1
/* $Id: sip_auth_aka.c 3999 2012-03-30 07:10:13Z bennylp $ */
3
* Copyright (C) 2008-2011 Teluu Inc. (http://www.teluu.com)
4
* Copyright (C) 2003-2008 Benny Prijono <benny@prijono.org>
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 2 of the License, or
9
* (at your option) any later version.
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, write to the Free Software
18
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20
#include <pjsip/sip_auth_aka.h>
21
#include <pjsip/sip_errno.h>
22
#include <pjlib-util/base64.h>
23
#include <pjlib-util/md5.h>
24
#include <pjlib-util/hmac_md5.h>
25
#include <pj/assert.h>
28
#include <pj/string.h>
30
#if PJSIP_HAS_DIGEST_AKA_AUTH
32
#include "../../third_party/milenage/milenage.h"
35
* Create MD5-AKA1 digest response.
37
PJ_DEF(pj_status_t) pjsip_auth_create_aka_response(
39
const pjsip_digest_challenge*chal,
40
const pjsip_cred_info *cred,
41
const pj_str_t *method,
42
pjsip_digest_credential *auth)
46
const pj_str_t pjsip_AKAv1_MD5 = { "AKAv1-MD5", 9 };
47
const pj_str_t pjsip_AKAv2_MD5 = { "AKAv2-MD5", 9 };
48
pj_uint8_t *chal_rand, *chal_sqnxoraka, *chal_mac;
49
pj_uint8_t k[PJSIP_AKA_KLEN];
50
pj_uint8_t op[PJSIP_AKA_OPLEN];
51
pj_uint8_t amf[PJSIP_AKA_AMFLEN];
52
pj_uint8_t res[PJSIP_AKA_RESLEN];
53
pj_uint8_t ck[PJSIP_AKA_CKLEN];
54
pj_uint8_t ik[PJSIP_AKA_IKLEN];
55
pj_uint8_t ak[PJSIP_AKA_AKLEN];
56
pj_uint8_t sqn[PJSIP_AKA_SQNLEN];
57
pj_uint8_t xmac[PJSIP_AKA_MACLEN];
58
pjsip_cred_info aka_cred;
62
/* Check the algorithm is supported. */
63
if (chal->algorithm.slen==0 || pj_stricmp2(&chal->algorithm, "md5") == 0) {
65
* A normal MD5 authentication is requested. Fallbackt to the usual
66
* MD5 digest creation.
68
pjsip_auth_create_digest(&auth->response, &auth->nonce, &auth->nc,
69
&auth->cnonce, &auth->qop, &auth->uri,
70
&auth->realm, cred, method);
73
} else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv1_MD5) == 0) {
75
* AKA version 1 is requested.
79
} else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv2_MD5) == 0) {
81
* AKA version 2 is requested.
86
/* Unsupported algorithm */
87
return PJSIP_EINVALIDALGORITHM;
91
nonce_bin.slen = len = PJ_BASE64_TO_BASE256_LEN(chal->nonce.slen);
92
nonce_bin.ptr = pj_pool_alloc(pool, nonce_bin.slen + 1);
93
status = pj_base64_decode(&chal->nonce, (pj_uint8_t*)nonce_bin.ptr, &len);
95
if (status != PJ_SUCCESS)
96
return PJSIP_EAUTHINNONCE;
98
if (nonce_bin.slen < PJSIP_AKA_RANDLEN + PJSIP_AKA_AUTNLEN)
99
return PJSIP_EAUTHINNONCE;
101
/* Get RAND, AUTN, and MAC */
102
chal_rand = (pj_uint8_t*)(nonce_bin.ptr + 0);
103
chal_sqnxoraka = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN);
104
chal_mac = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN +
105
PJSIP_AKA_SQNLEN + PJSIP_AKA_AMFLEN);
107
/* Copy k. op, and amf */
108
pj_bzero(k, sizeof(k));
109
pj_bzero(op, sizeof(op));
110
pj_bzero(amf, sizeof(amf));
112
if (cred->ext.aka.k.slen)
113
pj_memcpy(k, cred->ext.aka.k.ptr, cred->ext.aka.k.slen);
114
if (cred->ext.aka.op.slen)
115
pj_memcpy(op, cred->ext.aka.op.ptr, cred->ext.aka.op.slen);
116
if (cred->ext.aka.amf.slen)
117
pj_memcpy(amf, cred->ext.aka.amf.ptr, cred->ext.aka.amf.slen);
119
/* Given key K and random challenge RAND, compute response RES,
120
* confidentiality key CK, integrity key IK and anonymity key AK.
122
f2345(k, chal_rand, res, ck, ik, ak, op);
124
/* Compute sequence number SQN */
125
for (i=0; i<PJSIP_AKA_SQNLEN; ++i)
126
sqn[i] = (pj_uint8_t) (chal_sqnxoraka[i] ^ ak[i]);
128
/* Verify MAC in the challenge */
130
f1(k, chal_rand, sqn, amf, xmac, op);
132
if (pj_memcmp(chal_mac, xmac, PJSIP_AKA_MACLEN) != 0) {
133
return PJSIP_EAUTHINNONCE;
136
/* Build a temporary credential info to create MD5 digest, using
137
* "res" as the password.
139
pj_memcpy(&aka_cred, cred, sizeof(aka_cred));
140
aka_cred.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;
142
/* Create a response */
143
if (aka_version == 1) {
145
* For AKAv1, the password is RES
147
aka_cred.data.ptr = (char*)res;
148
aka_cred.data.slen = PJSIP_AKA_RESLEN;
150
pjsip_auth_create_digest(&auth->response, &chal->nonce,
151
&auth->nc, &auth->cnonce, &auth->qop,
152
&auth->uri, &chal->realm, &aka_cred, method);
154
} else if (aka_version == 2) {
157
* For AKAv2, password is base64 encoded [1] parameters:
158
* PRF(RES||IK||CK,"http-digest-akav2-password")
160
* The pseudo-random function (PRF) is HMAC-MD5 in this case.
164
const pj_str_t AKAv2_Passwd = { "http-digest-akav2-password", 26 };
165
pj_uint8_t hmac_digest[16];
169
resikck.slen = PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN + PJSIP_AKA_CKLEN;
170
pj_assert(resikck.slen <= PJ_ARRAY_SIZE(tmp_buf));
171
resikck.ptr = tmp_buf;
172
pj_memcpy(resikck.ptr + 0, res, PJSIP_AKA_RESLEN);
173
pj_memcpy(resikck.ptr + PJSIP_AKA_RESLEN, ik, PJSIP_AKA_IKLEN);
174
pj_memcpy(resikck.ptr + PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN,
175
ck, PJSIP_AKA_CKLEN);
177
pj_hmac_md5((const pj_uint8_t*)AKAv2_Passwd.ptr, AKAv2_Passwd.slen,
178
(const pj_uint8_t*)resikck.ptr, resikck.slen,
181
aka_cred.data.slen = hmac64_len =
182
PJ_BASE256_TO_BASE64_LEN(PJ_ARRAY_SIZE(hmac_digest));
183
pj_assert(aka_cred.data.slen+1 <= PJ_ARRAY_SIZE(tmp_buf));
184
aka_cred.data.ptr = tmp_buf;
185
pj_base64_encode(hmac_digest, PJ_ARRAY_SIZE(hmac_digest),
186
aka_cred.data.ptr, &len);
187
aka_cred.data.slen = hmac64_len;
189
pjsip_auth_create_digest(&auth->response, &chal->nonce,
190
&auth->nc, &auth->cnonce, &auth->qop,
191
&auth->uri, &chal->realm, &aka_cred, method);
203
#endif /* PJSIP_HAS_DIGEST_AKA_AUTH */