;
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]803
804 sip_call_id := g_rx_sip_req.msgHeader.callId.callid;
805 via := g_rx_sip_req.msgHeader.via;
806 via.viaBody[0].viaParams := f_sip_param_set(via.viaBody[0].viaParams, "rport", "1234"); /* TODO: set remote src port of the REGISTER */
807 from_addr := g_rx_sip_req.msgHeader.fromField;
808 to_addr := g_rx_sip_req.msgHeader.toField;
809 sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
810
811 contact := g_rx_sip_req.msgHeader.contact;
812 f_ims_validate_register_contact(contact);
813
Pau Espin Pedrolf1963b32024-06-07 17:07:16 +0200[diff] [blame]814 /* Validate P-Access-Network-Info: 3GPP TS 24.229 5.1.2A.1.1
815 * "If available to the UE (as defined in the access technology specific annexes for each access technology), the UE shall
816 * insert a P-Access-Network-Info header field into any request for a dialog, any subsequent request (except CANCEL
817 * requests) or response (except CANCEL responses) within a dialog or any request for a standalone method (see
818 * subclause 7.2A.4). Insertion of the P-Access-Network-Info header field into the ACK request is optional."
819 */
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]820 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := true);
821
Pau Espin Pedrolf1963b32024-06-07 17:07:16 +0200[diff] [blame]822
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]823 /* Tx 100 Tyring */
824 tx_resp := ts_SIP_Response_Trying(sip_call_id,
825 from_addr,
826 to_addr,
827 via,
828 sip_seq_nr,
829 "REGISTER",
830 allow := omit,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]831 server := g_pars.server_name,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]832 userAgent := omit);
833 SIP.send(tx_resp);
834
835 /* Change all Contact parameters to expires=0: */
836 for (var integer i := 0; i < lengthof(contact.contactBody.contactAddresses); i := i + 1) {
837 contact.contactBody.contactAddresses[i].contactParams := valueof({ ts_Param("expires", "0") });
838 }
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]839 g_pars.subscr.registered_contact := omit;
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]840 /* Tx 200 OK */
841 to_addr.toParams := f_sip_param_set(to_addr.toParams, "tag", f_sip_rand_tag());
842 tx_resp := ts_SIP_Response(sip_call_id,
843 from_addr,
844 to_addr,
845 "REGISTER", 200,
846 sip_seq_nr,
847 "OK",
848 via,
849 contact := contact,
850 p_associated_uri := g_pars.subscr.p_associated_uri,
851 require := require,
Pau Espin Pedrol8e1bdd42024-06-10 20:13:48 +0200[diff] [blame^]852 server := g_pars.server_name,
Pau Espin Pedrol586eec52024-06-04 19:07:33 +0200[diff] [blame]853 supported := supported,
854 userAgent := omit);
855 SIP.send(tx_resp);
856 }
857 [fail_others] as_SIP_fail_resp(sip_expect_str);
858 [fail_others] as_SIP_fail_req(sip_expect_str);
859}
860
Pau Espin Pedrol5acf7c62024-06-06 19:23:08 +0200[diff] [blame]861function f_IMS_mt_call_setup() runs on IMS_ConnHdlr
862{
