[L] Change in osmo-ttcn3-hacks[master]: asterisk: Implement support to handle 2nd REGISTER through ipsec
pespin has submitted this change. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email ) Change subject: asterisk: Implement support to handle 2nd REGISTER through ipsec .. asterisk: Implement support to handle 2nd REGISTER through ipsec This patch implements the necessary infra to set up ipsec tunnel towards the asterisk IMS client, and receive the 2nd REGISTER through the ipsec tun plus answer it acking the registration successfully. Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 --- M asterisk/Asterisk_Tests.cfg M asterisk/IMS_ConnectionHandler.ttcn A asterisk/IMS_ipsec_setup.sh M asterisk/gen_links.sh M asterisk/regen_makefile.sh M library/PIPEasp_Templates.ttcn M library/SIP_Templates.ttcn M sip/SIP_Tests.ttcn 8 files changed, 285 insertions(+), 21 deletions(-) Approvals: Jenkins Builder: Verified osmith: Looks good to me, approved diff --git a/asterisk/Asterisk_Tests.cfg b/asterisk/Asterisk_Tests.cfg index bcc8a30..3286aed 100644 --- a/asterisk/Asterisk_Tests.cfg +++ b/asterisk/Asterisk_Tests.cfg @@ -11,6 +11,7 @@ [TESTPORT_PARAMETERS] [MODULE_PARAMETERS] +IMS_ConnectionHandler.mp_ipsec_setup_script_path := "./IMS_ipsec_setup.sh" [MAIN_CONTROLLER] diff --git a/asterisk/IMS_ConnectionHandler.ttcn b/asterisk/IMS_ConnectionHandler.ttcn index 18404f1..dcf3646 100644 --- a/asterisk/IMS_ConnectionHandler.ttcn +++ b/asterisk/IMS_ConnectionHandler.ttcn @@ -16,6 +16,11 @@ import from Native_Functions all; import from Misc_Helpers all; +/* the PIPE asp port allows us to interact with ip xfrm via stdin/stdout */ +import from PIPEasp_PortType all; +import from PIPEasp_Types all; +import from PIPEasp_Templates all; + import from SDP_Types all; import from SDP_Templates all; @@ -23,6 +28,11 @@ import from SIPmsg_Types all; import from SIP_Templates all; + +modulepar { + charstring mp_ipsec_setup_script_path := "./IMS_ipsec_setup.sh"; +} + const char c_sip_server_name := "osmo-ttcn3-hacks/0.23"; @@ -41,6 +51,7 @@ var PDU_SIP_Response g_rx_sip_resp; port IMSCoord_PT COORD; + port PIPEasp_PT PIPE; } type record of IMS_ConnHdlr IMS_ConnHdlrList; @@ -54,10 +65,14 @@ charstring user, charstring display_name, charstring password, + charstring nonce, + charstring ipsec_auth_key, integer ipsec_local_spi_c, integer ipsec_local_spi_s, integer ipsec_remote_spi_c optional, integer ipsec_remote_spi_s optional, + uint16_t ipsec_remote_port_c optional, + uint16_t ipsec_remote_port_s optional, SipUrl registrar_sip_req_uri, SipAddr registrar_sip_record, CallidString registrar_sip_call_id, @@ -131,10 +146,15 @@ user := user, display_name := f_sip_str_quote(display_name), password := password, + /* The Nonce field is the Base64 encoded version of the RAND value and concatenated with the AUTN: */ + nonce := "FJh2MfZfjjeIoHmLbrzQjvbhmnzLAoAAoGsZyVRFFuU=", + ipsec_auth_key := "0x5238297dfcca759bd05d48ff49bc63fa", ipsec_local_spi_c := 4142, ipsec_local_spi_s := 4143, ipsec_remote_spi_c := omit, ipsec_remote_spi_s := omit, + ipsec_remote_port_c := omit, + ipsec_remote_port_s := omit, registrar_sip_req_uri := valueof(ts_SipUrlHost(local_sip_host)), registrar_sip_record := ts_SipAddr(ts_HostPort(local_sip_host), ts_UserInfo(user), @@ -194,6 +214,39 @@ } } +/* HTTP Digest Authentication Using AKA (AKAv1-MD5): RFC 3310 */ +function f_tr_Authorization_AKAv1MD5(WwwAuthenticate www_authenticate, +charstring username, +charstring uri, +integer nc_int := 1) +return template (present) Authorization { + var CommaParam_List digestCln; + var template (present) Authorization authorization; + var template (present) Credentials cred; + var template (omit) GenericParam rx_param; + + digestCln := www_authenticate.challenge[0].digestCln; + + var charstring algorithm := f_sip_param_get_value_present_or_fail(digestCln, "algorithm"); + var charstring realm := f_sip_param_get_value_present_or_fail(digestCln, "realm"); + var charstring nonce := f_sip_param_get_value_present_or_fail(digestCln, "nonce"); + + var template (present) CommaParam_List digestResponse := superset( + tr_Param("username", f_sip_str_quote(username)), + tr_Param("realm", f_sip_str_quote(realm)), + tr_Param("nonce", f_sip_str_quote(nonce)), + tr_Param("uri", f_sip_str_quote(uri)), + tr_Param("response", ?), + tr_Param("algorithm", algorithm), + tr_Param("qop", "auth"), + tr_Param("cnonce", ?), +
