Re: AudioCodes and H.235

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Dennis,

I am aware that GnuGk's H.235.1 password authentication is not
interoperable with many (most ?) vendor implementations when using
proper SHA1 hashes. (MD5 works fine, but its weak and not really
standard).

A proper fix for all devices requires much more what you posted. I have
a full H.235.1 implementation under development and the comments you
quote are from the H323Plus part of that fix that I have already
committed a few weeks ago.

Your fix happens to work, because AudioCodes fails to properly check
the tokens it gets from GnuGk (I have one of their gateways in my lab).

The full implementation will include (and verify) tokens in all RAS and
Q.931 messages as required by the standard. But since many vendors have
bugs in their implementations, we'll also need a number of switches to
relax the checks for broken implementations.

Unfortunately it will take a while until I can release the GnuGk part
of my implementation. I don't have a sponsor for it and can only work
on it now and then, so please bear with me.

Regards,
Jan

-- 
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail  : jan@xxxxxxxxxxxxxx
Website: http://www.gnugk.org
Support: http://www.willamowius.com/gnugk-support.html

Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584


Denis Kochmashev wrote:
> Hello, Jan!
> 
> I was trying to authenticate RRQ's from AudioCodes MP-112 Gateway using 
> H.235 via SQLPasswordsAuth policy, and after spending some time 
> investigating why it is not working, found an intriguing message inside 
> h235auth1.cxx from H323Plus sources. It says the following:
> ---
>         // H.235.0v4 clause 8.2 says generalID "should" be included, but 
> doesn't require it
>         // H.235.1v4 clause 14 says generalID "shall" be included in 
> ClearTokens, when the information is available
>         // AudioCodes 4.6 and Innovaphone v6-v9 don't include a generalID
> ---
> I guess it means that generalID check may be skipped. Unfortunately I 
> haven't found the solution using standard GNUGK tools. That is why I 
> wrote a small patch which tells H.235.1 authenticator to skip checking 
> generalID while validating crypto tokens inside RRQ from AudioCodes 
> Gateways. Since I have 5.00A.046.014 software version in my MP-112 which 
> is the last available from manufacturer, I think that this "feature" is 
> relevant for all AudioCodes Gateways.
> 
> What would you say about including this workaround in GNUGK sources?
> 

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________________

Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/





[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux