Plz suggest what is wrong in my code?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All

I have written a code as follows for creation of response for algorithm
AKAv1-MD5. (i.e
http://www.pjsip.org/pjsip/docs/html/group__PJSIP__AUTH__AKA__API.htm)

So that i have created a pool in the main program and passed it as argument
to the calling function pjsip_auth_create_aka_response with other arguments.

Here in the following section  the following lines runs fine and returns
status PJ_SUCCESS.
 /* Decode nonce */
    nonce_bin.slen = len = PJ_BASE64_TO_BASE256_LEN(chal->nonce.slen);
    nonce_bin.ptr =  pj_pool_alloc(pool, nonce_bin.slen + 1);
  status = pj_base64_decode(&chal->nonce, (pj_uint8_t*)nonce_bin.ptr, &len);
    nonce_bin.slen = len;
    if (status != PJ_SUCCESS)
    return PJSIP_EAUTHINNONCE;

but  during execution of
/* Get RAND, AUTN, and MAC */
    chal_rand = (pj_uint8_t*)(nonce_bin.ptr + 0);

here the nonce_bin.ptr contains no value.

As per me the base64 decoded value of the nonce should be stored here.
I think there is some mistake in my pool creation. So that the above value
is not stored in my pool.

Plz suggest what is wrong in my code?



The code is as follows:

 #include <string.h>
       #define PJ_WIN32 1;
     #include <pjlib.h>
     #include <pjlib-util.h>
     #include <pjnath.h>
     #include <pjsip.h>
     #include <pjsip_ua.h>
     #include <pjsip_simple.h>
     #include <pjsua-lib/pjsua.h>
     #include <pjmedia.h>
     #include <pjmedia-codec.h>
     #include <pjsua-lib/pjsua.h>
       #include <pj/string.h>
       #include <pj/types.h>
       #include <pj/config_site.h >



#include <pjsip/sip_auth.h>
#include <pjsip/sip_auth_parser.h>    /* just to get pjsip_DIGEST_STR */
#include <pjsip/sip_auth_aka.h>
#include <pjsip/sip_transport.h>
#include <pjsip/sip_endpoint.h>
#include <pjsip/sip_errno.h>
#include <pjsip/sip_util.h>
#include <pjlib-util/md5.h>
#include <pj/log.h>
#include <pj/string.h>
#include <pj/pool.h>
#include <pj/guid.h>
#include <pj/assert.h>
#include <pj/ctype.h>
#include<E:/pjproject-1.0.1/pjsip/src/pjsip/sip_auth_client.c>


#define PJSIP_HAS_DIGEST_AKA_AUTH   1
#define PJ_BASE64_TO_BASE256_LEN(len) (len * 3 / 4)
#define SIZE    4096
#define     PJSIP_AKA_AKLEN   6
#define     PJSIP_AKA_AMFLEN   2
#define     PJSIP_AKA_AUTNLEN   16
#define     PJSIP_AKA_CKLEN   16
#define     PJSIP_AKA_IKLEN   16
#define     PJSIP_AKA_KLEN   16
#define     PJSIP_AKA_MACLEN   8
#define     PJSIP_AKA_OPLEN   16
#define     PJSIP_AKA_RANDLEN   16
#define     PJSIP_AKA_RESLEN   8
#define     PJSIP_AKA_SQNLEN   6

typedef int pj_status_t;
typedef signed char pj_int8_t;
#include <pjsip/sip_auth_aka.h>
#include <pjsip/sip_errno.h>
#include <pjlib-util/base64.h>
#include <pjlib-util/md5.h>
#include <pjlib-util/hmac_md5.h>
#include <pj/assert.h>
#include <pj/log.h>
#include <pj/pool.h>
#include <pj/string.h>
#include <pjsip/sip_auth.h>
#include <pjlib.h>



#include "E:/pjproject-1.0.1/third_party/milenage/milenage.h"


pj_status_t pjsip_auth_create_aka_response(pj_pool_t * pool,
        const pjsip_digest_challenge *      chal,
        const pjsip_cred_info *      cred,
        const pj_str_t *      method,
        pjsip_digest_credential *      auth);



pj_status_t pjsip_auth_create_aka_response(
                         pj_pool_t *pool,
                         const pjsip_digest_challenge*chal,
                         const pjsip_cred_info *cred,
                         const pj_str_t *method,
                         pjsip_digest_credential *auth)
{