[L] Change in osmo-ttcn3-hacks[master]: asterisk: Implement support to handle 2nd REGISTER through ipsec
Attention is currently required from: jolly, laforge, pespin. osmith has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email ) Change subject: asterisk: Implement support to handle 2nd REGISTER through ipsec .. Patch Set 3: Code-Review+2 (2 comments) File asterisk/IMS_ConnectionHandler.ttcn: https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856/comment/350bb8c3_eaff1c3e PS2, Line 471: Tyring > Trying Done File asterisk/IMS_ipsec_setup.sh: https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856/comment/a2fc6734_1d8c371a PS2, Line 29: src "${1}" dst "${3}" proto esp spi "${5}" reqid "${5}" mode transport \ : replay-window 32 \ : auth-trunc sha1 "${AUTH_KEY}" 96 \ : enc cipher_null "" \ : sel src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}" > indentation: should have 1 more tab, same in ip_xfrm_policy Done -- To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 Gerrit-Change-Number: 36856 Gerrit-PatchSet: 3 Gerrit-Owner: pespin Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: jolly Gerrit-Reviewer: laforge Gerrit-Reviewer: osmith Gerrit-Attention: jolly Gerrit-Attention: laforge Gerrit-Attention: pespin Gerrit-Comment-Date: Fri, 17 May 2024 12:44:05 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Comment-In-Reply-To: osmith Gerrit-MessageType: comment
[L] Change in osmo-ttcn3-hacks[master]: asterisk: Implement support to handle 2nd REGISTER through ipsec
Attention is currently required from: jolly, laforge, osmith, pespin. Hello Jenkins Builder, jolly, laforge, osmith, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email to look at the new patch set (#3). The following approvals got outdated and were removed: Code-Review+1 by laforge, Code-Review+1 by osmith, Verified+1 by Jenkins Builder Change subject: asterisk: Implement support to handle 2nd REGISTER through ipsec .. asterisk: Implement support to handle 2nd REGISTER through ipsec This patch implements the necessary infra to set up ipsec tunnel towards the asterisk IMS client, and receive the 2nd REGISTER through the ipsec tun plus answer it acking the registration successfully. Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 --- M asterisk/Asterisk_Tests.cfg M asterisk/IMS_ConnectionHandler.ttcn A asterisk/IMS_ipsec_setup.sh M asterisk/gen_links.sh M asterisk/regen_makefile.sh M library/PIPEasp_Templates.ttcn M library/SIP_Templates.ttcn M sip/SIP_Tests.ttcn 8 files changed, 285 insertions(+), 21 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/56/36856/3 -- To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 Gerrit-Change-Number: 36856 Gerrit-PatchSet: 3 Gerrit-Owner: pespin Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: jolly Gerrit-Reviewer: laforge Gerrit-Reviewer: osmith Gerrit-Attention: osmith Gerrit-Attention: jolly Gerrit-Attention: laforge Gerrit-Attention: pespin Gerrit-MessageType: newpatchset
[L] Change in osmo-ttcn3-hacks[master]: asterisk: Implement support to handle 2nd REGISTER through ipsec