863 var template (value) PDU_SIP_Request req;
864 var template (present) PDU_SIP_Response exp;
865 var template (present) From from_addr_exp;
866 var template (present) To to_addr_exp;
867 var Via via;
868 var charstring tx_sdp := f_gen_sdp();
869 var default d_trying, d_ringing;
870 var charstring branch_value;
871 var Contact calling_contact;
872
873 /* RFC 3261 8.1.1.3 From */
874 g_pars.subscr.cp.from_addr := valueof(ts_From(g_pars.subscr.cp.calling.addr, g_pars.subscr.cp.calling.params));
875 g_pars.subscr.cp.from_addr.fromParams := f_sip_param_set(g_pars.subscr.cp.from_addr.fromParams, "tag", f_sip_rand_tag());
876 g_pars.subscr.cp.to_addr := valueof(ts_To(g_pars.subscr.cp.called.addr, g_pars.subscr.cp.called.params));
877 from_addr_exp := tr_From(tr_Addr_Union_from_val(g_pars.subscr.cp.from_addr.addressField), *);
878 to_addr_exp := tr_To(tr_Addr_Union_from_val(g_pars.subscr.cp.to_addr.addressField), *);
879 branch_value := f_sip_gen_branch(f_sip_Addr_Union_to_str(g_pars.subscr.cp.from_addr.addressField),
880 f_sip_Addr_Union_to_str(valueof(g_pars.subscr.cp.to_addr.addressField)),
881 g_pars.subscr.cp.sip_call_id,
882 g_pars.subscr.cp.sip_seq_nr);
883 via := g_pars.local_via;
884 via.viaBody[0].viaParams := f_sip_param_set(via.viaBody[0].viaParams, "branch", branch_value);
885
886 calling_contact := valueof(ts_Contact({
887 ts_ContactAddress(g_pars.subscr.cp.calling.addr, omit)
888 }));
889
890 req := ts_SIP_INVITE(g_pars.subscr.cp.sip_call_id,
891 g_pars.subscr.cp.from_addr,
892 g_pars.subscr.cp.to_addr,
893 via,
894 calling_contact,
895 g_pars.subscr.cp.sip_seq_nr,
896 body := tx_sdp);
897
898 SIP.send(req);
899
900 /* Conditionally match and accept 100 Trying. */
901 exp := tr_SIP_Response_Trying(g_pars.subscr.cp.sip_call_id,
902 from_addr_exp,
903 to_addr_exp,
904 f_tr_Via_response(via),
905 g_pars.subscr.cp.sip_seq_nr, "INVITE");
906 d_trying := activate(as_SIP_ignore_resp(exp));
907
908 /* Conditionally match and accept 180 Ringing */
909 exp := tr_SIP_Response_Ringing(g_pars.subscr.cp.sip_call_id,
910 from_addr_exp,
911 to_addr_exp,
912 f_tr_Via_response(via),
913 g_pars.subscr.cp.sip_seq_nr, "INVITE");
914 d_ringing := activate(as_SIP_ignore_resp(exp));
915
916 /* Wait for OK answer */
917 exp := tr_SIP_Response(
918 g_pars.subscr.cp.sip_call_id,
919 from_addr_exp,
920 to_addr_exp,
921 f_tr_Via_response(via),
922 *,
923 "INVITE", 200,
924 g_pars.subscr.cp.sip_seq_nr, "OK",
925 body := ?);
926 as_SIP_expect_resp(exp, fail_others := false);
927
928 deactivate(d_trying);
929 deactivate(d_ringing);
930
931 /* Update To with the tags received from peer: */
932 g_pars.subscr.cp.to_addr := g_rx_sip_resp.msgHeader.toField;
933
934 /* Transmit ACK */
935 g_pars.subscr.cp.sip_seq_nr := g_pars.subscr.cp.sip_seq_nr + 1;
936 req := ts_SIP_ACK(g_pars.subscr.cp.sip_call_id,
937 g_pars.subscr.cp.from_addr,
938 g_pars.subscr.cp.to_addr,
939 via,
940 g_pars.subscr.cp.sip_seq_nr,
941 omit);
942 SIP.send(req);