    pj_str_t nonce_bin;
    int aka_version;
    const pj_str_t pjsip_AKAv1_MD5 = { "AKAv1-MD5", 9 };
    const pj_str_t pjsip_AKAv2_MD5 = { "AKAv2-MD5", 9 };
    pj_uint8_t *chal_rand, *chal_sqnxoraka, *chal_mac;
    pj_uint8_t k[PJSIP_AKA_KLEN];
    pj_uint8_t op[PJSIP_AKA_OPLEN];
    pj_uint8_t amf[PJSIP_AKA_AMFLEN];
    pj_uint8_t res[PJSIP_AKA_RESLEN];
    pj_uint8_t ck[PJSIP_AKA_CKLEN];
    pj_uint8_t ik[PJSIP_AKA_IKLEN];
    pj_uint8_t ak[PJSIP_AKA_AKLEN];
    pj_uint8_t sqn[PJSIP_AKA_SQNLEN];
    pj_uint8_t xmac[PJSIP_AKA_MACLEN];
    pjsip_cred_info aka_cred;
    int i, len;
    pj_status_t status;




        /* Check the algorithm is supported. */
    if (chal->algorithm.slen==0 || pj_stricmp2(&chal->algorithm, "md5") ==
0) {
    /*
     * A normal MD5 authentication is requested. Fallbackt to the usual
     * MD5 digest creation.
     */
    pjsip_auth_create_digest(&auth->response, &auth->nonce, &auth->nc,
                 &auth->cnonce, &auth->qop, &auth->uri,
                 &auth->realm, cred, method);
    return PJ_SUCCESS;

    } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv1_MD5) == 0) {
    /*
     * AKA version 1 is requested.
     */
    aka_version = 1;

    } else if (pj_stricmp(&chal->algorithm, &pjsip_AKAv2_MD5) == 0) {
    /*
     * AKA version 2 is requested.
     */
    aka_version = 2;

    } else {
    /* Unsupported algorithm */
    return PJSIP_EINVALIDALGORITHM;
    }

    /* Decode nonce */
    nonce_bin.slen = len = PJ_BASE64_TO_BASE256_LEN(chal->nonce.slen);
    nonce_bin.ptr =  pj_pool_alloc(pool, nonce_bin.slen + 1);

    status = pj_base64_decode(&chal->nonce, (pj_uint8_t*)nonce_bin.ptr,
&len);
    nonce_bin.slen = len;
    if (status != PJ_SUCCESS)
    return PJSIP_EAUTHINNONCE;

    if (nonce_bin.slen < PJSIP_AKA_RANDLEN + PJSIP_AKA_AUTNLEN)
    return PJSIP_EAUTHINNONCE;

    /* Get RAND, AUTN, and MAC */
    chal_rand = (pj_uint8_t*)(nonce_bin.ptr + 0);
    chal_sqnxoraka = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN);
    chal_mac = (pj_uint8_t*) (nonce_bin.ptr + PJSIP_AKA_RANDLEN +
                  PJSIP_AKA_SQNLEN + PJSIP_AKA_AMFLEN);

    /* Copy k. op, and amf */
    pj_bzero(k, sizeof(k));
    pj_bzero(op, sizeof(op));
    pj_bzero(amf, sizeof(amf));

    if (cred->ext.aka.k.slen)
    pj_memcpy(k, cred->ext.aka.k.ptr, cred->ext.aka.k.slen);
    if (cred->ext.aka.op.slen)
    pj_memcpy(op, cred->ext.aka.op.ptr, cred->ext.aka.op.slen);
    if (cred->ext.aka.amf.slen)
    pj_memcpy(amf, cred->ext.aka.amf.ptr, cred->ext.aka.amf.slen);

    /* Given key K and random challenge RAND, compute response RES,
     * confidentiality key CK, integrity key IK and anonymity key AK.
     */
    f2345(k, chal_rand, res, ck, ik, ak, op);

    /* Compute sequence number SQN */
    for (i=0; i<PJSIP_AKA_SQNLEN; ++i)
    sqn[i] = (pj_uint8_t) (chal_sqnxoraka[i] ^ ak[i]);

    /* Verify MAC in the challenge */
    /* Compute XMAC */
    f1(k, chal_rand, sqn, amf, xmac, op);

    if (pj_memcmp(chal_mac, xmac, PJSIP_AKA_MACLEN) != 0)
    {
    return PJSIP_EAUTHINNONCE;
    }

    /* Build a temporary credential info to create MD5 digest, using
     * "res" as the password.
     */
    pj_memcpy(&aka_cred, cred, sizeof(aka_cred));
    aka_cred.data_type = PJSIP_CRED_DATA_PLAIN_PASSWD;

    /* Create a response */
    if (aka_version == 1) {
    /*
     * For AKAv1, the password is RES
     */
    aka_cred.data.ptr = (char*)res;
    aka_cred.data.slen = PJSIP_AKA_RESLEN;

    pjsip_auth_create_digest(&auth->response, &chal->nonce,
                 &auth->nc, &auth->cnonce, &auth->qop,
                 &auth->uri, &chal->realm, &aka_cred, method);