Attention is currently required from: jolly, pespin. osmith has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email ) Change subject: asterisk: Implement support to handle 2nd REGISTER through ipsec .. Patch Set 2: Code-Review+1 (2 comments) File asterisk/IMS_ConnectionHandler.ttcn: https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856/comment/36283d93_2b884af0 PS2, Line 471: Tyring Trying File asterisk/IMS_ipsec_setup.sh: https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856/comment/c2750d61_4440b97e PS2, Line 29: src "${1}" dst "${3}" proto esp spi "${5}" reqid "${5}" mode transport \ : replay-window 32 \ : auth-trunc sha1 "${AUTH_KEY}" 96 \ : enc cipher_null "" \ : sel src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}" indentation: should have 1 more tab, same in ip_xfrm_policy -- To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 Gerrit-Change-Number: 36856 Gerrit-PatchSet: 2 Gerrit-Owner: pespin Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: jolly Gerrit-Reviewer: laforge Gerrit-Reviewer: osmith Gerrit-Attention: jolly Gerrit-Attention: pespin Gerrit-Comment-Date: Fri, 17 May 2024 08:57:43 + Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
[L] Change in osmo-ttcn3-hacks[master]: asterisk: Implement support to handle 2nd REGISTER through ipsec
Attention is currently required from: jolly, pespin. laforge has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email ) Change subject: asterisk: Implement support to handle 2nd REGISTER through ipsec .. Patch Set 2: Code-Review+1 -- To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 Gerrit-Change-Number: 36856 Gerrit-PatchSet: 2 Gerrit-Owner: pespin Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: jolly Gerrit-Reviewer: laforge Gerrit-Attention: jolly Gerrit-Attention: pespin Gerrit-Comment-Date: Thu, 16 May 2024 22:15:32 + Gerrit-HasComments: No Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
[L] Change in osmo-ttcn3-hacks[master]: asterisk: Implement support to handle 2nd REGISTER through ipsec
Attention is currently required from: jolly, laforge, pespin. Hello Jenkins Builder, jolly, laforge, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email to look at the new patch set (#2). The following approvals got outdated and were removed: Verified-1 by Jenkins Builder Change subject: asterisk: Implement support to handle 2nd REGISTER through ipsec .. asterisk: Implement support to handle 2nd REGISTER through ipsec This patch implements the necessary infra to set up ipsec tunnel towards the asterisk IMS client, and receive the 2nd REGISTER through the ipsec tun plus answer it acking the registration successfully. Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 --- M asterisk/Asterisk_Tests.cfg M asterisk/IMS_ConnectionHandler.ttcn A asterisk/IMS_ipsec_setup.sh M asterisk/gen_links.sh M asterisk/regen_makefile.sh M library/PIPEasp_Templates.ttcn M library/SIP_Templates.ttcn M sip/SIP_Tests.ttcn 8 files changed, 285 insertions(+), 21 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/56/36856/2 -- To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 Gerrit-Change-Number: 36856 Gerrit-PatchSet: 2 Gerrit-Owner: pespin Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: jolly Gerrit-Reviewer: laforge Gerrit-Attention: jolly Gerrit-Attention: laforge Gerrit-Attention: pespin Gerrit-MessageType: newpatchset
[L] Change in osmo-ttcn3-hacks[master]: asterisk: Implement support to handle 2nd REGISTER through ipsec
Jenkins Builder has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email ) Change subject: asterisk: Implement support to handle 2nd REGISTER through ipsec .. Patch Set 1: (1 comment) File asterisk/regen_makefile.sh: Robot Comment from checkpatch (run ID jenkins-gerrit-lint-16174): https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856/comment/7d1b72d0_de998c1c PS1, Line 26: sed -i -e '/^LINUX_LIBS/ s/$/ -lutil/' Makefile adding a line without newline at end of file -- To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 Gerrit-Change-Number: 36856 Gerrit-PatchSet: 1 Gerrit-Owner: pespin Gerrit-CC: Jenkins Builder Gerrit-Comment-Date: Thu, 16 May 2024 19:02:17 + Gerrit-HasComments: Yes Gerrit-Has-Labels: No Gerrit-MessageType: comment
[L] Change in osmo-ttcn3-hacks[master]: asterisk: Implement support to handle 2nd REGISTER through ipsec
pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36856?usp=email ) Change subject: asterisk: Implement support to handle 2nd REGISTER through ipsec .. asterisk: Implement support to handle 2nd REGISTER through ipsec This patch implements the necessary infra to set up ipsec tunnel towards the asterisk IMS client, and receive the 2nd REGISTER through the ipsec tun plus answer it acking the registration successfully. Change-Id: Ic042422788ee406f5b71ca3878bc5617e5455579 --- M asterisk/Asterisk_Tests.cfg M asterisk/IMS_ConnectionHandler.ttcn A asterisk/IMS_ipsec_setup.sh M asterisk/gen_links.sh M asterisk/regen_makefile.sh M library/PIPEasp_Templates.ttcn M library/SIP_Templates.ttcn 7 files changed, 284 insertions(+), 20 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/56/36856/1 diff --git a/asterisk/Asterisk_Tests.cfg b/asterisk/Asterisk_Tests.cfg index bcc8a30..3286aed 100644 --- a/asterisk/Asterisk_Tests.cfg +++ b/asterisk/Asterisk_Tests.cfg @@ -11,6 +11,7 @@ [TESTPORT_PARAMETERS] [MODULE_PARAMETERS] +IMS_ConnectionHandler.mp_ipsec_setup_script_path := "./IMS_ipsec_setup.sh" [MAIN_CONTROLLER] diff --git a/asterisk/IMS_ConnectionHandler.ttcn b/asterisk/IMS_ConnectionHandler.ttcn index 18404f1..7aac8bb 100644 --- a/asterisk/IMS_ConnectionHandler.ttcn +++ b/asterisk/IMS_ConnectionHandler.ttcn @@ -16,6 +16,11 @@ import from Native_Functions all; import from Misc_Helpers all; +/* the PIPE asp port allows us to interact with ip xfrm via stdin/stdout */ +import from PIPEasp_PortType all; +import from PIPEasp_Types all; +import from PIPEasp_Templates all; + import from SDP_Types all; import from SDP_Templates all; @@ -23,6 +28,11 @@ import from SIPmsg_Types all; import from SIP_Templates all; + +modulepar { + charstring mp_ipsec_setup_script_path := "./IMS_ipsec_setup.sh"; +} + const char c_sip_server_name := "osmo-ttcn3-hacks/0.23"; @@ -41,6 +51,7 @@ var PDU_SIP_Response g_rx_sip_resp; port IMSCoord_PT COORD; + port PIPEasp_PT PIPE; } type record of IMS_ConnHdlr IMS_ConnHdlrList; @@ -54,10 +65,14 @@ charstring user, charstring display_name, charstring password, + charstring nonce, + charstring ipsec_auth_key, integer ipsec_local_spi_c, integer ipsec_local_spi_s, integer ipsec_remote_spi_c optional, integer ipsec_remote_spi_s optional, + uint16_t ipsec_remote_port_c optional, + uint16_t ipsec_remote_port_s optional, SipUrl registrar_sip_req_uri, SipAddr registrar_sip_record, CallidString registrar_sip_call_id, @@ -131,10 +146,15 @@ user := user, display_name := f_sip_str_quote(display_name), password := password, + /* The Nonce field is the Base64 encoded version of the RAND value and concatenated with the AUTN: */ + nonce := "FJh2MfZfjjeIoHmLbrzQjvbhmnzLAoAAoGsZyVRFFuU=", + ipsec_auth_key := "0x5238297dfcca759bd05d48ff49bc63fa", ipsec_local_spi_c := 4142, ipsec_local_spi_s := 4143, ipsec_remote_spi_c := omit, ipsec_remote_spi_s := omit, + ipsec_remote_port_c := omit, + ipsec_remote_port_s := omit, registrar_sip_req_uri := valueof(ts_SipUrlHost(local_sip_host)), registrar_sip_record := ts_SipAddr(ts_HostPort(local_sip_host), ts_UserInfo(user), @@ -194,6 +214,39 @@ } } +/* HTTP Digest Authentication Using AKA (AKAv1-MD5): RFC 3310 */ +function f_tr_Authorization_AKAv1MD5(WwwAuthenticate www_authenticate, +charstring username, +charstring uri, +integer nc_int := 1) +return template (present) Authorization { + var CommaParam_List digestCln; + var template (present) Authorization authorization; + var template (present) Credentials cred; + var template (omit) GenericParam rx_param; + + digestCln := www_authenticate.challenge[0].digestCln; + + var charstring algorithm := f_sip_param_get_value_present_or_fail(digestCln, "algorithm"); + var charstring realm := f_sip_param_get_value_present_or_fail(digestCln, "realm"); + var charstring nonce := f_sip_param_get_value_present_or_fail(digestCln, "nonce"); + + var template (present) CommaParam_List digestResponse := superset( + tr_Param("username", f_sip_str_quote(username)), + tr_Param("realm", f_sip_str_quote(realm)), + tr_Param("nonce", f_sip_str_quote(nonce)), + tr_Param("uri", f_sip_str_quote(uri)), + tr_Param("response", ?), + tr_Param("algorithm", algorithm), + tr_Param("qop", "auth"), + tr_Param("cnonce", ?), +