diff options
| author | Benny Prijono <bennylp@teluu.com> | 2011-12-20 09:56:26 +0000 |
|---|---|---|
| committer | Benny Prijono <bennylp@teluu.com> | 2011-12-20 09:56:26 +0000 |
| commit | 73f511d10201ce081f0ac861a84d27696bb4351c (patch) | |
| tree | ad4efc7e866c08399c15d8ad5b9fe6536fe7a4df /pjsip | |
| parent | b5ad2efaf5d3c8db9e4fc0d749ffa6152d20ed20 (diff) | |
Fixed #1431: Support for RFC 4169/Digest Authentication Using AKAv2 (thanks Alex Kolesnichenko for the patch)
git-svn-id: http://svn.pjsip.org/repos/pjproject/branches/1.x@3916 74dad513-b988-da41-8d7b-12977e46ad98
Diffstat (limited to 'pjsip')
| -rw-r--r-- | pjsip/src/pjsip/sip_auth_aka.c | 37 |
1 files changed, 27 insertions, 10 deletions
diff --git a/pjsip/src/pjsip/sip_auth_aka.c b/pjsip/src/pjsip/sip_auth_aka.c index 29deab7f..82efbaf9 100644 --- a/pjsip/src/pjsip/sip_auth_aka.c +++ b/pjsip/src/pjsip/sip_auth_aka.c @@ -152,22 +152,39 @@ PJ_DEF(pj_status_t) pjsip_auth_create_aka_response( &auth->uri, &chal->realm, &aka_cred, method); } else if (aka_version == 2) { + /* * For AKAv2, password is base64 encoded [1] parameters: * PRF(RES||IK||CK,"http-digest-akav2-password") * * The pseudo-random function (PRF) is HMAC-MD5 in this case. - * - * Hmmm.. but those above doesn't seem to work, and this below does! */ - aka_cred.data.slen = PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN + - PJSIP_AKA_CKLEN; - aka_cred.data.ptr = pj_pool_alloc(pool, aka_cred.data.slen); - - pj_memcpy(aka_cred.data.ptr + 0, res, PJSIP_AKA_RESLEN); - pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN, ik, PJSIP_AKA_IKLEN); - pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN, - ck, PJSIP_AKA_CKLEN); + + pj_str_t resikck; + const pj_str_t AKAv2_Passwd = { "http-digest-akav2-password", 26 }; + pj_uint8_t hmac_digest[16]; + char tmp_buf[48]; + int hmac64_len; + + resikck.slen = PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN + PJSIP_AKA_CKLEN; + pj_assert(resikck.slen <= PJ_ARRAY_SIZE(tmp_buf)); + resikck.ptr = tmp_buf; + pj_memcpy(resikck.ptr + 0, res, PJSIP_AKA_RESLEN); + pj_memcpy(resikck.ptr + PJSIP_AKA_RESLEN, ik, PJSIP_AKA_IKLEN); + pj_memcpy(resikck.ptr + PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN, + ck, PJSIP_AKA_CKLEN); + + pj_hmac_md5((const pj_uint8_t*)AKAv2_Passwd.ptr, AKAv2_Passwd.slen, + (const pj_uint8_t*)resikck.ptr, resikck.slen, + hmac_digest); + + aka_cred.data.slen = hmac64_len = + PJ_BASE256_TO_BASE64_LEN(PJ_ARRAY_SIZE(hmac_digest)); + pj_assert(aka_cred.data.slen+1 <= PJ_ARRAY_SIZE(tmp_buf)); + aka_cred.data.ptr = tmp_buf; + pj_base64_encode(hmac_digest, PJ_ARRAY_SIZE(hmac_digest), + aka_cred.data.ptr, &len); + aka_cred.data.slen = hmac64_len; pjsip_auth_create_digest(&auth->response, &chal->nonce, &auth->nc, &auth->cnonce, &auth->qop, |