    } else if (aka_version == 2) {
    /*
     * For AKAv2, password is base64 encoded [1] parameters:
     *    PRF(RES||IK||CK,"http-digest-akav2-password")
     *
     * The pseudo-random function (PRF) is HMAC-MD5 in this case.
     *
     * Hmmm.. but those above doesn't seem to work, and this below does!
     */
    aka_cred.data.slen = PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN +
                 PJSIP_AKA_CKLEN;
    aka_cred.data.ptr = pj_pool_alloc(pool, aka_cred.data.slen);

    pj_memcpy(aka_cred.data.ptr + 0, res, PJSIP_AKA_RESLEN);
    pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN, ik, PJSIP_AKA_IKLEN);
    pj_memcpy(aka_cred.data.ptr + PJSIP_AKA_RESLEN + PJSIP_AKA_IKLEN,
          ck, PJSIP_AKA_CKLEN);

    pjsip_auth_create_digest(&auth->response, &chal->nonce,
                 &auth->nc, &auth->cnonce, &auth->qop,
                 &auth->uri, &chal->realm, &aka_cred, method);

    } else {
    pj_assert(!"Bug!");
    return PJ_EBUG;
    }

    /* Done */

    return PJ_SUCCESS;
}

static void my_perror(const char *title, pj_status_t status)
   {
        char errmsg[PJ_ERR_MSG_SIZE];

        pj_strerror(status, errmsg, sizeof(errmsg));
        printf(errmsg);
        //PJ_LOG(1,(THIS_FILE, "%s: %s [status=%d]", title, errmsg,
status));
   }


int main()

{

    pj_status_t status;
    pj_str_t method;
    pjsip_cred_info cred;
    pjsip_digest_challenge chal;
    pjsip_digest_credential auth;
    pj_pool_t *pool;
    pj_caching_pool cp;


   status = pj_init();

   if (status != PJ_SUCCESS) {
        my_perror("Error initializing PJLIB", status);
        return 1;
        }

   // Create the pool factory, in this case, a caching pool,
   // using default pool policy.
    //pj_caching_pool_init(&cp, NULL, 1024*1024 );

   pj_caching_pool_init(&cp, &pj_pool_factory_default_policy,1024*1024 );

    pool = pj_pool_create(&cp.factory,  // the factory
                              "pool2",   // pool's name
                               4000,      // initial size
                               4000,      // increment size
                               NULL);     // use default callback.


  if (pool == NULL)
     {
            my_perror("Error creating pool", PJ_ENOMEM);
            return;
        }




//mentioning method name
  method = pj_str("REGISTER");

  //Authentication challange Parameters

  pj_bzero(&chal, sizeof(chal));

   pj_bzero(&chal, sizeof(chal));

   chal.realm = pj_str("ptinovacao.pt");
   chal.domain = pj_str("ptinovacao.pt");
   chal.nonce  = pj_str("AABHegAACUAAAEsHAAAMzULdXEXBS7m5ew/MiBUkHdR=");
   chal.opaque = pj_str("");
   chal.algorithm = pj_str("AKAv1-MD5");
   chal.qop = pj_str ("");
   chal.stale = 0;


//authorization parameters
pj_bzero(&auth, sizeof(auth));

auth.realm =  pj_str("ptinovacao.pt");
auth.username =  pj_str("bob at ptinovacao.pt");
auth.nonce =  pj_str("AABHegAACUAAAEsHAAAMzULdXEXBS7m5ew/MiBUkHdR=");
auth.algorithm = pj_str ("AKAv1-MD5");
auth.uri = pj_str ("sip:36.212.176.92");
auth.cnonce = pj_str("");
auth.nc = pj_str("");
auth.opaque = pj_str("");
auth.qop = pj_str("");
auth.response = pj_str("");

// Credential parameters

   pj_bzero(&cred, sizeof(cred));

    cred.scheme = pj_str("Digest");
    cred.realm = pj_str("ptinovacao.pt");
    cred.username = pj_str("bob at ptinovacao.pt");
    cred.data_type =  PJSIP_CRED_DATA_EXT_AKA;
    cred.data = pj_str("");

    // AKA extended info

    cred.ext.aka.k = pj_str("");
    cred.ext.aka.op = pj_str("00000000000000000000000000000000");
    cred.ext.aka.amf = pj_str("0000");
    //cred.ext.aka.cb = &pjsip_auth_create_aka_response;


     status =
pjsip_auth_create_aka_response(pool,&chal,&cred,&method,&auth);
      if (status != PJ_SUCCESS) {
            my_perror("Error initializing PJLIB", status);
            return 1;
        }

     pj_caching_pool_destroy(&cp);

    return 0;

}

Regd's
Sanjay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20090220/a6bd08bd/attachment-0001.html>


[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux