Hi All plz suggest me some idea . Regd's Sanjay On Tue, Feb 10, 2009 at 7:57 PM, Sanjay Nayak <sanjay.nayak.bdk at gmail.com>wrote: > Hi All > > I want to create response by using "Digest AKAv1 and AKAv2 Authentication > API" for different algorithms like MD5, AKAv1-MD5 and AKAv2-MD5 (i.e > http://www.pjsip.org/pjsip/docs/html/group__PJSIP__AUTH__AKA__API.htm). > > So that i have written a code as follows and passed the different parameter > values. I want to catch the response and print it. How it is possible . Plz > suggest. What's wrong in my code? > > #include <string.h> > #define PJ_WIN32 1; > #include <pjlib.h> > #include <pjlib-util.h> > #include <pjnath.h> > #include <pjsip.h> > #include <pjsip_ua.h> > #include <pjsip_simple.h> > #include <pjsua-lib/pjsua.h> > #include <pjmedia.h> > #include <pjmedia-codec.h> > #include <pjsua-lib/pjsua.h> > #include <pj/string.h> > #include <pj/types.h> > #include <pj/config_site.h > > > #define PJSIP_HAS_DIGEST_AKA_AUTH 1 > > > #define PJSIP_AKA_AKLEN 6 > #define PJSIP_AKA_AMFLEN 2 > #define PJSIP_AKA_AUTNLEN 16 > #define PJSIP_AKA_CKLEN 16 > #define PJSIP_AKA_IKLEN 16 > #define PJSIP_AKA_KLEN 16 > #define PJSIP_AKA_MACLEN 8 > #define PJSIP_AKA_OPLEN 16 > #define PJSIP_AKA_RANDLEN 16 > #define PJSIP_AKA_RESLEN 8 > #define PJSIP_AKA_SQNLEN 6 > > typedef int pj_status_t; > > #include <pjsip/sip_auth_aka.h> > #include <pjsip/sip_errno.h> > #include <pjlib-util/base64.h> > #include <pjlib-util/md5.h> > #include <pjlib-util/hmac_md5.h> > #include <pj/assert.h> > #include <pj/log.h> > #include <pj/pool.h> > #include <pj/string.h> > #include <pjsip/sip_auth.h> > > > #include "E:/pjproject-1.0.1/third_party/milenage/milenage.h" > > > pj_status_t pjsip_auth_create_aka_response(pj_pool_t * pool, > const pjsip_digest_challenge * chal, > const pjsip_cred_info * cred, > const pj_str_t * method, > pjsip_digest_credential * auth); > > > pj_status_t pjsip_auth_create_aka_response( > pj_pool_t *pool, > const pjsip_digest_challenge*chal, > const pjsip_cred_info *cred, > const pj_str_t *method, > pjsip_digest_credential *auth) > { > > pj_str_t nonce_bin; > int aka_version; > const pj_str_t pjsip_AKAv1_MD5 = { "AKAv1-MD5", 9 }; > const pj_str_t pjsip_AKAv2_MD5 = { "AKAv2-MD5", 9 }; > pj_uint8_t *chal_rand, *chal_sqnxoraka, *chal_mac; > pj_uint8_t k[PJSIP_AKA_KLEN]; > pj_uint8_t op[PJSIP_AKA_OPLEN]; > pj_uint8_t amf[PJSIP_AKA_AMFLEN]; > pj_uint8_t res[PJSIP_AKA_RESLEN]; > pj_uint8_t ck[PJSIP_AKA_CKLEN]; > pj_uint8_t ik[PJSIP_AKA_IKLEN]; > pj_uint8_t ak[PJSIP_AKA_AKLEN]; > pj_uint8_t sqn[PJSIP_AKA_SQNLEN]; > pj_uint8_t xmac[PJSIP_AKA_MACLEN]; > pjsip_cred_info aka_cred; > int i, len; > pj_status_t status; > > /* Check the algorithm is supported. */ > if (chal->algorithm.slen==0 || pj_stricmp2(&chal->algorithm, "md5") == > 0) { > /* > * A normal MD5 authentication is requested. Fallbackt to the usual > * MD5 digest creation. > */ > pjsip_auth_create_digest(&auth->response, &auth->nonce, &auth->nc, > &auth->cnonce, &auth->qop, &auth->uri, > &auth->realm, cred, method); > return PJ_SUCCESS; > > } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv1_MD5) == 0) { > /* > * AKA version 1 is requested. > */ > aka_version = 1; > > } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv2_MD5) == 0) { > /* > * AKA version 2 is requested. > */ > aka_version = 2; > > } else { > /* Unsupported algorithm */ > return PJSIP_EINVALIDALGORITHM; > } > > /* Decode nonce */ > nonce_bin.slen = len = PJ_BASE64_TO_BASE256_LEN(chal->nonce.slen); > nonce_bin.ptr = pj_pool_alloc(pool, nonce_bin.slen + 1); > status = pj_base64_decode(&chal->nonce, (pj_uint8_t*)nonce_bin.ptr, > &len); > nonce_bin.slen = len; > if (status != PJ_SUCCESS) > return PJSIP_EAUTHINNONCE; > > if (nonce_bin.slen < PJSIP_AKA_RANDLEN + PJSIP_AKA_AUTNLEN) > return PJSIP_EAUTHINNONCE; > > /* Get RAND, AUTN, and MAC */ > chal_rand = (pj_uint8_t*)(nonce_bin.ptr + 0); > chal_sqnxoraka = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN); > chal_mac = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN + > PJSIP_AKA_SQNLEN + PJSIP_AKA_AMFLEN); > > /* Copy k. op, and amf */ > pj_bzero(k, sizeof(k)); > pj_bzero(op, sizeof(op)); > pj_bzero(amf, sizeof(amf)); > > if (cred->ext.aka.k.slen) > pj_memcpy(k, cred->ext.aka.k.ptr, cred->ext.aka.k.slen); > if (cred->ext.aka.op.slen) > pj_memcpy(op, cred->ext.aka.op.ptr, cred->ext.aka.op.slen); > if (cred->ext.aka.amf.slen) > pj_memcpy(amf, cred->ext.aka.amf.ptr, cred->ext.aka.amf.slen); > > /* Given key K and random challenge RAND, compute response RES, > * confidentiality key CK, integrity key IK and anonymity key AK. > */ > f2345(k, chal_rand, res, ck, ik, ak, op); > > /* Compute sequence number SQN */ > for (i=0; i<PJSIP_AKA_SQNLEN; ++i) > sqn[i] = (pj_uint8_t) (chal_sqnxoraka[i] ^ ak[i]); > > /* Verify MAC in the challenge */ > /* Compute XMAC */ > f1(k, chal_rand, sqn, amf, xmac, op); > > if (pj_memcmp(chal_mac, xmac, PJSIP_AKA_MACLEN) != 0) { > return PJSIP_EAUTHINNONCE; > } > > /* Build a temporary credential info to create MD5 digest, using > * "res" as the password. > */ > pj_memcpy(&aka_cred, cred, sizeof(aka_cred)); > aka_cred.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD; > > /* Create a response */ > if (aka_version == 1) { > /* > * For AKAv1, the password is RES > */ > aka_cred.data.ptr = (char*)res; > aka_cred.data.slen = PJSIP_AKA_RESLEN; > > pjsip_auth_create_digest(&auth->response, &chal->nonce, > &auth->nc, &auth->cnonce, &auth->qop, > &auth->uri, &chal->realm, &aka_cred, method); > > } else if (aka_version == 2) { > /* > * For AKAv2, password is base64 encoded [1] parameters: > * PRF(RES||IK||CK,"http-digest-akav2-password") > * > * The pseudo-random function (PRF) is HMAC-MD5 in this case. > * > * Hmmm.. but those above doesn't seem to work, and this below does! > */ > aka_cred.data.slen = PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN + > PJSIP_AKA_CKLEN; > aka_cred.data.ptr = pj_pool_alloc(pool, aka_cred.data.slen); > > pj_memcpy(aka_cred.data.ptr + 0, res, PJSIP_AKA_RESLEN); > pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN, ik, PJSIP_AKA_IKLEN); > pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN, > ck, PJSIP_AKA_CKLEN); > > pjsip_auth_create_digest(&auth->response, &chal->nonce, > &auth->nc, &auth->cnonce, &auth->qop, > &auth->uri, &chal->realm, &aka_cred, method); > > } else { > pj_assert(!"Bug!"); > return PJ_EBUG; > } > > /* Done */ > return PJ_SUCCESS; > } > > > > int main(int argc, char *argv[]) > > { > > pjsip_cred_info cred; > pj_pool_t pool; > pjsip_digest_challenge chal; > const pj_str_t *method; > pjsip_digest_credential auth; > > //Authentication challange Parameters > > pj_bzero(&chal, sizeof(chal)); > > chal.realm = pj_str("acti.com"); > chal.domain = pj_str("acti.com"); > chal.nonce = > pj_str("MzQ0a2xrbGtmbGtsZm9wb2tsc2tqaHJzZXNy9uQyMzMzMzQK"); > chal.opaque = pj_str(""); > chal.algorithm = pj_str("AKAv1-MD5"); > chal.qop = pj_str (""); > > //authorization parameters > pj_bzero(&auth, sizeof(auth)); > > auth.realm = pj_str("acti.com"); > auth.username = pj_str("A at acti.com"); > auth.nonce = pj_str("MzQ0a2xrbGtmbGtsZm9wb2tsc2tqaHJzZXNy9uQyMzMzMzQK"); > auth.algorithm = pj_str ("AKAv1-MD5"); > > // Credential parameters > > pj_bzero(&cred, sizeof(cred)); > > cred.scheme = pj_str("Digest"); > cred.realm = pj_str("acti.com"); > cred.username = pj_str("A at acti.com"); > cred.data_type = PJSIP_CRED_DATA_EXT_AKA; > cred.data = pj_str(""); > > // AKA extended info > > cred.ext.aka.k = pj_str("626f6200000000000000000000000000"); > cred.ext.aka.op = pj_str("cdc202d5123e20f62b6d676ac72cb318"); > cred.ext.aka.amf = pj_str("0000"); > cred.ext.aka.cb = &pjsip_auth_create_aka_response; > > //i want to catch and print the response here. > > > return 0; > > } > > Plz guide me. > > regd's > Sanjay > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20090213/7127ae0d/attachment-0001.html>
