Hi All I want to create response by using "Digest AKAv1 and AKAv2 Authentication API" for different algorithms like MD5, AKAv1-MD5 and AKAv2-MD5 (i.e http://www.pjsip.org/pjsip/docs/html/group__PJSIP__AUTH__AKA__API.htm). So that i have written a code as follows and passed the different parameter values. I want to catch the response and print it. How it is possible . Plz suggest. What's wrong in my code? #include <string.h> #define PJ_WIN32 1; #include <pjlib.h> #include <pjlib-util.h> #include <pjnath.h> #include <pjsip.h> #include <pjsip_ua.h> #include <pjsip_simple.h> #include <pjsua-lib/pjsua.h> #include <pjmedia.h> #include <pjmedia-codec.h> #include <pjsua-lib/pjsua.h> #include <pj/string.h> #include <pj/types.h> #include <pj/config_site.h > #define PJSIP_HAS_DIGEST_AKA_AUTH 1 #define PJSIP_AKA_AKLEN 6 #define PJSIP_AKA_AMFLEN 2 #define PJSIP_AKA_AUTNLEN 16 #define PJSIP_AKA_CKLEN 16 #define PJSIP_AKA_IKLEN 16 #define PJSIP_AKA_KLEN 16 #define PJSIP_AKA_MACLEN 8 #define PJSIP_AKA_OPLEN 16 #define PJSIP_AKA_RANDLEN 16 #define PJSIP_AKA_RESLEN 8 #define PJSIP_AKA_SQNLEN 6 typedef int pj_status_t; #include <pjsip/sip_auth_aka.h> #include <pjsip/sip_errno.h> #include <pjlib-util/base64.h> #include <pjlib-util/md5.h> #include <pjlib-util/hmac_md5.h> #include <pj/assert.h> #include <pj/log.h> #include <pj/pool.h> #include <pj/string.h> #include <pjsip/sip_auth.h> #include "E:/pjproject-1.0.1/third_party/milenage/milenage.h" pj_status_t pjsip_auth_create_aka_response(pj_pool_t * pool, const pjsip_digest_challenge * chal, const pjsip_cred_info * cred, const pj_str_t * method, pjsip_digest_credential * auth); pj_status_t pjsip_auth_create_aka_response( pj_pool_t *pool, const pjsip_digest_challenge*chal, const pjsip_cred_info *cred, const pj_str_t *method, pjsip_digest_credential *auth) { pj_str_t nonce_bin; int aka_version; const pj_str_t pjsip_AKAv1_MD5 = { "AKAv1-MD5", 9 }; const pj_str_t pjsip_AKAv2_MD5 = { "AKAv2-MD5", 9 }; pj_uint8_t *chal_rand, *chal_sqnxoraka, *chal_mac; pj_uint8_t k[PJSIP_AKA_KLEN]; pj_uint8_t op[PJSIP_AKA_OPLEN]; pj_uint8_t amf[PJSIP_AKA_AMFLEN]; pj_uint8_t res[PJSIP_AKA_RESLEN]; pj_uint8_t ck[PJSIP_AKA_CKLEN]; pj_uint8_t ik[PJSIP_AKA_IKLEN]; pj_uint8_t ak[PJSIP_AKA_AKLEN]; pj_uint8_t sqn[PJSIP_AKA_SQNLEN]; pj_uint8_t xmac[PJSIP_AKA_MACLEN]; pjsip_cred_info aka_cred; int i, len; pj_status_t status; /* Check the algorithm is supported. */ if (chal->algorithm.slen==0 || pj_stricmp2(&chal->algorithm, "md5") == 0) { /* * A normal MD5 authentication is requested. Fallbackt to the usual * MD5 digest creation. */ pjsip_auth_create_digest(&auth->response, &auth->nonce, &auth->nc, &auth->cnonce, &auth->qop, &auth->uri, &auth->realm, cred, method); return PJ_SUCCESS; } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv1_MD5) == 0) { /* * AKA version 1 is requested. */ aka_version = 1; } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv2_MD5) == 0) { /* * AKA version 2 is requested. */ aka_version = 2; } else { /* Unsupported algorithm */ return PJSIP_EINVALIDALGORITHM; } /* Decode nonce */ nonce_bin.slen = len = PJ_BASE64_TO_BASE256_LEN(chal->nonce.slen); nonce_bin.ptr = pj_pool_alloc(pool, nonce_bin.slen + 1); status = pj_base64_decode(&chal->nonce, (pj_uint8_t*)nonce_bin.ptr, &len); nonce_bin.slen = len; if (status != PJ_SUCCESS) return PJSIP_EAUTHINNONCE; if (nonce_bin.slen < PJSIP_AKA_RANDLEN + PJSIP_AKA_AUTNLEN) return PJSIP_EAUTHINNONCE; /* Get RAND, AUTN, and MAC */ chal_rand = (pj_uint8_t*)(nonce_bin.ptr + 0); chal_sqnxoraka = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN); chal_mac = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN + PJSIP_AKA_SQNLEN + PJSIP_AKA_AMFLEN); /* Copy k. op, and amf */ pj_bzero(k, sizeof(k)); pj_bzero(op, sizeof(op)); pj_bzero(amf, sizeof(amf)); if (cred->ext.aka.k.slen) pj_memcpy(k, cred->ext.aka.k.ptr, cred->ext.aka.k.slen); if (cred->ext.aka.op.slen) pj_memcpy(op, cred->ext.aka.op.ptr, cred->ext.aka.op.slen); if (cred->ext.aka.amf.slen) pj_memcpy(amf, cred->ext.aka.amf.ptr, cred->ext.aka.amf.slen); /* Given key K and random challenge RAND, compute response RES, * confidentiality key CK, integrity key IK and anonymity key AK. */ f2345(k, chal_rand, res, ck, ik, ak, op); /* Compute sequence number SQN */ for (i=0; i<PJSIP_AKA_SQNLEN; ++i) sqn[i] = (pj_uint8_t) (chal_sqnxoraka[i] ^ ak[i]); /* Verify MAC in the challenge */ /* Compute XMAC */ f1(k, chal_rand, sqn, amf, xmac, op); if (pj_memcmp(chal_mac, xmac, PJSIP_AKA_MACLEN) != 0) { return PJSIP_EAUTHINNONCE; } /* Build a temporary credential info to create MD5 digest, using * "res" as the password. */ pj_memcpy(&aka_cred, cred, sizeof(aka_cred)); aka_cred.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD; /* Create a response */ if (aka_version == 1) { /* * For AKAv1, the password is RES */ aka_cred.data.ptr = (char*)res; aka_cred.data.slen = PJSIP_AKA_RESLEN; pjsip_auth_create_digest(&auth->response, &chal->nonce, &auth->nc, &auth->cnonce, &auth->qop, &auth->uri, &chal->realm, &aka_cred, method); } else if (aka_version == 2) { /* * For AKAv2, password is base64 encoded [1] parameters: * PRF(RES||IK||CK,"http-digest-akav2-password") * * The pseudo-random function (PRF) is HMAC-MD5 in this case. * * Hmmm.. but those above doesn't seem to work, and this below does! */ aka_cred.data.slen = PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN + PJSIP_AKA_CKLEN; aka_cred.data.ptr = pj_pool_alloc(pool, aka_cred.data.slen); pj_memcpy(aka_cred.data.ptr + 0, res, PJSIP_AKA_RESLEN); pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN, ik, PJSIP_AKA_IKLEN); pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN, ck, PJSIP_AKA_CKLEN); pjsip_auth_create_digest(&auth->response, &chal->nonce, &auth->nc, &auth->cnonce, &auth->qop, &auth->uri, &chal->realm, &aka_cred, method); } else { pj_assert(!"Bug!"); return PJ_EBUG; } /* Done */ return PJ_SUCCESS; } int main(int argc, char *argv[]) { pjsip_cred_info cred; pj_pool_t pool; pjsip_digest_challenge chal; const pj_str_t *method; pjsip_digest_credential auth; //Authentication challange Parameters pj_bzero(&chal, sizeof(chal)); chal.realm = pj_str("acti.com"); chal.domain = pj_str("acti.com"); chal.nonce = pj_str("MzQ0a2xrbGtmbGtsZm9wb2tsc2tqaHJzZXNy9uQyMzMzMzQK"); chal.opaque = pj_str(""); chal.algorithm = pj_str("AKAv1-MD5"); chal.qop = pj_str (""); //authorization parameters pj_bzero(&auth, sizeof(auth)); auth.realm = pj_str("acti.com"); auth.username = pj_str("A at acti.com"); auth.nonce = pj_str("MzQ0a2xrbGtmbGtsZm9wb2tsc2tqaHJzZXNy9uQyMzMzMzQK"); auth.algorithm = pj_str ("AKAv1-MD5"); // Credential parameters pj_bzero(&cred, sizeof(cred)); cred.scheme = pj_str("Digest"); cred.realm = pj_str("acti.com"); cred.username = pj_str("A at acti.com"); cred.data_type = PJSIP_CRED_DATA_EXT_AKA; cred.data = pj_str(""); // AKA extended info cred.ext.aka.k = pj_str("626f6200000000000000000000000000"); cred.ext.aka.op = pj_str("cdc202d5123e20f62b6d676ac72cb318"); cred.ext.aka.amf = pj_str("0000"); cred.ext.aka.cb = &pjsip_auth_create_aka_response; //i want to catch and print the response here. return 0; } Plz guide me. regd's Sanjay -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20090210/bb3f632f/attachment.html>