943 g_pars.subscr.cp.sip_seq_nr := g_pars.subscr.cp.sip_seq_nr + 1;
944}
945
946/* Tx BYE: */
947function f_IMS_do_call_hangup() runs on IMS_ConnHdlr
948{
949 var template (value) PDU_SIP_Request req;
950 var template (present) PDU_SIP_Response exp_resp;
951 var Via via;
952 var charstring branch_value;
953
954 branch_value := f_sip_gen_branch(f_sip_Addr_Union_to_str(g_pars.subscr.cp.from_addr.addressField),
955 f_sip_Addr_Union_to_str(valueof(g_pars.subscr.cp.to_addr.addressField)),
956 g_pars.subscr.cp.sip_call_id,
957 g_pars.subscr.cp.sip_seq_nr);
958
959 via := g_pars.local_via;
960 via.viaBody[0].viaParams := f_sip_param_set(via.viaBody[0].viaParams, "branch", branch_value);
961
962 /* Transmit ACK */
963 req := ts_SIP_BYE(g_pars.subscr.cp.sip_call_id,
964 g_pars.subscr.cp.from_addr,
965 g_pars.subscr.cp.to_addr,
966 via,
967 g_pars.subscr.cp.sip_seq_nr,
968 omit);
969 SIP.send(req);
970
971 /* Wait for OK answer */
972 exp_resp := tr_SIP_Response(
973 g_pars.subscr.cp.sip_call_id,
974 g_pars.subscr.cp.from_addr,
975 tr_To(tr_Addr_Union_from_val(g_pars.subscr.cp.to_addr.addressField), *),
976 f_tr_Via_response(via),
977 *,
978 "BYE", 200,
979 g_pars.subscr.cp.sip_seq_nr, "OK");
980 as_SIP_expect_resp(exp_resp);
981
982 g_pars.subscr.cp.sip_seq_nr := g_pars.subscr.cp.sip_seq_nr + 1;
983}
984
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]985private function f_ConnHdlr_parse_initial_SIP_INVITE(PDU_SIP_Request rx_sip_req) runs on IMS_ConnHdlr
986{
987 f_SDP_decodeMessage(rx_sip_req.messageBody, g_pars.subscr.cp.peer_sdp);
988 log("Rx Initial MO INVITE decoded SDP: ", g_pars.subscr.cp.peer_sdp);
989
990 /* Obtain params: */
991 g_pars.subscr.cp.sip_call_id := rx_sip_req.msgHeader.callId.callid;
992 g_pars.subscr.cp.from_addr := rx_sip_req.msgHeader.fromField;
993 g_pars.subscr.cp.to_addr := rx_sip_req.msgHeader.toField;
994 g_pars.subscr.cp.to_addr.toParams := f_sip_param_set(g_pars.subscr.cp.to_addr.toParams, "tag", f_sip_rand_tag());
995 g_pars.subscr.cp.sip_seq_nr := rx_sip_req.msgHeader.cSeq.seqNumber;
996}
997
998/* Peer is calling us, accept it: */
999altstep as_IMS_mo_call_accept(boolean exp_update_to_direct_rtp := false,
1000 boolean fail_others := true) runs on IMS_ConnHdlr
1001{
1002 var template (present) PDU_SIP_Request exp_req :=
1003 tr_SIP_INVITE(f_tr_SipUrl_opt_defport(ts_SipUrl_from_Addr_Union(g_pars.subscr.cp.called.addr)),
1004 ?,
Pau Espin Pedrol09087012024-06-04 18:07:48 +0200[diff] [blame]1005 tr_From(tr_Addr_Union_from_val(g_pars.subscr.cp.calling.addr), *),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]1006 tr_To(tr_Addr_Union_from_val(g_pars.subscr.cp.called.addr), *),
Pau Espin Pedrol480b53c2024-06-07 19:49:02 +0200[diff] [blame]1007 tr_Via_from(f_tr_HostPort(g_pars.subscr.remote_sip_host, g_pars.subscr.ipsec_remote_port_s)),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]1008 ?, ?);
1009 var charstring sip_expect_str := log2str(exp_req);
1010
1011 [] SIP.receive(exp_req) -> value g_rx_sip_req {
1012 var template (value) PDU_SIP_Response tx_resp;
1013 var Via via;
1014 var charstring tx_sdp;
1015
1016 /* Obtain params: */
1017 f_ConnHdlr_parse_initial_SIP_INVITE(g_rx_sip_req);
1018 via := g_rx_sip_req.msgHeader.via;
1019
Pau Espin Pedrolf1963b32024-06-07 17:07:16 +0200[diff] [blame]1020 f_ims_validate_register_P_Access_Network_info(g_rx_sip_req, exp_present := true);
1021
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]1022
1023 /* Tx 180 Ringing */
1024 tx_resp := ts_SIP_Response_Ringing(g_pars.subscr.cp.sip_call_id,
1025 g_pars.subscr.cp.from_addr,
1026 g_pars.subscr.cp.to_addr,
1027 via,
1028 g_pars.subscr.cp.sip_seq_nr);
1029 SIP.send(tx_resp);
1030
1031 /* Tx 200 OK */
1032 tx_sdp := f_gen_sdp();
1033 tx_resp := ts_SIP_Response(g_pars.subscr.cp.sip_call_id,
1034 g_pars.subscr.cp.from_addr,
1035 g_pars.subscr.cp.to_addr,
1036 "INVITE", 200,
1037 g_pars.subscr.cp.sip_seq_nr,
1038 "OK",
1039 via,
1040 body := tx_sdp);
1041 SIP.send(tx_resp);
1042
1043 /* Wait for ACK */
1044 exp_req := tr_SIP_ACK(f_tr_SipUrl_opt_defport(ts_SipUrl_from_Addr_Union(g_pars.subscr.cp.called.addr)),
1045 g_pars.subscr.cp.sip_call_id,
1046 g_pars.subscr.cp.from_addr,
1047 g_pars.subscr.cp.to_addr,
1048 f_tr_Via_response(via),
1049 g_pars.subscr.cp.sip_seq_nr, *);
1050 as_SIP_expect_req(exp_req);
1051 }
1052 [fail_others] as_SIP_fail_resp(sip_expect_str);
1053 [fail_others] as_SIP_fail_req(sip_expect_str);
1054
1055}
1056
1057/* Call is terminated by peer: */
1058altstep as_IMS_exp_call_hangup(template (present) integer exp_seq_nr := ?, boolean fail_others := true) runs on IMS_ConnHdlr
1059{
1060 var template (present) PDU_SIP_Request exp_req :=
1061 tr_SIP_BYE(f_tr_SipUrl_opt_defport(ts_SipUrl_from_Addr_Union(g_pars.subscr.cp.called.addr)),
1062 g_pars.subscr.cp.sip_call_id,
1063 g_pars.subscr.cp.from_addr,
1064 g_pars.subscr.cp.to_addr,
Pau Espin Pedrol480b53c2024-06-07 19:49:02 +0200[diff] [blame]1065 tr_Via_from(f_tr_HostPort(g_pars.subscr.remote_sip_host, g_pars.subscr.ipsec_remote_port_s)),
Pau Espin Pedrol901cede2024-05-30 13:03:42 +0200[diff] [blame]1066 exp_seq_nr);
1067 var charstring sip_expect_str := log2str(exp_req);
1068
1069 [] SIP.receive(exp_req) -> value g_rx_sip_req {
1070 var template (value) PDU_SIP_Response tx_resp;
1071 var charstring tx_sdp;
1072 var Via via;
1073
1074 /* Update parameters: */
1075 g_pars.subscr.cp.sip_seq_nr := g_rx_sip_req.msgHeader.cSeq.seqNumber;
1076 /* "branch" has changed: */
1077 via := g_rx_sip_req.msgHeader.via;
1078
1079 /* Tx 200 OK */
1080 tx_sdp := f_gen_sdp();
1081 tx_resp := ts_SIP_Response(g_pars.subscr.cp.sip_call_id,
1082 g_pars.subscr.cp.from_addr,
1083 g_pars.subscr.cp.to_addr,
1084 "BYE", 200,
1085 g_pars.subscr.cp.sip_seq_nr,
1086 "OK",
1087 via,
1088 body := tx_sdp);
1089 SIP.send(tx_resp);
1090 }
1091 [fail_others] as_SIP_fail_resp(sip_expect_str);
1092 [fail_others] as_SIP_fail_req(sip_expect_str);
1093}
1094
Pau Espin Pedrolac8a0542024-04-19 17:30:57 +0200[diff] [blame]1095}